Spanly Docs

Quickstart

Send your first MCP request to Spanly in under five minutes.

Spanly is the observability platform for Model Context Protocol servers and AI agents. Drop in an SDK or run the CLI in front of your server, and every JSON-RPC packet (tools, prompts, resources, errors) streams to a dashboard you can search, slice, and alert on.

1. Create a project and grab an API key

  1. Sign up at spanly.com.
  2. Create a project (or use the default one).
  3. Go to Settings → API keys and copy the key. It starts with spanly_us_ or spanly_eu_. The region is encoded in the prefix, so you do not have to configure it separately.

Set it in your shell:

export SPANLY_API_KEY=spanly_us_xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Always read the key from the environment. Never hard-code it.

2. Pick an integration path

All paths produce the same data; pick whichever fits your stack.

PathLanguageCode changes
CLI spanly runAnyNone. Wraps your server command.
CLI spanly proxyAnyNone. Reverse proxy in front of a running server.
TypeScript SDKNode, Bun, DenoOne line, plus per-request hooks if you want them.
Python SDKPython 3.10+One line, plus per-request hooks if you want them.
Docker sidecarAnyNone. Container next to your server.

Fastest path: wrap your server with the CLI

No code changes, works for any language, stdio or HTTP:

# 1. Set your API key (region auto-detected from the prefix)export SPANLY_API_KEY=spanly_us_xxxxxxxxxxxx# 2. Wrap your MCP server. stdio:npx -y @spanly/spanly run -- node ./server.js# Or HTTP. The wrapper takes your port; the child gets a random one:npx -y @spanly/spanly run --port 3000 -- node ./server.js

That's the whole integration. Skip to step 3.

Prefer an in-process SDK?

The SDKs add per-request hooks: redact payloads, drop traffic, tag tenants from your own auth state.

TypeScript

npm install @spanly/sdk
import { SpanlyClient } from "@spanly/sdk";const spanlyClient = new SpanlyClient({  apiKey: process.env.SPANLY_API_KEY,});// const mcpServer = new McpServer({ name: "your-mcp-server-name", version: "1.0.0" });// Monitor your MCP server (one line!)spanlyClient.monitor(mcpServer);// mcpServer.connect(transport);

Python

pip install spanly
# or: uv add spanly
import osfrom spanly import SpanlyClientspanly_client = SpanlyClient(    api_key=os.environ["SPANLY_API_KEY"],)# server = FastMCP("your-mcp-server-name")# Monitor your MCP server (one line!)spanly_client.monitor(server)# server.run()

3. Run your server normally

The SDK and the CLI both run the server unchanged. No new ports, no extra processes from the user's perspective. Talk to it from your MCP client (Claude Desktop, Cursor, Windsurf, a Python script) as you would normally.

4. See the request in the dashboard

Open spanly.com, pick your project, and head to the Requests view. Within a few seconds of the first MCP call, you will see a row appear with the method, server, client, duration, and a link to the full JSON-RPC payload.

What gets captured

For every MCP request, Spanly records:

  • The raw JSON-RPC request and response.
  • Tool / prompt / resource name and arguments.
  • Duration (request received to response sent).
  • Transport metadata. For HTTP: method, path, and headers.
  • Server and client name + version from the MCP initialize handshake.
  • Errors, including stack traces when available.

Credential-bearing headers (Authorization, Cookie, Set-Cookie, Proxy-Authorization, X-Api-Key) are replaced with [REDACTED] before the telemetry packet leaves your process, so secrets never reach Spanly. You can extend the list with the redactHeaders SDK option or the CLI's --redact-header flag.

Nothing else leaves your process. No request body or response body is modified. The SDK and CLI both forward the original bytes verbatim, including the original headers; only the telemetry copy is redacted.

Data handling

  • Redaction: drop or rewrite packets before they leave your process with the SDK's onCollect hook. See filtering sensitive tools (TypeScript) and the Python equivalent. With the CLI, --inspect-prefix limits capture to specific paths.
  • Retention: captured requests are kept for 30 days on Free, 90 days on Pro, and 365 days on Business. See pricing.
  • Residency: data is stored in the region your API key belongs to (US or EU) and never leaves it. See the security overview and privacy policy.

What's next

On this page