A Claude bridge into your AWS estate

Ask what went wrong. Claude reads the answer straight from production.

seatfrog-mcp gives Claude a safe, read-only line into our AWS infrastructure - DynamoDB, CloudWatch, RDS, Step Functions, X-Ray and more - with domain knowledge for every Seatfrog service baked in. No dashboards, no runbook archaeology, no aws sso login dance.

Read-only by design Auth handled for you
42 toolsAcross 15 AWS service categories
35 skillsDomain knowledge for 25+ services
41 read‑onlyEvery read is GET-only
1 writeBooking-sync replay, prod-gated

The problem

The hard part of an incident isn't the fix. It's finding where to look.

Before you can debug anything you need to know which service is at fault, where its data lives, and how to query it - knowledge scattered across runbooks, dashboards and people's heads. seatfrog-mcp collapses that.

Today, per investigation

  • Work out which of 25+ services is even involved
  • Remember the table, log-group and queue names by heart
  • Recall the query syntax for DynamoDB, Insights, RDS
  • Switch AWS profiles, re-run aws sso login, retry
  • Stitch scattered evidence into a timeline by hand

With seatfrog-mcp

  • Describe the symptom in plain English
  • Claude routes to the right service via its domain skills
  • It already knows the table, log-group and queue names
  • It refreshes your SSO token itself, on the right account
  • Evidence cross-referenced across services, one picture

How it works

Ask → Route → Query → Cross-reference

Generic tools give Claude the reach; the domain skills give it the map. Together they turn a vague symptom into a targeted investigation.

1

Ask

Describe what's wrong in plain English. No need to know the service, the schema, or the query language.

2

Route

The domain skills map your question to the right Seatfrog service and tell Claude exactly where the data lives.

3

Query

42 generic tools read DynamoDB, CloudWatch, RDS, Step Functions, X-Ray and more - on whichever environment you're pointed at.

4

Cross-reference

Findings from multiple services stitched into one timeline, anchored to real timestamps from the data itself.

Two tiers, one investigation

Generic tools do the reaching. Domain skills do the knowing.

Generic tools would let Claude query AWS. The 35 domain skills teach it which Seatfrog service to look at and where the data lives - table names, log groups, queues, error patterns and investigation workflows for each one.

You never run aws sso login.

The plugin checks your token before every call and refreshes it itself - just tell it which environment. One token is good for hours; the check is cached so it never spams the disk.

DynamoDBQuery or scan any table, GSI/LSI aware
CloudWatchSearch logs, run Insights, read alarm history
RDSRead-only SQL over Twingate, reader replicas
Step FunctionsExecutions and full execution history
X-RayTraces, service graph, latency stats
SQS · SNS · EBQueues, DLQs, topics and event routing

Why it's worth it

Faster answers, safe to point at production, nothing to install.

Read-only by design

41 of 42 tools only ever read. The single write path is prod-gated and reachable only through a trained procedure.

Auth handles itself

Your SSO token is checked before every call and refreshed automatically. No manual login, ever - just name the environment.

Knows your services

35 skills carry the table names, log groups, queue names and error patterns for 25+ Seatfrog services and pipelines.

Every environment

Production, uat, data-prod, data-uat and more. Switch with a word; each tool only ever sees the active profile.

Secrets stay secret

Lambda env vars matching SECRET/KEY/TOKEN are redacted, and oversized output truncated. Nothing sensitive leaks into a transcript.

Nothing to install

A self-contained macOS binary or npm package, with a Node launcher that isolates it from your project's .NET version. Non-engineers included.

Read-only by construction, auth you don't manage, secrets that stay redacted. Safe to point at production.

Read-only path

41 of 42 tools only read. RDS runs against reader replicas in a MySQL READ ONLY session, validated to SELECT / SHOW / DESCRIBE / EXPLAIN - defence in depth.

One gated write

The sole write - booking-sync replay - is prod/uat only, triggers real payments, and is reachable only through the trained booking-sync-replay runbook.

Redaction & isolation

Secret-looking Lambda env vars are redacted, large payloads truncated, and every tool only ever sees the AWS profile you've selected.

What it can reach

25+ services, grouped the way you'd investigate them.

Each name is a domain skill - its own map of tables, logs, queues and error patterns. Claude loads the right one for the question in front of it.

AUCTIONS & UPGRADES

auction-engineauction-processorbunupgrade-inventorybooking-sync-replay

BOOKING & TICKETING

tickets-servicewebservicesreservations-servicetrain-swapsecretfare

PAYMENTS & MONEY

payment-servicediscount-servicerefunds-hsp

JOURNEYS & RAIL DATA

journey-servicetimetable-serviceuk-rail-modulestations-servicesearch-servicebrain

COMMS & FULFILMENT

push-notificationsemail-modulebarcode-servicetrips-service

PARTNER & DATA PLATFORM

intelligence-dashboardtoc-file-deliverymeltano-pipelinesanalyticsdeployments

Where it is today

Built, shipped, and in daily use.

Straight with you on status - the whole thing is real and running against production. What grows is the domain coverage, guided by what people actually ask.

Live
42 tools, 35 skills, v3.9.2.

Generic AWS access across DynamoDB, CloudWatch, RDS, Lambda, Step Functions, SQS, SNS, EventBridge, S3, API Gateway and X-Ray - with domain skills layered on top.

Live
AWS SSO that manages itself.

Token checked before every call and refreshed automatically across 7 logical environments. No manual aws sso login.

Live
Distributed two ways.

GitHub marketplace for engineers, and npm with self-contained macOS binaries for everyone else - zero .NET SDK friction.

Live
Every call is measured.

Tool name, args, duration, error status and response size land in an analytics table - no PII, purely operational - so coverage sharpens where it's used most.

Next
More domain skills as services evolve.

New services and pipelines get their own skill - table names, log groups, error patterns - so the map keeps pace with the estate.

One of a family of internal Claude plugins. Scout, the human-in-the-loop support agent, runs on this plugin and on zendesk-mcp.