Stop debugging
by clipboard. Let Claude read the logs.
Kamori is an AI-native log aggregator. Ship your logs to one endpoint — then ask Claude, Cursor, or any MCP client what broke. It queries, correlates, and explains.
Connect in under a minute:npm i @usekamori/sdk
youwhat happened to api-gateway around 3pm?
↳ query_logs(service="api-gateway", window="14:50–15:10")
↳ anomaly_hint(metric="error_rate", severity=high)
claude
error rate spiked 783× at 14:58:03.
cause: slow_query: "SELECT * FROM sessions" — full table scan after sessions_idx was dropped.
affected: api-gateway, auth-service. recovery at 15:04.
youIs it everyone or specific users?
↳ search_logs(query="full table scan", service="search")
claude
Only users with >500 saved items. Queries with more than 3 active filters skip the index and do a full scan.
Add a composite index on (user_id, item_count, created_at). Should drop search back under 100 ms.
One line to start streaming
Node, Python, Go, Rust, Edge runtimes — same SDK. No agent, no sidecar, no schema design afternoon.
Your AI can ask directly
Claude, Cursor, Windsurf — they all speak MCP. Kamori shows up as a first-class tool they can call mid-conversation.
Anomalies in plain English
We flag spikes, regressions, and outlier traces before you open the dashboard — and explain them in sentences, not graphs.
Supported by
Works across leading AI agents and coding editors.
Ask directly about your app
already knows your code.
Now give it your logs.
Every service, every error, every trace — in one conversation. Follow an error from your API to your database. Ask why something is slow. Get answers without terminal hopping, without dashboard tabs, without pasting a single line.
Zero friction
One line to start logging.
Run npx kamori and you have an ingest server and an MCP server running locally — no config, no install, no account. Add the SDK to your app and logs flow in seconds.
- TypeScript, JavaScript, Python, Go, PHP
- Buffered sends with automatic retry
- Drop-in console shim — zero code changes
- Pino and Winston transports included
# Start Kamori locally — no install, no account
npx kamori
# Ingest server starts on :3110, MCP server on :3111
# Set a token:
npx kamori --token my-secret
# Or via env var:
INGEST_TOKEN=my-secret npx kamoriUp in five minutes.
Docker, npx, or bare Node — pick your poison.
Send your logs
POST JSON from any service. The SDK handles batching and retries, or send raw HTTP if you'd rather skip the dependency.
Run the server
One container: ingest on port 3110, MCP on port 3111. That's the whole stack — no sidecar, no agent, no config files.
Connect your AI
One command adds Kamori to Claude Code, Claude Desktop, or Cursor. It shows up as a tool set, ready to use.
Ask what broke
"What errors hit the payment service after the last deploy?" Claude chains the right tools automatically and hands you an answer.
curl -X POST http://localhost:3110/v1/ingest \
-H "Authorization: Bearer your-secret" \
-H "content-type: application/json" \
-d '{"service":"api","level":"error",
"message":"DB timeout","ms":5012}'docker run -d \
-p 3110:3110 -p 3111:3111 \
-e INGEST_TOKEN=your-secret \
ghcr.io/usekamori/kamori:latestclaude mcp add kamori \
--transport http \
http://localhost:3111/mcpOne tool. One job.
Kamori ingests your logs, indexes them, and serves them to your AI. It is not Datadog. It does not try to be.
Fast ingest
Thousands of events per second into SQLite with WAL mode. No external database, no ops burden, no moving parts to break at 3am.
Full-text search
Every log field is indexed. Search by message, service, level, or any field — quoted phrases, AND/OR/NOT operators included.
9 MCP tools
Claude chains them automatically. You ask a question; Kamori handles the tool calls. No prompt engineering required.
Live tail
Stream new events as they arrive over plain HTTP. No WebSocket, no polling loop, no extra process.
SDK for every language
TypeScript, JavaScript, Python, Go, PHP — all with buffering, retry backoff, and a drop-in console shim for zero-config logging.
Auth & rate limiting
Token-based auth per project, per-token rate limits, and HMAC signature verification for Vercel, GitHub, and Render webhooks.
Prometheus metrics
Ingest rate, query latency, and database size at /metrics. Ready to scrape with zero config.
Automatic retention
Set RETENTION_DAYS. Old logs disappear. Export to CSV or NDJSON first if you want to keep them.
Syslog ingestion
Forward from rsyslog or syslog-ng over UDP or TCP. No agent, no sidecar, one config line. OSS / self-hosted only.
Ask once.
Claude does the rest.
Claude doesn't need you to translate your question into a query. Connect Kamori and it picks the right tools, chains them in the right order, and gives you an answer — not a dashboard to click through.
anomaly_hint— Compare recent error rate to 7-day baselinesummarize_errors— Error counts grouped by service and levelwatch_logs— Long-poll for new entries — up to 60ssearch_logs— Full-text FTS5 search across all fieldstail_logs— Stream from a cursor id — no polling overhead
$ What's the error rate looking like?
anomaly_hint(window_minutes=60)
→ spike_factor: 3.8× above baseline
summarize_errors(since="1h ago")
→ payment: 41 errors / auth: 3 errors
query_logs(service="payment", level="error", limit=5)
→ [5 log entries]
Error rate is 3.8× above normal. All 41 payment errors share message "upstream timeout". Started at 15:23 UTC — 4 minutes after the last deploy.
One-line workflows for developers.
Install Kamori skills into Claude Code and skip the prompt engineering. Each skill is a pre-built investigation workflow — just describe what you need.
kamori-incident
“Something is wrong with payments”
Chains anomaly detection → error summary → raw logs → distributed trace into a structured incident brief.
kamori-deploy-check
“Did the deploy break anything?”
Compares error rates before and after a deploy timestamp. Returns a clear PASS / WARN / FAIL verdict.
kamori-debug-error
“I'm seeing: connection refused”
Paste any error message. Claude finds it in logs, determines frequency, and traces it back through your services.
kamori-monitor
“Watch auth for errors”
Live log tail with anomaly alerting. Calls out error bursts and new patterns as they arrive.
kamori-performance
“Why is the API slow?”
Finds slow requests, computes P50–P99 latency, and traces the slowest request to find the bottleneck service.
kamori-digest
“Weekly log summary”
Generates a daily or weekly health narrative: error trends, anomalies, top patterns, volume overview.
Open source · install in 30 seconds · view all skills →
Stop copy-pasting logs into Claude.
Pipe them in directly. Ask what broke. Kamori handles the rest.