Connect DoiT to ChatGPT: Analyze Cloud Analytics and Alerts via MCP
Learn how to dynamically generate a managed DoiT MCP server using Truto. Connect DoiT to ChatGPT to automate FinOps, analyze cloud anomalies, and trigger CloudFlows.
If you need to connect DoiT to ChatGPT to automate FinOps analysis, track cloud anomalies, or trigger CloudFlows, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's tool calls and the DoiT REST API. You can either build and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. (If your team uses Claude, check out our guide on connecting DoiT to Claude or explore our broader architectural overview on connecting DoiT to AI Agents).
Giving a Large Language Model (LLM) read and write access to your cloud financial operations ecosystem is an engineering challenge. You have to map massive, nested JSON schemas for cost reports to MCP tool definitions, handle cursor-based pagination, and manage rate limits safely. Every time the upstream API introduces a new dimension or metric requirement, you have to update your server code, redeploy, and test the integration. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for DoiT, connect it natively to ChatGPT, and execute complex FinOps workflows using natural language.
The Engineering Reality of the DoiT API
A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against a specialized cloud management platform like DoiT is painful.
If you decide to build a custom MCP server for DoiT, you own the entire API lifecycle. Here are the specific integration challenges that break standard CRUD assumptions when working with DoiT:
Complex Nested Analytics Queries
DoiT's Cloud Analytics engine does not operate on flat REST endpoints. Running an ad-hoc query requires posting a heavily nested JSON payload defining dimensions, metrics, time ranges, and filters. If your MCP tool definitions do not strictly enforce these nested schemas and provide exhaustive descriptions, the LLM will hallucinate field names or pass invalid dimension types, resulting in persistent 400 Bad Request errors.
Stateful CloudFlow Triggers
When automating remediation workflows via DoiT CloudFlows, you cannot simply update a state string. You must trigger a published flow where the first node is a webhook, passing a specific trigger_id and a validated JSON payload. If your MCP server cannot map the LLM's intent to the exact schema required by that specific CloudFlow, the automation fails silently or executes with missing context.
Rate Limits and 429 Errors
DoiT enforces rate limits to protect its analytics engine. A common architectural mistake is trying to hide these limits from the LLM. Truto takes a deliberate approach: we do not retry, throttle, or apply backoff on rate limit errors. When the upstream DoiT API returns an HTTP 429, Truto passes that error directly to the caller. We normalize the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF specification. The LLM agent or the calling client is strictly responsible for reading these headers and executing its own retry or backoff logic. If you build a custom server without passing these standardized limits, your AI agent will get stuck in a hallucination loop when it hits a wall.
The Managed MCP Approach
Instead of forcing your engineering team to build, host, and maintain a custom MCP server, Truto allows you to generate one dynamically. Truto derives the tool definitions directly from the integration's documented schemas, meaning the tools are always up-to-date with the upstream API.
Here is how you generate and connect a DoiT MCP server using Truto.
Step 1: Create the MCP Server
You can create the server either through the Truto UI or programmatically via the API.
Method A: Via the Truto UI
- Navigate to the integrated account page for your connected DoiT instance.
- Click the MCP Servers tab.
- Click Create MCP Server.
- Select your desired configuration (e.g., restrict to
readmethods only, or specific tags likefinops). - Copy the generated MCP server URL (e.g.,
https://api.truto.one/mcp/a1b2c3d4e5f6...).
Method B: Via the Truto API For programmatic generation - ideal when deploying AI features to your own customers - you can create the server via a single POST request:
curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
-H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "DoiT FinOps Agent Server",
"config": {
"methods": ["read", "custom"],
"tags": ["analytics", "anomalies"]
},
"expires_at": "2026-12-31T23:59:59Z"
}'The response returns a secure, token-backed URL. This URL is fully self-contained - it authenticates the connection and scopes the available tools based on your configuration.
Step 2: Connect the Server to ChatGPT
Once you have the URL, connecting it to your AI client takes seconds.
Method A: Via the ChatGPT UI (For Plus/Team/Enterprise users)
- Open ChatGPT and navigate to Settings -> Apps -> Advanced settings.
- Ensure Developer mode is enabled.
- Under MCP servers / Custom connectors, click add a new server.
- Enter a name (e.g., "DoiT Analytics").
- Paste the Truto MCP URL into the Server URL field and click Add.
Method B: Via Manual Config File (For custom clients or Claude Desktop) If you are using a local agent or Claude Desktop, add the Truto URL to your JSON configuration file using the Server-Sent Events (SSE) transport:
{
"mcpServers": {
"doit_finops": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-sse",
"https://api.truto.one/mcp/a1b2c3d4e5f6..."
]
}
}
}ChatGPT will immediately ping the initialization endpoint, request the tool list, and map the DoiT API resources into its context window.
DoiT Hero Tools for FinOps Automation
By default, Truto exposes every documented DoiT resource as an MCP tool. To keep the LLM focused and prevent context window bloat, we recommend filtering the server to specific high-leverage operations. Here are the core tools you should expose for cloud financial analysis.
List Detected Anomalies
Tool: list_all_doi_t_anomalies
Fetches a list of detected cost anomalies across your cloud infrastructure. It returns the anomaly attribution, affected billing account, platform (AWS/GCP/Azure), and severity level. You can instruct the agent to poll this daily.
"Check DoiT for any new critical or high-severity cost anomalies detected in the last 24 hours. Summarize the affected billing accounts and the estimated cost impact."
Run Ad-Hoc Report Queries
Tool: create_a_doi_t_reports_query
Executes a non-persisted query against DoiT Cloud Analytics. The LLM must pass the exact dimensions (e.g., service, project) and time range. This is the primary tool for investigating "why did our cloud bill spike?" queries.
"Run a DoiT report query to show our AWS EC2 spend grouped by region for the last 7 days. Compare it to the previous 7 days to identify which region caused the increase."
Trigger CloudFlow Actions
Tool: create_a_doi_t_cloudflow_trigger
Fires a published DoiT CloudFlow. If your engineering team has set up CloudFlows to pause idle resources or send Slack escalations, the LLM can trigger them directly in response to an anomaly.
"Trigger the 'Scale Down Non-Prod' CloudFlow for project ID dev-cluster-99, passing the anomaly ID as the context payload."
Retrieve Billing Invoices
Tool: get_single_doi_t_billing_invoice_by_id
Fetches full details for a single DoiT invoice by its invoice number, including line items, balances, and due dates. Useful for accounting reconciliations.
"Fetch the details for invoice INV-2026-04. Verify if the balance has been paid and list the top three line items by total amount."
Search Cloud Diagrams
Tool: create_a_doi_t_scheme_search
Searches cloud diagrams and components stored in DoiT. If an anomaly is detected on a specific resource ID, the agent can use this tool to discover which architecture diagram the resource belongs to, mapping cost to specific microservices.
"Search DoiT cloud diagrams for the resource ID 'i-0abcd1234efgh5678'. Tell me which architecture layer it belongs to and what other components it connects to."
To view the complete list of available DoiT tools, including schema definitions and required parameters, visit the DoiT integration page.
Workflows in Action
Exposing tools is only half the battle. The real value comes from orchestrating them into autonomous workflows. Here is how a FinOps AI agent utilizes the DoiT MCP server to handle complex investigations.
Scenario 1: Automated Anomaly Investigation
When an engineering manager asks the AI to investigate a sudden spike in cloud spend, the agent needs to move from alert to root cause.
"Investigate the recent cost spike in our GCP environment. Find the highest severity anomaly from this week, pull the related cost report, and tell me exactly which service is responsible."
list_all_doi_t_anomalies: The agent queries recent anomalies, filtering for GCP platform and sorting by severity.get_single_doi_t_anomaly_by_id: The agent fetches the specific anomaly to extract the attribution details and exact start time.create_a_doi_t_reports_query: Using the attribution context, the agent constructs a dynamic report query grouped byserviceandskufor the specific timeframe to pinpoint the exact driver of the cost spike.
sequenceDiagram
participant ChatGPT as "ChatGPT (Client)"
participant Truto as "Truto MCP Server"
participant DoiT as "DoiT API"
ChatGPT->>Truto: Call list_all_doi_t_anomalies<br>{"platform": "gcp"}
Truto->>DoiT: GET /anomalies?platform=gcp
DoiT-->>Truto: 200 OK (Anomaly list)
Truto-->>ChatGPT: Tool Result
ChatGPT->>Truto: Call create_a_doi_t_reports_query<br>{"dimensions": ["service"]}
Truto->>DoiT: POST /reports/query
DoiT-->>Truto: 200 OK (Report data)
Truto-->>ChatGPT: Tool ResultScenario 2: FinOps Remediation Execution
An AI agent acting as a FinOps assistant can identify untagged resources and trigger automated remediation workflows.
"Find any active AWS EC2 allocations that are missing the 'environment' label. For any that you find, trigger the 'Alert Resource Owner' CloudFlow."
list_all_doi_t_analytics_allocations: The agent lists all allocations, requesting the metadata tags.- Local Evaluation: The LLM filters the returned array for allocations where the
environmentlabel is null. create_a_doi_t_cloudflow_trigger: The agent iterates through the non-compliant resources, calling the webhook trigger tool for each one with the target resource ID.
Security and Access Control
Giving an AI agent raw access to your cloud financial infrastructure requires strict governance. Truto provides four layers of security to lock down your DoiT MCP server:
- Method Filtering: Use
config.methodsduring server creation to restrict the LLM to specific operations. Passing["read"]ensures the agent can fetch reports and anomalies but cannot execute CloudFlows or modify budgets. - Tag Filtering: Use
config.tagsto limit the server to specific functional areas. Passing["finops"]hides unrelated tools like user administration or support ticketing. - Dual-Layer Authentication: Enable
require_api_token_auth: true. This forces the client to pass a valid Truto API token in theAuthorizationheader in addition to the server URL, ensuring that a leaked URL alone cannot be exploited. - Ephemeral Access: Set an
expires_attimestamp when creating the server. Truto's infrastructure will automatically destroy the server token and tear down the connection at the exact specified time, ensuring temporary contractors or test agents do not leave persistent backdoors.
Moving Past Manual Dashboards
FinOps teams waste hours manually drilling down into cloud cost dashboards and exporting CSVs. By connecting DoiT to ChatGPT via a managed MCP server, you transform reactive dashboards into a proactive, conversational command center.
Instead of building custom middleware, handling standardized rate limits, and manually writing nested schemas for the DoiT reporting API, you can let Truto handle the integration layer.
FAQ
- How does Truto handle DoiT API rate limits for AI agents?
- Truto does not retry, throttle, or apply backoff on rate limit errors. When DoiT returns an HTTP 429, Truto passes the error to the caller, normalizing the rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). The LLM or calling client is responsible for executing backoff logic.
- Can I restrict the LLM to read-only access in DoiT?
- Yes. When creating the MCP server via Truto, you can pass config.methods: ["read"]. This ensures the server only exposes GET/LIST tools (like fetching reports or anomalies) and blocks any mutation tools (like triggering CloudFlows).
- How do I secure the DoiT MCP server URL?
- Truto URLs use secure, hashed tokens. For maximum security, enable the `require_api_token_auth` flag, which requires the client to pass a valid API token in the Authorization header. You can also enforce an `expires_at` timestamp for temporary access.