Spanly Docs

Flag reference

Every flag accepted by spanly run and spanly proxy.

This page is the authoritative flag reference. spanly run and spanly proxy share most flags; differences are called out below.

Both subcommands

Buffer & retry

FlagDefaultDescription
--buffer-size10000Max packets buffered when ingest is unreachable. Oldest are dropped when full.
--collect-max-attempts4Max POST attempts per packet (deprecated alias: --retry-max-attempts).
--retry-backoff1sInitial retry backoff (exponential).
--retry-max-backoff30sCap on retry backoff.
--shutdown-grace10sTime to flush in-flight telemetry on shutdown (SIGINT/SIGTERM).

Multi-tenant tagging

FlagDefaultDescription
--context-headernoneHEADER=field mapping. Repeatable. Fields: environmentId, projectId, organisationId.

Example:

spanly run --port 3000 \
  --context-header=X-Tenant=environmentId \
  --context-header=X-Org=organisationId \
  -- ./srv

Header redaction (HTTP / proxy only)

FlagDefaultDescription
--redact-headernoneAdditional header to redact from captured telemetry. Repeatable.

Authorization, Cookie, Set-Cookie, Proxy-Authorization, X-Api-Key, X-Auth-Token, X-Amz-Security-Token and X-Forwarded-Authorization are always redacted: their values are replaced with [REDACTED] in the captured packet. The proxied request and response keep their original headers.

Example:

spanly run --port 3000 --redact-header=X-Custom-Token -- ./srv

Inspection scope (HTTP / proxy only)

FlagDefaultDescription
--inspect-prefix/mcp,/sseComma-separated path prefixes to inspect. Empty = inspect all paths.

End-user identity (HTTP / proxy only)

FlagDefaultDescription
--identity-jwtoffDecode the bearer JWT with the default claim mapping: id from sub, email from email, name from name. No signature verification.
--identity-jwt-claimnonefield=claim mapping override, repeatable. Fields: id, email, name, accountId, accountName. Dot-paths supported. Implies --identity-jwt.
--identity-resolver-urlnoneURL of your token-to-user resolver endpoint.
--identity-resolver-secretnoneShared secret sent as X-Spanly-Identity-Secret. Also via SPANLY_IDENTITY_RESOLVER_SECRET (the flag wins).
--no-auth-fingerprintoffDisable the anonymous bearer-token fingerprint attached to telemetry in HTTP mode.

Attributes captured sessions to your end users. See Identify your users for the setup guide and the resolver protocol for the endpoint contract. In stdio mode these flags are ignored with a warning (no auth headers to read).

Example:

spanly run --port 3000 \
  --identity-jwt \
  --identity-jwt-claim=accountId=org_id \
  -- ./srv

Session ID injection (HTTP / proxy only)

FlagDefaultDescription
--inject-session-idtrueAssign a synthetic Mcp-Session-Id on initialize responses when the upstream does not set one.

When the upstream server runs sessionless, its initialize responses carry no Mcp-Session-Id, so Spanly cannot group requests into sessions. With this flag enabled (the default), the proxy assigns a synthetic session ID (prefixed spanly-) on initialize responses that don't already have one. The client echoes it on subsequent requests and the proxy strips it before forwarding upstream, so the upstream never sees a header it didn't create. Servers that assign their own session IDs are untouched. See Session tracking.

Disable with:

spanly run --port 3000 --inject-session-id=false -- ./srv

Admin endpoints

FlagDefaultDescription
--admin-addrdisabledIf set (e.g. :9090), exposes /healthz, /readyz, /metrics.

Endpoints when enabled:

  • GET /healthz: 200 if the listener is up.
  • GET /readyz: 200 if the upstream is reachable (1s cache).
  • GET /metrics: Prometheus text format. Counters: packets collected / sent / dropped / failed, retry attempts, buffer depth, request counts by inspection class.

spanly run only

FlagDefaultDescription
--port0If set, run in HTTP mode (wrapper takes this port; child gets a random one). Default 0 = stdio.
--child-port0Port the child binds in HTTP mode. 0 = pick random unused port.
--child-port-envPORTEnv var passed to child with the chosen port.
--child-startup-timeout30sMax wait for child to listen.

proxy does not accept these. The bind address is positional.

Environment variables

VariableRequiredDescription
SPANLY_API_KEYyesRegion detected from prefix (spanly_us_… / spanly_eu_…).
SPANLY_INGEST_URLnoOverride ingest base URL (local development against a non-production stack).

Per-request headers

The CLI recognizes the following inbound headers on every captured request:

HeaderEffect
X-Spanly-Monitor-IdOverride spanlyMonitorId for this request. Useful for joining many requests under one logical session.
Any header named in --context-headerMaps to the matching context field on the captured packet.

spanly version

spanly version

Prints the CLI version.

On this page