Overview | Docs | American Cloud

The American Cloud MCP server connects AI assistants to your cloud. It implements the Model Context Protocol — an open standard supported by Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, and a growing list of clients — so your assistant can inventory, audit, provision, and manage your American Cloud infrastructure in plain English.

The server runs locally on your machine. Your API keys go directly from your environment to the American Cloud API — no hosted middleman in between. It's open source (Apache-2.0) at github.com/American-Cloud/americancloud-mcp and published to npm with provenance attestation.

[ claude code · read-only audit ]

A read-only key audits a real account — inventory, then a firewall finding. No writes.

Prerequisites

Node.js 20 or newer — the server runs via npx
An American Cloud API key — create one at console.americancloud.com/api-keys

Start with a read-only API key. The assistant can explore and audit everything but cannot change anything — switch to a read-write key later if you want it to manage resources. See Safety.

Quick start

Add this block to your MCP client's configuration:

json

{
  "mcpServers": {
    "americancloud": {
      "command": "npx",
      "args": ["-y", "@americancloud/mcp"],
      "env": {
        "AMERICANCLOUD_API_CLIENT_ID": "your-client-id",
        "AMERICANCLOUD_API_CLIENT_SECRET": "your-client-secret"
      }
    }
  }
}

Then restart your client and ask: "What regions can I deploy to on American Cloud?"

Step-by-step instructions per client:

Service groups

The server provides 175 tools across 7 service groups. By default the core infrastructure groups are enabled: compute, storage, networking, kubernetes. Scope or extend the list with the --services flag:

npx @americancloud/mcp --services all
npx @americancloud/mcp --services compute,dns

Group	Tools	Covers
`compute` (default)	25	VMs, packages, images, regions, SSH keys
`storage` (default)	24	block storage, snapshots, object storage
`networking` (default)	57	isolated/VPC networks, VPC tiers, public IPs, firewall, port forwarding, load balancers, egress, ACLs
`kubernetes` (default)	11	managed Kubernetes clusters
`databases`	36	MySQL/PostgreSQL/Redis database clusters, backups, infrastructure, offerings
`wordpress`	15	managed WordPress
`dns`	7	hosted DNS zones and records

In your client config, flags go in the args array:

json

"args": ["-y", "@americancloud/mcp", "--services", "all"]

Scoping with --services keeps the tool list small, which helps clients with limited context windows pick the right tool.

Safety: read-only by default

The server lets an AI assistant work with real infrastructure and real billing, so it is deliberately conservative out of the box:

Read-only by default. Only read tools (list, get, cost estimates) are registered until you add "--allow-writes" to args. Without it, the assistant can explore and inspect but cannot create, modify, or delete anything.
Use the narrowest key. With a read-only API key, writes are impossible at the account level regardless of any flag. Only pair a read-write key with --allow-writes when you actually want the assistant to make changes.
Destructive tools are flagged. Delete, release, reinstall, and similar irreversible operations are marked destructive, so MCP clients that support confirmations will prompt you before running them.

json

"args": ["-y", "@americancloud/mcp", "--allow-writes"]

A few read tools return credentials by design — for example fetching a Kubernetes cluster config or a database connection string. Their tool descriptions are labeled accordingly. Read-only mode means the assistant cannot change your infrastructure; treat retrieved credentials with the same care as any other secret.

Environment variables

Variable	Required	Purpose
`AMERICANCLOUD_API_CLIENT_ID`	yes	API client ID
`AMERICANCLOUD_API_CLIENT_SECRET`	yes	API client secret

Verifying the connection

After setup, ask your assistant to call the built-in get_server_info tool, or just ask a simple question:

"What regions can I deploy to on American Cloud?"

If the assistant lists regions, you're connected. For ideas on what to do next, see Things to try.

Versioning and source

The server is versioned independently of the platform API; each release states the API surface it targets. Release notes, source, and issue tracking live on GitHub.