Docs · MCP server
Give your AI agent the full Cloud Horizon surface.
The Cloud Horizon MCP server exposes inventory, cost, anomalies, VM lifecycle, tag policy, and forecasts as MCP tools. One authenticated endpoint, audit logged on every call, scope-limited per token. Plug it into Claude, GPT, Cursor, Backstage, n8n, or your own agent.
Cloud Horizon sits between your agents and the underlying cloud control planes. Your agent never holds cloud credentials, only an MCP token scoped to the tools it needs.
Quick start
Authenticate once with the bearer token from your dashboard, then call any tool. The server is OpenAPI-described, MCP-compatible, and stable across protocol versions.
1. List your inventory
$ curl mcp.cloud-horizons.com/v1/tools/inventory.list \
-H "Authorization: Bearer $TOKEN" \
--json '{"cloud":"aws","tag":"team=platform"}'2. Get a cost summary by team
$ curl mcp.cloud-horizons.com/v1/tools/cost.summary \
-H "Authorization: Bearer $TOKEN" \
--json '{"window":"MTD","group_by":"team"}'3. Or wire it as an MCP server
{
"mcpServers": {
"cloudsight": {
"url": "https://mcp.cloud-horizons.com/v1",
"headers": { "Authorization": "Bearer $TOKEN" }
}
}
}Tool catalog
Six tools today. Read tools work the day your read-only IAM role lands. Write tools (vm.lifecycle, tag.policy with action=apply) unlock when you flip the write scope on per cloud.
inventory.list
Returns every resource Cloud Horizon tracks across AWS, Azure, GCP, and StackIT. Filter by cloud, account, region, tag, or run-rate threshold.
inventory.list({ cloud: "aws", tag: "team=platform", min_runrate: 500 })cost.summary
Spend roll-up for any time window. Group by cloud, account, team, service, or environment. Returns daily, monthly, or year-to-date.
cost.summary({ window: "MTD", group_by: "team" })anomalies.recent
Lists anomalies flagged in the last N days. Each anomaly includes a severity score, the resources involved, and a suggested remediation.
anomalies.recent({ days: 7, severity: "high" })vm.lifecycle
Schedule, snapshot, resize, deallocate, or de-provision a VM. Cost-impact preview returned before any action runs. Write actions require enabled write scope.
vm.lifecycle({ id: "i-0abc...", action: "deallocate", schedule: "weeknights" })tag.policy
Read or update the tag policy. Use this to enforce required tags, identify untagged spend, or generate cleanup tickets.
tag.policy({ action: "audit", required: ["team", "env"] })forecast.next_period
Forecast next month or next quarter against a budget. Returns the projected spend, the team or service driving the delta, and the recommended action.
forecast.next_period({ window: "next_month", budget: 120000 })Auth model
- Bearer tokens, scoped per agent. Each token carries a list of allowed tools and a list of allowed accounts. Revoke from the dashboard at any time.
- Read-only by default. Write tools require explicit scope and a per-action approval workflow. The agent proposes, a human approves, the agent executes.
- Per-token rate limits. Default is 60 requests per minute. Raise on request for batch jobs and ETL workloads.
Audit and observability
- Every call audit-logged. Token, tool, arguments, result digest, latency, and cost-impact summary stored for 18 months.
- Webhook stream. Subscribe to call.completed and anomaly.detected events. Slack, PagerDuty, or your own listener.
- SOC 2 Type II in flight. Targeting completion 2026 Q3. Penetration test report available under NDA.
Get the MCP token
Start the 14-day trial, get a read-only MCP token in your dashboard.
Connect AWS, Azure, GCP, or StackIT, and the token works the same hour. Wire it into Claude, GPT, Cursor, n8n, or your own agent. We will help with the integration on the kickoff call.