Connection Modes: Local vs Hosted
CloudBase MCP supports two connection modes:
- Local Mode: Run the MCP server locally via
npx - Hosted Mode: The MCP server runs on Tencent Cloud, and your IDE connects over HTTP
Choose the one that fits your needs.
Local Mode (Recommended)
What it means / when to use it
- Meaning: MCP runs on your machine via
npx, alongside your IDE. - Pros: Full feature set, including capabilities that rely on local filesystem access.
- Requirements: Node.js installed and
npxavailable.
Configuration example
Add this to your IDE’s MCP configuration (e.g. Cursor / WindSurf):
{
"mcpServers": {
"cloudbase": {
"command": "npx",
"args": ["@cloudbase/cloudbase-mcp@latest"],
"env": {}
}
}
}
Optional environment variables (Local Mode)
In Local Mode, you can control behavior via environment variables. All of the following are optional.
| Env var | Description | Default / Notes |
|---|---|---|
CLOUDBASE_ENV_ID | CloudBase environment ID (optional) | If not set, the first call will guide you through login and environment selection |
TENCENTCLOUD_SECRETID | Tencent Cloud SecretId (optional) | If not set, it will be obtained via the login flow; see CAM API keys |
TENCENTCLOUD_SECRETKEY | Tencent Cloud SecretKey (optional) | Same as above |
TENCENTCLOUD_SESSIONTOKEN | Tencent Cloud temporary token (optional) | Only needed for temporary credentials; see STS |
TCB_REGION | Tencent Cloud region, e.g. ap-shanghai (optional) | Uses SDK default if not set |
TCB_AUTH_OAUTH_ENDPOINT | Custom device-code OAuth endpoint (advanced) | If not set, uses default |
TCB_AUTH_CLIENT_ID | Custom device-code OAuth client_id (advanced) | If not set, uses default |
TCB_AUTH_OAUTH_CUSTOM | Whether the custom endpoint uses a custom response format (advanced) | Defaults to false if endpoint is not set; defaults to true when endpoint is set |
INTEGRATION_IDE | IDE identifier (e.g. Cursor, CodeBuddy) (optional) | Used for logging and capability adaptation |
CLOUDBASE_MCP_PLUGINS_ENABLED | Enabled plugin list, comma-separated (optional) | Uses default plugin set if not set |
CLOUDBASE_MCP_PLUGINS_DISABLED | Disabled plugin list, comma-separated (optional) | Similar to URL param disable_plugins |
WORKSPACE_FOLDER_PATHS / PROJECT_ROOT | Project root path (templates, remote downloads, etc.) (optional) | Defaults to current working directory; in CI you can use GITHUB_WORKSPACE, etc. |
CLOUDBASE_MCP_TELEMETRY_DISABLED | Set to true to disable telemetry (optional) | Telemetry enabled by default |
CLOUDBASE_LOG_DIR | Log directory (optional) | Defaults to ~/.cloudbase-mcp/logs |
CLOUDBASE_GUIDE_PROMPT | Set to false to disable some guide prompts (optional) | Some IDEs will show fewer hints |
Which login env vars should I set?
In most cases, you don’t need to set any of these 3 variables:
TCB_AUTH_OAUTH_ENDPOINTTCB_AUTH_CLIENT_IDTCB_AUTH_OAUTH_CUSTOM
Only configure them if you need to integrate with your organization’s own login middleware. See the official doc: Isolation方案(无 CAM 子账号).
- Personal dev / typical teams: use the default device-code login
- Servers / CI / remote environments: prefer
TENCENTCLOUD_SECRETID,TENCENTCLOUD_SECRETKEY,TENCENTCLOUD_SESSIONTOKEN,CLOUDBASE_ENV_ID - Enterprise login middleware: usually start with
TCB_AUTH_OAUTH_ENDPOINT
Minimal example:
TCB_AUTH_OAUTH_ENDPOINT=https://auth.your-domain.com/oauth
Notes:
TCB_AUTH_CLIENT_ID: only set if your custom auth service requires a fixedclient_idTCB_AUTH_OAUTH_CUSTOM: when using a customTCB_AUTH_OAUTH_ENDPOINT, it should typically betrue(now usually auto-handled)
Hosted Mode
What it means / when to use it
- Meaning: MCP runs on Tencent Cloud, and your IDE connects over HTTP—no need to install or run Node locally.
- Pros: No local environment dependency; it works once you provide credentials.
- Limitations: Some capabilities that require local filesystem access are unavailable (e.g. uploading local files, downloading templates into your workspace).
Configuration example
Replace <env_id>, <Tencent Cloud SecretId>, <Tencent Cloud SecretKey> with your environment ID and Tencent Cloud API keys:
{
"mcpServers": {
"cloudbase": {
"type": "http",
"url": "https://tcb-api.cloud.tencent.com/mcp/v1?env_id=<env_id>",
"headers": {
"X-TencentCloud-SecretId": "<Tencent Cloud SecretId>",
"X-TencentCloud-SecretKey": "<Tencent Cloud SecretKey>"
}
}
}
}
- Environment ID: See it in the CloudBase Console.
- SecretId / SecretKey: Create/view them in Tencent Cloud CAM API keys.
Control plugins via URL (Hosted Mode only)
In the url, you can disable specific plugins via query parameter disable_plugins (e.g. disable rag and env):
https://tcb-api.cloud.tencent.com/mcp/v1?env_id=YOUR_ENV_ID&disable_plugins=rag&disable_plugins=env
Current plugin names: env, database, functions, hosting, storage, setup, rag, cloudrun, gateway, download, security-rule, invite-code, capi.
Environment variables (Hosted Mode)
In Hosted Mode, MCP runs in the cloud, so environment variables are configured server-side. If you host your own MCP service, you can refer to MCP Tools – Hosted MCP Configuration for the optional env var table (e.g. TENCENTCLOUD_SECRETID, TENCENTCLOUD_SECRETKEY, CLOUDBASE_ENV_ID, etc.).
If you use Tencent Cloud’s hosted MCP, you can pass env_id and credentials via the URL and headers as shown above—no server-side env vars needed.
Supported Plugins
| Plugin | Description |
|---|---|
env | Environment: login/logout, environment queries, security domain management |
database | Database: NoSQL / SQL structure and content read/write, data models |
functions | Cloud functions: list/details/logs/layers/triggers (query) and create/update/invoke/bindings (manage) |
hosting | Static hosting: upload/delete/search files, domain management |
storage | Cloud storage: query, upload/download/delete files |
setup | Setup & rules: download templates, IDE rules and configs |
rag | Knowledge & web: knowledge base search, web search |
download | Downloads: remote files to local |
gateway | Gateway: expose targets / access entrypoints |
security-rule | Security rules: read/write rules for NoSQL/SQL/functions/buckets |
invite-code | Invite code: activate AI coding incentive |
cloudrun | CloudRun: service queries, init/deploy/delete, etc. |
capi | Cloud API: generic Tencent Cloud API calls |
If you don’t configure anything, all plugins above are enabled by default. You can disable specific plugins via environment variables or URL params—see the Local/Hosted sections above.
Supported Tools
CloudBase MCP currently provides about 32 MCP tools, distributed by plugin as below. For the full parameter reference, see MCP Tools.
| Plugin | Tools |
|---|---|
| env | auth, envQuery, envDomainManagement |
| database | readNoSqlDatabaseStructure, writeNoSqlDatabaseStructure, readNoSqlDatabaseContent, writeNoSqlDatabaseContent, executeReadOnlySQL, executeWriteSQL, manageDataModel, modifyDataModel |
| functions | queryFunctions, manageFunctions |
| hosting | uploadFiles, deleteFiles, findFiles, domainManagement |
| storage | queryStorage, manageStorage |
| setup | downloadTemplate, downloadRemoteFile |
| rag | searchWeb, searchKnowledgeBase |
| gateway | queryGateway, manageGateway |
| cloudrun | queryCloudRun, manageCloudRun |
| security-rule | readSecurityRule, writeSecurityRule |
| invite-code | activateInviteCode |
| capi | callCloudApi |