MCP Server

Why MCP?

The Model Context Protocol lets agents call your tools with structured arguments and typed responses. No prompt engineering, no UI scraping — your LLM gets a real interface, with bounded inputs and outputs.

Available tools

• list_findings

  Filter by severity, dimension, resource, or audit. Cursor-paginated.

• get_finding

  Retrieve full forensic context for a single finding, including evidence and suggested remediation.

• list_resources

  Enumerate cloud objects, optionally filtered by provider, region, or tag.

• run_audit

  Trigger a fresh 4D pass on a tenant or scope. Returns an audit id you can poll.

• draft_remediation

  Ask the engine for a fix proposal for a finding — IaC patch, console steps, or both.

• summarize_posture

  High-level 4D scorecard for your environment. Cheap, cacheable, perfect for dashboards.

// Claude invokes a tool with structured args
{
  "tool": "list_findings",
  "arguments": {
    "severity": "critical",
    "dimension": "security",
    "limit": 10
  }
}

// Response (typed, schema-validated)
{
  "data": [
    {
      "id": "fnd_8f3a2c1b",
      "title": "Public S3 bucket exposing customer PII",
      "severity": "critical",
      "remediation_available": true
    }
  ],
  "next_cursor": null
}

Install in Claude Desktop

Add CloudSealed to your claude_desktop_config.json. Your Personal Access Token goes in the env block — never in the URL.

{
  "mcpServers": {
    "cloudsealed": {
      "url": "https://mcp.cloudsealed.com",
      "env": {
        "CLOUDSEALED_TOKEN": "cs_pat_xxxxxxxxxxxxxxxx"
      }
    }
  }
}

Other clients

Cursor, Zed, and any MCP-compatible client follow the same pattern: HTTPS endpoint plus a bearer token. The remote URL is the same — only the client config file changes.