Skip to content

feat: add MCP server for AI agent integration#1052

Draft
james00012 wants to merge 7 commits intomasterfrom
jk/mcp-server
Draft

feat: add MCP server for AI agent integration#1052
james00012 wants to merge 7 commits intomasterfrom
jk/mcp-server

Conversation

@james00012
Copy link
Contributor

@james00012 james00012 commented Mar 11, 2026
edited
Loading

Summary

  • Adds an MCP (Model Context Protocol) server (cloud-nuke mcp-server) that exposes cloud-nuke capabilities to AI agents over stdio
  • Implements 4 tools: list_resource_types, inspect_resources, nuke_resources, validate_config
  • Multi-layer safety model: dry_run defaults true, CONFIRM_NUKE confirmation string, --read-only mode, region/resource-type/project allowlists, max-resources-per-nuke limit (default 100)
  • Structured audit logging to stderr for all inspect and nuke operations
  • 79 unit tests covering safety checks, parameter validation, renderer events, edge cases, and tool annotations

File structure

mcp/
├── server.go          # Server creation, tool registration, validation, audit logging
├── helpers.go         # Shared param parsing, validators, tool param definitions
├── renderer.go        # MCPRenderer implementing reporting.Renderer
├── types.go           # Response types, server config
├── tools_list.go      # list_resource_types handler
├── tools_inspect.go   # inspect_resources handler (AWS + GCP)
├── tools_nuke.go      # nuke_resources handler with safety checks
├── tools_config.go    # validate_config handler
├── server_test.go     # 79 unit tests
commands/
├── mcp_command.go     # CLI wiring for `cloud-nuke mcp-server`
├── cli.go             # Register mcp-server subcommand

Usage

# Start MCP server (for AI agent integration)
cloud-nuke mcp-server

# Read-only mode (disable nuke)
cloud-nuke mcp-server --read-only

# Restrict to specific regions and resource types
cloud-nuke mcp-server --allowed-regions us-east-1 --allowed-resource-types ec2,s3

# Limit max resources per nuke operation
cloud-nuke mcp-server --max-resources-per-nuke 50

MCP client config example

{
  "mcpServers": {
    "cloud-nuke": {
      "command": "cloud-nuke",
      "args": ["mcp-server", "--allowed-regions", "us-east-1"]
    }
  }
}

Test plan

  • go build ./... succeeds
  • go vet ./... clean
  • go test ./mcp/... — 79 tests pass
  • Manual: cloud-nuke mcp-server starts and responds to JSON-RPC over stdin
  • Integration: list_resource_types returns AWS/GCP types
  • Integration: inspect_resources with real AWS creds scans resources
  • Integration: nuke_resources with dry_run: true returns preview

@james00012
fix(gcp): add error aggregation, context propagation, and structured …
0e77d7e 
…throttle detection

Align GCP nuke path with AWS patterns:
- GetAllResources and NukeAllResources now accept and propagate context.Context
- NukeAllResources and nukeResource return aggregated errors via multierror
- Replace string matching ("QUOTA_EXCEEDED") with structured gRPC/HTTP error checks
  (codes.ResourceExhausted, HTTP 429, HTTP 403 with rate-limit reasons)
- Append errors before telemetry to prevent data loss on telemetry failure
@james00012
fix(gcp): filter SERVICE_DISABLED errors and sanitize multiline error…
9ce064b 
… rendering

- Wire isServiceDisabledError into GetAllResources to silently skip
  disabled APIs instead of emitting noisy GeneralError events
- Sanitize error strings in printErrorsTable with RemoveNewlines and
  Truncate to prevent multiline gRPC errors from breaking pterm tables
- Fix RemoveNewlines to replace \n with space instead of empty string
- Promote genproto/googleapis/rpc to direct dependency (go mod tidy)
- Add unit tests for Truncate, RemoveNewlines, and multiline error rendering
@james00012
refactor(gcp): align GetAllResources signature with AWS using Query s…
b60395e 
…truct

- Add gcp.Query struct mirroring aws.Query (ProjectID, ResourceTypes,
  ExcludeResourceTypes, time filters, timeout)
- GetAllResources now takes *Query instead of individual params
- Wire --resource-type and --exclude-resource-type CLI flags into Query
- SERVICE_DISABLED errors are reported as errors when the resource is
  explicitly targeted, silently skipped otherwise
- Trim test verbosity
@james00012
refactor(gcp): align resource scanning and nuking with AWS region-bas…
a80fc62 
…ed pattern

Introduce GcpConfig struct, resource registry with global/regional split,
region loop in GetAllResources/NukeAllResources, IsNukeable with exclude
support, and Query.Validate() with region filtering.
@james00012
fix(mcp): update GCP handlers to use Query-based signatures
7a89aaf
@james00012
Revert "fix(mcp): update GCP handlers to use Query-based signatures"
27ba5a7 
This reverts commit 7a89aaf.
@james00012 james00012 requested a review from denis256 as a code owner March 11, 2026 20:39
@james00012 james00012 marked this pull request as draft March 11, 2026 20:39
@james00012
feat: add MCP server for AI agent integration
ed8e736 
Add an MCP (Model Context Protocol) server that exposes cloud-nuke
capabilities to AI agents over stdio. This enables programmatic resource
discovery and cleanup through a standardized protocol.

Tools:
- list_resource_types: enumerate supported resource types (AWS/GCP)
- inspect_resources: read-only scan to discover resources
- nuke_resources: delete resources with multi-layer safety checks
- validate_config: parse and validate inline YAML config

Safety model:
- dry_run defaults to true; explicit CONFIRM_NUKE string required
- --read-only mode disables nuke entirely
- --allowed-regions, --allowed-resource-types, --allowed-projects whitelists
- --max-resources-per-nuke limit (default 100)
- Structured audit logging to stderr for all operations
Base automatically changed from jk/gcp-error-aggregation-context to master March 11, 2026 22:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denis256 denis256 Awaiting requested review from denis256 denis256 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@james00012