MCP Directory

How to add Cloudwright to Windsurf

Describe a cloud architecture in English; get Terraform, cost estimates, and compliance checks across AWS/GCP/Azure. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.

Last updated June 14, 2026 · 31 · stdio · apikey

Windsurf config for Cloudwright

pip install cloudwright-ai-mcp
{
  "mcpServers": {
    "cloudwright": {
      "command": "cloudwright",
      "args": [
        "mcp"
      ]
    }
  }
}

Setup steps

  1. 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
  2. 2Paste the Cloudwright config below.
  3. 3Fill in placeholder secrets, then save.
  4. 4Click Refresh in the MCP panel.
  5. 5Cloudwright's tools become available to Cascade.

Before you start

  • Python 3.12+
  • pip install cloudwright-ai-mcp
  • ANTHROPIC_API_KEY (preferred) or OPENAI_API_KEY for the LLM-powered design/modify tools; cost, validate, analyze, and export run offline

What Cloudwright can do in Windsurf

design

Generate a structured cloud architecture spec from a natural-language description (design group; LLM-powered).

cost

Produce a region-aware, per-component cost breakdown across AWS, GCP, Azure, and Databricks with per-line pricing-confidence flags (cost group).

validate

Validate a spec against compliance frameworks (HIPAA, SOC 2, PCI-DSS, FedRAMP, GDPR, NIST, Well-Architected) and emit findings (validate group).

analyze

Run architecture analysis such as lint anti-patterns, quality scoring, blast-radius/SPOF analysis, drift, policy, and security checks (analyze group).

export

Export the spec to Terraform, OpenTofu, Pulumi (TypeScript or Python), or CloudFormation with safe-by-default hardening (export group).

session

Manage Cloudwright session state across tool calls (session group).

Security

The design and modify tools call an LLM and require ANTHROPIC_API_KEY (preferred) or OPENAI_API_KEY in the environment; cost, validate, analyze, and export run fully offline. Terraform/Pulumi exporters apply safe-by-default hardening (encryption, IMDSv2, locked-down S3, RDS deletion protection) and escape user-supplied config values against HCL injection. The `cloudwright plan` step does not pass the LLM key into the IaC subprocess.

Cloudwright + Windsurf FAQ

Where is the Windsurf config file?

Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Cloudwright config there under the "mcpServers" key and restart the client.

Is Cloudwright safe to use with Windsurf?

The design and modify tools call an LLM and require ANTHROPIC_API_KEY (preferred) or OPENAI_API_KEY in the environment; cost, validate, analyze, and export run fully offline. Terraform/Pulumi exporters apply safe-by-default hardening (encryption, IMDSv2, locked-down S3, RDS deletion protection) and escape user-supplied config values against HCL injection. The `cloudwright plan` step does not pass the LLM key into the IaC subprocess.

How do I install and run the MCP server?

Install with `pip install cloudwright-ai-mcp`, then run `cloudwright mcp` for all tools over stdio. Use `cloudwright mcp --tools design,cost` for a subset or `cloudwright mcp --transport sse` for HTTP clients.

Do I need an API key?

Only the LLM-backed design and modify tools need a key (ANTHROPIC_API_KEY preferred, or OPENAI_API_KEY). Cost, validate, analyze, and export work fully offline.

Which clients does it work with?

Any MCP-compatible client. The README provides a claude_desktop_config.json mcpServers block and notes the same shape works for Cursor and Cline.

View repo Full Cloudwright page