MCP (Model Context Protocol)
What is MCP?
The Model Context Protocol (MCP) is an open standard that enables AI assistants like Cursor to securely interact with your Quave Cloud infrastructure. Think of it as giving your AI assistant controlled access to manage your applications - it can check logs, deploy updates, scale containers, and more, all through natural conversation in your IDE.
Example: Instead of logging into the Quave Cloud dashboard, you can ask Cursor:
- "Show me the recent errors in my production app"
- "Deploy the latest commit to staging"
- "Scale my web containers to 5 replicas"
MCP was created by Anthropic and follows modern security best practices to ensure your resources remain protected.
How It Works
┌─────────────┐ ┌──────────────┐ ┌─────────────────┐
│ You ask │ │ MCP │ │ Quave Cloud │
│ Cursor │ ───────>│ Server │ ──────�─>│ API │
│ in IDE │ │ (Secure) │ │ │
└─────────────┘ └──────────────┘ └─────────────────┘
↓ ↓ ↓
Natural Validates Executes
Language Permissions Safely
- You communicate with Cursor in natural language from your IDE
- Cursor translates your request into MCP tool calls
- MCP Server validates your permissions and security settings
- Quave Cloud API executes the approved operations
- Results are returned to Cursor, who explains them to you
Important: What's Enforced Where
Understanding what the Quave Cloud server enforces vs what the MCP client respects is crucial for security:
| Setting | Enforced By | Can be bypassed? | Description |
|---|---|---|---|
| Enabled Scopes | ✅ Server | ❌ No | The server validates every request against your enabled scopes. Cannot be bypassed. |
| MCP Key Enabled | ✅ Server | ❌ No | Disabled keys are rejected at the server level. Cannot be bypassed. |
| Security Level | ⚠️ MCP Client | ✅ Yes (client dependent) | Controls confirmation prompts in your AI client. Different clients may implement this differently. |
| Session Duration | ⚠️ MCP Client | ✅ Yes (client dependent) | How long approvals last. Managed by the client, not the server. |
What this means for you:
- ✅ Server-enforced settings (Enabled Scopes, Key Status) provide true security - even if someone modifies the MCP client, these protections remain
- ⚠️ Client-enforced settings (Security Level, Session Duration) are convenience features that improve UX but don't provide security guarantees - they depend on the MCP client's implementation
Security Best Practice: Only enable the scopes you truly need. The server will block any operation outside your enabled scopes, regardless of how the MCP client is configured.
Getting Started
Step 1: Create an MCP Key
- Log into Quave Cloud
- Go to User Menu → MCP
- Click Create MCP Key
- Configure your key:
- Name (required): A memorable identifier like
my-laptop,cursor-ide, orwork-macbook - Enabled Scopes: Choose which operations this key can perform (see below)
- Security Level: How strict the confirmation prompts should be
- Session Duration: How long approvals last (5-1440 minutes)
- Name (required): A memorable identifier like
- Click Create
- Copy your MCP key immediately - you won't see it again!
Step 2: Configure Your MCP Client
Cursor IDE (Recommended)
- Open Cursor Settings (Cmd+, on Mac or Ctrl+, on Windows)
- Search for "MCP" or navigate to Features → Model Context Protocol
- Click Edit Config to open your MCP configuration file
- Add your Quave Cloud MCP server:
{
"mcpServers": {
"quave-cloud": {
"url": "https://mcp.quave.cloud/",
"headers": {
"authorization": "YOUR_MCP_KEY_HERE"
}
}
}
}
- Save the file and restart Cursor
- Look for the MCP indicator in Cursor - this means MCP is connected!
For detailed setup instructions, see our Cursor Setup Guide
Claude Desktop App
- Open the Claude Desktop configuration file:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
Windows:
%APPDATA%\Claude\claude_desktop_config.json
- Add the same configuration as shown above for Cursor
- Restart Claude Desktop (fully quit and reopen)
- Look for the 🔌 icon in the chat input
Other MCP Clients
Any MCP-compatible client can connect using:
- URL:
https://mcp.quave.cloud/ - Authentication: Include your MCP key in the
Authorizationheader
Step 3: Start Using It!
Just chat naturally with Cursor in the composer or chat panel:
Examples:
- "List all my Quave Cloud accounts"
- "Show me the last 50 logs from my production app"
- "What's the current status of my staging environment?"
- "How many pods are running in production?"
- "Check if there are any errors in the last hour"
- "Show me the deployment history for staging"
Understanding MCP Keys Configuration
Enabled Scopes
Scopes define what operations your MCP key is allowed to perform. The Quave Cloud server validates every request against these scopes - this cannot be bypassed.
| Scope | What It Allows | Risk Level | Always Enable? |
|---|---|---|---|
| Read Only | View apps, logs, metrics, and account information | Safe | Yes |
| Read Secrets | View secret environment variables and sensitive data | High Risk | Rarely |
| Write Configurations | Update app configuration, environment variables, and settings | Low Risk | If needed |
| Write Deployments | Deploy, restart, scale, and manage app environments | Medium Risk | If needed |
| Write Dangerous | Delete resources and perform irreversible actions | High Risk | Rarely |
| Admin | Account-level administrative operations | Critical | Rarely |
Security Best Practice: Only enable the scopes you actually need. Start with just "Read Only" and add others as required.
Current Tools by Scope
Read Only (quave:read) - View apps, logs, metrics, and account information:
list-accounts- Lists all accounts that the authenticated user has access toget-current-account- Gets the current account set for the authenticated userlist-apps- Lists all apps for the authenticated userlist-app-envs- Lists all app environments for the authenticated userget-app-env- Gets the full configuration for an app environment including resources, scaling, deployment settings, security, hosts, and pending changes (may also require additional scopes: Read Secrets)get-app-env-status- Gets the current runtime status and health for an app environmentget-app-env-metrics- Gets real-time resource metrics (CPU, memory, container count)get-app-env-history- Gets the deployment history and activity timelineget-app-env-pods- Gets pod-level details for an app environmentget-logs- Retrieves logs from an app environment with filtering and search
Read Secrets (quave:read:secrets) - View secret environment variables and sensitive data:
No primary tools for this scope, but may be required by:
get-app-env- Gets the full configuration for an app environment including resources, scaling, deployment settings, security, hosts, and pending changes
Write Configurations (quave:write:config) - Update app configuration, environment variables, and settings:
set-current-account- Sets the current account for the authenticated userupdate-app-env-resources- Updates resource allocation for an app environment (zClouds or custom CPU/memory/disk)
Write Deployments (quave:write:deploy) - Deploy, restart, scale, and manage app environments:
apply-app-env-changes- Applies pending configuration changes to an app environment (like terraform apply)
Write Dangerous (quave:write:dangerous) - Delete resources and perform irreversible actions:
Tools under development for this scope
Admin (quave:admin) - Account-level administrative operations:
Tools under development for this scope
Security Level
The Security Level controls how your MCP client prompts you for confirmation. This is implemented by the MCP client (like Claude Desktop) and provides a better user experience, but is not enforced by the Quave Cloud server.
| Level | Behavior | Best For |
|---|---|---|
| Strict | Confirm every operation - Maximum security | Critical production accounts |
| Balanced | Recommended - Read auto-approved, writes confirmed | Most users (recommended) |
| Permissive | Minimal confirmations - Trust automation | Development environments |
| Auto | Full automation - Only confirm destructive operations | Trusted automation workflows |
Important: Even if you select a permissive security level, the server will still block any operation not allowed by your Enabled Scopes. The Security Level only affects when the MCP client shows you confirmation prompts.
Example: If you only enable the "Read Only" scope:
- Security Level = "Permissive" → No confirmations for reads (client behavior)
- Try to deploy → ❌ Server blocks it (scope not enabled)
Session Duration
Session Duration controls how long the MCP client remembers your approvals. This is managed by the MCP client (like Cursor), not the Quave Cloud server.
- Min: 5 minutes (300 seconds)
- Max: 24 hours (86,400 seconds)
- Default: 30 minutes (1,800 seconds)
How it works (in compatible clients like Cursor):
- You approve a "Deployments" operation
- For the next 30 minutes (or your configured duration), similar deployment operations don't require re-approval
- After 30 minutes, you'll be prompted again
Note: Different MCP clients may implement session management differently. This setting provides guidance but is not enforced by the server.
Name (Required)
A friendly identifier for this key. This name helps you recognize which device or application is using the key.
Requirements:
- 3-20 characters
- Alphanumeric with hyphens only
- Must be unique across your MCP keys
Examples:
my-laptop- Personal computercursor-ide- Cursor IDEwork-macbook- Work machineclaude-desktop- Claude Desktop app
Managing Your MCP Keys
Viewing Your Keys
- Go to User Menu → MCP
- See all your keys with:
- Name and creation date
- Enabled scopes
- Security level and session duration
- Last used timestamp
- Enabled/disabled status
Editing a Key
- Click the Edit button next to a key
- Modify:
- Enabled scopes
- Security level
- Session duration
- Click Save
Note: To change the key name or get a new key value, you must regenerate the key (see below). You cannot retrieve the raw key value after creation.
Regenerating a Key
If you need to change the name or have lost the key value, you can regenerate it:
- Click the Edit button next to a key
- Click Regenerate Key
- Optionally change the name
- Click Regenerate Key to confirm
- Copy the new key immediately - you won't see it again!
Important:
- Regenerating invalidates the old key immediately
- All applications using the old key will stop working
- You must update all MCP client configurations with the new key
- The key settings (scopes, security level, session duration) are preserved
Disabling a Key
If you suspect a key is compromised or no longer need it:
- Click the Toggle button to disable
- The key is immediately blocked at the server level
- Toggle again to re-enable if needed
Deleting a Key
Warning: This is permanent!
- Click the Delete button
- Confirm the deletion
- The key is permanently removed
Security Best Practices
For MCP Keys
- ✅ Use different keys for different purposes - One for local development, one for work, etc.
- ✅ Only enable scopes you need - Start with "Read Only" and add more as required
- ✅ Disable keys you're not using - Reduce attack surface
- ✅ Delete compromised keys immediately - Create a new one if needed
- ✅ Review "Last Used" regularly - Spot unauthorized usage
For Production Environments
- ✅ Never enable "Dangerous Operations" unless absolutely necessary
- ✅ Use "Strict" security level for production access
- ✅ Keep session duration short (15-30 minutes)
- ✅ Review logs regularly - Check for unexpected operations
What if a Key is Stolen?
- Immediately disable the key in the Quave Cloud UI
- The key is blocked at the server level - no more requests will be processed
- Review recent activity to see what the attacker might have done
- Create a new key with appropriate scopes
- Update your MCP client configuration
Understanding Server vs Client Enforcement
This is critically important for security:
✅ Server-Enforced (True Security)
These settings are validated by the Quave Cloud server on every single request. Even if someone modifies the MCP client code or configuration, these protections remain in place:
- Enabled Scopes - The server checks if the requested operation is allowed by your scopes
- MCP Key Status - Disabled keys are rejected immediately
- MCP Key Validity - Invalid or expired keys are rejected
Example:
User has only enabled: quave:read
MCP Client requests: deploy-app (requires quave:write:deploy)
Quave Cloud Server response: ❌ 403 Forbidden
"Insufficient scope: quave:write:deploy required"
Result: BLOCKED, even if the MCP client tried to bypass checks
⚠️ Client-Enforced (UX Enhancement)
These settings improve the user experience by showing confirmation prompts and managing approvals, but they depend on the MCP client's implementation:
- Security Level - Controls when the client shows confirmation prompts
- Session Duration - How long the client remembers approvals
Example:
User sets Security Level: Strict
Good MCP Client: Shows confirmation for every operation
Modified/Simple MCP Client: Might not show confirmations
BUT: The server still enforces Enabled Scopes!
Key Takeaway: Configure your Enabled Scopes carefully - this is your real security boundary. Security Level and Session Duration are convenience features that make the UX better but don't provide security guarantees.
Troubleshooting
"MCP key not found" or "Invalid MCP key"
Problem: The server doesn't recognize your key.
Solutions:
- Verify you copied the entire key (including any prefix)
- Check that the key hasn't been deleted
- Ensure there are no extra spaces in your configuration
"MCP keys cannot be used directly"
Problem: You're trying to use an MCP key directly with the Quave Cloud API.
Explanation: MCP keys can only be used through the MCP Server. They include a shared secret validation that prevents direct API usage.
Solution: Use regular CLI/API tokens for direct API access. MCP keys are specifically for MCP client usage.
"Insufficient scope" error
Problem: Your key doesn't have the required scope for the operation.
Example Error:
Error: Insufficient scope
Required: quave:write:deploy
Your key has: quave:read
Solution:
- Go to User Menu → MCP
- Edit your key
- Enable the required scope
- Try the operation again
Client shows no confirmation even with "Strict" security
Problem: The MCP client (Cursor, Claude Desktop, etc.) isn't showing confirmation prompts.
Explanation: Security Level is a client-side feature. Some clients may not implement it or might have bugs.
Important: Even without client confirmations, the server still enforces your Enabled Scopes. You're protected by the server-side validation.
Session seems to last forever or expire immediately
Problem: Session Duration doesn't seem to work as configured.
Explanation: Session Duration is implemented by the MCP client. Different clients handle this differently.
Your protection: The server continuously validates your Enabled Scopes, regardless of session behavior.
Available MCP Tools
All MCP tools are accessible through natural language conversation with Cursor or other MCP clients.
Read Only (quave:read)
list-accounts
Lists all accounts that the authenticated user has access to
Example: "Show me all my accounts"
get-current-account
Gets the current account set for the authenticated user
Example: "Which account am I using?"
list-apps
Lists all apps for the authenticated user
Example: "List all my apps"
list-app-envs
Lists all app environments for the authenticated user
Example: "Show me all environments for my web app"
get-app-env
Gets the full configuration for an app environment including resources, scaling, deployment settings, security, hosts, and pending changes
May also require additional scopes: Read Secrets
Example: "Use get-app-env"
get-app-env-status
Gets the current runtime status and health for an app environment
Example: "Is production running?"
get-app-env-metrics
Gets real-time resource metrics (CPU, memory, container count)
Example: "What's the CPU usage of staging?"
get-app-env-history
Gets the deployment history and activity timeline
Example: "Show me the last 10 deployments"
get-app-env-pods
Gets pod-level details for an app environment
Example: "How many pods are running?"
get-logs
Retrieves logs from an app environment with filtering and search
Example: "Show me error logs from production in the last hour"
Write Configurations (quave:write:config)
set-current-account
Sets the current account for the authenticated user
Example: "Switch to my work account"
update-app-env-resources
Updates resource allocation for an app environment (zClouds or custom CPU/memory/disk)
Example: "Use update-app-env-resources"
Write Deployments (quave:write:deploy)
apply-app-env-changes
Applies pending configuration changes to an app environment (like terraform apply)
Example: "Use apply-app-env-changes"
FAQ
Q: What's the difference between MCP keys and CLI tokens? A: CLI tokens are for direct API access or CLI usage. MCP keys are specifically for MCP clients and include additional security validation.
Q: Can I use the same key on multiple devices? A: Yes, but we recommend creating separate keys for each device for better security and tracking.
Q: How do I know if my key was used? A: Check the "Last Used" timestamp on the MCP Keys page.
Q: Can I use MCP keys in CI/CD pipelines? A: MCP keys are designed for interactive use with AI assistants like Cursor. For CI/CD, use regular CLI/API tokens instead.
Q: Is my MCP key encrypted? A: Yes, MCP keys are encrypted at rest using AES-256-CBC encryption.
Q: Can I change the name of my MCP key? A: Yes, use the "Regenerate Key" feature when editing a key. This lets you change the name and generates a new key value. Note that the old key stops working immediately.
Q: What happens to my old key when I regenerate? A: The old key is invalidated immediately and stops working. You must update all MCP client configurations with the new key value. Your key settings (scopes, security level, session duration) remain the same.
Q: If I select "Permissive" security level, can someone destroy my production? A: No! Even with "Permissive" security level, the server enforces your Enabled Scopes. If you don't enable "Dangerous Operations", deletion operations will be blocked by the server.
Q: Can someone modify their MCP client to bypass security? A: They can bypass client-side features (confirmations, session management), but they CANNOT bypass server-enforced Enabled Scopes. Your scope configuration is your true security boundary.
Resources
- MCP Specification - Official MCP protocol documentation
Support
Need help with MCP? Contact our support team