Understanding the CloudBees Unify MCP Server

4 minute read

The CloudBees Unify MCP Server lets you connect AI clients such as Claude Code and Gemini to CloudBees Unify using the Model Context Protocol (MCP). Once connected, you work with CloudBees Unify conversationally through your AI agent, without switching context from your IDE or AI client.

What is MCP?

MCP is an open standard that lets AI agents connect to external services. CloudBees Unify supports MCP, so supported AI clients can access CloudBees Unify capabilities.

Once connected, your AI agent can perform actions such as:

  • Manage components: create, list, search, and delete components.

  • Work with workflows: list, validate, update, and trigger workflows.

  • Investigate security findings, issues, and security reports.

  • Inspect CI controllers: list controllers and retrieve reports.

  • Manage feature flag configurations.

Supported MCP clients

The CloudBees Unify MCP Server officially supports the following MCP clients:

  • Claude Code

  • Gemini

MCP clients that support the pre-registration OAuth flow (--client-id=public-mcp-client) also work with the CloudBees Unify MCP Server.

Unsupported client registration methods

The CloudBees Unify MCP Server does not currently support the following client registration methods. Both are planned for a future release.

Dynamic Client Registration (DCR)

An OAuth 2.0 registration protocol (RFC 7591) that lets client applications obtain a client_id by registering with an authorization server at runtime, without manual pre-registration. The CloudBees Unify MCP Server uses a single pre-configured public client (public-mcp-client) instead, which provides better security and easier monitoring.

Client ID Metadata Document (CIMD)

An MCP-specific client identification mechanism where the client_id is a resolvable URL. The authorization server fetches that URL at runtime to discover the client’s metadata (redirect URIs, client name), removing the need for any prior registration. The CloudBees Unify MCP Server currently uses a pre-configured public client (public-mcp-client) and does not resolve client metadata from URLs.

Common use cases

  • Check build status: "What’s the status of my latest build?" instead of opening the Unify dashboard.

  • Investigate failures: "Show me the logs for build #42" to diagnose issues immediately.

  • Manage workflows: "List all workflows for the payment-service component".

  • Handle security findings: "What security vulnerabilities were found in my last build?".

  • Configure feature flags: "Enable the new-checkout-flow flag for the staging environment".

Who should use MCP?

MCP is designed for technical users who want to integrate AI agents with CloudBees Unify:

  • Developers who want their AI agent to access Unify without manual context copying.

  • Platform and DevOps engineers automating investigations and configuration updates.

  • Security engineers summarizing findings from inside their AI agent.

How connecting works

To connect your AI agent to CloudBees Unify, you configure your AI client with the CloudBees Unify MCP endpoint, authenticate through OAuth, and select the organization you want to work in:

  1. Configure your AI client with the CloudBees Unify MCP endpoint: https://mcp.cloudbees.io/v1/mcp.

  2. Authenticate using OAuth (the same sign-in as the CloudBees Unify web interface).

  3. Select your Root Organization.

  4. Start asking questions.

For step-by-step instructions, refer to:

Authentication

You authenticate using the same OAuth flow as the CloudBees Unify web interface:

  1. Your AI client opens your web browser.

  2. You sign in using Google, GitHub, or SSO.

  3. You select your Root Organization. You only see organizations you have access to.

  4. Your AI client stores your credentials securely.

You don’t need a separate credential for MCP. If you can access CloudBees Unify in your web browser, you can connect your AI agent. Your AI agent acts with the same permissions as your user account.

Access control with roles

CloudBees Unify enforces role-based access control (RBAC) when you use MCP.

All tools are visible to authenticated users, but your roles determine which resources you can access:

  • A user with only the Developer role cannot access user management resources.

  • A user with only read permissions cannot trigger workflows or modify feature flags.

  • A user not in a team cannot access that team’s components.

Because your AI agent acts with your permissions, the resources it can reach are exactly the resources you can reach in the CloudBees Unify web interface. To control what an AI agent can do, assign it a user account with only the roles it needs. For guidance on scoping access, refer to Secure your MCP connection.

Available tools

CloudBees Unify provides tools for working with components, workflows, builds, security findings, feature flags, and more.

All tools are visible to authenticated users. Your CloudBees Unify roles determine which resources you can access when using those tools.

Refer to CloudBees Unify MCP Server tool reference for the complete catalog.

Migrate to the remote server

Earlier versions of the MCP integration used a local server (binary or Docker image) that communicated over the stdio transport. That local server is now deprecated. The current approach uses a CloudBees-hosted remote server that your AI client reaches over HTTPS, with no local installation required.

  • As of May 31, 2026, the local server (stdio transport) is deprecated.

  • The remote server requires no binary or Docker image on your machine.

  • New capabilities are only available through the remote server.

Refer to Migrate to the remote CloudBees Unify MCP Server for step-by-step migration guidance.

Security

Your connection to CloudBees Unify is secure:

  • All communication is encrypted.

  • You authenticate using the same OAuth flow as the CloudBees Unify web interface.

  • Your AI agent acts with the same permissions as your user account.

  • CloudBees traces tool calls server-side for observability, attributed to your user and organization.

CloudBees Unify follows industry-standard security practices covered by the CloudBees SOC2 certification.

For security best practices, refer to Secure your MCP connection. For information about how your data is handled, refer to Understanding MCP privacy and data handling.