AI agents can now read your codebase, write migrations, and propose architecture changes. What they can't do — without help — is see what's actually running in your production environment. They don't know which pods are crashing, which environment variables are set, how your services are connected, or what your cloud bill looks like right now. They're reasoning in the dark.
Model Context Protocol (MCP) changes that. It provides a standard interface for agents to query live systems. And when MCP is paired with a persistent infrastructure layer — one that keeps your cloud state queryable at all times — you get something genuinely new: AI agents that understand your production environment the same way a senior engineer would, with up-to-date context, not stale assumptions.
This article explains how MCP works, what an agentic infrastructure layer is, and how five major AI agents — OpenClaw, Claude Code, Codex CLI, Hermes, and Perplexity Computer — can connect to live cloud infrastructure through Clanker Cloud's MCP endpoint.
The Infrastructure Access Problem
The gap between "AI that can write code" and "AI that can operate infrastructure" is a context gap. Most agents today are trained on documentation, Stack Overflow, GitHub repos, and general knowledge. That's sufficient for generating a Terraform resource block or a Kubernetes deployment YAML. It's not sufficient for knowing:
- Whether
DB_HOSTin your production cluster ispostgres-primary.internalor something that changed last Thursday - Which services are currently unhealthy and why
- What your AWS cost delta was this week vs. last
- Which deployments happened in the last 24 hours and whether they correlated with a spike in errors
- What the actual schema of your production database looks like, not the version from your last migration
Without this live context, agents make assumptions. Those assumptions are often wrong. The result is code that references env vars that don't exist, config changes that conflict with current state, or "fixes" that break something downstream because the agent didn't know it was there.
Every agent that touches infrastructure needs a reliable, secure, structured way to read live cloud state before it acts. That's not an API integration problem — it's an architectural problem. And MCP is the architectural answer.
What MCP Solves
Model Context Protocol is an open standard introduced by Anthropic that defines how AI models communicate with external tools and data sources. The simplest analogy: MCP is the USB-C standard for AI agent integrations. Instead of every agent building its own bespoke connector to every tool, any MCP-compatible agent can connect to any MCP server and immediately use its capabilities.
The protocol uses a client/server architecture:
- MCP client: the AI agent (Claude Code, OpenClaw, Codex CLI, etc.)
- MCP server: the tool or data source exposing functionality (a database, a cloud API, an infrastructure platform)
Communication happens over one of two transports:
- stdio: for local processes — the agent spawns the MCP server as a subprocess and communicates over standard input/output. Fast, secure, no network exposure.
- HTTP/SSE: for remote servers — the agent connects to an HTTP endpoint and receives server-sent events. Required for hosted or cloud-based MCP servers.
Tools are described as JSON schemas. The agent receives a manifest of available tools — their names, parameters, and return types — and knows exactly what to call and how. There's no guessing, no hallucinated API surface. The contract is explicit.
The critical implication: you write the MCP server once. Any compatible agent can use it without modification. That's the difference between integrations that scale and integrations that become maintenance debt.
The Agentic Infrastructure Layer
An agentic infrastructure layer is a persistent, always-on MCP server that exposes your infrastructure — running services, deployments, pod health, environment configuration, costs, logs, and access controls — as queryable tools that any MCP-compatible agent can call.
This is the missing layer between AI agents and production.
Think of it as a read-optimized, agent-safe interface to your cloud state. Not a raw passthrough to your AWS or GCP credentials — that would be dangerous. Instead, a structured proxy: the infrastructure layer authenticates with your cloud providers, gathers state, and surfaces it to agents through well-defined tool schemas that expose what agents need and nothing else.
Clanker Cloud provides this layer. It's a local-first desktop application that connects to your cloud providers (AWS, GCP, Azure, Kubernetes, Cloudflare, Hetzner, DigitalOcean, GitHub) and exposes all of that connected infrastructure as a standards-compliant MCP server. Your agents connect to https://mcp.clankercloud.ai and immediately gain the ability to query your actual production environment — not a documentation page about it, not a hypothetical, the real thing.
This is the same pattern that made databases useful to web apps: instead of each app building its own file-based storage, they connected to a shared, well-abstracted layer. The agentic infrastructure layer does the same thing for AI agents and cloud state.
If you're working on taking an AI-assisted project from vibe coding to production, this is the layer that makes production-aware agents possible.
How Each Agent Connects
OpenClaw
OpenClaw is an open-source agentic coding framework with 68K+ GitHub stars. It operates as both an MCP client and an MCP server: it can consume external MCP servers and expose its own capabilities to other tools via openclaw mcp serve.
To register Clanker Cloud's infrastructure MCP server with OpenClaw:
openclaw mcp set clanker-cloud --url https://mcp.clankercloud.ai
Once registered, Clanker Cloud's infrastructure tools appear alongside OpenClaw's 13,700+ ClawHub skills. Any task OpenClaw runs — whether triggered manually or via its HEARTBEAT.md autonomous checklist (which runs every 30 minutes) — can now call live infra tools without additional configuration.
OpenClaw supports GPT-5.4 (default), Claude Opus/Sonnet, Gemini 3.1, and any Ollama-compatible model, making it compatible with Clanker Cloud's BYOK model selection as well. If you're deploying OpenClaw on DigitalOcean via the 1-Click deploy option, you can point it at Clanker Cloud's MCP endpoint immediately post-deployment.
Claude Code
Claude Code is Anthropic's terminal-based AI coding agent. It reads codebases, writes and runs code, and connects to MCP servers via a JSON config file. Add Clanker Cloud to your Claude Code configuration at ~/.claude/claude_desktop_config.json:
{
"mcpServers": {
"clanker-cloud": {
"command": "npx",
"args": ["-y", "@clankercloud/mcp-server"],
"env": {
"CLANKER_API_KEY": "your-api-key"
}
}
}
}
After restarting Claude Code, infrastructure tools from Clanker Cloud are available in context. Claude can now answer questions like "which services are currently unhealthy?" or "what changed in the last deployment?" by calling live MCP tools rather than guessing from stale documentation.
Claude Code uses Claude Opus and Sonnet models, both of which have robust function-calling support — they handle MCP tool invocations reliably and know when to call a tool vs. when to reason from existing context.
OpenAI Codex CLI
Codex CLI is OpenAI's terminal coding agent, running locally against o3 and o4-mini models. It connects to MCP servers via a JSON config at ~/.codex/config.json:
{
"mcpServers": {
"clanker-cloud": {
"transport": "http",
"url": "https://mcp.clankercloud.ai",
"headers": {
"Authorization": "Bearer your-api-key"
}
}
}
}
With this in place, Codex CLI can use infrastructure context when generating code or running agentic tasks. A Codex session that would previously hallucinate your database connection string can now call the get_env_vars tool and retrieve the actual value from your live cluster.
Hermes 3 (via LangChain / CrewAI)
Hermes 3 by NousResearch is an open-source model fine-tuned specifically for function calling and tool use. It runs locally via Ollama and integrates with agent frameworks including LangChain, CrewAI, AutoGen, and LlamaIndex.
To connect Hermes to Clanker Cloud's MCP server through LangChain:
from langchain_mcp import MCPClient
from langchain_community.llms import Ollama
llm = Ollama(model="nous-hermes3")
mcp_client = MCPClient(
server_url="https://mcp.clankercloud.ai",
api_key="your-api-key"
)
tools = mcp_client.get_tools()
agent = create_react_agent(llm, tools)
The same pattern works in CrewAI by passing the MCP tools to your crew's tool list. Because Hermes runs entirely locally via Ollama, this configuration keeps your model inference on-premise while still reaching the MCP endpoint for live infra context — a common requirement for security-conscious teams running AI DevOps for teams.
Perplexity Computer
Perplexity Computer is an AI assistant capable of browsing the web, running code, and connecting to external tools via MCP. Configured with Clanker Cloud's MCP endpoint, Perplexity Computer can query live infrastructure data — current service states, deployment history, cost summaries — and combine that with real-time web context for richer analysis.
This is particularly useful for cross-referencing live production state with external information: for example, checking whether a pod failure correlates with a known upstream provider incident, or auditing whether your infrastructure configuration matches current security recommendations.
What Agents Can Do with Live Infrastructure Access
Once any of these agents is connected to Clanker Cloud's MCP server, the set of available operations includes:
Service and workload visibility
- List all running services across connected clusters and cloud accounts
- Check pod health, restart counts, and readiness status in Kubernetes
- Inspect recent deployments: what changed, when, by whom
Configuration inspection
- Read environment variable names and values (non-secret) from running containers
- Compare expected configuration (from your repo) with actual deployed configuration
- Identify configuration drift between environments
Cost and resource intelligence
- Query current and historical cloud spend by service, account, or tag
- Identify idle or over-provisioned resources
- Surface cost anomalies in the last N hours or days
Security and compliance scanning
- Audit open security groups, public S3 buckets, or overly permissive IAM roles
- Check for services running without resource limits
- Identify deployments missing required labels or annotations
Operational context
- Fetch recent log summaries for a service
- Trace error rates and latency metrics
- Look up incident history correlated with deployment events
All of these are read-only by default. Write operations — applying a config change, scaling a deployment, modifying a resource — require explicitly enabling maker mode in Clanker Cloud. The agent proposes; a human reviews; the change applies only on explicit confirmation.
Security Model
The security architecture of Clanker Cloud's MCP layer is worth understanding in detail, because "give an AI agent access to your production infrastructure" is a sentence that should make you think carefully.
Credentials stay local. Clanker Cloud is a local-first desktop application. Your AWS access keys, GCP service account credentials, and Kubernetes kubeconfig files never leave your machine. The MCP server is a proxy that runs locally and reaches out to your cloud providers on your behalf. What gets exposed to the agent is structured query results, not raw credentials.
Tool responses are scoped. The MCP tools Clanker Cloud exposes return structured summaries: a list of services, a health status, a cost total. They do not return raw API responses, credential objects, or unfiltered secrets. If an agent calls get_env_vars, it gets variable names and non-sensitive values — not your database password.
Reads are separated from writes. By default, Clanker Cloud operates in read-first mode. The MCP server exposes read tools freely. Write tools (apply, scale, delete, update) are only available when maker mode is explicitly enabled. This means an agent can gather all the context it needs for analysis and planning, but cannot make changes unless you've consciously unlocked that capability.
Audit trail. Every MCP tool invocation is logged. You can see exactly what an agent queried, when, and what it received. This matters for compliance and for debugging agent behavior.
This is the right security model for AI agents accessing cloud infrastructure: scoped exposure, local credential custody, and a hard gate between reads and writes.
Why This Architecture Wins
There are three approaches teams typically consider for giving AI agents infrastructure access:
1. Raw cloud API access — Give the agent an IAM user with broad permissions and let it call AWS/GCP/Azure APIs directly. This works but is dangerous: the agent has unconstrained access, there's no structured query layer, credentials must be shared with the agent, and there's no audit trail on the agent's API calls beyond raw CloudTrail logs.
2. No infrastructure access — Keep agents isolated from production. They can write code but can't see what's actually running. Safe, but severely limited in usefulness: the agent can't help with operational tasks, can't verify its own suggestions against live state, and can't detect configuration drift.
3. MCP infrastructure layer — A scoped, structured proxy between agents and cloud state. Credentials stay local. Tools are explicitly defined. The agent sees what it needs and nothing more. Writes require human confirmation. This is the architecture that scales.
The MCP layer is the right abstraction for the same reason that an ORM is the right abstraction for database access in most applications: it gives you structure, safety, and portability without sacrificing capability.
As AI agents become more capable — and they will — the teams that have built a clean interface between agents and infrastructure will be able to extend their agent workflows incrementally. The teams that skipped the abstraction layer will be rebuilding from scratch.
You can see a live walkthrough of this in the Clanker Cloud demo.
Bring Your Own Keys
Clanker Cloud's BYOK model means you're not locked into a single AI provider. The desktop app supports:
- Gemma 4 via Ollama — Local inference, no API costs, full privacy
- Claude Code (Anthropic) — Opus and Sonnet for complex reasoning and code generation
- Codex (OpenAI) — o3/o4-mini for fast, capable coding tasks
- Hermes 3 (NousResearch via Ollama) — Open-source, fine-tuned for tool use and function calling
Each model connects to the same MCP infrastructure layer. Switching models doesn't require reconfiguring your infrastructure integrations — the MCP server is model-agnostic.
Frequently Asked Questions
What is Model Context Protocol (MCP)?
Model Context Protocol (MCP) is an open standard introduced by Anthropic that defines how AI agents communicate with external tools and data sources. It uses a client/server architecture: the AI agent acts as the MCP client, and the tool or data source acts as the MCP server. Tools are described as JSON schemas so the agent knows exactly what to call and how. Communication happens over stdio (for local processes) or HTTP/SSE (for remote servers). The protocol's significance is that it's write-once, use-anywhere: any MCP-compatible agent can connect to any MCP server without bespoke integration work.
How do AI agents like Claude Code or Codex access infrastructure?
Claude Code and Codex CLI both support MCP natively via JSON configuration files. For Claude Code, you add the MCP server configuration to ~/.claude/claude_desktop_config.json. For Codex CLI, the configuration goes in ~/.codex/config.json. Once configured, the agent can call infrastructure tools — querying live cloud state, inspecting deployments, checking service health — the same way it calls any other MCP-defined tool. Clanker Cloud exposes these tools via its MCP endpoint at https://mcp.clankercloud.ai.
What is an agentic infrastructure layer?
An agentic infrastructure layer is a persistent MCP server that exposes your cloud infrastructure — services, deployments, costs, configuration, health status — as structured, queryable tools that any MCP-compatible AI agent can use. It acts as a proxy between agents and your actual cloud providers: agents call the MCP tools, the infrastructure layer authenticates with AWS/GCP/Azure/Kubernetes on your behalf, and returns structured summaries. Credentials never reach the agent. It's the missing abstraction between AI reasoning capabilities and production cloud state.
Is it safe to give AI agents access to production infrastructure?
With the right architecture, yes. The key principles are: keep credentials local (never pass them to the agent), scope tool responses to structured summaries rather than raw API output, separate read operations from write operations (writes require explicit human confirmation), and maintain an audit log of all agent tool calls. Clanker Cloud's MCP server implements all of these. It runs locally on your machine, so your cloud credentials stay on your hardware. Agents can read freely but can only make changes when you've explicitly enabled maker mode. See the full FAQ for more on the security model.
Which AI agents support MCP?
All major AI coding and operations agents now support MCP either natively or via framework integrations. Native MCP support: Claude Code (Anthropic), OpenAI Codex CLI, OpenClaw (open-source, 68K+ GitHub stars), and Perplexity Computer. Framework-level MCP support (via LangChain, CrewAI, AutoGen, or LlamaIndex): Hermes 3 (NousResearch), GPT-4-based agents, and any agent built on a framework with an MCP tool adapter. The standard is converging quickly — MCP is becoming the default interface for agent-to-tool communication across the ecosystem.
Connect Your Infrastructure to Any AI Agent
The agentic infrastructure layer isn't a future concept — it's available now. Clanker Cloud exposes your AWS, GCP, Azure, Kubernetes, Cloudflare, Hetzner, DigitalOcean, and GitHub infrastructure as a live MCP server that any compatible agent can query today.
Whether you're running OpenClaw for autonomous task execution, Claude Code for codebase-level reasoning, Codex CLI for fast terminal workflows, Hermes for local open-source inference, or Perplexity Computer for research-augmented analysis — they all connect to the same endpoint, get the same live context, and operate within the same security model.
Get started:
- Create your Clanker Cloud account — Beta is free
- Read the MCP integration docs
- See what's possible with AI agents and infrastructure
- Watch the live demo
Pricing: Beta $0 · Lite $5/mo · Pro $20/mo · Enterprise custom.
Your credentials stay on your machine. Your agents get live context. The infrastructure layer handles the rest.
Give your agent live infrastructure context
Download Clanker Cloud, expose the local MCP surface, and let coding agents work from current cloud, Kubernetes, GitHub, and cost state instead of guesses.