Skip to content
API Reference
Admin /Catalog /MCP Servers
Pulumi logo

Pulumi

Developer Tools

Manage cloud infrastructure with Pulumi IaC

List stacks, search managed resources with Lucene queries, review policy violations, list organization users, run Pulumi Neo automation (bridge, tasks, continue, reset), look up Pulumi Registry types/resources/functions, and deploy application code to AWS via generated infrastructure.

Adding Pulumi provisions three things in your zone: an upstream resource pointing at https://mcp.ai.pulumi.com/mcp (kept inside Keycard), a Keycard MCP Gateway URL - the downstream resource - that you install in Cursor, Claude Code, or any MCP client, and a provider for token exchange with Pulumi’s OAuth issuer.

When your AI client makes a tool call, it sends a Keycard-issued access token to the gateway URL. Keycard’s STS exchanges that token for an upstream Pulumi token, the gateway calls the upstream MCP, and the response is proxied back. Your zone’s identity provider, access policies, and audit log apply to every call - the upstream credential never leaves Keycard. Each call is recorded in the audit log with the user identity, the resource accessed, and the policy decision.

Tools

Section titled “Tools”
TOOLS

Tools the upstream server exposes through the Keycard MCP Gateway.

Pulumi exposes 14 tools through the gateway:

get-stacks
List all stacks in the org (no filters); use resource-search for filtered or named stack queries
resource-search
Search and analyze Pulumi-managed resources and stacks (Lucene syntax)
get-policy-violations
Open policy violations by project, stack, or organization (security and compliance)
get-users
List organization members when asked about users, admins, or teams
neo-bridge
Run Pulumi Neo tasks: send follow-ups on the same taskId, paginate while has_more, approvals only with explicit user consent
neo-get-tasks
List Neo tasks with ids, statuses, and console links
neo-continue-task
Poll a Neo task for status and new messages (read-only); send new instructions via neo-bridge with taskId
neo-reset-conversation
Reset the Neo conversation for a specific task
get-type
JSON schema for a specific Registry JSON schema type reference
get-resource
Registry metadata for a Pulumi resource type
get-function
Registry metadata for a Pulumi function
list-resources
List resource types for a provider and module
list-functions
List function types for a provider and module
deploy-to-aws
Deploy app code to AWS by generating Pulumi infrastructure from project files (no prior analysis step required)

Install

Section titled “Install”
INSTALL

Add Pulumi to your zone and install the gateway URL into Cursor, Claude Code, or any MCP client.

  1. Open the catalog

    In your zone’s Keycard Console, go to ApplicationsAdd ApplicationExplore MCP Servers.

  2. Find and install Pulumi

    Search for Pulumi in the catalog and click Install.

  3. Connect your development tool

    Once installed, Pulumi appears on the Applications page with a Keycard MCP Gateway URL. Use the Install dropdown to add it to Cursor, Claude Code, or any MCP-compatible client.

Section titled “Related”
RELATED