Cloudsmith unveils MCP Server to bridge AI & developer tools

Cloudsmith has introduced its MCP Server, a tool designed to connect artificial intelligence assistants such as Claude and CoPilot into developers' existing workflows. The server aims to help engineering teams manage and understand their software artifacts through natural language, without leaving the tools they already use.

AI and developer workflows

The MCP Server allows developers to use natural language to trigger builds, inspect software packages, and run workflows. By using the Model Context Protocol (MCP), Cloudsmith's tool ensures that these commands and interactions happen entirely inside the developer's preferred environment, removing the need to make dedicated API queries or access additional user interfaces.

Security and governance features are built into the server, enabling companies to set policies and audit every action performed by AI agents. All requests and responses are logged, maintaining visibility into the actions taken by both humans and AI assistants.

Connecting AI and artifacts

The MCP Server is positioned as a bridge between the growing use of AI in software development and the need for robust software supply chain management. By supporting major AI tools and LLMs via the open MCP standard, Cloudsmith seeks to provide organisations with a way to integrate intelligent agents directly with their repositories, packages, and build systems.

Developers can use AI to retrieve information, analyse usage trends, or enforce policies on their artifact repositories - all with natural language. Policy-as-code controls restrict what each AI agent is able to do, ensuring boundaries are respected as organisations automate more of the development process.

"AI is redefining how developers work, moving from manual clicks to natural language interactions. We see this shift every day with our customers. Cloudsmith's MCP Server is a necessary bridge to this new way of working," said Alison Sickelka, VP of Product at Cloudsmith.

"By integrating directly with tools like Claude and CoPilot, we ensure engineers can manage, secure, and make decisions about their software artifacts simply by asking a question within the environment they already use. This isn't just about convenience, it brings trusted artifact data and governance exactly where developers build, making the AI part of the secure software supply chain, not separate from it."

Industry changes

Cloudsmith has also expanded its Enterprise Policy Manager with new policy enforcement and automation capabilities, alongside the MCP Server launch. This update includes real-time visibility features aimed at supporting the faster pace of AI-powered software creation, and the management of new artifact types.

The company has made its ML Model Registry generally available, allowing enterprises to manage machine learning models with similar levels of control and oversight as other types of software packages.

The integration of AI assistants directly into development workflows under a common governance and security model is intended to address the operational and compliance needs that come with more automated, AI-powered development pipelines.

Cloudsmith maintains that these changes are designed to support what it sees as three pillars of the modern software supply chain: integrating AI into workflows, managing new artifact types, and accelerating software creation through AI.