OSS MCP Server (Alpha) - Object Storage Service - Alibaba Cloud Documentation Center

OSS MCP Server integrates Alibaba Cloud Object Storage Service (OSS) data management capabilities into AI applications via the Model Context Protocol (MCP).

Important

This is an Alpha version and is subject to major changes.

Prerequisites

Before you begin, ensure that you have:

Node.js >= 18.20.5
An Alibaba Cloud account with OSS access
An AccessKey ID and AccessKey secret (or temporary credentials)

Tools

OSS MCP Server provides the following tools:

Tool	API name	Description
List buckets	`ListBuckets`	List buckets in your account, with optional filtering by prefix or resource group
View bucket information	`GetBucketInfo`	Get configuration and metadata for a specific bucket
Get bucket stats	`GetBucketStat`	Get storage capacity, object count, and multipart part count for a bucket

Tool parameters

ListBuckets

All parameters are optional.

Parameter	Description
`prefix`	Filter results to bucket names that start with this prefix
`marker`	Resume pagination from this position. Results are returned in alphabetical order, starting from the entry after the marker.
`maxKeys`	Maximum number of buckets to return. Default: 100. The upper limit is configurable on the OSS MCP Server instance (1-1000).
`resourceGroupId`	Filter results to buckets in this resource group
`region`	OSS-specific region ID (for example, `oss-cn-hangzhou`). Determines the endpoint for the request.

GetBucketInfo

Parameter	Required	Description
`bucket`	Yes	Name of the bucket
`region`	No	OSS-specific region ID (for example, `oss-cn-hangzhou`)

GetBucketStat

Parameter	Required	Description
`bucket`	Yes	Name of the bucket
`region`	No	OSS-specific region ID (for example, `oss-cn-hangzhou`)

Example prompts

Once connected, use natural language to interact with your OSS data:

"List all my OSS buckets"
"Show me the storage stats for my-bucket"
"What region is my-bucket in?"
"How many objects are in my-bucket?"
"List buckets in resource group rg-abc123"

Authentication

OSS MCP Server reads credentials from environment variables. Set the following before starting the server:

Variable	Required	Description
`OSS_ACCESS_KEY_ID`	Yes	Your AccessKey ID
`OSS_ACCESS_KEY_SECRET`	Yes	Your AccessKey secret
`OSS_SECURITY_TOKEN`	Only for temporary credentials	Security token from STS
`OSS_REGION`	No	Default OSS region ID (for example, `oss-cn-hangzhou`)
`OSS_ENDPOINT`	No	Custom endpoint URL

For production environments, use RAM roles or STS temporary credentials instead of long-term AccessKey credentials.

Connect via STDIO

STDIO is the simplest integration mode. The AI client launches the MCP Server as a subprocess and communicates over standard input/output.

Cursor

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "alibabacloud-oss": {
      "command": "npx",
      "args": ["-y", "alibabacloud-oss-mcp-server@alpha"],
      "env": {
        "OSS_ACCESS_KEY_ID": "<your-access-key-id>",
        "OSS_ACCESS_KEY_SECRET": "<your-access-key-secret>"
      }
    }
  }
}

Cherry Studio

Configure a new MCP server with these settings:

Field	Value
Type	Standard input/output
Command	`npx`
Parameters	`-y alibabacloud-oss-mcp-server@alpha`
`OSS_ACCESS_KEY_ID`	`<your-access-key-id>` (required)
`OSS_ACCESS_KEY_SECRET`	`<your-access-key-secret>` (required)
`OSS_SECURITY_TOKEN`	`<your-security-token>` (optional)
`OSS_REGION`	`oss-cn-hangzhou` (optional)
`OSS_ENDPOINT`	`https://oss-cn-hangzhou.aliyuncs.com` (optional)

Connect via Streamable HTTP

In Streamable HTTP mode, you run OSS MCP Server as a standalone HTTP service. AI clients connect over HTTP instead of spawning a subprocess. This mode suits remote deployments and server-side integrations.

Start the server

export OSS_ACCESS_KEY_ID="<your-access-key-id>"
export OSS_ACCESS_KEY_SECRET="<your-access-key-secret>"

npx -y -p alibabacloud-oss-mcp-server@alpha -p express alibabacloud-oss-mcp-server --transport=streamable-http --port=18081

The server listens at http://localhost:18081/mcp.

OSS MCP Server only listens on localhost. For remote access, set up a reverse proxy with port forwarding. Configure HTTPS and authentication on the reverse proxy before exposing it to external traffic.

Configure clients

Cherry Studio

Field	Value
Type	Streamable HTTP
URL	`http://localhost:18081/mcp`

Dify

Field	Value
Server-side endpoint URL	`http://localhost:18081/mcp`

Use programmatically

Install the package to embed OSS MCP Server directly in your application:

npm install alibabacloud-oss-mcp-server@alpha

Basic usage

import { OSSMcpServer, OSSMcpServerTransport } from 'alibabacloud-oss-mcp-server/server';

const server = new OSSMcpServer({
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  securityToken: process.env.OSS_SECURITY_TOKEN,  // Only for temporary credentials
  region: process.env.OSS_REGION,
  endpoint: process.env.OSS_ENDPOINT,
  transportType: OSSMcpServerTransport.STDIO
});

await server.runServer();

Configuration options

OSS client configuration

Parameter	Default	Description
`accessKeyId`	—	AccessKey ID (required)
`accessKeySecret`	—	AccessKey secret (required)
`securityToken`	—	Security token for temporary credentials
`refreshCredentials`	—	Function to refresh temporary credentials before they expire
`refreshCredentialsInterval`	`300000` ms (5 min)	How often to refresh credentials, in milliseconds
`lastRefreshCredentialsTime`	Client init time	Timestamp of the last credential refresh
`region`	`oss-cn-hangzhou`	Region ID or OSS-specific region ID. Converted to a region ID for request signing.
`endpoint`	Internet endpoint derived from `region`	Service endpoint. Overrides the `internal` parameter. If the value includes a protocol, the `secure` parameter is ignored. Required if `region` is a plain region ID or if you're accessing OSS through a custom domain.
`internal`	`false`	Use an internal network endpoint
`secure`	`true`	Use HTTPS
`cname`	`false`	Treat `endpoint` as a CNAME (custom domain). Requires `endpoint` to be set.
`sldEnable`	`false`	Use a second-level domain to access OSS
`signVersion`	`ESignVersion.V4`	Signature version
`isRequestPay`	`false`	Enable pay-by-requester mode. Adds the `x-oss-request-payer: requester` header to requests.
`userAgent`	—	Custom User-Agent string, sent as part of the `User-Agent` request header
`timeout`	`60000` ms (60 s)	Request timeout in milliseconds
`disabledMD5`	`false`	Skip Content-MD5 calculation
`proxy`	—	Proxy settings for HTTP requests
`retryMax`	`0`	Maximum number of retries for failed requests
`requestErrorShouldRetry`	Retry all	Function to determine whether to retry a failed request
`amendTimeSkewed`	`0`	Time drift correction in milliseconds
`customRequestFunction`	—	Custom request implementation
`customSign`	—	Custom signing function, applied to all requests that require signing except POST signatures

MCP Server configuration

Parameter	Default	Description
`transportType`	`stdio`	Communication mode: `stdio` or `streamable-http`
`port`	`18081`	HTTP server port (Streamable HTTP only)
`tools`	All enabled	List of tools to enable. Omit to enable all tools.
`listToolsMaxKeysMaxValue`	`100`	Upper limit for `maxKeys` in list-based tools (1-1000)
`listToolsDefaultMaxKeys`	Value of `listToolsMaxKeysMaxValue`	Default value for `maxKeys` in list-based tools
`httpServer`	—	Custom HTTP server instance (Streamable HTTP only)
`logger`	—	Logger instance
`xmlContentText`	`false`	Return tool results as raw XML instead of JSON
`toolsRequestSuccessCallback`	—	Callback invoked on successful tool requests
`toolsRequestErrorCallback`	—	Callback invoked on failed tool requests