feat: add Cloud MCP and ccloud CLI GA support, replace skill symlinks with real directories

     - Update mcp.json: cockroachdb-cloud backend with mcp-cluster-id header, remove stale ccloud entry
     - Replace skills symlink with 29 real directories from latest upstream submodule (7f13257)
     - Add Available MCP Tools section to all 4 rules (sql, app, developer, operator patterns)
     - Update README with Cloud MCP and ccloud CLI GA documentation, tool tables, OAuth/API key examples
     - Add weekly CI workflow to sync upstream cockroachdb-skills changes

Author: viragtripathi

.github/workflows/update-skills.yml

@@ -0,0 +1,100 @@
+name: Update cockroachdb-skills submodule
+
+on:
+  schedule:
+    - cron: '0 9 * * 1' # Weekly on Monday at 9am UTC
+  workflow_dispatch: # Allow manual trigger
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  check-update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Check for upstream updates
+        id: check
+        run: |
+          cd submodules/cockroachdb-skills
+          CURRENT=$(git rev-parse HEAD)
+          git fetch origin main
+          LATEST=$(git rev-parse origin/main)
+          echo "current=$CURRENT" >> "$GITHUB_OUTPUT"
+          echo "latest=$LATEST" >> "$GITHUB_OUTPUT"
+          if [ "$CURRENT" != "$LATEST" ]; then
+            echo "behind=true" >> "$GITHUB_OUTPUT"
+            COMMITS=$(git log --oneline "$CURRENT..$LATEST" | wc -l | tr -d ' ')
+            echo "commits=$COMMITS" >> "$GITHUB_OUTPUT"
+            git log --oneline "$CURRENT..$LATEST" > /tmp/changelog.txt
+            echo "changelog<<EOF" >> "$GITHUB_OUTPUT"
+            cat /tmp/changelog.txt >> "$GITHUB_OUTPUT"
+            echo "EOF" >> "$GITHUB_OUTPUT"
+          else
+            echo "behind=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Update submodule
+        if: steps.check.outputs.behind == 'true'
+        run: |
+          cd submodules/cockroachdb-skills
+          git checkout origin/main
+
+      - name: Sync skills from submodule
+        if: steps.check.outputs.behind == 'true'
+        run: |
+          # Build list of upstream skill names
+          upstream_skills=""
+          for skill_dir in submodules/cockroachdb-skills/skills/*/; do
+            for skill in "$skill_dir"*/; do
+              if [ -f "$skill/SKILL.md" ]; then
+                skill_name=$(basename "$skill")
+                upstream_skills="$upstream_skills $skill_name"
+
+                # Copy new or updated skills
+                if [ -d "skills/$skill_name" ]; then
+                  rm -rf "skills/$skill_name"
+                  cp -r "$skill" "skills/$skill_name"
+                  echo "Updated: $skill_name"
+                else
+                  cp -r "$skill" "skills/$skill_name"
+                  echo "Added: $skill_name"
+                fi
+              fi
+            done
+          done
+
+          # Remove skills that no longer exist upstream
+          for existing in skills/*/; do
+            existing_name=$(basename "$existing")
+            if ! echo "$upstream_skills" | grep -qw "$existing_name"; then
+              rm -rf "skills/$existing_name"
+              echo "Removed (no longer upstream): $existing_name"
+            fi
+          done
+
+          echo "Total skills: $(ls -d skills/*/ 2>/dev/null | wc -l | tr -d ' ')"
+
+      - name: Create Pull Request
+        if: steps.check.outputs.behind == 'true'
+        uses: peter-evans/create-pull-request@v7
+        with:
+          commit-message: "chore: update cockroachdb-skills submodule"
+          title: "chore: update cockroachdb-skills submodule (${{ steps.check.outputs.commits }} new commits)"
+          body: |
+            Updates `cockroachdb-skills` submodule from `${{ steps.check.outputs.current }}` to `${{ steps.check.outputs.latest }}`.
+
+            ### Upstream changes
+            ```
+            ${{ steps.check.outputs.changelog }}
+            ```
+
+            This PR was auto-generated by the [update-skills](${{ github.server_url }}/${{ github.repository }}/actions/workflows/update-skills.yml) workflow.
+          branch: chore/update-cockroachdb-skills
+          delete-branch: true
+          labels: dependencies,automated

README.md

@@ -39,43 +39,159 @@ export COCKROACHDB_DATABASE="your-database"
 
 For CockroachDB Cloud, find connection details in the [Cloud Console](https://cockroachlabs.cloud/).
 
+## MCP Backends
+
+<details>
+<summary><strong>MCP Toolbox</strong> (self-hosted, any cluster) — Default</summary>
+
+Connect to any CockroachDB cluster (Cloud, self-hosted, local) via [MCP Toolbox for Databases](https://github.com/googleapis/genai-toolbox).
+
+**Install:** `brew install mcp-toolbox` (v0.27.0+)
+
+**Run (stdio, default):** `toolbox --tools-file tools.yaml --stdio`
+
+**Run (HTTP):** `toolbox --tools-file tools.yaml --address 0.0.0.0:5000`
+</details>
+
+<details>
+<summary><strong>ccloud CLI</strong> (cluster lifecycle, backups, DR, networking)</summary>
+
+The [`ccloud` CLI](https://www.cockroachlabs.com/blog/cockroachdb-ai-agents-cli-database-automation/) is an agent-ready command-line tool for full cluster lifecycle management. AI agents call ccloud directly via shell commands (not MCP protocol) -- every command supports `-o json` for structured output.
+
+**Install:** `brew install cockroachdb/tap/ccloud`
+
+**Authenticate (interactive):** `ccloud auth login` (opens browser; supports SSO via OIDC/SAMLv2)
+
+**Authenticate (org-scoped):** `ccloud auth login --org {organization-label}`
+
+**Authenticate (headless/CI):** `ccloud auth login --no-redirect` or use a service account API key as a bearer token.
+
+**Example agent commands:**
+```bash
+# Provision
+ccloud cluster create serverless my-cluster us-east-1 --cloud AWS -o json
+ccloud cluster database create my-cluster myapp -o json
+
+# Connect
+ccloud cluster connection-string my-cluster --database myapp --sql-user maxroach -o json
+# Composable: pipe into jq + psql
+ccloud cluster connection-string my-cluster --database myapp --sql-user maxroach -o json \
+  | jq -r '.connection_url' | xargs -I{} psql {} -c "SELECT count(*) FROM users"
+
+# Operate
+ccloud cluster list -o json
+ccloud cluster info my-cluster -o json
+ccloud cluster backup config update my-cluster --frequency 60 --retention 60
+
+# Observe
+ccloud audit list --limit 10 -o json
+ccloud cluster versions -o json
+ccloud cluster cmek get my-cluster -o json
+
+# Scale & DR
+ccloud replication create --primary-cluster prod-east --standby-cluster dr-west
+ccloud cluster networking allowlist list <cluster-id> -o json
+
+# Organize
+ccloud folder create Production -o json
+ccloud folder contents <folder-id> -o json
+
+# Test resilience
+ccloud cluster disruption set my-cluster --region us-east-1 --whole-region
+```
+
+**Coverage:** Provision, Connect, Operate, Observe, Scale & DR, Organize, Test resilience. See the [ccloud reference](https://www.cockroachlabs.com/docs/cockroachcloud/ccloud-reference) for full command list.
+</details>
+
+<details>
+<summary><strong>CockroachDB Cloud MCP Server</strong> (OAuth/API key)</summary>
+
+The official [managed MCP server](https://www.cockroachlabs.com/blog/cockroachdb-ai-agents-managed-mcp-server/) is hosted by Cockroach Labs and requires no infrastructure setup. Authenticate via OAuth 2.1 (PKCE) or a service account API key. Read-only by default; write access requires explicit consent.
+
+**OAuth (recommended — opens browser for consent, scopes: `mcp:read`, `mcp:write`):**
+```json
+{
+  "mcpServers": {
+    "cockroachdb-cloud": {
+      "type": "http",
+      "url": "https://cockroachlabs.cloud/mcp",
+      "headers": {
+        "mcp-cluster-id": "{your-cluster-id}"
+      }
+    }
+  }
+}
+```
+
+**API Key (headless/autonomous agents):**
+```json
+{
+  "mcpServers": {
+    "cockroachdb-cloud": {
+      "type": "http",
+      "url": "https://cockroachlabs.cloud/mcp",
+      "headers": {
+        "mcp-cluster-id": "{your-cluster-id}",
+        "Authorization": "Bearer {your-service-account-api-key}"
+      }
+    }
+  }
+}
+```
+
+See the [quickstart guide](https://www.cockroachlabs.com/docs/cockroachcloud/connect-to-the-cockroachdb-cloud-mcp-server) for detailed setup.
+</details>
+
 ## What's Included
 
 ### MCP Backends
 
-| Backend                    | Status         | Transport       | Use Case                                                                                                                          |
-|----------------------------|----------------|-----------------|-----------------------------------------------------------------------------------------------------------------------------------|
-| `cockroachdb-toolbox`      | ✅ Available    | stdio           | Any CockroachDB cluster via [MCP Toolbox](https://github.com/googleapis/genai-toolbox)                                            |
-| `cockroachdb-toolbox-http` | ✅ Available    | Streamable HTTP | Same as above, remote/multi-user via HTTP                                                                                         |
-| `ccloud`                   | 🔜 Coming soon | stdio           | Cluster lifecycle, backups, DR, networking via [ccloud CLI](https://www.cockroachlabs.com/docs/cockroachcloud/ccloud-get-started) |
-| `cockroachdb-cloud`        | 🔜 Coming soon | HTTP            | CockroachDB Cloud MCP Server (OAuth/API key)                                                                                      |
+| Backend                    | Status      | Transport       | Use Case                                                                                                                          |
+|----------------------------|-------------|-----------------|-----------------------------------------------------------------------------------------------------------------------------------|
+| `cockroachdb-toolbox`      | Active      | stdio           | Any CockroachDB cluster via [MCP Toolbox](https://github.com/googleapis/genai-toolbox)                                            |
+| `cockroachdb-cloud`        | Active      | Streamable HTTP | [Managed MCP Server](https://www.cockroachlabs.com/blog/cockroachdb-ai-agents-managed-mcp-server/) — CockroachDB Cloud (OAuth/API key) |
+| `cockroachdb-toolbox-http` | Available   | Streamable HTTP | MCP Toolbox remote/multi-user via HTTP                                                                                            |
+
+### CLI Tools
+
+| Tool              | Status | Use Case                                                                                                                                           |
+|-------------------|--------|----------------------------------------------------------------------------------------------------------------------------------------------------|
+| `ccloud`          | Active | [Agent-ready CLI](https://www.cockroachlabs.com/blog/cockroachdb-ai-agents-cli-database-automation/) — cluster lifecycle, backups, DR, networking, audit. Agents call directly via shell. |
 
 ### Tools
 
+**MCP Toolbox** (self-hosted, any cluster):
+
 | Tool                       | Description                                      |
 |----------------------------|--------------------------------------------------|
 | `cockroachdb-execute-sql`  | Execute SQL statements (SELECT, DDL, DML)        |
 | `cockroachdb-list-schemas` | List all schemas in the database                 |
 | `cockroachdb-list-tables`  | List tables with columns, types, and constraints |
 
-### Skills
+**CockroachDB Cloud MCP** (managed, read tools):
 
-22 skills from [cockroachdb-skills](https://github.com/cockroachlabs/cockroachdb-skills) across 10 operational domains:
+| Tool                    | Description                                 |
+|-------------------------|---------------------------------------------|
+| `list_clusters`         | List all accessible clusters                |
+| `get_cluster`           | Get detailed cluster information            |
+| `list_databases`        | List databases in the cluster               |
+| `list_tables`           | List tables in a database                   |
+| `get_table_schema`      | Get detailed schema for a table             |
+| `select_query`          | Execute a SELECT statement                  |
+| `explain_query`         | Execute an EXPLAIN statement                |
+| `show_running_queries`  | List currently executing queries            |
 
-| Domain                          | Skills | Examples                                                        |
-|---------------------------------|--------|-----------------------------------------------------------------|
-| **Query & Schema Design**       | 1      | cockroachdb-sql                                                 |
-| **Observability & Diagnostics** | 7      | profiling-statement-fingerprints, triaging-live-sql-activity    |
-| **Security & Governance**       | 11     | auditing-cloud-cluster-security, hardening-user-privileges      |
-| **Onboarding & Migrations**     | 3      | molt-fetch, molt-verify, molt-replicator                        |
-| **Application Development**     | —      | (planned)                                                       |
-| **Performance & Scaling**       | —      | (planned)                                                       |
-| **Operations & Lifecycle**      | —      | (planned)                                                       |
-| **Cost & Usage Management**     | —      | (planned)                                                       |
-| **Integrations & Ecosystem**    | —      | (planned)                                                       |
-| **Resilience & Disaster Recovery** | —   | (planned)                                                       |
+**CockroachDB Cloud MCP** (managed, write tools — requires write consent):
+
+| Tool                    | Description                                 |
+|-------------------------|---------------------------------------------|
+| `create_database`       | Create a new database                       |
+| `create_table`          | Create a new table                          |
+| `insert_rows`           | Insert rows into a table                    |
+
+### Skills
 
-Skills are sourced from the [`cockroachdb-skills`](https://github.com/cockroachlabs/cockroachdb-skills) submodule via symlink — a single source of truth shared across CockroachDB agent integrations.
+Skills are sourced from the [`cockroachdb-skills`](https://github.com/cockroachlabs/cockroachdb-skills) submodule — a single source of truth shared across CockroachDB agent integrations.
 
 ### Rules
 
@@ -97,9 +213,9 @@ cd cursor-plugin
 
 ```
 .cursor-plugin/plugin.json   # Plugin manifest
-skills -> submodules/...     # Symlink to cockroachdb-skills (22 skills)
-rules/                        # 2 rule sets (.mdc files)
-mcp.json                      # MCP server definitions
+skills/                       # Skills from cockroachdb-skills submodule
+rules/                        # 4 rule sets (.mdc files)
+mcp.json                      # MCP server definitions (Toolbox + Cloud MCP)
 tools.yaml                    # Toolbox source & tool configuration
 submodules/cockroachdb-skills # Shared skills submodule
 assets/logo.svg               # Plugin logo
@@ -117,7 +233,10 @@ This repo uses [Release Please](https://github.com/googleapis/release-please) fo
 
 - [CockroachDB Documentation](https://www.cockroachlabs.com/docs/)
 - [CockroachDB Cloud Console](https://cockroachlabs.cloud/)
-- [ccloud CLI](https://www.cockroachlabs.com/docs/cockroachcloud/ccloud-get-started)
+- [Managed MCP Server Blog Post](https://www.cockroachlabs.com/blog/cockroachdb-ai-agents-managed-mcp-server/)
+- [Cloud MCP Quickstart Guide](https://www.cockroachlabs.com/docs/cockroachcloud/connect-to-the-cockroachdb-cloud-mcp-server)
+- [ccloud CLI for AI Agents Blog Post](https://www.cockroachlabs.com/blog/cockroachdb-ai-agents-cli-database-automation/)
+- [ccloud CLI Reference](https://www.cockroachlabs.com/docs/cockroachcloud/ccloud-get-started)
 - [MCP Toolbox for Databases](https://github.com/googleapis/genai-toolbox)
 - [Report Issues](https://github.com/cockroachdb/cursor-plugin/issues)
 

mcp.json

@@ -16,20 +16,11 @@
       "url": "http://127.0.0.1:5000/mcp",
       "_comment": "Streamable HTTP transport — run 'toolbox --tools-file tools.yaml' first, then connect via this URL"
     },
-    "ccloud": {
-      "command": "ccloud",
-      "args": ["mcp"],
-      "_comment": "CockroachDB Cloud CLI — manage clusters, backups, networking, and infrastructure. Coming soon.",
-      "env": {
-        "CCLOUD_API_KEY": "${CCLOUD_API_KEY}"
-      }
-    },
     "cockroachdb-cloud": {
       "type": "http",
       "url": "https://cockroachlabs.cloud/mcp",
-      "_comment": "Official CockroachDB Cloud MCP Server — OAuth 2.0 + API key auth. 12 tools: get_cluster_status, show_running_queries, list_databases, switch_database, create_database, list_tables, describe_table, create_table, list_columns, list_indexes, execute_query, explain_query. Read-only by default. Requires CockroachDB Cloud account.",
-      "env": {
-        "COCKROACHDB_CLOUD_API_KEY": "${COCKROACHDB_CLOUD_API_KEY}"
+      "headers": {
+        "mcp-cluster-id": "${COCKROACHDB_CLUSTER_ID}"
       }
     }
   }

rules/cockroachdb-app-patterns.mdc

@@ -677,6 +677,24 @@ rows, err := db.QueryContext(ctx,
 
 ---
 
+## Available MCP Tools
+
+**Via MCP Toolbox** (self-hosted, any cluster):
+- `cockroachdb-execute-sql`: Execute any SQL statement (test queries, validate schema changes)
+- `cockroachdb-list-schemas`: List database schemas
+- `cockroachdb-list-tables`: List tables with column details (verify ORM mappings)
+
+**Via CockroachDB Cloud MCP** (managed, CockroachDB Cloud clusters):
+- `list_databases`, `list_tables`, `get_table_schema`: Validate schema against ORM models
+- `select_query`, `explain_query`: Test queries and verify execution plans
+- `create_database`, `create_table`, `insert_rows`: Write operations (requires write consent)
+
+**Via ccloud CLI** (shell commands, `-o json` for structured output):
+- `ccloud cluster connection-string <name> --database <db> --sql-user <user>`: Programmatic connection strings for app configuration
+- `ccloud cluster info <name>`: Cluster details, version, regions
+
+---
+
 ## 14. General Rules (Quick Reference)
 
 1. **Keep transactions SHORT** — <10 statements, <4MB total payload

rules/cockroachdb-developer-patterns.mdc

@@ -440,6 +440,24 @@ ranges.forEach(range -> pool.submit(() -> {
 
 ---
 
+## Available MCP Tools
+
+**Via MCP Toolbox** (self-hosted, any cluster):
+- `cockroachdb-execute-sql`: Execute any SQL statement
+- `cockroachdb-list-schemas`: List database schemas
+- `cockroachdb-list-tables`: List tables with column details
+
+**Via CockroachDB Cloud MCP** (managed, CockroachDB Cloud clusters):
+- `list_databases`, `list_tables`, `get_table_schema`: Schema exploration
+- `select_query`, `explain_query`: Read queries and execution plans
+- `create_database`, `create_table`, `insert_rows`: Write operations (requires write consent)
+
+**Via ccloud CLI** (shell commands, `-o json` for structured output):
+- `ccloud cluster connection-string <name> --database <db> --sql-user <user>`: Programmatic connection strings
+- `ccloud cluster info <name>`: Cluster details for app configuration
+
+---
+
 ## Anti-Pattern Quick Reference (Developer-Specific)
 
 | ❌ Anti-Pattern | Why | ✅ Fix |