medusajs/using-medusa-cloud
plugins/medusa-cloud/skills/using-medusa-cloud/SKILL.md
Manages Medusa Cloud resources through the Cloud CLI (mcloud). Use when deploying, debugging deployments, managing environments, environment variables, or any Medusa Cloud operation. CRITICAL for mcloud commands, deployment failures, build logs, Cloud setup, and CI/CD workflows.
$ install --global
skillsauthnpx skillsauth add medusajs/medusa-agent-skills using-medusa-cloudInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 5:58 AM261.1s4 files scanned
SKILL.md
- name:
- using-medusa-cloud
- description:
- Manages Medusa Cloud resources through the Cloud CLI (mcloud). Use when deploying, debugging deployments, managing environments, environment variables, or any Medusa Cloud operation. CRITICAL for mcloud commands, deployment failures, build logs, Cloud setup, and CI/CD workflows.
Managing Medusa Cloud Resources
Operational guide for AI agents managing Medusa Cloud infrastructure through the mcloud CLI. Covers setup, deployments, debugging, environments, and variables.
Constraints
- Always pass
--jsonwhen parsing CLI output. Plaintext output is for humans and may change without warning. - Confirm context before mutating. Run
mcloud whoami --jsonbefore any state change. - Read before you write. Run a
getorlistbefore anydelete,redeploy, ortrigger-build. - Use
--yesfor destructive operations.deletecommands require--yesin non-interactive mode. - Production environments cannot be deleted.
mcloud environments deleteerrors on production by design. - Never pass
--revealunless the user explicitly asks. Secret values appear in terminal scrollback and logs. --jsonand--followare incompatible. Use bounded time windows (--from/--to) with--jsonfor programmatic log ingestion.
CRITICAL: Load Reference Files When Needed
Load these references based on what you're doing:
- Setting up the CLI? → MUST load
setup.mdfirst - Debugging a failed deployment? → MUST load
debugging-deployments.mdfirst - Managing environments or variables? → MUST load
environments-and-variables.mdfirst
Minimum requirement: Load at least one reference file before executing multi-step workflows.
Quick Reference
Authentication Check
Always verify auth and scope before mutating state:
mcloud whoami --json | jq -e '.auth.kind != "none" and .organization.id != null'
Exit code 0 = authenticated and scoped. Non-zero = stop and ask the user.
Set Context Once
mcloud use \
--organization org_123 \
--project proj_123 \
--environment production
CRITICAL:
mcloud usewithout flags is interactive and fails in CI/Docker/piped input. Always pass flags.
Deployment Status Routing
Route on backend_status (or storefront_status):
| Status | Meaning | Logs to check |
|--------|---------|---------------|
| build-failed | Build step failed | mcloud deployments build-logs <id> |
| deployment-failed | Runtime crashed after build | mcloud logs --deployment <id> |
| timed-out | Exceeded time budget | Both: build-logs first, then runtime logs |
Redeployment Decision
| Command | When to use |
|---------|-------------|
| mcloud environments redeploy <env> | Fix is environment-side (variable change, infra) — reruns existing build |
| mcloud environments trigger-build <env> | Fix is in source code on the tracked branch — starts new build |
Common Pitfalls
- TTY-only commands.
mcloud login,mcloud use(without flags), anddeletewithout--yesrequire a TTY. They fail in CI, Docker, or piped input. MCLOUD_TOKENprecedence. When set, file-based credentials are ignored andmcloud loginis rejected. Unset it to switch accounts.- Personal vs org access keys. Personal keys require
--organization; org keys are pre-scoped. organizations listrequires personal auth. Org access keys return 401 on this command.- Build IDs vs deployment IDs.
depl_*= deployment ID; anything else = build ID (resolved to latest deployment).mcloud logs --deploymentaccepts both; other commands take build IDs only.
Reference Files
setup.md - CLI installation, authentication, context setup
debugging-deployments.md - Build/deployment failure recipes and log analysis
environments-and-variables.md - Environment lifecycle and variable management
Related Skills
medusajs/plugins/medusa-cloud/skills/mcloud-auth
tools
VerifiedTrustedCommunity
--- name: mcloud-auth description: Execute mcloud authentication and context commands: login, logout, whoami, use, version, and signup. Use when setting up the CLI, switching accounts, verifying auth state, setting the active org/project/environment context, or checking the CLI version. allowed-tools: Bash(mcloud whoami*), Bash(mcloud use*), Bash(mcloud version*), Bash(mcloud logout*), Bash(jq*) --- # Cloud CLI: Auth and Context Commands Execute authentication and context commands for the Medu
162SKILL.mdUpdated May 9, 2026
medusajs/new-user
tools
VerifiedTrustedCommunity
Create an admin user in Medusa
162SKILL.mdUpdated May 8, 2026
medusajs/db-migrate
data-ai
VerifiedTrustedCommunity
Run database migrations in Medusa
162SKILL.mdUpdated May 8, 2026
medusajs/db-generate
data-ai
VerifiedTrustedCommunity
Generate database migrations for a Medusa module
162SKILL.mdUpdated May 8, 2026