CubeCobra MCP Server

Local setup

npm install npm run build

Running locally

npm start

Or, for iterating in TypeScript:

npm run dev

Environment configuration

The server uses optional environment variables:

CUBECOBRA_BASE_URL — override the base URL (defaults to https://cubecobra.com).
CUBECOBRA_COOKIE — your CubeCobra session cookie (needed for private/owner-only endpoints).
CUBECOBRA_CSRF — CSRF token to accompany the cookie for POSTs.
DEFAULT_CUBE_SHORT_ID — fallback short ID for cube tools (list/csv/json/plaintext).
DEFAULT_CUBE_ID — fallback cube UUID for records tools.
DEFAULT_RECORD_ID — fallback record ID for record page/data tools.

Persisting secrets locally

To avoid retyping these on every run, create a local env file (not committed) and load it when you start the server. For example, create .env.local in the project root:

CUBECOBRA_BASE_URL=https://cubecobra.com CUBECOBRA_COOKIE=connect.sid=...; othercookies=... CUBECOBRA_CSRF=your-csrf-token DEFAULT_CUBE_SHORT_ID=obc DEFAULT_CUBE_ID=6178df6d-867d-4b54-b7ed-ff940daf26aa DEFAULT_RECORD_ID=318ecd53-6cc7-4489-9408-35c3decee4ae

Then start with:

env $(cat .env.local | xargs) npm run dev # or env $(cat .env.local | xargs) npm start

Make sure .env.local is in your .gitignore to keep secrets out of version control.

Notes on CubeCobra auth

Auth is only required for endpoints like list_cube_records; public tools (list, csv, json, plaintext) work without auth.
The CSRF token can be copied from the x-csrf-token header of a successful POST in the browser’s Network tab when logged in.