feat: turn chatflow into MCP server (#5930)

* feat: turn chatflow into MCP server

- Added '@modelcontextprotocol/sdk' version 1.12.0
- Added 'zod' version 3.25.32
- Added migrations for MCP server config
- Added MCP endpoints (Streamable HTTP and SSE)
- Added MCP server configuration tab
- Added unit tests for MCP endpoints and services

* feat: Implement MCP endpoint service with SSE support

- Added a new MCP endpoint service to handle requests for chatflows, including support for SSE (Server-Sent Events) and stateless transport.
- Introduced functions for handling MCP requests, SSE connections, and message routing.
- Implemented error handling for service errors and session management for SSE.
- Created unit tests for the MCP server service, covering configuration CRUD operations and token management.
- Updated the MCP server configuration logic to ensure proper validation and error handling.
- Refactored the UI component to utilize a new API hook for fetching MCP server configuration.

* chore: handle error when get mcp server config

* - Introduced a new chat type 'MCP' in the ChatType enum, including UI filters and backend processing.
- Updated the zod dependency version specification to support both ^3.25.76 and ^4.
- Fix setHasExistingConfig

* fix: update chatflowCallback to enable chatflow building with active state for MCP

* refactor: remove deprecated SSE transport endpoints and related logic

- Removed handleGet and handleSseMessage methods from MCP endpoint controller.
- Updated MCP endpoint routes to eliminate SSE-related routes.
- Refactored service layer to remove SSE session management and related methods.
- Updated tests to remove references to deprecated SSE functionality.
- Adjusted UI component to remove SSE endpoint URL handling.

* chore: update MCP endpoint routes and references to align with new API structure

* chore: remove abortChatMessage when mcp request closed

* optimize mcpserver dialog for dark mode

* feat: implement form input schema generation for agentflow chatflows

---------

Co-authored-by: Henry <hzj94@hotmail.com>

Author: prd-hoang-doan

CONTRIBUTING.md

@@ -159,6 +159,7 @@ Flowise support different environment variables to configure your instance. You
 | PORT                                 | The HTTP port Flowise runs on                                                                                                                                                                                                                                                     | Number                                           | 3000                                |
 | CORS_ALLOW_CREDENTIALS               | Enables CORS `Access-Control-Allow-Credentials` when `true`                                                                                                                                                                                                                       | Boolean                                          | false                               |
 | CORS_ORIGINS                         | The allowed origins for all cross-origin HTTP calls                                                                                                                                                                                                                               | String                                           |                                     |
+| MCP_CORS_ORIGINS                     | The allowed origins for MCP endpoint cross-origin calls. If unset, only non-browser (no Origin header) requests are allowed. Set to `*` to allow all origins.                                                                                                                     | String                                           |                                     |
 | IFRAME_ORIGINS                       | The allowed origins for iframe src embedding                                                                                                                                                                                                                                      | String                                           |                                     |
 | FLOWISE_FILE_SIZE_LIMIT              | Upload File Size Limit                                                                                                                                                                                                                                                            | String                                           | 50mb                                |
 | DEBUG                                | Print logs from components                                                                                                                                                                                                                                                        | Boolean                                          |                                     |

docker/.env.example

@@ -76,6 +76,7 @@ PORT=3000
 # NUMBER_OF_PROXIES= 1
 # CORS_ALLOW_CREDENTIALS=false
 # CORS_ORIGINS=*
+# MCP_CORS_ORIGINS=*
 # IFRAME_ORIGINS=*
 # FLOWISE_FILE_SIZE_LIMIT=50mb
 # SHOW_COMMUNITY_NODES=true

docker/docker-compose-queue-prebuilt.yml

@@ -76,6 +76,7 @@ services:
             # SETTINGS
             - NUMBER_OF_PROXIES=${NUMBER_OF_PROXIES}
             - CORS_ORIGINS=${CORS_ORIGINS}
+            - MCP_CORS_ORIGINS=${MCP_CORS_ORIGINS}
             - IFRAME_ORIGINS=${IFRAME_ORIGINS}
             - FLOWISE_FILE_SIZE_LIMIT=${FLOWISE_FILE_SIZE_LIMIT}
             - SHOW_COMMUNITY_NODES=${SHOW_COMMUNITY_NODES}

docker/docker-compose.yml

@@ -61,6 +61,7 @@ services:
             # SETTINGS
             - NUMBER_OF_PROXIES=${NUMBER_OF_PROXIES}
             - CORS_ORIGINS=${CORS_ORIGINS}
+            - MCP_CORS_ORIGINS=${MCP_CORS_ORIGINS}
             - IFRAME_ORIGINS=${IFRAME_ORIGINS}
             - FLOWISE_FILE_SIZE_LIMIT=${FLOWISE_FILE_SIZE_LIMIT}
             - SHOW_COMMUNITY_NODES=${SHOW_COMMUNITY_NODES}

packages/server/.env.example

@@ -75,6 +75,7 @@ PORT=3000
 # NUMBER_OF_PROXIES= 1
 # CORS_ALLOW_CREDENTIALS=false
 # CORS_ORIGINS=*
+# MCP_CORS_ORIGINS=*
 # IFRAME_ORIGINS=*
 # FLOWISE_FILE_SIZE_LIMIT=50mb
 # SHOW_COMMUNITY_NODES=true

packages/server/package.json

@@ -65,6 +65,7 @@
         "@aws-sdk/client-secrets-manager": "^3.699.0",
         "@bull-board/api": "^6.11.0",
         "@bull-board/express": "^6.11.0",
+        "@modelcontextprotocol/sdk": "^1.10.1",
         "@google-cloud/logging-winston": "^6.0.0",
         "@keyv/redis": "^4.2.0",
         "@oclif/core": "4.0.7",
@@ -150,7 +151,8 @@
         "uuid": "^10.0.0",
         "winston": "^3.9.0",
         "winston-azure-blob": "^1.5.0",
-        "winston-daily-rotate-file": "^5.0.0"
+        "winston-daily-rotate-file": "^5.0.0",
+        "zod": "^3.25.76 || ^4"
     },
     "devDependencies": {
         "@types/content-disposition": "0.5.8",

packages/server/src/Interface.ts

@@ -30,7 +30,8 @@ export enum MODE {
 export enum ChatType {
     INTERNAL = 'INTERNAL',
     EXTERNAL = 'EXTERNAL',
-    EVALUATION = 'EVALUATION'
+    EVALUATION = 'EVALUATION',
+    MCP = 'MCP'
 }
 
 export enum ChatMessageRatingType {
@@ -70,6 +71,7 @@ export interface IChatFlow {
     apiConfig?: string
     category?: string
     type?: ChatflowType
+    mcpServerConfig?: string
     workspaceId: string
 }
 
@@ -403,6 +405,7 @@ export interface IExecuteFlowParams extends IPredictionQueueAppServer {
     parentExecutionId?: string
     iterationContext?: ICommonObject
     isTool?: boolean
+    chatType?: ChatType
 }
 
 export interface INodeOverrides {
@@ -421,6 +424,13 @@ export interface IVariableOverride {
     enabled: boolean
 }
 
+export interface IMcpServerConfig {
+    enabled: boolean
+    token: string
+    description?: string
+    toolName?: string
+}
+
 // DocumentStore related
 export * from './Interface.DocumentStore'
 

packages/server/src/commands/base.ts

@@ -16,6 +16,7 @@ export abstract class BaseCommand extends Command {
         FLOWISE_FILE_SIZE_LIMIT: Flags.string(),
         PORT: Flags.string(),
         CORS_ORIGINS: Flags.string(),
+        MCP_CORS_ORIGINS: Flags.string(),
         IFRAME_ORIGINS: Flags.string(),
         DEBUG: Flags.string(),
         NUMBER_OF_PROXIES: Flags.string(),

packages/server/src/controllers/mcp-endpoint/index.test.ts

@@ -0,0 +1,177 @@
+/**
+ * Unit tests for MCP endpoint controller (packages/server/src/controllers/mcp-endpoint/index.ts)
+ *
+ * Tests the Express request handlers: token extraction, auth enforcement,
+ * rate limiter middleware delegation, and request routing to the service layer.
+ */
+import { Request, Response, NextFunction } from 'express'
+
+// --- Mock setup ---
+const mockHandleMcpRequest = jest.fn()
+const mockHandleMcpDeleteRequest = jest.fn()
+
+jest.mock('../../services/mcp-endpoint', () => ({
+    __esModule: true,
+    default: {
+        handleMcpRequest: (...args: any[]) => mockHandleMcpRequest(...args),
+        handleMcpDeleteRequest: (...args: any[]) => mockHandleMcpDeleteRequest(...args)
+    }
+}))
+
+const mockGetRateLimiter = jest.fn().mockReturnValue((_req: any, _res: any, next: any) => next())
+
+jest.mock('../../utils/rateLimit', () => ({
+    RateLimiterManager: {
+        getInstance: () => ({
+            getRateLimiter: () => mockGetRateLimiter()
+        })
+    }
+}))
+
+jest.mock('../../utils/logger', () => ({
+    __esModule: true,
+    default: {
+        debug: jest.fn(),
+        info: jest.fn(),
+        warn: jest.fn(),
+        error: jest.fn()
+    }
+}))
+
+// Import after mocking
+import mcpEndpointController from '.'
+
+// Helper: create mock Express objects
+function mockReq(overrides: Record<string, any> = {}): Request {
+    return {
+        params: { chatflowId: 'flow-123' },
+        headers: {},
+        query: {},
+        get: jest.fn(),
+        ...overrides
+    } as unknown as Request
+}
+
+function mockRes(): Response {
+    const res: any = {
+        status: jest.fn().mockReturnThis(),
+        json: jest.fn().mockReturnThis(),
+        locals: {}
+    }
+    return res as Response
+}
+
+function mockNext(): NextFunction {
+    return jest.fn()
+}
+
+beforeEach(() => {
+    jest.clearAllMocks()
+})
+
+describe('MCP Endpoint Controller', () => {
+    describe('authenticateToken', () => {
+        it('returns 401 when Authorization header is missing', () => {
+            const req = mockReq({ headers: {} })
+            const res = mockRes()
+            const next = mockNext()
+
+            mcpEndpointController.authenticateToken(req, res, next)
+
+            expect(res.status).toHaveBeenCalledWith(401)
+            expect(res.json).toHaveBeenCalledWith(
+                expect.objectContaining({
+                    jsonrpc: '2.0',
+                    error: expect.objectContaining({ code: -32001 })
+                })
+            )
+            expect(next).not.toHaveBeenCalled()
+        })
+
+        it('returns 401 when Authorization header is not Bearer', () => {
+            const req = mockReq({ headers: { authorization: 'Basic dXNlcjpwYXNz' } })
+            const res = mockRes()
+            const next = mockNext()
+
+            mcpEndpointController.authenticateToken(req, res, next)
+
+            expect(res.status).toHaveBeenCalledWith(401)
+            expect(next).not.toHaveBeenCalled()
+        })
+
+        it('returns 401 when Bearer token is empty', () => {
+            const req = mockReq({ headers: { authorization: 'Bearer ' } })
+            const res = mockRes()
+            const next = mockNext()
+
+            mcpEndpointController.authenticateToken(req, res, next)
+
+            expect(res.status).toHaveBeenCalledWith(401)
+            expect(next).not.toHaveBeenCalled()
+        })
+
+        it('sets res.locals.token and calls next on valid Bearer token', () => {
+            const req = mockReq({ headers: { authorization: 'Bearer my-secret-token' } })
+            const res = mockRes()
+            const next = mockNext()
+
+            mcpEndpointController.authenticateToken(req, res, next)
+
+            expect(res.locals.token).toBe('my-secret-token')
+            expect(next).toHaveBeenCalled()
+            expect(res.status).not.toHaveBeenCalled()
+        })
+    })
+
+    describe('handlePost', () => {
+        it('calls service with chatflowId and token from res.locals.token', async () => {
+            const req = mockReq({ params: { chatflowId: 'flow-123' } })
+            const res = mockRes()
+            res.locals.token = 'my-secret-token'
+            const next = mockNext()
+            mockHandleMcpRequest.mockResolvedValue(undefined)
+
+            await mcpEndpointController.handlePost(req, res, next)
+
+            expect(mockHandleMcpRequest).toHaveBeenCalledWith('flow-123', 'my-secret-token', req, res)
+        })
+
+        it('calls next(error) on unexpected errors', async () => {
+            const req = mockReq({ params: { chatflowId: 'flow-123' } })
+            const res = mockRes()
+            res.locals.token = 'token'
+            const next = mockNext()
+            const error = new Error('Unexpected')
+            mockHandleMcpRequest.mockRejectedValue(error)
+
+            await mcpEndpointController.handlePost(req, res, next)
+
+            expect(next).toHaveBeenCalledWith(error)
+        })
+    })
+
+    describe('handleDelete', () => {
+        it('delegates to handleMcpDeleteRequest with chatflowId', async () => {
+            const req = mockReq({ params: { chatflowId: 'flow-789' } })
+            const res = mockRes()
+            const next = mockNext()
+            mockHandleMcpDeleteRequest.mockResolvedValue(undefined)
+
+            await mcpEndpointController.handleDelete(req, res, next)
+
+            expect(mockHandleMcpDeleteRequest).toHaveBeenCalledWith('flow-789', req, res)
+        })
+    })
+
+    describe('getRateLimiterMiddleware', () => {
+        it('delegates to RateLimiterManager', async () => {
+            const req = mockReq()
+            const res = mockRes()
+            const next = mockNext()
+
+            await mcpEndpointController.getRateLimiterMiddleware(req, res, next)
+
+            expect(mockGetRateLimiter).toHaveBeenCalled()
+        })
+    })
+})

packages/server/src/controllers/mcp-endpoint/index.ts

@@ -0,0 +1,78 @@
+import { NextFunction, Request, Response } from 'express'
+import mcpEndpointService from '../../services/mcp-endpoint'
+import { RateLimiterManager } from '../../utils/rateLimit'
+import logger from '../../utils/logger'
+
+/**
+ * Extract token from the Authorization: Bearer <token> header.
+ * Returns null if not present or malformed.
+ */
+function extractToken(req: Request): string | null {
+    const authHeader = req.headers.authorization
+    if (!authHeader || !authHeader.startsWith('Bearer ')) return null
+    const token = authHeader.slice(7).trim()
+    return token.length > 0 ? token : null
+}
+
+/**
+ * Authentication middleware — validates Bearer token and attaches it to res.locals.
+ */
+const authenticateToken = (req: Request, res: Response, next: NextFunction) => {
+    const token = extractToken(req)
+    if (!token) {
+        res.status(401).json({
+            jsonrpc: '2.0',
+            error: { code: -32001, message: 'Unauthorized: missing or invalid Authorization header. Use Bearer <token>.' },
+            id: null
+        })
+        return
+    }
+    res.locals.token = token
+    next()
+}
+
+/**
+ * Rate limiter middleware for MCP endpoint — reuses per-chatflow rate limiters.
+ */
+const getRateLimiterMiddleware = async (req: Request, res: Response, next: NextFunction) => {
+    try {
+        return RateLimiterManager.getInstance().getRateLimiter()(req, res, next)
+    } catch (error) {
+        next(error)
+    }
+}
+
+/**
+ * Handle POST /api/v1/mcp/:chatflowId — MCP JSON-RPC messages
+ * Auth: token must be in Authorization: Bearer <token> header
+ */
+const handlePost = async (req: Request, res: Response, next: NextFunction) => {
+    try {
+        const { chatflowId } = req.params
+        const token = res.locals.token as string
+
+        logger.debug(`[MCP] POST request for chatflow: ${chatflowId}`)
+        await mcpEndpointService.handleMcpRequest(chatflowId, token, req, res)
+    } catch (error) {
+        next(error)
+    }
+}
+
+/**
+ * Handle DELETE /api/v1/mcp/:chatflowId — Session termination
+ */
+const handleDelete = async (req: Request, res: Response, next: NextFunction) => {
+    try {
+        const { chatflowId } = req.params
+        await mcpEndpointService.handleMcpDeleteRequest(chatflowId, req, res)
+    } catch (error) {
+        next(error)
+    }
+}
+
+export default {
+    authenticateToken,
+    handlePost,
+    handleDelete,
+    getRateLimiterMiddleware
+}