MCP server

Model Context Protocol surface for AgentFlow. Use it from an agent (Claude Desktop, Cursor, custom client) to read state and drive decisions without going through the UI.

Run locally (one-liner)

Wire the AgentFlow MCP into Claude Code on your machine. The installer registers the HTTP endpoint via claude mcp add.

Install + run
curl -fsSL https://agentflow.ws/install.sh | bash

Without signing in, the installer prompts you to paste a key. Sign in to mint and embed the key in one click instead.

Sign in to mint a key

Endpoint

Tools are exposed over a single Lambda function URL. Two methods:POST /tools/listto discover available tools andPOST /tools/callto invoke one.

Call endpoint
https://v4c46ec5wlx3yzbqky72apwboy0xqkha.lambda-url.us-east-1.on.aws/mcp/tools/call
List endpoint
https://v4c46ec5wlx3yzbqky72apwboy0xqkha.lambda-url.us-east-1.on.aws/mcp/tools/list

Tool endpoints

The UI routes every tool to its scoped endpoint based on a client-side map (src/lib/mcp/tool-scopes.ts). Unknown tools fall through to the legacy /mcp surface so newly-shipped backend tools keep working without a UI change.

  • /mcp/platform~29 toolsApp lifecycle, auth keys, registry admin
  • /mcp/content~52 toolsPipelines, skills, schemas, authoring
  • /mcp/runtime~50 toolsExecutions, decisions, conversations, metrics
  • /mcp~123 toolsLegacy combined surface (fallback for unmapped tools)Deprecated

Request shape

Both endpoints accept JSON. Responses are wrapped in{ result }on success or{ error }on failure.

Discover tools
curl -X POST https://v4c46ec5wlx3yzbqky72apwboy0xqkha.lambda-url.us-east-1.on.aws/mcp/tools/list \
  -H "Content-Type: application/json" \
  -d '{}'
Invoke a tool
curl -X POST https://v4c46ec5wlx3yzbqky72apwboy0xqkha.lambda-url.us-east-1.on.aws/mcp/tools/call \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $AGENTFLOW_TOKEN" \
  -d '{
    "name": "list_pending_decisions",
    "arguments": { "app_id": "cost-opt" }
  }'

Authentication

Endpoint requires authentication.

Every request must carry a bearer token in the Authorization header. Browser sessions use your Cognito-issued JWT automatically. For agents and CLI use, mint a long-lived MCP key below and send it as Bearer <key>. Unsigned requests are rejected with HTTP 401.

Admin · MCP endpoint

Shared base URL and API key. Edits restricted to authorized admins.

Read-only. Only authorized admins can change the MCP endpoint or API key. Sign in to check your access.
MCP_BASE
https://v4c46ec5wlx3yzbqky72apwboy0xqkha.lambda-url.us-east-1.on.aws