improvement(deployed-mcp): added the ability to make the visibility for deployed mcp tools public, updated UX

Author: waleedlatif1

apps/sim/app/api/mcp/serve/[serverId]/route.ts

@@ -20,6 +20,7 @@ import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
+import { generateInternalToken } from '@/lib/auth/internal'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 
 const logger = createLogger('WorkflowMcpServeAPI')
@@ -52,6 +53,8 @@ async function getServer(serverId: string) {
       id: workflowMcpServer.id,
       name: workflowMcpServer.name,
       workspaceId: workflowMcpServer.workspaceId,
+      isPublic: workflowMcpServer.isPublic,
+      createdBy: workflowMcpServer.createdBy,
     })
     .from(workflowMcpServer)
     .where(eq(workflowMcpServer.id, serverId))
@@ -90,9 +93,11 @@ export async function POST(request: NextRequest, { params }: { params: Promise<R
       return NextResponse.json({ error: 'Server not found' }, { status: 404 })
     }
 
-    const auth = await checkHybridAuth(request, { requireWorkflowId: false })
-    if (!auth.success || !auth.userId) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    if (!server.isPublic) {
+      const auth = await checkHybridAuth(request, { requireWorkflowId: false })
+      if (!auth.success || !auth.userId) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+      }
     }
 
     const body = await request.json()
@@ -138,7 +143,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<R
           id,
           serverId,
           rpcParams as { name: string; arguments?: Record<string, unknown> },
-          apiKey
+          apiKey,
+          server.isPublic ? server.createdBy : undefined
         )
 
       default:
@@ -200,7 +206,8 @@ async function handleToolsCall(
   id: RequestId,
   serverId: string,
   params: { name: string; arguments?: Record<string, unknown> } | undefined,
-  apiKey?: string | null
+  apiKey?: string | null,
+  publicServerOwnerId?: string
 ): Promise<NextResponse> {
   try {
     if (!params?.name) {
@@ -243,7 +250,13 @@ async function handleToolsCall(
 
     const executeUrl = `${getBaseUrl()}/api/workflows/${tool.workflowId}/execute`
     const headers: Record<string, string> = { 'Content-Type': 'application/json' }
-    if (apiKey) headers['X-API-Key'] = apiKey
+
+    if (publicServerOwnerId) {
+      const internalToken = await generateInternalToken(publicServerOwnerId)
+      headers.Authorization = `Bearer ${internalToken}`
+    } else if (apiKey) {
+      headers['X-API-Key'] = apiKey
+    }
 
     logger.info(`Executing workflow ${tool.workflowId} via MCP tool ${params.name}`)
 

apps/sim/app/api/mcp/workflow-servers/[id]/route.ts

@@ -31,6 +31,7 @@ export const GET = withMcpAuth<RouteParams>('read')(
           createdBy: workflowMcpServer.createdBy,
           name: workflowMcpServer.name,
           description: workflowMcpServer.description,
+          isPublic: workflowMcpServer.isPublic,
           createdAt: workflowMcpServer.createdAt,
           updatedAt: workflowMcpServer.updatedAt,
         })
@@ -98,6 +99,9 @@ export const PATCH = withMcpAuth<RouteParams>('write')(
       if (body.description !== undefined) {
         updateData.description = body.description?.trim() || null
       }
+      if (body.isPublic !== undefined) {
+        updateData.isPublic = body.isPublic
+      }
 
       const [updatedServer] = await db
         .update(workflowMcpServer)

apps/sim/app/api/mcp/workflow-servers/[id]/tools/[toolId]/route.ts

@@ -26,7 +26,6 @@ export const GET = withMcpAuth<RouteParams>('read')(
 
       logger.info(`[${requestId}] Getting tool ${toolId} from server ${serverId}`)
 
-      // Verify server exists and belongs to workspace
       const [server] = await db
         .select({ id: workflowMcpServer.id })
         .from(workflowMcpServer)
@@ -72,7 +71,6 @@ export const PATCH = withMcpAuth<RouteParams>('write')(
 
       logger.info(`[${requestId}] Updating tool ${toolId} in server ${serverId}`)
 
-      // Verify server exists and belongs to workspace
       const [server] = await db
         .select({ id: workflowMcpServer.id })
         .from(workflowMcpServer)
@@ -139,7 +137,6 @@ export const DELETE = withMcpAuth<RouteParams>('write')(
 
       logger.info(`[${requestId}] Deleting tool ${toolId} from server ${serverId}`)
 
-      // Verify server exists and belongs to workspace
       const [server] = await db
         .select({ id: workflowMcpServer.id })
         .from(workflowMcpServer)

apps/sim/app/api/mcp/workflow-servers/[id]/tools/route.ts

@@ -40,7 +40,6 @@ export const GET = withMcpAuth<RouteParams>('read')(
 
       logger.info(`[${requestId}] Listing tools for workflow MCP server: ${serverId}`)
 
-      // Verify server exists and belongs to workspace
       const [server] = await db
         .select({ id: workflowMcpServer.id })
         .from(workflowMcpServer)
@@ -53,7 +52,6 @@ export const GET = withMcpAuth<RouteParams>('read')(
         return createMcpErrorResponse(new Error('Server not found'), 'Server not found', 404)
       }
 
-      // Get tools with workflow details
       const tools = await db
         .select({
           id: workflowMcpTool.id,
@@ -107,7 +105,6 @@ export const POST = withMcpAuth<RouteParams>('write')(
         )
       }
 
-      // Verify server exists and belongs to workspace
       const [server] = await db
         .select({ id: workflowMcpServer.id })
         .from(workflowMcpServer)
@@ -120,7 +117,6 @@ export const POST = withMcpAuth<RouteParams>('write')(
         return createMcpErrorResponse(new Error('Server not found'), 'Server not found', 404)
       }
 
-      // Verify workflow exists and is deployed
       const [workflowRecord] = await db
         .select({
           id: workflow.id,
@@ -137,7 +133,6 @@ export const POST = withMcpAuth<RouteParams>('write')(
         return createMcpErrorResponse(new Error('Workflow not found'), 'Workflow not found', 404)
       }
 
-      // Verify workflow belongs to the same workspace
       if (workflowRecord.workspaceId !== workspaceId) {
         return createMcpErrorResponse(
           new Error('Workflow does not belong to this workspace'),
@@ -154,7 +149,6 @@ export const POST = withMcpAuth<RouteParams>('write')(
         )
       }
 
-      // Verify workflow has a valid start block
       const hasStartBlock = await hasValidStartBlock(body.workflowId)
       if (!hasStartBlock) {
         return createMcpErrorResponse(
@@ -164,7 +158,6 @@ export const POST = withMcpAuth<RouteParams>('write')(
         )
       }
 
-      // Check if tool already exists for this workflow
       const [existingTool] = await db
         .select({ id: workflowMcpTool.id })
         .from(workflowMcpTool)
@@ -190,7 +183,6 @@ export const POST = withMcpAuth<RouteParams>('write')(
         workflowRecord.description ||
         `Execute ${workflowRecord.name} workflow`
 
-      // Create the tool
       const toolId = crypto.randomUUID()
       const [tool] = await db
         .insert(workflowMcpTool)

apps/sim/app/api/mcp/workflow-servers/route.ts

@@ -1,10 +1,13 @@
 import { db } from '@sim/db'
-import { workflowMcpServer, workflowMcpTool } from '@sim/db/schema'
+import { workflow, workflowMcpServer, workflowMcpTool } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { eq, inArray, sql } from 'drizzle-orm'
 import type { NextRequest } from 'next/server'
 import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
 import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { sanitizeToolName } from '@/lib/mcp/workflow-tool-schema'
+import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
+import { hasValidStartBlockInState } from '@/lib/workflows/triggers/trigger-utils'
 
 const logger = createLogger('WorkflowMcpServersAPI')
 
@@ -25,18 +28,18 @@ export const GET = withMcpAuth('read')(
           createdBy: workflowMcpServer.createdBy,
           name: workflowMcpServer.name,
           description: workflowMcpServer.description,
+          isPublic: workflowMcpServer.isPublic,
           createdAt: workflowMcpServer.createdAt,
           updatedAt: workflowMcpServer.updatedAt,
           toolCount: sql<number>`(
-            SELECT COUNT(*)::int 
-            FROM "workflow_mcp_tool" 
+            SELECT COUNT(*)::int
+            FROM "workflow_mcp_tool"
             WHERE "workflow_mcp_tool"."server_id" = "workflow_mcp_server"."id"
           )`.as('tool_count'),
         })
         .from(workflowMcpServer)
         .where(eq(workflowMcpServer.workspaceId, workspaceId))
 
-      // Fetch all tools for these servers
       const serverIds = servers.map((s) => s.id)
       const tools =
         serverIds.length > 0
@@ -49,7 +52,6 @@ export const GET = withMcpAuth('read')(
               .where(inArray(workflowMcpTool.serverId, serverIds))
           : []
 
-      // Group tool names by server
       const toolNamesByServer: Record<string, string[]> = {}
       for (const tool of tools) {
         if (!toolNamesByServer[tool.serverId]) {
@@ -58,7 +60,6 @@ export const GET = withMcpAuth('read')(
         toolNamesByServer[tool.serverId].push(tool.toolName)
       }
 
-      // Attach tool names to servers
       const serversWithToolNames = servers.map((server) => ({
         ...server,
         toolNames: toolNamesByServer[server.id] || [],
@@ -79,6 +80,19 @@ export const GET = withMcpAuth('read')(
   }
 )
 
+/**
+ * Check if a workflow has a valid start block by loading from database
+ */
+async function hasValidStartBlock(workflowId: string): Promise<boolean> {
+  try {
+    const normalizedData = await loadWorkflowFromNormalizedTables(workflowId)
+    return hasValidStartBlockInState(normalizedData)
+  } catch (error) {
+    logger.warn('Error checking for start block:', error)
+    return false
+  }
+}
+
 /**
  * POST - Create a new workflow MCP server
  */
@@ -90,6 +104,7 @@ export const POST = withMcpAuth('write')(
       logger.info(`[${requestId}] Creating workflow MCP server:`, {
         name: body.name,
         workspaceId,
+        workflowIds: body.workflowIds,
       })
 
       if (!body.name) {
@@ -110,16 +125,82 @@ export const POST = withMcpAuth('write')(
           createdBy: userId,
           name: body.name.trim(),
           description: body.description?.trim() || null,
+          isPublic: body.isPublic ?? false,
           createdAt: new Date(),
           updatedAt: new Date(),
         })
         .returning()
 
+      // If workflowIds are provided, create tools for each workflow
+      const workflowIds: string[] = body.workflowIds || []
+      const addedTools: Array<{ workflowId: string; toolName: string }> = []
+
+      if (workflowIds.length > 0) {
+        // Fetch all workflows in one query
+        const workflows = await db
+          .select({
+            id: workflow.id,
+            name: workflow.name,
+            description: workflow.description,
+            isDeployed: workflow.isDeployed,
+            workspaceId: workflow.workspaceId,
+          })
+          .from(workflow)
+          .where(inArray(workflow.id, workflowIds))
+
+        // Create tools for each valid workflow
+        for (const workflowRecord of workflows) {
+          // Skip if workflow doesn't belong to this workspace
+          if (workflowRecord.workspaceId !== workspaceId) {
+            logger.warn(
+              `[${requestId}] Skipping workflow ${workflowRecord.id} - does not belong to workspace`
+            )
+            continue
+          }
+
+          // Skip if workflow is not deployed
+          if (!workflowRecord.isDeployed) {
+            logger.warn(`[${requestId}] Skipping workflow ${workflowRecord.id} - not deployed`)
+            continue
+          }
+
+          // Skip if workflow doesn't have a start block
+          const hasStartBlock = await hasValidStartBlock(workflowRecord.id)
+          if (!hasStartBlock) {
+            logger.warn(`[${requestId}] Skipping workflow ${workflowRecord.id} - no start block`)
+            continue
+          }
+
+          const toolName = sanitizeToolName(workflowRecord.name)
+          const toolDescription =
+            workflowRecord.description || `Execute ${workflowRecord.name} workflow`
+
+          const toolId = crypto.randomUUID()
+          await db.insert(workflowMcpTool).values({
+            id: toolId,
+            serverId,
+            workflowId: workflowRecord.id,
+            toolName,
+            toolDescription,
+            parameterSchema: {},
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          })
+
+          addedTools.push({ workflowId: workflowRecord.id, toolName })
+        }
+
+        logger.info(
+          `[${requestId}] Added ${addedTools.length} tools to server ${serverId}:`,
+          addedTools.map((t) => t.toolName)
+        )
+      }
+
       logger.info(
         `[${requestId}] Successfully created workflow MCP server: ${body.name} (ID: ${serverId})`
       )
 
-      return createMcpSuccessResponse({ server }, 201)
+      return createMcpSuccessResponse({ server, addedTools }, 201)
     } catch (error) {
       logger.error(`[${requestId}] Error creating workflow MCP server:`, error)
       return createMcpErrorResponse(

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/mcp/components/form-field/form-field.tsx

@@ -3,13 +3,17 @@ import { Label } from '@/components/emcn'
 interface FormFieldProps {
   label: string
   children: React.ReactNode
+  optional?: boolean
 }
 
-export function FormField({ label, children }: FormFieldProps) {
+export function FormField({ label, children, optional }: FormFieldProps) {
   return (
     <div className='flex items-center justify-between gap-[12px]'>
       <Label className='w-[100px] shrink-0 font-medium text-[13px] text-[var(--text-secondary)]'>
         {label}
+        {optional && (
+          <span className='ml-1 font-normal text-[11px] text-[var(--text-muted)]'>(optional)</span>
+        )}
       </Label>
       <div className='relative flex-1'>{children}</div>
     </div>