Breyta Workspace MCP

The workspace MCP server is an agent-facing control plane for one Breyta workspace. It exposes a small set of intent-shaped tools instead of mirroring every Breyta HTTP or CLI command.

New User Setup

Set up one MCP server entry per workspace. That single workspace server can
search, inspect, and call accessible workspace flows and installed public-flow
installations that define :interfaces :mcp; users do not need one MCP server
entry per flow unless they deliberately want per-flow isolation.

Choose the workspace id.

The production endpoint shape is:

https://flows.breyta.ai/api/workspaces/{workspace_id}/mcp

Choose an authenticated Breyta bearer token for the coding agent.

The token can belong to any Breyta principal with the needed capabilities.
A service account is not required when the MCP host already has a suitable
user or workspace bearer token.
A scoped service-account key is recommended for unattended or shared agent
setups because it can be narrowed and rotated independently from a human
session.

For an optional read-only service-account client that should discover flows,
inspect MCP interfaces, inventory connections, read step references, read run
status, and report feedback:
```
breyta service-accounts create \
  --name workspace-mcp-agent \
  --scope flows.read \
  --scope runs.read \
  --scope resources.read \
  --scope installations.read \
  --scope connections.read \
  --scope steps.read \
  --scope feedback.send
```
For any bearer token, the authenticated principal needs equivalent
capabilities. Add flows.run only when the MCP client should expose the
run toolset or call flow MCP interfaces through call_flow_tool. Keep
installations.read when the client should discover or call installed
public-flow tools. Add flows.manage only when the MCP client should
create/update drafts through create_flow_draft or release approved
versions through release_flow. Avoid workspace.full for normal MCP
clients.
If using a service account, mint an API key.
```
breyta service-accounts keys create <service-account-id> --name coding-agent
```
The returned apiKey is shown once. Store whichever bearer token you use in
the MCP host's secret input, local user config, or environment, depending on
the client.

Add an HTTP or Streamable HTTP MCP server to the coding agent config.

Example for workspace ws-acme:

{
  "servers": {
    "breyta-ws-acme": {
      "type": "http",
      "url": "https://flows.breyta.ai/api/workspaces/ws-acme/mcp",
      "headers": {
        "Authorization": "Bearer ${input:breyta_mcp_token}"
      }
    }
  },
  "inputs": [
    {
      "type": "promptString",
      "id": "breyta_mcp_token",
      "description": "Breyta MCP bearer token",
      "password": true
    }
  ]
}

If the host uses a different config wrapper, keep the same server type, URL,
and authorization header.

For client-specific setup snippets for Codex, Claude Code, Cursor,
Windsurf, VS Code Copilot, Cline, Roo Code, Continue, Gemini CLI,
opencode, Goose, and Zed, use Connect Breyta MCP To Agentic Coding
Tools.

If the client or ACP-compatible host only supports stdio MCP servers, use
the Breyta CLI proxy instead:

export BREYTA_MCP_TOKEN="<breyta-bearer-token>"

breyta mcp config \
  --workspace-id ws-acme \
  --provider codex \
  --transport stdio \
  --read-only \
  --toolsets read,setup,debug,feedback

breyta mcp init is an alias for the same config-rendering setup path.

Generated stdio configs call:

breyta mcp stdio \
  --workspace-id ws-acme \
  --token-env-var BREYTA_MCP_TOKEN \
  --read-only \
  --toolsets read,setup,feedback

Do not put access tokens in query strings or flow inputs. Use an authorization
header or the host application's secret input mechanism.

The workspace endpoint is Streamable HTTP over POST. MCP hosts and gateways
must send JSON-RPC requests with Content-Type: application/json and an
Accept header that allows both application/json and text/event-stream.
GET currently returns a method-not-allowed response because this endpoint does
not offer a standalone server-sent event stream.

Breyta accepts the common negotiated MCP protocol versions 2025-11-25,
2025-06-18, and 2025-03-26. The server responds with the client's requested
version when it is supported, otherwise with the latest supported version. Use
HTTP or Streamable HTTP mode in clients; do not configure the workspace endpoint
as legacy SSE.

Registry And Directory Metadata

Breyta publishes Workspace MCP as one workspace-scoped remote server, not as one
directory entry per flow. The registry name is:

ai.breyta/workspace-mcp

The official MCP Registry manifest lives in the Breyta CLI source as
server.json. It describes the hosted Streamable HTTP endpoint with a required
workspace_id URL variable and an Authorization header supplied by the user or
client secret store.

Directory scanners that cannot authenticate against a workspace endpoint can
read static metadata from:

https://flows.breyta.ai/.well-known/mcp/server-card.json

That server card lists the same public tool names, descriptions, schemas,
resources, prompts, and safety annotations as the authenticated workspace MCP
surface. If a directory requires OAuth for authenticated remote MCP servers,
treat that as a separate reviewed-listing path; the bearer-token setup described
here remains the default direct user and service-account setup path.

Use the same URL and header shape in VS Code, Cursor, Claude, Codex-compatible gateways, or any other host that supports HTTP MCP servers. If a host uses a different config wrapper, keep these fields equivalent:

Field	Value
Server type	HTTP or Streamable HTTP MCP, or CLI stdio proxy for clients without HTTP MCP
URL	`https://flows.breyta.ai/api/workspaces/{workspace_id}/mcp`
Auth	`Authorization: Bearer <Breyta token>`
Optional narrowing	`X-MCP-Toolsets`, `X-MCP-Tools`, `X-MCP-Exclude-Tools`, or `X-MCP-Readonly` headers

Configure one named server per workspace when a user needs access to multiple
workspaces.

For stdio proxy verification, run breyta mcp doctor --workspace-id <id> --token-env-var BREYTA_MCP_TOKEN with the same --read-only, --toolsets,
--tools, or --exclude-tools narrowing flags used in the generated config.
The doctor calls initialize and tools/list; it does not invoke mutating
tools.

If a tool call is rejected after setup, inspect
structuredContent.details.blockers in the tool result. missingCapabilities
means the authenticated principal lacks Breyta capabilities such as
flows.run, connections.read, or flows.manage; toolset_policy,
read_only_policy,
include_tools_policy, and exclude_tools_policy mean the MCP server entry is
narrowing the visible tool surface. Adjust scopes and MCP narrowing separately.

First Connection Checklist

When setting up a new client, verify the protocol surface before asking an
agent to do real work:

Connect and call initialize.
Call resources/list and read breyta://mcp-docs/overview.
Call resources/templates/list and confirm the expected flow and run URI templates are visible.
Call prompts/list and inspect any workflow prompt the user wants to run.
Call tools/list with the intended narrowing headers.
Call get_workspace_context and confirm the reported workspace, toolsets, and capability groups.
Call list_connections and check_connections when the user expects the agent to build or debug flows that touch external systems.
Use search_flow_tools or search_flows before calling any flow tool.
Use get_flow_definition, get_step_reference, check_flow_readiness, and inspect_run_step for focused build/debug context instead of loading broad CLI docs or full run logs.
Call send_feedback if setup, docs, discovery, or invocation behavior is confusing.

The MCP Inspector is useful for this smoke test because it shows resources,
prompts, tool schemas, and tool execution results in one place. For HTTP MCP,
configure the Inspector with the workspace endpoint and the same bearer token
header the real client will use.

MCP Documentation Surface

Breyta exposes MCP-specific docs as MCP resources so agents do not have to
infer MCP behavior from CLI-oriented pages:

Resource	Use
`breyta://mcp-docs/overview`	Workspace setup, discovery, and brokered flow tool usage.
`breyta://mcp-docs/client-setup`	Client-specific setup snippets for popular agentic coding tools.
`breyta://mcp-docs/flow-authoring`	Flow definition pull, draft creation, validation, and approval-gated release through MCP tools.
`breyta://mcp-docs/tool-safety`	Capability gates, human approval boundaries, secrets, and feedback.

These resources are listed with MCP resource annotations so clients can
prioritize them during context selection. breyta://mcp-docs/{doc_id} is also
available as a template for direct reads.

Use MCP docs for MCP behavior and the normal Breyta docs for deeper flow
language reference:

Need	MCP action
Understand this server	Read `breyta://mcp-docs/overview`.
Author a new draft	Get prompt `create_flow_from_goal`, read `breyta://mcp-docs/flow-authoring`, then call `validate_flow_definition` before `create_flow_draft`.
Edit an existing flow	Call `get_flow_definition` for `draft`, `live`, or omit `source` and pass a specific `version`, edit the returned `flowLiteral`, then validate and save a new draft.
Review a draft	Get prompt `review_flow_definition`, call `get_flow_definition` and `validate_flow_definition`, and inspect relevant flow resources.
Release after approval	Call `check_flow_readiness`, summarize risks, then call `release_flow` only after the user approves the flow/version. Pull `get_flow_definition` with `source: "live"` afterward.
Debug a run	Get prompt `debug_failed_run`, read `breyta://runs/{run_id}` and `breyta://runs/{run_id}/events`, then call `get_run_status` and `inspect_run_step` with focused flags. `inspect_run_step` returns the selected step plus a run step summary, not unrelated step outputs. Set `include_step_results: true` only when you need the selected step's captured result preview.
Check setup	Call `list_connections`, `check_connections`, and `check_flow_readiness` before running setup-sensitive flows.
Understand a primitive	Call `get_step_reference` for the specific step id before guessing parameters.
Report friction	Call `send_feedback` with redacted context and the relevant `resource_uri`, `run_id`, or `flow_slug`.

MCP And CLI Boundaries

Use MCP when the agent needs to discover flows, inspect callable MCP
interfaces, check setup, call a flow tool, debug a run, validate a candidate
definition, create a draft, pull source definitions, release an approved
version, or send feedback.

Use the CLI, UI, or existing operator workflows for credential creation,
connection or secret mutation, marketplace or billing changes, destructive run
control, broad admin work, and local file/project setup. These operations are
intentionally outside the default workspace MCP tool list.

Capability Map

User goal	MCP surface	Use another Breyta surface when
Confirm setup	`get_workspace_context`, `resources/list`, `tools/list`, `breyta mcp doctor` for stdio proxy checks	The bearer token needs to be created, rotated, or granted additional capabilities.
Discover callable flow tools	`search_flow_tools`, `inspect_flow_tool`, `breyta://flows/{slug}/mcp-tools/{tool_name}`	The user wants to install, publish, or change marketplace visibility.
Search broader workspace flows	`search_flows`, flow resources, MCP docs resources	The agent needs full local project or source-file editing workflows.
Check external setup	`list_connections`, `check_connections`, `check_flow_readiness`	Credentials, secrets, or connection records need to be created or changed.
Pull or review source	`get_flow_definition`, `breyta://flows/{slug}/definition/{source}`, `breyta://flows/{slug}/versions/{version}/definition`	The user needs local filesystem checkout behavior, bulk source export, or unsupported CLI-only transforms.
Build a draft	`get_flow_definition`, `validate_flow_definition`, `create_flow_draft`, `get_step_reference`	The draft needs public listing, marketplace, billing, secrets, or connection mutation.
Release an approved flow	`release_flow`, then `get_flow_definition` with `source: "live"`	The user needs marketplace/public/billing changes or nonstandard rollout operations.
Run and debug a flow tool	`call_flow_tool`, `get_run_status`, `inspect_run_step`, run resources	The user needs destructive run control, replay, or approval workflows outside the declared MCP interface.
Report friction	`send_feedback`	The report contains secrets or sensitive customer data; redact it first.

Scope Bundles

Prefer narrow Breyta capabilities:

Bundle	Capabilities	Use
Read/search	`flows.read`, `resources.read`, `installations.read`	Discover flows, installed flows, MCP interfaces, docs, and resource metadata.
Setup/reference	Read/search plus `connections.read`, `steps.read`	Inspect available connections, check connection health, and fetch focused step docs/examples.
Run/debug	Read/search plus `flows.run`, `runs.read`	Start flow MCP interfaces, inspect run status/events, and inspect a specific run step.
Draft authoring	Read/search plus `flows.manage`	Create/update draft flow definitions and validate drafts.
Release	Read/search plus `flows.manage`	Release/promote an approved flow version to the workspace live target.
Feedback	`feedback.send`	Report MCP docs, setup, runtime, or flow-interface friction.

Avoid workspace.full for normal MCP clients.

Common Server Presets

These presets combine bearer-token capabilities with MCP narrowing headers.
Headers only narrow the visible MCP surface; they do not grant permission
without matching Breyta capabilities.

Preset	Breyta capabilities	Narrowing headers	Use
Read-only discovery	`flows.read`, `resources.read`, `installations.read`, `feedback.send`	`X-MCP-Readonly: true`, `X-MCP-Toolsets: read,feedback`	Search flows and flow tools, read MCP docs/resources, and report setup friction.
Setup and debugging	Read-only discovery plus `runs.read`, `connections.read`, `steps.read`	`X-MCP-Readonly: true`, `X-MCP-Toolsets: read,setup,debug,feedback`	Inspect connections, readiness, step references, run status, events, and step IO without starting new runs.
Run approved flow tools	Setup and debugging plus `flows.run`	`X-MCP-Toolsets: read,setup,run,debug,feedback`	Let the agent start runs through declared flow `:interfaces :mcp` and debug the result.
Draft authoring	Setup and debugging plus `flows.manage`	`X-MCP-Toolsets: read,setup,authoring,debug,feedback`	Let the agent validate supplied definitions and create/update drafts.
Approved release	Draft authoring plus `flows.manage`	`X-MCP-Toolsets: read,setup,authoring,release,debug,feedback`	Let the agent release/promote a specific approved version after readiness checks.

Tool Exposure Controls

The default server advertises the workspace MCP surface that the current
principal is allowed to use. For bearer tokens, tools outside the authenticated
principal's granted capabilities are hidden from tools/list and rejected at
tools/call; resource templates, prompt workflows, and resource reads are
scoped the same way. Exposure headers can narrow the tool set but cannot widen
it. Clients or gateways can narrow the exposed tools with headers:

Header	Example	Effect
`X-MCP-Toolsets`	`read,feedback`	Include tools in selected toolsets.
`X-MCP-Tools`	`search_flows,get_run_status`	Include only named tools.
`X-MCP-Exclude-Tools`	`create_flow_draft,release_flow`	Hide named tools.
`X-MCP-Readonly`	`true`	Hide tools that run flows, write drafts, or release flows; `send_feedback` remains available for support sessions when allowed by token scope.

tools/list also accepts matching request params for discovery experiments, but call-time enforcement should use headers so the same policy applies to tools/call.

Aggregate Flow Brokering

The workspace endpoint can broker all accessible flow :interfaces :mcp tools:

Call search_flow_tools when the goal is to find callable flow tools.
Call search_flows for broader flow/template/install discovery when the user is still choosing a flow.
Call inspect_flow_tool for the selected flow and tool.
Call list_connections, check_connections, or check_flow_readiness when setup or external systems matter.
Call call_flow_tool with flow_slug, tool_name, and an input object containing the selected flow tool's input fields. Include installation_id when targeting a specific installed public app instance.
Poll get_run_status, inspect specific steps with inspect_run_step, or read breyta://runs/{run_id} and breyta://runs/{run_id}/events.

The workspace server exposes a stable, compact tool list. Flow-specific MCP
interfaces are discovered through search_flow_tools and invoked through
call_flow_tool, so large workspaces do not need one listed MCP tool per flow.

search_flow_tools returns concise entries for callable flow interfaces and
supports text search, browsing, and exact tool-name lookup. Discovery results
are advisory: before a run starts, call_flow_tool loads the selected flow and
verifies that the requested MCP interface is still available.

Public apps that require setup, billing, or installer-owned connections should
be installed, configured, and enabled before an agent invokes them. Do not treat
the workspace MCP broker as a way to run arbitrary public Discover flows before
installation.

Users do not need to install one MCP server per flow unless they want a direct per-flow endpoint.

Tool Catalog

The workspace surface is intentionally small and intent-shaped:

MCP tool argument names use snake_case, matching Breyta's MCP tool names.
Examples: flow_slug, tool_name, run_id, workflow_id,
flow_literal, connection_ids, and include_events.

MCP tools are grouped around agent workflows rather than individual CLI
commands. For example, use check_flow_readiness for setup/readiness context,
and use search_flow_tools, inspect_flow_tool, and call_flow_tool for flow
MCP interfaces. Use the CLI docs for terminal/operator tasks that are not
available through this MCP server.

Tool	Toolset	Capability gate	Use
`get_workspace_context`	`context`, `read`	none	Confirm server context, available docs, limits, toolsets, and capability groups.
`search_flows`	`read`, `search`	`flows.read`	Search workspace flows, installed flows, and selected templates.
`search_flow_tools`	`read`, `search`, `run`	`flows.read`	Search callable flow MCP interfaces.
`list_connections`	`read`, `setup`	`connections.read`	List redacted workspace connections and local setup health.
`check_connections`	`read`, `setup`	`connections.read`	Check selected connections or a bounded page of all connections without exposing credentials.
`inspect_flow_tool`	`read`, `search`, `run`, `authoring`	`flows.read`	Inspect one flow MCP interface before calling it.
`call_flow_tool`	`run`	`flows.read`, `flows.run`	Start a run through a selected flow MCP interface; pass `installation_id` for a specific installed app instance.
`get_run_status`	`read`, `run`, `debug`	`runs.read`	Poll run state, bounded events, and optional result metadata.
`inspect_run_step`	`read`, `run`, `debug`	`runs.read`	Inspect one step from a run with bounded/redacted step data, a compact `stepsSummary`, and optional step events.
`check_flow_readiness`	`read`, `setup`, `authoring`	`flows.read`	Run existing doctor, configure-check, and public preflight checks.
`get_step_reference`	`read`, `authoring`	`steps.read`	Fetch focused step docs, examples, and optional artifact metadata.
`send_feedback`	`feedback`	`feedback.send`	Report MCP docs, setup, runtime, or flow-interface friction.
`validate_flow_definition`	`read`, `authoring`	`flows.read`	Validate a supplied EDN literal or existing draft/live flow.
`get_flow_definition`	`read`, `authoring`, `debug`	`flows.read`	Pull full draft/latest/live or versioned source definitions for authoring and debugging.
`create_flow_draft`	`authoring`	`flows.manage`	Create or update a draft from a supplied EDN literal.
`release_flow`	`release`	`flows.manage`	Release/promote an approved latest pushed version or selected version to the workspace live target.

Tool execution errors, hidden-tool rejections, and tool argument validation
failures are returned as tool results with isError. Protocol errors such as
malformed JSON-RPC envelopes, unsupported methods, and unknown MCP tool names
use JSON-RPC errors. Treat call_flow_tool as long-running work: it starts the
backing run and returns run identifiers and resource links for follow-up reads.
For complete report-style outputs, prefer reading the returned resultResource
with resources/read instead of relying on inline tool text. Textual result
payloads are served from breyta://runs/{run_id}/result with the most specific
safe MIME type Breyta can determine, such as text/html for HTML reports, so
clients such as Claude Desktop can load the full document without clipping it
into the tool response. Result resources also apply credential-focused redaction
before returning textual or JSON content. Breyta viewer envelopes such as
{:breyta.viewer/kind :html :breyta.viewer/value "..."} are unwrapped to their
native textual MIME type when read through the result resource. Typed textual
result reads also include an embedded MCP resource content block for clients that
render artifacts from content blocks instead of only resources/read
contents.

Resources And Prompts

Direct resources:

Resource	Capability gate	Notes
`breyta://workspaces/{workspace_id}/mcp`	none	Current workspace MCP context.
`breyta://mcp-docs/overview`	none	Main MCP docs entry point.
`breyta://mcp-docs/client-setup`	none	Client-specific setup snippets for popular coding agents.
`breyta://mcp-docs/flow-authoring`	none	MCP flow authoring workflow.
`breyta://mcp-docs/tool-safety`	none	MCP safety rules.

Resource templates:

Template	Capability gate	Notes
`breyta://flows/{slug}`	`flows.read`	Flow definition or installed public flow metadata.
`breyta://flows/{slug}/definition/{source}`	`flows.read`	Full source literal for `draft`, `latest`, `live`, or `active`, returned as top-level `flowLiteral`.
`breyta://flows/{slug}/versions/{version}/definition`	`flows.read`	Full source literal for a specific released version, returned as top-level `flowLiteral`.
`breyta://flows/{slug}/mcp-tools/{tool_name}`	`flows.read`	One flow MCP interface descriptor.
`breyta://runs/{run_id}`	`runs.read`	Run status and summary.
`breyta://runs/{run_id}/result`	`runs.read`	Full final run result. Explicit textual MIME types are preserved, top-level Breyta viewer envelopes are unwrapped, HTML reports are served as `text/html`, and result content is redacted before return.
`breyta://runs/{run_id}/events`	`runs.read`	Bounded event history.
`breyta://mcp-docs/{doc_id}`	none	Curated MCP-specific docs.

Prompts are user-invoked workflows, not hidden automatic behavior:

Prompt	Capability gate	Use
`create_flow_from_goal`	`flows.read`, `flows.manage`	Guide MCP draft creation from a user goal.
`review_flow_definition`	`flows.read`	Review a draft flow with validation and setup checks.
`debug_failed_run`	`runs.read`	Inspect run resources and summarize likely causes.
`publish_flow_safely`	`flows.read`, `flows.manage`	Prepare release/publish work while keeping approval gates explicit.

Feedback

If an agent hits unclear docs, setup friction, runtime errors, or a confusing flow MCP interface, call send_feedback with a short summary and redacted context. Prefer linking resource_uri, run_id, or flow_slug instead of embedding raw private payloads.

Auth Model

This endpoint uses existing Breyta API authentication, including service-account
tokens. Do not describe it as MCP OAuth-complete or rely on OAuth discovery for
access.