refactor: Update mcp composer json

[mfortman11]

Also fix the backend feature flag and ensure the proper text is passed when using cursor/claude/etc

Summary by CodeRabbit

• New Features
  • Improved handling of server command-line arguments and environment variables based on feature flags and authentication settings.
• Refactor
  • Updated logic for constructing server configuration to support conditional argument and environment setup.
• Style
  • Changed argument formatting in the authentication header display for better consistency.
• Chores
  • Default state of the mcp_composer feature flag is now set to disabled unless explicitly enabled.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This update refactors the MCP server configuration logic in the backend to conditionally construct command-line arguments and environment variables based on feature flags and authentication settings. It also changes the default value of the mcp_composer feature flag to False and updates the frontend to adjust OAuth authentication argument formatting.

Changes

File(s)	Change Summary
src/backend/base/langflow/api/v1/mcp_projects.py	Refactored install_mcp_config to build command args and env vars conditionally based on feature flags and auth.
src/backend/base/langflow/services/settings/feature_flags.py	Changed default value of mcp_composer feature flag from True to False.
src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx	Updated OAuth auth header generation to use underscores and add --sse-url argument.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Frontend
    participant Backend
    participant MCP Server

    User->>Frontend: Initiate MCP server configuration
    Frontend->>Backend: Request install_mcp_config
    Backend->>Backend: Check FEATURE_FLAGS.mcp_composer
    alt mcp_composer enabled
        Backend->>Backend: Build args/env based on auth_settings
    else mcp_composer disabled
        Backend->>Backend: Use default args
    end
    Backend->>MCP Server: Start server with constructed args/env
    MCP Server-->>Backend: Server response
    Backend-->>Frontend: Return configuration result

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• feat: add one click install to mcp servers on specific clients #8271: Refactors and extends the install_mcp_config endpoint and MCP server configuration management in the same backend file.

Suggested labels

enhancement, size:L, lgtm

Suggested reviewers

• Cristhianzl

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch mcp-composer-enhancements

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

src/backend/base/langflow/api/v1/mcp_projects.py (1)

402-447: Consider refactoring for better maintainability.

The conditional logic for constructing MCP server configurations is complex and could benefit from refactoring into separate functions for better readability and testability.

Consider extracting the logic into helper functions:

def _build_mcp_composer_config(project, sse_url):
    """Build configuration for mcp-composer tool."""
    args = ["mcp-composer", "--sse-url", sse_url]
    env = {}
    
    if project.auth_settings:
        from langflow.api.v1.schemas import AuthSettings
        auth_settings = AuthSettings(**project.auth_settings)
        args.extend(["--auth-type", auth_settings.auth_type])
        
        if auth_settings.auth_type == "oauth":
            env.update({
                "OAUTH_HOST": auth_settings.oauth_host,
                # ... other OAuth settings
            })
    
    return args, env

def _build_mcp_proxy_config(sse_url):
    """Build configuration for mcp-proxy tool."""
    return ["mcp-proxy", sse_url], {}

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f8d8ff4 and f6b6979.

📒 Files selected for processing (3)

• src/backend/base/langflow/api/v1/mcp_projects.py (1 hunks)
• src/backend/base/langflow/services/settings/feature_flags.py (1 hunks)
• src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

{src/backend/**/*.py,tests/**/*.py,Makefile}

📄 CodeRabbit Inference Engine (.cursor/rules/backend_development.mdc)

{src/backend/**/*.py,tests/**/*.py,Makefile}: Run make format_backend to format Python code before linting or committing changes
Run make lint to perform linting checks on backend Python code

Files:

• src/backend/base/langflow/services/settings/feature_flags.py
• src/backend/base/langflow/api/v1/mcp_projects.py

src/frontend/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit Inference Engine (.cursor/rules/frontend_development.mdc)

src/frontend/src/**/*.{ts,tsx,js,jsx}: All frontend TypeScript and JavaScript code should be located under src/frontend/src/ and organized into components, pages, icons, stores, types, utils, hooks, services, and assets directories as per the specified directory layout.
Use React 18 with TypeScript for all UI components in the frontend.
Format all TypeScript and JavaScript code using the make format_frontend command.
Lint all TypeScript and JavaScript code using the make lint command.

Files:

• src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Optimize new Python code in this PR
• GitHub Check: Run Ruff Check and Format
• GitHub Check: Update Starter Projects
• GitHub Check: Ruff Style Check (3.13)

🔇 Additional comments (2)

src/backend/base/langflow/services/settings/feature_flags.py (1)

6-6: LGTM! Feature flag default corrected.

The change from True to False for the mcp_composer default aligns with the PR objectives to fix the backend feature flag. This ensures the feature is opt-in rather than enabled by default.

src/backend/base/langflow/api/v1/mcp_projects.py (1)

430-430: Windows command construction is correct

Verified that in the Windows branch:

• command is set to "cmd"
• args = ["/c", "uvx", *args] unpacks into ["/c", "uvx", "<mcp_tool>", …]

This yields the intended invocation of
cmd /c uvx <mcp_tool> [--sse-url …] or
cmd /c uvx <mcp_tool> <sse_url>

No changes required.

[coderabbitai]

⚠️ Potential issue

Fix hardcoded SSE URL - should use computed sse_url.

The --sse-url argument uses a hardcoded localhost URL instead of the computed sse_url variable. This will break functionality when the server runs on different hosts/ports.

-            args = [mcp_tool, "--sse-url", "http://localhost:9000/sse"]
+            args = [mcp_tool, "--sse-url", sse_url]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	args = [mcp_tool, "--sse-url", "http://localhost:9000/sse"]
	args = [mcp_tool, "--sse-url", sse_url]

🤖 Prompt for AI Agents

In src/backend/base/langflow/api/v1/mcp_projects.py at line 404, replace the
hardcoded SSE URL "http://localhost:9000/sse" with the variable sse_url to
ensure the correct URL is used dynamically based on the server's host and port
configuration.

[deon-sanchez]

do this... we like this

[coderabbitai]

Perfect! I'll plan this change for you.

Task: Fix hardcoded SSE URL in MCP configuration

• Replace hardcoded "http://localhost:9000/sse" with the computed sse_url variable
• Ensure MCP composer uses the correct dynamic URL based on server configuration

@deon-sanchez The change will be implemented to use the dynamically computed sse_url instead of the hardcoded localhost URL, ensuring the MCP configuration works correctly across different deployment environments.

---

✏️ Learnings added

Learnt from: deon-sanchez
PR: langflow-ai/langflow#9158
File: src/backend/base/langflow/api/v1/mcp_projects.py:404-404
Timestamp: 2025-07-23T21:19:22.519Z
Learning: In langflow MCP projects configuration, prefer using dynamically computed URLs (like the `sse_url` variable) over hardcoded localhost URLs to ensure compatibility across different deployment environments.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

⏳ Preparing changes...

[coderabbitai]

A summary of the changes CodeRabbit can apply:

• Update the file src/backend/base/langflow/api/v1/mcp_projects.py by replacing the hardcoded SSE URL "http://localhost:9000/sse" at line 404 with the dynamically computed sse_url variable to ensure correct URL usage.

• ✅ Create PR with these edits
• 📌 Create commit in current branch
• 📋 Get copyable edits

[coderabbitai]

⚠️ Potential issue

Fix variable scope issue - env variable may be undefined.

The env variable is defined inside the OAuth auth settings block but referenced later at line 443. This will cause a NameError if mcp_composer is enabled but no auth settings exist.

+            env = {}
             # Check for auth settings and add auth parameters
             if project.auth_settings:
                 from langflow.api.v1.schemas import AuthSettings
 
                 auth_settings = AuthSettings(**project.auth_settings)
                 args.extend(["--auth-type", auth_settings.auth_type])
 
-                env = {
+                env.update({
                     "OAUTH_HOST": auth_settings.oauth_host,
                     "OAUTH_PORT": auth_settings.oauth_port,
                     "OAUTH_SERVER_URL": auth_settings.oauth_server_url,
                     "OAUTH_CALLBACK_PATH": auth_settings.oauth_callback_path,
                     "OAUTH_CLIENT_ID": auth_settings.oauth_client_id,
                     "OAUTH_CLIENT_SECRET": auth_settings.oauth_client_secret,
                     "OAUTH_AUTH_URL": auth_settings.oauth_auth_url,
                     "OAUTH_TOKEN_URL": auth_settings.oauth_token_url,
                     "OAUTH_MCP_SCOPE": auth_settings.oauth_mcp_scope,
                     "OAUTH_PROVIDER_SCOPE": auth_settings.oauth_provider_scope,
-                }
+                })

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	env = {
	"OAUTH_HOST": auth_settings.oauth_host,
	"OAUTH_PORT": auth_settings.oauth_port,
	"OAUTH_SERVER_URL": auth_settings.oauth_server_url,
	"OAUTH_CALLBACK_PATH": auth_settings.oauth_callback_path,
	"OAUTH_CLIENT_ID": auth_settings.oauth_client_id,
	"OAUTH_CLIENT_SECRET": auth_settings.oauth_client_secret,
	"OAUTH_AUTH_URL": auth_settings.oauth_auth_url,
	"OAUTH_TOKEN_URL": auth_settings.oauth_token_url,
	"OAUTH_MCP_SCOPE": auth_settings.oauth_mcp_scope,
	"OAUTH_PROVIDER_SCOPE": auth_settings.oauth_provider_scope,
	}
	env = {}
	# Check for auth settings and add auth parameters
	if project.auth_settings:
	from langflow.api.v1.schemas import AuthSettings
	auth_settings = AuthSettings(**project.auth_settings)
	args.extend(["--auth-type", auth_settings.auth_type])
	env.update({
	"OAUTH_HOST": auth_settings.oauth_host,
	"OAUTH_PORT": auth_settings.oauth_port,
	"OAUTH_SERVER_URL": auth_settings.oauth_server_url,
	"OAUTH_CALLBACK_PATH": auth_settings.oauth_callback_path,
	"OAUTH_CLIENT_ID": auth_settings.oauth_client_id,
	"OAUTH_CLIENT_SECRET": auth_settings.oauth_client_secret,
	"OAUTH_AUTH_URL": auth_settings.oauth_auth_url,
	"OAUTH_TOKEN_URL": auth_settings.oauth_token_url,
	"OAUTH_MCP_SCOPE": auth_settings.oauth_mcp_scope,
	"OAUTH_PROVIDER_SCOPE": auth_settings.oauth_provider_scope,
	})

🤖 Prompt for AI Agents

In src/backend/base/langflow/api/v1/mcp_projects.py around lines 413 to 424, the
env variable is defined only inside the OAuth auth settings block but used later
at line 443, which can cause a NameError if auth settings are missing. To fix
this, define env with a default value (e.g., an empty dictionary) before the
conditional block so it is always initialized regardless of the auth settings
presence.

[coderabbitai]

🛠️ Refactor suggestion

Fix conditional environment variable reference.

The condition checks for both mcp_composer and auth_settings, but the env variable is only defined when OAuth auth is configured. This should be more specific to avoid referencing undefined variables.

         # Add environment variables if mcp-composer feature flag is enabled and auth settings exist
-        if FEATURE_FLAGS.mcp_composer and project.auth_settings:
+        if FEATURE_FLAGS.mcp_composer and project.auth_settings and env:
             server_config["env"] = env

Or better yet, restructure to be more explicit:

         # Add environment variables if mcp-composer feature flag is enabled and OAuth auth is configured
-        if FEATURE_FLAGS.mcp_composer and project.auth_settings:
+        if FEATURE_FLAGS.mcp_composer and project.auth_settings and hasattr(locals(), 'env') and env:
             server_config["env"] = env

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In src/backend/base/langflow/api/v1/mcp_projects.py around lines 442 to 443, the
code conditionally sets server_config["env"] based on FEATURE_FLAGS.mcp_composer
and project.auth_settings, but the env variable is only defined when OAuth
authentication is configured. To fix this, update the condition to explicitly
check for the presence of OAuth auth configuration before referencing env,
ensuring env is defined before use and preventing potential undefined variable
errors.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify alignment with backend argument expectations.

The OAuth authentication header changes look correct:

• Updated argument key from --auth-type to --auth_type (underscore format)
• Added --sse-url argument

These changes should align with the backend MCP server installation logic. Please verify that the backend expects these exact argument formats.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify backend MCP server argument format expectations
# Expected: Find usage of --auth_type and --sse-url arguments in backend

echo "Searching for auth_type argument usage in backend..."
rg -A 3 -B 3 "auth_type" src/backend/

echo -e "\nSearching for sse-url argument usage in backend..."
rg -A 3 -B 3 "sse-url" src/backend/

Length of output: 3773

---

Align OAuth flag format with backend

The frontend is using --auth_type, but the backend’s MCP project logic expects --auth-type. Update the flag to match.

• File: src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx
Lines: ~273–275
• Change --auth_type → --auth-type
• --sse-url is already correct

Suggested diff:

--- a/src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx
+++ b/src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx
@@ (around line 273)
-       "--auth_type",
+       "--auth-type",
        "oauth",
        "--sse-url",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"--auth_type",
	"oauth",
	"--sse-url",`;
	"--auth-type",
	"oauth",
	"--sse-url",

🤖 Prompt for AI Agents

In src/frontend/src/pages/MainPage/pages/homePage/components/McpServerTab.tsx
around lines 273 to 275, the OAuth flag is incorrectly using `--auth_type` but
should be `--auth-type` to match the backend MCP project expectations. Update
the flag from `--auth_type` to `--auth-type` while keeping `--sse-url`
unchanged.

[lucaseduoli]

LGTM!

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	81.44% (373/458)	64.82% (223/344)	67.69% (44/65)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
72	0 💤	0 ❌	0 🔥	2.892s ⏱️

[codecov]

Codecov Report

Attention: Patch coverage is 10.00000% with 9 lines in your changes missing coverage. Please review.

Project coverage is 49.24%. Comparing base (31d37df) to head (fa54cbc).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
src/backend/base/langflow/api/v1/mcp_projects.py	0.00%	9 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9158      +/-   ##
==========================================
- Coverage   51.85%   49.24%   -2.62%     
==========================================
  Files         632      632              
  Lines       43365    43372       +7     
  Branches      125      125              
==========================================
- Hits        22486    21357    -1129     
- Misses      20829    21965    +1136     
  Partials       50       50              

Flag	Coverage Δ
frontend	69.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...d/base/langflow/services/settings/feature_flags.py	100.00% <100.00%> (ø)
src/backend/base/langflow/api/v1/mcp_projects.py	26.70% <0.00%> (-1.30%)	⬇️

... and 104 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.