MCP server
Etlworks tools are now available as MCP — connect Cursor, Claude Desktop, ChatGPT, or any MCP-compliant client and use Etlworks's AI tools natively from your IDE or chat app. Same tools as the REST Scripting API, same API key, same backend.
URL: https://<your-etlworks-host>/rest/v1/ai-agent/mcp
Transport: MCP Streamable HTTP (single path, POST for requests, GET → 405)
Auth: Authorization: Bearer YOUR_API_KEY — the same key as the REST Scripting API
Protocol versions: 2025-06-18, 2025-11-25 (server negotiates)
What is MCP?
The Model Context Protocol (MCP) is an open standard from Anthropic for connecting AI applications to external tools and data. It's now supported by Cursor, Claude Desktop, ChatGPT desktop, MCP Inspector, and a growing list of other clients.
Etlworks speaks MCP natively. The MCP server is embedded inside the existing Etlworks backend — one deployable, no sidecar to run — and it exposes the same AgentTool registry that already powers in-app Simba and the REST Scripting API. It is one more way for external agents to talk to Etlworks AI tools, in addition to, not instead of, the REST API.
What you can do with it
- Ask Simba a question from inside Cursor without switching apps — “ask Etlworks how to set up CDC from Postgres to Snowflake”.
- Have Claude Desktop build an Etlworks flow for you by describing what you need.
- Use any MCP-compliant agent to query your Etlworks knowledge base, search templates, or run CLI commands against your instance.
- Let an IDE assistant import a template, look up connector metadata, or diagnose a failing flow — using the same tools the in-app agent uses.
Beyond the individual tools, the MCP server exposes one special tool — etlworks_assistant — that wraps Simba's full agent loop. Your client calls it with a natural-language message and Etlworks runs Simba end-to-end (RAG, multi-turn reasoning, internal tool calls) and returns the final answer. See the dedicated section below.
Prerequisites
- An Etlworks API key — the same key used for the REST Scripting API. Most users generate their own under Preferences → Security → API key; admins can create one for any user under Settings → Users → select the user → Security → API key.
- An HTTPS-capable Etlworks deployment reachable from your machine. For multi-tenant SaaS this is
https://app.etlworks.com; for a dedicated instance it's your own host. - An MCP client — Cursor, Claude Desktop, ChatGPT desktop, MCP Inspector, or any other MCP-compliant app.
Throughout this guide, replace app.etlworks.com with your own host if you run a dedicated instance. The MCP endpoint is always your Etlworks base URL followed by /rest/v1/ai-agent/mcp.
Connect from Cursor
Cursor reads MCP servers from ~/.cursor/mcp.json (global) or .cursor/mcp.json in a project. Add Etlworks as a Streamable HTTP server:
{
"mcpServers": {
"etlworks": {
"url": "https://app.etlworks.com/rest/v1/ai-agent/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}-
Save the config
Add the block above to
~/.cursor/mcp.json. If the file already has anmcpServersobject, add theetlworksentry alongside your existing servers. -
Restart Cursor
Fully quit and reopen Cursor so it reloads the MCP configuration.
-
Verify it connected
Open Settings → MCP. The
etlworksserver should show a green “connected” status and list the available tools. Cursor callstools/listto discover them.
Connect from Claude Desktop
Claude Desktop reads its config from ~/Library/Application Support/Claude/claude_desktop_config.json on macOS. There are two ways to connect, depending on your Claude Desktop version.
Native Streamable HTTP (newer versions)
{
"mcpServers": {
"etlworks": {
"url": "https://app.etlworks.com/rest/v1/ai-agent/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Via the mcp-remote bridge (older versions)
If your Claude Desktop build doesn't yet support remote Streamable HTTP servers directly, bridge to it with mcp-remote (runs over npx, no install needed):
{
"mcpServers": {
"etlworks": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://app.etlworks.com/rest/v1/ai-agent/mcp",
"--header",
"Authorization: Bearer YOUR_API_KEY"
]
}
}
}Restart Claude Desktop after saving. The Etlworks tools appear in the tools menu (the slider/hammer icon) in a new chat.
Connect from ChatGPT desktop (Mac)
ChatGPT desktop adds MCP servers through its GUI rather than a config file:
-
Open connector settings
Go to Settings → Connectors and choose Add MCP server (or “Add custom connector”, depending on your build).
-
Enter the endpoint
Set the server URL to
https://app.etlworks.com/rest/v1/ai-agent/mcpand add anAuthorizationheader with the valueBearer YOUR_API_KEY. -
Save and enable
Save the connector and toggle it on. ChatGPT discovers the Etlworks tools via
tools/listand makes them available in chat.
Try it with MCP Inspector
The MCP Inspector is the best tool for debugging a connection before you wire it into an IDE. It shows the raw protocol traffic and lets you call tools by hand.
# Launch the inspector (no install required)
npx @modelcontextprotocol/inspector-
Pick the transport
In the Inspector UI, set the transport to Streamable HTTP.
-
Enter the URL and header
URL:
https://app.etlworks.com/rest/v1/ai-agent/mcp. Add a headerAuthorization=Bearer YOUR_API_KEY. -
Connect and list tools
Click Connect, then open the Tools tab and List Tools. You'll see the live tool set; select any tool to fill in arguments and call it.
What the wire looks like
Under the hood, every client opens with an initialize request. Here's the same handshake with curl:
curl -s https://app.etlworks.com/rest/v1/ai-agent/mcp \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2025-06-18",
"capabilities": {},
"clientInfo": { "name": "curl", "version": "1.0" }
}
}'{
"jsonrpc": "2.0",
"id": 1,
"result": {
"protocolVersion": "2025-06-18",
"capabilities": { "tools": { "listChanged": false } },
"serverInfo": { "name": "etlworks-ai-agent", "version": "v2.0" }
}
}Available tools
List the live tool set with tools/list:
curl -s https://app.etlworks.com/rest/v1/ai-agent/mcp \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'{
"jsonrpc": "2.0",
"id": 2,
"result": {
"tools": [
{
"name": "search_knowledge_base",
"description": "Search the knowledge base for articles, documentation, and support tickets.",
"inputSchema": {
"type": "object",
"properties": { "query": { "type": "string" } },
"required": ["query"]
},
"annotations": { "readOnlyHint": true }
},
{
"name": "etlworks_assistant",
"description": "Ask the Etlworks AI agent (Simba) a natural-language question. Runs the full agent loop and returns the final answer.",
"inputSchema": {
"type": "object",
"properties": {
"message": { "type": "string" },
"session_id": { "type": "string" },
"include_tools": { "type": "boolean" },
"system_prompt": { "type": "string" }
},
"required": ["message"]
}
}
]
}
}There are 24 tools today — 23 from the agent registry plus the synthetic etlworks_assistant. The exact set evolves as the agent stack grows, so tools/list is the authoritative source; the table below is a snapshot, not an exhaustive list.
The server sets two MCP-standard hints on each tool so well-behaved clients (Cursor especially) can skip the confirmation prompt on safe tools:
| Tool | Hint | What it does |
|---|---|---|
search_knowledge_base | Read-only | Search KB articles, docs, and support tickets |
search_templates | Read-only | Search flow and connection templates |
search_function_templates | Read-only | Search transformation-function templates |
host_list_commands | Read-only | List available CLI commands |
composer_search_block_types | Read-only | Search Composer block types |
metadata_search_resources | Read-only | Search resources (connections, formats, listeners…) |
metadata_search_resource_types | Read-only | Search available resource types |
mapping_lookup_metadata | Read-only | Look up source/target metadata for mappings |
mapping_get_editor_context | Read-only | Read the current mapping editor context |
public_web_research | Read-only | Research public API docs from the web |
host_cli | Destructive | Run an arbitrary CLI command on the Etlworks host |
import_template | May mutate | Import a flow or connection template |
etlworks_assistant | May mutate | Run Simba's full agent loop (see below) |
… and the remaining registry tools. Call tools/list for the complete, current set. | ||
Tools without a hint are treated as “may mutate state” — a well-behaved client will prompt for confirmation before calling them. host_cli carries destructiveHint: true because it can run arbitrary commands; configure your MCP client to respect these hints.
The etlworks_assistant tool — full Simba in one call
Most tools do one thing. etlworks_assistant does everything: it wraps Simba's entire agent loop. Your client sends a single natural-language message, the Etlworks backend runs Simba end-to-end (RAG + multi-turn reasoning + internal tool calls), and returns the final answer. This is what lets a Cursor or Claude Desktop user simply say “ask Etlworks how to do X” and get a reasoned answer with no orchestration on their side.
Input fields
| Field | Type | Required | Description |
|---|---|---|---|
message | string | Yes | The natural-language request for Simba |
session_id | string | No | Reuse a prior session_id to continue a conversation |
include_tools | boolean | No | Let Simba use its internal tools (default true) |
system_prompt | string | No | Override Simba's default system prompt |
Call it
curl -s https://app.etlworks.com/rest/v1/ai-agent/mcp \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 3,
"method": "tools/call",
"params": {
"name": "etlworks_assistant",
"arguments": {
"message": "How do I create a REST API connection to load JSON data?"
}
}
}'The response text ends with a session_id: line. Capture it to continue the conversation:
{
"jsonrpc": "2.0",
"id": 3,
"result": {
"content": [
{
"type": "text",
"text": "To create a REST API connection that loads JSON data:\n\n1. Go to Connections and add a new HTTP connection...\n\nsession_id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
],
"isError": false
}
}Continue the conversation
Pass the session_id back on the next call and Simba keeps the context:
curl -s https://app.etlworks.com/rest/v1/ai-agent/mcp \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 4,
"method": "tools/call",
"params": {
"name": "etlworks_assistant",
"arguments": {
"message": "Now schedule that flow to run every hour.",
"session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
}
}'Direct tool calls via tools/call (for example search_knowledge_base or host_cli) run inside your Etlworks instance with no extra OpenAI token cost — the same model as the REST /tools/{name}/execute endpoint. Calls to the etlworks_assistant tool run the full Simba agent and are billed normally against your AI cap (or your own OpenAI key if BYOK is configured) — same rule as in-app Simba.
REST API vs MCP — which should I use?
Both are available simultaneously, on the same API key, exposing the same tools from the same backend. Pick by how you're working:
| REST Scripting API | MCP server | |
|---|---|---|
| Use when | You're building a server-side integration, orchestrating from your own code, or already call HTTP endpoints in a workflow. | You're in an IDE or desktop AI chat (Cursor, Claude, ChatGPT) and want Etlworks tools available natively. |
| Surface | /rest/v1/ai-agent/api/… — one endpoint per operation | /rest/v1/ai-agent/mcp — one JSON-RPC endpoint |
| Client | Your code, or the Python / Bash / PowerShell clients | Any MCP-compliant app — no Etlworks client library needed |
| Tools | Same registry | Same registry |
| Auth | Bearer API key | Bearer API key (the same one) |
Not sure? If you're writing code, use the REST API. If you're driving Etlworks from an AI client, use MCP.
Authentication & security
Every MCP request authenticates with a Bearer token — the same Etlworks API key used by the REST Scripting API. There is no OAuth flow in v1.
Authorization: Bearer YOUR_API_KEYAPI-key management is identical to the REST API — most users generate their own under Preferences → Security → API key, and admins manage keys for any user under Settings → Users → select the user → Security → API key. The key inherits the generating user's role and tenant scope, so an MCP client can never do more than that user could.
Origin allowlist
For browser-based MCP clients, you can restrict which web origins may connect with the ai.mcp.allowed.origins property (comma-separated). Leaving it empty disables the Origin check (the default).
Locking down what MCP clients can do
Three operator-controlled properties on the Etlworks backend gate the most powerful tools. All default to true, so a fresh deploy exposes everything; set one to false and that tool disappears from tools/list and tools/call returns “Tool not found”:
ai.mcp.expose.host_cli=true # gate the host_cli tool
ai.mcp.expose.import_template=true # gate the import_template tool
ai.mcp.expose.assistant=true # gate the etlworks_assistant synthetic tool
ai.mcp.allowed.origins= # comma-separated allowlist; empty = no Origin checkTo offer read-only research and template search to MCP clients but keep CLI execution and template imports out of reach, set ai.mcp.expose.host_cli=false and ai.mcp.expose.import_template=false. Those tools then never appear to any MCP client.
Stateless & replicated
The MCP server is stateless. It does not issue an Mcp-Session-Id, so it works behind a load balancer with multiple replicas — no session affinity required. (Conversation continuity for etlworks_assistant is carried by the session_id in the tool arguments, not by transport-level session state.) Each request stands on its own, authenticated by its Bearer token.
Troubleshooting
| Symptom | Likely cause & fix |
|---|---|
401 Unauthorized | Missing or wrong Bearer token. Check the Authorization header and that the key's user has API access enabled. |
| Connection refused / timeout | Wrong host or port. Confirm the base URL and that the instance is reachable over HTTPS from your machine. |
405 Method Not Allowed on a browser visit | Expected — the endpoint answers GET with 405 and Allow: POST. MCP requests are POST. There is no server-initiated SSE in v1. |
A tool isn't in tools/list | Its exposure flag is false. Check ai.mcp.expose.host_cli / ai.mcp.expose.import_template / ai.mcp.expose.assistant. |
tools/call returns “Tool not found” | Same cause — the tool is gated off by its exposure flag, or the name is misspelled. Discover exact names with tools/list. |
Batch request rejected (-32600) | JSON-RPC batching was removed in spec 2025-06-18. Send one request per call. |
The error codes follow standard JSON-RPC: -32700 (parse error), -32600 (invalid request), -32601 (method not found), -32602 (invalid params), -32603 (internal error).
What's NOT in v1 (yet)
The Etlworks MCP server implements tools and tool-calling. Several MCP protocol features exist in the spec but are not implemented in v1 — so don't spend time looking for them: MCP resources, prompts, sampling, elicitation, server-initiated SSE, OAuth, progress notifications, request cancellation, and any server-registry / connector-directory listing. The implemented JSON-RPC methods are initialize, notifications/initialized, ping, tools/list, and tools/call. These deferred items may arrive later if there's demand — they're not broken, just not built yet.