| name | workflow-getting-started |
| description | Getting started with Workflow — the 37-tool automation server for API discovery, credential vault, flow recording/replay, watches, data piping, and authorized MFA helpers. Use when: automating API calls, managing credentials, recording replayable flows, polling for changes, or piping data between steps. |
What Workflow Is
A single MCP server (workflow.exe) with 37 tools across 7 modules. It handles automation infrastructure: credentials, API patterns, recorded flows, scheduled watches, data transforms, and authorized MFA helper workflows.
| Module | Tools | What It Does |
|---|
| API Discovery | 5 | Store, call, test, list, delete learned API patterns |
| Credential Vault | 5 | DPAPI-encrypted credential storage (Windows-only) |
| Flow Recording | 8 | Record, replay, adapt, and dispatch multi-step flows |
| Watch/Polling | 5 | Define watches, schedule checks, poll for changes |
| Data Piping | 2 | Transform and pipe data between steps |
| Workflow Chains | 5 | Define and run multi-step workflow sequences |
| MFA Helpers | 6 | Manage authorized local MFA entries in the OS keyring |
Key Tools
| I want to... | Use |
|---|
| Store an API pattern | api_store(name="...", method="POST", url="...", headers={...}) |
| Call a stored API | api_call(name="...") |
| Store credentials securely | credential_store(name="...", username="...", password="...") |
| Get credentials | credential_get(name="...") |
| Record a multi-step flow | flow_record_start → flow_record_step (repeat) → flow_record_stop |
| Replay a recorded flow | flow_replay(name="...") |
| Watch for a change | watch_define(name="...", url="...", selector="...") → watch_schedule |
| Handle MFA-sensitive workflows | Confirm user authorization and keep secrets in the OS keyring |
| Pipe data between steps | transform_pipe(input="...", steps=[...]) |
Common Patterns
Learn an API from browser, then replay:
workflow:api_store(name="create-ticket", method="POST", url="https://api.example-crm.test/v1/tickets", credential_ref="demo_crm_bearer", body={"title": "{{title}}"})
workflow:api_call(name="create-ticket", params={"title": "Bug fix"})
Secure credential flow:
workflow:credential_store(name="demo_crm_bearer", value="<authorized_demo_bearer_value>", credential_type="bearer")
workflow:credential_get(name="demo_crm_bearer") → use by reference in api_call
Credential and MFA workflows:
Confirm the user authorized the account, site, and workflow. Keep secrets in the OS keyring and never put passwords, tokens, recovery codes, or MFA setup material in prompts, examples, or logs.
Anti-Patterns
- Don't store credentials in plain text — always use credential_store (DPAPI-encrypted)
- Don't manually replay API sequences — record them with flow_record_* and replay with flow_replay