The airflow-mcp-server is a Model Context Protocol server that provides comprehensive control over Apache Airflow instances via its API. It operates in either read-only (safe) mode or read-write (unsafe) mode.
Capabilities include:
DAG Management: List, create, update, delete, parse, and monitor DAGs and DAG runs
Task Management: Control task instances, view dependencies, update states, and retrieve logs
Resource Management: Create and manage connections, pools, variables, XCom entries
User Administration: Handle users, roles, and permissions
Dataset Operations: Manage datasets and related events
System Information: Retrieve health status, configuration, version details, and providers
The server supports JWT authentication and automatically parses the OpenAPI specification from the Airflow instance.
airflow-mcp-server: An MCP Server for controlling Airflow
MCPHub Certification
This MCP server is certified by MCPHub. This certification ensures that airflow-mcp-server follows best practices for Model Context Protocol implementation.
Find on Glama
Overview
A Model Context Protocol server for controlling Airflow via Airflow APIs.
Demo Video
https://github.com/user-attachments/assets/f3e60fff-8680-4dd9-b08e-fa7db655a705
Setup
Usage with Claude Desktop
Stdio Transport (Default)
Airflow 3 Plugin (Streamable HTTP at /mcp)
Install the plugin alongside the server to mount an MCP endpoint directly in the Airflow webserver:
- Airflow auto-loads the plugin via entry point
- Endpoint:
http(s)://<airflow-host>/mcp
- Stateless: every request must include
Authorization: Bearer <access-token>
- Modes (per-request): safe by default, or
?mode=unsafe
to enable write operations
HTTP Transport
Note:
- Set
base_url
to the root Airflow URL (e.g.,http://localhost:8080
).- Do not include
/api/v2
in the base URL. The server will automatically fetch the OpenAPI spec from${base_url}/openapi.json
.- Only JWT token is required for authentication. Cookie and basic auth are no longer supported in Airflow 3.0.
Transport Options
The server supports multiple transport protocols:
Stdio Transport (Default)
Standard input/output transport for direct process communication:
HTTP Transport
Uses Streamable HTTP for better scalability and web compatibility:
Note: SSE transport is deprecated. Use
--http
for new deployments as it provides better bidirectional communication and is the recommended approach by FastMCP.
Operation Modes
The server supports two operation modes:
- Safe Mode (
--safe
): Only allows read-only operations (GET requests). This is useful when you want to prevent any modifications to your Airflow instance. - Unsafe Mode (
--unsafe
): Allows all operations including modifications. This is the default mode.
To start in safe mode:
To explicitly start in unsafe mode (though this is default):
Tool Discovery Modes
The server supports two tool discovery approaches:
- Hierarchical Discovery (default): Tools are organized by categories (DAGs, Tasks, Connections, etc.). Browse categories first, then select specific tools. More manageable for large APIs.
- Static Tools (
--static-tools
): All tools available immediately. Better for programmatic access but can be overwhelming.
To use static tools:
Command Line Options
Considerations
Authentication
- Only JWT authentication is supported in Airflow 3.0. You must provide a valid
AUTH_TOKEN
.
Page Limit
The default is 100 items, but you can change it using maximum_page_limit
option in [api] section in the airflow.cfg
file.
Transport Selection
- Use stdio transport for direct process communication (default)
- Use HTTP transport for web deployments, multiple clients, or when you need better scalability
- Avoid SSE transport as it's deprecated in favor of HTTP transport
Tasks
- Airflow 3 readiness
- Parse OpenAPI Spec
- Safe/Unsafe mode implementation
- Parse proper description with list_tools.
- Airflow config fetch (specifically for page limit)
- HTTP/SSE transport support
- Env variables optional (env variables might not be ideal for airflow plugins)
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Related Resources
Related MCP Servers
- AGPL 3.0
- -securityAlicense-qualityAirthings Consumer MCP ServerLast updated -3ISC License
- -securityFlicense-qualityGitHub Repos Manager MCP ServerLast updated -139
- -securityAlicense-qualityAirtable MCP Server by CDataLast updated -MIT License