MuleSoft Code MCP
Provides tools to search for and execute MuleSoft API operations, including asset management, OAuth token handling, and write operations with dry-run and confirmation tokens.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MuleSoft Code MCPsearch for exchange assets related to OAuth"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MuleSoft Code MCP
Model Context Protocol (MCP) is a standardized way for LLMs to use external systems through tools. This repository provides a focused remote MCP server for MuleSoft APIs so agents can discover operations and execute validated API calls with a fixed low-context tool surface.
Design references:
The server supports streamable-http transport via /mcp.
Server in this Repository
Server | Description | URL |
| Search + execute over MuleSoft operations with OAuth and write guardrails |
|
Related MCP server: cocoon
Tools Exposed
Tool | Purpose | Typical use |
| Finds ranked operations from Exchange portal + OpenID context | "list assets", "exchange api", "oauth token" |
| Validates and executes operation by | Read and write calls with typed validation |
| Returns auth status for current caller | Preflight before |
Why Better Than Official MCP Patterns
Compared to official/provider MCP servers that expose many endpoint-specific tools, this implementation is better for agent execution quality:
Lower context pressure: fixed
3tools instead of endpoint-tool explosion.Better tool selection: agent maps intent with
search, then executes one explicitoperation_id.Stronger safety: writes require both server policy and per-request confirmation token.
Better runtime behavior: response truncation, read caching, and persisted catalog cache reduce latency and token waste.
Access from Any MCP Client
If your MCP client supports remote MCP directly:
{
"mcpServers": {
"mulesoft-code-mcp": {
"transport": "streamable_http",
"url": "http://127.0.0.1:3000/mcp",
"headers": {
"x-user-id": "default"
}
}
}
}If your client needs a command bridge:
{
"mcpServers": {
"mulesoft-code-mcp": {
"command": "npx",
"args": ["mcp-remote", "http://127.0.0.1:3000/mcp"],
"env": {
"MCP_REMOTE_HEADERS": "{\"x-user-id\":\"default\"}"
}
}
}
}Quick Start
cd mulesoft
npm install
npm run build
npm testSeed access token from environment:
MULESOFT_ACCESS_TOKEN='<token>' npm run seed:tokenStart server:
TOKEN_STORE_PATH=./data/tokens.integration.json \
TOKEN_ENCRYPTION_KEY_BASE64='<seed-output-key>' \
PORT=3000 HOST=127.0.0.1 npm run devSmoke test:
curl -sS http://127.0.0.1:3000/healthz
MCP_URL=http://127.0.0.1:3000/mcp USER_ID=default npm run smoke:mcpTool Calling Flow
Call
auth_status.Call
searchwith intent (for example,list exchange assets).Pick an
operation_id.Call
executewith required params.For writes: call
dry_run=true, then replay withconfirm_write_tokenandALLOW_WRITES=true.
Example search input:
{
"query": "list exchange assets",
"limit": 5
}Example read execute input:
{
"operation_id": "GET /exchange/api/v2/assets"
}Example write execute dry run:
{
"operation_id": "DELETE /exchange/api/v2/assets/{assetId}",
"path_params": {
"assetId": "my-asset"
},
"dry_run": true
}Configuration
Key environment variables:
ALLOW_WRITES(defaultfalse)REQUEST_TIMEOUT_MSMAX_RETRIESCATALOG_CACHE_PATHREAD_CACHE_TTL_MSEXECUTE_MAX_BODY_BYTESEXECUTE_BODY_PREVIEW_CHARS
See .env.example for the full set.
Safety Model
Mutating methods are blocked unless
ALLOW_WRITES=true.Mutating calls require
confirm_write_tokenfromdry_runfor exact request replay.Sensitive headers and body fields are redacted.
Performance Model
Fixed 3-tool MCP surface to keep context small.
Persisted catalog cache enables fast startup and asynchronous refresh.
Conditional refresh for upstream metadata where available.
Short TTL cache for repeated read calls (
GET/HEAD).Execute body truncation controls context overhead.
Troubleshooting
MCP Inspector connect failure: confirm URL is
http://127.0.0.1:3000/mcpand server is running.AUTH_REQUIRED: seed token or complete OAuth bootstrap.Write blocked: set
ALLOW_WRITES=trueand use returnedconfirm_write_token.Sparse search results: include concrete resource terms (
exchange,assets,oauth).
Development
Source:
srcTests:
testsReferences:
REFERENCES.md
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dsouzaAnush/mulesoft-code-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server