π¦
powerautomate
MCP server for Microsoft Power Automate - AI-assisted flow creation and management
0 installs
3 stars
Trust: 55 β Fair
Ai
Installation
npx powerautomate-mcpAsk AI about powerautomate
Powered by Claude Β· Grounded in docs
I know everything about powerautomate. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
Power Automate MCP Server
An MCP (Model Context Protocol) server for Microsoft Power Automate. Create, manage, and deploy Power Automate flows using natural language.
Works with any MCP-compatible AI client: Claude Desktop, Claude Code, VS Code Copilot, Cursor, Google Gemini CLI, and more.
Features
- Create Flows - Build flows from natural language descriptions with guided wizard
- Test & Debug - Automatic testing with intelligent error diagnosis
- Validate - Pre-flight checks with best practices scoring (0-100)
- Manage Flows - List, update, clone, and delete flows
- Power Apps - Manage canvas and model-driven apps, permissions, versions
- Environment Admin - Create, copy, backup, restore environments
- DLP Policies - Create and manage data loss prevention policies
- Solutions ALM - Export, import, and manage Dataverse solutions
- Dataverse CRUD - Full table/row operations via OData Web API
- SharePoint - Sites, lists, items, and files via Microsoft Graph
- Expression Help - Interactive Power Automate expression reference
- Connector Intelligence - Full knowledge of 400+ connectors and schemas
- Cross-Platform - Works on Windows, macOS, and Linux
Quick Start
npm install -g powerautomate-mcp
powerautomate-mcp --setup
The setup wizard handles everything automatically:
- Creates the app registration in your tenant via Azure CLI (or prompts you to provide one)
- Opens your browser to sign in
- Presents the admin consent URL (auto-opens in browser)
- Discovers your environments and lets you select one
- Saves your configuration
Then configure your AI client. See the Installation Guide for platform-specific setup:
| Client | Config |
|---|---|
| Claude Desktop | claude_desktop_config.json |
| Claude Code | claude mcp add powerautomate |
| VS Code Copilot | .vscode/mcp.json |
| Cursor | ~/.cursor/mcp.json |
| Gemini CLI | ~/.gemini/settings.json |
| ChatGPT | --http flag + tunnel (see guide) |
Microsoft Entra App Registration
The setup wizard (--setup) creates the app registration automatically if you have Azure CLI installed. No manual steps required for most users.
Who Needs to Do What?
| Role | Action |
|---|---|
| Entra ID admin with Azure CLI | Run powerautomate-mcp --setup β everything is automated |
| Entra ID admin without Azure CLI | Run --setup, paste your app's Client ID when prompted, grant admin consent |
| Non-admin user | Run --setup, then ask an admin (see roles below) to approve the consent URL shown |
| End users (after admin setup) | Just run powerautomate-mcp --setup |
Tip: You can also set
PA_MCP_CLIENT_IDas an environment variable to skip the prompt entirely.
Admin Consent
The setup wizard presents the admin consent URL and auto-opens it in your browser. Any of these Entra ID roles can grant consent: Global Administrator, Application Administrator, Cloud Application Administrator, or Privileged Role Administrator. If you don't have one of these roles, share the URL with your admin:
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=YOUR_CLIENT_ID
Manual Setup (Optional)
If you prefer to create the app registration manually:
-
Go to Azure Portal > Microsoft Entra ID > App registrations > New registration
-
Configure basic settings:
- Name:
Power Automate MCP - Supported account types: Accounts in any organizational directory (multi-tenant)
- Redirect URI: Select "Public client/native" and enter:
https://login.microsoftonline.com/common/oauth2/nativeclient
- Name:
-
After creation, go to Authentication and enable:
- Allow public client flows: Yes
-
Go to API permissions > Add a permission and add:
API Permission Type Used For Microsoft Graph User.ReadDelegated User profile Microsoft Graph Sites.ReadWrite.AllDelegated SharePoint sites, lists, files Microsoft Graph Files.ReadWrite.AllDelegated OneDrive/SharePoint file operations Power Automate (Flow Service) Flows.Read.AllDelegated Read flows Power Automate (Flow Service) Flows.Manage.AllDelegated Create/update/delete flows Power Automate (Flow Service) Activity.Read.AllDelegated Flow run history Power Automate (Flow Service) Approvals.Manage.AllDelegated Approval management Dynamics CRM user_impersonationDelegated Dataverse table/row CRUD -
Click Grant admin consent for [Your Tenant] (requires Global Admin, Application Admin, Cloud Application Admin, or Privileged Role Admin)
CLI Reference
powerautomate-mcp [options]
| Flag | Description |
|---|---|
--setup, -s | Run the interactive setup wizard |
--validate | Verify config, auth, and API connectivity then exit |
--update | Check for updates and install the latest version |
--version, -v | Print version and exit |
--http | Start with Streamable HTTP transport |
--port <N> | Port for HTTP transport (default: 3000) |
--env <name> | Override the default environment (alias or GUID) |
--config <path> | Use an alternate config file |
--debug | Enable debug-level logging |
--help, -h | Show help message |
Environment Variables:
| Variable | Description |
|---|---|
PA_MCP_CLIENT_ID | Microsoft Entra app client ID (overrides config file) |
PA_CONFIG_PATH | Custom path to config.json |
Usage Examples
Flows
Create a flow that sends me an email every morning with the weather forecast
Test my "Daily Report" flow and tell me if there are any errors
Help me write an expression to format a date as "January 1, 2024"
Show me all the flows that have been shared with me
Patch the "Compose" action inside the Default case of "If_Recognized_Form" β only that one node, leave the rest alone
SharePoint
List all items in the "Projects" list on our Marketing site
Upload this month's report to the Shared Documents library
Dataverse
Show me all active accounts in Dataverse with revenue over $1M
Create a new contact row for John Smith in the contacts table
Power Apps
List all canvas apps in my environment and who owns them
Share the "Expense Tracker" app with the Finance team
Administration (requires Power Platform Admin, Dynamics 365 Admin, or Global Admin)
Create a new sandbox environment called "Dev Testing"
What DLP policies are applied to my default environment?
Export the "Sales Solution" as a managed solution for deployment
Connectors & Expressions
What connectors are available for working with SharePoint?
What parameters does the "Send an email (V2)" action need?
Available Tools (108 total)
Core Flow Operations
| Tool | Description |
|---|---|
list_flows | List flows. scope: "owned" | "shared" | "all" filters by ownership; includeOwner shows the creator + [owned]/[shared] tag |
get_flow | Get flow definition. format: "summary" | "json" | "both" β use json/both to capture nested actions inside Switch/If/Foreach/Scope |
create_flow | Create a new flow (supports optional description) |
update_flow | Modify an existing flow. Three modes: full replace (default), mergeActions: true (deep-merge β preserves siblings), or patchActions: { "path": value } (surgical, smallest payload). Also supports description |
delete_flow | Delete a flow |
toggle_flow | Enable or disable a flow |
clone_flow | Copy flow to another environment |
Testing & Debugging
| Tool | Description |
|---|---|
test_flow | Run flow with automatic diagnosis |
run_flow | Trigger a manual flow |
get_runs | Get flow run history |
diagnose_flow | Analyze failures with fix suggestions |
validate_flow | Validate with best practices score |
Planning & Help
| Tool | Description |
|---|---|
plan_flow | Interactive flow planning wizard |
build_flow | Simple flow builder from description |
get_expression_help | Expression syntax reference |
search_connectors | Find connectors by name |
get_action_schema | Get connector action parameters |
Dataverse CRUD
| Tool | Description |
|---|---|
list_dataverse_tables | List all tables (entities) in the environment |
get_dataverse_table | Get table schema with column definitions |
query_dataverse_rows | Query rows with OData filter/select/orderby |
get_dataverse_row | Get a single row by ID |
create_dataverse_row | Create a new row |
update_dataverse_row | Update an existing row |
delete_dataverse_row | Delete a row (with confirmation) |
SharePoint
| Tool | Description |
|---|---|
search_sharepoint_sites | Search for SharePoint sites |
get_sharepoint_site | Get site by ID or URL |
list_sharepoint_lists | List all lists in a site |
get_sharepoint_list_columns | Get column definitions for a list |
list_sharepoint_items | Get list items with filtering |
create_sharepoint_item | Create a new list item |
update_sharepoint_item | Update a list item |
delete_sharepoint_item | Delete a list item (with confirmation) |
list_sharepoint_files | List files in a document library |
upload_sharepoint_file | Upload a file (up to 4MB) |
get_sharepoint_file_content | Download file content |
Power Apps
| Tool | Description |
|---|---|
list_canvas_apps | List canvas apps |
get_canvas_app | Get app details |
publish_canvas_app | Publish an app |
list_model_driven_apps | List model-driven apps |
get_model_driven_app | Get model-driven app details |
list_app_versions | List app version history |
get_app_permissions | Get app permissions |
share_app | Share an app with users/groups |
remove_app_permission | Remove app access |
set_app_owner | Transfer app ownership |
Environment Administration
Requires Power Platform Admin, Dynamics 365 Admin, or Global Admin role.
| Tool | Description |
|---|---|
list_environments | List all environments |
get_environment | Get environment details |
create_environment | Create a new environment |
delete_environment | Delete an environment |
copy_environment | Copy an environment |
reset_environment | Reset an environment |
backup_environment | Create a backup |
restore_environment | Restore from backup |
DLP Policies
Requires Power Platform Admin, Dynamics 365 Admin, or Global Admin role.
| Tool | Description |
|---|---|
list_dlp_policies | List data loss prevention policies |
get_dlp_policy | Get policy details |
create_dlp_policy | Create a new DLP policy |
update_dlp_policy | Update an existing policy |
delete_dlp_policy | Delete a policy |
list_policy_connectors | List connectors by policy group |
Solutions ALM
| Tool | Description |
|---|---|
list_solutions | List Dataverse solutions |
get_solution | Get solution details |
export_solution | Export a solution |
import_solution | Import a solution |
list_solution_components | List components in a solution |
add_solution_component | Add a component to a solution |
Managed Environments & Capacity
Requires Power Platform Admin, Dynamics 365 Admin, or Global Admin role.
| Tool | Description |
|---|---|
enable_managed_environment | Enable managed environment |
disable_managed_environment | Disable managed environment |
get_governance_settings | Get governance configuration |
get_tenant_capacity | Get tenant-level capacity |
get_capacity_alerts | Get capacity alert notifications |
Security
This server implements defense-in-depth security hardened through 3 rounds of penetration testing:
- Secure Token Storage: DPAPI (Windows), Keychain (macOS), libsecret on Linux when available, with a 0o600 file-cache fallback when it is not
- SSRF Prevention: Comprehensive private host detection covering IPv4, IPv6, IPv6-mapped/compatible IPv4, octal/hex/decimal notation, ULA, link-local ranges, domain allowlists
- OData Injection Protection: Tautology detection across all comparison operators, parenthesized forms, arithmetic/function-based bypasses, Unicode NFC normalization, ASCII-only enforcement
- Path Traversal Prevention: NFKC Unicode normalization, bidi control character stripping, zero-width character removal, null byte rejection, URL double-encoding defense
- Input Validation: GUID validation on all IDs, field list validation, environment ID format checks, SharePoint hostname allowlist
- Injection Prevention: Power Automate expression injection blocking (
@{/}@), command injection prevention (execFileoverexec), prototype pollution defense - Error Sanitization: Recursive sensitive key redaction (tokens, passwords, secrets), PII removal, stack trace suppression
- Log Redaction: Deep wildcard Pino redaction for auth headers, tokens, API keys
- HTTP Transport Security: Localhost-only binding, session-based Streamable HTTP, timing-safe API key comparison
- Resource Limits: 2MB input size limit, 20-level depth limit, 50MB JSON response limit, 100MB binary download limit
- Config Hardening: File permissions (0o600), symlink rejection, world-readable warnings
- Auth Safety: Token refresh mutex, MSAL PII filtering, MSAL verbose/trace suppression, silent-only mode in server
Architecture
AI Client <--stdio/http--> powerautomate-mcp
(Claude, VS Code, |
Cursor, Gemini) βββ Power Automate Flow Management API
βββ Power Apps API (canvas/model-driven apps)
βββ Power Platform Admin API (environments, DLP, capacity)
βββ Microsoft Graph API (SharePoint, OneDrive, Excel)
βββ Dataverse Web API (tables, rows, solutions)
βββ MSAL Auth (browser popup / device code)
βββ SQLite Schema Cache (400+ connectors)
βββ Secure Token Storage (OS keychain)
License
MIT
A Note of Thanks
Thank you for using this project β it is truly appreciated. Every install, bug report, and suggestion makes this a better tool, and I'm committed to fixing any issue that arises so we have the best Power Automate MCP server possible. If something isn't working for you, please open an issue. I read every one, and a solid reproduction gets a fast fix.
Support
For issues and feature requests, please open an issue in this repository.