feat: add Pipedream MCP support

[rohan-patil2]

Summary

Adds a new Pipedream MCP tool node that enables Flowise agents to connect to any of Pipedream's 3,000+ APIs and 10,000+ tools via the Pipedream Connect MCP service. The integration uses Streamable HTTP transport to communicate with Pipedream's remote MCP server, authenticates via OAuth2 client credentials, and supports dynamic per-user scoping for multi-user agentflows.

Features

• 3,000+ API integrations: Connect agents to Notion, Slack, Gmail, Google Sheets, HubSpot, and thousands more via a single node, using Pipedream's hosted MCP server.
• OAuth connect flow handling: Automatically detects when a user needs to authorize their account and presents a clickable connect URL with clear retry guidance to the LLM.
• Multi-user agentflows: Dynamic per-request user scoping via variables, resolved at runtime from overrideConfig.vars in the prediction API.
• Human-in-the-loop consent: Works with Flowise's built-in "Require Human Input" toggle on the Agent node, giving end-users a Proceed/Reject prompt before any tool executes real actions on their external accounts.
• OAuth2 client credentials auth: Fetches short-lived access tokens from Pipedream's OAuth endpoint with automatic expiry handling.
• Configurable OAuth scopes: Restrict access tokens to specific Pipedream API scopes (e.g., connect:*, connect:actions:*) following the principle of least privilege.
• Clean text responses: Extracts and returns plain text from MCP tool results instead of JSON-stringified content arrays, improving LLM response quality.

Out of Scope

• sub-agent and full-config tool modes with stateful conversation tracking
• Automatic retry polling after user completes OAuth connect flow
• Custom UI rendering (connect button widget), Pipedream handles via return-link pattern
• Token refresh/TTL management beyond in-memory caching

Testing Performed

Scenario	Result
Tool listing for a known app slug	Tools load and display correctly
Tool execution with connected account	Returns clean text response (not raw JSON)
Tool execution without connected account	Returns structured ACTION_REQUIRED with clickable connect URL
Invalid app slug	Clear 404 error message
Invalid credentials	Clear OAuth error on token fetch
Missing required fields	Validation errors before any network call
Dynamic externalUserId via overrideConfig.vars	Correctly resolved per request
Unresolved {{$vars.*}} at runtime	Descriptive error with configuration guidance
Human-in-the-loop (Proceed)	Tool executes after approval
Human-in-the-loop (Reject)	Tool skipped, agent continues

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands Flowise's integration capabilities by introducing a new Pipedream MCP tool node. This node allows Flowise agents to seamlessly interact with a vast ecosystem of third-party APIs and services through Pipedream's Connect platform. The implementation focuses on robust authentication, dynamic user context management, and clear user interaction for sensitive operations, making it easier to build powerful, integrated agentflows.

Highlights

• New Pipedream MCP Tool Node: Introduced a new Pipedream MCP (Model Context Protocol) tool node, enabling Flowise agents to connect to over 3,000 Pipedream APIs and 10,000+ tools.
• OAuth2 Client Credentials Authentication: Implemented OAuth2 client credentials for secure authentication with Pipedream Connect, including automatic token fetching, caching, and expiry handling.
• Dynamic Per-User Scoping: Added support for dynamic per-request user scoping via variables, allowing multi-user agentflows to resolve user-specific contexts at runtime.
• Human-in-the-Loop Consent: Integrated with Flowise's 'Require Human Input' feature, providing end-users with a Proceed/Reject prompt before sensitive tool actions are executed.
• Improved Response Formatting: Enhanced tool result processing to extract clean plain text from MCP tool responses, improving LLM response quality and handling ACTION_REQUIRED for account connections.
• Configurable OAuth Scopes: Allowed configuration of OAuth scopes to restrict access tokens to specific Pipedream API permissions, adhering to the principle of least privilege.

Changelog

• packages/components/credentials/PipedreamOAuthApi.credential.ts
  • Added a new credential class, PipedreamOAuthApiCredential, to manage Pipedream Connect OAuth authentication details.
  • Defined input fields for Client ID, Client Secret, Project ID, and optional OAuth Scopes for Pipedream API access.
• packages/components/nodes/tools/MCP/Pipedream/PipedreamMCP.ts
  • Implemented the Pipedream_MCP node class, which serves as the core logic for the Pipedream MCP tool.
  • Developed fetchAccessToken for OAuth2 client credentials flow, including token caching and error handling for invalid credentials.
  • Created resolveVarsInString to dynamically resolve variables within the externalUserId field, supporting multi-user agentflows.
  • Added getTools method to dynamically fetch and create Langchain tools based on available Pipedream actions, with caching for performance.
  • Included formatPipedreamResponse to process MCP tool results, extracting plain text and generating ACTION_REQUIRED messages for user account connections.
  • Implemented input validation for appSlug and externalUserId to ensure correct configuration.
• packages/components/nodes/tools/MCP/Pipedream/pipedream.svg
  • Added an SVG icon for the new Pipedream MCP tool node.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new Pipedream MCP tool, which is a great addition to Flowise's capabilities. The implementation is robust, with thorough error handling, caching, and consideration for the user experience in the UI. The code is well-structured and follows existing patterns in the codebase. My feedback focuses on improving TypeScript type safety by replacing several instances of any with more specific types and fixing a missing import. All original comments were kept as they align with general good practices and do not contradict any provided rules. Overall, this is an excellent contribution.

[harshit-flowise]

@rohan-patil2 Thanks a lot Rohan for your contribution. Please find below some feedback -

Code Quality & Maintenance

Gemini Code Assist: Address and resolve all pending suggestions and warnings provided by Gemini.

Pipedream Credential Configuration

Project ID Field: Modify the Project ID to be optional. (Note: This is intended for Open Source users who may not require it; please verify this logic before finalizing).

OAuth Scopes: Set the default value for OAuth scopes to connect:*.

UI / UX Enhancements

Connection Flow: When a user is prompted to connect via the chat, ensure the Pipedream connect dialog opens automatically in a new browser tab.

App Slug Field: Enhance the "Info" tooltip to include:

Specific examples of supported apps.

A note clarifying that multiple apps must be provided in a comma-separated format.

User Identification: * Rename the External User ID field to User ID.

Add an "Info" icon explaining how to add variables in the dedicated Variables section.

Set the default value for this field to {{$vars.user_email}}.

[harshit-flowise]

@HenryHengZJ I tested the pipedream node and it looks good to me.

[HenryHengZJ]

what is this changes regards to?

[harshit-flowise]

The tool returns markdown responses containing links in the chat when it asks users to sign-in by clicking on the pipedreams link, and this ensures those links behave safely and open up in a new tab.

target='_blank' — Makes all links rendered in markdown open in a new browser tab instead of navigating away from the current Flowise page. Without this, clicking a link in a chat response would navigate the user away from the app.

rel='noopener noreferrer' — A security best practice when using target='_blank'. It prevents the newly opened page from accessing the original page's window.opener object, which could otherwise be exploited (known as "reverse tabnapping").