Workbench MCP

The Workbench exposes a Model Context Protocol (MCP) endpoint so AI agents can run real NEExT workflows — create projects, configure and run artifacts, analyze results, and navigate the UI. It is local, single-user, and token-gated by design. There is no remote hosting or multi-user access.

Endpoint & install

The MCP server is mounted as Streamable HTTP at /mcp:

endpoint

http://127.0.0.1:8765/mcp

Install the MCP-enabled extra and launch the Workbench as usual:

shell

pip install "NEExT[workbench-mcp]"
neext-workbench

Enable MCP and manage its token from the Workbench UI (Home → Settings). The mcp SDK requires Python 3.10+.

Authentication

Every request must present the token as a bearer header. For local clients (e.g. Claude Desktop) the token is supplied via the NEEXT_WORKBENCH_MCP_TOKEN environment variable:

header

Authorization: Bearer <your-workbench-mcp-token>

The server verifies the token and resolves the scopes granted to it; an unknown token is rejected.

Scopes

Tool access is scope-gated. A token is granted some subset of these seven scopes, and each tool requires a specific one:

Scope	Grants
`read`	List and inspect projects, artifacts, jobs, previews, and analysis
`write`	Create projects and configure datasets, features, embeddings, models
`run`	Execute artifacts and run feature-importance analysis
`custom-code`	Validate and create custom Python features (trusted local execution)
`ui-control`	Read and set the active Workbench view
`export`	Export dataset tables and model metrics
`lifecycle`	Trash, restore, and request deletions

custom-code runs trusted local Python in your environment — grant it deliberately.

Tools

The endpoint exposes 38 tools, grouped here by the scope they require.

read — neext_workspace_summary, neext_list_projects, neext_list_catalog, neext_list_artifacts, neext_get_artifact, neext_list_jobs, neext_get_job, neext_preview_artifact, neext_analyze_artifact, neext_cluster_embedding, neext_search_graphs, neext_get_graph_detail, neext_list_mcp_activity

write — neext_create_project, neext_configure_dataset, neext_validate_dataset_intake, neext_create_dataset_intake_session, neext_append_dataset_intake_table, neext_validate_dataset_intake_session, neext_create_dataset_from_intake, neext_configure_feature, neext_configure_embedding, neext_configure_model

custom-code — neext_validate_custom_feature, neext_configure_custom_feature

run — neext_run_artifacts, neext_compute_feature_importance

export — neext_export_dataset_table, neext_export_model_metrics

ui-control — neext_get_workbench_view, neext_set_workbench_view

lifecycle — neext_list_trash, neext_restore_project, neext_restore_artifact_deletion, neext_plan_delete_artifact, neext_list_mcp_approvals, neext_request_delete_artifact, neext_request_delete_project

Delete approval

Destructive operations are never executed immediately over MCP. The neext_request_delete_artifact and neext_request_delete_project tools only request a deletion; the Workbench surfaces a pending approval that you must approve or deny in the UI before anything is moved to trash. Deletions move data to a recoverable trash/ folder rather than permanently erasing it.

Boundaries

Local only — no remote OAuth, remote hosting, or multi-user access.
Approved workflows only — MCP tools map to current Workbench behavior; deferred workflows are not exposed.
No silent deletes — destructive actions are human-approved in the UI.