API pattern storage and replay, DPAPI-encrypted credential vault, data transform pipelines, watch polling, and workflow chains — all through one MCP server. Single Rust binary, 42 tools, zero runtime dependencies.
Part of CPC (Copy Paste Compute) — a multi-agent AI orchestration platform. Related repos: manager · local · hands · cpc-paths · cpc-breadcrumbs
Workflow is the graduation pipeline partner for hands. Use hands to automate a browser task once, capture the underlying API calls with hands:browser_learn_api, store them with workflow:api_store, then replay via direct HTTP forever. No browser needed on future runs. 100x faster.
- v1.4.0
workflow_runpreview mode classifies each step's side effects (read-only vs. mutating) before it runs- Flow dispatch kill-switches:
dispatch_list,dispatch_pause_all, andflow_dispatch_report_outcome(auto-pauses a dispatch after repeated failures) watch_record_outcomesplits selector-validity from condition outcomecredential_getnow steers callers towardapi_callauto-injection instead of fetching raw secrets
- v1.3.6
- New "Storing secrets without showing them to the AI" section
- New "Pushing through 2FA without you in the loop" section
- CI: bumped GitHub Actions versions to latest to address Node.js 20 deprecation
- v1.3.5 — Clippy + dead_code cleanup: removed 2 crate-level allows, added targeted item-level allows with justification.
- v1.3.4 — Fixed 69 UTF-8 mojibake sequences in skill reference files (em-dashes + arrows). Documentation-only patch.
- v1.3.3 — Cargo.toml metadata cleanup (license, repository, description fields).
- v1.3.1 — Two-Entry sentinel keyring probe on startup. Detects mock backends that don't persist across instances.
- v1.3.0 — Cross-platform OS keyring storage (Windows Credential Manager, macOS Keychain, Linux Secret Service).
migrate_dpapi_to_keyringtool for one-time migration from legacy DPAPI. Linux headless guard.
Older releases
- v1.2.5 — TOTP DPAPI fix + monorepo sync. Null-byte stripping after DPAPI decrypt.
- v1.2.1 — Meta-tool dispatch fixes, credential round-trip hardening, TOTP module (6 tools).
- v1.1.1 — Initial public release. 31 tools across 7 modules.
See CHANGELOG.md for full details.
Day 1: Browser automation (hands MCP server)
↓ hands:browser_learn_api extracts endpoint patterns from network traffic
Day 2: Store patterns (workflow:api_store)
↓ Named pattern with URL template, headers, credential reference
Day N: Direct HTTP replay (workflow:api_call)
↓ No browser. No Chrome. No selectors. Just HTTP.
The economics:
- Browser session: ~3-5 seconds startup + page load + interaction + fragile selectors
- API call: ~50-200ms, no browser process, no DOM, no breakage from UI redesigns
Production proof: 24+ stored API patterns in daily use against healthcare payer FHIR endpoints. Once a pattern is stored, future calls run direct-to-HTTP — no browser window opens.
| Category | Tools | Description |
|---|---|---|
| API Patterns | api_store, api_call, api_list, api_test, api_delete |
Store discovered API patterns with URL templates and credential references, replay via direct HTTP |
| Credentials | credential_store, credential_get, credential_list, credential_delete, credential_refresh |
Windows DPAPI-encrypted credential vault. Store by name, reference from API patterns. OAuth refresh support. |
| Transforms | transform_pipe, pipe_test |
JSON transform pipelines: pick, rename, flatten, filter, template, group_by, math. Chain operations sequentially. |
| Watches | watch_define, watch_list, watch_check, watch_schedule, watch_delete |
Define polling conditions, trigger actions when conditions are met |
| Workflows | workflow_define, workflow_run, workflow_list, workflow_status, workflow_delete |
Trigger-action chains composing watches, API calls, and transforms |
| Category | Tools | Description |
|---|---|---|
| Flows | flow_record_start, flow_record_step, flow_record_stop, flow_replay, flow_adapt, flow_dispatch, flow_list, flow_delete |
Record and replay multi-step MCP tool sequences. 1 test flow stored, never run in production. Use for prototyping. A follow-up release will harden based on real-world usage. |
37 tools total across 7 modules.
- Download
workflow-v1.4.0-x64.exefrom the latest release. - Rename to
workflow.exeand place in%LOCALAPPDATA%\CPC\servers\. - Add to your
claude_desktop_config.json:{ "mcpServers": { "workflow": { "command": "%LOCALAPPDATA%\\CPC\\servers\\workflow.exe" } } } - Restart Claude Desktop.
- Download
workflow-v1.4.0-aarch64.exefrom the latest release. - Rename to
workflow.exeand place in%LOCALAPPDATA%\CPC\servers\. - Add to your
claude_desktop_config.json:{ "mcpServers": { "workflow": { "command": "%LOCALAPPDATA%\\CPC\\servers\\workflow.exe" } } } - Restart Claude Desktop.
- Windows 10/11 — credential encryption requires Windows. On other platforms, credentials are stored unencrypted (development/testing only).
- No Node.js, no Python, no runtime dependencies.
- Keyring integration — credentials are stored in the OS keyring (Windows Credential Manager, macOS Keychain, Linux Secret Service).
For full per-machine setup (paths, credential vault setup, DPAPI notes), see docs/per_machine_setup.md.
git clone https://github.com/AIWander/workflow.git
cd workflow
cargo build --releaseBinary appears at target/release/workflow.exe. Requires Rust stable toolchain — nightly is not required.
This is the core use case. You've been using hands to automate a browser task. Now graduate it to a direct API call.
hands:browser_launch()
hands:browser_navigate(url: "https://portal.example-health.com")
# ... interact with the page ...
hands:browser_learn_api() → extracts endpoint patterns
workflow:credential_store(
name: "payer_token",
value: "<captured_bearer_token>",
credential_type: "bearer",
service: "example_health"
)
workflow:api_store(
name: "payer_member_search",
url_pattern: "https://api.example-health.com/fhir/Patient?name={name}",
method: "GET",
credential_ref: "payer_token",
notes: "Discovered via browser_learn_api 2026-03-15"
)
workflow:api_test(name: "payer_member_search", params: {"name": "Smith"})
workflow:api_call(name: "payer_member_search", params: {"name": "Jones"})
When the API breaks (token expired, endpoint changed), the response includes a fallback_hint telling you to go back to the browser. Re-discover, re-graduate.
Store the secret once with a separate PowerShell or MCP call,
such as New-StoredCredential or workflow:credential_store,
and let the OS keyring hold it: Windows Credential Manager, macOS Keychain,
or Linux Secret Service. In chat, you only reference the stored name,
for example credential_ref: "github_token".
At call time, the workflow server fetches the actual value from the OS keyring.
The AI in chat never sees the secret. Naming convention:
service=cpc-workflow, user={namespace}:{name} where namespace is cred or totp.
The first pass is setup only: Hands captures the QR code during 2FA enrollment, then workflow stores the decoded otpauth:// URI as a TOTP entry in the OS keyring. After that, the long-lived secret stays out of chat.
When a later login flow hits the code prompt, workflow generates the current 6-digit code on demand and Hands types it into the form. That lets 2FA-protected logins run unattended without pasting the seed secret into chat.
hands_scan_qrcaptures the OTP setup QR code from the screen during initial 2FA enrollment.workflow:totp_register_from_uristores the decodedotpauth://URI as a TOTP entry in the OS keyring.- When a login flow needs the current code,
workflow:totp_generate("name")produces it andhands_login_recovery(or any flow step) types it into the form. - Result: site logins behind 2FA can be automated unattended, and the secret never appears in chat.
flow_replay, watch_check, and workflow_run return execution plans, not results. They tell your session what tools to call with what parameters. Your session executes the plan. This is by design — workflow doesn't have access to other MCP servers.
All data lives in C:\CPC\workflows\ as JSON files with atomic writes (write to .tmp, then rename). Safe against crashes mid-write.
See skills/workflow-recommended-instructions.md for a copy-paste block to add to your CLAUDE.md. Covers the credential-by-reference mandate, graduation discipline, and experimental flow warnings.
See the examples/ directory:
graduation_pipeline.md— Full hands-to-workflow graduation walkthroughcredential_storage.md— DPAPI vault patterns and token rotationapi_pattern_replay.md— Advanced API patterns with transforms
Workflow and hands are designed as two halves of the same pipeline.
| Scenario | Use |
|---|---|
| First time doing a task | hands (browser) |
| Task has a known API pattern | workflow (api_call) |
| API call fails / token expired | hands (browser re-auth) then workflow (credential_store) |
| Need to transform API response | workflow (transform_pipe) |
| Need to poll for changes | workflow (watch_define) |
workflow runs standalone for API pattern replay, credential storage, watches, and transform pipelines. It pairs naturally with the rest of the CPC stack when you want end-to-end automation.
- Pair with hands for browser-side discovery (
browser_learn_apicaptures the network traffic that workflow then stores and replays). - Pair with local when pipelines need local shell, file, or transform steps between API calls.
- Pair with manager to wrap workflow's replay tools in delegated tasks with breadcrumb tracking.
Host clients: Claude Desktop (claude_desktop_config.json), Claude Code (~/.claude/mcp.json), OpenAI Codex CLI, Gemini CLI, or any MCP-compatible host. The skill file at skills/workflow.md works standalone too — load it as an Anthropic skill for no-server behavioral guidance (planning, review, discipline reminders).
Turn on tools always loaded in Claude's tool settings. Workflow exposes 37 tools across 7 modules — API patterns, credentials, transforms, watches, workflows, flows — and first-run discovery can miss subsets if lazy-loading is on. Always-loaded makes the full surface visible immediately.
Most workflow failures happen when a stored pattern drifts from the live service. The tools try to detect this and point you back to the right recovery path:
- Stored API pattern expired (401/403) —
api_callresponse includes afallback_hintpointing back to hands for re-discovery. Re-auth in the browser,credential_storethe new token, and the same pattern works again. - Endpoint moved or schema changed —
api_callreturns a non-auth error (404, 400, unexpected shape). The pattern itself is stale; re-runbrowser_learn_apion the updated flow and overwrite withapi_store. - Keyring unavailable (Linux headless) —
credential_storerefuses to store unencrypted secrets on Linux without Secret Service. Install a keyring backend or mark the environment dev-only. - Transform pipeline silently drops fields — usually a
pickstage with a wrong key. Usepipe_testto run the pipeline against a sample payload and inspect each stage's output. - Workflow chain stuck —
workflow_runreturns an execution plan, not results. If a step never executes, confirm the host session is actually dispatching the plan's tool calls.
Apache 2.0 — see LICENSE.
Issues welcome; PRs considered but this is primarily maintained as part of the CPC stack.
Joseph Wander — josephwander@gmail.com GitHub: github.com/AIWander