Skip to main content
hc
Submit
mcpSource-backedReview first Safety Privacy

RAGFlow MCP Server for Claude

Connect Claude to a running RAGFlow deployment through its built-in MCP server, so agents can retrieve grounded chunks from selected datasets using RAGFlow's DeepDoc-powered retrieval pipeline.

by InfiniFlow·added 2026-06-18·
Claude CodeCursorClaude Desktop
HarnessClaude CodeCursorClaude Desktop
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • The MCP server runs alongside a live RAGFlow deployment; keep it bound to localhost unless you have reviewed network exposure and authentication controls.
  • RAGFlow documents that its API-key authentication is a makeshift early-stage MCP approach and recommends binding local SSE servers to 127.0.0.1 instead of 0.0.0.0 in public environments.
  • In host mode, each client request must include a valid API key; in self-host mode, the server API key determines which tenant datasets can be accessed.
  • Retrieval results can influence downstream agent answers, so verify dataset scope, chunking quality, and source citations before using results in production decisions.

Privacy notes

  • Dataset names, dataset IDs, document IDs, retrieved chunks, questions, metadata, and source text can be surfaced to the MCP client and model provider.
  • RAGFlow datasets may contain internal documents, PDFs, spreadsheets, scanned files, customer data, credentials, or regulated information; restrict dataset IDs to the task.
  • Keep RAGFlow API keys out of prompts, commits, screenshots, logs, and shared support messages.
  • If the server is exposed beyond localhost, network logs and MCP request bodies may reveal dataset inventory and retrieval prompts.

Prerequisites

  • A working RAGFlow v0.18.0 or later deployment.
  • A RAGFlow API key.
  • Dataset IDs, and optionally document IDs, that the MCP client is allowed to query.
  • For source launch: Python 3.13 and uv in the RAGFlow checkout.
  • For Docker launch: Docker Compose and the RAGFlow MCP server command enabled in docker-compose.yml.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
20 minutes
Difficulty
intermediate
Tool listing metadata
Full copyable content
{
  "mcpServers": {
    "ragflow": {
      "type": "http",
      "url": "http://127.0.0.1:9382/mcp",
      "headers": {
        "Authorization": "YOUR_RAGFLOW_API_KEY"
      }
    }
  }
}

About this resource

Overview

RAGFlow includes an MCP server that runs as an optional component next to a working RAGFlow deployment. It gives MCP clients such as Claude access to RAGFlow retrieval over selected datasets, using RAGFlow's DeepDoc-powered document parsing and retrieval pipeline.

The current MCP surface is intentionally focused: it exposes retrieval over dataset_ids and optional document_ids for a user-provided question. That makes it a good fit for agents that need grounded chunks from an existing RAGFlow knowledge base without giving the agent broad control over the rest of the RAGFlow application.

How It Works

The RAGFlow MCP server is designed as an independent component that complements the main RAGFlow server. It must run alongside a functioning RAGFlow deployment.

RAGFlow documents two launch modes:

Mode Authentication Model Dataset Scope
self-host MCP server starts with a RAGFlow API key The server can access datasets for the specified tenant
host Each MCP client request includes an API key Each client accesses its own RAGFlow datasets

The server supports the legacy SSE endpoint at /sse and streamable HTTP at /mcp. RAGFlow notes that host mode currently requires disabling streamable HTTP, so prefer self-host mode for streamable HTTP client setups unless your deployment has tested a different configuration.

Tool

RAGFlow currently documents one specialized MCP retrieval tool:

Tool Purpose Inputs
ragflow_retrieval / retrieve Fetch relevant chunks from the RAGFlow retrieve interface question, dataset_ids, optional document_ids

The tool description includes available dataset IDs and descriptions so the client can decide which datasets are relevant to a question.

Launch From Source

Run from a RAGFlow checkout with a working RAGFlow server:

uv run mcp/server/server.py \
  --host=127.0.0.1 \
  --port=9382 \
  --base-url=http://127.0.0.1:9380 \
  --api-key=ragflow-xxxxx

Host mode is available when each MCP client should provide its own key:

uv run mcp/server/server.py \
  --host=127.0.0.1 \
  --port=9382 \
  --base-url=http://127.0.0.1:9380 \
  --mode=host

Launch With Docker

RAGFlow's Docker workflow requires enabling the MCP server command in docker/docker-compose.yml. The documented configuration includes:

command:
  - --enable-mcpserver
  - --mcp-host=0.0.0.0
  - --mcp-port=9382
  - --mcp-base-url=http://127.0.0.1:9380
  - --mcp-script-path=/ragflow/mcp/server/server.py
  - --mcp-mode=self-host
  - --mcp-host-api-key=ragflow-xxxxxxx

For safer local development, bind the MCP host to 127.0.0.1 unless another host is explicitly required and protected.

Client Configuration

For streamable HTTP clients, point the MCP client at the local /mcp endpoint:

{
  "mcpServers": {
    "ragflow": {
      "type": "http",
      "url": "http://127.0.0.1:9382/mcp",
      "headers": {
        "Authorization": "YOUR_RAGFLOW_API_KEY"
      }
    }
  }
}

For legacy SSE clients, RAGFlow's client examples use http://127.0.0.1:9382/sse and pass the API key in either an api_key header or an Authorization header.

Use Cases

  • Let Claude answer implementation questions from a private RAGFlow dataset.
  • Retrieve chunks from a curated support, legal, or operations knowledge base.
  • Query only approved dataset IDs instead of exposing every document in a RAGFlow deployment.
  • Test dataset chunking and retrieval quality before wiring RAGFlow into broader agent workflows.
  • Keep RAG search local to an existing self-hosted RAGFlow stack.

Safety and Privacy

RAGFlow MCP is retrieval-focused, but the retrieved content can still be highly sensitive. Scope dataset IDs deliberately, keep API keys outside prompts, and avoid exposing the MCP server on public interfaces without additional network controls. When using retrieved chunks in generated answers, preserve citations and verify that the dataset actually supports the claim.

Source Verification Notes

Verified on 2026-06-18:

  • RAGFlow's MCP launch documentation confirms source and Docker launch paths, self-host and host modes, v0.18.0+ prerequisite, API-key behavior, /sse and /mcp transports, and network-exposure guidance.
  • RAGFlow's MCP tools documentation confirms the retrieval-focused MCP tool for fetching relevant chunks from specified dataset IDs and optional document IDs.
  • RAGFlow's MCP client examples document API-key headers, SSE initialization, tool listing, and a ragflow_retrieval tool call.
  • The upstream infiniflow/ragflow repository is Apache-2.0 licensed and contains the mcp implementation directory.
#ragflow#rag#retrieval#deepdoc#datasets#self-hosted#knowledge-base

Source citations

Add this badge to your README

Show that RAGFlow MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/ragflow-mcp-server.svg)](https://heyclau.de/entry/mcp/ragflow-mcp-server)

How it compares

RAGFlow MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldRAGFlow MCP Server for Claude

Connect Claude to a running RAGFlow deployment through its built-in MCP server, so agents can retrieve grounded chunks from selected datasets using RAGFlow's DeepDoc-powered retrieval pipeline.

Open dossier 		Agentset MCP Server

Official Agentset MCP server that lets Claude retrieve cited knowledge-base results from an Agentset namespace through the `knowledge-base-retrieve` tool, with optional tenant scoping and custom tool descriptions.

Open dossier 		Vectara MCP Server for Claude

Query your Vectara RAG corpora from Claude — ask grounded questions with full answer generation, run semantic search to retrieve ranked document chunks, and detect and correct hallucinations using Vectara's Hallucination Correction API — with the official Vectara MCP server.

Open dossier 		Apify MCP Server

Official Apify MCP server for connecting Claude to Apify Actors, Actor runs, datasets, key-value stores, and Apify documentation through hosted Streamable HTTP or local stdio transports.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorInfiniFlowAgentsetVectaraApify
Added2026-06-182026-06-062026-06-182026-06-06
Platforms
Claude CodeCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesThe MCP server runs alongside a live RAGFlow deployment; keep it bound to localhost unless you have reviewed network exposure and authentication controls. RAGFlow documents that its API-key authentication is a makeshift early-stage MCP approach and recommends binding local SSE servers to 127.0.0.1 instead of 0.0.0.0 in public environments. In host mode, each client request must include a valid API key; in self-host mode, the server API key determines which tenant datasets can be accessed. Retrieval results can influence downstream agent answers, so verify dataset scope, chunking quality, and source citations before using results in production decisions.The MCP server sends Claude's retrieval queries to the Agentset API using the configured API key and namespace. The `knowledge-base-retrieve` tool can return up to 100 results per call and can rerank results by relevance. Namespace and tenant selection control which indexed documents are searchable; review them before connecting a shared agent. API keys should be scoped, rotated, and stored only in the MCP server environment or a secret manager. Custom tool descriptions can influence when the model calls the retrieval tool, so review them before use in production workflows.The `ask_vectara` and `search_vectara` tools query your configured corpus — they are read-only operations against your indexed documents. `setup_vectara_api_key` and `clear_vectara_api_key` modify the in-session API key state; these do not write to disk.Apify MCP can run Apify Actors that browse, scrape, crawl, automate websites, call third-party services, and produce billable Actor runs. The hosted server supports OAuth and bearer-token authentication; local stdio uses APIFY_TOKEN in the MCP client environment. Actor tools can access external websites and may trigger anti-abuse systems, platform-policy violations, rate limits, or paid usage. The server exposes run, dataset, key-value store, and abort tools when Actor workflows are enabled. Agentic payments can fund Actor runs through x402 USDC on Base or Skyfire PAY tokens, so spending limits and human approval should be enforced outside the model. Telemetry is enabled by default for tool calls, and the stdio transport uses Sentry for error tracking unless telemetry is opted out.
Privacy notesDataset names, dataset IDs, document IDs, retrieved chunks, questions, metadata, and source text can be surfaced to the MCP client and model provider. RAGFlow datasets may contain internal documents, PDFs, spreadsheets, scanned files, customer data, credentials, or regulated information; restrict dataset IDs to the task. Keep RAGFlow API keys out of prompts, commits, screenshots, logs, and shared support messages. If the server is exposed beyond localhost, network logs and MCP request bodies may reveal dataset inventory and retrieval prompts.Retrieved chunks can include private documents, product specs, policies, support content, internal procedures, historical project information, or customer-specific data. Retrieval queries, namespace IDs, tenant IDs, document chunks, citations, and tool outputs may be visible to the MCP client, model provider, Agentset logs, and application telemetry. Tenant IDs are useful for data segregation, but incorrect tenant or namespace configuration can expose the wrong knowledge base. Do not paste API keys, namespace IDs, tenant IDs, or retrieved private chunks into shared issue reports, screenshots, or repository files.Document chunks retrieved from your Vectara corpus are surfaced in Claude's context — ensure your corpus does not contain sensitive data you don't want in the AI's context window. Your `VECTARA_API_KEY` is used to authenticate all queries — keep it in the MCP config env.Actor inputs and requests are sent to the Apify API for execution, and returned datasets or key-value store records can contain scraped personal data, customer records, credentials, contact details, private URLs, or regulated information. APIFY_TOKEN, OAuth tokens, Skyfire API keys, wallet private keys, payment IDs, dataset IDs, key-value store keys, and Actor run IDs should not be pasted into prompts, issues, logs, screenshots, or committed files. Search, maps, social, ecommerce, and browser Actors can collect third-party content that may be subject to site terms, privacy law, copyright, or data-retention obligations. Telemetry and Sentry error tracking should be reviewed before using the local stdio server with sensitive prompts, Actor inputs, or operational data.
Prerequisites
  • A working RAGFlow v0.18.0 or later deployment.
  • A RAGFlow API key.
  • Dataset IDs, and optionally document IDs, that the MCP client is allowed to query.
  • For source launch: Python 3.13 and uv in the RAGFlow checkout.
  • Agentset account or self-hosted Agentset deployment with a populated namespace.
  • Agentset API key with access to the namespace Claude should query.
  • Node.js 18.17 or newer for running the `@agentset/mcp` package.
  • Namespace ID selected with `--ns` or `AGENTSET_NAMESPACE_ID`.
  • A Vectara account — sign up at vectara.com.
  • A Vectara API key with query permissions on your target corpus.
  • A Vectara corpus created and populated with documents.
  • Python with `uvx` available.
  • Node.js 22 or newer available in the MCP client runtime for local stdio usage.
  • Apify account, OAuth session, API token, x402 wallet, or Skyfire payment setup depending on the chosen transport and payment mode.
  • Explicit tool selection for production use, because the default tool configuration may change in future versions.
  • Team approval policy for Actor runs, paid scraping workflows, agentic payments, dataset access, and aborting active runs.
Install
uv run mcp/server/server.py --host=127.0.0.1 --port=9382 --base-url=http://127.0.0.1:9380 --api-key=ragflow-xxxxx
Run `npx @agentset/mcp --ns <namespace-id>` with `AGENTSET_API_KEY` set in the MCP server environment.
claude mcp add vectara -e VECTARA_API_KEY=<your-api-key> -- uvx vectara-mcp --stdio
npx @apify/actors-mcp-server --tools actors,docs,apify/rag-web-browser
Config
{
  "mcpServers": {
    "ragflow": {
      "type": "http",
      "url": "http://127.0.0.1:9382/mcp",
      "headers": {
        "Authorization": "YOUR_RAGFLOW_API_KEY"
      }
    }
  }
}
{
  "mcpServers": {
    "agentset": {
      "command": "npx",
      "args": ["-y", "@agentset/mcp@latest", "--ns", "ns_xxx"],
      "env": {
        "AGENTSET_API_KEY": "agentset_xxx"
      }
    }
  }
}
{
  "mcpServers": {
    "vectara": {
      "command": "uvx",
      "args": ["vectara-mcp", "--stdio"],
      "env": {
        "VECTARA_API_KEY": "<your-api-key>"
      }
    }
  }
}
{
  "mcpServers": {
    "apify": {
      "command": "npx",
      "args": [
        "-y",
        "@apify/actors-mcp-server",
        "--tools",
        "actors,docs,apify/rag-web-browser"
      ],
      "env": {
        "APIFY_TOKEN": "<your-apify-token>"
      }
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.