LaunchDarkly MCP Server
Official LaunchDarkly MCP server for managing feature flags, AI configs, environments, and code references
Score Breakdown
Server Info
- Package
- @launchdarkly/mcp-server
- Registry
- npm
- Repository
- launchdarkly/mcp-server
- Maintainer
- LaunchDarklyVendor
- Category
- Developer Tools
- Tags
- feature-flagsrolloutsexperimentation
- Last Scanned
- 7 Apr 2026
Findings
6 issuesAuthentication & Identity
MEDIUMHTTP/SSE transport supports per-request credentials
Supports stdio and SSE transports. API key passed via --api-key CLI flag or environment variable. SSE transport uses Express with /sse and /message endpoints. No MCP OAuth implementation. Scopes ('read', 'write') control which tools are registered but this is a server-side configuration, not per-request auth.
Implement the MCP OAuth spec so users authenticate directly without platform mediation.
Tool Schema Quality
MEDIUMOnly 0 of 19 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
MEDIUM3 list operations lack pagination
List tools (list-feature-flags, list-ai-configs, get-environments) use the underlying LaunchDarkly API pagination but do not expose pagination controls to the LLM. The API may return paginated results internally but the MCP tool returns the full response as-is. No field selection support. Full records are returned in all responses.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
MEDIUM15 dependency vulnerabilities (9 high)
npm audit found 9 high severity CVEs.
Update vulnerable dependencies.
Tools
19 total| Name | Description | Risk |
|---|---|---|
| get-code-references | Identifies which repositories have code references to a given flag, helping agents determine if they're operating on the correct repository and understand the scope of cleanup (single vs multi-repo). | read |
| get-flag-status-across-environments | Returns lifecycle status (new, active, inactive, launched) based on actual usage patterns, evaluation counts, and configuration stability. This is the key intelligence for removal readiness assessment. | read |
| list-feature-flags | Retrieves all feature flags within a project, including metadata and targeting rules. Enables AI agents to enumerate existing flags for inspection, configuration analysis, or generating flag usage reports across environments. | read |
| create-feature-flag | Creates a new feature flag within a project. AI agents can use this operation to define feature toggles for controlled rollouts, experimentation, or gated features, automating the flag setup process. | write |
| get-feature-flag | Fetches the full configuration for a specific feature flag, including environments, variations, and targeting rules. Useful for agents auditing or managing specific feature toggles in a detailed, contextual manner. | read |
| update-feature-flag | Updates the configuration of an existing feature flag. Enables agents to change targeting rules, modify variations, or adapt rollout strategies dynamically in response to user behavior or experiment results. | write |
| delete-feature-flag | Removes a feature flag from the project. Used by AI agents to clean up deprecated toggles that are no longer in use, improving system hygiene and maintainability. | admin |
| get-environments | Identifies which environments exist in a project and determines which are marked as "critical" (production, staging, etc.). Allows agents to programmatically identify critical environments instead of hardcoding assumptions. | read |
| get-ai-config-targeting | Retrieves the targeting details of a specific AI Config, including individual targets, rules, and rollouts. | read |
| update-ai-config-targeting | Updates the targeting of an existing AI Config. | write |
| list-ai-configs | Retrieves AI configuration settings for a specific project. This endpoint allows agents to access and modify AI-related configurations, ensuring that the AI's behavior aligns with project requirements and user expectations. | read |
| create-ai-config | Creates a new AI Config within a project. Useful for setting up LLM configurations programmatically. | write |
| delete-ai-config | Deletes an AI Config and its associated variations. Intended for cleanup or deprecation workflows. | admin |
| get-ai-config | Retrieves details of a specific AI Config, including variations and model settings. | read |
| update-ai-config | Updates metadata or configuration of an existing AI Config. | write |
| create-ai-config-variation | Adds a new variation to an AI Config, supporting experimentation or multi-model strategies. | write |
| delete-ai-config-variation | Deletes an AI Config variation. | admin |
| get-ai-config-variation | Retrieves an AI configuration variation. | read |
| update-ai-config-variation | Updates a specific variation within an AI Config. Enables fine-tuned control of model behavior. | write |
Deploy LaunchDarkly MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow