Railway MCP Server
MCP server for managing Railway projects, services, deployments, environments, and variables via the Railway CLI
Score Breakdown
Server Info
- Package
- @railway/mcp-server
- Registry
- npm
- Repository
- railwayapp/railway-mcp-server
- Maintainer
- RailwayVendor
- Category
- Cloud & Infrastructure
- Tags
- paasdeploymenthosting
- Last Scanned
- 7 Apr 2026
Findings
5 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport via StdioServerTransport. Auth is delegated entirely to the Railway CLI - the server reads the token from ~/.railway/config.json (written by `railway login`). No env vars are directly consumed by the MCP server itself. The Railway API token is read from the CLI config file for G... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUM2 of 14 tools have no input schema
Tools use Zod schemas passed as inputSchema objects. Two tools (check-railway-status, list-projects) have empty schemas (no parameters). list-deployments has limit constraint (min: 1, max: 1000). get-logs has enum constraint on logType ('build' | 'deploy'). Most parameters are simple strings without validation constraints. No dangerous execution surfaces - all operations go through the Railway CLI.
Define JSON Schema with explicit types for all tool parameters.
MEDIUMOnly 2 of 12 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Data Exposure
MEDIUM3 list operations lack pagination
list-deployments has a limit parameter (default 20, max 1000) and json flag for structured output. list-projects, list-services, and list-variables return all results without pagination. get-logs supports a lines parameter and filter parameter (requires CLI v4.9.0+). No field selection support.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
14 total| Name | Description | Risk |
|---|---|---|
| check-railway-status | Check whether the Railway CLI is installed and if the user is logged in. | read |
| list-projects | List all Railway projects for the currently logged in account | read |
| list-services | List all services for the currently linked Railway project | read |
| list-deployments | List deployments for a Railway service with IDs, statuses and other metadata. Requires Railway CLI v4.10.0+. | read |
| list-variables | Show variables for the active environment | read |
| get-logs | Get build or deployment logs for the currently linked Railway project. | read |
| deploy | Upload and deploy from the current directory. Supports CI mode, environment, and service options. | write |
| deploy-template | Search and deploy Railway templates. This tool will search for templates using fuzzy search and automatically deploy the selected template. | write |
| create-project-and-link | Create a new Railway project and link it to the current directory | write |
| create-environment | Create a new Railway environment for the currently linked project. Optionally duplicate an existing environment and set service variables. | write |
| set-variables | Set environment variables for the active environment | write |
| generate-domain | Generate a domain for the currently linked Railway project. | write |
| link-environment | Link to a specific Railway environment. | write |
| link-service | Link a service to the current Railway project. | write |
Deploy Railway MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow