Railway MCP Server
MCP server for managing Railway projects, services, deployments, environments, and variables via the Railway CLI
Score Breakdown
Server Info
- Package
- @railway/mcp-server
- Registry
- npm
- Repository
- railwayapp/railway-mcp-server
- Maintainer
- RailwayVendor
- Category
- Cloud & Infrastructure
- Tags
- paasdeploymenthosting
- Last Scanned
- 7 Apr 2026
Findings
5 issuesAuthentication & Identity
LOWImplements MCP OAuth spec for per-user authentication
Railway's remote MCP endpoint (mcp.railway.com) requires OAuth browser login; project tokens are no longer accepted. The standalone @railway/mcp-server package was archived 2026-05-23 and is now a compatibility shim delegating to `railway mcp` in the Railway CLI.
Document the required OAuth scopes for each tool.
Tool Schema Quality
MEDIUM2 of 14 tools have no input schema
Tools use Zod schemas passed as inputSchema objects. Two tools (check-railway-status, list-projects) have empty schemas (no parameters). list-deployments has limit constraint (min: 1, max: 1000). get-logs has enum constraint on logType ('build' | 'deploy'). Most parameters are simple strings without validation constraints. No dangerous execution surfaces - all operations go through the Railway CLI.
Define JSON Schema with explicit types for all tool parameters.
MEDIUMOnly 2 of 12 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Data Exposure
MEDIUM3 list operations lack pagination
list-deployments has a limit parameter (default 20, max 1000) and json flag for structured output. list-projects, list-services, and list-variables return all results without pagination. get-logs supports a lines parameter and filter parameter (requires CLI v4.9.0+). No field selection support.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
14 total| Name | Description | Risk |
|---|---|---|
| check-railway-status | Check whether the Railway CLI is installed and if the user is logged in. | read |
| list-projects | List all Railway projects for the currently logged in account | read |
| list-services | List all services for the currently linked Railway project | read |
| list-deployments | List deployments for a Railway service with IDs, statuses and other metadata. Requires Railway CLI v4.10.0+. | read |
| list-variables | Show variables for the active environment | read |
| get-logs | Get build or deployment logs for the currently linked Railway project. | read |
| deploy | Upload and deploy from the current directory. Supports CI mode, environment, and service options. | write |
| deploy-template | Search and deploy Railway templates. This tool will search for templates using fuzzy search and automatically deploy the selected template. | write |
| create-project-and-link | Create a new Railway project and link it to the current directory | write |
| create-environment | Create a new Railway environment for the currently linked project. Optionally duplicate an existing environment and set service variables. | write |
| set-variables | Set environment variables for the active environment | write |
| generate-domain | Generate a domain for the currently linked Railway project. | write |
| link-environment | Link to a specific Railway environment. | write |
| link-service | Link a service to the current Railway project. | write |
Deploy Railway MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow