The AmpliFlow MCP server now lets AI assistants work with much more of AmpliFlow. If you connect ChatGPT, Claude, Copilot Studio, or another MCP client to your tenant, the assistant can now help in more real workflows, from projects and tasks to risks, processes, controls, and business records.

This update also makes the hosted connection easier to trust. It is clearer which tools an assistant can use, easier to reconnect after a restart, and safer to run MCP in environments where several clients connect.

What’s new

AI assistants can work with many more AmpliFlow workflows through MCP. The MCP server now covers more of AmpliFlow, including projects, tasks, comments, task files, subtasks, blockers, milestones, tags, project files, and project discussions.
More management-system workflows can be handled by an assistant. MCP support now also includes goals with measurements, processes and process steps, checklists, risks, improvements, controls with evidence files and SoA export, news, and custom lists.
Compliance and business records have broader MCP support. Assistants can now read and, when write mode is enabled, update more records for legal requirements, customer requirements, training plans, environmental aspects, suppliers, stakeholders, customers, and items.
Project lists can be filtered to favorite projects. MCP clients can ask for only favorite projects when the user wants to work in their closest project view.
OAuth setup is smoother. You can connect with a short tenant name, a custom hostname, or a full HTTPS tenant URL. That removes some avoidable setup friction when you connect a new MCP client.
Hosted MCP connections survive restarts better. OAuth sessions and client registrations are saved, so a hosted connection can reconnect after a restart without forcing the user to restart registration.

Improvements

Read-only mode is stricter when it is enabled. This is not a new default mode. A deployment can start the MCP connection in read-only mode when the assistant should only read. In that mode, write tools such as create, update, archive, and delete are not shown to the client, while list, show, and search tools remain available.
MCP clients get clearer responses. Many tools now return structured responses while keeping the previous text JSON version. This helps clients such as ChatGPT, Claude, and Copilot Studio understand the result and continue correctly.
The tool list describes safety more clearly. Every MCP tool has clearer names, descriptions, and safety markings for reading, writing, deleting, and local file access. That makes it easier for clients and administrators to understand what an assistant can do.
Project and task actions are safer. MCP references for tasks, blockers, tags, milestones, and related project actions are checked inside the same project. That reduces the risk of an assistant changing the wrong record.
MCP references are clearer to reuse. The client should reuse the exact reference returned by a list or search tool, instead of treating it as a row number. That makes follow-up actions more predictable.
Hosted MCP access is safer by default. Unauthenticated public HTTP requests now fail closed unless a deployment explicitly opts into a shared fallback. Malformed or expired bearer tokens do not fall back to shared credentials.
Local identity stays local. The tool that reads the local agent identity is shown only in local stdio sessions. Hosted OAuth sessions still show user lists, but they do not ask the user to run local configuration commands.
MCP works better with more HTTP clients. The server now accepts JSON content type with normal parameters, such as charset=utf-8, which some clients send.
Operational logs contain less personal information. MCP logs use one-way identifiers instead of raw email addresses and raw session IDs.

Fixed bugs

Dynamic client registrations remain after restarts. Hosted clients no longer need to register again only because the server restarted.
The OAuth flow shows permissions more clearly. Users get better information about what the MCP connection can do before they approve the connection.
OAuth clients are bound more clearly to their redirect addresses. This reduces mix-ups when several clients or environments are in use.
MCP tasks handle files and details more completely. Assistants can now list, upload, and delete task files, and processes can be shown with more of their detail information.

One compatibility question we are looking at now is Microsoft Copilot Studio. In our tests, we need to account for Copilot Studio currently limiting an MCP connection to 70 tools, so we are looking at smarter ways to package AmpliFlow’s tools for that environment. If you have ideas or concrete Copilot Studio scenarios, please tell support.

Related updates: the previous changelog added custom controls, calendar input for time reporting, and faster project work. The next changelog continued with faster timesheets, clearer AmpliFlow Box logs, and better barcode validation.

If you want help connecting AmpliFlow to your AI assistant, contact support.

This page is also available in Swedish.