This document covers the system for extending Sim with custom-defined tools and Model Context Protocol (MCP) integrations. It explains how users create custom JavaScript tools, how MCP servers are connected for external tool discovery, and how both types integrate into the unified tool execution framework.
For information about built-in tools and the core tool registry, see Tool Registry System. For details on how agents select and invoke tools, see Agent Block.
Sim supports three categories of tools for workflow execution:
| Tool Type | Description | Discovery Method | Execution Path |
|---|---|---|---|
| Built-in | 200+ pre-defined integrations | Static registry | Direct HTTP or directExecution |
| Custom | User-defined functions | Database (custom_tools table) | /api/function/execute with VM isolation |
| MCP | External tools via protocol | Runtime discovery | /api/mcp/serve/[serverId] with server proxy |
All types conform to the ToolConfig interface apps/sim/tools/types.ts85-178 and are executed through the unified executeTool function apps/sim/tools/index.ts251-500
Sources: apps/sim/tools/index.ts16-34 apps/sim/lib/mcp/service.ts174-222
Custom tools execute code in a secure, sandboxed environment. The system supports execution engines based on code requirements:
isolated-vm library for high-performance local sandboxing.npm modules or complex system dependencies.The diagram below bridges the user's intent to the underlying execution entities.
Title: Custom Tool Execution Flow
Sources: apps/sim/app/api/wand/route.ts159-221 apps/sim/tools/index.ts251-300 apps/sim/tools/index.test.ts119-146
To prevent VM escapes and SSRF, the execution pipeline implements several layers of protection:
injectHostedKeyIfNeeded apps/sim/tools/index.ts49-137validateUrlWithDNS apps/sim/tools/index.ts8-10getHostedKeyRateLimiter to prevent abuse apps/sim/tools/index.ts81-117For details, see Custom Tool Creation.
Sim implements the Model Context Protocol (MCP) to allow workflows to interact with external tool servers. The McpService manages the lifecycle of these connections apps/sim/lib/mcp/service.ts37-51
streamable-http (MCP 2025-06-18) and protocol versions back to 2024-11-05 apps/sim/lib/mcp/client.ts47-51McpCacheStorageAdapter with a timeout defined in MCP_CONSTANTS.CACHE_TIMEOUT apps/sim/lib/mcp/service.ts38-40isMcpDomainAllowed apps/sim/lib/mcp/service.ts103-105This diagram illustrates how a natural language request is proxied through the MCP service to an external provider.
Title: MCP Proxy Architecture
Sources: apps/sim/lib/mcp/service.ts174-222 apps/sim/lib/mcp/client.ts200-240 apps/sim/app/api/mcp/serve/[serverId]/route.ts:123-202
For details, see MCP Tool Integration.
Tools define their inputs using a structured schema that determines visibility and validation rules.
user-or-llm, user-only, llm-only, or hidden apps/sim/tools/types.ts54-59string, number, boolean, json, file, array, and object apps/sim/tools/types.ts32-40For details, see Tool Parameter Schemas.
At runtime, tool schemas can be enriched based on the execution context.
Sources: apps/sim/tools/types.ts206-237 apps/sim/tools/index.ts17-34
For details, see Dynamic Schema Enrichment.
Refresh this wiki