drawio-mcp-server

Provides an MCP (Model Context Protocol) server that generates Draw.io (diagrams.net) diagram XML programmatically. It exposes MCP tools for searching shapes, creating/editing/deleting diagram cells, managing layers/pages/groups, and exporting/importing/clearing diagrams. Supports stdio by default and an HTTP streamable endpoint at /mcp, with a Docker image available.

Evaluated Mar 30, 2026 (21d ago)

Repo ↗ DevTools mcp-server drawio diagrams-net diagram-generation azure-icons tooling deno http-transport stdio-transport xml-export

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

HTTP transport is documented but no authentication/TLS requirements are stated in the README. The server can write diagram XML to local disk when SAVE_DIAGRAMS is enabled (DEV-only, not for production). No details are provided about secrets handling beyond typical env var configuration.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You need an agent-friendly MCP interface to create or modify diagrams as Draw.io XML (including Azure icon-based shapes) using either stdio or an HTTP endpoint.

Avoid When

Avoid using the HTTP transport on untrusted networks without external protections, and avoid enabling the DEV-only SAVE_DIAGRAMS feature in production.

Use Cases

• Generating Azure architecture diagrams and flowcharts from structured inputs
• Automating diagram creation in AI-assisted workflows via MCP-capable clients (Claude Desktop, VS Code, Codex, etc.)
• Programmatically updating diagram elements (nodes/edges), layers, and groups
• Exporting diagrams as Draw.io XML for later rendering in diagrams.net

Not For

• Producing a browser-based interactive diagram editor UI
• Use cases requiring fine-grained authenticated multi-tenant SaaS access (no explicit auth described)
• Environments where writing to local filesystem is disallowed (unless SAVE_DIAGRAMS remains disabled)

Interface

REST API

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Webhooks

Authentication

OAuth: No Scopes: No

No authentication mechanism is described for the HTTP transport in the provided README. Authentication is effectively handled by deployment/runtime choices (e.g., only exposing internally) rather than built-in auth.

Pricing

Free tier: No

Requires CC: No

Open-source project (MIT license referenced). No hosted pricing details provided.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Diagram tools are stateless per call; clients should carry forward the returned diagram_xml between tool calls.
⚠ Batch operations are recommended (pass arrays in a single call) to avoid inefficiency.
⚠ SAVE_DIAGRAMS is DEV-mode only; enabling it in production can create local files and may leak diagram contents to logs/artefacts.

Alternatives

Other MCP servers that generate diagrams (e.g., drawio-mcp referenced in acknowledgements) Draw.io/diagrams.net automation tools that output XML via separate CLIs or scripts General-purpose diagram libraries/renderers that target formats other than Draw.io XML

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for drawio-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.