feat(backend): embed MCP server in WebApi for Claude Code#456
Open
feat(backend): embed MCP server in WebApi for Claude Code#456
Conversation
Add a dev-only MCP (Model Context Protocol) endpoint at /mcp that gives
Claude Code direct access to the running application through 6 tools:
get-health, query-database, get-schema, list-users, list-jobs, and
trigger-job. All tools reuse existing DI services with zero duplication.
Gated by IsDevelopment() so production builds never expose the endpoint.
The .mcp.json at the project root configures Claude Code to connect
automatically after init scripts replace {INIT_API_PORT}.
fpindej
added
documentation
fpindej
commented
Mar 14, 2026
src/backend/MyProject.Infrastructure/MyProject.Infrastructure.csproj
Outdated
Show resolved
Hide resolved
- Remove InternalsVisibleTo for WebApi from Infrastructure.csproj - Rewrite DatabaseTools to use NpgsqlConnection from connection string instead of DbContext (no Infrastructure internals dependency) - Enforce read-only at database level via SET TRANSACTION READ ONLY (replaces fragile keyword blocklist) - Allow WITH (CTE) queries alongside SELECT - Wrap user SQL in subquery for reliable LIMIT enforcement - Query information_schema for get-schema instead of EF Core model - Stop leaking exception messages (generic error for query failures, boolean hasError for health checks instead of ex.Message) - Restrict MCP endpoint to localhost via RequireHost
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/mcpwith 6 tools (get-health, query-database, get-schema, list-users, list-jobs, trigger-job) that give Claude Code direct access to the running application through the existing DI containerIsDevelopment()so production builds never expose the endpoint.mcp.jsonat project root for automatic Claude Code connection after initBreaking Changes
None
Test Plan
ASPNETCORE_ENVIRONMENT=Productionquery-databaserejects INSERT/UPDATE/DELETE/DROP statementsquery-databaselimits results to 100 rowsdotnet build src/backend/MyProject.slnx && dotnet test src/backend/MyProject.slnx -c Release