mcp-dataverse
mcp
Uyari
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Uyari
- network request — Outbound network request in dist/chunk-6KQIRQNP.js
- network request — Outbound network request in dist/chunk-IA4YDPXM.js
- process.env — Environment variable access in dist/chunk-KJ3HM2VM.js
- process.env — Environment variable access in dist/chunk-OQ46VPYS.js
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This server acts as a bridge between AI clients and the Microsoft Dataverse Web API. It allows AI models to securely read and modify real-time database schemas, metadata, and records using the Model Context Protocol.
Security Assessment
Overall risk: Medium. As an API connector, the tool inherently makes outbound network requests to Microsoft Dataverse endpoints, which is its primary function. It appropriately accesses local environment variables to handle authentication credentials rather than hardcoding secrets. The documentation highlights built-in guardrails for destructive operations and the use of AES-256-GCM encryption for cached tokens. No dangerous system-level permissions or shell command executions were detected. However, because it is designed to read and alter business database records, you are trusting it with highly sensitive organizational data.
Quality Assessment
The project is actively maintained, with recent repository pushes and an automated CI pipeline. It is published under the standard MIT license. However, it currently suffers from very low community visibility with only 7 GitHub stars. This means it has not been widely vetted by the broader developer community. A significant drawback for security auditing is that the automated code checks scanned compiled JavaScript distribution files (`dist/`) rather than readable source code, making independent verification of the encryption and safety claims more difficult.
Verdict
Use with caution — the code appears well-structured with strong security claims, but low community adoption and the inherent risks of granting an AI tool access to modify your database warrant careful internal review before deploying in production.
This server acts as a bridge between AI clients and the Microsoft Dataverse Web API. It allows AI models to securely read and modify real-time database schemas, metadata, and records using the Model Context Protocol.
Security Assessment
Overall risk: Medium. As an API connector, the tool inherently makes outbound network requests to Microsoft Dataverse endpoints, which is its primary function. It appropriately accesses local environment variables to handle authentication credentials rather than hardcoding secrets. The documentation highlights built-in guardrails for destructive operations and the use of AES-256-GCM encryption for cached tokens. No dangerous system-level permissions or shell command executions were detected. However, because it is designed to read and alter business database records, you are trusting it with highly sensitive organizational data.
Quality Assessment
The project is actively maintained, with recent repository pushes and an automated CI pipeline. It is published under the standard MIT license. However, it currently suffers from very low community visibility with only 7 GitHub stars. This means it has not been widely vetted by the broader developer community. A significant drawback for security auditing is that the automated code checks scanned compiled JavaScript distribution files (`dist/`) rather than readable source code, making independent verification of the encryption and safety claims more difficult.
Verdict
Use with caution — the code appears well-structured with strong security claims, but low community adoption and the inherent risks of granting an AI tool access to modify your database warrant careful internal review before deploying in production.
MCP server for Microsoft Dataverse Web API for devs !
README.md
MCP Dataverse
The most complete MCP server for Microsoft Dataverse.
79 tools · 4 resources · 10 guided workflows · Three auth modes
Why MCP Dataverse?
AI agents hallucinate schema, guess column names, and build broken OData queries. This server gives them real-time access to your Dataverse environment — schema, records, metadata, solutions — through the Model Context Protocol.
- Three auth modes — device code (local), client credentials (CI/CD), managed identity (Azure-hosted)
- Works with any MCP client — VS Code, Claude, Cursor, Windsurf, Gemini, Codex CLI
- Atomic tools — each tool does one thing well; the AI picks the right one
- Structured outputs — every response returns
{summary, data, suggestions} - Guardrails — destructive operations require explicit confirmation
- Encrypted tokens — AES-256-GCM cached credentials, never logged
Install
npx mcp-dataverse install
The interactive wizard configures your environment, registers the server in VS Code, and authenticates your Microsoft account in under 2 minutes.
Requires Node.js 20+. For other clients (Claude, Cursor, Windsurf…) see Multi-Client Setup.
Authentication
Three modes — choose based on where the server runs:
| Mode | When to use |
|---|---|
| Device Code (default) | Local development — interactive Microsoft login, token cached on disk |
| Client Credentials | Unattended: CI/CD, Docker, Azure services — authMethod: "client-credentials" + App Registration |
| Managed Identity | Azure-hosted (App Service, Container Apps) — zero secrets, authMethod: "managed-identity" |
Device code quick start: authentication triggers on the first tool call.
- Open
View → Output → MCP— a sign-in code appears - Go to
https://microsoft.com/devicelogin, enter the code, sign in with your work account - Token is cached encrypted — all future starts are silent
For client credentials and managed identity setup, see Authentication docs.
Capabilities
| Category | Count | Description |
|---|---|---|
| Metadata | 9 | Tables, schema, relationships, option sets, entity keys |
| Query | 3 | OData, FetchXML, paginated retrieval |
| CRUD | 6 | Get, create, update, delete, upsert, assign |
| Relations | 4 | Associate, associate bulk, disassociate, query associations |
| Actions & Functions | 6 | Bound/unbound Dataverse actions and functions |
| Batch | 1 | Up to 1000 operations atomically |
| Solutions | 2 | Publish customizations, create sitemap |
| Search | 1 | Full-text Relevance Search |
| Users & Teams | 4 | Users, roles, teams, role assignment |
| RBAC | 7 | Role privileges: list, assign, remove, add, replace, get, team |
| Files | 2 | Upload/download file and image columns |
| Audit & Trace | 3 | Audit log, plugin trace logs, workflow trace logs |
| Annotations | 2 | Notes and file attachments |
| Customization | 4 | Custom actions, plugins, env variables, connection references |
| Attributes | 4 | Create, update, delete columns; lookup column type |
| Schema (write) | 2 | Create custom tables and relationships |
| Record Access | 4 | Check, grant, revoke record sharing; merge records |
| Assistance | 2 | Tool router, tool tags |
| + more | … | Delta sync, impersonation, views, business units, duplicate detection |
HTTP Transport
Run as an HTTP server for multi-client use:
MCP_TRANSPORT=http MCP_HTTP_PORT=3000 MCP_HTTP_SECRET=mysecret node dist/server.js
Connect using VS Code / Copilot with:
{
"servers": {
"dataverse": {
"type": "http",
"url": "http://localhost:3000/mcp",
"headers": {
"Authorization": "Bearer mysecret"
}
}
}
}
Troubleshooting
| Symptom | Fix |
|---|---|
| No sign-in prompt | Open View → Output → MCP — the device code is displayed there |
No MSAL accounts found |
Run npx mcp-dataverse-auth then restart the server |
Authentication timed out |
Restart the MCP server — a fresh code is generated automatically |
| Server not appearing in Agent mode | Run npx mcp-dataverse install or npx mcp-dataverse doctor |
| HTTP errors | Run npx mcp-dataverse doctor to diagnose config and connectivity |
Performance Tip
MCP Dataverse is designed to be comprehensive, but most AI models work best with fewer tools in context. Deselect the tools you don't need in your client's tool picker (e.g. VS Code Chat panel) to keep the agent focused and responsive.
Roadmap
| Version | Feature | Status |
|---|---|---|
| v0.4 | HTTP transport + attribute management + schema consistency | ✅ Released |
| v0.5 | Enterprise auth (Client Credentials, Managed Identity, Entra JWT) | ✅ Released |
| v0.6 | MCP Prompts (5 templates) + MCP Resources (4) | ✅ Released |
| v0.7 | Schema write (create table/relationship) + Record Access (share, merge) | ✅ Released (v0.7.5) |
License
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi