Skillget

business-central-mcp

mcp
Guvenlik Denetimi
Uyari
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 30 GitHub stars
Code Uyari
  • network request — Outbound network request in src/connection/auth/ntlm-provider.ts
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is a Model Context Protocol (MCP) server that gives AI assistants direct access to Microsoft Dynamics 365 Business Central. It connects via a reverse-engineered native WebSocket protocol rather than using standard APIs or browser automation, allowing the AI to read and write business data, execute reports, and run page actions just like a human user.

Security Assessment
Overall risk: Medium. The server connects to outbound network locations to authenticate and communicate with your specified Business Central environment, which triggered the network request warning. No dangerous system permissions are requested, and no hardcoded secrets were found in the code. However, the tool handles highly sensitive enterprise resource planning (ERP) data and requires plaintext user credentials (username and password) to be passed directly through environment variables. Furthermore, the connection uses a reverse-engineered, unofficial protocol rather than a supported Microsoft API, meaning standard enterprise auditing or security controls might not capture the AI's actions.

Quality Assessment
The project appears active and well-maintained, with its last code push occurring today. It uses the standard and permissive MIT license, includes a clear description, and shows early positive community traction with 30 GitHub stars. The documentation is thorough, providing straightforward setup instructions and clear expectations of the tool's capabilities.

Verdict
Use with caution: while the code itself is transparent, actively maintained, and safe to run, passing plaintext ERP credentials to an unofficial protocol carries significant enterprise data and access risks that require strict network oversight.
SUMMARY

MCP server for Microsoft Dynamics 365 Business Central via reverse-engineered WebUI protocol. Enables AI assistants like Claude to interact with BC through the native WebSocket interface.

README.md

business-central-mcp

Give AI assistants direct access to Microsoft Dynamics 365 Business Central.
Native WebSocket protocol -- no OData, no APIs, no browser automation.

npm version npm downloads license

Quick start

Add to your Claude Desktop config:

{
  "mcpServers": {
    "business-central": {
      "command": "npx",
      "args": ["-y", "business-central-mcp"],
      "env": {
        "BC_BASE_URL": "http://your-bc-server/BC",
        "BC_USERNAME": "your-user",
        "BC_PASSWORD": "your-password"
      }
    }
  }
}

That's it. The LLM can now open pages, read and write data, run actions, and navigate BC -- just like a human using the web client.

What can it do?

Tool What it does
bc_open_page Open any page by ID -- lists, cards, documents
bc_read_data Read fields, line items, factboxes with filters and paging
bc_write_data Write field values, BC validates and echoes confirmed values
bc_execute_action Post, Release, Delete, Copy Document, any page action
bc_respond_dialog Handle confirmation prompts and request pages
bc_navigate Select rows, drill down into records, field lookups
bc_search_pages Find pages by name via Tell Me
bc_close_page Close a page and free server resources
bc_switch_company Switch to a different company mid-session
bc_list_companies Discover available companies
bc_run_report Execute reports and fill request page parameters

How it works

This server speaks BC's internal WebSocket protocol directly -- the same protocol the browser-based web client uses. It was reverse-engineered from decompiled BC server assemblies. No OData endpoints, no SOAP services, no Selenium.

One WebSocket connection per session. All operations serialized through a promise queue. BC27 and BC28 are wire-compatible.

Page output shape

bc_open_page returns the page as a flat list of sections:

{
  "pageContextId": "session:page:21:abc",
  "pageType": "Card",
  "caption": "Customer Card",
  "isModal": false,
  "sections": [
    { "sectionId": "header",                       "kind": "header",  "fields": [...], "actions": [...] },
    { "sectionId": "factbox:Customer Statistics",  "kind": "factbox", "fields": [...] }
  ]
}

Each section carries its own content shape:

  • Card-style (header on Card pages, factbox, requestPage): fields[] and (for header) actions[]
  • List-style (lines on Documents, header on List pages, repeater subpages): rows[] and totalRowCount

bc_read_data returns a single Section for the requested sectionId (defaults to "header"). The section ID for a FactBox or subpage comes from the bc_open_page response.

Session resilience
  • Automatic reconnect with exponential backoff after session death
  • Handles BC's ~15s NTLM auth slot hold after crashes
  • Auto-dismisses license popups on fresh databases
  • Invoke timeout kills hung sessions and triggers recovery
Environment variables
Variable Default Description
BC_BASE_URL (required) BC server URL
BC_USERNAME (required) BC username
BC_PASSWORD (required) BC password
BC_TENANT_ID default Tenant ID
LOG_LEVEL info debug / info / warn / error
BC_INVOKE_TIMEOUT 30000 Kill session if BC hangs (ms)
BC_RECONNECT_MAX_RETRIES 4 Reconnect attempts
BC_RECONNECT_BASE_DELAY 1000 Backoff base delay (ms)

Development

git clone https://github.com/SShadowS/business-central-mcp
cd business-central-mcp
npm install
npm run start:stdio-direct   # Run from source
npm test                     # 128 unit tests
npm run test:integration     # 103 integration tests against real BC

License

MIT

Yorumlar (0)

Sonuc bulunamadi