This enhanced MCP server enables AI clients to securely interact with any GraphQL API through two main tools:
query-graphql: Execute GraphQL queries and mutations (mutations disabled by default, enable viaALLOW_MUTATIONSenvironment variable) with support for variables and dynamic authentication headers passed at runtimeintrospect-schema: Retrieve GraphQL schemas with optional filtering by type names (e.g.,["Query", "User"]) to reduce LLM context noise
Key Features:
Dynamic Authentication: Pass Authorization headers and API keys directly via tool arguments without server restarts
Multiple Schema Sources: Works with live endpoints, local schema files, or remote schema URLs
Robust Error Handling: Fixes common GraphQL variable parsing issues for better interoperability
MCP Compatibility: Drop-in replacement for
mcp-graphqlsupporting Claude Desktop, Cursor, and GlamaFlexible Deployment: Supports npx, Docker, and local Node.js execution
Provides tools for executing GraphQL queries and introspecting schemas against any GraphQL endpoint, with support for dynamic headers, filtered schema introspection, and configurable mutation controls
mcp-graphql-enhanced
An enhanced MCP (Model Context Protocol) server for GraphQL that fixes real-world interoperability issues between LLMs and GraphQL APIs.
Drop-in replacement for
mcp-graphql— with dynamic headers, robust variables parsing, and zero breaking changes.
✨ Key Enhancements
✅ Dual Transport — Supports both STDIO (for local CLI/client tools) and HTTP/JSON-RPC (for external/browser clients).
✅ Dynamic headers — pass
Authorization,X-API-Key, etc., via tool arguments (no config restarts)✅ Robust variables parsing — fixes
“Query variables must be a null or an object”error✅ Filtered introspection — request only specific types (e.g.,
typeNames: ["Query", "User"]) to reduce LLM context noise✅ Full MCP compatibility — works with Claude Desktop, Cursor, Glama
✅ Secure by default — mutations disabled unless explicitly enabled
💻 HTTP / Dual Transport
This server now runs in dual transport mode, supporting both the standard STDIO communication (used by most MCP clients) and a new HTTP JSON-RPC endpoint on port 6274.
This allows external systems, web applications, and direct curl commands to access the server's tools.
Endpoint | Method | Description |
|
| The main JSON-RPC endpoint for tool execution. |
|
| Simple health check, returns
. |
Resolving Port Conflicts (EADDRINUSE) and Automatic Port Selection
The server defaults to port 6274. If you encounter an EADDRINUSE: address already in use :::6274 error (common in local development due to stale processes), the server will automatically increment the port and retry (e.g., bind to 6275, then 6276, etc., up to 5 times).
This ensures the server starts successfully even when the default is blocked. Always check the server logs for the final bound port (e.g., [HTTP] Started server on http://localhost:6275) if your curl or client tool fails on the default 6274.
To force a specific port (e.g., for guaranteed external firewall settings), you can still explicitly set the MCP_PORT environment variable:
Testing the HTTP Endpoint
You can test the endpoint using curl as long as the server is running (e.g., via npm run dev):
🔍 Filtered Introspection (New!)
Avoid 50k-line schema dumps. Ask for only what you need:
@introspect-schema typeNames ["Query", "User"]
🔍 Debug & Inspect
Use the official MCP Inspector to test your server live:
Environment Variables (Breaking change in 1.0.0)
Note: As of version 1.0.0, command line arguments have been replaced with environment variables.
Environment Variable | Description | Default |
| GraphQL endpoint URL |
|
| JSON string containing headers for requests |
|
| Enable mutation operations (disabled by default) |
|
| Name of the MCP server |
|
| Path to a local GraphQL schema file or URL (optional) | - |
| Port for the HTTP/JSON-RPC server. |
|
Examples
🖥️ Claude Desktop Configuration Examples
You can connect Claude Desktop to your GraphQL API using either the npx package (recommended for simplicity) or the Docker image (ideal for reproducibility and isolation).
✅ Option 1: Using npx
🐳 Option 2: Using Docker (auto-pull supported)
🧪 Option 3: Using node with local build (for development)
If you’ve cloned the repo and built the project (npm run build → outputs to dist/):
Resources
graphql-schema: The server exposes the GraphQL schema as a resource that clients can access. This is either the local schema file, a schema file hosted at a URL, or based on an introspection query.
Available Tools
The server provides two main tools:
introspect-schema: This tool retrieves the GraphQL schema or a filtered subset (via typeNames). Use this first if you don't have access to the schema as a resource. This uses either the local schema file, a schema file hosted at a URL, or an introspection query. Filtered introspection (typeNames) is only available when using a live GraphQL endpoint (not with SCHEMA file or URL).
query-graphql: Execute GraphQL queries against the endpoint. By default, mutations are disabled unless
ALLOW_MUTATIONSis set totrue.
Security Considerations
Mutations are disabled by default to prevent unintended data changes. Always validate HEADERS and SCHEMA inputs in production. Use HTTPS endpoints and short-lived tokens where possible.
Customize for your own server
This is a very generic implementation where it allows for complete introspection and for your users to do whatever (including mutations). If you need a more specific implementation I'd suggest to just create your own MCP and lock down tool calling for clients to only input specific query fields and/or variables. You can use this as a reference.