This enhanced MCP server enables AI clients to securely interact with any GraphQL API through two main tools:
query-graphql: Execute GraphQL queries and mutations (mutations disabled by default, enable viaALLOW_MUTATIONSenvironment variable) with support for variables and dynamic authentication headers passed at runtimeintrospect-schema: Retrieve GraphQL schemas with optional filtering by type names (e.g.,["Query", "User"]) to reduce LLM context noise
Key Features:
Dynamic Authentication: Pass Authorization headers and API keys directly via tool arguments without server restarts
Multiple Schema Sources: Works with live endpoints, local schema files, or remote schema URLs
Robust Error Handling: Fixes common GraphQL variable parsing issues for better interoperability
MCP Compatibility: Drop-in replacement for
mcp-graphqlsupporting Claude Desktop, Cursor, and GlamaFlexible Deployment: Supports npx, Docker, and local Node.js execution
Provides tools for executing GraphQL queries and introspecting schemas against any GraphQL endpoint, with support for dynamic headers, filtered schema introspection, and configurable mutation controls
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-graphql-enhancedintrospect the schema but only show Query and User types"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-graphql-enhanced
An enhanced MCP (Model Context Protocol) server for GraphQL that fixes real-world interoperability issues between LLMs and GraphQL APIs.
Drop-in replacement for
mcp-graphql— with dynamic headers, robust variables parsing, and zero breaking changes.
✨ Key Enhancements
✅ Built-in GraphiQL IDE — Visual playground at http://localhost:MCP_PORT/ (or /graphiql) with pre-configured headers.
✅ Dual Transport — Supports both STDIO (for local CLI/client tools) and HTTP/JSON-RPC (for external/browser clients).
✅ Dynamic headers — pass
Authorization,X-API-Key, etc., via tool arguments (no config restarts)✅ Robust variables parsing — fixes
“Query variables must be a null or an object”error✅ Filtered introspection — request only specific types (e.g.,
typeNames: ["Query", "User"]) to reduce LLM context noise✅ Full MCP compatibility — works with Claude Desktop, Cursor, Glama
✅ Secure by default — mutations disabled unless explicitly enabled
🎨 Visual Command Center (GraphiQL)
Unlike standard MCP servers, this one provides a visual interface for humans. When running with ENABLE_HTTP=true, you can open a full-featured GraphiQL IDE in your browser.
Endpoint:
http://localhost:6274/(or/graphiql)Header Sync: Any headers set in your environment (like GitHub tokens) are automatically injected into the GraphiQL "Headers" tab for immediate testing.
💻 HTTP / Dual Transport
This server now runs in dual transport mode, supporting both the standard STDIO communication (used by most MCP clients) and a new HTTP JSON-RPC endpoint on port 6274.
This allows external systems, web applications, and direct curl commands to access the server's tools with live request logging in your terminal ([HTTP-RPC] logs).
Endpoint | Method | Description |
|
| Human Interface: The visual GraphQL IDE. |
|
| The main JSON-RPC 2.0 endpoint for tool execution. |
|
| Simple health check, returns |
Automatic Port Selection
The server defaults to port 6274. If you encounter an EADDRINUSE error, the server will automatically find the next available port. Check the server logs for the final bound port (e.g., [HTTP] Started server on http://localhost:6275).
Resolving Port Conflicts (EADDRINUSE) and Automatic Port Selection
The server defaults to port 6274. If you encounter an EADDRINUSE: address already in use :::6274 error (common in local development due to stale processes), the server will automatically find the next available port (up to 10 attempts, not spawning multiple servers).
This ensures the server starts successfully even when the default is blocked. Always check the server logs for the final bound port (e.g., [HTTP] Started server on http://localhost:6275) if your curl or client tool fails on the default 6274.
To force a specific port (e.g., for guaranteed external firewall settings), you can still explicitly set the MCP_PORT environment variable:
Testing the HTTP Endpoint
You can test the endpoint using curl as long as the server is running (e.g., via npm run dev):
Environment Variables (Breaking change in 1.0.0)
Note: As of version 1.0.0, command line arguments have been replaced with environment variables.
Environment Variable | Description | Default |
| GraphQL endpoint URL |
|
| JSON string containing headers for requests |
|
| Enable mutation operations (disabled by default) |
|
| Name of the MCP server |
|
| Path to a local GraphQL schema file or URL | - |
| Port for the HTTP/JSON-RPC server. |
|
| Enable HTTP transport: |
|
| Set to | - |
Note on |
auto(default): Automatically enables HTTP only when running in MCP Inspector...true: Always enable HTTP serverfalse: Disable HTTP server completely
Examples
🖥️ Claude Desktop Configuration Examples
You can connect Claude Desktop to your GraphQL API using either the npx package (recommended for simplicity) or the Docker image (ideal for reproducibility and isolation).
✅ Option 1: Using npx
🐳 Option 2: Using Docker (auto-pull supported)
🧪 Option 3: Using node with local build (for development)
If you’ve cloned the repo and built the project (npm run build → outputs to dist/):
Resources
graphql-schema: The server exposes the GraphQL schema as a resource that clients can access. This is either the local schema file, a schema file hosted at a URL, or based on an introspection query.
Available Tools
The server provides two main tools:
introspect-schema: This tool retrieves the GraphQL schema or a filtered subset (via typeNames). Use this first if you don't have access to the schema as a resource. This uses either the local schema file, a schema file hosted at a URL, or an introspection query. Filtered introspection (typeNames) is only available when using a live GraphQL endpoint (not with SCHEMA file or URL).
query-graphql: Execute GraphQL queries against the endpoint. By default, mutations are disabled unless
ALLOW_MUTATIONSis set totrue.
Security Considerations
Mutations are disabled by default to prevent unintended data changes. Always validate HEADERS and SCHEMA inputs in production. Use HTTPS endpoints and short-lived tokens where possible.
Customize for your own server
This is a very generic implementation where it allows for complete introspection and for your users to do whatever (including mutations). If you need a more specific implementation I'd suggest to just create your own MCP and lock down tool calling for clients to only input specific query fields and/or variables. You can use this as a reference.