Gadget MCP Server

run_graphql

Run complex read-only GraphQL queries for nested relations and custom filtering beyond simple record queries.

Instructions

Run an arbitrary read-only GraphQL query against the Gadget app. Use this for complex queries with nested relations or custom filtering that query_records can't express.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`query`	Yes	GraphQL query string
`variables`	No	GraphQL variables

Implementation Reference

src/tools.ts:430-441 (handler)

Handler case within handleTool() for 'run_graphql'. Destructures query and variables, blocks mutations, and executes the query via the gql helper.

case "run_graphql": {
  const { query, variables } = args as { query: string; variables?: Record<string, unknown> };
  const trimmed = query.trim().toLowerCase();
  if (trimmed.startsWith("mutation")) {
    return {
      content: [{ type: "text", text: "Mutations are not allowed — this server is read-only." }],
      isError: true,
    };
  }
  const data = await gql(query, variables);
  return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
}

src/tools.ts:552-563 (schema)

Tool definition with input schema for run_graphql. Declares required 'query' (string) and optional 'variables' (object) parameters.

  name: "run_graphql",
  description:
    "Run an arbitrary read-only GraphQL query against the Gadget app. Use this for complex queries with nested relations or custom filtering that query_records can't express.",
  inputSchema: {
    type: "object",
    required: ["query"],
    properties: {
      query: { type: "string", description: "GraphQL query string" },
      variables: { type: "object", description: "GraphQL variables" },
    },
  },
},

src/index.ts:48-53 (registration)

MCP server registration. ListTools exposes TOOL_DEFINITIONS (which includes run_graphql), and CallTool dispatches all tool calls to handleTool.

server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOL_DEFINITIONS }));

server.setRequestHandler(CallToolRequestSchema, async (request) => {
  const { name, arguments: args } = request.params;
  return handleTool(name, (args ?? {}) as Record<string, any>);
});

src/tools.ts:12-38 (helper)

The gql() helper function used by run_graphql (and other tools). Sends an authenticated POST request to the Gadget GraphQL endpoint and handles permission-denied errors.

export async function gql(query: string, variables?: Record<string, unknown>): Promise<any> {
  const res = await fetch(GRAPHQL_URL, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${GADGET_API_KEY}`,
    },
    body: JSON.stringify({ query, variables }),
  });

  if (!res.ok) {
    throw new Error(`GraphQL HTTP ${res.status}: ${await res.text()}`);
  }

  const json = await res.json() as any;
  if (json.errors?.length) {
    const permissionError = json.errors.find((e: any) => e.extensions?.code === "GGT_PERMISSION_DENIED");
    if (permissionError) {
      throw new Error(
        `Permission denied (GGT_PERMISSION_DENIED): your API key has no role assigned, or the role lacks read access to this model.\n` +
        `Fix: go to ${GADGET_APP}.gadget.app/edit/${GADGET_ENVIRONMENT}/settings/api-keys and assign a role with read permissions to your key.`
      );
    }
    throw new Error(json.errors.map((e: any) => e.message).join("; "));
  }
  return json.data;
}

Tool Definition Quality

A4.6/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so the description carries full burden. It clearly declares read-only behavior. While it doesn't detail error handling or rate limits, the key behavioral trait (read-only) is explicitly stated.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two concise sentences: first defines purpose, second provides usage guidance. No redundant or extraneous information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no output schema and no annotations, the description adequately covers purpose, usage, and parameter context. It doesn't detail return format, but GraphQL responses are self-explanatory. Slight gap: no mention of authentication or scope.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with descriptions. The description adds context beyond schema by explaining the tool is for complex, nested, or custom-filtering queries, which guides parameter use.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool executes a read-only GraphQL query against the Gadget app. It distinguishes from sibling tool query_records by noting it handles 'complex queries with nested relations or custom filtering that query_records can't express.'

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicit usage guidance: 'Use this for complex queries...' implies when not to use (simpler queries should use query_records). The description also clarifies it is read-only.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Stronger-eCommerce/gadget-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server