A lightweight, configuration-driven MCP server that exposes curated GraphQL queries as modular tools, enabling intentional API interactions from agents.
https://github.com/UnitVectorY-Labs/mcp-graphql-forgeMost MCP servers force you to hardcode every GraphQL query in source code. mcp-graphql-forge flips this around—define your GraphQL tools in simple YAML files and let the server handle the rest.
You want your agents to interact with GraphQL APIs, but you face a choice: expose the entire schema (security nightmare) or write custom MCP server code for every query you need. Neither scales.
Writing a custom MCP server means:
mcp-graphql-forge treats GraphQL queries as data, not code. Drop a YAML file in your config directory, and you've got a new MCP tool.
Want to add a GitHub user lookup? Create getUser.yaml:
name: "getUser"
description: "Fetch user info by login"
query: |
query ($login: String!) {
user(login: $login) {
id
name
url
location
}
}
inputs:
- name: "login"
type: "string"
description: "GitHub username"
required: true
annotations:
readOnlyHint: true
That's it. No code changes, no rebuilds. Your agent now has a getUser tool that hits GitHub's GraphQL API with exactly the query you specified.
Instead of giving agents free rein over entire GraphQL schemas, you curate exactly what they can do. Each tool is a specific query with defined inputs—agents get powerful capabilities without the security risks of schema introspection.
This approach prevents agents from:
GitHub Integration: Create tools for repository info, issue tracking, user profiles—each as a separate YAML file with the exact data your agents need.
E-commerce APIs: Define product lookup, inventory checks, order status queries without exposing pricing logic or customer data agents shouldn't see.
Internal APIs: Give agents access to specific company data queries while maintaining strict boundaries around what they can access.
Multi-tenant SaaS: Different agent configurations can use different sets of GraphQL tools, all from the same server instance.
Your DevOps team can add new agent capabilities by dropping YAML files into the config directory. No development cycle, no code review for simple query additions.
The server handles authentication automatically—configure your token command once in forge.yaml, and all tools inherit the same auth flow:
name: "GitHubServer"
url: "https://api.github.com/graphql"
token_command: "gh auth token"
Install the pre-compiled binary and point it at your config directory:
# Download and run immediately
go install github.com/UnitVectorY-Labs/mcp-graphql-forge@latest
# Set your config path and start
export FORGE_CONFIG=./my-graphql-tools
mcp-graphql-forge
Works with any MCP client—Claude Desktop, your custom implementations, or future MCP tools. Supports both stdio and SSE modes for different integration patterns.
The configuration-driven approach means you're not locked into a specific GraphQL schema or authentication method. Switch endpoints, modify queries, or add new tools without touching the server code.
As agents become more capable, the integration surface area explodes. mcp-graphql-forge gives you precise control over that surface area while keeping setup friction near zero. You define the boundaries, agents work within them, and everyone stays productive.