bc-webclient-mcp-server
Verified Safeby SShadowS
Overview
Enable AI agents (like Claude) to interact with Business Central (BC) by translating high-level commands into BC WebSocket protocol interactions, specifically tailored for on-premises BC deployments via runtime patching.
Installation
tsx src/test-mcp-server-real.tsEnvironment Variables
- BC_USERNAME
- BC_PASSWORD
- BC_BASE_URL
- BC_TENANT_ID
- DOTNET_STARTUP_HOOKS
- BC_COPILOT_API_KEYS
- SERVERINSTANCE
- MCP_STDIO_LOG_FILE
- DEBUG_MODE
- DEBUG_CHANNELS
- LOG_LEVEL
Security Notes
The system uses environment variables for sensitive credentials (BC_USERNAME, BC_PASSWORD, etc.), which is good practice. It also implements a consent and audit logging mechanism for high-sensitivity operations, improving transparency and accountability. However, the core functionality relies on a .NET runtime patch (CopilotPatcher.dll) to enable API key authentication on an on-premises Business Central server, replacing Azure S2S tokens. This non-standard modification to the BC server could introduce vulnerabilities or bypass native security features if the patcher itself is compromised or misconfigured. Hardcoded secrets were found in test scripts, highlighting the need for vigilance in production environments. Actions performed by the AI agent will inherit the permissions of the authenticated BC user, requiring careful management of user privileges.
Similar Servers
Windows-MCP.Net
Enabling AI assistants to automate tasks and interact with the Windows desktop environment.
PowerBI-Desktop-MCP
Enables AI assistants to programmatically interact with Power BI Desktop models for data exploration, analysis, and modification.
mcp-server
Enables AI agents to interact with Webflow's Data API and Designer API for site and content management.
AL-Dependency-MCP-Server
Provides AI assistants with semantic understanding of AL (Application Language) codebases and Business Central object relationships by parsing compiled AL symbol files.