Summary
Points at any GraphQL endpoint and auto-generates MCP tools for every query and mutation via introspection. No configuration files, no code generation step. Works with public APIs like the Countries GraphQL demo or authenticated services like GitHub's GraphQL API using bearer tokens or API keys. The server flattens nested input objects into simple parameters since LLMs handle flat schemas more reliably than deep nesting. Includes smart response truncation to avoid context overflow, schema caching for faster restarts, and mutation safety guards that warn or block destructive operations like deleteUser or removeRepository. Useful when you want Claude to query or modify data through a GraphQL API without building custom tool definitions by hand.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Public tool metadata for what this MCP can expose to an agent.
10 tools
accounts_listList all accounts in your Cloudflare account
List all accounts in your Cloudflare account
No parameter schema in public metadata yet.
set_active_accountSet active account to be used for tool calls that require accountId1 params
Set active account to be used for tool calls that require accountId
Parameters* required
activeAccountIdParamstringThe accountId present in the users Cloudflare account, that should be the active accountId.
zones_listList all zones under a Cloudflare account6 params
List all zones under a Cloudflare account
Parameters* required
namestringFilter zones by name
pagenumberPage number for paginationdefault: 1
orderstringField to order results by (name, status, account_name)default: name
statusstringFilter zones by status (active, pending, initializing, moved, deleted, deactivated, read only)
perPagenumberNumber of zones per pagedefault: 50
directionstringDirection to order results (asc, desc)one of
asc · descdefault: desczone_detailsGet details for a specific Cloudflare zone1 params
Get details for a specific Cloudflare zone
Parameters* required
zoneIdstringThe ID of the zone to get details for
graphql_schema_searchSearch the Cloudflare GraphQL API schema for types, fields, and enum values matching a keyword Use this tool when: - You are unsure which dataset to use for your query. - A user is looking for specific types, fields, or enum values in the Cloudflare GraphQL API schema. IMPORTA...4 params
Search the Cloudflare GraphQL API schema for types, fields, and enum values matching a keyword Use this tool when: - You are unsure which dataset to use for your query. - A user is looking for specific types, fields, or enum values in the Cloudflare GraphQL API schema. IMPORTA...
Parameters* required
keywordstringThe keyword to search for in the schema
onlyObjectTypesbooleanWhether to only include OBJECT kind types in the search results with descriptionsdefault: true
maxDetailsToFetchnumberMaximum number of types to fetch details fordefault: 10
includeInternalTypesbooleanWhether to include internal types (those starting with __) in the search resultsdefault: false
graphql_schema_overviewFetch the high-level overview of the Cloudflare GraphQL API schema Use this tool when: - A user requests insights into the structure or capabilities of Cloudflare’s GraphQL API. - You need to explore available types, queries, mutations, or schema relationships exposed by Cloud...2 params
Fetch the high-level overview of the Cloudflare GraphQL API schema Use this tool when: - A user requests insights into the structure or capabilities of Cloudflare’s GraphQL API. - You need to explore available types, queries, mutations, or schema relationships exposed by Cloud...
Parameters* required
pagenumberPage number to fetchdefault: 1
pageSizenumberNumber of types to return per pagedefault: 100
graphql_type_detailsFetch detailed information about a specific GraphQL type (dataset) IMPORTANT: After exploring the schema, DO NOT generate overly complicated GraphQL queries that the user didn't explicitly ask for. Only include fields that were specifically requested. Use this tool when: - You...5 params
Fetch detailed information about a specific GraphQL type (dataset) IMPORTANT: After exploring the schema, DO NOT generate overly complicated GraphQL queries that the user didn't explicitly ask for. Only include fields that were specifically requested. Use this tool when: - You...
Parameters* required
typeNamestringThe type name (dataset) of the GraphQL type to fetch details for
fieldsPagenumberPage number for fields to fetchdefault: 1
enumValuesPagenumberPage number for enum values to fetchdefault: 1
fieldsPageSizenumberNumber of fields to return per pagedefault: 50
enumValuesPageSizenumberNumber of enum values to return per pagedefault: 50
graphql_complete_schemaFetch the complete Cloudflare GraphQL API schema (combines overview and important type details)4 params
Fetch the complete Cloudflare GraphQL API schema (combines overview and important type details)
Parameters* required
typesPagenumberPage number for types to fetchdefault: 1
typesPageSizenumberNumber of types to return per pagedefault: 100
maxTypeDetailsToFetchnumberMaximum number of important types to fetch details fordefault: 3
includeRootTypeDetailsbooleanWhether to include detailed information about root typesdefault: true
graphql_queryExecute a GraphQL query against the Cloudflare API IMPORTANT: ONLY execute the EXACT GraphQL query provided by the user. DO NOT generate complicated queries that the user didn't explicitly ask for. CRITICAL: When querying, make sure to set a LIMIT (e.g., first: 10, limit: 20)...2 params
Execute a GraphQL query against the Cloudflare API IMPORTANT: ONLY execute the EXACT GraphQL query provided by the user. DO NOT generate complicated queries that the user didn't explicitly ask for. CRITICAL: When querying, make sure to set a LIMIT (e.g., first: 10, limit: 20)...
Parameters* required
querystringThe GraphQL query to execute
variablesobjectVariables for the query
graphql_api_explorerGenerate a Cloudflare GraphQL API Explorer link Use this tool when: - A user asks for any GraphQL queries and wants to explore them in the Cloudflare GraphQL API Explorer. - You want to provide a shareable link to a specific GraphQL query for the user to explore and modify. -...2 params
Generate a Cloudflare GraphQL API Explorer link Use this tool when: - A user asks for any GraphQL queries and wants to explore them in the Cloudflare GraphQL API Explorer. - You want to provide a shareable link to a specific GraphQL query for the user to explore and modify. -...
Parameters* required
querystringThe GraphQL query to include in the explorer link
variablesobjectVariables for the query in JSON format
graphql-to-mcp
Turn any GraphQL API into MCP tools — zero config, zero code.
Point graphql-to-mcp at a GraphQL endpoint and it auto-generates one MCP tool per query/mutation via introspection. Works with Claude Desktop, Cursor, Windsurf, and any MCP client.
Quick Start
Try it now — no install needed:
npx graphql-to-mcp https://countries.trevorblades.com/graphql
Or add to Claude Desktop / Cursor config:
{
"mcpServers": {
"countries": {
"command": "npx",
"args": ["-y", "graphql-to-mcp", "https://countries.trevorblades.com/graphql"]
}
}
}
That's it. Claude can now query countries, continents, and languages.
Features
- Zero config — just provide a GraphQL endpoint URL
- Auto-introspection — discovers all queries and mutations automatically
- Flat parameter schemas — nested
inputobjects are flattened for better LLM accuracy - Smart truncation — large responses are intelligently pruned (array slicing + depth limiting)
- Auth support — Bearer tokens, API keys (header or query)
- Retry logic — automatic retries on 429/5xx with exponential backoff
- Include/exclude filters — expose only the operations you want
- Schema caching — skip re-introspection with
--schema-cachefor faster startup - Mutation safety — auto-detect destructive mutations (
delete*,remove*, etc.) and warn or block them
Usage
CLI
# Public API (no auth)
npx graphql-to-mcp https://countries.trevorblades.com/graphql
# With bearer token
npx graphql-to-mcp https://api.github.com/graphql --bearer ghp_xxxxx
# With API key
npx graphql-to-mcp https://api.example.com/graphql --api-key "X-API-Key:your-key:header"
# Filter operations
npx graphql-to-mcp https://api.example.com/graphql --include "get*" --exclude "internal*"
# With prefix (avoid name collisions when using multiple APIs)
npx graphql-to-mcp https://api.example.com/graphql --prefix myapi
# Cache schema locally for faster restarts
npx graphql-to-mcp https://api.example.com/graphql --schema-cache ./schema.json
# Force re-introspection (ignore cache)
npx graphql-to-mcp https://api.example.com/graphql --schema-cache ./schema.json --force-refresh
# Block destructive mutations (delete*, remove*, etc.)
npx graphql-to-mcp https://api.example.com/graphql --mutation-safety safe
Claude Desktop / Cursor Config
{
"mcpServers": {
"github": {
"command": "npx",
"args": [
"-y", "graphql-to-mcp",
"https://api.github.com/graphql",
"--bearer", "ghp_xxxxx",
"--prefix", "github"
]
}
}
}
Programmatic
import { createServer } from "graphql-to-mcp";
const server = await createServer({
endpoint: "https://api.example.com/graphql",
auth: { type: "bearer", token: "xxx" },
include: ["getUser", "listUsers"],
});
How It Works
- Introspect — Fetches the GraphQL schema via introspection query
- Flatten — Nested
InputObjecttypes are flattened into simple key-value parameters (e.g.,input.name→input_name) - Generate — Each query/mutation becomes an MCP tool with a flat JSON Schema
- Execute — When an LLM calls a tool, the flat args are reconstructed into proper GraphQL variables and sent to your endpoint
Why Flat Schemas?
LLMs are significantly better at filling flat key-value parameters than deeply nested JSON objects. By flattening InputObject types, we get:
- Higher accuracy in parameter filling
- Fewer hallucinated nested structures
- Better compatibility across different LLM providers
Options
| Option | Description | Default |
|---|---|---|
--bearer <token> | Bearer token auth | — |
--api-key <name:value:in> | API key auth | — |
-H, --header <name:value> | Custom header (repeatable) | — |
--include <pattern> | Include only matching operations | all |
--exclude <pattern> | Exclude matching operations | none |
--prefix <name> | Tool name prefix | — |
--timeout <ms> | Request timeout | 30000 |
--max-retries <n> | Retry on 429/5xx | 3 |
--transport <stdio|sse> | MCP transport | stdio |
--schema-cache <path> | Save/load introspection cache | — |
--force-refresh | Ignore cache, re-introspect | false |
--mutation-safety <mode> | warn | safe | unrestricted | warn |
Smart Truncation
GraphQL APIs can return large payloads that overwhelm LLM context windows. graphql-to-mcp automatically:
- Slices arrays to 20 items (with metadata showing total count)
- Prunes depth beyond 5 levels (with object/array summaries)
- Hard truncates at 50K characters as a safety net
Schema Caching
Introspection queries can be slow on large schemas. Use --schema-cache to save the introspection result locally:
# First run: introspects and saves to cache
npx graphql-to-mcp https://api.example.com/graphql --schema-cache ./schema.json
# Subsequent runs: loads from cache (instant startup)
npx graphql-to-mcp https://api.example.com/graphql --schema-cache ./schema.json
# Force re-introspection when the API schema changes
npx graphql-to-mcp https://api.example.com/graphql --schema-cache ./schema.json --force-refresh
The cache file stores the endpoint URL and timestamp. If you point at a different endpoint, it automatically re-introspects.
Mutation Safety
By default, graphql-to-mcp detects destructive mutations and adds warnings to their descriptions. This helps LLMs understand the risk before executing them.
Detected patterns: delete*, remove*, drop*, clear*, truncate*, destroy*, purge*, reset* (case-insensitive).
| Mode | Behavior |
|---|---|
warn (default) | Adds "DESTRUCTIVE:" prefix to dangerous mutation descriptions |
safe | Completely excludes dangerous mutations from the tool list |
unrestricted | No filtering or warnings (previous behavior) |
# Safe mode: only expose read queries + non-destructive mutations
npx graphql-to-mcp https://api.example.com/graphql --mutation-safety safe
# Unrestricted: expose everything (use with caution)
npx graphql-to-mcp https://api.example.com/graphql --mutation-safety unrestricted
Use with REST APIs Too
Pair with mcp-openapi to give Claude access to both REST and GraphQL APIs:
{
"mcpServers": {
"github-graphql": {
"command": "npx",
"args": ["-y", "graphql-to-mcp", "https://api.github.com/graphql", "--bearer", "ghp_xxx", "--prefix", "gh"]
},
"petstore-rest": {
"command": "npx",
"args": ["-y", "mcp-openapi", "https://petstore3.swagger.io/api/v3/openapi.json"]
}
}
}
Related
- mcp-openapi — Same zero-config approach for REST/OpenAPI APIs
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →