feat: Add MCP tool for verifying graphql queries before executing them called 'validate' (#203)

swcollard · web-flow · commit 90490265014e · 2025-07-22T12:55:00.000-05:00
* feat: Validate tool for verifying graphql queries before executing them

* Include changeset

* Update tool descriptions

* Also include validation tool in list of any introspection tools being enabled
diff --git a/.changesets/feat_validate_tool.md b/.changesets/feat_validate_tool.md
@@ -0,0 +1,3 @@
+### feat: Validate tool for verifying graphql queries before executing them - @swcollard PR #203
+
+The introspection options in the mcp server provide introspect, execute, and search tools. The LLM often tries to validate its queries by just executing them. This may not be desired (there might be side effects, for example). This feature adds a `validate` tool so the LLM can validate the operation without actually hitting the GraphQL endpoint. It first validates the syntax of the operation, and then checks it against the introspected schema for validation.
diff --git a/crates/apollo-mcp-server/src/introspection/tools.rs b/crates/apollo-mcp-server/src/introspection/tools.rs
@@ -3,3 +3,4 @@
 pub(crate) mod execute;
 pub(crate) mod introspect;
 pub(crate) mod search;
+pub(crate) mod validate;
diff --git a/crates/apollo-mcp-server/src/introspection/tools/execute.rs b/crates/apollo-mcp-server/src/introspection/tools/execute.rs
@@ -36,7 +36,7 @@ impl Execute {
             mutation_mode,
             tool: Tool::new(
                 EXECUTE_TOOL_NAME,
-                "Execute a GraphQL operation. Use the `introspect` tool to get information about the GraphQL schema. Always use the schema to create operations - do not try arbitrary operations. DO NOT try to execute introspection queries.",
+                "Execute a GraphQL operation. Use the `introspect` tool to get information about the GraphQL schema. Always use the schema to create operations - do not try arbitrary operations. If available, first use the `validate` tool to validate operations. DO NOT try to execute introspection queries.",
                 schema_from_type!(Input),
             ),
         }
diff --git a/crates/apollo-mcp-server/src/introspection/tools/validate.rs b/crates/apollo-mcp-server/src/introspection/tools/validate.rs
@@ -0,0 +1,113 @@
+use crate::errors::McpError;
+use crate::operations::operation_defs;
+use crate::schema_from_type;
+use apollo_compiler::Schema;
+use apollo_compiler::parser::Parser;
+use apollo_compiler::validation::Valid;
+use rmcp::model::CallToolResult;
+use rmcp::model::Content;
+use rmcp::model::{ErrorCode, Tool};
+use rmcp::schemars::JsonSchema;
+use rmcp::serde_json::Value;
+use rmcp::{schemars, serde_json};
+use serde::Deserialize;
+use std::default::Default;
+use std::sync::Arc;
+use tokio::sync::Mutex;
+
+/// The name of the tool to validate an ad hoc GraphQL operation
+pub const VALIDATE_TOOL_NAME: &str = "validate";
+
+#[derive(Clone)]
+pub struct Validate {
+    pub tool: Tool,
+    schema: Arc<Mutex<Valid<Schema>>>,
+}
+
+/// Input for the validate tool
+#[derive(JsonSchema, Deserialize)]
+pub struct Input {
+    /// The GraphQL operation
+    operation: String,
+}
+
+impl Validate {
+    pub fn new(schema: Arc<Mutex<Valid<Schema>>>) -> Self {
+        Self {
+            schema,
+            tool: Tool::new(
+                VALIDATE_TOOL_NAME,
+                "Validates a GraphQL operation against the schema. \
+                Use the `introspect` tool first to get information about the GraphQL schema. \
+                Operations should be validated prior to calling the `execute` tool.",
+                schema_from_type!(Input),
+            ),
+        }
+    }
+
+    /// Validates the provided GraphQL query
+    pub async fn execute(&self, input: Value) -> Result<CallToolResult, McpError> {
+        let input = serde_json::from_value::<Input>(input).map_err(|_| {
+            McpError::new(ErrorCode::INVALID_PARAMS, "Invalid input".to_string(), None)
+        })?;
+
+        operation_defs(&input.operation, true, None)
+            .map_err(|e| McpError::new(ErrorCode::INVALID_PARAMS, e.to_string(), None))?
+            .ok_or_else(|| {
+                McpError::new(
+                    ErrorCode::INVALID_PARAMS,
+                    "Invalid operation type".to_string(),
+                    None,
+                )
+            })?;
+
+        let schema_guard = self.schema.lock().await;
+        Parser::new()
+            .parse_executable(&schema_guard, input.operation.as_str(), "operation.graphql")
+            .map_err(|e| McpError::new(ErrorCode::INVALID_PARAMS, e.to_string(), None))?;
+        Ok(CallToolResult {
+            content: vec![Content::text("Operation is valid")],
+            is_error: None,
+        })
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use serde_json::json;
+
+    use super::*;
+    static SCHEMA: std::sync::LazyLock<Arc<Mutex<Valid<Schema>>>> =
+        std::sync::LazyLock::new(|| {
+            Arc::new(Mutex::new(
+                Schema::parse_and_validate("type Query { id: ID! }", "schema.graphql").unwrap(),
+            ))
+        });
+
+    #[tokio::test]
+    async fn validate_valid_query() {
+        let validate = Validate::new(SCHEMA.clone());
+        let input = json!({
+            "operation": "query Test { id }"
+        });
+        assert!(validate.execute(input).await.is_ok());
+    }
+
+    #[tokio::test]
+    async fn validate_invalid_graphql_query() {
+        let validate = Validate::new(SCHEMA.clone());
+        let input = json!({
+            "operation": "query {"
+        });
+        assert!(validate.execute(input).await.is_err());
+    }
+
+    #[tokio::test]
+    async fn validate_invalid_query_field() {
+        let validate = Validate::new(SCHEMA.clone());
+        let input = json!({
+            "operation": "query { invalidField }"
+        });
+        assert!(validate.execute(input).await.is_err());
+    }
+}
diff --git a/crates/apollo-mcp-server/src/main.rs b/crates/apollo-mcp-server/src/main.rs
@@ -138,6 +138,7 @@ async fn main() -> anyhow::Result<()> {
         .maybe_explorer_graph_ref(explorer_graph_ref)
         .headers(config.headers)
         .execute_introspection(config.introspection.execute.enabled)
+        .validate_introspection(config.introspection.validate.enabled)
         .introspect_introspection(config.introspection.introspect.enabled)
         .introspect_minify(config.introspection.introspect.minify)
         .search_minify(config.introspection.search.minify)
diff --git a/crates/apollo-mcp-server/src/operations.rs b/crates/apollo-mcp-server/src/operations.rs
@@ -370,8 +370,12 @@ pub fn operation_defs(
     allow_mutations: bool,
     source_path: Option<String>,
 ) -> Result<Option<(Document, Node<OperationDefinition>, Option<String>)>, OperationError> {
+    let source_path_clone = source_path.clone();
     let document = Parser::new()
-        .parse_ast(source_text, "operation.graphql")
+        .parse_ast(
+            source_text,
+            source_path_clone.unwrap_or_else(|| "operation.graphql".to_string()),
+        )
         .map_err(|e| OperationError::GraphQLDocument(Box::new(e)))?;
     let mut last_offset: Option<usize> = Some(0);
     let mut operation_defs = document.definitions.clone().into_iter().filter_map(|def| {
diff --git a/crates/apollo-mcp-server/src/runtime/introspection.rs b/crates/apollo-mcp-server/src/runtime/introspection.rs
@@ -13,6 +13,9 @@ pub struct Introspection {
 
     /// Search tool configuration
     pub search: SearchConfig,
+
+    /// Validate configuration for checking operations before execution
+    pub validate: ValidateConfig,
 }
 
 /// Execution-specific introspection configuration
@@ -64,9 +67,17 @@ impl Default for SearchConfig {
     }
 }
 
+/// Validation tool configuration
+#[derive(Debug, Default, Deserialize, JsonSchema)]
+#[serde(default)]
+pub struct ValidateConfig {
+    /// Enable validation tool
+    pub enabled: bool,
+}
+
 impl Introspection {
     /// Check if any introspection tools are enabled
     pub fn any_enabled(&self) -> bool {
-        self.execute.enabled | self.introspect.enabled | self.search.enabled
+        self.execute.enabled | self.introspect.enabled | self.search.enabled | self.validate.enabled
     }
 }
diff --git a/crates/apollo-mcp-server/src/server.rs b/crates/apollo-mcp-server/src/server.rs
@@ -24,6 +24,7 @@ pub struct Server {
     endpoint: Url,
     headers: HeaderMap,
     execute_introspection: bool,
+    validate_introspection: bool,
     introspect_introspection: bool,
     introspect_minify: bool,
     search_minify: bool,
@@ -90,6 +91,7 @@ impl Server {
         endpoint: Url,
         headers: HeaderMap,
         execute_introspection: bool,
+        validate_introspection: bool,
         introspect_introspection: bool,
         search_introspection: bool,
         introspect_minify: bool,
@@ -114,6 +116,7 @@ impl Server {
             endpoint,
             headers,
             execute_introspection,
+            validate_introspection,
             introspect_introspection,
             search_introspection,
             introspect_minify,
diff --git a/crates/apollo-mcp-server/src/server/states.rs b/crates/apollo-mcp-server/src/server/states.rs
@@ -33,6 +33,7 @@ struct Config {
     endpoint: Url,
     headers: HeaderMap,
     execute_introspection: bool,
+    validate_introspection: bool,
     introspect_introspection: bool,
     search_introspection: bool,
     introspect_minify: bool,
@@ -63,6 +64,7 @@ impl StateMachine {
                 endpoint: server.endpoint,
                 headers: server.headers,
                 execute_introspection: server.execute_introspection,
+                validate_introspection: server.validate_introspection,
                 introspect_introspection: server.introspect_introspection,
                 search_introspection: server.search_introspection,
                 introspect_minify: server.introspect_minify,
diff --git a/crates/apollo-mcp-server/src/server/states/running.rs b/crates/apollo-mcp-server/src/server/states/running.rs
@@ -26,6 +26,7 @@ use crate::{
         execute::{EXECUTE_TOOL_NAME, Execute},
         introspect::{INTROSPECT_TOOL_NAME, Introspect},
         search::{SEARCH_TOOL_NAME, Search},
+        validate::{VALIDATE_TOOL_NAME, Validate},
     },
     operations::{MutationMode, Operation, RawOperation},
 };
@@ -40,6 +41,7 @@ pub(super) struct Running {
     pub(super) introspect_tool: Option<Introspect>,
     pub(super) search_tool: Option<Search>,
     pub(super) explorer_tool: Option<Explorer>,
+    pub(super) validate_tool: Option<Validate>,
     pub(super) custom_scalar_map: Option<CustomScalarMap>,
     pub(super) peers: Arc<RwLock<Vec<Peer<RoleServer>>>>,
     pub(super) cancellation_token: CancellationToken,
@@ -211,6 +213,13 @@ impl ServerHandler for Running {
                     })
                     .await
             }
+            VALIDATE_TOOL_NAME => {
+                self.validate_tool
+                    .as_ref()
+                    .ok_or(tool_not_found(&request.name))?
+                    .execute(convert_arguments(request)?)
+                    .await
+            }
             _ => {
                 let graphql_request = graphql::Request {
                     input: Value::from(request.arguments.clone()),
@@ -246,6 +255,7 @@ impl ServerHandler for Running {
                 .chain(self.introspect_tool.as_ref().iter().map(|e| e.tool.clone()))
                 .chain(self.search_tool.as_ref().iter().map(|e| e.tool.clone()))
                 .chain(self.explorer_tool.as_ref().iter().map(|e| e.tool.clone()))
+                .chain(self.validate_tool.as_ref().iter().map(|e| e.tool.clone()))
                 .collect(),
         })
     }
@@ -300,6 +310,7 @@ mod tests {
             introspect_tool: None,
             search_tool: None,
             explorer_tool: None,
+            validate_tool: None,
             custom_scalar_map: None,
             peers: Arc::new(RwLock::new(vec![])),
             cancellation_token: CancellationToken::new(),
diff --git a/crates/apollo-mcp-server/src/server/states/starting.rs b/crates/apollo-mcp-server/src/server/states/starting.rs
@@ -14,7 +14,9 @@ use tracing::{debug, error, info};
 use crate::{
     errors::ServerError,
     explorer::Explorer,
-    introspection::tools::{execute::Execute, introspect::Introspect, search::Search},
+    introspection::tools::{
+        execute::Execute, introspect::Introspect, search::Search, validate::Validate,
+    },
     operations::{MutationMode, RawOperation},
     server::Transport,
 };
@@ -94,6 +96,10 @@ impl Starting {
                 self.config.introspect_minify,
             )
         });
+        let validate_tool = self
+            .config
+            .validate_introspection
+            .then(|| Validate::new(schema.clone()));
         let search_tool = if self.config.search_introspection {
             Some(Search::new(
                 schema.clone(),
@@ -119,6 +125,7 @@ impl Starting {
             introspect_tool,
             search_tool,
             explorer_tool,
+            validate_tool,
             custom_scalar_map: self.config.custom_scalar_map,
             peers,
             cancellation_token: cancellation_token.clone(),
diff --git a/graphql/weather/config.yaml b/graphql/weather/config.yaml
@@ -14,3 +14,5 @@ introspection:
     enabled: true
   search:
     enabled: true
+  validate:
+    enabled: true

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+### feat: Validate tool for verifying graphql queries before executing them - @swcollard PR #203`
	`2`	`+`
	`3`	+The introspection options in the mcp server provide introspect, execute, and search tools. The LLM often tries to validate its queries by just executing them. This may not be desired (there might be side effects, for example). This feature adds a `validate` tool so the LLM can validate the operation without actually hitting the GraphQL endpoint. It first validates the syntax of the operation, and then checks it against the introspected schema for validation.
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ impl Execute {`
`36`	`36`	`mutation_mode,`
`37`	`37`	`tool: Tool::new(`
`38`	`38`	`EXECUTE_TOOL_NAME,`
`39`		- "Execute a GraphQL operation. Use the `introspect` tool to get information about the GraphQL schema. Always use the schema to create operations - do not try arbitrary operations. DO NOT try to execute introspection queries.",
	`39`	+ "Execute a GraphQL operation. Use the `introspect` tool to get information about the GraphQL schema. Always use the schema to create operations - do not try arbitrary operations. If available, first use the `validate` tool to validate operations. DO NOT try to execute introspection queries.",
`40`	`40`	`schema_from_type!(Input),`
`41`	`41`	`),`
`42`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,9 @@ pub struct Introspection {`
`13`	`13`
`14`	`14`	`/// Search tool configuration`
`15`	`15`	`pub search: SearchConfig,`
	`16`	`+`
	`17`	`+ /// Validate configuration for checking operations before execution`
	`18`	`+ pub validate: ValidateConfig,`
`16`	`19`	`}`
`17`	`20`
`18`	`21`	`/// Execution-specific introspection configuration`
`@@ -64,9 +67,17 @@ impl Default for SearchConfig {`
`64`	`67`	`}`
`65`	`68`	`}`
`66`	`69`
	`70`	`+/// Validation tool configuration`
	`71`	`+#[derive(Debug, Default, Deserialize, JsonSchema)]`
	`72`	`+#[serde(default)]`
	`73`	`+pub struct ValidateConfig {`
	`74`	`+ /// Enable validation tool`
	`75`	`+ pub enabled: bool,`
	`76`	`+}`
	`77`	`+`
`67`	`78`	`impl Introspection {`
`68`	`79`	`/// Check if any introspection tools are enabled`
`69`	`80`	`pub fn any_enabled(&self) -> bool {`
`70`		`- self.execute.enabled \| self.introspect.enabled \| self.search.enabled`
	`81`	`+ self.execute.enabled \| self.introspect.enabled \| self.search.enabled \| self.validate.enabled`
`71`	`82`	`}`
`72`	`83`	`}`