Bridging AI Assistants with Enterprise Databases
"Making PeopleWorks GPT capabilities accessible to any MCP-compatible AI assistant"
Imagine you're chatting with Claude Desktop, and you want to ask: "Show me our top 10 properties by revenue this month". Without the MCP Server, Claude would politely say it can't access your database. But with the PeopleWorks GPT MCP Server, Claude can authenticate, connect to your SQL Server database, generate the optimal SQL query using AI, execute it, and return beautiful results - all in a single conversational exchange.
The Model Context Protocol (MCP) is Anthropic's groundbreaking standard that allows AI assistants like Claude to securely connect to external data sources and tools. Think of it as a universal adapter that lets any AI assistant talk to any data source or service - databases, APIs, file systems, and more.
| What is MCP? A Simple Analogy | ||
|---|---|---|
| π | Before MCPLike having different chargers for every device - iPhone uses Lightning, Android uses USB-C, laptops use proprietary chargers | Fragmented |
| β‘ | With MCPLike USB-C becoming universal - one protocol that works with every AI assistant and every data source | Unified |
| π | The ResultAny MCP-compatible AI (Claude, ChatGPT, custom agents) can instantly connect to any MCP server (databases, CRMs, ERPs, APIs) | Interoperable |
PeopleWorks already has a powerful DatabaseGPT engine that converts natural language to SQL. The MCP Server exposes this capability to Claude Desktop and other MCP clients without rewriting a single line of core logic.
Multi-user authentication with API keys, JWT session tokens, granular database permissions, and complete audit logging - all the security features businesses demand.
Works with SQL Server, PostgreSQL, MySQL, Oracle, and more. The abstraction layer handles dialect differences automatically.
Database hints and custom prompts teach the AI about your business domain, resulting in more accurate and context-aware queries.
Not just SELECT statements - the server supports analytics templates, drill-downs, comparisons, data quality audits, and complex business intelligence queries.
Once built, any MCP-compatible client (Claude Desktop, future versions of ChatGPT, custom AI agents, STRPlatform) can use it immediately.
MCP servers expose three types of capabilities: Tools (executable actions), Prompts (reusable templates), and Resources (structured data). Let's explore each in detail.
| Tool | Purpose | Key Parameters | Returns |
|---|---|---|---|
| AuthenticateAsync | User authentication and session creation | username, apiKey |
JWT session token (60 min expiry) |
| ListConnectionsAsync | Discover available databases | sessionToken |
List of accessible database connections |
| ExecuteQueryAsync | Execute natural language query | sessionToken, connectionId, query, includeHints |
Generated SQL + result set + execution metrics |
| GetSchemaAsync | Retrieve database schema | sessionToken, connectionId, specificTables |
Tables, columns, types, constraints in markdown |
| ListHintsAsync | View active database hints | sessionToken, connectionId |
Business rules, custom prompts, context |
| UpdateHintsAsync | Modify database hints | sessionToken, connectionId, hintsContent |
Success confirmation |
| GetSuggestedQuestionsAsync | AI-generated suggested queries | sessionToken, connectionId, category |
List of relevant questions user can ask |
| ExplainQueryAsync | Explain SQL generation process | sessionToken, connectionId, query |
Step-by-step explanation of SQL generation |
Prompts are pre-configured templates that guide the AI in generating complex analytical queries. They encode best practices for common BI scenarios.
| Prompt Template | Use Case | Example |
|---|---|---|
| Analytics Query | Business metrics with aggregations | "Total revenue by property type for last quarter with rankings" |
| Data Exploration | Statistical discovery patterns | "Find unusual patterns in booking durations by season" |
| Drill-Down | Hierarchical analysis | "Break down total revenue by region β city β property" |
| A/B Comparison | Side-by-side metrics | "Compare Q1 2024 vs Q1 2025: revenue, bookings, occupancy" |
| Data Quality | Audit and validation | "Check Properties table for NULLs, duplicates, outliers in price" |
Complete database schema: tables, columns, data types, relationships, indexes. Returned in structured JSON for efficient parsing.
CREATE TABLE scripts with full DDL, constraints, defaults, and computed columns for deep schema understanding.
First 5 rows from any table to understand data patterns, formats, and actual values - crucial for context-aware queries.
Business rules, custom prompts, multi-tenant context, and domain knowledge that enhance query generation accuracy.
using Infrastructure.Persistence.Contexts;
using Microsoft.EntityFrameworkCore;
using ModelContextProtocol.Server;
using PeopleworksGPT.MCP.Server.Services;
using System.ComponentModel;
using System.Text.Json;
namespace PeopleworksGPT.MCP.Server.Tools
{
[McpServerToolType]
public sealed class AuthenticationTool
{
private readonly ApplicationDbContext _context;
private readonly SessionManager _sessionManager;
public AuthenticationTool(ApplicationDbContext context, SessionManager sessionManager)
{
_context = context;
_sessionManager = sessionManager;
}
[McpServerTool(Name = "AuthenticateAsync")]
[Description("Authenticate user and receive session token for subsequent requests")]
public async Task<string> AuthenticateAsync(
[Description("Username")] string username,
[Description("API key for authentication")] string apiKey)
{
try
{
// Find user by username and API key
var user = await _context.ApplicationUsers
.FirstOrDefaultAsync(u => u.UserName == username
&& u.ApiKey == apiKey
&& u.IsActive
&& !u.Deleted);
if (user == null)
{
return JsonSerializer.Serialize(new
{
success = false,
error = "Invalid credentials"
});
}
// Update last login timestamp
user.UpdatedDate = DateTime.Now;
await _context.SaveChangesAsync();
// Generate JWT token with 60-minute expiration
var sessionToken = _sessionManager.GenerateJwtToken(user.Id, user.UserName!);
return JsonSerializer.Serialize(new
{
success = true,
session_token = sessionToken,
user_id = user.Id,
username = user.UserName,
expires_at = DateTime.UtcNow.AddMinutes(60).ToString("O")
});
}
catch (Exception ex)
{
return JsonSerializer.Serialize(new
{
success = false,
error = $"Authentication failed: {ex.Message}"
});
}
}
}
}[McpServerToolType] - Marks the class as containing MCP tools[McpServerTool] - Exposes the method as an MCP tool[Description] - Provides AI-readable documentation[McpServerTool(Name = "ExecuteQueryAsync")]
[Description("Execute a natural language query against a specific database connection")]
public async Task<string> ExecuteQueryAsync(
[Description("Session token from authenticate()")] string sessionToken,
[Description("Database connection ID from list_connections()")] long connectionId,
[Description("Natural language query")] string query,
[Description("Include database hints (default: true)")] bool includeHints = true,
[Description("Additional context for filtering")] string? additionalContext = null,
[Description("Security filter for multi-tenant isolation (JSON)")] string? securityFilter = null)
{
var stopwatch = Stopwatch.StartNew();
try
{
// 1. Validate JWT session token
var (isValid, userId, username) = _sessionManager.ValidateToken(sessionToken);
if (!isValid)
{
return JsonSerializer.Serialize(new {
success = false,
error = "Invalid or expired session token"
});
}
// 2. Verify user has access to this connection
var connection = await _context.DatabaseConnectionSettings
.FirstOrDefaultAsync(c =>
c.Id == connectionId &&
c.AvailableForUsers.Any(u => u.Id == userId) &&
!c.Deleted &&
!c.Disabled);
if (connection == null)
{
return JsonSerializer.Serialize(new {
success = false,
error = "Connection not found or access denied"
});
}
// 3. Execute query through DatabaseGPT engine
var (sql, results) = await _queryExecutionService.ExecuteNaturalLanguageQueryAsync(
connection,
query,
includeHints,
additionalContext,
securityFilter);
stopwatch.Stop();
// 4. Log to audit trail
await _auditLogger.LogQueryAsync(
userId,
connectionId,
query,
sql,
(int)stopwatch.ElapsedMilliseconds,
results.Count,
success: true);
// 5. Return structured results
return JsonSerializer.Serialize(new
{
success = true,
query_id = Guid.NewGuid().ToString(),
original_query = query,
generated_sql = sql,
results,
row_count = results.Count,
execution_time_ms = stopwatch.ElapsedMilliseconds,
connection_name = connection.DbName
});
}
catch (Exception ex)
{
stopwatch.Stop();
// Log failure to audit
await _auditLogger.LogQueryAsync(
userId, connectionId, query, null,
(int)stopwatch.ElapsedMilliseconds, 0,
success: false, errorMessage: ex.Message);
return JsonSerializer.Serialize(new
{
success = false,
error = $"Query execution failed: {ex.Message}"
});
}
}public class SessionManager
{
private readonly IConfiguration _configuration;
public string GenerateJwtToken(long userId, string username)
{
var secretKey = _configuration["JWT:SecretKey"]
?? throw new InvalidOperationException("JWT SecretKey not configured");
var securityKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(secretKey));
var credentials = new SigningCredentials(
securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
new Claim(ClaimTypes.Name, username),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(
issuer: _configuration["JWT:Issuer"],
audience: _configuration["JWT:Audience"],
claims: claims,
expires: DateTime.UtcNow.AddMinutes(60),
signingCredentials: credentials
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
public (bool IsValid, long UserId, string Username) ValidateToken(string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = _configuration["JWT:Issuer"],
ValidAudience = _configuration["JWT:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_configuration["JWT:SecretKey"]!))
};
var principal = tokenHandler.ValidateToken(token, validationParameters, out _);
var userId = long.Parse(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value);
var username = principal.FindFirst(ClaimTypes.Name)!.Value;
return (true, userId, username);
}
catch
{
return (false, 0, string.Empty);
}
}
}| Feature | STDIO Transport (Development) |
HTTP Transport (Production) |
|---|---|---|
| How it Works | Claude executes dotnet run each time |
Server runs permanently, Claude connects via HTTP |
| Setup Complexity | β Copy config file, restart Claude | β Publish, deploy, configure IIS/Docker |
| Source Code Required | β Yes, on client machine | β No, compiled binary only |
| Multi-Client Support | β Single user only | β Unlimited concurrent users |
| Code Changes | β Immediate effect | β Requires redeploy |
| Remote Access | β Local only | β Cloud, corporate network, anywhere |
| Best For | Developers, quick testing, local experimentation | Production, teams, STRPlatform integration, enterprise |
{
"mcpServers": {
"peopleworksgpt": {
"command": "dotnet",
"args": [
"run",
"--project",
"C:\\Proyecto\\AI\\PeopleworksGPT\\PeopleworksGPT.MCP.Server\\PeopleworksGPT.MCP.Server.csproj"
],
"env": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"peopleworksgpt": {
"url": "https://mcp.peopleworks.com/mcp",
"transport": "http",
"headers": {
"MCP-Protocol-Version": "2025-06-18"
}
}
}
}# Publish the application
dotnet publish -c Release -o C:\inetpub\PeopleworksGPT-MCP
# Create IIS Application Pool
New-WebAppPool -Name "PeopleworksGPT-MCP" -Force
Set-ItemProperty IIS:\AppPools\PeopleworksGPT-MCP `
-Name managedRuntimeVersion -Value ""
# Create IIS Website
New-WebSite -Name "PeopleworksGPT-MCP" `
-Port 5000 `
-PhysicalPath "C:\inetpub\PeopleworksGPT-MCP" `
-ApplicationPool "PeopleworksGPT-MCP" `
-Force
# Configure web.config for InProcess hosting
$webConfig = @"
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*"
modules="AspNetCoreModuleV2"
resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet"
arguments=".\PeopleworksGPT.MCP.Server.dll"
stdoutLogEnabled="true"
stdoutLogFile=".\logs\stdout"
hostingModel="InProcess" />
</system.webServer>
</configuration>
"@
Set-Content -Path "C:\inetpub\PeopleworksGPT-MCP\web.config" -Value $webConfig
Write-Host "Deployment complete! Server available at http://localhost:5000" -ForegroundColor GreenUser provides username and API key. Server validates credentials and generates a JWT session token valid for 60 minutes.
User: "Authenticate me with username 'admin' and apiKey 'pk_admin_1'"
Claude: [Calls AuthenticateAsync tool]
Response: β
Authenticated! Session token: eyJ0eXAiOiJKV1Q...User requests available database connections. Server returns only connections the authenticated user has permission to access.
User: "Show me my database connections"
Claude: [Calls ListConnectionsAsync tool]
Response: π You have access to:
1. MonetSTR-Production (SQL Server 2022)
2. Analytics-Warehouse (PostgreSQL 15)User examines database structure. Server provides table definitions, relationships, and sample data.
User: "What tables are in MonetSTR-Production?"
Claude: [Calls GetSchemaAsync tool]
Response: π Database Schema:
β’ Properties (15 columns)
β’ Bookings (22 columns)
β’ Customers (18 columns)
β’ Payments (12 columns)User asks a business question. Server converts it to optimized SQL, executes it, and returns formatted results.
User: "Show me top 10 properties by revenue for November 2024"
Claude: [Calls ExecuteQueryAsync tool]
Generated SQL:
SELECT TOP 10
PropertyName,
SUM(TotalAmount) AS TotalRevenue
FROM Bookings
WHERE BookingDate >= '2024-11-01' AND BookingDate < '2024-12-01'
GROUP BY PropertyName
ORDER BY TotalRevenue DESC
Results:
1. Beach Villa Sunset - $125,450
2. Downtown Loft 42 - $98,320
...User asks follow-up questions. Claude maintains context and refines queries based on conversation history.
User: "Now show me the same for December"
Claude: [Modifies query, calls ExecuteQueryAsync]
User: "What about year-over-year comparison?"
Claude: [Uses Comparison Template prompt, generates complex SQL with CTEs]Inject domain knowledge: "PropertyStatus 1=Active, 2=Inactive" or "Revenue is calculated as TotalAmount - Discounts". The AI uses these hints to generate more accurate queries.
Define business-specific templates: "For hospitality industry, always calculate occupancy rate as (booked_nights / available_nights) * 100"
Automatic filtering: "ClientId = @CurrentUserClientId" injected into all queries to ensure data isolation in multi-tenant systems.
Every query logged: user, timestamp, natural language input, generated SQL, execution time, rows returned, success/failure.
Ask "Explain how you generated that SQL" - get step-by-step breakdown of AI's reasoning process.
AI analyzes your schema and suggests relevant questions: "What's the average booking duration?", "Which properties have the highest occupancy?"
| Scenario | Traditional Approach | With MCP Server |
|---|---|---|
| Executive Dashboard | Hire BI team β Build reports β Wait weeks β Limited flexibility | Ask Claude: "Show me KPIs for all properties this quarter" β Instant results β Drill down conversationally |
| Data Quality Audit | Write SQL scripts β Manual testing β Document findings | Ask: "Check all tables for NULL values, duplicates, and outliers" β Comprehensive report in seconds |
| Customer Support | Support agent β Escalate to dev team β Wait for query β Manual response | Support asks Claude: "Find bookings for customer John Doe in last 6 months" β Immediate answer |
| Business Analysis | Define requirements β Request report β Wait for developer β Iterate | Analyst chats with Claude: "Compare Q1 vs Q2 revenue by region with variance analysis" β Done |
| Data Migration Validation | Write validation scripts β Run manually β Compare results β Report | Ask: "Compare row counts and sum totals between source and target for all tables" β Instant validation |
var builder = WebApplication.CreateBuilder(args);
// Configure Serilog for structured logging
builder.Host.UseSerilog();
// Add database context with SQL Server
builder.Services.AddDbContext<ApplicationDbContext>(options =>
{
var connectionString = builder.Configuration.GetConnectionString("PeopleworksGPT");
options.UseSqlServer(connectionString);
});
// Add Identity for user management
builder.Services.AddIdentity<ApplicationUser, IdentityRole<long>>()
.AddEntityFrameworkStores<ApplicationDbContext>();
// Add CORS for HTTP transport
builder.Services.AddCors(options =>
{
options.AddPolicy("MCPClients", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
// Add PeopleWorks services (reuse existing infrastructure!)
builder.Services.AddScoped<ISettingService, SettingService>();
builder.Services.AddScoped<IPromptProvider, PromptProvider>();
builder.Services.AddScoped<IOpenAiCompatiblePwDatabaseGptClient, OpenAiCompatiblePwDatabaseGptClient>();
// Add MCP-specific services
builder.Services.AddScoped<SessionManager>();
builder.Services.AddScoped<AuditLogger>();
builder.Services.AddScoped<QueryExecutionService>();
// Add MCP Server with automatic tool discovery
builder.Services.AddMcpServer(options =>
{
options.ServerInfo = new Implementation
{
Name = "PeopleWorksGPT",
Version = "1.0.0"
};
})
.WithHttpTransport(httpOptions =>
{
httpOptions.Stateless = true; // No session state required
})
.WithToolsFromAssembly(); // Auto-discover all [McpServerTool] methods
var app = builder.Build();
// Enable CORS
app.UseCors("MCPClients");
// Map MCP endpoints
app.MapMcp();
await app.RunAsync();WithToolsFromAssembly() finds all tools automatically| Metric | Value | Optimization |
|---|---|---|
| Authentication Latency | < 100ms | Indexed database lookups, efficient JWT generation |
| Query Generation Time | 1-3 seconds | Depends on AI provider latency (OpenAI/Azure) |
| Query Execution | Varies by complexity | Optimized SQL generation, proper indexing hints |
| Concurrent Users | Limited by database connections | Connection pooling, async/await throughout |
| Schema Caching | Planned for v2.0 | Memory cache for frequently accessed schemas |
Current: Plain text in database
Recommended: Encrypted using AES-256, key rotation policy, Azure Key Vault integration
Current: 60-minute expiration
Enhancement: Refresh tokens, token revocation list, shorter expiration with auto-refresh
Required: HTTPS/TLS for production
Best: mTLS for client authentication, IP whitelisting, VPN access
Built-in: Parameterized queries only
Additional: Query validation, SQL parsing, dangerous keyword detection
Current: Query audit to database
Enhanced: SIEM integration, anomaly detection, compliance reporting (GDPR, HIPAA)
Planned: Per-user query limits
Recommendation: 100 queries/hour, burst protection, cost controls for AI API usage
π― The Core Innovation: The PeopleWorks GPT MCP Server transforms how businesses interact with their data. Instead of hiring BI teams, building dashboards, or writing SQL, users can simply ask questions in natural language.
π The Reusability Win: By implementing the MCP protocol, we've made DatabaseGPT's powerful AI-to-SQL capabilities accessible to any MCP-compatible client - Claude Desktop today, ChatGPT tomorrow, custom agents next week.
π’ The Enterprise Value: Multi-user authentication, granular permissions, audit trails, multi-database support, and domain knowledge injection make this a production-ready solution for real businesses.
π The Future Path: This is just the beginning. With STRPlatform integration, advanced analytics templates, and multi-AI-provider support on the roadmap, the platform will become even more powerful.
"The Model Context Protocol is the USB-C of AI - and PeopleWorks GPT is ready to plug in."
Start using the PeopleWorks GPT MCP Server today