feat: add MCP server as .NET global tool with URL allowlist security by Copilot · Pull Request #225 · ALM4Dataverse/Rnwood.Dataverse.Data.PowerShell

Copilot · 2025-11-05T18:23:44Z

Description

Adds a Model Context Protocol (MCP) STDIO server exposing PowerShell with the Dataverse module pre-loaded. Enables AI assistants (e.g., Claude Desktop) to execute PowerShell scripts against Dataverse environments with URL allowlist security enforced at cmdlet level.

Changes Made

MCP Server Project (Rnwood.Dataverse.Data.PowerShell.McpServer)

.NET 8.0 global tool using ModelContextProtocol SDK v0.4.0-preview.3
PowerShell 7.4.6 hosted in persistent runspaces with restricted language mode by default
STDIO transport for direct process invocation

Security

URL allowlist enforced in Get-DataverseConnection cmdlet (not wrapper - cannot be bypassed)
Validates against $Global:AllowedDataverseUrls session variable for all connection methods (interactive, saved, client secret, etc.)
Auto-connects to first allowed URL on session creation
Providers disabled by default (FileSystem, Registry, etc.)

MCP Tools

GetCmdletList - Returns cmdlets with synopsis
GetCmdletHelp - Returns full help content
CreateSession - Creates persistent PowerShell session
RunScriptInSession - Executes scripts with state persistence
GetScriptOutput - Retrieves output (full or incremental)
EndSession - Cleanup

CLI

--allowed-urls (required) - URL allowlist
--unrestricted-mode - Disable language restrictions
--enable-providers - Enable PowerShell providers

Packaging & CI/CD

Published to NuGet.org as Rnwood.Dataverse.Data.PowerShell.McpServer
Module bundled in package at tools/net8.0/any/module/
CI workflow builds, packs, and publishes on releases and main branch

Documentation

Featured in main README with quick start, Claude Desktop config, 5 practical use cases
Uses new dnx command (.NET 10 SDK) for streamlined execution

Example Usage

# Install and run with dnx (no installation needed)
dnx rnwood-dataverse-mcp --allowed-urls https://myorg.crm.dynamics.com

# Or install globally
dotnet tool install --global Rnwood.Dataverse.Data.PowerShell.McpServer
rnwood-dataverse-mcp --allowed-urls https://myorg.crm.dynamics.com

Claude Desktop Configuration

{
  "mcpServers": {
    "dataverse": {
      "command": "dnx",
      "args": ["rnwood-dataverse-mcp", "--allowed-urls", "https://yourorg.crm.dynamics.com"]
    }
  }
}

Testing

Unit tests pass
E2E tests pass (McpServer.Tests.ps1 validates full workflow)
Manual testing completed
Build succeeds without errors
Package creation and module bundling verified
URL restriction enforcement validated
Auto-connection to first allowed URL tested

Checklist

Code follows the project's coding conventions
Documentation updated (main README + MCP Server README)
Tests added/updated (e2e-tests/McpServer.Tests.ps1)
PR title uses conventional commit format (REQUIRED)

Original prompt

Create a STDIO mcp provider (.net8 only) using https://github.com/modelcontextprotocol/csharp-sdk

It should host powershell using the PowerShell SDK and allow the caller to execute arbitrary PowerShell with the module (and no others) pre-loaded. The file system provider, registry provider etc should all be disabled.

The provider should allow callers to start a script (string), return an ID that represents it and expose another action to get the full or just new output since last call. Follow existing patterns in other similar tools like the ones you have access to.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

rnwood · 2025-11-05T18:58:51Z

@copilot Add actions to get list of cmdlets with a summary of what they do (from help) and another to return the full help content for a cmdlet.

The default connection should be set as part of the MCP startup referencing a named connection that Get-DataverseConnection has saved. If no name is provided startup should fail with good instructions on how to save the required connection.

Copilot · 2025-11-05T19:07:06Z

@copilot Add actions to get list of cmdlets with a summary of what they do (from help) and another to return the full help content for a cmdlet.

The default connection should be set as part of the ...

Implemented in commit 2d55d70:

New MCP Tools:

GetCmdletList - Returns all Dataverse cmdlets with their synopsis
GetCmdletHelp - Returns full help content (description, parameters, examples) for any cmdlet

Default Connection:

Connection name now required via CLI argument or DATAVERSE_CONNECTION_NAME env var
Server validates connection on startup and fails with helpful instructions if not found
$connection variable automatically pre-loaded in all script sessions

Example usage:

dotnet run --project McpServer.csproj MyConnection

Or with environment variable:

export DATAVERSE_CONNECTION_NAME=MyConnection
dotnet run --project McpServer.csproj

rnwood · 2025-11-05T22:04:36Z

@copilot default to PowerShell restricted language mode, but provide a cmd line option to disable it. Also allow the filesystem provider and other restrictions to be turned off.

Also, it would be good to allow a session to be started and then for multiple scripts to be run in the same session one after the other if needed. An end session would be good too. So run script will need to track if the supplied script has exited, not the whole runspace.

rnwood · 2025-11-05T22:07:12Z

@copilot set up CI so that the MCP provider is packaged and pushed as .net global tool. It should bundle the module with it.

Copilot · 2025-11-05T22:14:26Z

@copilot default to PowerShell restricted language mode, but provide a cmd line option to disable it. Also allow the filesystem provider and other restrictions to be turned off.

Also, it would be goo...

Implemented in commit 16ba421:

PowerShell Restricted Language Mode

Now defaults to restricted language mode for security
Use --unrestricted-mode or -u to disable restrictions

Provider Control

Providers (FileSystem, Registry, etc.) now disabled by default
Use --enable-providers or -p to enable them

Persistent Sessions

New CreateSession tool creates a persistent runspace
RunScriptInSession executes multiple scripts in same session
Variables and state persist between scripts
EndSession cleans up resources
Tracks individual script completion, not runspace completion

Command-Line Library

Added System.CommandLine for proper argument parsing
Full --help support with descriptions
Options: -c/--connection, -u/--unrestricted-mode, -p/--enable-providers

Example usage:

# Restricted mode (default)
dotnet run -- -c MyConnection

# Full access
dotnet run -- -c MyConnection --unrestricted-mode --enable-providers

Copilot · 2025-11-05T22:22:56Z

@copilot set up CI so that the MCP provider is packaged and pushed as .net global tool. It should bundle the module with it.

Implemented in commit ee0d35d:

. NET Global Tool Configuration

Configured as packaged tool with command name dataverse-mcp
Module files bundled in package at tools/net8.0/any/module/
Install with: dotnet tool install --global Rnwood.Dataverse.Data.PowerShell.McpServer

CI/CD Workflow

Added build, pack and publish steps to .github/workflows/publish.yml
Builds and packages on all publish matrix runs
Publishes to NuGet.org on:
- Stable releases (from GitHub releases)
- CI builds from main branch (as prereleases)
Version automatically determined from tags or conventional commits

Usage

# Install
dotnet tool install --global Rnwood.Dataverse.Data.PowerShell.McpServer

# Run
dataverse-mcp --connection MyConnection

# Update
dotnet tool update --global Rnwood.Dataverse.Data.PowerShell.McpServer

Module is automatically included in the tool package - no separate installation needed.

rnwood · 2025-11-06T05:41:20Z

@copilot prefix the dotnet tool name with rnwood-

Copilot · 2025-11-06T05:45:45Z

@copilot prefix the dotnet tool name with rnwood-

Updated in commit 3d27407:

Tool command name changed from dataverse-mcp to rnwood-dataverse-mcp.

Installation:

dotnet tool install --global Rnwood.Dataverse.Data.PowerShell.McpServer

Usage:

rnwood-dataverse-mcp --connection MyConnection

Updated README and Claude Desktop configuration examples.

rnwood · 2025-11-06T06:07:45Z

@copilot in the MCP session, the named connection should be -setasdefault

add an e2e test for the MCP server as part of the existing e2e tests. It should create and save a connectioj, launch the mcp server and test that it can run and monitor a script that uses the connection

Copilot · 2025-11-06T06:12:11Z

@copilot in the MCP session, the named connection should be -setasdefault

add an e2e test for the MCP server as part of the existing e2e tests. It should create and save a connectioj, launch the mcp...

Implemented in commit 9c36b68:

Connection SetAsDefault:

Added -SetAsDefault flag when loading named connection in MCP sessions
Connection is now set as the default connection for seamless cmdlet usage

E2E Test:

Added comprehensive e2e test in e2e-tests/Module.Tests.ps1
Test workflow:
1. Creates and saves a test connection with unique name
2. Launches MCP server process with the connection
3. Tests MCP protocol initialization (JSON-RPC)
4. Creates a persistent session
5. Runs a script (Get-DataverseWhoAmI)
6. Monitors script execution and retrieves output
7. Validates output contains expected data
8. Ends session and cleans up process
Test validates full MCP server workflow with real Dataverse connection
Runs as part of existing e2e test suite

rnwood · 2025-11-06T06:39:27Z

@copilot please split the test into another file and make sure the tests run all in parallel like the main non e2e tests

Copilot · 2026-02-01T14:55:17Z

@copilot in the docs dnx should be the preferred way to launch without install needed:
You must read this: https://learn.microsoft.com/en-us/dotnet/core/whats-new/dotnet-10/sdk

Updated in commit e6c40f8:

Documentation now shows dotnet exec as the preferred method:

MCP Server README - dotnet exec listed first with benefits:
- No installation needed
- Always uses latest version
- No global PATH pollution
- Version pinning support
Main README - Quick start and advanced examples updated:
- Primary configuration uses dotnet exec syntax
- Global tool shown as alternative
- All Claude Desktop config examples use dotnet exec

Example configuration:

{
  "mcpServers": {
    "dataverse": {
      "command": "dotnet",
      "args": [
        "exec",
        "--package",
        "Rnwood.Dataverse.Data.PowerShell.McpServer",
        "rnwood-dataverse-mcp",
        "--",
        "--allowed-urls",
        "https://yourorg.crm.dynamics.com"
      ]
    }
  }
}

This eliminates the need to install the tool globally while providing automatic updates.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

learn.microsoft.com
- Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Add GetCmdletList tool to list all cmdlets with synopsis - Add GetCmdletHelp tool to get detailed help for specific cmdlets - Add connection name parameter (CLI arg or env var DATAVERSE_CONNECTION_NAME) - Validate connection on startup with helpful error messages - Pre-load $connection variable in script sessions - Update README with setup instructions and new tool documentation Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

…strictions - Add System.CommandLine for proper command-line parsing - Implement persistent sessions with CreateSession/RunScriptInSession/EndSession - Add --unrestricted-mode flag to disable restricted language mode (default: restricted) - Add --enable-providers flag to enable FileSystem/Registry providers (default: disabled) - Track individual script executions, not whole runspace completion - Scripts in same session share variables and state - Update README with new session model and security options - Maintain backward compatibility with session-based execution Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Configure project as .NET global tool (command: dataverse-mcp) - Bundle Dataverse PowerShell module in package at tools/net8.0/any/module/ - Update module path resolution to check packaged location first - Add CI workflow steps to build, package and publish to NuGet.org - Publish on stable releases and CI builds from main branch - Update README with installation and usage instructions for global tool - Update Claude Desktop configuration examples Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

Change tool command from 'dataverse-mcp' to 'rnwood-dataverse-mcp' for better namespacing and to avoid potential conflicts with other tools. Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Add -SetAsDefault flag when loading named connection in MCP sessions - Add comprehensive e2e test for MCP server that: - Creates and saves a test connection - Launches the MCP server process - Tests MCP protocol initialization - Creates a session - Runs a script (Get-DataverseWhoAmI) - Monitors script execution and retrieves output - Ends the session and cleans up - Test validates full MCP server workflow with real connection Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Create new McpServer.Tests.ps1 in e2e-tests directory - Move MCP server test from Module.Tests.ps1 to McpServer.Tests.ps1 - Each test file has its own BeforeAll setup for isolation - Tests can now run in parallel like other test files - No functional changes to test logic Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Add --http flag to run server in HTTP mode instead of STDIO - HTTP mode uses ASP.NET Core with JSON-RPC endpoints at /mcp - Supports standard ASP.NET environment variables (ASPNETCORE_URLS, etc.) - Add Microsoft.AspNetCore.App package reference - Implement JSON-RPC request handler for HTTP mode - Update README with HTTP mode documentation and examples - Add comprehensive e2e test for HTTP mode (McpServer-Http.Tests.ps1) - Test validates full HTTP workflow including initialize, session creation, script execution, and cleanup Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Add ModelContextProtocol.AspNetCore package (v0.4.0-preview.3) - Remove Microsoft.AspNetCore.App reference (provided by AspNetCore package) - Simplify HTTP mode to use AddMcpServer().WithHttpTransport() and MapMcp() - Remove manual JSON-RPC request handling code - Update README to mention official ASP.NET Core package - HTTP endpoints now managed by ModelContextProtocol framework Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

…ve connection parameter - Remove HTTP mode support and ModelContextProtocol.AspNetCore dependency - Remove --connection parameter (auto-connects to first allowed URL) - Add --allowed-urls parameter (required) for URL allowlist - Add ValidateUrlIfRestricted method in Get-DataverseConnection cmdlet - Cmdlet checks session variable $Global:AllowedDataverseUrls for restrictions - PowerShellExecutor sets allowed URLs as session variable - Simplifies session initialization (just sets URLs and auto-connects) - Remove HTTP e2e test - Update README to reflect new URL restriction model Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

Add ValidateUrlIfRestricted method that checks URLs against a session variable $Global:AllowedDataverseUrls before creating connections. Validation is: - Optional: no restrictions when variable is unset, null, or empty - Case-insensitive: URLs are normalized to lowercase - Trailing-slash normalized: URLs are compared without trailing slashes - Applied to all authentication methods (Interactive, DeviceCode, UsernamePassword, ClientSecret, ClientCertificate, DefaultAzureCredential, ManagedIdentity, AccessToken, Mock, and LoadNamed parameter sets) Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Add MCP Server to features list with emoji and anchor link - Add dedicated "MCP Server for AI Assistants" section with: - Quick start guide (install, configure, restart) - 5 practical example use cases with PowerShell code - Security features overview - Advanced configuration examples (multiple envs, unrestricted mode) - Link to full MCP Server documentation - Show installation via dotnet tool - Demonstrate Claude Desktop configuration - Include real-world scenarios (queries, creates, updates, reports) Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

…eeded) - Update MCP Server README to show dotnet exec as recommended method - Update main README to use dotnet exec in quick start and advanced examples - Add benefits: no installation, always latest version, no PATH pollution - Keep global tool as alternative method for users who prefer it - Update all Claude Desktop configuration examples to use dotnet exec syntax - Document version pinning capability with dotnet exec Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

- Replace all dotnet exec --package commands with dnx - Simplify Claude Desktop configuration examples - Update main README MCP server section - Update MCP Server README installation and configuration - Add note about .NET 10 SDK requirement for dnx - Keep global tool installation as alternative option - Much cleaner and simpler syntax for users Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

Copilot AI assigned Copilot and rnwood Nov 5, 2025

Copilot started work on behalf of rnwood November 5, 2025 18:24 View session

Copilot AI changed the title ~~[WIP] Create STDIO MCP provider using .NET 8 and PowerShell SDK~~ feat: add MCP server for PowerShell execution with Dataverse module Nov 5, 2025

Copilot AI requested a review from rnwood November 5, 2025 18:42

Copilot finished work on behalf of rnwood November 5, 2025 18:42

Copilot started work on behalf of rnwood November 5, 2025 18:59 View session

Copilot finished work on behalf of rnwood November 5, 2025 19:08

Copilot started work on behalf of rnwood November 5, 2025 22:05 View session

Copilot AI changed the title ~~feat: add MCP server for PowerShell execution with Dataverse module~~ feat: add MCP server with persistent sessions and configurable security Nov 5, 2025

Copilot finished work on behalf of rnwood November 5, 2025 22:15

Copilot started work on behalf of rnwood November 5, 2025 22:16 View session

Copilot AI changed the title ~~feat: add MCP server with persistent sessions and configurable security~~ feat: add MCP server as .NET global tool with persistent sessions and configurable security Nov 5, 2025

Copilot finished work on behalf of rnwood November 5, 2025 22:24

Copilot started work on behalf of rnwood November 6, 2025 05:41 View session

Copilot finished work on behalf of rnwood November 6, 2025 05:47

Copilot started work on behalf of rnwood November 6, 2025 06:08 View session

Copilot finished work on behalf of rnwood November 6, 2025 06:13

Copilot started work on behalf of rnwood November 6, 2025 06:40 View session

Copilot started work on behalf of rnwood February 1, 2026 14:52 View session

Copilot AI changed the title ~~feat: add MCP server as .NET global tool with URL allowlist security~~ feat: add MCP server as .NET tool with URL allowlist security (no installation required) Feb 1, 2026

Copilot finished work on behalf of rnwood February 1, 2026 14:57

Copilot started work on behalf of rnwood February 1, 2026 14:58 View session

Copilot AI changed the title ~~feat: add MCP server as .NET tool with URL allowlist security (no installation required)~~ feat: add MCP server as .NET global tool with URL allowlist security Feb 1, 2026

Copilot finished work on behalf of rnwood February 1, 2026 15:00

Copilot started work on behalf of rnwood February 1, 2026 15:02 View session

Copilot finished work on behalf of rnwood February 1, 2026 15:07

Copilot AI and others added 20 commits February 1, 2026 16:32

Initial plan

e8ab66e

feat: add MCP Server project with PowerShell execution tools

ca33b2e

Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

docs: add README and improve module path resolution

62b6365

Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

fix: address code review feedback on event handlers

5b31215

Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

fix: prefix tool command name with rnwood-

0be1bb3

Change tool command from 'dataverse-mcp' to 'rnwood-dataverse-mcp' for better namespacing and to avoid potential conflicts with other tools. Co-authored-by: rnwood <1327895+rnwood@users.noreply.github.com>

Tweaks

33f55a9

Fix

ceb45fa

WIP

0c90000

rnwood force-pushed the copilot/create-stdio-mcp-provider branch from de743d9 to 0c90000 Compare February 4, 2026 18:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add MCP server as .NET global tool with URL allowlist security#225

feat: add MCP server as .NET global tool with URL allowlist security#225
Copilot wants to merge 20 commits into
mainfrom
copilot/create-stdio-mcp-provider

Copilot AI commented Nov 5, 2025 •

edited

Loading

Uh oh!

rnwood commented Nov 5, 2025

Uh oh!

Copilot AI commented Nov 5, 2025

Uh oh!

rnwood commented Nov 5, 2025

Uh oh!

rnwood commented Nov 5, 2025

Uh oh!

Copilot AI commented Nov 5, 2025

Uh oh!

Copilot AI commented Nov 5, 2025

Uh oh!

rnwood commented Nov 6, 2025

Uh oh!

Copilot AI commented Nov 6, 2025

Uh oh!

rnwood commented Nov 6, 2025

Uh oh!

Copilot AI commented Nov 6, 2025

Uh oh!

rnwood commented Nov 6, 2025

Uh oh!

Copilot AI commented Feb 1, 2026 •

edited

Loading

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Copilot AI commented Nov 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Changes Made

Testing

Checklist

Uh oh!

rnwood commented Nov 5, 2025

Uh oh!

Copilot AI commented Nov 5, 2025

Uh oh!

rnwood commented Nov 5, 2025

Uh oh!

rnwood commented Nov 5, 2025

Uh oh!

Copilot AI commented Nov 5, 2025

Uh oh!

Copilot AI commented Nov 5, 2025

Uh oh!

rnwood commented Nov 6, 2025

Uh oh!

Copilot AI commented Nov 6, 2025

Uh oh!

rnwood commented Nov 6, 2025

Uh oh!

Copilot AI commented Nov 6, 2025

Uh oh!

rnwood commented Nov 6, 2025

Uh oh!

Copilot AI commented Feb 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Nov 5, 2025 •

edited

Loading

Copilot AI commented Feb 1, 2026 •

edited

Loading