Skip to main content
Breadbox exposes its data to AI agents through the Model Context Protocol. An MCP client connects to the server, receives a catalog of typed tools at handshake time, and calls them to read and write the same PostgreSQL dataset the admin dashboard and REST API sit on top of. Every tool is a thin wrapper around the internal service layer — there is no HTTP round-trip between the MCP handler and the database. This reference enumerates every tool the server registers, along with inputs, outputs, and the REST endpoint each one mirrors when one exists.

Transports

Breadbox ships with two MCP transports. Both expose the same tool set.
TransportEndpointAuthTypical client
Streamable HTTPPOST /mcp on your Breadbox hostX-API-Key headerClaude.ai custom connector, Claude Code via --mcp, remote agents
stdiobreadbox mcp-stdio subcommandNone (local only)Claude Desktop, local scripts, anything embedding the binary
The HTTP transport is filtered per request: every call builds a fresh *mcpsdk.Server from the tool registry, applying the current global MCP mode, per-tool disable list, and the API key’s scope. The stdio transport is unfiltered — it’s intended for local, trusted use. See Set up MCP for connection examples.

Authentication and scopes

The HTTP transport authenticates with an API key. The key’s scope controls which tools are visible:
  • full_access — every tool in the registry is registered on the per-request server, subject to the global mode and disable list.
  • read_only — write tools are filtered out entirely. The client never sees them in its tool catalog, so it can’t call them even if it tries.
The global MCP mode (app_config.mcp_mode) overlays a second filter. When set to read_only, writes are suppressed for every key regardless of scope. The admin UI at /mcp controls the mode and per-tool disable list.

Write session discipline

Every write tool requires two extra fields, enforced by the server before the handler runs:
  • session_id — obtained from create_session. Lasts for one logical task (e.g. “weekly review”).
  • reason — a brief string describing this specific call (e.g. “categorizing clearly valid grocery charge”).
Read tools accept both fields as optional. Including them associates the call with a session in the activity log. create_session itself is the only write tool that doesn’t require a session — it’s how you obtain one. See create_session on the Sessions page for the exact shape.

Read vs write classification

Each tool in this reference is tagged Read or Write. The distinction drives:
  1. Scope filtering — read_only keys never see write tools.
  2. Session enforcement — write tools require session_id + reason; reads don’t.
  3. Activity logging — every call is logged asynchronously with the classification.
Write tools also run an in-handler checkWritePermission check as a belt-and-suspenders guard against TOCTOU races between config changes and server construction.

ID format in responses

Entity IDs in MCP responses are compact 8-character base62 strings (e.g., k7Xm9pQ2). Internally every row has both a full UUID and a short ID; the MCP response pipeline replaces every id field with the short ID value and drops the short_id field entirely to save tokens. Tool inputs accept either form — both the UUID and the short ID resolve to the same row. This differs from the REST API, which returns both id (UUID) and short_id on every record. If you’re cross-referencing between an agent session and the admin UI, remember that what the agent sees as id is what the UI calls short_id.

Resources

MCP resources are static or live documents the server exposes alongside tools. Breadbox serves three:
URIMIMEWhat it returns
breadbox://overviewapplication/jsonLive dataset summary: users, connections, accounts, 30-day spending, top categories
breadbox://review-guidelinestext/markdownGuidance for reviewing transactions and creating rules (user-editable in /mcp admin)
breadbox://report-formattext/markdownReport structure templates used by submit_report (user-editable)
Agents are expected to read breadbox://overview first to orient themselves, and to read breadbox://review-guidelines before processing review work.

Error shape

Tool errors return a standard MCP call result with isError: true and a single text content block containing JSON: 
{ "error": "session_id is required for write operations; call create_session first" }
Transport-level errors (bad authentication, malformed JSON-RPC) come back as JSON-RPC error responses and never reach the tool handler.

Relationship to the REST API

Many MCP tools mirror a REST endpoint. Where one exists, the reference page cross-links to it. Both layers call the same service methods — there are no behavioral differences beyond the ID compaction above and the session-tracking layer. If a feature is available in one surface but not the other, that’s a gap, not a design choice, and worth flagging.

Grouped tool index

A complete list of every tool Breadbox exposes, grouped by domain. Data access (read) Mutations (write)