We started building an open-source API platform a few years ago (ApiLogicServer). You connect to your database, which generates an API, a front-end, plug in your declarative logic, add security and publish your microservice. When the AI hype started - we experimented with ChatGPT - we learned how to 'automate' the construction of the database from a single prompt. Then we discovered we could easily generate the logic using natural language (this required weeks of training). So now we can build the database, the model, the front-end, and the logic from natural language prompts (GenAI-Logic). We also added prompts to integrate Kafka or call a webhook (like n8n workflow) from a prompt.
Along comes MCP (Model Context Protocol) - described as a universal way for agents to find and use available tools. Hundreds of companies have developed MCP tools to expose services that can be coordinated by LLM (Large Language Models) to achieve goals - agents. We saw several companies exposing MCP tools connecting directly to SQL databases and we asked - "where is the logic and security?" Declarative logic usually applies to the transaction boundaries of state change (i.e CRUD operations). So if you update an email address in your database - this becomes "data at rest". If you post to an MCP tool that has logic - you validate the email, push it to Kafka, and starts a workflow that integrates with sales CRM system.
When building an API - role-based access control (RBAC) is a key to allow specific access to endpoints. The role determines the basic CRUD access and should also apply to row level filtering (e.g. sales person can only see their own customers).
We built an MCP Server by hand to expose specific API's. This allows ChatGPT to discover our 'tool' - what we found is that an API key (Authorization: Bearer ${jwt}) needs to be included in the header request. This jwt contains role information to limit what the AI can see and do. The declarative logic runs when state change occurs - this includes derivations (formula, aggregations), constraints, and events and write functions for complex processing. This is similar to using a spreadsheet at the database level.
Natural language logic and prompt driven application construction (front-end, back-end, database) is the first step in the process. Exposing specific API endpoints and integration with other tools is the goal of MCP that we will continue to explore. Logic and Security should be a key requirement for connecting and exposing your corporate data. Check us out at http://genai-logic.com. Build an app, download the open source model, and test the MCP solution.
