7. Exercise 2: Persisted queries
1m

Persisted queries

Another way to secure the MCP server is to use a safelist of as tools for your MCP server.

With , clients can send identifiers instead of full operations. Additionally, we can configure a safelist of IDs to allow, configured in . When you enable safelisting, the rejects any incoming operations not registered in its .

The MCP server can then execute an by providing its ID instead of the entire operation string.

Requesting by ID can significantly reduce latency and bandwidth usage for large strings.

Exercise 2: Persisted queries ( 5 min)

Goal: Configure the MCP server to use -managed as the source for tools. Configure the to only allow queries that are in the safelist.

Steps

  1. Configure the MCP server to use -managed as the source for tools.

    mcp.yaml
    operations:
      source: uplink

  2. Configure the to enable .

    graph/router.yaml
    persisted_queries:
      enabled: true

  3. Restart the rover dev process to pick up the changes. You'll see more new tools load in. Test this new source using MCP Inspector.

Which of the following are available tools for the MCP server when sourcing from the persisted query manifest?

Try to run an using the execute tool:

query {
  featuredListings {
    title
  }
}

The still accepts it.

  1. Configure the to only allow queries that are in the safelist.

    graph/router.yaml
    persisted_queries:
      enabled: true
      safelist:
        enabled: true # Router will reject any operations that are not registered in the persisted queries list
      log_unknown: true # Router will log any operations that are not registered in the persisted queries list
    apq:
      enabled: false # to enable safelist, APQs must be disabled

  2. Test this new configuration using MCP Inspector. Use the execute tool and run the same as before. The now rejects it.

Previous