The implementation enables users to ask structured queries — for example, "find SaaS companies in Germany with 50 — 200

Engineers built a production — grade Model Context Protocol (MCP) server on AWS to let LLM clients query a B2B intelligence dataset of more than one million company profiles while keeping production systems protected. The implementation enables users to ask structured queries — for example, “find SaaS companies in Germany with 50 — 200 employees”—and receive results directly through the LLM client without opening a portal or manually exporting data. That approach matters because it channels LLM access through a hardened, auditable interface rather than creating an unsafe bridge to live systems.

The backend exposes business objects via GraphQL on AWS AppSync, while a Go-based MCP server translates user requests into narrowly scoped tools. The stack uses mcp-go as the GraphQL client and implements a tool layer that covers search, AI-assisted search, and collection — oriented actions; AppSync remains the system of record. Design choices treated the MCP layer as a first — class interface with its own security assumptions and testing strategy, emphasizing explicit contracts and operational controls.

Key operational patterns focused on limiting each tool’s surface area and making request handling predictable and auditable. Narrow tool boundaries, clear contracts, and comprehensive audit logs were prioritized to keep system behavior understandable at scale for both engineers and end users. The architects stressed that while MCP supplies the connection model, production safety ultimately depends on how much power each tool is granted and how precisely its behavior is defined.

To reduce risk, the team separated read and write operations at the tool level and adopted a default — deny policy for mutations, creating a safer path from experimentation to production. Those controls limited what LLM-driven calls could change in the backend and constrained the scope of allowed operations during early testing and in production rollouts.

Testing and validation exposed subtle integration issues that mocked unit tests alone failed to catch. Capturing the actual GraphQL variables sent by each tool made mocked tests far more valuable and helped surface normalization bugs-examples included incorrect country — code resolution and missing limit capping before requests reached AppSync. In one case a unit test suite passed mocked tests for operations like create_collection, but the real backend returned a Lambda null-pointer error.

That production failure underscored why real-system validation — using an MCP Inspector as a release gate-remained mandatory. For teams connecting LLMs to business data the practical implications are concrete: treat the MCP server as the production interface, enforce narrow, well-specified tool contracts, prioritize read/write separation and default — deny mutations, and include real-system validation to catch issues unit tests can miss.