-
Notifications
You must be signed in to change notification settings - Fork 70
MCP and Automation
The add-in exposes a public API (VCS / clsVersionControl) for scripting, CI, and MCP (Model Context Protocol) agents. Automation can export/import objects, run tests, and execute controlled VBA — but every sensitive capability is disabled by default.
This page is for database owners and administrators deciding what to enable. API details for developers and agents are in the repository AGENTS.md.
| Capability | Option gate | Risk if misused |
|---|---|---|
| Import objects from source files |
Allow Object Import from Source (McpAllowImport) |
Overwrites database objects from untrusted source |
| Call existing public VBA procedures | Part of import/VBA policy | Runs code already in the database |
Read-only SELECT via DAO |
Allow Read-Only SQL Queries (McpAllowExecuteSQL) |
Reads data exposed to the add-in connection |
| Arbitrary VBA in a temp module |
Allow Arbitrary VBA Execution (McpAllowRunVBA) |
Highest risk — full VBA execution as the interactive user |
| Run test suites / round-trip harness | Requires Allow Arbitrary VBA Execution | Can modify sandbox objects and fixture folders |
Configure gates under Options → MCP.
New projects and upgrades leave MCP permissions Off. Agents connecting through an MCP server cannot import, run SQL, or execute arbitrary VBA until an administrator explicitly enables the needed flags in Options and saves vcs-options.json.
Treat enabling Allow Arbitrary VBA Execution like granting macro/VBA trust to an automated operator.
-
Trust the add-in file — Only install
Version Control.accdafrom official releases or builds you compiled from source. -
Trust source files — Import/build runs VBA hooks and object definitions from your
.srctree. Protect the repository branch permissions. - Session scope — MCP can use session-scoped option overrides; they should not persist beyond the session without your intent.
- UI skipped — Agent operations may auto-resolve merge conflicts and skip dialogs. Human review happens in Git, not in Access prompts.
-
Index — Single-object agent export/import may skip updating
vcs-index.idxby design; run a normal export afterward for consistent Fast Save.
| Permission | Enable when… |
|---|---|
| Object Import | You use an agent to apply reviewed PRs to a dev database; source repo is trusted. |
| Read-Only SQL | Agent needs to inspect data for debugging; no write access required. |
| Arbitrary VBA | You run VCS.RunTests, VCS.RunRoundtripTests, or custom automation via RunVBA; dev machine only. |
| VBA function calls | Agent should call existing project APIs without injecting new code. |
For production databases, prefer no MCP permissions or a dedicated sandbox copy.
- Security Considerations — Trust Center, hooks, export/build
-
Connections — keep
.envout of Git - Export on Save Hook — optional DLL
- Repository
AGENTS.md—RunVBA,errorLine,ExportObject,RunTestsfilters -
clsVersionControl— public API implementation