mcp-1c
MCP server (Go binary) that integrates AI assistants with 1C:Enterprise by exposing MCP tools to inspect 1C configuration/metadata and perform limited query and code-related operations over a local 1C HTTP service (and an installed 1C extension).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is only partially evidenced by the README. TLS requirements for the 1C HTTP service are not stated; auth for MCP itself is not described (potentially relies on local network/process trust). The toolset emphasizes SELECT-only query execution, which reduces destructive capabilities, but does not provide documented authorization boundaries or fine-grained scopes. Credentials are accepted via env vars/CLI flags, but the README does not document how secrets are logged or handled internally. Dependency hygiene and vulnerability status are not evidenced in provided content.
⚡ Reliability
Best When
You have a 1C environment with an HTTP service you control, and you want an MCP-capable AI client to generate/analyze BSL code using your real configuration metadata, ideally with local models or within your network.
Avoid When
You cannot control or secure the 1C HTTP endpoint, you need strong guarantees about auth, logging/PII handling, or you must rely on undocumented/undemonstrated HTTP security behaviors for a public-facing deployment.
Use Cases
- • Chat/assistant workflows that need awareness of a specific 1C configuration (metadata tree, object structure, forms, modules)
- • BSL code assistance grounded in real platform metadata and (optionally) repository/extension code
- • Safe(ish) read-only querying and validation of 1C queries (SELECT only)
- • Debugging/diagnosing BSL and 1C-related issues via search, syntax help, and (in paid tier) lint/compatibility tools
- • Retrieving 1C registration/event logs with filtering
Not For
- • Writing or executing arbitrary business logic in 1C (server appears focused on inspection/search and SELECT-only queries)
- • Handling untrusted or sensitive data sharing with third-party LLM providers without considering data exposure in your chosen MCP client
- • Production-grade, internet-exposed deployments without proper network and auth controls
- • Auditing/compliance use where detailed security posture and guarantees are required (not evidenced in the provided docs)
Interface
Authentication
The README describes credentials for the 1C HTTP service (MCP_1C_USER/MCP_1C_PASSWORD or CLI flags) but does not describe authentication/authorization for the MCP interface itself (e.g., whether tools require an API key, token, or session auth).
Pricing
Free tier exists (MIT repo / open version). Paid tier appears to be subscription-based for expanded toolset; no explicit payment method or credit-card requirement stated.
Agent Metadata
Known Gotchas
- ⚠ Tool behavior may depend on correct setup of the 1C HTTP service and installation of the 1C extension via --install; failures could look like missing metadata or connectivity issues.
- ⚠ For execute_query/validate_query, the docs state SELECT-only—agents may need to constrain themselves to read-only queries.
- ⚠ search_code has multiple modes (smart/regex/exact); agents should choose the appropriate mode to avoid unexpectedly expensive or overly broad queries.
- ⚠ Advanced beta and paid tools are not part of the open MCP set; agents should detect which tools are available in the running server/version.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-1c.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.