Moving parts

End-to-end flow from an MCP client through Laravel to executors and the database. The personal access token is what authorizes access to tools; it encodes which tool group applies.

Diagram

flowchart LR subgraph client [MCP client] H[Host / IDE / worker] end subgraph edge [Edge] A[Apache TLS] end subgraph laravel [Laravel] S[auth:sanctum] M[ResolveMcpToolGroup] R[RichBotMcpServer] F[ToolSchemaFactory] D[ToolDispatcher] E[Executors] end subgraph data [Data] DB[(MySQL)] end H -->|HTTPS POST JSON-RPC Bearer PAT| A --> S --> M --> R R --> F R --> D --> E --> DB

Text summary

MCP client
    → HTTPS (Authorization: Bearer PAT)
    → Apache / PHP-FPM
    → Laravel auth:sanctum
    → Resolve tool group from ability mcp:tool-group:{id} + tool_group_user
    → RichBotMcpServer (single /mcp route; tools loaded per request from DB for that group)
    → ToolSchemaFactory / ToolDispatcher → executors
    → MySQL (tools, parameterDefinitions, groups, pivots)

Web UI vs MCP

Spatie roles control who may open the token page or run imports. That is separate from MCP: once a PAT exists, any client that holds it can call /mcp within that token’s tool group—ideal for other servers and automation talking to this host.