Ask your AI coding assistant about your .NET solution structure and watch it hallucinate. It'll guess at project references, miss TFM mismatches, and confidently tell you things that aren't true — because it has no way to actually evaluate your MSBuild project files.
Existing tools like BinlogInsights require you to build first, then analyze the binary log. That's useful, but it means you need a successful build before you can ask questions. What if your solution is broken? What if you just want to understand the dependency graph before a migration?
I built MSBuild Graph MCP Server to fill this gap. It evaluates MSBuild project files directly — no build required — and exposes the results through 10 MCP tools that any AI assistant can call.
What It Does
Install it as a .NET global tool:
dotnet tool install -g MsBuildGraphMcp
Then ask your assistant natural questions:
- "Show me the dependency graph for this solution" → full DAG with topological sort
- "Are there any TFM mismatches?" → finds net6.0 projects referencing net8.0 libraries
- "What breaks if I remove CoreLib?" → BFS traversal of all direct + transitive dependents
- "Compare Debug vs Release" → property and package reference diffs
- "Where does LangVersion come from?" → traces to Directory.Build.props, line 3
10 Tools, Grouped by Purpose
Understand Structure:
-
analyze_solution— parse .sln, .slnx, .slnf with full project metadata -
get_project_graph— dependency DAG, topological sort, graph metrics -
find_shared_imports— Directory.Build.props/.targets discovery -
list_projects— fast listing, no MSBuild evaluation overhead
Find Issues:
-
detect_build_issues— TFM mismatches, orphans, circular deps, platform conflicts -
check_package_versions— NuGet version consistency, CPM detection, VersionOverride
Analyze Impact:
-
analyze_impact— "what breaks if I touch project X?" -
get_build_order— topological sort with critical path length
Compare & Inspect:
-
compare_configurations— diff any two build configurations -
analyze_project_properties— property values with source file + line tracking
Plus 2 guided prompts: project-health-check (scores your solution 1-10) and migration-readiness (assesses .NET version upgrade feasibility).
We Predict. They Report.
Every other MSBuild MCP server does post-build analysis — they parse binary logs after compilation. That's retrospective. We do pre-build analysis: evaluating project files directly through MSBuild's ProjectGraph API.
| MSBuild Graph MCP | Binlog tools | |
|---|---|---|
| Requires build | No | Yes |
| Works on broken solutions | Yes | No |
| Dependency analysis | Full DAG | Limited |
| TFM compatibility checking | Yes (NuGet.Frameworks) | No |
| Impact analysis | Yes | No |
| Configuration diff | Yes | No |
This matters when you're planning a migration, onboarding to a large codebase, or debugging build issues in a solution that won't compile yet.
Security: 15 Measures, Zero Side Effects
All tools are read-only. No builds triggered, no files modified, no network requests, no arbitrary commands.
Highlights:
-
Startup guard blocks
MSBUILDENABLEALLPROPERTYFUNCTIONS— mitigates CVE-2025-21172 (property function RCE) -
Pre-evaluation XML scanner detects
System.IO.File,System.Net,System.Diagnosticsin project files before MSBuild evaluates them - IsBuildEnabled = false on all ProjectCollection instances — prevents target execution
- UNC path rejection, extension whitelist, symlink detection, input length caps
- Error sanitization strips user paths and stack traces from responses
-
Allowed directories via
MSBUILD_MCP_ALLOWED_PATHSenvironment variable
MSBuild property functions execute during evaluation by design — this is the same trust model as opening a project in Visual Studio. Only analyze projects you trust.
333 Tests, 8 Bugs Caught
The test suite runs against real MSBuild APIs — no mocks. A TempSolutionBuilder fixture creates actual .sln/.slnx/.csproj files in temp directories for every test scenario.
This approach caught 8 production bugs during development, including:
-
CircularDependencyExceptionnot being caught (MSBuild throws this separately fromMSB4251) -
ToDictionarycrash on duplicate PackageReferences (neededGroupByfirst) - Resource leaks on exception paths (added
try/finallycleanup) - Unbounded parallelism on 64-core machines (capped at 8)
All 333 tests pass in ~12 seconds on CI.
Get Started
Install:
dotnet tool install -g MsBuildGraphMcp
Claude Desktop — add to claude_desktop_config.json:
{
"mcpServers": {
"msbuild-graph": {
"command": "msbuild-graph-mcp"
}
}
}
VS Code — add to .vscode/mcp.json:
{
"servers": {
"msbuild-graph": {
"type": "stdio",
"command": "msbuild-graph-mcp"
}
}
}
Claude Code:
claude mcp add msbuild-graph -- msbuild-graph-mcp
Also works with Cursor, Windsurf, and Visual Studio 2026 Preview.
Requires .NET SDK 8.0+ and Windows (MSBuildLocator discovers VS/.NET SDK installations).
Try It
- Install with
dotnet tool install -g MsBuildGraphMcp - Point your AI assistant at a .NET solution
- Ask: "Run a project health check on this solution"
The project-health-check prompt runs all 10 tools and produces a scored report with actionable recommendations.
Links:
MIT licensed. Contributions welcome.
Top comments (0)