Executive Summary: DreamFactory 7.4.4 is a significant release for teams connecting AI agents to enterprise databases through the Model Context Protocol (MCP). The new _spec endpoint gives LLMs a complete understanding of any database schema in a single API call. Custom MCP tool definitions let admins extend their MCP server beyond built-in database operations. And new per-tool toggle controls with role-based service discovery bring the governance enterprises need before deploying AI-database integrations to production.
The biggest challenge in connecting AI agents to enterprise databases isn't the connection itself — it's context. An LLM needs to understand table structures, column types, foreign key relationships, and hierarchical patterns before it can write correct queries. Until now, that required multiple round-trip API calls and manual schema documentation. DreamFactory — a secure, self-hosted enterprise data access platform that provides governed API access to any data source, connecting enterprise applications and on-prem LLMs with role-based access and identity passthrough — solves this in 7.4.4 with a purpose-built endpoint that delivers a complete, AI-readable data model in a single response.
This release also marks a shift in how DreamFactory approaches MCP. The MCP server is no longer just a passthrough to auto-generated database APIs. With custom tool definitions, it becomes an extensible integration layer where admins can define tools that call any external REST API — turning DreamFactory into a unified tool server for AI agents that need access to both internal databases and external services.
_spec Endpoint for AI-Optimized Schema DiscoveryThe headline feature in 7.4.4 is the new _spec endpoint, available on every database service. This endpoint returns a condensed data model — typically around 14KB — that contains everything an AI agent needs to understand and query a database correctly:
dept.parent_dept_id → dept.dept_id) and junction tables for many-to-many relationshipsThe endpoint supports two modes controlled by query parameters:
GET /api/v2/{service_name}/_spec?model=true — Returns the compact, LLM-optimized data model. This is the mode most AI integrations will use. The response includes all schema information, relationship maps, and detected structural patterns in a format designed for token efficiency.GET /api/v2/{service_name}/_spec?stock=true — Adds enriched metadata on top of the base model: auto-generated query templates (count, group-by, top-N, paginate, join, date-range), field semantic hints (identifying amount fields, audit timestamps, hierarchy columns), and sample data with enum value detection.For programmatic discovery, every service in the service listing response now includes a spec_url field, so AI agents and MCP clients can automatically locate the data model endpoint without hardcoding paths.
Before the _spec endpoint, an MCP-connected AI agent had to call _table to list tables, then call _schema/{table} for each table individually to understand its columns and relationships. For a database with 50 tables, that meant 51 API calls before the agent could write its first query. With _spec?model=true, that drops to a single call returning a ~14KB payload — small enough to fit comfortably in any LLM's context window while providing complete schema coverage.
The automatic relationship pattern detection is particularly valuable. When the endpoint identifies a self-referencing foreign key, it flags it as a hierarchy — signaling to the AI agent that queries on that table may need recursive traversal to aggregate data across parent-child relationships. Similarly, detected junction tables tell the agent how to correctly join many-to-many relationships without the agent having to infer the pattern from raw foreign key data.
DreamFactory's MCP server has always provided auto-generated tools for querying databases and managing files. In 7.4.4, admins can now define custom tools that extend the MCP server's capabilities to any HTTP-accessible API.
A custom MCP tool is an HTTP request template that gets exposed as a callable tool through the MCP protocol. Each tool definition includes:
This means an AI agent connected to DreamFactory's MCP server can now query your internal databases and call external services — a CRM API, a shipping provider, an internal microservice — all through the same MCP connection, governed by the same DreamFactory role-based access controls.
Custom tools are managed through a new section in the MCP service configuration page in the DreamFactory admin panel. The UI provides a table view of all defined tools with an inline add/edit form, so admins can create and modify tool definitions without writing configuration files or restarting services.
Production MCP deployments need more than an all-or-nothing approach to tool exposure. DreamFactory 7.4.4 introduces two levels of control:
Every built-in MCP tool — each database query operation, each file management operation — can now be individually enabled or disabled per service. This is configured through new toggle controls in the admin UI's MCP service page. Disabled tools are stored in a new disabled_tools column in the MCP server configuration, so the settings persist across restarts.
This lets admins expose only the operations that make sense for their use case. For example, you might enable read operations on a production database service while disabling all write operations, ensuring AI agents can query data but never modify it.
MCP tool listing now respects DreamFactory's existing role-based access control system. When an AI agent connects to the MCP server, it only sees the services and tools that the authenticated user's role is authorized to access. This applies to both built-in tools and custom tool definitions. An agent authenticated with a read-only analytics role will never see tools for services it doesn't have permission to access — the tools simply don't appear in the MCP tool listing.
DreamFactory 7.4.2 introduced the ability to map Google Workspace groups to DreamFactory roles during SSO login. In 7.4.4, the underlying mechanism has been updated from the Google Admin SDK to the Google Identity Provider for group resolution. This change simplifies the configuration requirements — the Admin SDK required domain-wide delegation and service account setup, while the Identity Provider approach works with standard OAuth scopes.
The OAuth flow now also includes improved logging with appropriate log levels (info, warning, debug), making it easier to troubleshoot group resolution and role assignment during SSO login.
get and set inheritance for role-per-app fields in the Azure AD connector, resolving an issue where app-specific role assignments were not being correctly read or written.localStorage to sessionStorage for redirect auth URLs, resolving an issue where stale redirect URLs were not being cleaned up after authentication completed.syncToolsForService by bulk-fetching tools with keyBy, improving performance when services have many tools.forceDelete to avoid soft-delete and unique constraint conflicts when removing tool definitions.DreamFactory 7.4.4 includes database migrations that must be run after upgrading:
disabled_tools column is added to the MCP server configuration table.custom_tools table is created for storing custom MCP tool definitions.Run php artisan migrate after deploying the update. For Docker deployments, the migration runs automatically on container startup.
If you are using the Google OAuth map-group-to-role feature, verify your OAuth configuration after upgrading. The switch from Google Admin SDK to Google Identity Provider may require updating your OAuth scopes.
All other changes are backward-compatible. The standard upgrade process applies.
_spec endpoint and how does it help AI agents?The _spec endpoint is a new resource on every DreamFactory database service that returns a complete, condensed data model in a single API call. It includes all tables, columns, data types, foreign keys, row counts, and automatically detected relationship patterns (hierarchies and junction tables). AI agents and LLMs use this to understand an entire database schema before writing queries, replacing what previously required dozens of individual API calls. The ?model=true parameter returns a compact format optimized for LLM token efficiency.
Yes. DreamFactory 7.4.4 provides two layers of control. First, per-tool toggles let admins enable or disable individual built-in tools (database operations, file operations) from the admin UI. Second, role-based service discovery ensures that MCP tool listings only include services and tools that the authenticated user's role is authorized to access. Combined, these controls let you precisely define what any AI agent can and cannot do through your MCP server.
Custom MCP tools are admin-defined tool definitions that extend DreamFactory's MCP server to call any external REST API. Each tool specifies an HTTP method, URL, parameters (with auto-generated Zod schemas), and optional static headers for authentication. When an AI agent calls a custom tool through MCP, DreamFactory executes the HTTP request and returns the response. This lets you unify database access and external API calls through a single MCP server.
DreamFactory is a self-hosted platform providing governed API access to any data source for enterprise apps and local LLMs. It automatically generates REST APIs for databases (SQL Server, PostgreSQL, MySQL, Oracle, Snowflake, MongoDB, and more), applies role-based access controls and rate limiting, and exposes those APIs through standard protocols including REST, OpenAPI, and the Model Context Protocol (MCP). Teams use DreamFactory to give applications and AI agents secure, governed access to enterprise data without writing custom API code.
_spec endpoint work with all database types?The _spec endpoint is available on all database services that support schema introspection, which includes all SQL databases (MySQL, PostgreSQL, SQL Server, Oracle, Snowflake, SQLite, Firebird, IBM Db2, SAP HANA, and others) as well as structured NoSQL databases like MongoDB. The relationship pattern detection — including hierarchy and junction table identification — works across all supported database types.
For Docker deployments, update your image tag to 7.4.4 and restart the container — migrations run automatically. For manual installations, pull the latest code, run composer install, then run php artisan migrate to apply the new database migrations. If you use the Google OAuth group-to-role mapping feature, review your OAuth configuration after upgrading since the underlying provider has changed from Google Admin SDK to Google Identity Provider.