MCP Spotlight: Anythink — The First Backend-as-a-Service MCP With Row-Level Security, Workflows, Search & Payments
Server: anythink-mcp by Anythink
Tools: 15+ command groups · License: MIT · Distribution: Homebrew, .NET tool, native binaries
MCP Tracker: glama.ai/mcp/servers/anythink-cloud/anythink-cli
Docs / GitHub: github.com/anythink-cloud/anythink-cli
The fastest way to ship a SaaS is to stop building the backend. Every founder has heard the pitch: "use a BaaS, focus on your product." But the moment you wire one up, you discover the second-order problem — your AI agent still doesn't have a clean interface to it. You have a Supabase dashboard, a Stripe dashboard, a Resend dashboard, a Meilisearch instance, and an n8n workflow. None of them expose a unified MCP surface.
Anythink takes the opposite bet: a single BaaS, a single CLI, a single MCP server, every capability (relational data with row-level security, full-text + semantic + geo search, RBAC and BYOK, a workflow engine, a growth & retention engine, payments, and a marketplace of integrations) — exposed through one set of tools. 15+ command groups, MIT licensed, distributed via Homebrew.
This is the first "give your agent a complete backend" MCP I've seen. It also ships with one feature that no other BaaS MCP exposes well: row- and field-level security that the agent has to satisfy on every call, not just RBAC at the role level.
The Surface in One Glance
The Anythink MCP exposes 15+ command groups covering the full platform:
| Command Group | What It Does |
|---|---|
accounts | Manage billing accounts — the container for projects and subscriptions |
projects | Create, list, switch, delete backend projects (per-region isolation) |
entities | Define database tables (with --rls for row-level security) |
fields | Add/remove fields with types: varchar, text, int, float, bool, datetime, json, uuid |
data | CRUD on entity records: list, get, create, update, delete with filter, sort, pagination |
search | Full-text + semantic + geo search with query, similar, rehydrate, purge, audit |
workflows | Automation engine — cron, event-triggered, or manual |
users | User management with custom auth flows |
files | File storage and retrieval |
roles | Role-based access control (RBAC) definitions |
api-keys | Programmatic API key management |
menus | App navigation structure |
integrations | Wire external services (email, push, payments, etc.) |
pay | Marketplace billing and subscription management |
oauth | OAuth client configuration |
api | Direct API access for custom logic |
docs | Documentation lookup |
migrate | Migration tooling between projects/environments |
plans | Plan and pricing management |
A full backend, exposed to your agent. The agent can scaffold entities, configure row-level security, run searches, trigger workflows, manage users, and process payments — all in one conversation.
The Distribution Story: Homebrew-First
The CLI and the MCP server are distributed together via Homebrew:
brew install anythink-cloud/tap/anythink
# This installs:
# anythink — the CLI
# anythink-mcp — the MCP server
The MCP server is a separate binary that ships alongside the CLI. Same release, same version. No npx, no pipx, no version-pinning dance. The platform binaries (macOS arm64/x64, Linux x64/arm64) and the .NET 8 global tool are also available.
This is the right distribution model for "give me a backend" tooling: install the CLI to drive the platform from your terminal, install the MCP to drive it from your agent. Same config, same credentials, same experience.
Row- and Field-Level Security: The Differentiator
The single most important security property in Anythink: row-level security (RLS) is enforced at the database level, not just at the API layer.
# Create an entity with row-level security enabled
anythink entities create orders --rls
# The RLS policy says: users can only read/write their own orders
# (configured in the project, evaluated per-query)
This means your agent's data list orders call returns only the orders the calling user owns, not the entire table. The database enforces it — even if the agent tries to bypass the API, the RLS policy is in the SQL path.
Combined with field-level permissions, this is the multi-tenant BaaS pattern done right:
- RLS on
orders— user A sees their orders, user B sees theirs - Field-level on
users.email— readable by self and admins only - Public-readable on
products— no auth required to browse the catalog
Most BaaS MCPs default to "the agent sees everything." Anythink's posture: "the agent sees what the user is allowed to see, enforced at the database." For teams shipping B2B SaaS with multi-tenant data, this is the right model.
The Workflow Engine: Cron, Event, and Manual Triggers
Anythink ships with a built-in workflow engine that can be triggered three ways:
- Cron schedule — "every Monday at 9am, send the weekly digest"
- Event-driven — "when a new
ordersrecord is created with status=paid, send a confirmation email" - Manual — "run this workflow on demand"
Workflows are exposed through anythink workflows and are reachable from the agent via the MCP. The pattern is: agent defines a workflow in natural language, the workflow is created in the platform, the trigger fires, and the workflow executes — all without leaving the conversational surface.
This is the n8n / Zapier / Temporal category of capability, but as a native part of the BaaS instead of a separate service. For teams that don't want to operate a separate workflow orchestrator, this is a meaningful reduction in operational surface.
Search: Full-Text + Semantic + Geo
The search command group is unusually complete:
| Command | What It Does |
|---|---|
search query | Run a full-text or semantic search across your entities |
search similar | Find similar documents to a given record (vector similarity) |
search rehydrate | Rebuild the search index (admin) |
search purge | Wipe the search index (admin) |
search audit | Compare configured public-searchable fields vs. what public search actually returns |
search query accepts:
--entities— comma-separated entity list (default: all indexed)--filter—"status=published AND category=news"with_geoRadiussupport--sort—"created_at:desc,id:asc"--facet— comma-separated fields for faceted search
You get full-text search, semantic vector search, and geo-radius queries in a single command group. For SaaS products that need "search" as a feature, this is the same capability as Meilisearch + Pinecone + PostGIS, exposed through one MCP tool.
Facio Integration
{
"mcpServers": {
"anythink": {
"command": "anythink-mcp",
"env": {
"ANYTHINK_API_KEY": "${credentials.ANYTHINK_API_KEY}",
"ANYTHINK_PROJECT_ID": "${credentials.ANYTHINK_PROJECT_ID}"
}
}
}
}
The MCP server uses the saved profile from ~/.anythink/config.json (or environment variables for headless contexts). Facio's audit trail captures every Anythink call with the calling user's RLS context — so the log shows not just "agent listed orders" but "user X's RLS policy returned 3 orders belonging to X."
For HITL workflows, the destructive operations are the obvious gate:
data delete— hard confirm (irreversible)entities delete— hard confirm (cascades to all data)fields delete— hard confirm (loses data)workflows delete— hard confirm (loses automation)
The read operations and idempotent writes (create, update) flow through the Facio audit trail with autonomous execution.
Quickstart
# 1. Install the CLI and MCP together
brew install anythink-cloud/tap/anythink
# 2. Sign up
anythink signup
# (interactive: email, password, create billing account, create project)
# 3. Add the MCP to your config
{
"mcpServers": {
"anythink": {
"command": "anythink-mcp"
}
}
}
# 4. First prompts
# "Create an entity 'blog_posts' with row-level security and fields: title (varchar, required), content (text), status (varchar, default draft), published_at (datetime)"
# "List all my entities and their fields"
# "Create a workflow that runs every Monday at 9am and emails the count of new signups"
# "Search across blog_posts for posts with status=published in the AI category, sorted by date"
# "Create 10 fake orders with random users and run a full-text search for 'refund'"
Use Cases
Rapid SaaS prototyping: "Build me a CRM with contacts, deals, and activities. Enable RLS. Add a workflow that creates a follow-up task when a deal moves to 'Negotiation'." Agent uses 6+ tool groups in one conversation — entities, fields, data, workflows, users, roles.
Multi-tenant B2B SaaS: "Set up row-level security on the customers table so each tenant only sees their own customers. Add a field-level rule that hides stripe_customer_id from non-admin users." The platform enforces these rules at the database.
Search-powered content apps: "Index all my blog posts for full-text search. Add semantic similarity so users can find related posts. Expose the search API publicly with a free-tier rate limit." Combines entities + search + integrations.
Workflow automation: "Every Monday at 9am, query last week's orders, group by status, and email the summary to the founders' mailing list." Combines workflows + data + integrations (email).
Migration between environments: "Migrate the users and subscriptions entities from staging to production, preserving IDs but excluding test data." The migrate command group handles this directly.
Marketplace billing: "Set up three pricing plans — Free, Pro ($19/mo), and Enterprise — and wire them to the marketplace billing engine. When a user upgrades, send a welcome email and grant them a 'pro' role." Combines pay + integrations + users + workflows.
Bottom Line
Anythink MCP is the first backend-as-a-service integration that gives an AI agent the entire backend surface through one MCP server: relational data with row-level security, full-text + semantic + geo search, RBAC and BYOK, a workflow engine, a growth & retention engine, payments, and a marketplace of integrations. 15+ command groups, MIT licensed, Homebrew-distributed.
The row- and field-level security story is the differentiator. Most BaaS MCPs default to "the agent sees everything." Anythink defaults to "the agent sees what the user is allowed to see, enforced at the database." For teams shipping multi-tenant B2B SaaS with strict data isolation requirements, this is the model that scales.
brew install anythink-cloud/tap/anythink and your agent has a backend.
MCP Spotlight is a series covering servers that give AI agents real capabilities. Every server is evaluated for tool breadth, security architecture, and integration fit with Facio's HITL-first agent runtime.