Build an MCP Server in Laravel to Enable “AI-Operated” Recruiting Tools(English)

Transcript

1. Build an MCP Server in Laravel to Enable "AI-Operated" Recruiting

   Tools Takayuki Suzuki

2. Agenda 1. Self Introduction 2. Background of "AI-Operated" Recruiting 3.

   Risks of Allowing AI Direct Database Access 4. Building an MCP Server with Laravel 5. Summary

3. Self Introduction

4. Self Introduction - I’m Takayuki Suzuki. My Career: - Currently,

   I work as a Product Manager and Web engineer. - I worked Full Speed Inc. as a web engineer. - I worked as a freelance engineer for about one year. - Founded Re:Build Inc. in Okinawa in November 2017. - Two years ago, my company joined the Relic corporate group in Tokyo. Hobbies: full marathons, watching baseball, watching soccer, cosplay, reading manga. Slide Github sample

5. Background for Delegating Recruiting to AI

6. The Ideal for Recruiters • Want to rely on AI

   for candidate search • Want AI to aggregate selection progress • Want AI to draft scout messages Risks and Concerns Accidental Deletion Mis-sending Data Leakage Un-auditable Can I delete all candidate data? For now, I've sent scouts to everyone. AI Recruiting and Its Risks

7. What are the risks of letting AI touch the DB

   directly?

8. Security Breakdown Loss of Audit Trails Bypassing Business Logic Allowing

   AI to issue free SQL can lead to unintended data extraction, updates, and SQL injection-like behavior. It becomes completely impossible to track "when, what, and why" the AI made changes within the system. Validation and status transition rules in the application layer are bypassed. Conclusion: AI must not be treated as an "Omnipotent God." A "Smart Gatekeeper" is needed in front of the system. 3 Major Risks of Direct DB Operation

9. Solution: What is MCP (Model Context Protocol)? Legacy API Integration

   An era where proprietary implementation was required for each AI. The New "MCP" Standard A standard protocol connecting AI and systems. Build once, connect securely from any AI client.

10. MCP Becomes a "Secure Interface" Between AI and Business Systems

    Instead of allowing AI to access "everything," expose only "authorized operations." Business logic, authorization, and logging are all controlled on the Laravel side.

11. 3 Core Elements of MCP AI Client Prompts: Instruction templates

    for AI Templates for scout messages Request Laravel MCP Server Tools: Processes executed by AI Search, status updates Resources: Information read by AI Job info, candidate profiles

12. Building an MCP Server with Laravel

13. Three tools that are implemented Search search_candidates ↓ CandidateSearchService Summary

    get_pipeline_summary ↓ PipelineSummaryService Generation draft_scout_message ↓ ScoutDraftService [Critical Design] Updates are limited to "Draft" status. Actual transmission and production data updates must always have a Human-in-the-loop interface.

14. Operation Image from Claude code → Execute search_candidates → Return

    candidate list → Integrate Candidate Info + Job Info + Prompt → Execute draft_scout_message

15. Demo

16. Demo

17. Demo

18. Security Design: Audit Logs and Limits Audit "Who, when, and

    which tool was executed" is fully recorded in the mcp_audit_logs table. Physically blocks direct SQL execution from AI. Limits Search results are limited to a maximum of 10 items. Prevents unintentional bulk data extraction or leaks by AI. Auth Scope restrictions based on the Principle of Least Privilege. Thorough access management via token-based authentication.

19. Multi-Layered Defense (Guardrails) for AI Business Operators AI Request [Authorization]

    Laravel Policy Control who can use which Tool [Scope Restriction, Rate Limits] Limit (10) Prevent mass extraction & data scraping [PII Control] API Resource Mask personal info to the absolute minimum [Audit Logs] Log::info() Record who executed what Instead of relying on AI's intelligence, reuse Laravel's robust mechanisms as "Secure Business Operation Tools." Database (ATS)

20. [Layer 1: Authentication] Secure connection via Sanctum / OAuth 2.1

    Secure by Default: Leverage the authentication infrastructure built into the Laravel MCP package. Token Validation: AI clients cannot even recognize the existence of Tools without a valid token.

21. [Layer 1.5: Authorization] Principle of Least Privilege Based on Scope

    Restriction Search candidates, delete those who don't fit, and send scouts to the good ones Designed to never allow destructive actions by AI; final execution decisions must always be made by a human (user).

22. [Layer 2: Architecture] Strict boundaries to isolate AI from the

    DB There is no physical path for AI to directly issue SQL to the DB. The Tool acts solely as a "conductor" that calls the Service.

23. Summary

24. The Key: Designing "How AI Interacts" 1. Standardization: MCP is

    the world-standard interface for delegating tasks to AI. 3. Action: Do not give AI freedom (raw DB). Only expose safely designed Tools. 2. Guardrails: Laravel's existing assets (Service / Policy) are the strongest guardrails in the AI era.