Writing
Deep dives on Business Central, applied AI, and the place where they meet. 12 posts.
Topics
All tags →-
Your Business Central MCP server should be read-only until it can't be
The Business Central MCP server is GA-adjacent and the pitch writes itself: connect Claude or Copilot Studio, read and write ERP data in natural language, no custom API. The connection is the boring part. You've just handed a promptable, nondeterministic actor a write path to your ledger — and the only thing standing between it and a posted document is how you configured it.
-
When NOT to use an AI agent in Business Central
The built-in agents are GA and every partner is asking 'can an agent do this?' That's the wrong question. For a large class of BC work, a deterministic codeunit beats an agent on cost, latency, and auditability — and picking the agent anyway is a downgrade dressed as innovation.
-
Your AI feature must run on a fresh tenant, or it doesn't run
The line between a demo and a product is whether it works on a clean Business Central environment with none of your developer setup. Five concrete things that separate 'works on my box' from 'a customer can actually use it'.
-
Shipping a Copilot feature in Business Central that survives real users
A PromptDialog demo takes an afternoon. A Copilot feature real users won't switch off takes the other 90%: scoping, grounding, the generate–review–accept loop, and treating the model's output as a proposal that never silently touches data.
-
The breaking changes you can't see coming (and how AppSourceCop saves you)
Renaming a field, hiding an action, deleting an unused procedure — harmless refactors in most codebases, all breaking changes in an AppSource extension. LC0034 catches them late. Here's the rule that keeps you clean.
-
A 502 in your PDF-to-LLM pipeline is the gateway, not the model
Business Central sends a PDF through an AI gateway and gets a flat 502. The instinct is to blame the prompt. Don't — the model never saw your document. Here's how to bisect the pipeline and force a text-extraction path that works.
-
Route, don't call: why a model gateway belongs between you and the LLM
Calling a provider SDK directly is the fastest way to start and the slowest way to scale. A thin gateway turns the model into config — and buys you fallback, cost control, and observability you'll need the week after launch.
-
Your AppSource dependency is a live product, and AVS0118 is the proof
If your apps share a 'Core' library, you may believe it's bundled or internal. AVS0118 says otherwise: Core is its own independently-live AppSource offer, and the fix for the error is not in your consumer app at all.
-
Calling AI from Business Central: the platform realities nobody warns you about
Your AL HttpClient call to an AI endpoint returns send=false and no error. It's not your code — it's three platform guardrails (the HttpClient flag, the anti-SSRF allowlist, and loopback hostnames) that fail silently. Here's the checklist.
-
Treat LLM output as untrusted input
The single mental shift that prevents a whole class of AI bugs and vulnerabilities: a model's response is not a value you computed, it's user input from a stranger — and you already know how to handle that.
-
AL's `and` / `or` are eager — your guard clause does not protect you
In most languages, a guard like `if x <> '' and Rec.Get(x)` short-circuits. In AL it does not: both sides are evaluated, the guard runs anyway, and you get the exception you thought you prevented.
-
Two crafts, one blog: why I write about AI and Business Central
I do two jobs that are quietly merging — ERP engineering on Business Central, and building with LLMs. This is the notebook where I work out loud on both, and on the seam between them.
