A small, self-contained MCP (Model Context Protocol) server that turns any number of SQLite databases into live MCP endpoints, plus a password-protected admin panel (web UI + JSON API) to browse, edit, import, and regenerate the data.
- Every SQLite file is its own MCP server at
/mcp-<name>/mcp. - Admin panel at
/admin: create databases from a template, import a.sqlscript or a real.db/.sqlitefile, edit rows, run SQL, regenerate with one click, and export/back up any database as a.dbfile or a portable.sqldump. - SQL console with a live table/column sidebar (click to insert a query),
execution time,
EXPLAIN QUERY PLAN, and a multi-statement script mode. - Interactive schema diagram — click any table to jump straight to its rows.
- Imported files are copied into the container, the original file on your machine is never modified.
- One container, public in one flag: an ngrok or Cloudflare tunnel runs inside the same image, no extra services needed.
- Hardened image: non-root, read-only root filesystem, no shell, all Linux capabilities dropped.
- Admin panel forms are protected against CSRF (double-submit cookie), and a changed admin password must be 8+ characters with at least one symbol.
- Runs with
docker run, docker-compose, or Kubernetes (Helm).
docker run -d --name mcp-sqlite \
-p 127.0.0.1:8080:8080 \
-e SEED_DEMO_DATA=true \
-v mcp_data:/data \
paredero/sqlite-mcp-server:latest
# Find the auto-generated admin password:
docker logs mcp-sqlite | grep "Admin pass"Open http://localhost:8080/admin (user admin). MCP endpoints:
http://localhost:8080/mcp-store/mcp and http://localhost:8080/mcp-agenda/mcp.
cp .env.example .env # optional: set ADMIN_PASSWORD, tunnel tokens, etc.
docker compose up -d
docker compose logs app | grep "Admin pass"Same admin panel and endpoints as above, plus whatever you set in .env.
The tunnel runs inside the same container, no sidecar, no second image.
Pick it with TUNNEL in .env, then docker compose up -d:
# ngrok
TUNNEL=ngrok
NGROK_AUTHTOKEN=xxxxxxxx # dashboard.ngrok.com
NGROK_DOMAIN=your-subdomain.ngrok-free.dev # optional reserved static domain# Cloudflare Tunnel: create a tunnel in the Zero Trust dashboard first
# (Networks > Tunnels), route its public hostname to http://localhost:8080
TUNNEL=cloudflare
TUNNEL_TOKEN=xxxxxxxxCheck docker compose logs app for the ngrok public URL, or use the hostname
you routed in Cloudflare. Your endpoints are then https://<your-domain>/mcp-<name>/mcp.
Leave TUNNEL=none (the default) to stay local-only, the admin panel is
always reachable at http://localhost:8080/admin regardless.
helm install mcp ./helm/sqlite-mcp-server \
--set image.repository=paredero/sqlite-mcp-server \
--set seed.demoData=true
kubectl logs deploy/mcp-sqlite-mcp-server | grep "Admin pass"
kubectl port-forward svc/mcp-sqlite-mcp-server 8080:8080Enable the tunnel with --set tunnel.mode=cloudflare --set tunnel.cloudflareToken=…
or --set tunnel.mode=ngrok --set tunnel.ngrokAuthtoken=…. Keep
replicaCount: 1, SQLite writes to a single ReadWriteOnce volume.
| Variable | Default | Purpose |
|---|---|---|
ADMIN_PASSWORD |
auto-generated | Fixed admin password; otherwise printed in the logs on boot |
SEED_DEMO_DATA |
true in compose |
Pre-fill the default databases (store, agenda) with demo rows |
TUNNEL |
none |
none | ngrok | cloudflare |
LANDING |
public | public or private home page at / |
See .env.example for the full list of tunnel and admin options.
MIT, see LICENSE.
