Skip to content
/ mcp-db-bridge Public
forked from LucasSiqueiraSurreco/mcp-db-bridge

MCP server for MySQL, PostgreSQL & SQLite with granular permissions, multi-DB support, and cloud-ready SSL/TLS. Built with adapter pattern for extensibility.

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fastmcp-me/mcp-db-bridge

BranchesTags
 
 

Repository files navigation

Add to Cursor Add to VS Code Add to Claude Add to ChatGPT Add to Codex Add to Gemini

mcp-db-bridge

English | Português

English

Version

MCP (Model Context Protocol) server for MySQL, PostgreSQL & SQLite with granular permissions, multi-DB support, and cloud-ready SSL/TLS. Built with adapter pattern for extensibility.

Features

  • 🔌 Multi-Database: MySQL, PostgreSQL, SQLite
  • 🏗️ Adapter Pattern: Clean and extensible architecture
  • ☁️ Cloud-Ready: SSL/TLS for AWS RDS, Google Cloud SQL, Azure Database
  • 🔒 Security First: Read-only mode + granular schema permissions
  • 🌐 Multi-DB Mode: Simultaneous access to multiple schemas/databases
  • 🔄 Transactions: Automatic BEGIN/COMMIT/ROLLBACK
  • 🚀 HTTP Mode: Optional remote HTTP server (Express)

Installation

npm install mcp-db-bridge
# or
pnpm add mcp-db-bridge

Quick Start

MySQL (Local)

# .env
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL (Local)

# .env
DB_TYPE=postgresql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=mydb

SQLite (In-Memory)

# .env
DB_TYPE=sqlite
SQLITE_DB=:memory:

Run

pnpm build
pnpm start
# or
node dist/index.js

Configuration

Database Types

DB_TYPE=mysql          # MySQL
DB_TYPE=postgresql     # PostgreSQL
DB_TYPE=sqlite         # SQLite

Connection Settings

Generic (All Databases)

DB_HOST=127.0.0.1
DB_PORT=3306           # MySQL: 3306, PostgreSQL: 5432
DB_USER=root
DB_PASS=password
DB_NAME=mydb           # Leave empty for multi-DB mode
DB_CONNECTION_LIMIT=10

MySQL-Specific (Backward Compatibility)

MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASS=password
MYSQL_DB=mydb
MYSQL_SOCKET_PATH=/tmp/mysql.sock  # Unix socket (priority over host/port)

PostgreSQL-Specific

POSTGRESQL_HOST=127.0.0.1
POSTGRESQL_PORT=5432
POSTGRESQL_DB=mydb

SQLite-Specific

SQLITE_DB=:memory:              # In-memory database
SQLITE_DB=/var/lib/app/data.db  # File-based database

Security & Permissions

Read-Only Mode

Blocks all write operations at application level:

DB_READ_ONLY_MODE=true

Global Write Permissions

Fine-grained operation control by type (applied globally):

ALLOW_INSERT_OPERATION=true   # Allow INSERT
ALLOW_UPDATE_OPERATION=true   # Allow UPDATE
ALLOW_DELETE_OPERATION=false  # Block DELETE
ALLOW_DDL_OPERATION=false     # Block CREATE/ALTER/DROP/TRUNCATE

Schema-Specific Permissions

Override global permissions for specific schemas:

# Format: "schema1:true,schema2:false,schema3:true"
SCHEMA_INSERT_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_UPDATE_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_DELETE_PERMISSIONS=prod_db:false,test_db:false,staging_db:false
SCHEMA_DDL_PERMISSIONS=prod_db:false,test_db:true,staging_db:false

How it works:

  • If schema has specific permission → use it
  • Otherwise → use global flag

Example:

# Global: INSERT blocked
ALLOW_INSERT_OPERATION=false

# test_db can insert, prod_db cannot
SCHEMA_INSERT_PERMISSIONS=test_db:true,prod_db:false

# Result:
# - INSERT on test_db: ✅ allowed (schema permission)
# - INSERT on prod_db: ❌ blocked (schema permission)
# - INSERT on other_db: ❌ blocked (global permission)

Multi-DB Mode

Access multiple databases/schemas through a single connection.

Activation

Leave DB_NAME empty (MySQL/PostgreSQL only):

DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=                # Empty = multi-DB mode

Write Protection

By default, multi-DB mode is read-only for security. To allow writes:

MULTI_DB_WRITE_MODE=true  # ⚠️ Use with caution!

Recommendation: Use SCHEMA_*_PERMISSIONS for granular control instead of MULTI_DB_WRITE_MODE=true.

Complete Example

# Multi-DB with granular permissions
DB_TYPE=mysql
DB_NAME=                                    # Multi-DB mode
ALLOW_INSERT_OPERATION=false                # Global: blocked
SCHEMA_INSERT_PERMISSIONS=test_db:true      # Exception: test_db can insert
SCHEMA_UPDATE_PERMISSIONS=test_db:true      # Exception: test_db can update
SCHEMA_DELETE_PERMISSIONS=test_db:false     # test_db: DELETE blocked
SCHEMA_DDL_PERMISSIONS=test_db:true         # test_db: DDL allowed

SSL/TLS for Cloud Databases

AWS RDS (MySQL/PostgreSQL)

DB_TYPE=mysql
DB_HOST=myinstance.123456789012.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
# Optional: DB_SSL_CA=/path/to/aws-rds-ca-cert.pem

Google Cloud SQL (PostgreSQL)

DB_TYPE=postgresql
DB_HOST=34.123.45.67
DB_PORT=5432
DB_SSL=true
DB_SSL_CA=/path/to/server-ca.pem
DB_SSL_CERT=/path/to/client-cert.pem
DB_SSL_KEY=/path/to/client-key.pem

Azure Database for MySQL

DB_TYPE=mysql
DB_HOST=myserver.mysql.database.azure.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true

Remote MCP (HTTP Server)

Run MCP server via HTTP with authentication:

# .env
IS_REMOTE_MCP=true
REMOTE_SECRET_KEY=your-secret-key-here
PORT=3000

Endpoint: POST http://localhost:3000/mcp

Header: Authorization: Bearer your-secret-key-here

Architecture

src/
├── db/
│   ├── adapters/
│   │   ├── types.ts              # Interfaces and types
│   │   ├── factory.ts            # Factory pattern
│   │   ├── mysql.adapter.ts      # MySQL via mysql2
│   │   ├── postgresql.adapter.ts # PostgreSQL via pg
│   │   └── sqlite.adapter.ts     # SQLite via better-sqlite3
│   ├── index.ts                  # Core query handlers
│   ├── utils.ts                  # SQL parsing (node-sql-parser)
│   └── permissions.ts            # Schema permission checks
├── config/
│   └── index.ts                  # Environment configuration
├── utils/
│   └── index.ts                  # Logging & utilities
└── types/
    └── index.ts                  # Type definitions

Adapter Pattern

Each adapter implements the DatabaseAdapter interface:

export interface DatabaseAdapter {
  readonly type: DatabaseType;
  createPool(config: ConnectionConfig): Promise<DatabasePool>;
  executeQuery<T>(pool: DatabasePool, sql: string, params?: any[]): Promise<T>;
  setReadOnly(connection: DatabaseConnection): Promise<void>;
  unsetReadOnly(connection: DatabaseConnection): Promise<void>;
  normalizeResult(result: any): NormalizedResult;
  supportsReadOnlyMode(): boolean;
}

Transaction Flows

Read Operations:

BEGIN → SET TRANSACTION READ ONLY → QUERY → ROLLBACK → RESET TO READ WRITE

Write Operations:

BEGIN → QUERY → COMMIT (or ROLLBACK on error)

Examples

MySQL with Unix Socket

DB_TYPE=mysql
MYSQL_SOCKET_PATH=/tmp/mysql.sock
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL Multi-DB with Permissions

DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=                                      # Multi-DB mode
SCHEMA_INSERT_PERMISSIONS=app_db:true         # app_db can insert
SCHEMA_UPDATE_PERMISSIONS=app_db:true         # app_db can update
SCHEMA_DELETE_PERMISSIONS=app_db:false        # app_db: DELETE blocked

SQLite Read-Only

DB_TYPE=sqlite
SQLITE_DB=/var/lib/data/production.db
DB_READ_ONLY_MODE=true

AWS RDS MySQL with SSL

DB_TYPE=mysql
DB_HOST=prod.abc123.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_USER=admin
DB_PASS=secure_password
DB_NAME=production
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
ALLOW_INSERT_OPERATION=false
ALLOW_UPDATE_OPERATION=false
ALLOW_DELETE_OPERATION=false
ALLOW_DDL_OPERATION=false

Development

pnpm dev              # Run in dev mode (tsx)
pnpm build            # Compile TypeScript
pnpm watch            # Watch mode
pnpm exec             # Build + run with .env

Testing

pnpm test              # Run all tests (setup + vitest run)
pnpm test:watch        # Watch mode
pnpm test:unit         # Unit tests only
pnpm test:integration  # Integration tests (MySQL, socket, permissions)
pnpm test:e2e          # End-to-end tests
pnpm test:coverage     # Coverage report

Test Structure:

tests/
├── unit/           # Isolated functions (query parsing, utils)
├── integration/    # Real database operations
└── e2e/           # Complete MCP server workflows

Performance Tuning

Connection Pool

DB_CONNECTION_LIMIT=20  # Default: 10

Disable Read-Only Transactions (MySQL)

⚠️ Not recommended - reduces security:

MYSQL_DISABLE_READ_ONLY_TRANSACTIONS=true

Environment Variables Reference

Core Database Settings

Variable Description Default Example
DB_TYPE Database type mysql mysql, postgresql, sqlite
DB_HOST Database host 127.0.0.1 localhost, db.example.com
DB_PORT Database port 3306 3306 (MySQL), 5432 (PostgreSQL)
DB_USER Database user root admin, postgres
DB_PASS Database password "" secure_password
DB_NAME Database name undefined mydb, "" (multi-DB)
DB_CONNECTION_LIMIT Pool size 10 20

Security Settings

Variable Description Default Values
DB_READ_ONLY_MODE Global read-only mode false true, false
ALLOW_INSERT_OPERATION Global INSERT permission false true, false
ALLOW_UPDATE_OPERATION Global UPDATE permission false true, false
ALLOW_DELETE_OPERATION Global DELETE permission false true, false
ALLOW_DDL_OPERATION Global DDL permission false true, false
MULTI_DB_WRITE_MODE Allow writes in multi-DB false true, false

Schema Permissions

Variable Format Example
SCHEMA_INSERT_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_UPDATE_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_DELETE_PERMISSIONS schema:bool,schema:bool test_db:false,prod_db:false
SCHEMA_DDL_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false

SSL/TLS Settings

Variable Description Required Example
DB_SSL Enable SSL/TLS Cloud DBs true, false
DB_SSL_REJECT_UNAUTHORIZED Strict SSL validation Production true, false
DB_SSL_CA CA certificate path Cloud SQL /path/to/ca.pem
DB_SSL_CERT Client certificate Cloud SQL /path/to/cert.pem
DB_SSL_KEY Client key Cloud SQL /path/to/key.pem

Remote MCP Settings

Variable Description Required Example
IS_REMOTE_MCP Enable HTTP mode No true, false
REMOTE_SECRET_KEY Auth token If remote your-secret-key
PORT HTTP server port No 3000

Troubleshooting

Connection Errors

MySQL socket not found:

# Check socket path
sudo mysql -u root -p -e "SELECT @@socket;"

# Set in .env
MYSQL_SOCKET_PATH=/var/run/mysqld/mysqld.sock

PostgreSQL connection refused:

# Check if PostgreSQL is running
sudo systemctl status postgresql

# Check port
sudo netstat -tulpn | grep 5432

Permission Errors

"Operation not allowed in read-only mode":

# Check global read-only mode
DB_READ_ONLY_MODE=false

# Check multi-DB mode
MULTI_DB_WRITE_MODE=true  # If needed

# Or use schema permissions
SCHEMA_INSERT_PERMISSIONS=mydb:true

"INSERT not allowed for schema 'mydb'":

# Check global permission
ALLOW_INSERT_OPERATION=true

# Or add schema exception
SCHEMA_INSERT_PERMISSIONS=mydb:true

License

MIT

Credits

Português

Version

Servidor MCP (Model Context Protocol) para MySQL, PostgreSQL e SQLite com permissões granulares, suporte multi-DB e SSL/TLS pronto para nuvem. Construído com adapter pattern para extensibilidade.

Funcionalidades

  • 🔌 Multi-Database: MySQL, PostgreSQL, SQLite
  • 🏗️ Adapter Pattern: Arquitetura limpa e extensível
  • ☁️ Cloud-Ready: SSL/TLS para AWS RDS, Google Cloud SQL, Azure Database
  • 🔒 Security First: Modo read-only + permissões granulares por schema
  • 🌐 Multi-DB Mode: Acesso simultâneo a múltiplos schemas/databases
  • 🔄 Transações: BEGIN/COMMIT/ROLLBACK automático
  • 🚀 Modo HTTP: Servidor HTTP remoto opcional (Express)

Instalação

npm install mcp-db-bridge
# ou
pnpm add mcp-db-bridge

Início Rápido

MySQL (Local)

# .env
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL (Local)

# .env
DB_TYPE=postgresql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=mydb

SQLite (In-Memory)

# .env
DB_TYPE=sqlite
SQLITE_DB=:memory:

Executar

pnpm build
pnpm start
# ou
node dist/index.js

Configuração

Tipos de Banco de Dados

DB_TYPE=mysql          # MySQL
DB_TYPE=postgresql     # PostgreSQL
DB_TYPE=sqlite         # SQLite

Configurações de Conexão

Genéricas (Todos os Bancos)

DB_HOST=127.0.0.1
DB_PORT=3306           # MySQL: 3306, PostgreSQL: 5432
DB_USER=root
DB_PASS=password
DB_NAME=mydb           # Deixe vazio para modo multi-DB
DB_CONNECTION_LIMIT=10

Específicas do MySQL (Compatibilidade)

MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASS=password
MYSQL_DB=mydb
MYSQL_SOCKET_PATH=/tmp/mysql.sock  # Unix socket (prioridade sobre host/port)

Específicas do PostgreSQL

POSTGRESQL_HOST=127.0.0.1
POSTGRESQL_PORT=5432
POSTGRESQL_DB=mydb

Específicas do SQLite

SQLITE_DB=:memory:              # Database em memória
SQLITE_DB=/var/lib/app/data.db  # Database em arquivo

Segurança & Permissões

Modo Read-Only

Bloqueia todas as operações de escrita em nível de aplicação:

DB_READ_ONLY_MODE=true

Permissões Globais de Escrita

Controle fino de operações por tipo (aplicado globalmente):

ALLOW_INSERT_OPERATION=true   # Permite INSERT
ALLOW_UPDATE_OPERATION=true   # Permite UPDATE
ALLOW_DELETE_OPERATION=false  # Bloqueia DELETE
ALLOW_DDL_OPERATION=false     # Bloqueia CREATE/ALTER/DROP/TRUNCATE

Permissões Específicas por Schema

Sobrescreve permissões globais para schemas específicos:

# Formato: "schema1:true,schema2:false,schema3:true"
SCHEMA_INSERT_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_UPDATE_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_DELETE_PERMISSIONS=prod_db:false,test_db:false,staging_db:false
SCHEMA_DDL_PERMISSIONS=prod_db:false,test_db:true,staging_db:false

Como funciona:

  • Se schema tem permissão específica → usa ela
  • Caso contrário → usa flag global

Exemplo:

# Global: INSERT bloqueado
ALLOW_INSERT_OPERATION=false

# test_db pode inserir, prod_db não pode
SCHEMA_INSERT_PERMISSIONS=test_db:true,prod_db:false

# Resultado:
# - INSERT em test_db: ✅ permitido (permissão do schema)
# - INSERT em prod_db: ❌ bloqueado (permissão do schema)
# - INSERT em other_db: ❌ bloqueado (permissão global)

Modo Multi-DB

Acessa múltiplos databases/schemas através de uma única conexão.

Ativação

Deixe DB_NAME vazio (MySQL/PostgreSQL apenas):

DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=                # Vazio = modo multi-DB

Proteção de Escrita

Por padrão, modo multi-DB é read-only por segurança. Para permitir escritas:

MULTI_DB_WRITE_MODE=true  # ⚠️ Use com cautela!

Recomendação: Use SCHEMA_*_PERMISSIONS para controle granular ao invés de MULTI_DB_WRITE_MODE=true.

Exemplo Completo

# Multi-DB com permissões granulares
DB_TYPE=mysql
DB_NAME=                                    # Modo multi-DB
ALLOW_INSERT_OPERATION=false                # Global: bloqueado
SCHEMA_INSERT_PERMISSIONS=test_db:true      # Exceção: test_db pode inserir
SCHEMA_UPDATE_PERMISSIONS=test_db:true      # Exceção: test_db pode atualizar
SCHEMA_DELETE_PERMISSIONS=test_db:false     # test_db: DELETE bloqueado
SCHEMA_DDL_PERMISSIONS=test_db:true         # test_db: DDL permitido

SSL/TLS para Bancos na Nuvem

AWS RDS (MySQL/PostgreSQL)

DB_TYPE=mysql
DB_HOST=myinstance.123456789012.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
# Opcional: DB_SSL_CA=/path/to/aws-rds-ca-cert.pem

Google Cloud SQL (PostgreSQL)

DB_TYPE=postgresql
DB_HOST=34.123.45.67
DB_PORT=5432
DB_SSL=true
DB_SSL_CA=/path/to/server-ca.pem
DB_SSL_CERT=/path/to/client-cert.pem
DB_SSL_KEY=/path/to/client-key.pem

Azure Database for MySQL

DB_TYPE=mysql
DB_HOST=myserver.mysql.database.azure.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true

MCP Remoto (Servidor HTTP)

Execute o servidor MCP via HTTP com autenticação:

# .env
IS_REMOTE_MCP=true
REMOTE_SECRET_KEY=your-secret-key-here
PORT=3000

Endpoint: POST http://localhost:3000/mcp

Header: Authorization: Bearer your-secret-key-here

Arquitetura

src/
├── db/
│   ├── adapters/
│   │   ├── types.ts              # Interfaces e tipos
│   │   ├── factory.ts            # Factory pattern
│   │   ├── mysql.adapter.ts      # MySQL via mysql2
│   │   ├── postgresql.adapter.ts # PostgreSQL via pg
│   │   └── sqlite.adapter.ts     # SQLite via better-sqlite3
│   ├── index.ts                  # Core query handlers
│   ├── utils.ts                  # SQL parsing (node-sql-parser)
│   └── permissions.ts            # Schema permission checks
├── config/
│   └── index.ts                  # Configuração de ambiente
├── utils/
│   └── index.ts                  # Logging & utilitários
└── types/
    └── index.ts                  # Definições de tipos

Adapter Pattern

Cada adapter implementa a interface DatabaseAdapter:

export interface DatabaseAdapter {
  readonly type: DatabaseType;
  createPool(config: ConnectionConfig): Promise<DatabasePool>;
  executeQuery<T>(pool: DatabasePool, sql: string, params?: any[]): Promise<T>;
  setReadOnly(connection: DatabaseConnection): Promise<void>;
  unsetReadOnly(connection: DatabaseConnection): Promise<void>;
  normalizeResult(result: any): NormalizedResult;
  supportsReadOnlyMode(): boolean;
}

Fluxos de Transação

Operações de Leitura:

BEGIN → SET TRANSACTION READ ONLY → QUERY → ROLLBACK → RESET TO READ WRITE

Operações de Escrita:

BEGIN → QUERY → COMMIT (ou ROLLBACK em caso de erro)

Exemplos

MySQL com Unix Socket

DB_TYPE=mysql
MYSQL_SOCKET_PATH=/tmp/mysql.sock
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL Multi-DB com Permissões

DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=                                      # Modo multi-DB
SCHEMA_INSERT_PERMISSIONS=app_db:true         # app_db pode inserir
SCHEMA_UPDATE_PERMISSIONS=app_db:true         # app_db pode atualizar
SCHEMA_DELETE_PERMISSIONS=app_db:false        # app_db: DELETE bloqueado

SQLite Read-Only

DB_TYPE=sqlite
SQLITE_DB=/var/lib/data/production.db
DB_READ_ONLY_MODE=true

AWS RDS MySQL com SSL

DB_TYPE=mysql
DB_HOST=prod.abc123.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_USER=admin
DB_PASS=secure_password
DB_NAME=production
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
ALLOW_INSERT_OPERATION=false
ALLOW_UPDATE_OPERATION=false
ALLOW_DELETE_OPERATION=false
ALLOW_DDL_OPERATION=false

Desenvolvimento

pnpm dev              # Executar em modo dev (tsx)
pnpm build            # Compilar TypeScript
pnpm watch            # Modo watch
pnpm exec             # Build + executar com .env

Testes

pnpm test              # Executar todos os testes (setup + vitest run)
pnpm test:watch        # Modo watch
pnpm test:unit         # Apenas testes unitários
pnpm test:integration  # Testes de integração (MySQL, socket, permissões)
pnpm test:e2e          # Testes end-to-end
pnpm test:coverage     # Relatório de cobertura

Estrutura de Testes:

tests/
├── unit/           # Funções isoladas (parsing de queries, utils)
├── integration/    # Operações reais de banco de dados
└── e2e/           # Fluxos completos do servidor MCP

Ajustes de Performance

Connection Pool

DB_CONNECTION_LIMIT=20  # Padrão: 10

Desabilitar Transações Read-Only (MySQL)

⚠️ Não recomendado - reduz segurança:

MYSQL_DISABLE_READ_ONLY_TRANSACTIONS=true

Referência de Variáveis de Ambiente

Configurações Principais do Banco

Variável Descrição Padrão Exemplo
DB_TYPE Tipo de banco mysql mysql, postgresql, sqlite
DB_HOST Host do banco 127.0.0.1 localhost, db.example.com
DB_PORT Porta do banco 3306 3306 (MySQL), 5432 (PostgreSQL)
DB_USER Usuário do banco root admin, postgres
DB_PASS Senha do banco "" secure_password
DB_NAME Nome do banco undefined mydb, "" (multi-DB)
DB_CONNECTION_LIMIT Tamanho do pool 10 20

Configurações de Segurança

Variável Descrição Padrão Valores
DB_READ_ONLY_MODE Modo global read-only false true, false
ALLOW_INSERT_OPERATION Permissão global de INSERT false true, false
ALLOW_UPDATE_OPERATION Permissão global de UPDATE false true, false
ALLOW_DELETE_OPERATION Permissão global de DELETE false true, false
ALLOW_DDL_OPERATION Permissão global de DDL false true, false
MULTI_DB_WRITE_MODE Permitir escritas em multi-DB false true, false

Permissões por Schema

Variável Formato Exemplo
SCHEMA_INSERT_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_UPDATE_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_DELETE_PERMISSIONS schema:bool,schema:bool test_db:false,prod_db:false
SCHEMA_DDL_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false

Configurações SSL/TLS

Variável Descrição Necessária Exemplo
DB_SSL Habilitar SSL/TLS Bancos Cloud true, false
DB_SSL_REJECT_UNAUTHORIZED Validação SSL estrita Produção true, false
DB_SSL_CA Caminho do certificado CA Cloud SQL /path/to/ca.pem
DB_SSL_CERT Certificado do cliente Cloud SQL /path/to/cert.pem
DB_SSL_KEY Chave do cliente Cloud SQL /path/to/key.pem

Configurações MCP Remoto

Variável Descrição Necessária Exemplo
IS_REMOTE_MCP Habilitar modo HTTP Não true, false
REMOTE_SECRET_KEY Token de autenticação Se remoto your-secret-key
PORT Porta do servidor HTTP Não 3000

Solução de Problemas

Erros de Conexão

Socket MySQL não encontrado:

# Verificar caminho do socket
sudo mysql -u root -p -e "SELECT @@socket;"

# Configurar no .env
MYSQL_SOCKET_PATH=/var/run/mysqld/mysqld.sock

Conexão PostgreSQL recusada:

# Verificar se PostgreSQL está rodando
sudo systemctl status postgresql

# Verificar porta
sudo netstat -tulpn | grep 5432

Erros de Permissão

"Operation not allowed in read-only mode":

# Verificar modo global read-only
DB_READ_ONLY_MODE=false

# Verificar modo multi-DB
MULTI_DB_WRITE_MODE=true  # Se necessário

# Ou usar permissões de schema
SCHEMA_INSERT_PERMISSIONS=mydb:true

"INSERT not allowed for schema 'mydb'":

# Verificar permissão global
ALLOW_INSERT_OPERATION=true

# Ou adicionar exceção de schema
SCHEMA_INSERT_PERMISSIONS=mydb:true

Licença

MIT

Créditos

About

MCP server for MySQL, PostgreSQL & SQLite with granular permissions, multi-DB support, and cloud-ready SSL/TLS. Built with adapter pattern for extensibility.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 82.2%
  • JavaScript 16.5%
  • Dockerfile 1.3%