Database Bridge MCP Server

Database Bridge MCP Server

Enables secure database interactions with MySQL, PostgreSQL, and SQLite through granular permissions, multi-database support, and cloud-ready SSL/TLS connections. Supports read-only modes, schema-specific permissions, and transaction management for safe database operations.

Category
Visit Server

README

mcp-db-bridge

English | Português

English

Version

MCP (Model Context Protocol) server for MySQL, PostgreSQL & SQLite with granular permissions, multi-DB support, and cloud-ready SSL/TLS. Built with adapter pattern for extensibility.

Features

  • 🔌 Multi-Database: MySQL, PostgreSQL, SQLite
  • 🏗️ Adapter Pattern: Clean and extensible architecture
  • ☁️ Cloud-Ready: SSL/TLS for AWS RDS, Google Cloud SQL, Azure Database
  • 🔒 Security First: Read-only mode + granular schema permissions
  • 🌐 Multi-DB Mode: Simultaneous access to multiple schemas/databases
  • 🔄 Transactions: Automatic BEGIN/COMMIT/ROLLBACK
  • 🚀 HTTP Mode: Optional remote HTTP server (Express)

Installation

npm install mcp-db-bridge
# or
pnpm add mcp-db-bridge

Quick Start

MySQL (Local)

# .env
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL (Local)

# .env
DB_TYPE=postgresql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=mydb

SQLite (In-Memory)

# .env
DB_TYPE=sqlite
SQLITE_DB=:memory:

Run

pnpm build
pnpm start
# or
node dist/index.js

Configuration

Database Types

DB_TYPE=mysql          # MySQL
DB_TYPE=postgresql     # PostgreSQL
DB_TYPE=sqlite         # SQLite

Connection Settings

Generic (All Databases)

DB_HOST=127.0.0.1
DB_PORT=3306           # MySQL: 3306, PostgreSQL: 5432
DB_USER=root
DB_PASS=password
DB_NAME=mydb           # Leave empty for multi-DB mode
DB_CONNECTION_LIMIT=10

MySQL-Specific (Backward Compatibility)

MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASS=password
MYSQL_DB=mydb
MYSQL_SOCKET_PATH=/tmp/mysql.sock  # Unix socket (priority over host/port)

PostgreSQL-Specific

POSTGRESQL_HOST=127.0.0.1
POSTGRESQL_PORT=5432
POSTGRESQL_DB=mydb

SQLite-Specific

SQLITE_DB=:memory:              # In-memory database
SQLITE_DB=/var/lib/app/data.db  # File-based database

Security & Permissions

Read-Only Mode

Blocks all write operations at application level:

DB_READ_ONLY_MODE=true

Global Write Permissions

Fine-grained operation control by type (applied globally):

ALLOW_INSERT_OPERATION=true   # Allow INSERT
ALLOW_UPDATE_OPERATION=true   # Allow UPDATE
ALLOW_DELETE_OPERATION=false  # Block DELETE
ALLOW_DDL_OPERATION=false     # Block CREATE/ALTER/DROP/TRUNCATE

Schema-Specific Permissions

Override global permissions for specific schemas:

# Format: "schema1:true,schema2:false,schema3:true"
SCHEMA_INSERT_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_UPDATE_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_DELETE_PERMISSIONS=prod_db:false,test_db:false,staging_db:false
SCHEMA_DDL_PERMISSIONS=prod_db:false,test_db:true,staging_db:false

How it works:

  • If schema has specific permission → use it
  • Otherwise → use global flag

Example:

# Global: INSERT blocked
ALLOW_INSERT_OPERATION=false

# test_db can insert, prod_db cannot
SCHEMA_INSERT_PERMISSIONS=test_db:true,prod_db:false

# Result:
# - INSERT on test_db: ✅ allowed (schema permission)
# - INSERT on prod_db: ❌ blocked (schema permission)
# - INSERT on other_db: ❌ blocked (global permission)

Multi-DB Mode

Access multiple databases/schemas through a single connection.

Activation

Leave DB_NAME empty (MySQL/PostgreSQL only):

DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=                # Empty = multi-DB mode

Write Protection

By default, multi-DB mode is read-only for security. To allow writes:

MULTI_DB_WRITE_MODE=true  # ⚠️ Use with caution!

Recommendation: Use SCHEMA_*_PERMISSIONS for granular control instead of MULTI_DB_WRITE_MODE=true.

Complete Example

# Multi-DB with granular permissions
DB_TYPE=mysql
DB_NAME=                                    # Multi-DB mode
ALLOW_INSERT_OPERATION=false                # Global: blocked
SCHEMA_INSERT_PERMISSIONS=test_db:true      # Exception: test_db can insert
SCHEMA_UPDATE_PERMISSIONS=test_db:true      # Exception: test_db can update
SCHEMA_DELETE_PERMISSIONS=test_db:false     # test_db: DELETE blocked
SCHEMA_DDL_PERMISSIONS=test_db:true         # test_db: DDL allowed

SSL/TLS for Cloud Databases

AWS RDS (MySQL/PostgreSQL)

DB_TYPE=mysql
DB_HOST=myinstance.123456789012.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
# Optional: DB_SSL_CA=/path/to/aws-rds-ca-cert.pem

Google Cloud SQL (PostgreSQL)

DB_TYPE=postgresql
DB_HOST=34.123.45.67
DB_PORT=5432
DB_SSL=true
DB_SSL_CA=/path/to/server-ca.pem
DB_SSL_CERT=/path/to/client-cert.pem
DB_SSL_KEY=/path/to/client-key.pem

Azure Database for MySQL

DB_TYPE=mysql
DB_HOST=myserver.mysql.database.azure.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true

Remote MCP (HTTP Server)

Run MCP server via HTTP with authentication:

# .env
IS_REMOTE_MCP=true
REMOTE_SECRET_KEY=your-secret-key-here
PORT=3000

Endpoint: POST http://localhost:3000/mcp

Header: Authorization: Bearer your-secret-key-here

Architecture

src/
├── db/
│   ├── adapters/
│   │   ├── types.ts              # Interfaces and types
│   │   ├── factory.ts            # Factory pattern
│   │   ├── mysql.adapter.ts      # MySQL via mysql2
│   │   ├── postgresql.adapter.ts # PostgreSQL via pg
│   │   └── sqlite.adapter.ts     # SQLite via better-sqlite3
│   ├── index.ts                  # Core query handlers
│   ├── utils.ts                  # SQL parsing (node-sql-parser)
│   └── permissions.ts            # Schema permission checks
├── config/
│   └── index.ts                  # Environment configuration
├── utils/
│   └── index.ts                  # Logging & utilities
└── types/
    └── index.ts                  # Type definitions

Adapter Pattern

Each adapter implements the DatabaseAdapter interface:

export interface DatabaseAdapter {
  readonly type: DatabaseType;
  createPool(config: ConnectionConfig): Promise<DatabasePool>;
  executeQuery<T>(pool: DatabasePool, sql: string, params?: any[]): Promise<T>;
  setReadOnly(connection: DatabaseConnection): Promise<void>;
  unsetReadOnly(connection: DatabaseConnection): Promise<void>;
  normalizeResult(result: any): NormalizedResult;
  supportsReadOnlyMode(): boolean;
}

Transaction Flows

Read Operations:

BEGIN → SET TRANSACTION READ ONLY → QUERY → ROLLBACK → RESET TO READ WRITE

Write Operations:

BEGIN → QUERY → COMMIT (or ROLLBACK on error)

Examples

MySQL with Unix Socket

DB_TYPE=mysql
MYSQL_SOCKET_PATH=/tmp/mysql.sock
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL Multi-DB with Permissions

DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=                                      # Multi-DB mode
SCHEMA_INSERT_PERMISSIONS=app_db:true         # app_db can insert
SCHEMA_UPDATE_PERMISSIONS=app_db:true         # app_db can update
SCHEMA_DELETE_PERMISSIONS=app_db:false        # app_db: DELETE blocked

SQLite Read-Only

DB_TYPE=sqlite
SQLITE_DB=/var/lib/data/production.db
DB_READ_ONLY_MODE=true

AWS RDS MySQL with SSL

DB_TYPE=mysql
DB_HOST=prod.abc123.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_USER=admin
DB_PASS=secure_password
DB_NAME=production
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
ALLOW_INSERT_OPERATION=false
ALLOW_UPDATE_OPERATION=false
ALLOW_DELETE_OPERATION=false
ALLOW_DDL_OPERATION=false

Development

pnpm dev              # Run in dev mode (tsx)
pnpm build            # Compile TypeScript
pnpm watch            # Watch mode
pnpm exec             # Build + run with .env

Testing

pnpm test              # Run all tests (setup + vitest run)
pnpm test:watch        # Watch mode
pnpm test:unit         # Unit tests only
pnpm test:integration  # Integration tests (MySQL, socket, permissions)
pnpm test:e2e          # End-to-end tests
pnpm test:coverage     # Coverage report

Test Structure:

tests/
├── unit/           # Isolated functions (query parsing, utils)
├── integration/    # Real database operations
└── e2e/           # Complete MCP server workflows

Performance Tuning

Connection Pool

DB_CONNECTION_LIMIT=20  # Default: 10

Disable Read-Only Transactions (MySQL)

⚠️ Not recommended - reduces security:

MYSQL_DISABLE_READ_ONLY_TRANSACTIONS=true

Environment Variables Reference

Core Database Settings

Variable Description Default Example
DB_TYPE Database type mysql mysql, postgresql, sqlite
DB_HOST Database host 127.0.0.1 localhost, db.example.com
DB_PORT Database port 3306 3306 (MySQL), 5432 (PostgreSQL)
DB_USER Database user root admin, postgres
DB_PASS Database password "" secure_password
DB_NAME Database name undefined mydb, "" (multi-DB)
DB_CONNECTION_LIMIT Pool size 10 20

Security Settings

Variable Description Default Values
DB_READ_ONLY_MODE Global read-only mode false true, false
ALLOW_INSERT_OPERATION Global INSERT permission false true, false
ALLOW_UPDATE_OPERATION Global UPDATE permission false true, false
ALLOW_DELETE_OPERATION Global DELETE permission false true, false
ALLOW_DDL_OPERATION Global DDL permission false true, false
MULTI_DB_WRITE_MODE Allow writes in multi-DB false true, false

Schema Permissions

Variable Format Example
SCHEMA_INSERT_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_UPDATE_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_DELETE_PERMISSIONS schema:bool,schema:bool test_db:false,prod_db:false
SCHEMA_DDL_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false

SSL/TLS Settings

Variable Description Required Example
DB_SSL Enable SSL/TLS Cloud DBs true, false
DB_SSL_REJECT_UNAUTHORIZED Strict SSL validation Production true, false
DB_SSL_CA CA certificate path Cloud SQL /path/to/ca.pem
DB_SSL_CERT Client certificate Cloud SQL /path/to/cert.pem
DB_SSL_KEY Client key Cloud SQL /path/to/key.pem

Remote MCP Settings

Variable Description Required Example
IS_REMOTE_MCP Enable HTTP mode No true, false
REMOTE_SECRET_KEY Auth token If remote your-secret-key
PORT HTTP server port No 3000

Troubleshooting

Connection Errors

MySQL socket not found:

# Check socket path
sudo mysql -u root -p -e "SELECT @@socket;"

# Set in .env
MYSQL_SOCKET_PATH=/var/run/mysqld/mysqld.sock

PostgreSQL connection refused:

# Check if PostgreSQL is running
sudo systemctl status postgresql

# Check port
sudo netstat -tulpn | grep 5432

Permission Errors

"Operation not allowed in read-only mode":

# Check global read-only mode
DB_READ_ONLY_MODE=false

# Check multi-DB mode
MULTI_DB_WRITE_MODE=true  # If needed

# Or use schema permissions
SCHEMA_INSERT_PERMISSIONS=mydb:true

"INSERT not allowed for schema 'mydb'":

# Check global permission
ALLOW_INSERT_OPERATION=true

# Or add schema exception
SCHEMA_INSERT_PERMISSIONS=mydb:true

License

MIT

Credits

Português

Version

Servidor MCP (Model Context Protocol) para MySQL, PostgreSQL e SQLite com permissões granulares, suporte multi-DB e SSL/TLS pronto para nuvem. Construído com adapter pattern para extensibilidade.

Funcionalidades

  • 🔌 Multi-Database: MySQL, PostgreSQL, SQLite
  • 🏗️ Adapter Pattern: Arquitetura limpa e extensível
  • ☁️ Cloud-Ready: SSL/TLS para AWS RDS, Google Cloud SQL, Azure Database
  • 🔒 Security First: Modo read-only + permissões granulares por schema
  • 🌐 Multi-DB Mode: Acesso simultâneo a múltiplos schemas/databases
  • 🔄 Transações: BEGIN/COMMIT/ROLLBACK automático
  • 🚀 Modo HTTP: Servidor HTTP remoto opcional (Express)

Instalação

npm install mcp-db-bridge
# ou
pnpm add mcp-db-bridge

Início Rápido

MySQL (Local)

# .env
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL (Local)

# .env
DB_TYPE=postgresql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=mydb

SQLite (In-Memory)

# .env
DB_TYPE=sqlite
SQLITE_DB=:memory:

Executar

pnpm build
pnpm start
# ou
node dist/index.js

Configuração

Tipos de Banco de Dados

DB_TYPE=mysql          # MySQL
DB_TYPE=postgresql     # PostgreSQL
DB_TYPE=sqlite         # SQLite

Configurações de Conexão

Genéricas (Todos os Bancos)

DB_HOST=127.0.0.1
DB_PORT=3306           # MySQL: 3306, PostgreSQL: 5432
DB_USER=root
DB_PASS=password
DB_NAME=mydb           # Deixe vazio para modo multi-DB
DB_CONNECTION_LIMIT=10

Específicas do MySQL (Compatibilidade)

MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASS=password
MYSQL_DB=mydb
MYSQL_SOCKET_PATH=/tmp/mysql.sock  # Unix socket (prioridade sobre host/port)

Específicas do PostgreSQL

POSTGRESQL_HOST=127.0.0.1
POSTGRESQL_PORT=5432
POSTGRESQL_DB=mydb

Específicas do SQLite

SQLITE_DB=:memory:              # Database em memória
SQLITE_DB=/var/lib/app/data.db  # Database em arquivo

Segurança & Permissões

Modo Read-Only

Bloqueia todas as operações de escrita em nível de aplicação:

DB_READ_ONLY_MODE=true

Permissões Globais de Escrita

Controle fino de operações por tipo (aplicado globalmente):

ALLOW_INSERT_OPERATION=true   # Permite INSERT
ALLOW_UPDATE_OPERATION=true   # Permite UPDATE
ALLOW_DELETE_OPERATION=false  # Bloqueia DELETE
ALLOW_DDL_OPERATION=false     # Bloqueia CREATE/ALTER/DROP/TRUNCATE

Permissões Específicas por Schema

Sobrescreve permissões globais para schemas específicos:

# Formato: "schema1:true,schema2:false,schema3:true"
SCHEMA_INSERT_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_UPDATE_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_DELETE_PERMISSIONS=prod_db:false,test_db:false,staging_db:false
SCHEMA_DDL_PERMISSIONS=prod_db:false,test_db:true,staging_db:false

Como funciona:

  • Se schema tem permissão específica → usa ela
  • Caso contrário → usa flag global

Exemplo:

# Global: INSERT bloqueado
ALLOW_INSERT_OPERATION=false

# test_db pode inserir, prod_db não pode
SCHEMA_INSERT_PERMISSIONS=test_db:true,prod_db:false

# Resultado:
# - INSERT em test_db: ✅ permitido (permissão do schema)
# - INSERT em prod_db: ❌ bloqueado (permissão do schema)
# - INSERT em other_db: ❌ bloqueado (permissão global)

Modo Multi-DB

Acessa múltiplos databases/schemas através de uma única conexão.

Ativação

Deixe DB_NAME vazio (MySQL/PostgreSQL apenas):

DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=                # Vazio = modo multi-DB

Proteção de Escrita

Por padrão, modo multi-DB é read-only por segurança. Para permitir escritas:

MULTI_DB_WRITE_MODE=true  # ⚠️ Use com cautela!

Recomendação: Use SCHEMA_*_PERMISSIONS para controle granular ao invés de MULTI_DB_WRITE_MODE=true.

Exemplo Completo

# Multi-DB com permissões granulares
DB_TYPE=mysql
DB_NAME=                                    # Modo multi-DB
ALLOW_INSERT_OPERATION=false                # Global: bloqueado
SCHEMA_INSERT_PERMISSIONS=test_db:true      # Exceção: test_db pode inserir
SCHEMA_UPDATE_PERMISSIONS=test_db:true      # Exceção: test_db pode atualizar
SCHEMA_DELETE_PERMISSIONS=test_db:false     # test_db: DELETE bloqueado
SCHEMA_DDL_PERMISSIONS=test_db:true         # test_db: DDL permitido

SSL/TLS para Bancos na Nuvem

AWS RDS (MySQL/PostgreSQL)

DB_TYPE=mysql
DB_HOST=myinstance.123456789012.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
# Opcional: DB_SSL_CA=/path/to/aws-rds-ca-cert.pem

Google Cloud SQL (PostgreSQL)

DB_TYPE=postgresql
DB_HOST=34.123.45.67
DB_PORT=5432
DB_SSL=true
DB_SSL_CA=/path/to/server-ca.pem
DB_SSL_CERT=/path/to/client-cert.pem
DB_SSL_KEY=/path/to/client-key.pem

Azure Database for MySQL

DB_TYPE=mysql
DB_HOST=myserver.mysql.database.azure.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true

MCP Remoto (Servidor HTTP)

Execute o servidor MCP via HTTP com autenticação:

# .env
IS_REMOTE_MCP=true
REMOTE_SECRET_KEY=your-secret-key-here
PORT=3000

Endpoint: POST http://localhost:3000/mcp

Header: Authorization: Bearer your-secret-key-here

Arquitetura

src/
├── db/
│   ├── adapters/
│   │   ├── types.ts              # Interfaces e tipos
│   │   ├── factory.ts            # Factory pattern
│   │   ├── mysql.adapter.ts      # MySQL via mysql2
│   │   ├── postgresql.adapter.ts # PostgreSQL via pg
│   │   └── sqlite.adapter.ts     # SQLite via better-sqlite3
│   ├── index.ts                  # Core query handlers
│   ├── utils.ts                  # SQL parsing (node-sql-parser)
│   └── permissions.ts            # Schema permission checks
├── config/
│   └── index.ts                  # Configuração de ambiente
├── utils/
│   └── index.ts                  # Logging & utilitários
└── types/
    └── index.ts                  # Definições de tipos

Adapter Pattern

Cada adapter implementa a interface DatabaseAdapter:

export interface DatabaseAdapter {
  readonly type: DatabaseType;
  createPool(config: ConnectionConfig): Promise<DatabasePool>;
  executeQuery<T>(pool: DatabasePool, sql: string, params?: any[]): Promise<T>;
  setReadOnly(connection: DatabaseConnection): Promise<void>;
  unsetReadOnly(connection: DatabaseConnection): Promise<void>;
  normalizeResult(result: any): NormalizedResult;
  supportsReadOnlyMode(): boolean;
}

Fluxos de Transação

Operações de Leitura:

BEGIN → SET TRANSACTION READ ONLY → QUERY → ROLLBACK → RESET TO READ WRITE

Operações de Escrita:

BEGIN → QUERY → COMMIT (ou ROLLBACK em caso de erro)

Exemplos

MySQL com Unix Socket

DB_TYPE=mysql
MYSQL_SOCKET_PATH=/tmp/mysql.sock
DB_USER=root
DB_PASS=password
DB_NAME=mydb

PostgreSQL Multi-DB com Permissões

DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=                                      # Modo multi-DB
SCHEMA_INSERT_PERMISSIONS=app_db:true         # app_db pode inserir
SCHEMA_UPDATE_PERMISSIONS=app_db:true         # app_db pode atualizar
SCHEMA_DELETE_PERMISSIONS=app_db:false        # app_db: DELETE bloqueado

SQLite Read-Only

DB_TYPE=sqlite
SQLITE_DB=/var/lib/data/production.db
DB_READ_ONLY_MODE=true

AWS RDS MySQL com SSL

DB_TYPE=mysql
DB_HOST=prod.abc123.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_USER=admin
DB_PASS=secure_password
DB_NAME=production
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
ALLOW_INSERT_OPERATION=false
ALLOW_UPDATE_OPERATION=false
ALLOW_DELETE_OPERATION=false
ALLOW_DDL_OPERATION=false

Desenvolvimento

pnpm dev              # Executar em modo dev (tsx)
pnpm build            # Compilar TypeScript
pnpm watch            # Modo watch
pnpm exec             # Build + executar com .env

Testes

pnpm test              # Executar todos os testes (setup + vitest run)
pnpm test:watch        # Modo watch
pnpm test:unit         # Apenas testes unitários
pnpm test:integration  # Testes de integração (MySQL, socket, permissões)
pnpm test:e2e          # Testes end-to-end
pnpm test:coverage     # Relatório de cobertura

Estrutura de Testes:

tests/
├── unit/           # Funções isoladas (parsing de queries, utils)
├── integration/    # Operações reais de banco de dados
└── e2e/           # Fluxos completos do servidor MCP

Ajustes de Performance

Connection Pool

DB_CONNECTION_LIMIT=20  # Padrão: 10

Desabilitar Transações Read-Only (MySQL)

⚠️ Não recomendado - reduz segurança:

MYSQL_DISABLE_READ_ONLY_TRANSACTIONS=true

Referência de Variáveis de Ambiente

Configurações Principais do Banco

Variável Descrição Padrão Exemplo
DB_TYPE Tipo de banco mysql mysql, postgresql, sqlite
DB_HOST Host do banco 127.0.0.1 localhost, db.example.com
DB_PORT Porta do banco 3306 3306 (MySQL), 5432 (PostgreSQL)
DB_USER Usuário do banco root admin, postgres
DB_PASS Senha do banco "" secure_password
DB_NAME Nome do banco undefined mydb, "" (multi-DB)
DB_CONNECTION_LIMIT Tamanho do pool 10 20

Configurações de Segurança

Variável Descrição Padrão Valores
DB_READ_ONLY_MODE Modo global read-only false true, false
ALLOW_INSERT_OPERATION Permissão global de INSERT false true, false
ALLOW_UPDATE_OPERATION Permissão global de UPDATE false true, false
ALLOW_DELETE_OPERATION Permissão global de DELETE false true, false
ALLOW_DDL_OPERATION Permissão global de DDL false true, false
MULTI_DB_WRITE_MODE Permitir escritas em multi-DB false true, false

Permissões por Schema

Variável Formato Exemplo
SCHEMA_INSERT_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_UPDATE_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false
SCHEMA_DELETE_PERMISSIONS schema:bool,schema:bool test_db:false,prod_db:false
SCHEMA_DDL_PERMISSIONS schema:bool,schema:bool test_db:true,prod_db:false

Configurações SSL/TLS

Variável Descrição Necessária Exemplo
DB_SSL Habilitar SSL/TLS Bancos Cloud true, false
DB_SSL_REJECT_UNAUTHORIZED Validação SSL estrita Produção true, false
DB_SSL_CA Caminho do certificado CA Cloud SQL /path/to/ca.pem
DB_SSL_CERT Certificado do cliente Cloud SQL /path/to/cert.pem
DB_SSL_KEY Chave do cliente Cloud SQL /path/to/key.pem

Configurações MCP Remoto

Variável Descrição Necessária Exemplo
IS_REMOTE_MCP Habilitar modo HTTP Não true, false
REMOTE_SECRET_KEY Token de autenticação Se remoto your-secret-key
PORT Porta do servidor HTTP Não 3000

Solução de Problemas

Erros de Conexão

Socket MySQL não encontrado:

# Verificar caminho do socket
sudo mysql -u root -p -e "SELECT @@socket;"

# Configurar no .env
MYSQL_SOCKET_PATH=/var/run/mysqld/mysqld.sock

Conexão PostgreSQL recusada:

# Verificar se PostgreSQL está rodando
sudo systemctl status postgresql

# Verificar porta
sudo netstat -tulpn | grep 5432

Erros de Permissão

"Operation not allowed in read-only mode":

# Verificar modo global read-only
DB_READ_ONLY_MODE=false

# Verificar modo multi-DB
MULTI_DB_WRITE_MODE=true  # Se necessário

# Ou usar permissões de schema
SCHEMA_INSERT_PERMISSIONS=mydb:true

"INSERT not allowed for schema 'mydb'":

# Verificar permissão global
ALLOW_INSERT_OPERATION=true

# Ou adicionar exceção de schema
SCHEMA_INSERT_PERMISSIONS=mydb:true

Licença

MIT

Créditos

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured