Model Context Protocol server for PostgreSQL database inspection and querying
Project description
PostgreSQL MCP Server
A Python Model Context Protocol (MCP) server for inspecting and querying PostgreSQL databases from MCP-compatible clients. It provides schema discovery, safe read-only query execution, query explanation, table previews, index analysis, relationship inspection, and PostgreSQL resources for table metadata.
Features
- List public tables and inspect table schemas
- Execute read-only SQL in a PostgreSQL read-only transaction
- Explain query plans without executing the target query directly
- Preview table rows with a fixed limit
- Inspect foreign-key relationships and indexes
- Expose passive MCP resources for table lists and schema details
Safety Model
postgresql_execute_read_query runs with PostgreSQL read-only transaction mode, caps returned rows by POSTGRES_READ_QUERY_LIMIT, and rolls back after execution. The server also includes postgresql_execute_write_query, which only accepts a single INSERT, UPDATE, DELETE, CREATE, ALTER, DROP, or TRUNCATE statement and can modify data/schema if the connected database user has permission. Do not auto-approve write-capable tools in your MCP client. For public or shared use, run the server with a dedicated read-only PostgreSQL user.
Requirements
- Python 3.11+
- PostgreSQL database
- MCP-compatible client such as Claude Desktop, Cursor, VS Code, or another MCP host
Installation
When published to PyPI, install or run the server like a standard Python MCP package:
uvx mdev-postgresql-mcp-server
For local development from source:
git clone https://github.com/musaddiq-dev/postgresql-mcp-server.git
cd postgresql-mcp-server
python -m venv .venv
source .venv/bin/activate
pip install -e .
Configuration
Copy the example environment file and update it with your database connection details.
cp .env.example .env
| Variable | Description | Required | Default |
|---|---|---|---|
POSTGRES_HOST |
PostgreSQL host | Yes | localhost |
POSTGRES_PORT |
PostgreSQL port | Yes | 5432 |
POSTGRES_USER |
PostgreSQL username | Yes | None |
POSTGRES_PASSWORD |
PostgreSQL password | No | None |
POSTGRES_DB |
PostgreSQL database name | Yes | None |
LOG_LEVEL |
Python logging level written to stderr | No | INFO |
POSTGRES_READ_QUERY_LIMIT |
Maximum rows returned by read queries | No | 1000 |
Example read-only user:
CREATE USER mcp_readonly WITH PASSWORD 'change-me';
GRANT CONNECT ON DATABASE your_database TO mcp_readonly;
GRANT USAGE ON SCHEMA public TO mcp_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO mcp_readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO mcp_readonly;
Running
mdev-postgresql-mcp-server
From a local checkout before PyPI publication, run:
python -m postgresql_mcp_server.server
MCP Client Configuration
For published installs, prefer uvx. MCP servers using stdio must write protocol messages only to stdout; this server writes logs to stderr through Python logging.
Claude Desktop / Cursor / Windsurf / Cline
Most MCP clients accept this mcpServers JSON shape:
{
"mcpServers": {
"postgresql": {
"command": "uvx",
"args": ["mdev-postgresql-mcp-server"],
"env": {
"POSTGRES_HOST": "localhost",
"POSTGRES_PORT": "5432",
"POSTGRES_USER": "mcp_readonly",
"POSTGRES_PASSWORD": "change-me",
"POSTGRES_DB": "your_database"
}
}
}
}
For local development from this repository, use the installed console script path instead:
{
"mcpServers": {
"postgresql": {
"command": "/absolute/path/to/postgresql-mcp-server/.venv/bin/mdev-postgresql-mcp-server",
"args": [],
"env": {
"POSTGRES_HOST": "localhost",
"POSTGRES_PORT": "5432",
"POSTGRES_USER": "mcp_readonly",
"POSTGRES_PASSWORD": "change-me",
"POSTGRES_DB": "your_database"
}
}
}
}
Claude Code CLI
claude mcp add postgresql \
--env POSTGRES_HOST=localhost \
--env POSTGRES_PORT=5432 \
--env POSTGRES_USER=mcp_readonly \
--env POSTGRES_PASSWORD=change-me \
--env POSTGRES_DB=your_database \
-- uvx mdev-postgresql-mcp-server
VS Code MCP
VS Code uses the same command/args/env model in its MCP configuration:
{
"servers": {
"postgresql": {
"type": "stdio",
"command": "uvx",
"args": ["mdev-postgresql-mcp-server"],
"env": {
"POSTGRES_HOST": "localhost",
"POSTGRES_PORT": "5432",
"POSTGRES_USER": "mcp_readonly",
"POSTGRES_PASSWORD": "change-me",
"POSTGRES_DB": "your_database"
}
}
}
}
Tools
| Tool | Purpose | Safety |
|---|---|---|
postgresql_list_tables |
List public base tables | Read-only |
postgresql_describe_table |
Show columns and metadata for a table | Read-only |
postgresql_execute_read_query |
Run bounded SQL under read-only transaction mode | Read-only |
postgresql_execute_write_query |
Run a single approved modifying SQL statement and commit | Destructive |
postgresql_explain_query |
Return PostgreSQL EXPLAIN output for a single query |
Read-only |
postgresql_get_database_summary |
Return database version and table count | Read-only |
postgresql_get_relationships |
Inspect foreign-key relationships | Read-only |
postgresql_analyze_indexes |
Inspect indexes and sizes | Read-only |
postgresql_preview_table |
Return up to 10 rows from a table | Read-only |
postgresql_search_sql_definitions |
Search public SQL routines/functions | Read-only |
Resources
postgres://list_tablesreturns public table names.postgres://schema/{table_name}returns a generated schema statement for a table.
Smoke Check
Without a database, verify syntax with:
python -m py_compile src/postgresql_mcp_server/server.py
With a configured database, start the server and use your MCP client to call list_tables.
Distribution
This repository is prepared for the common Python MCP distribution path: publish the package to PyPI, keep the mcp-name marker at the top of this README for MCP Registry ownership verification, and publish server.json metadata with the GitHub repository. After release, users should prefer uvx mdev-postgresql-mcp-server in local MCP client configurations.
Security Notes
- Do not commit
.envor MCP client configs containing credentials. - Use least-privilege database users.
- Treat
execute_write_queryas destructive and require explicit user approval in your MCP client. - Review generated SQL before running write-capable tools.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mdev_postgresql_mcp_server-0.1.1.tar.gz.
File metadata
- Download URL: mdev_postgresql_mcp_server-0.1.1.tar.gz
- Upload date:
- Size: 13.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d450c2c40838ff0c95d968ca6e8e594aa624e65e886a8a111283dbdb01987788
|
|
| MD5 |
aac8040ddfd5857dd9c0b40a84843a11
|
|
| BLAKE2b-256 |
a9c3f7a8fb89a6650300b45680590ae9665fcb8d499198a2f79f1b12d42ede2e
|
Provenance
The following attestation bundles were made for mdev_postgresql_mcp_server-0.1.1.tar.gz:
Publisher:
publish-pypi.yml on musaddiq-dev/postgresql-mcp-server
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mdev_postgresql_mcp_server-0.1.1.tar.gz -
Subject digest:
d450c2c40838ff0c95d968ca6e8e594aa624e65e886a8a111283dbdb01987788 - Sigstore transparency entry: 1606216653
- Sigstore integration time:
-
Permalink:
musaddiq-dev/postgresql-mcp-server@8e68826dfc0752d8bbdde59b1a077492d368f22c -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/musaddiq-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@8e68826dfc0752d8bbdde59b1a077492d368f22c -
Trigger Event:
release
-
Statement type:
File details
Details for the file mdev_postgresql_mcp_server-0.1.1-py3-none-any.whl.
File metadata
- Download URL: mdev_postgresql_mcp_server-0.1.1-py3-none-any.whl
- Upload date:
- Size: 12.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f55f3313f7a9976c7dd1a46e4b15a918823e698391519053a64824466a9679cd
|
|
| MD5 |
7703241807e124e690ab7b9dd57ed785
|
|
| BLAKE2b-256 |
f87fe0d25bcc52a55316028a922ae4b9dcf249d94ef07f6f13b14c01af301594
|
Provenance
The following attestation bundles were made for mdev_postgresql_mcp_server-0.1.1-py3-none-any.whl:
Publisher:
publish-pypi.yml on musaddiq-dev/postgresql-mcp-server
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mdev_postgresql_mcp_server-0.1.1-py3-none-any.whl -
Subject digest:
f55f3313f7a9976c7dd1a46e4b15a918823e698391519053a64824466a9679cd - Sigstore transparency entry: 1606216874
- Sigstore integration time:
-
Permalink:
musaddiq-dev/postgresql-mcp-server@8e68826dfc0752d8bbdde59b1a077492d368f22c -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/musaddiq-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@8e68826dfc0752d8bbdde59b1a077492d368f22c -
Trigger Event:
release
-
Statement type:
