Read-only SQL MCP server for PostgreSQL and MySQL.
Project description
sql-query-mcp
A general-purpose MCP server that lets AI work with multiple databases within clear boundaries.
Current database support
| Database | Status | Current availability |
|---|---|---|
| PostgreSQL | Supported | Available today |
| MySQL | Supported | Available today |
| Hive | Supported | Available today |
| SQLite | Candidate | Not supported yet |
| SQL Server | Candidate | Not supported yet |
| ClickHouse | Candidate | Not supported yet |
Product value
sql-query-mcp helps AI clients discover schema, sample data, and analyze
read-only queries through one controlled MCP interface.
It keeps connection handling, namespace rules, SQL validation, and audit logging on the server side, so you can expose useful database context to AI without exposing raw connection strings or flattening engine-specific concepts.
What AI can do with it
The current tool set focuses on database discovery, controlled query workflows, asynchronous read-only queries, and one narrow local file import path. You can use it to help an AI assistant understand structure before it generates SQL, runs a bounded query, starts a long-running read-only query, or imports a prepared CSV/XLSX file into an existing table.
MySQL and Hive support explain_query. Hive uses EXPLAIN and
EXPLAIN ANALYZE for explain_query.
| Tool | PostgreSQL | MySQL | Hive | Purpose |
|---|---|---|---|---|
list_connections() |
Yes | Yes | Yes | List configured connections |
list_schemas(connection_id) |
Yes | No | No | List visible PostgreSQL schemas |
list_databases(connection_id) |
No | Yes | Yes | List visible MySQL or Hive databases |
list_tables(connection_id, schema?, database?) |
Yes | Yes | Yes | List tables and views |
describe_table(connection_id, table_name, schema?, database?) |
Yes | Yes | Yes | Inspect columns, keys, and indexes |
run_select(connection_id, sql, limit?) |
Yes | Yes | Yes | Run short bounded read-only queries |
start_query(connection_id, sql, limit?) |
Yes | Yes | Yes | Start long-running read-only queries |
get_query(query_id, offset?, limit?) |
Yes | Yes | Yes | Fetch async query status and paginated results |
cancel_query(query_id) |
Yes | Yes | Yes | Cancel running async queries |
explain_query(connection_id, sql, analyze?) |
Yes | Yes | Yes | Inspect query plans |
get_table_sample(connection_id, table_name, schema?, database?, limit?) |
Yes | Yes | Yes | Fetch small table samples |
import_table_file(connection_id, table_name, file_path, schema?, database?, sheet_name?) |
Yes | Yes | Yes | Import local CSV/XLSX files |
These tools are useful for tasks such as listing namespaces, inspecting table
definitions, reviewing indexes, sampling records, running short read-only
queries with run_select, running long read-only queries with start_query,
get_query, and cancel_query, analyzing read-only queries with EXPLAIN, and
importing prepared local files. For full request and response details, see
docs/api-reference.md (Chinese).
How boundaries are constrained
The product boundary is intentionally narrow today. PostgreSQL, MySQL, and Hive are available today. Query tools remain read-only, and the only write path is a controlled local CSV/XLSX import into existing tables.
The service keeps those boundaries explicit in a few ways.
- Connections declare
engineexplicitly, so the server never guesses fromconnection_id. - PostgreSQL uses
schema, while MySQL and Hive usedatabase, without collapsing both into one vague namespace field. - Real DSNs stay in environment variables, while config files store only the environment variable names.
- Query execution passes through
sqlglotvalidation before reaching the database. Userun_selectfor short bounded read-only queries, and usestart_query,get_query, andcancel_queryfor long-running read-only queries. - The server accepts only
SELECTandWITH ... SELECT, rejects comments and multi-statement input, and records audit logs for each call. import_table_filedoesn't accept raw SQL. It inserts only file columns whose headers exactly match existing table columns.- Hive
import_table_fileis intended for small files only and rejects files with more than 1000 data rows. Hive imports write rows one by one, so they can be slow and can hit your MCP client's tool timeout. For bulk Hive loads, use Hive-nativeLOAD DATA, external tables, or your existing data ingestion pipeline.
For Hive, explain_query uses EXPLAIN and EXPLAIN ANALYZE.
Quick start
sql-query-mcp supports two official PyPI-based setup modes. Both are intended
for real usage, not just local testing.
- Choose how you want your MCP client to start the server.
Use installed command mode if you want a simple local command after one install.
pipx install sql-query-mcp
Use managed launch mode if you want the package source declared directly in your MCP client config.
pipx run --spec sql-query-mcp sql-query-mcp
Pin a version with pipx install 'sql-query-mcp==X.Y.Z' or
pipx run --spec 'sql-query-mcp==X.Y.Z' sql-query-mcp. Upgrade installed
command mode with pipx upgrade sql-query-mcp.
- Create a config file.
The server configuration should live outside the repository so the same file works with either startup mode.
mkdir -p ~/.config/sql-query-mcp
Then save the example JSON later in this section as
~/.config/sql-query-mcp/connections.json.
- Register the server in your MCP client.
- Codex:
docs/codex-setup.md(Chinese) - OpenCode:
docs/opencode-setup.md(Chinese)
Installed command mode means your client runs sql-query-mcp directly.
Managed launch mode means your client starts the server through pipx run.
In both modes, put SQL_QUERY_MCP_CONFIG and your real database DSNs in the
MCP client's environment block instead of exporting them in your shell.
The console entry point is sql-query-mcp, which maps to
sql_query_mcp.app:main.
The PyPI install name is sql-query-mcp, and the Python package import path is
sql_query_mcp.
For pipx install and pipx run, set SQL_QUERY_MCP_CONFIG explicitly to
your config file path. The default config/connections.json path is mainly for
source checkouts and local development.
The example config looks like this.
{
"settings": {
"default_limit": 200,
"max_limit": 1000,
"audit_log_path": "logs/audit.jsonl"
},
"connections": [
{
"connection_id": "crm_prod_main_ro",
"engine": "postgres",
"label": "CRM PostgreSQL production / Main / read-only",
"env": "prod",
"tenant": "main",
"role": "ro",
"dsn_env": "PG_CONN_CRM_PROD_MAIN_RO",
"enabled": true,
"default_schema": "public"
},
{
"connection_id": "crm_mysql_prod_main_ro",
"engine": "mysql",
"label": "CRM MySQL production / Main / read-only",
"env": "prod",
"tenant": "main",
"role": "ro",
"dsn_env": "MYSQL_CONN_CRM_PROD_MAIN_RO",
"enabled": true,
"default_database": "crm"
},
{
"connection_id": "warehouse_hive_prod_main_ro",
"engine": "hive",
"label": "Warehouse Hive production / Main / read-only",
"env": "prod",
"tenant": "main",
"role": "ro",
"dsn_env": "HIVE_CONN_WAREHOUSE_PROD_MAIN_RO",
"enabled": true,
"default_database": "default"
}
]
}
Set DSNs in the MCP client environment. For Hive, use a Hive DSN such as:
export HIVE_CONN_WAREHOUSE_PROD_MAIN_RO='hive://user:password@hive.example.com:10000/default?auth=CUSTOM'
Documentation
If you want implementation details, setup guidance, or internal structure, use these docs as your starting points.
docs/project-overview.md: project goals, concepts, and code structure (Chinese)docs/api-reference.md: MCP tool reference (Chinese)docs/codex-setup.md: Codex setup steps (Chinese)docs/opencode-setup.md: OpenCode setup steps (Chinese)docs/release-process.md: PyPI and GitHub Release workflow (Chinese)docs/git-workflow.md: repository collaboration workflow (Chinese)
Development
If you want to modify or verify the project locally, use this shortest path. Editable install remains the development path, and the local environment still requires Python 3.10+.
python3.10 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip
pip install -e .
PYTHONPATH=. python3 -m unittest discover -s tests
The main entry point is sql_query_mcp/app.py. Core modules include:
sql_query_mcp/config.py: config loading and validationsql_query_mcp/validator.py: read-only SQL validationsql_query_mcp/introspection.py: metadata inspectionsql_query_mcp/executor.py: query execution and limitssql_query_mcp/adapters/: PostgreSQL, MySQL, and Hive adapters
Contributing
If you want to contribute or review the repository workflow, start with these pages.
CONTRIBUTING.mddocs/roadmap.mddocs/git-workflow.md(Chinese)
Run PYTHONPATH=. python3 -m unittest discover -s tests before you submit
changes.
License
This project is released under the MIT License. See LICENSE.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sql_query_mcp-0.3.0.tar.gz.
File metadata
- Download URL: sql_query_mcp-0.3.0.tar.gz
- Upload date:
- Size: 38.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2b264aa553ad33d3120ff38ca1cb7a98107729629d30d83c1b66baee301b67bd
|
|
| MD5 |
eeac0e168d84188b32c7554d0e31ec93
|
|
| BLAKE2b-256 |
de2e92f8f3d0f52be3cf010e2b1798353a100da521f35722645c01c3fb10daf4
|
File details
Details for the file sql_query_mcp-0.3.0-py3-none-any.whl.
File metadata
- Download URL: sql_query_mcp-0.3.0-py3-none-any.whl
- Upload date:
- Size: 32.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
32c53bfd84b5fd595455bd63411c5cefcc419342f27963c788f5f290c02fb673
|
|
| MD5 |
5bae4cc4ecfb0550e95c88cd2797e40e
|
|
| BLAKE2b-256 |
39f573eef9c67b7db97e66dba8e19210c0fcb0283f5795fe8f836e9bcf41c835
|