UNPKG

@makeappeasy/query-protocol-server

Version:

A secure query protocol server for database operations with read-only access control

386 lines (308 loc) 11.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
# Read-Only MySQL MCP Server A secure, read-only Model Context Protocol server for MySQL databases. This server enables AI assistants to safely explore and analyze MySQL databases without any risk of data modification. ## 🔒 Security-First Design This server implements **database-level read-only protection** using MySQL's native transaction capabilities, following the same pattern as the official PostgreSQL MCP server from Anthropic. ### How Read-Only Protection Works ```typescript // Every query is executed within a read-only transaction await connection.query('SET TRANSACTION READ ONLY'); await connection.query('START TRANSACTION'); const result = await connection.query(userSQL); // Any SQL allowed await connection.query('ROLLBACK'); // Always rollback ``` **Why this approach is bulletproof:** - 🛡️ **MySQL enforces the restriction** - impossible to bypass at application level - 🔓 **Full SQL flexibility** - SELECT, SHOW, DESCRIBE, EXPLAIN all work perfectly - 🚫 **Zero write risk** - INSERT, UPDATE, DELETE automatically rejected by database - 🔄 **Automatic cleanup** - Each query is isolated in its own transaction ## 🚀 Installation ```bash # Clone and install git clone <your-repo> cd mysql-mcp npm install npm run build ``` ### Quick Setup for Claude Code Users **🚀 Super Quick Setup (NPX - Recommended):** ```bash claude mcp add mysql-query-server \ -e MYSQL_HOST=your_host \ -e MYSQL_PORT=3306 \ -e MYSQL_USER=your_user \ -e MYSQL_PASSWORD=your_password \ -e MYSQL_DATABASE=your_database \ -- npx @makeappeasy/query-protocol-server@1.0.5 ``` **Example with real values:** ```bash claude mcp add mysql-query-server \ -e MYSQL_HOST=34.93.229.229 \ -e MYSQL_PORT=3306 \ -e MYSQL_USER=root \ -e MYSQL_PASSWORD=Letitgo@98 \ -e MYSQL_DATABASE=information_schema \ -- npx @makeappeasy/query-protocol-server@1.0.5 ``` **📦 Local Development Setup:** 1. **Clone and build** (one-time setup): ```bash git clone <your-repo> cd mysql-mcp npm install && npm run build ``` 2. **Add to Claude Code** (replace with your details): ```bash claude mcp add mysql-query-server \ -e MYSQL_HOST=your_host \ -e MYSQL_PORT=3306 \ -e MYSQL_USER=your_user \ -e MYSQL_PASSWORD=your_password \ -e MYSQL_DATABASE=your_database \ -- node /full/path/to/mysql-mcp/build/index.js ``` **✅ Ready to use** - Your AI assistant can now safely explore your database! ## ⚙️ Configuration ### Option 1: Claude Code CLI with NPX (Recommended) The easiest way to add this server to Claude Code using the published npm package: ```bash claude mcp add query-protocol-server npx @makeappeasy/query-protocol-server --env MYSQL_HOST=localhost --env MYSQL_PORT=3306 --env MYSQL_USER=root --env MYSQL_PASSWORD=your_password --env MYSQL_DATABASE=your_database ``` **Example with sample values:** ```bash claude mcp add query-protocol-server npx @makeappeasy/query-protocol-server --env MYSQL_HOST=192.168.1.100 --env MYSQL_PORT=3306 --env MYSQL_USER=dbuser --env MYSQL_PASSWORD=mypassword123 --env MYSQL_DATABASE=analytics_db ``` **Using MySQL URL format:** ```bash claude mcp add query-protocol-server npx @makeappeasy/query-protocol-server mysql://dbuser:mypassword123@192.168.1.100:3306/analytics_db ``` ### Option 2: Claude Code CLI with Local Build If you prefer to use your local build: ```bash claude mcp add query-protocol-server node /path/to/mysql-mcp/build/index.js --env MYSQL_HOST=localhost --env MYSQL_PORT=3306 --env MYSQL_USER=root --env MYSQL_PASSWORD=your_password --env MYSQL_DATABASE=your_database ``` ### Option 3: Manual Configuration - NPX with JSON ```json { "mcpServers": { "query-protocol-server": { "command": "npx", "args": ["@makeappeasy/query-protocol-server", "mysql://user:password@localhost:3306/database"] } } } ``` ### Option 4: Manual Configuration - Local Build ```json { "mcpServers": { "mysql-readonly": { "command": "node", "args": ["/path/to/mysql-mcp/build/index.js", "mysql://user:password@localhost:3306/database"] } } } ``` ### Option 5: Manual Configuration - Environment Variables ```json { "mcpServers": { "query-protocol-server": { "command": "npx", "args": ["@makeappeasy/query-protocol-server"], "env": { "MYSQL_HOST": "localhost", "MYSQL_USER": "your_user", "MYSQL_PASSWORD": "your_password", "MYSQL_DATABASE": "your_database", "MYSQL_PORT": "3306" } } } } ``` ### Option 6: Local Build with Environment Variables ```json { "mcpServers": { "mysql-readonly": { "command": "node", "args": ["/path/to/mysql-mcp/build/index.js"], "env": { "MYSQL_HOST": "localhost", "MYSQL_USER": "your_user", "MYSQL_PASSWORD": "your_password", "MYSQL_DATABASE": "your_database", "MYSQL_PORT": "3306" } } } } ``` ### Option 7: Direct Execution ```bash # Using NPX with MySQL URL npx @makeappeasy/query-protocol-server mysql://user:password@localhost:3306/database # Using NPX with environment variables MYSQL_HOST=localhost MYSQL_USER=root MYSQL_PASSWORD=secret MYSQL_DATABASE=mydb npx @makeappeasy/query-protocol-server # Using local build node build/index.js mysql://user:password@localhost:3306/database ``` ## 🛠️ Available Tools ### 1. connect_db Establish or change database connection during runtime. ```javascript { "tool": "connect_db", "arguments": { "host": "localhost", "user": "readonly_user", "password": "secure_password", "database": "analytics_db", "port": 3306 } } ``` ### 2. query Execute any read-only SQL query with full flexibility. ```javascript { "tool": "query", "arguments": { "sql": "SELECT users.name, COUNT(orders.id) as order_count FROM users LEFT JOIN orders ON users.id = orders.user_id WHERE users.created_at >= ? GROUP BY users.id ORDER BY order_count DESC LIMIT 10", "params": ["2024-01-01"] } } ``` **Supported query types:** - `SELECT` - Data retrieval with joins, aggregations, subqueries - `SHOW` - Database/table/column information - `DESCRIBE` / `DESC` - Table structure - `EXPLAIN` - Query execution plans - `ANALYZE TABLE` - Table statistics - `INSERT`, `UPDATE`, `DELETE` - Blocked by database - `DROP`, `CREATE`, `ALTER` - Blocked by database - `GRANT`, `REVOKE`, `SET` - Blocked by database ### 3. list_tables Get all tables in the current database. ```javascript { "tool": "list_tables", "arguments": {} } ``` ### 4. describe_table Get detailed table structure and column information. ```javascript { "tool": "describe_table", "arguments": { "table": "users" } } ``` ## 💡 Perfect for Data Analysis This server is specifically designed for AI-powered data analysis scenarios: ### Complex Analytics Queries ```sql -- Customer cohort analysis SELECT DATE_FORMAT(signup_date, '%Y-%m') as cohort_month, COUNT(DISTINCT user_id) as cohort_size, COUNT(DISTINCT CASE WHEN first_purchase_date IS NOT NULL THEN user_id END) as converted_users, ROUND(COUNT(DISTINCT CASE WHEN first_purchase_date IS NOT NULL THEN user_id END) * 100.0 / COUNT(DISTINCT user_id), 2) as conversion_rate FROM user_analytics WHERE signup_date >= DATE_SUB(NOW(), INTERVAL 12 MONTH) GROUP BY DATE_FORMAT(signup_date, '%Y-%m') ORDER BY cohort_month; ``` ### Business Intelligence Queries ```sql -- Revenue analysis with trending SELECT product_category, SUM(CASE WHEN order_date >= DATE_SUB(NOW(), INTERVAL 30 DAY) THEN revenue END) as last_30_days, SUM(CASE WHEN order_date >= DATE_SUB(NOW(), INTERVAL 60 DAY) AND order_date < DATE_SUB(NOW(), INTERVAL 30 DAY) THEN revenue END) as prev_30_days, ROUND((SUM(CASE WHEN order_date >= DATE_SUB(NOW(), INTERVAL 30 DAY) THEN revenue END) - SUM(CASE WHEN order_date >= DATE_SUB(NOW(), INTERVAL 60 DAY) AND order_date < DATE_SUB(NOW(), INTERVAL 30 DAY) THEN revenue END)) * 100.0 / NULLIF(SUM(CASE WHEN order_date >= DATE_SUB(NOW(), INTERVAL 60 DAY) AND order_date < DATE_SUB(NOW(), INTERVAL 30 DAY) THEN revenue END), 0), 2) as growth_rate FROM order_analytics GROUP BY product_category HAVING last_30_days > 0 ORDER BY growth_rate DESC; ``` ## 🔐 Security Features ### Database-Level Protection - **MySQL Transaction Read-Only**: Uses `SET TRANSACTION READ ONLY` for bulletproof security - **Automatic Rollback**: Every query is rolled back, ensuring no persistent changes - **Isolation**: Each query runs in its own isolated transaction ### Application-Level Security - **Prepared Statements**: All parameterized queries use MySQL prepared statements - **Connection Management**: Proper connection lifecycle with automatic cleanup - **Error Handling**: Sanitized error messages prevent information disclosure ### Zero-Risk Architecture - **No Write Tools**: Complete removal of any write-capable functionality - **Database Enforcement**: Security is enforced by MySQL itself, not application logic - **Impossible Bypass**: No way to circumvent read-only restrictions ## 🎯 Use Cases ### Ideal For - **Data exploration** by AI assistants - **Business intelligence** and analytics - **Database schema** investigation - **Performance analysis** with EXPLAIN queries - **Production database** access for read-only operations - **Multi-user environments** with sensitive data ### Not Suitable For - Data modification or ETL operations - Database administration tasks - Schema changes or migrations - User management or permissions ## 🏗️ Architecture Built on modern, professional foundations: - **TypeScript** - Full type safety and excellent developer experience - **ESModules** - Modern JavaScript module system - **MCP SDK** - Official Model Context Protocol implementation - **MySQL2** - Mature, performant MySQL driver with prepared statement support - **Professional Error Handling** - Comprehensive error management and reporting ## 🚀 Development ```bash # Development mode with auto-rebuild npm run watch # Build for production npm run build # Start the server npm start ``` ## 🔧 Troubleshooting ### Claude Code Setup Issues **Path Problems:** ```bash # Get absolute path first pwd # Output: /Users/username/mysql-mcp # Then use full path in claude command claude mcp add mysql-readonly-server node /Users/username/mysql-mcp/build/index.js --env MYSQL_HOST=... ``` **Connection Testing:** ```bash # Test connection with NPX npx @makeappeasy/query-protocol-server mysql://user:pass@host:port/database # Should show: "MySQL MCP server running on stdio" # Test connection with local build node build/index.js mysql://user:pass@host:port/database ``` **Common Claude Code Commands:** ```bash # List configured servers claude mcp list # Remove server if needed claude mcp remove query-protocol-server # Re-add with NPX (recommended) claude mcp add query-protocol-server npx @makeappeasy/query-protocol-server --env MYSQL_HOST=... # Re-add with local build claude mcp add query-protocol-server node /path/to/build/index.js --env MYSQL_HOST=... ``` ## 📄 License MIT - See LICENSE file for details. --- **🔒 Security First 📊 Analytics Ready 🛠️ Production Tested**