UNPKG

mssql-mcp-server

Version:

MCP server for Microsoft SQL Server database access and comprehensive schema exploration using tedious. Includes enhanced stored procedure tools for complete SQL source code access.

github.com/vicagbasi/mssql-mcp

vicagbasi/mssql-mcp

288 lines (226 loc) โ€ข 11.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
# MSSQL MCP Configuration Examples ## ๐Ÿ” Windows Authentication Requirements **Important for NTLM Authentication:** MCP servers run as background processes and require explicit Windows credentials because: - **No Session Access**: MCP servers cannot access your current Windows login session - **NTLM Protocol**: Windows Authentication requires explicit domain credentials for the NTLM handshake - **Service Context**: Background processes need explicit credential delegation to authenticate with SQL Server - **Security Model**: The tedious library must impersonate your domain user account **This is why `WINDOWS_USERNAME`, `WINDOWS_PASSWORD`, and `WINDOWS_DOMAIN` must be set - it's a technical requirement, not optional.** This folder contains real-world configuration examples showcasing different approaches to configuring the MSSQL MCP Server. ## ๐ŸŽฏ Recommended Approach ### `individual-variables-example.json` โญ **The cleanest, most professional approach** using individual environment variables. **Example:** ```json { "mcpServers": { "mssql-mcp": { "command": "npx", "args": ["mssql-mcp-server"], "env": { "WINDOWS_USERNAME": "myuser", "WINDOWS_PASSWORD": "mypassword", "WINDOWS_DOMAIN": "MYDOMAIN", "CONNECTION_CRM": "Data Source=crm-server; Initial Catalog=CRM; Integrated Security=SSPI; TrustServerCertificate=True;", "CONNECTION_ERP": "Data Source=erp-server; Initial Catalog=ERP; Integrated Security=SSPI; TrustServerCertificate=True;" } } } } ``` **Benefits:** - No JSON strings to escape - Each setting is clearly visible - Industry-standard environment variable approach - Error-proof (no JSON syntax issues) ## ๐Ÿ“ Available Examples ### `simple-sql-auth.json` Minimal configuration for SQL Server Authentication (no Windows Auth required). ### `simple-config.json` Basic configuration with essential connections using individual variables. ### `enterprise-config.json` Comprehensive enterprise example with multiple database systems. ### `json-string-config.json` Alternative approach using JSON strings (backward compatibility). - **โœ… Error-Proof**: No JSON syntax issues possible - **โœ… Standard**: Industry-standard environment variable approach ```json "env": { "WINDOWS_USERNAME": "myuser", "WINDOWS_PASSWORD": "mypass", "WINDOWS_DOMAIN": "MYDOMAIN", "CONNECTION_CRM": "Data Source=crm-server; Initial Catalog=CRM;", "CONNECTION_ERP": "Data Source=erp-server; Initial Catalog=ERP;" } ``` ### ๐Ÿ”„ **JSON String Variables** (Alternative) **Files:** `claude-desktop-config.json`, `vscode-config.json` - **โœ… Grouped**: Related settings bundled together - **โœ… Compact**: Fewer environment variables - **โš ๏ธ JSON Escaping**: Requires careful escaping of quotes ```json "env": { "windows_credentials": "{\"username\": \"user\", \"password\": \"pass\"}", "connections": "{\"crm\": \"connection_string\", \"erp\": \"connection_string\"}" } ``` ## ๐Ÿ“ Available Examples ### ๐ŸŽฏ **individual-variables-example.json** โญ **RECOMMENDED** **Cleanest approach using individual environment variables** - **Configuration**: Individual environment variables (no JSON strings) - **Use Case**: Any scenario - recommended starting point - **Authentication**: Windows Authentication with individual credential variables - **Databases**: Multiple enterprise systems with clear, separate connection variables ### ๐Ÿ–ฅ๏ธ **claude-desktop-config.json** **Claude Desktop configuration using JSON string approach** - **Configuration**: JSON string environment variables - **Use Case**: Claude Desktop integration - **Authentication**: Windows Authentication (JSON string format) - **Databases**: Mixed authentication methods, multiple connection types ### ๏ฟฝ **vscode-config.json** **VS Code MCP configuration** - **Configuration**: JSON string environment variables - **Use Case**: VS Code development environment - **Authentication**: Windows Authentication (JSON string format) - **Databases**: Enterprise systems with various authentication methods ### ๐Ÿข **enterprise-config.json** **Large enterprise configuration** - **Configuration**: Individual environment variables (cleanest approach) - **Use Case**: Large organization with many business systems - **Authentication**: Enterprise Windows Authentication - **Databases**: Corporate, HR, Finance, Sales, Inventory, Analytics, Audit, Legacy, DR ### โ˜๏ธ **azure-mixed-config.json** **Hybrid cloud environment** - **Configuration**: JSON string environment variables - **Use Case**: Azure SQL + on-premise databases - **Authentication**: Mixed (Azure SQL Auth + Windows Auth) - **Databases**: Azure Production/Staging/Analytics + On-premise Legacy + Partner systems ### ๐Ÿ‘ฅ **consultant-multi-client-config.json** **Multi-client consultant configuration** - **Configuration**: JSON string environment variables - **Use Case**: Consultants accessing multiple client databases - **Authentication**: Mixed authentication methods for different clients - **Databases**: Multiple client systems, internal tools, various access patterns ## ๐Ÿš€ How to Use These Examples ### 1. **Choose Your Configuration Approach** #### โญ **For New Projects** (Recommended) Start with `individual-variables-example.json` - it's the cleanest and most maintainable approach: - No JSON strings to escape - Each setting is clearly visible - Industry-standard environment variable pattern - Error-proof configuration #### ๐Ÿ”„ **For Existing Projects** If you already have JSON string configurations, they continue to work perfectly. You can migrate gradually or keep using them. ### 2. **Select Your Use Case** - **General purpose**: `individual-variables-example.json` - **Claude Desktop**: `claude-desktop-config.json` - **VS Code**: `vscode-config.json` - **Large enterprise**: `enterprise-config.json` - **Cloud + on-premise**: `azure-mixed-config.json` - **Multiple clients**: `consultant-multi-client-config.json` ### 3. **Customize the Configuration** 1. **Copy the entire JSON** from your chosen example 2. **Update the file path** to point to your actual `dist/index.js` location 3. **Replace placeholder values**: - Usernames and passwords with your actual credentials - Server names and connection strings with your actual database details ### 4. **Place the Configuration** #### For Claude Desktop: - **File location**: `%APPDATA%\Claude\claude_desktop_config.json` - **Recommended example**: `individual-variables-example.json` or `claude-desktop-config.json` #### For VS Code MCP: - **File location**: `.vscode/mcp.json` (in your workspace) - **Recommended example**: `individual-variables-example.json` or `vscode-config.json` ## ๐Ÿ”„ Migration Guide ### From Legacy Configurations All existing configurations continue to work! The server supports: 1. **Individual Legacy Variables**: `MSSQL_USERNAME`, `MSSQL_PASSWORD`, `MSSQL_DOMAIN` 2. **Prefixed JSON Variables**: `MSSQL_WINDOWS_CREDENTIALS`, `MSSQL_CONNECTIONS` 3. **Clean JSON Variables**: `windows_credentials`, `connections` 4. **Individual Variables**: `WINDOWS_USERNAME`, `CONNECTION_*` (newest, cleanest) ### Recommended Migration Path 1. **Keep your current config working** (no rush to change) 2. **For new projects**: Use individual variables approach 3. **For updates**: Consider migrating to individual variables for cleaner maintenance ## ๐Ÿ”’ Security Best Practices ### Environment Variables All examples use environment variables for credentials: ```json "env": { "MSSQL_USERNAME": "your-username", "MSSQL_PASSWORD": "your-password", "MSSQL_DOMAIN": "YOUR-DOMAIN" } ``` ### Connection String Security - **Windows Authentication**: Use `Integrated Security=SSPI` when possible - **SQL Authentication**: Store credentials in environment variables, not in connection strings - **Azure SQL**: Use strong passwords and consider managed identities - **TrustServerCertificate**: Only set to `True` for trusted internal servers ### Access Control - Use **read-only database accounts** when possible - Grant **minimum necessary permissions** to each connection - Consider **separate credentials** for different environments ## ๐Ÿ› ๏ธ Customizing Connection Strings ### Windows Authentication (Recommended) ``` Data Source=server-name; Initial Catalog=database-name; Integrated Security=SSPI; TrustServerCertificate=True; ``` ### SQL Server Authentication ``` Server=server-name,1433; Database=database-name; User Id=username; Password=password; TrustServerCertificate=true; ``` ### Azure SQL Database ``` Server=yourserver.database.windows.net; Database=database-name; User Id=username@domain.com; Password=password; Encrypt=true; ``` ### Named Instance ``` Data Source=server-name\\INSTANCE-NAME; Initial Catalog=database-name; Integrated Security=SSPI; TrustServerCertificate=True; ``` ## ๐Ÿ“‹ Connection Naming Conventions Use descriptive names that clearly indicate the system: ### โœ… Good Examples: - `crm_production` - `ecommerce_staging` - `hr_system` - `customer_portal` - `analytics_warehouse` - `legacy_inventory` ### โŒ Avoid: - `db1`, `db2`, `db3` - `server1`, `server2` - `test`, `prod` (too generic) ## ๐Ÿงช Testing Your Configuration After setting up your configuration: 1. **Test the MCP server starts**: Check that the server initializes without errors 2. **Test default connection**: Use `test_connection()` without parameters 3. **List available connections**: Use `list_connections()` to see all configured connections 4. **Test named connections**: Use `test_connection(connectionName: "your-connection-name")` for each connection 5. **Verify authentication**: Ensure you can connect to each database system ## ๐Ÿšจ Troubleshooting ### Common Issues: **"Error parsing MSSQL_CONNECTIONS"** - Check JSON syntax in the connections string - Ensure proper escaping of backslashes (`\\` for SQL Server instances) - Validate JSON using an online JSON validator **"Named connection not found"** - Verify connection name spelling - Check that the connection is included in `MSSQL_CONNECTIONS` - Use `list_connections()` to see available connections **"Login failed"** - Verify credentials in environment variables - Check network connectivity to database server - Ensure the database user has appropriate permissions - For Windows Auth, verify domain, username, and password **"Server not found"** - Check server name spelling and network connectivity - Verify SQL Server is running and accepting connections - Check firewall settings - For named instances, ensure SQL Server Browser service is running ## ๐Ÿ’ก Tips 1. **Start small**: Begin with 2-3 connections and add more as needed 2. **Test incrementally**: Add one connection at a time and test each one 3. **Use consistent naming**: Establish a naming convention and stick to it 4. **Document your connections**: Keep notes about what each connection is for 5. **Regular validation**: Periodically test all connections to ensure they're still working