cerby0n/sqlanon-mcp
3.2
If you are the rightful owner of sqlanon-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
The SQLite Anonymization MCP Server is a specialized server designed to anonymize SQLite databases, providing tools for data anonymization with detailed reporting.
Tools
4
Resources
0
Prompts
0
SQLite Anonymization MCP Server
A Model Context Protocol (MCP) server specialized in SQLite database anonymization. This server provides tools to preview and execute data anonymization with comprehensive reporting.
Features
- Query Preview: See exactly what SQL queries will be executed before making changes
- Multiple Anonymization Strategies: 12 different strategies including masking, hashing, categorization, and more
- Backup Support: Automatically backup databases before anonymization
- Comprehensive Reporting: Detailed reports of all queries executed and rows affected
- Docker Support: Run in isolated containers for security
- Database Inspection: Explore database schema before anonymization
- Advanced Features: Pattern masking, date extraction, numeric categorization, and column deletion
Anonymization Strategies
| Strategy | Description | Example | Parameters |
|---|---|---|---|
hash | Replace with random hex string | abc123... → f4e3d2c1... | - |
randomize | Replace with random string | John Doe → a7b3f9e2 | - |
null | Set value to NULL | John Doe → NULL | - |
fixed | Set to a fixed value | John Doe → REDACTED | value |
mask | Replace with masking pattern | John Doe → *** | pattern |
email | Generate random email | user@example.com → a7b3@example.com | - |
phone | Generate random phone | 555-1234 → 555-7382 | - |
keep_first_char_mask | Keep first char + mask rest | Mike → M********* | maskChar, maskLength |
random_digits | Random N-digit number | 12345 → 9384756201 | digitCount |
extract_year | Extract year from date | 01.01.1999 → 1999 | - |
categorize | Bucket numeric values | 75000 → medium | categories[] |
delete_column | Remove column entirely | Column deleted | - |
Installation
Local Installation
npm install
npm run build
npm start
Docker Installation
# Build the Docker image
docker build -t sqlite-anonymization-mcp .
# Or use docker-compose
docker-compose up -d
Usage with Claude Desktop
Add to your Claude Desktop configuration (claude_desktop_config.json):
{
"mcpServers": {
"sqlite-anonymization": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-v",
"/path/to/your/databases:/databases",
"-v",
"/path/to/backups:/backups",
"sqlite-anonymization-mcp"
]
}
}
}
For local (non-Docker) usage:
{
"mcpServers": {
"sqlite-anonymization": {
"command": "node",
"args": ["/path/to/sqlanon/build/index.js"]
}
}
}
Available Tools
1. inspect_database
Inspect database schema to understand tables and columns.
Input:
{
"dbPath": "/databases/mydata.db"
}
Output:
{
"dbPath": "/databases/mydata.db",
"tables": ["users", "orders"],
"schema": {
"users": [
{"cid": 0, "name": "id", "type": "INTEGER", "notnull": 0, "dflt_value": null, "pk": 1},
{"cid": 1, "name": "email", "type": "TEXT", "notnull": 1, "dflt_value": null, "pk": 0},
{"cid": 2, "name": "name", "type": "TEXT", "notnull": 1, "dflt_value": null, "pk": 0}
]
}
}
2. preview_anonymization
Preview anonymization queries before execution.
Input:
{
"dbPath": "/databases/mydata.db",
"rules": [
{
"table": "users",
"column": "email",
"strategy": "email"
},
{
"table": "users",
"column": "name",
"strategy": "hash"
}
]
}
Output:
{
"message": "Preview of anonymization queries (NOT executed)",
"dbPath": "/databases/mydata.db",
"queries": [
{
"index": 1,
"table": "users",
"column": "email",
"strategy": "email",
"query": "UPDATE users SET email = lower(hex(randomblob(8))) || '@example.com' WHERE email IS NOT NULL"
},
{
"index": 2,
"table": "users",
"column": "name",
"strategy": "hash",
"query": "UPDATE users SET name = lower(hex(randomblob(16))) WHERE name IS NOT NULL"
}
],
"totalQueries": 2,
"note": "Use execute_anonymization to apply these changes"
}
3. execute_anonymization
Execute anonymization on the database.
Input:
{
"dbPath": "/databases/mydata.db",
"backupPath": "/backups/mydata_backup.db",
"rules": [
{
"table": "users",
"column": "email",
"strategy": "email"
},
{
"table": "users",
"column": "phone",
"strategy": "phone"
},
{
"table": "users",
"column": "ssn",
"strategy": "null"
}
]
}
Output:
{
"message": "Anonymization completed successfully",
"report": {
"timestamp": "2025-10-06T15:30:00.000Z",
"dbPath": "/databases/mydata.db",
"queries": [
{
"query": "UPDATE users SET email = lower(hex(randomblob(8))) || '@example.com' WHERE email IS NOT NULL",
"affectedRows": 150,
"table": "users",
"column": "email",
"strategy": "email"
},
{
"query": "UPDATE users SET phone = '555-' || substr(cast(abs(random()) as text), 1, 4) WHERE phone IS NOT NULL",
"affectedRows": 150,
"table": "users",
"column": "phone",
"strategy": "phone"
},
{
"query": "UPDATE users SET ssn = NULL WHERE ssn IS NOT NULL",
"affectedRows": 150,
"table": "users",
"column": "ssn",
"strategy": "null"
}
],
"totalQueries": 3,
"totalRowsAffected": 450
},
"backupCreated": true,
"backupPath": "/backups/mydata_backup.db"
}
4. get_anonymization_report
Retrieve the report for a previously anonymized database.
Input:
{
"dbPath": "/databases/mydata.db"
}
Output: Returns the full anonymization report from the last execution.
Example Workflow with Claude
-
Inspect the database:
"Use the inspect_database tool on /databases/users.db" -
Preview anonymization:
"Preview anonymization for the users table: - email column with email strategy - name column with hash strategy - ssn column with null strategy" -
Review the queries that Claude presents
-
Execute anonymization:
"Execute the anonymization with backup to /backups/users_backup.db" -
Get the report:
"Show me the anonymization report for /databases/users.db"
Security Considerations
- Always create backups before anonymization
- Run in Docker for isolation
- Test on a copy of your database first
- Review preview queries carefully before execution
- Store backups securely
- Consider using read-only database mounts when inspecting
Project Structure
sqlanon/
├── src/
│ └── index.ts # Main MCP server implementation
├── build/ # Compiled JavaScript (generated)
├── databases/ # Database files (mounted volume)
├── backups/ # Backup storage (mounted volume)
├── package.json # Node.js dependencies
├── tsconfig.json # TypeScript configuration
├── Dockerfile # Docker container definition
├── docker-compose.yml # Docker Compose configuration
└── README.md # This file
Development
# Install dependencies
npm install
# Build
npm run build
# Run locally
npm start
# Build Docker image
docker build -t sqlite-anonymization-mcp .
Troubleshooting
Database not found
- Ensure the database path is absolute
- When using Docker, ensure volumes are mounted correctly
- Check file permissions
Permission denied
- Ensure the database file is writable
- Check Docker volume permissions
- Run with appropriate user permissions
Queries not working as expected
- Use
preview_anonymizationto see exact queries - Use
inspect_databaseto verify table and column names - Check SQLite version compatibility
License
MIT
Contributing
Contributions welcome! Please open an issue or submit a pull request.