LucasSiqueiraSurreco/mcp-db-bridge
3.3
If you are the rightful owner of mcp-db-bridge and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
MCP-DB-Bridge is a versatile Model Context Protocol server designed to facilitate seamless database interactions with MySQL, PostgreSQL, and SQLite, offering robust security and cloud-ready features.
mcp-db-bridge
English
MCP (Model Context Protocol) server for MySQL, PostgreSQL & SQLite with granular permissions, multi-DB support, and cloud-ready SSL/TLS. Built with adapter pattern for extensibility.
Features
- 🔌 Multi-Database: MySQL, PostgreSQL, SQLite
- 🏗️ Adapter Pattern: Clean and extensible architecture
- ☁️ Cloud-Ready: SSL/TLS for AWS RDS, Google Cloud SQL, Azure Database
- 🔒 Security First: Read-only mode + granular schema permissions
- 🌐 Multi-DB Mode: Simultaneous access to multiple schemas/databases
- 🔄 Transactions: Automatic BEGIN/COMMIT/ROLLBACK
- 🚀 HTTP Mode: Optional remote HTTP server (Express)
Installation
npm install mcp-db-bridge
# or
pnpm add mcp-db-bridge
Quick Start
MySQL (Local)
# .env
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=mydb
PostgreSQL (Local)
# .env
DB_TYPE=postgresql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=mydb
SQLite (In-Memory)
# .env
DB_TYPE=sqlite
SQLITE_DB=:memory:
Run
pnpm build
pnpm start
# or
node dist/index.js
Configuration
Database Types
DB_TYPE=mysql # MySQL
DB_TYPE=postgresql # PostgreSQL
DB_TYPE=sqlite # SQLite
Connection Settings
Generic (All Databases)
DB_HOST=127.0.0.1
DB_PORT=3306 # MySQL: 3306, PostgreSQL: 5432
DB_USER=root
DB_PASS=password
DB_NAME=mydb # Leave empty for multi-DB mode
DB_CONNECTION_LIMIT=10
MySQL-Specific (Backward Compatibility)
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASS=password
MYSQL_DB=mydb
MYSQL_SOCKET_PATH=/tmp/mysql.sock # Unix socket (priority over host/port)
PostgreSQL-Specific
POSTGRESQL_HOST=127.0.0.1
POSTGRESQL_PORT=5432
POSTGRESQL_DB=mydb
SQLite-Specific
SQLITE_DB=:memory: # In-memory database
SQLITE_DB=/var/lib/app/data.db # File-based database
Security & Permissions
Read-Only Mode
Blocks all write operations at application level:
DB_READ_ONLY_MODE=true
Global Write Permissions
Fine-grained operation control by type (applied globally):
ALLOW_INSERT_OPERATION=true # Allow INSERT
ALLOW_UPDATE_OPERATION=true # Allow UPDATE
ALLOW_DELETE_OPERATION=false # Block DELETE
ALLOW_DDL_OPERATION=false # Block CREATE/ALTER/DROP/TRUNCATE
Schema-Specific Permissions
Override global permissions for specific schemas:
# Format: "schema1:true,schema2:false,schema3:true"
SCHEMA_INSERT_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_UPDATE_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_DELETE_PERMISSIONS=prod_db:false,test_db:false,staging_db:false
SCHEMA_DDL_PERMISSIONS=prod_db:false,test_db:true,staging_db:false
How it works:
- If schema has specific permission → use it
- Otherwise → use global flag
Example:
# Global: INSERT blocked
ALLOW_INSERT_OPERATION=false
# test_db can insert, prod_db cannot
SCHEMA_INSERT_PERMISSIONS=test_db:true,prod_db:false
# Result:
# - INSERT on test_db: ✅ allowed (schema permission)
# - INSERT on prod_db: ❌ blocked (schema permission)
# - INSERT on other_db: ❌ blocked (global permission)
Multi-DB Mode
Access multiple databases/schemas through a single connection.
Activation
Leave DB_NAME empty (MySQL/PostgreSQL only):
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME= # Empty = multi-DB mode
Write Protection
By default, multi-DB mode is read-only for security. To allow writes:
MULTI_DB_WRITE_MODE=true # ⚠️ Use with caution!
Recommendation: Use SCHEMA_*_PERMISSIONS for granular control instead of MULTI_DB_WRITE_MODE=true.
Complete Example
# Multi-DB with granular permissions
DB_TYPE=mysql
DB_NAME= # Multi-DB mode
ALLOW_INSERT_OPERATION=false # Global: blocked
SCHEMA_INSERT_PERMISSIONS=test_db:true # Exception: test_db can insert
SCHEMA_UPDATE_PERMISSIONS=test_db:true # Exception: test_db can update
SCHEMA_DELETE_PERMISSIONS=test_db:false # test_db: DELETE blocked
SCHEMA_DDL_PERMISSIONS=test_db:true # test_db: DDL allowed
SSL/TLS for Cloud Databases
AWS RDS (MySQL/PostgreSQL)
DB_TYPE=mysql
DB_HOST=myinstance.123456789012.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
# Optional: DB_SSL_CA=/path/to/aws-rds-ca-cert.pem
Google Cloud SQL (PostgreSQL)
DB_TYPE=postgresql
DB_HOST=34.123.45.67
DB_PORT=5432
DB_SSL=true
DB_SSL_CA=/path/to/server-ca.pem
DB_SSL_CERT=/path/to/client-cert.pem
DB_SSL_KEY=/path/to/client-key.pem
Azure Database for MySQL
DB_TYPE=mysql
DB_HOST=myserver.mysql.database.azure.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
Remote MCP (HTTP Server)
Run MCP server via HTTP with authentication:
# .env
IS_REMOTE_MCP=true
REMOTE_SECRET_KEY=your-secret-key-here
PORT=3000
Endpoint: POST http://localhost:3000/mcp
Header: Authorization: Bearer your-secret-key-here
Architecture
src/
├── db/
│ ├── adapters/
│ │ ├── types.ts # Interfaces and types
│ │ ├── factory.ts # Factory pattern
│ │ ├── mysql.adapter.ts # MySQL via mysql2
│ │ ├── postgresql.adapter.ts # PostgreSQL via pg
│ │ └── sqlite.adapter.ts # SQLite via better-sqlite3
│ ├── index.ts # Core query handlers
│ ├── utils.ts # SQL parsing (node-sql-parser)
│ └── permissions.ts # Schema permission checks
├── config/
│ └── index.ts # Environment configuration
├── utils/
│ └── index.ts # Logging & utilities
└── types/
└── index.ts # Type definitions
Adapter Pattern
Each adapter implements the DatabaseAdapter interface:
export interface DatabaseAdapter {
readonly type: DatabaseType;
createPool(config: ConnectionConfig): Promise<DatabasePool>;
executeQuery<T>(pool: DatabasePool, sql: string, params?: any[]): Promise<T>;
setReadOnly(connection: DatabaseConnection): Promise<void>;
unsetReadOnly(connection: DatabaseConnection): Promise<void>;
normalizeResult(result: any): NormalizedResult;
supportsReadOnlyMode(): boolean;
}
Transaction Flows
Read Operations:
BEGIN → SET TRANSACTION READ ONLY → QUERY → ROLLBACK → RESET TO READ WRITE
Write Operations:
BEGIN → QUERY → COMMIT (or ROLLBACK on error)
Examples
MySQL with Unix Socket
DB_TYPE=mysql
MYSQL_SOCKET_PATH=/tmp/mysql.sock
DB_USER=root
DB_PASS=password
DB_NAME=mydb
PostgreSQL Multi-DB with Permissions
DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME= # Multi-DB mode
SCHEMA_INSERT_PERMISSIONS=app_db:true # app_db can insert
SCHEMA_UPDATE_PERMISSIONS=app_db:true # app_db can update
SCHEMA_DELETE_PERMISSIONS=app_db:false # app_db: DELETE blocked
SQLite Read-Only
DB_TYPE=sqlite
SQLITE_DB=/var/lib/data/production.db
DB_READ_ONLY_MODE=true
AWS RDS MySQL with SSL
DB_TYPE=mysql
DB_HOST=prod.abc123.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_USER=admin
DB_PASS=secure_password
DB_NAME=production
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
ALLOW_INSERT_OPERATION=false
ALLOW_UPDATE_OPERATION=false
ALLOW_DELETE_OPERATION=false
ALLOW_DDL_OPERATION=false
Development
pnpm dev # Run in dev mode (tsx)
pnpm build # Compile TypeScript
pnpm watch # Watch mode
pnpm exec # Build + run with .env
Testing
pnpm test # Run all tests (setup + vitest run)
pnpm test:watch # Watch mode
pnpm test:unit # Unit tests only
pnpm test:integration # Integration tests (MySQL, socket, permissions)
pnpm test:e2e # End-to-end tests
pnpm test:coverage # Coverage report
Test Structure:
tests/
├── unit/ # Isolated functions (query parsing, utils)
├── integration/ # Real database operations
└── e2e/ # Complete MCP server workflows
Performance Tuning
Connection Pool
DB_CONNECTION_LIMIT=20 # Default: 10
Disable Read-Only Transactions (MySQL)
⚠️ Not recommended - reduces security:
MYSQL_DISABLE_READ_ONLY_TRANSACTIONS=true
Environment Variables Reference
Core Database Settings
| Variable | Description | Default | Example |
|---|---|---|---|
DB_TYPE | Database type | mysql | mysql, postgresql, sqlite |
DB_HOST | Database host | 127.0.0.1 | localhost, db.example.com |
DB_PORT | Database port | 3306 | 3306 (MySQL), 5432 (PostgreSQL) |
DB_USER | Database user | root | admin, postgres |
DB_PASS | Database password | "" | secure_password |
DB_NAME | Database name | undefined | mydb, "" (multi-DB) |
DB_CONNECTION_LIMIT | Pool size | 10 | 20 |
Security Settings
| Variable | Description | Default | Values |
|---|---|---|---|
DB_READ_ONLY_MODE | Global read-only mode | false | true, false |
ALLOW_INSERT_OPERATION | Global INSERT permission | false | true, false |
ALLOW_UPDATE_OPERATION | Global UPDATE permission | false | true, false |
ALLOW_DELETE_OPERATION | Global DELETE permission | false | true, false |
ALLOW_DDL_OPERATION | Global DDL permission | false | true, false |
MULTI_DB_WRITE_MODE | Allow writes in multi-DB | false | true, false |
Schema Permissions
| Variable | Format | Example |
|---|---|---|
SCHEMA_INSERT_PERMISSIONS | schema:bool,schema:bool | test_db:true,prod_db:false |
SCHEMA_UPDATE_PERMISSIONS | schema:bool,schema:bool | test_db:true,prod_db:false |
SCHEMA_DELETE_PERMISSIONS | schema:bool,schema:bool | test_db:false,prod_db:false |
SCHEMA_DDL_PERMISSIONS | schema:bool,schema:bool | test_db:true,prod_db:false |
SSL/TLS Settings
| Variable | Description | Required | Example |
|---|---|---|---|
DB_SSL | Enable SSL/TLS | Cloud DBs | true, false |
DB_SSL_REJECT_UNAUTHORIZED | Strict SSL validation | Production | true, false |
DB_SSL_CA | CA certificate path | Cloud SQL | /path/to/ca.pem |
DB_SSL_CERT | Client certificate | Cloud SQL | /path/to/cert.pem |
DB_SSL_KEY | Client key | Cloud SQL | /path/to/key.pem |
Remote MCP Settings
| Variable | Description | Required | Example |
|---|---|---|---|
IS_REMOTE_MCP | Enable HTTP mode | No | true, false |
REMOTE_SECRET_KEY | Auth token | If remote | your-secret-key |
PORT | HTTP server port | No | 3000 |
Troubleshooting
Connection Errors
MySQL socket not found:
# Check socket path
sudo mysql -u root -p -e "SELECT @@socket;"
# Set in .env
MYSQL_SOCKET_PATH=/var/run/mysqld/mysqld.sock
PostgreSQL connection refused:
# Check if PostgreSQL is running
sudo systemctl status postgresql
# Check port
sudo netstat -tulpn | grep 5432
Permission Errors
"Operation not allowed in read-only mode":
# Check global read-only mode
DB_READ_ONLY_MODE=false
# Check multi-DB mode
MULTI_DB_WRITE_MODE=true # If needed
# Or use schema permissions
SCHEMA_INSERT_PERMISSIONS=mydb:true
"INSERT not allowed for schema 'mydb'":
# Check global permission
ALLOW_INSERT_OPERATION=true
# Or add schema exception
SCHEMA_INSERT_PERMISSIONS=mydb:true
License
MIT
Credits
- mcp-server-mysql: @benborla
Português
Servidor MCP (Model Context Protocol) para MySQL, PostgreSQL e SQLite com permissões granulares, suporte multi-DB e SSL/TLS pronto para nuvem. Construído com adapter pattern para extensibilidade.
Funcionalidades
- 🔌 Multi-Database: MySQL, PostgreSQL, SQLite
- 🏗️ Adapter Pattern: Arquitetura limpa e extensível
- ☁️ Cloud-Ready: SSL/TLS para AWS RDS, Google Cloud SQL, Azure Database
- 🔒 Security First: Modo read-only + permissões granulares por schema
- 🌐 Multi-DB Mode: Acesso simultâneo a múltiplos schemas/databases
- 🔄 Transações: BEGIN/COMMIT/ROLLBACK automático
- 🚀 Modo HTTP: Servidor HTTP remoto opcional (Express)
Instalação
npm install mcp-db-bridge
# ou
pnpm add mcp-db-bridge
Início Rápido
MySQL (Local)
# .env
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME=mydb
PostgreSQL (Local)
# .env
DB_TYPE=postgresql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME=mydb
SQLite (In-Memory)
# .env
DB_TYPE=sqlite
SQLITE_DB=:memory:
Executar
pnpm build
pnpm start
# ou
node dist/index.js
Configuração
Tipos de Banco de Dados
DB_TYPE=mysql # MySQL
DB_TYPE=postgresql # PostgreSQL
DB_TYPE=sqlite # SQLite
Configurações de Conexão
Genéricas (Todos os Bancos)
DB_HOST=127.0.0.1
DB_PORT=3306 # MySQL: 3306, PostgreSQL: 5432
DB_USER=root
DB_PASS=password
DB_NAME=mydb # Deixe vazio para modo multi-DB
DB_CONNECTION_LIMIT=10
Específicas do MySQL (Compatibilidade)
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASS=password
MYSQL_DB=mydb
MYSQL_SOCKET_PATH=/tmp/mysql.sock # Unix socket (prioridade sobre host/port)
Específicas do PostgreSQL
POSTGRESQL_HOST=127.0.0.1
POSTGRESQL_PORT=5432
POSTGRESQL_DB=mydb
Específicas do SQLite
SQLITE_DB=:memory: # Database em memória
SQLITE_DB=/var/lib/app/data.db # Database em arquivo
Segurança & Permissões
Modo Read-Only
Bloqueia todas as operações de escrita em nível de aplicação:
DB_READ_ONLY_MODE=true
Permissões Globais de Escrita
Controle fino de operações por tipo (aplicado globalmente):
ALLOW_INSERT_OPERATION=true # Permite INSERT
ALLOW_UPDATE_OPERATION=true # Permite UPDATE
ALLOW_DELETE_OPERATION=false # Bloqueia DELETE
ALLOW_DDL_OPERATION=false # Bloqueia CREATE/ALTER/DROP/TRUNCATE
Permissões Específicas por Schema
Sobrescreve permissões globais para schemas específicos:
# Formato: "schema1:true,schema2:false,schema3:true"
SCHEMA_INSERT_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_UPDATE_PERMISSIONS=prod_db:false,test_db:true,staging_db:true
SCHEMA_DELETE_PERMISSIONS=prod_db:false,test_db:false,staging_db:false
SCHEMA_DDL_PERMISSIONS=prod_db:false,test_db:true,staging_db:false
Como funciona:
- Se schema tem permissão específica → usa ela
- Caso contrário → usa flag global
Exemplo:
# Global: INSERT bloqueado
ALLOW_INSERT_OPERATION=false
# test_db pode inserir, prod_db não pode
SCHEMA_INSERT_PERMISSIONS=test_db:true,prod_db:false
# Resultado:
# - INSERT em test_db: ✅ permitido (permissão do schema)
# - INSERT em prod_db: ❌ bloqueado (permissão do schema)
# - INSERT em other_db: ❌ bloqueado (permissão global)
Modo Multi-DB
Acessa múltiplos databases/schemas através de uma única conexão.
Ativação
Deixe DB_NAME vazio (MySQL/PostgreSQL apenas):
DB_TYPE=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASS=password
DB_NAME= # Vazio = modo multi-DB
Proteção de Escrita
Por padrão, modo multi-DB é read-only por segurança. Para permitir escritas:
MULTI_DB_WRITE_MODE=true # ⚠️ Use com cautela!
Recomendação: Use SCHEMA_*_PERMISSIONS para controle granular ao invés de MULTI_DB_WRITE_MODE=true.
Exemplo Completo
# Multi-DB com permissões granulares
DB_TYPE=mysql
DB_NAME= # Modo multi-DB
ALLOW_INSERT_OPERATION=false # Global: bloqueado
SCHEMA_INSERT_PERMISSIONS=test_db:true # Exceção: test_db pode inserir
SCHEMA_UPDATE_PERMISSIONS=test_db:true # Exceção: test_db pode atualizar
SCHEMA_DELETE_PERMISSIONS=test_db:false # test_db: DELETE bloqueado
SCHEMA_DDL_PERMISSIONS=test_db:true # test_db: DDL permitido
SSL/TLS para Bancos na Nuvem
AWS RDS (MySQL/PostgreSQL)
DB_TYPE=mysql
DB_HOST=myinstance.123456789012.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
# Opcional: DB_SSL_CA=/path/to/aws-rds-ca-cert.pem
Google Cloud SQL (PostgreSQL)
DB_TYPE=postgresql
DB_HOST=34.123.45.67
DB_PORT=5432
DB_SSL=true
DB_SSL_CA=/path/to/server-ca.pem
DB_SSL_CERT=/path/to/client-cert.pem
DB_SSL_KEY=/path/to/client-key.pem
Azure Database for MySQL
DB_TYPE=mysql
DB_HOST=myserver.mysql.database.azure.com
DB_PORT=3306
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
MCP Remoto (Servidor HTTP)
Execute o servidor MCP via HTTP com autenticação:
# .env
IS_REMOTE_MCP=true
REMOTE_SECRET_KEY=your-secret-key-here
PORT=3000
Endpoint: POST http://localhost:3000/mcp
Header: Authorization: Bearer your-secret-key-here
Arquitetura
src/
├── db/
│ ├── adapters/
│ │ ├── types.ts # Interfaces e tipos
│ │ ├── factory.ts # Factory pattern
│ │ ├── mysql.adapter.ts # MySQL via mysql2
│ │ ├── postgresql.adapter.ts # PostgreSQL via pg
│ │ └── sqlite.adapter.ts # SQLite via better-sqlite3
│ ├── index.ts # Core query handlers
│ ├── utils.ts # SQL parsing (node-sql-parser)
│ └── permissions.ts # Schema permission checks
├── config/
│ └── index.ts # Configuração de ambiente
├── utils/
│ └── index.ts # Logging & utilitários
└── types/
└── index.ts # Definições de tipos
Adapter Pattern
Cada adapter implementa a interface DatabaseAdapter:
export interface DatabaseAdapter {
readonly type: DatabaseType;
createPool(config: ConnectionConfig): Promise<DatabasePool>;
executeQuery<T>(pool: DatabasePool, sql: string, params?: any[]): Promise<T>;
setReadOnly(connection: DatabaseConnection): Promise<void>;
unsetReadOnly(connection: DatabaseConnection): Promise<void>;
normalizeResult(result: any): NormalizedResult;
supportsReadOnlyMode(): boolean;
}
Fluxos de Transação
Operações de Leitura:
BEGIN → SET TRANSACTION READ ONLY → QUERY → ROLLBACK → RESET TO READ WRITE
Operações de Escrita:
BEGIN → QUERY → COMMIT (ou ROLLBACK em caso de erro)
Exemplos
MySQL com Unix Socket
DB_TYPE=mysql
MYSQL_SOCKET_PATH=/tmp/mysql.sock
DB_USER=root
DB_PASS=password
DB_NAME=mydb
PostgreSQL Multi-DB com Permissões
DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASS=password
DB_NAME= # Modo multi-DB
SCHEMA_INSERT_PERMISSIONS=app_db:true # app_db pode inserir
SCHEMA_UPDATE_PERMISSIONS=app_db:true # app_db pode atualizar
SCHEMA_DELETE_PERMISSIONS=app_db:false # app_db: DELETE bloqueado
SQLite Read-Only
DB_TYPE=sqlite
SQLITE_DB=/var/lib/data/production.db
DB_READ_ONLY_MODE=true
AWS RDS MySQL com SSL
DB_TYPE=mysql
DB_HOST=prod.abc123.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_USER=admin
DB_PASS=secure_password
DB_NAME=production
DB_SSL=true
DB_SSL_REJECT_UNAUTHORIZED=true
ALLOW_INSERT_OPERATION=false
ALLOW_UPDATE_OPERATION=false
ALLOW_DELETE_OPERATION=false
ALLOW_DDL_OPERATION=false
Desenvolvimento
pnpm dev # Executar em modo dev (tsx)
pnpm build # Compilar TypeScript
pnpm watch # Modo watch
pnpm exec # Build + executar com .env
Testes
pnpm test # Executar todos os testes (setup + vitest run)
pnpm test:watch # Modo watch
pnpm test:unit # Apenas testes unitários
pnpm test:integration # Testes de integração (MySQL, socket, permissões)
pnpm test:e2e # Testes end-to-end
pnpm test:coverage # Relatório de cobertura
Estrutura de Testes:
tests/
├── unit/ # Funções isoladas (parsing de queries, utils)
├── integration/ # Operações reais de banco de dados
└── e2e/ # Fluxos completos do servidor MCP
Ajustes de Performance
Connection Pool
DB_CONNECTION_LIMIT=20 # Padrão: 10
Desabilitar Transações Read-Only (MySQL)
⚠️ Não recomendado - reduz segurança:
MYSQL_DISABLE_READ_ONLY_TRANSACTIONS=true
Referência de Variáveis de Ambiente
Configurações Principais do Banco
| Variável | Descrição | Padrão | Exemplo |
|---|---|---|---|
DB_TYPE | Tipo de banco | mysql | mysql, postgresql, sqlite |
DB_HOST | Host do banco | 127.0.0.1 | localhost, db.example.com |
DB_PORT | Porta do banco | 3306 | 3306 (MySQL), 5432 (PostgreSQL) |
DB_USER | Usuário do banco | root | admin, postgres |
DB_PASS | Senha do banco | "" | secure_password |
DB_NAME | Nome do banco | undefined | mydb, "" (multi-DB) |
DB_CONNECTION_LIMIT | Tamanho do pool | 10 | 20 |
Configurações de Segurança
| Variável | Descrição | Padrão | Valores |
|---|---|---|---|
DB_READ_ONLY_MODE | Modo global read-only | false | true, false |
ALLOW_INSERT_OPERATION | Permissão global de INSERT | false | true, false |
ALLOW_UPDATE_OPERATION | Permissão global de UPDATE | false | true, false |
ALLOW_DELETE_OPERATION | Permissão global de DELETE | false | true, false |
ALLOW_DDL_OPERATION | Permissão global de DDL | false | true, false |
MULTI_DB_WRITE_MODE | Permitir escritas em multi-DB | false | true, false |
Permissões por Schema
| Variável | Formato | Exemplo |
|---|---|---|
SCHEMA_INSERT_PERMISSIONS | schema:bool,schema:bool | test_db:true,prod_db:false |
SCHEMA_UPDATE_PERMISSIONS | schema:bool,schema:bool | test_db:true,prod_db:false |
SCHEMA_DELETE_PERMISSIONS | schema:bool,schema:bool | test_db:false,prod_db:false |
SCHEMA_DDL_PERMISSIONS | schema:bool,schema:bool | test_db:true,prod_db:false |
Configurações SSL/TLS
| Variável | Descrição | Necessária | Exemplo |
|---|---|---|---|
DB_SSL | Habilitar SSL/TLS | Bancos Cloud | true, false |
DB_SSL_REJECT_UNAUTHORIZED | Validação SSL estrita | Produção | true, false |
DB_SSL_CA | Caminho do certificado CA | Cloud SQL | /path/to/ca.pem |
DB_SSL_CERT | Certificado do cliente | Cloud SQL | /path/to/cert.pem |
DB_SSL_KEY | Chave do cliente | Cloud SQL | /path/to/key.pem |
Configurações MCP Remoto
| Variável | Descrição | Necessária | Exemplo |
|---|---|---|---|
IS_REMOTE_MCP | Habilitar modo HTTP | Não | true, false |
REMOTE_SECRET_KEY | Token de autenticação | Se remoto | your-secret-key |
PORT | Porta do servidor HTTP | Não | 3000 |
Solução de Problemas
Erros de Conexão
Socket MySQL não encontrado:
# Verificar caminho do socket
sudo mysql -u root -p -e "SELECT @@socket;"
# Configurar no .env
MYSQL_SOCKET_PATH=/var/run/mysqld/mysqld.sock
Conexão PostgreSQL recusada:
# Verificar se PostgreSQL está rodando
sudo systemctl status postgresql
# Verificar porta
sudo netstat -tulpn | grep 5432
Erros de Permissão
"Operation not allowed in read-only mode":
# Verificar modo global read-only
DB_READ_ONLY_MODE=false
# Verificar modo multi-DB
MULTI_DB_WRITE_MODE=true # Se necessário
# Ou usar permissões de schema
SCHEMA_INSERT_PERMISSIONS=mydb:true
"INSERT not allowed for schema 'mydb'":
# Verificar permissão global
ALLOW_INSERT_OPERATION=true
# Ou adicionar exceção de schema
SCHEMA_INSERT_PERMISSIONS=mydb:true
Licença
MIT
Créditos
- mcp-server-mysql: @benborla