Labsco
GreptimeTeam logo

GreptimeDB

β˜… 27

from GreptimeTeam

Provides AI assistants with a secure and structured way to explore and analyze data in GreptimeDB.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeNeeds API keys

greptimedb-mcp-server

PyPI - Version build workflow MCP Registry MIT License

A Model Context Protocol (MCP) server for GreptimeDB β€” an open-source observability database that handles metrics, logs, and traces in one engine.

<!-- mcp-name: io.github.GreptimeTeam/greptimedb-mcp-server -->

Enables AI assistants to query and analyze GreptimeDB using SQL, TQL (PromQL-compatible), and RANGE queries, with built-in security features like read-only enforcement and data masking.

Features

Tools

ToolDescription
execute_sqlExecute SQL queries with format (csv/json/markdown) and limit options
execute_tqlExecute TQL (PromQL-compatible) queries for time-series analysis
query_rangeExecute time-window aggregation queries with RANGE/ALIGN syntax
describe_tableInspect a table profile: schema, semantic metadata, latest sample rows, and query guidance
explain_queryAnalyze SQL or TQL query execution plans (analyze=true for runtime stats; add verbose=true alongside analyze=true for per-partition scan metrics and index-pruning counters)
health_checkCheck database connection status and server version

Pipeline Management

ToolDescription
list_pipelinesList all pipelines or get details of a specific pipeline
create_pipelineCreate a new pipeline with YAML configuration
dryrun_pipelineTest a pipeline with sample data without writing to database
delete_pipelineDelete a specific version of a pipeline

Dashboard Management

ToolDescription
list_dashboardsList all Perses dashboard definitions
create_dashboardCreate or update a Perses dashboard definition
delete_dashboardDelete a dashboard definition

Resources & Prompts

  • Resources: Browse tables via greptime://<table>/data URIs
  • Prompts: Built-in Jinja templates for common tasks β€” pipeline_creator, log_pipeline, metrics_analysis, promql_analysis, trace_analysis, table_operation, schema_design_advisor, observability_correlation, ingestion_troubleshooting, query_performance_tuning

For LLM integration and prompt usage, see docs/llm-instructions.md.

Security

Read-Only Database User (Recommended)

Create a read-only user in GreptimeDB using static user provider:

mcp_readonly:readonly=your_secure_password

Application-Level Security Gate

All queries go through a security gate that:

  • Blocks: DROP, DELETE, TRUNCATE, UPDATE, INSERT, ALTER, CREATE, GRANT, REVOKE, EXEC, LOAD, COPY
  • Blocks: Encoded bypass attempts (hex, UNHEX, CHAR)
  • Allows: SELECT, SHOW, DESCRIBE, TQL, EXPLAIN, UNION

Write Mode (Disabled by Default)

The server is read-only by default. For local development or testing, you can allow write/destructive SQL (DDL/DML such as CREATE, DROP, ALTER, INSERT, UPDATE, DELETE) through the execute_sql tool by enabling write mode:

# Environment variable
GREPTIMEDB_ALLOW_WRITE=true greptimedb-mcp-server

# Or CLI argument
greptimedb-mcp-server --allow-write true

When enabled, the security gate is bypassed for execute_sql, and the server logs a warning on startup.

⚠️ Danger: This lets an AI assistant run destructive statements against your database. Never enable it against production data. Combine with a read-only database user if you only need read access.

Data Masking

Sensitive columns are automatically masked (******) based on column name patterns:

  • Authentication: password, secret, token, api_key, credential
  • Financial: credit_card, cvv, bank_account
  • Personal: ssn, id_card, passport

Configure with --mask-patterns phone,email to add custom patterns.

Audit Logging

All tool invocations are logged:

2025-12-10 10:30:45 - greptimedb_mcp_server.audit - INFO - [AUDIT] execute_sql | query="SELECT * FROM cpu LIMIT 10" | success=True | duration_ms=45.2

Disable with --audit-enabled false.

Development

# Clone and setup
git clone https://github.com/GreptimeTeam/greptimedb-mcp-server.git
cd greptimedb-mcp-server
uv venv && source .venv/bin/activate
uv sync

# Run tests
pytest

# Format & lint
uv run black .
uv run flake8 src

# Debug with MCP Inspector
npx @modelcontextprotocol/inspector uv --directory . run -m greptimedb_mcp_server.server

License

MIT License - see LICENSE.md.

Acknowledgement

Inspired by: