Labsco
designcomputer logo

MySQL

β˜… 1,300

from designcomputer

MySQL database integration with configurable access controls and schema inspection

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedAccount requiredAdvanced setup

MySQL MCP Server

A Model Context Protocol (MCP) implementation that enables secure interaction with MySQL databases. This server component facilitates communication between AI applications (hosts/clients) and MySQL databases, making database exploration and analysis safer and more structured through a controlled interface.

Note: MySQL MCP Server supports both standard input/output (STDIO) and Streamable HTTP (SSE) transport modes. The SSE mode is recommended for remote/self-hosted deployments.

Features

  • List available MySQL tables as resources

  • Read table contents

  • Execute SQL queries with proper error handling

  • Multi-database mode (Optional MYSQL_DATABASE)

  • SSE/HTTP transport support (MCP_TRANSPORT=sse)

  • SSH Tunneling support

  • Comprehensive schema information

  • Table data sampling

  • Secure database access through environment variables

  • Comprehensive logging

Available Tools

execute_sql

Executes any standard SQL query.

  • Arguments: query (string)

  • Features: Supports SELECT, SHOW, DESCRIBE, and DML (INSERT, UPDATE, DELETE). DML operations are marked with a destructive hint.

  • Limitation: Single statements only. Multi-statement queries are not supported.

  • Cross-database: Use database.table notation to query any database regardless of the MYSQL_DATABASE setting.

get_schema_info

Provides detailed metadata about database structures.

  • Arguments: table_name (optional string)

  • Output: Column names, types, nullability, default values, and comments.

  • Cross-database: Pass database.table to query a table outside MYSQL_DATABASE; bare names use the configured database.

  • Identifier rules: Names must contain only alphanumeric characters, underscores, and $ (dots are allowed as a separator between database and table names).

get_table_sample

Fetches a representative sample of data.

  • Arguments: table_name (string), limit (optional integer, max 20)

  • Use Case: Quickly understand data formats and content without fetching large result sets.

  • Cross-database: Pass database.table to sample a table outside MYSQL_DATABASE; bare names use the configured database.

  • Identifier rules: Names must contain only alphanumeric characters, underscores, and $ (dots are allowed as a separator between database and table names).

Available Prompts

In addition to tools, the server exposes MCP prompts β€” guided, multi-step workflows that a client can launch on demand. In Claude Code they appear as slash commands (/mcp__<server>__<prompt>); in Claude Desktop they appear in the prompts (+) menu.

Prompt Arguments Description explore_database (none) Systematically explore the database: discover available tables, inspect their schemas, sample the data, and summarize what's there. analyze_table table_name (required) Deep-dive into a specific table: retrieve its schema, sample its data, and suggest useful queries. Accepts database.table notation for cross-database lookups.

Example (Claude Code):

Copy & paste β€” that's it
/mcp__mysql__explore_database
/mcp__mysql__analyze_table customers

Both prompts orchestrate the existing get_schema_info and get_table_sample tools; explore_database also uses resource listing to enumerate tables.

Development

Copy & paste β€” that's it
# Clone the repository
git clone https://github.com/designcomputer/mysql_mcp_server.git
cd mysql_mcp_server
# Create virtual environment
python -m venv venv
source venv/bin/activate # or `venv\Scripts\activate` on Windows
# Install development dependencies
pip install -r requirements-dev.txt
# Copy the example config and edit with your credentials
cp .env.example .env
# Edit .env with your MySQL connection details
# Run tests
pytest

Security Considerations

Identifier Validation: Table and database names passed to get_schema_info and get_table_sample are validated against a strict whitelist (alphanumeric, underscore, and $ only; a single dot is allowed as a database.table separator). Other special characters are rejected to prevent SQL injection.

Encrypted Access: Full support for SSL/TLS and SSH Tunneling for secure remote connections.

Log Privacy: Passwords and SSH private keys are automatically masked in server logs.

Least Privilege: Always use a dedicated MySQL user with minimal required permissions.

SSE transport has no built-in authentication. The SSE server binds to 0.0.0.0 by default and accepts connections without credentials. If you expose it beyond localhost, place it behind a reverse proxy (nginx, Caddy, Traefik) that enforces authentication. Example with nginx and HTTP Basic Auth:

Copy & paste β€” that's it
location /sse {
 auth_basic "MCP";
 auth_basic_user_file /etc/nginx/.htpasswd;
 proxy_pass http://127.0.0.1:8000;
 proxy_set_header Host $host;
 proxy_buffering off;
}
location /messages/ {
 auth_basic "MCP";
 auth_basic_user_file /etc/nginx/.htpasswd;
 proxy_pass http://127.0.0.1:8000;
 proxy_set_header Host $host;
}

Set MCP_SSE_HOST=127.0.0.1 so the server only listens on loopback and the proxy is the sole public entry point. Set MCP_SSE_ALLOWED_HOSTS to the public hostname your proxy forwards (e.g. MCP_SSE_ALLOWED_HOSTS=myserver.example.com:443).

See SECURITY.md for a comprehensive guide on securing your deployment.

Security Best Practices

This MCP implementation requires database access to function. For security:

  • Create a dedicated MySQL user with minimal permissions

  • Never use root credentials or administrative accounts

  • Restrict database access to only necessary operations

  • Enable logging for audit purposes

  • Regular security reviews of database access

See MySQL Security Configuration Guide for detailed instructions on:

  • Creating a restricted MySQL user

  • Setting appropriate permissions

  • Monitoring database access

  • Security best practices

⚠️ IMPORTANT: Always follow the principle of least privilege when configuring database access.

License

MIT License - see LICENSE file for details.

Contributing

  • Fork the repository

  • Create your feature branch (git checkout -b feature/amazing-feature)

  • Commit your changes (git commit -m 'Add some amazing feature')

  • Push to the branch (git push origin feature/amazing-feature)

  • Open a Pull Request