@achmadya-dev/mcp-mysql-query 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 achmadya
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,129 @@
+# @achmadya-dev/mcp-mysql-query
+
+MCP server for MySQL. Runs a single SQL statement per tool call over **stdio**. **Read-only by default** — writes and DDL require explicit env flags.
+
+## Requirements
+
+- Node.js **≥ 20**
+- A reachable MySQL server (local, Docker, or remote)
+
+## Install from npm
+
+Add to Cursor **Settings → MCP** or `.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "mysql": {
+      "command": "npx",
+      "args": ["-y", "@achmadya-dev/mcp-mysql-query"],
+      "env": {
+        "MYSQL_HOST": "localhost",
+        "MYSQL_PORT": "3306",
+        "MYSQL_USER": "your_user",
+        "MYSQL_PASSWORD": "your_password",
+        "MYSQL_DATABASE": "your_database"
+      }
+    }
+  }
+}
+```
+
+Or load credentials from a file (Cursor `envFile`):
+
+```json
+{
+  "mcpServers": {
+    "mysql": {
+      "command": "npx",
+      "args": ["-y", "@achmadya-dev/mcp-mysql-query"],
+      "envFile": "/absolute/path/to/.env"
+    }
+  }
+}
+```
+
+## Develop from source
+
+From the repository root ([`achmadya-dev/mcp`](https://github.com/achmadya-dev/mcp)):
+
+```bash
+cp .env.example .env
+pnpm install
+docker compose up -d mysql
+pnpm --filter @achmadya-dev/mcp-mysql-query run build
+```
+
+Register the built server in `.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "mysql": {
+      "command": "node",
+      "args": ["${workspaceFolder}/packages/mcp-mysql-query/dist/index.js"],
+      "envFile": "${workspaceFolder}/.env"
+    }
+  }
+}
+```
+
+Relevant `.env` keys (defaults match `docker-compose.yml`):
+
+```env
+MYSQL_HOST=localhost
+MYSQL_PORT=3306
+MYSQL_USER=dev
+MYSQL_PASSWORD=devpassword
+MYSQL_DATABASE=devdb
+```
+
+## Environment variables
+
+### Connection
+
+| Variable         | Default      | Description                     |
+| ---------------- | ------------ | ------------------------------- |
+| `MYSQL_HOST`     | `localhost`  | MySQL host                      |
+| `MYSQL_PORT`     | `3306`       | Port                            |
+| `MYSQL_USER`     | _(empty)_    | Username                        |
+| `MYSQL_PASSWORD` | _(empty)_    | Password                        |
+| `MYSQL_DATABASE` | _(optional)_ | Database selected after connect |
+| `MYSQL_MAX_ROWS` | `500`        | Max rows returned for `SELECT`  |
+
+### Write access
+
+Enabled when the value is `true`, `1`, `yes`, or `on` (case-insensitive). If unset, that operation type is **rejected**.
+
+| Variable                 | Allows                             |
+| ------------------------ | ---------------------------------- |
+| `ALLOW_INSERT_OPERATION` | `INSERT`, `REPLACE`                |
+| `ALLOW_UPDATE_OPERATION` | `UPDATE`                           |
+| `ALLOW_DELETE_OPERATION` | `DELETE`                           |
+| `ALLOW_DDL_OPERATION`    | DDL (`CREATE`, `ALTER`, `DROP`, …) |
+
+## Tools
+
+| Tool           | Statements                                      | Env flag                 |
+| -------------- | ----------------------------------------------- | ------------------------ |
+| `mysql_select` | `SELECT`, `SHOW`, `DESCRIBE`, `EXPLAIN`, `DESC` | always on                |
+| `mysql_insert` | `INSERT`, `REPLACE`                             | `ALLOW_INSERT_OPERATION` |
+| `mysql_update` | `UPDATE`                                        | `ALLOW_UPDATE_OPERATION` |
+| `mysql_delete` | `DELETE`                                        | `ALLOW_DELETE_OPERATION` |
+| `mysql_ddl`    | DDL                                             | `ALLOW_DDL_OPERATION`    |
+
+Each tool accepts one `sql` string. Results are JSON text; `SELECT` output is capped by `MYSQL_MAX_ROWS`.
+
+## Behavior and security
+
+- One SQL statement per request (no `;`-separated batches).
+- Dangerous patterns are blocked regardless of flags.
+- Read operations are always permitted.
+
+## Package scripts
+
+```bash
+pnpm run build
+pnpm test
+pnpm start
+```

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+import { startMcpServer } from "@achmadya-dev/mcp-core";
+import packageJson from "../package.json" with { type: "json" };
+import { mysql_ddl } from "./tools/mysql_ddl.js";
+import { mysql_delete } from "./tools/mysql_delete.js";
+import { mysql_insert } from "./tools/mysql_insert.js";
+import { mysql_select } from "./tools/mysql_select.js";
+import { mysql_update } from "./tools/mysql_update.js";
+await startMcpServer({
+    name: "MySQL Database",
+    version: packageJson.version,
+    tools: [mysql_select, mysql_insert, mysql_update, mysql_delete, mysql_ddl],
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,WAAW,MAAM,iBAAiB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,MAAM,cAAc,CAAC;IACnB,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,WAAW,CAAC,OAAO;IAC5B,KAAK,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC;CAC3E,CAAC,CAAC"}

package/dist/mysql/config.d.ts

@@ -0,0 +1,14 @@
+declare const _default: {
+    host: string;
+    port: number;
+    user: string;
+    password: string;
+    database: string | undefined;
+    maxRows: number;
+    allowInsert: boolean;
+    allowUpdate: boolean;
+    allowDelete: boolean;
+    allowDdl: boolean;
+};
+export default _default;
+//# sourceMappingURL=config.d.ts.map

package/dist/mysql/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/mysql/config.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,wBAWE"}

package/dist/mysql/config.js

@@ -0,0 +1,14 @@
+import { envBool, envInt, envStr } from "@achmadya-dev/mcp-core";
+export default {
+    host: envStr("MYSQL_HOST", "localhost"),
+    port: envInt("MYSQL_PORT", 3306),
+    user: envStr("MYSQL_USER"),
+    password: envStr("MYSQL_PASSWORD", ""),
+    database: envStr("MYSQL_DATABASE") || undefined,
+    maxRows: envInt("MYSQL_MAX_ROWS", 500),
+    allowInsert: envBool("ALLOW_INSERT_OPERATION"),
+    allowUpdate: envBool("ALLOW_UPDATE_OPERATION"),
+    allowDelete: envBool("ALLOW_DELETE_OPERATION"),
+    allowDdl: envBool("ALLOW_DDL_OPERATION"),
+};
+//# sourceMappingURL=config.js.map

package/dist/mysql/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/mysql/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEjE,eAAe;IACb,IAAI,EAAE,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC,YAAY,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC,gBAAgB,CAAC,IAAI,SAAS;IAC/C,OAAO,EAAE,MAAM,CAAC,gBAAgB,EAAE,GAAG,CAAC;IACtC,WAAW,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAC9C,WAAW,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAC9C,WAAW,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAC9C,QAAQ,EAAE,OAAO,CAAC,qBAAqB,CAAC;CACzC,CAAC"}

package/dist/mysql/helpers.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Validate and clean up input SQL query and allowed prefixes.
+ */
+export declare function validateInputs(sql: string, allowedPrefixes: string[]): {
+    cleanSql: string;
+    prefixes: string[];
+};
+/**
+ * Splits the SQL query, parses syntax, handles quoting/nesting/comments,
+ * and extracts the single SQL statement while ensuring syntax correctness.
+ */
+export declare function parseSingleStatement(sql: string): string;
+/**
+ * Validates the statement prefix and detects dangerous SQL patterns (hardening).
+ */
+export declare function validateStatement(statement: string, prefixes: string[]): void;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/mysql/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../src/mysql/helpers.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,EACX,eAAe,EAAE,MAAM,EAAE,GACxB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,CAY1C;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAmIxD;AAiCD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CA+B7E"}

package/dist/mysql/helpers.js

@@ -0,0 +1,193 @@
+import { ToolError } from "@achmadya-dev/mcp-core";
+/**
+ * Validate and clean up input SQL query and allowed prefixes.
+ */
+export function validateInputs(sql, allowedPrefixes) {
+    const cleanSql = sql.trim();
+    if (!cleanSql) {
+        throw new ToolError("SQL query cannot be empty.");
+    }
+    if (allowedPrefixes.length === 0) {
+        throw new ToolError("allowedPrefixes cannot be empty.");
+    }
+    const prefixes = allowedPrefixes.map((p) => p.trim().toUpperCase());
+    return { cleanSql, prefixes };
+}
+/**
+ * Splits the SQL query, parses syntax, handles quoting/nesting/comments,
+ * and extracts the single SQL statement while ensuring syntax correctness.
+ */
+export function parseSingleStatement(sql) {
+    const parts = [];
+    let current = "";
+    let inSingleQuote = false;
+    let inDoubleQuote = false;
+    let inBacktick = false;
+    let inBracketIdentifier = false;
+    let inLineComment = false;
+    let inBlockComment = false;
+    let escape = false;
+    for (let i = 0; i < sql.length; i++) {
+        const char = sql[i];
+        const next = sql[i + 1];
+        if (escape) {
+            current += char;
+            escape = false;
+            continue;
+        }
+        if (char === "\\" && (inSingleQuote || inDoubleQuote || inBacktick)) {
+            current += char;
+            escape = true;
+            continue;
+        }
+        if (inLineComment) {
+            current += char;
+            if (char === "\n") {
+                inLineComment = false;
+            }
+            continue;
+        }
+        if (inBlockComment) {
+            current += char;
+            if (char === "*" && next === "/") {
+                current += next;
+                i++;
+                inBlockComment = false;
+            }
+            continue;
+        }
+        if (!inSingleQuote && !inDoubleQuote && !inBacktick && !inBracketIdentifier) {
+            if (char === "-" && next === "-") {
+                current += char + next;
+                i++;
+                inLineComment = true;
+                continue;
+            }
+            if (char === "/" && next === "*") {
+                current += char + next;
+                i++;
+                inBlockComment = true;
+                continue;
+            }
+        }
+        if (char === "'" && !inDoubleQuote && !inBacktick && !inBracketIdentifier) {
+            if (inSingleQuote && next === "'") {
+                current += "''";
+                i++;
+                continue;
+            }
+            inSingleQuote = !inSingleQuote;
+            current += char;
+            continue;
+        }
+        if (char === '"' && !inSingleQuote && !inBacktick && !inBracketIdentifier) {
+            if (inDoubleQuote && next === '"') {
+                current += '""';
+                i++;
+                continue;
+            }
+            inDoubleQuote = !inDoubleQuote;
+            current += char;
+            continue;
+        }
+        if (char === "`" && !inSingleQuote && !inDoubleQuote && !inBracketIdentifier) {
+            inBacktick = !inBacktick;
+            current += char;
+            continue;
+        }
+        if (char === "[" && !inSingleQuote && !inDoubleQuote && !inBacktick) {
+            inBracketIdentifier = true;
+            current += char;
+            continue;
+        }
+        if (char === "]" && inBracketIdentifier) {
+            inBracketIdentifier = false;
+            current += char;
+            continue;
+        }
+        if (char === ";" && !inSingleQuote && !inDoubleQuote && !inBacktick && !inBracketIdentifier) {
+            const trimmed = current.trim();
+            if (trimmed.length > 0) {
+                parts.push(trimmed);
+            }
+            current = "";
+            continue;
+        }
+        current += char;
+    }
+    if (inSingleQuote)
+        throw new ToolError("Unterminated single quote string.");
+    if (inDoubleQuote)
+        throw new ToolError("Unterminated double quote identifier.");
+    if (inBacktick)
+        throw new ToolError("Unterminated backtick identifier.");
+    if (inBracketIdentifier)
+        throw new ToolError("Unterminated bracket identifier.");
+    if (inBlockComment)
+        throw new ToolError("Unterminated block comment.");
+    const last = current.trim();
+    if (last.length > 0) {
+        parts.push(last);
+    }
+    if (parts.length !== 1) {
+        throw new ToolError("Only a single SQL query is allowed per call.");
+    }
+    return parts[0];
+}
+/**
+ * Recursively strips leading single-line and block comments from a SQL statement.
+ */
+function stripLeadingComments(sql) {
+    let result = sql.trim();
+    while (true) {
+        if (result.startsWith("--")) {
+            const newlineIndex = result.indexOf("\n");
+            if (newlineIndex === -1) {
+                return "";
+            }
+            result = result.slice(newlineIndex + 1).trim();
+            continue;
+        }
+        if (result.startsWith("/*")) {
+            const endIndex = result.indexOf("*/");
+            if (endIndex === -1) {
+                throw new ToolError("Unterminated leading block comment.");
+            }
+            result = result.slice(endIndex + 2).trim();
+            continue;
+        }
+        break;
+    }
+    return result;
+}
+/**
+ * Validates the statement prefix and detects dangerous SQL patterns (hardening).
+ */
+export function validateStatement(statement, prefixes) {
+    const stripped = stripLeadingComments(statement);
+    const match = stripped.match(/^([A-Z]+)/i);
+    if (!match) {
+        throw new ToolError("Unable to determine SQL statement type.");
+    }
+    const firstKeyword = match[1].toUpperCase();
+    if (!prefixes.includes(firstKeyword)) {
+        throw new ToolError(`SQL query is not allowed for this tool. Allowed statements: ${prefixes.join(", ")}`);
+    }
+    const dangerousPatterns = [
+        /\bXP_CMDSHELL\b/i,
+        /\bEXEC\b/i,
+        /\bEXECUTE\b/i,
+        /\bPREPARE\b/i,
+        /\bDEALLOCATE\b/i,
+        /\bATTACH\s+DATABASE\b/i,
+        /\bCOPY\s+.*\s+PROGRAM\b/i,
+        /\bLOAD_FILE\s*\(/i,
+        /\bINTO\s+OUTFILE\b/i,
+    ];
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(statement)) {
+            throw new ToolError(`Dangerous SQL pattern detected: ${pattern}`);
+        }
+    }
+}
+//# sourceMappingURL=helpers.js.map

package/dist/mysql/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../src/mysql/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,GAAW,EACX,eAAyB;IAEzB,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;IAEjB,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,mBAAmB,GAAG,KAAK,CAAC;IAEhC,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACpB,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAExB,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,IAAI,CAAC;YAChB,MAAM,GAAG,KAAK,CAAC;YACf,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,aAAa,IAAI,aAAa,IAAI,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,IAAI,CAAC;YAChB,MAAM,GAAG,IAAI,CAAC;YACd,SAAS;QACX,CAAC;QAED,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,IAAI,IAAI,CAAC;YAChB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,aAAa,GAAG,KAAK,CAAC;YACxB,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,IAAI,IAAI,CAAC;YAChB,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjC,OAAO,IAAI,IAAI,CAAC;gBAChB,CAAC,EAAE,CAAC;gBACJ,cAAc,GAAG,KAAK,CAAC;YACzB,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC5E,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjC,OAAO,IAAI,IAAI,GAAG,IAAI,CAAC;gBACvB,CAAC,EAAE,CAAC;gBACJ,aAAa,GAAG,IAAI,CAAC;gBACrB,SAAS;YACX,CAAC;YAED,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjC,OAAO,IAAI,IAAI,GAAG,IAAI,CAAC;gBACvB,CAAC,EAAE,CAAC;gBACJ,cAAc,GAAG,IAAI,CAAC;gBACtB,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC1E,IAAI,aAAa,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAClC,OAAO,IAAI,IAAI,CAAC;gBAChB,CAAC,EAAE,CAAC;gBACJ,SAAS;YACX,CAAC;YACD,aAAa,GAAG,CAAC,aAAa,CAAC;YAC/B,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC1E,IAAI,aAAa,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAClC,OAAO,IAAI,IAAI,CAAC;gBAChB,CAAC,EAAE,CAAC;gBACJ,SAAS;YACX,CAAC;YACD,aAAa,GAAG,CAAC,aAAa,CAAC;YAC/B,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7E,UAAU,GAAG,CAAC,UAAU,CAAC;YACzB,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,EAAE,CAAC;YACpE,mBAAmB,GAAG,IAAI,CAAC;YAC3B,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,mBAAmB,EAAE,CAAC;YACxC,mBAAmB,GAAG,KAAK,CAAC;YAC5B,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC5F,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;YACD,OAAO,GAAG,EAAE,CAAC;YACb,SAAS;QACX,CAAC;QAED,OAAO,IAAI,IAAI,CAAC;IAClB,CAAC;IAED,IAAI,aAAa;QAAE,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC,CAAC;IAC5E,IAAI,aAAa;QAAE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IAChF,IAAI,UAAU;QAAE,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC,CAAC;IACzE,IAAI,mBAAmB;QAAE,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAC;IACjF,IAAI,cAAc;QAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,CAAC;IAEvE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,SAAS,CAAC,8CAA8C,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,GAAW;IACvC,IAAI,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAExB,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;gBACxB,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACtC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;YAC7D,CAAC;YACD,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,SAAS;QACX,CAAC;QAED,MAAM;IACR,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB,EAAE,QAAkB;IACrE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,SAAS,CACjB,+DAA+D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,iBAAiB,GAAa;QAClC,kBAAkB;QAClB,WAAW;QACX,cAAc;QACd,cAAc;QACd,iBAAiB;QACjB,wBAAwB;QACxB,0BAA0B;QAC1B,mBAAmB;QACnB,qBAAqB;KACtB,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,mCAAmC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/mysql/mysql.d.ts

@@ -0,0 +1,16 @@
+import type { RowDataPacket } from "mysql2/promise";
+export declare function safeQuery(sql: string, allowedPrefixes: string[]): string;
+export declare function runSql(sql: string): Promise<{
+    kind: "resultset";
+    columns: string[];
+    rowCount: number;
+    totalRows: number;
+    truncated: boolean;
+    maxRows: number;
+    rows: RowDataPacket[];
+} | {
+    kind: "execute";
+    affectedRows: number;
+    insertId: string | null;
+}>;
+//# sourceMappingURL=mysql.d.ts.map

package/dist/mysql/mysql.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql.d.ts","sourceRoot":"","sources":["../../src/mysql/mysql.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAgC,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAIlF,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,MAAM,CAKxE;AAED,wBAAsB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAC9C;IACE,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,aAAa,EAAE,CAAC;CACvB,GACD;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CACJ,CAwCA"}

package/dist/mysql/mysql.js

@@ -0,0 +1,55 @@
+import mysql from "mysql2/promise";
+import { ToolError } from "@achmadya-dev/mcp-core";
+import config from "./config.js";
+import * as helpers from "./helpers.js";
+export function safeQuery(sql, allowedPrefixes) {
+    const { cleanSql, prefixes } = helpers.validateInputs(sql, allowedPrefixes);
+    const statement = helpers.parseSingleStatement(cleanSql);
+    helpers.validateStatement(statement, prefixes);
+    return statement;
+}
+export async function runSql(sql) {
+    let conn;
+    try {
+        conn = await mysql.createConnection({
+            host: config.host,
+            port: config.port,
+            user: config.user,
+            password: config.password,
+            database: config.database,
+            charset: "utf8mb4",
+            multipleStatements: false,
+        });
+        const [rows, fields] = await conn.execute(sql);
+        if (fields && Array.isArray(fields) && fields.length > 0) {
+            const columns = fields.map((f) => f.name);
+            const all = rows;
+            const truncated = all.length > config.maxRows;
+            const display = all.slice(0, config.maxRows);
+            return {
+                kind: "resultset",
+                columns,
+                rowCount: display.length,
+                totalRows: all.length,
+                truncated,
+                maxRows: config.maxRows,
+                rows: display,
+            };
+        }
+        const header = rows;
+        const id = header.insertId;
+        return {
+            kind: "execute",
+            affectedRows: header.affectedRows ?? 0,
+            insertId: id != null && Number(id) > 0 ? String(id) : null,
+        };
+    }
+    catch (e) {
+        throw new ToolError(`MySQL: ${e instanceof Error ? e.message : String(e)}`);
+    }
+    finally {
+        if (conn)
+            await conn.end();
+    }
+}
+//# sourceMappingURL=mysql.js.map

package/dist/mysql/mysql.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql.js","sourceRoot":"","sources":["../../src/mysql/mysql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,gBAAgB,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,KAAK,OAAO,MAAM,cAAc,CAAC;AAExC,MAAM,UAAU,SAAS,CAAC,GAAW,EAAE,eAAyB;IAC9D,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,cAAc,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,OAAO,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACzD,OAAO,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC/C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,GAAW;IAgBtC,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC;YAClC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,OAAO,EAAE,SAAS;YAClB,kBAAkB,EAAE,KAAK;SAC1B,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/C,IAAI,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,MAAM,OAAO,GAAI,MAAwB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC7D,MAAM,GAAG,GAAG,IAAuB,CAAC;YACpC,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC;YAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAC7C,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,OAAO;gBACP,QAAQ,EAAE,OAAO,CAAC,MAAM;gBACxB,SAAS,EAAE,GAAG,CAAC,MAAM;gBACrB,SAAS;gBACT,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,OAAO;aACd,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAuB,CAAC;QACvC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,CAAC;YACtC,QAAQ,EAAE,EAAE,IAAI,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI;SAC3D,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;YAAS,CAAC;QACT,IAAI,IAAI;YAAE,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,CAAC;AACH,CAAC"}

package/dist/mysql/schema.d.ts

@@ -0,0 +1,33 @@
+import { z } from "zod";
+export declare const mysqlQueryInputSchema: z.ZodObject<{
+    sql: z.ZodString;
+}, z.core.$strip>;
+export declare const mysqlQueryOutputShape: z.ZodObject<{
+    kind: z.ZodEnum<{
+        resultset: "resultset";
+        execute: "execute";
+    }>;
+    columns: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    rowCount: z.ZodOptional<z.ZodNumber>;
+    totalRows: z.ZodOptional<z.ZodNumber>;
+    truncated: z.ZodOptional<z.ZodBoolean>;
+    maxRows: z.ZodOptional<z.ZodNumber>;
+    rows: z.ZodOptional<z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodNull]>>>>;
+    affectedRows: z.ZodOptional<z.ZodNumber>;
+    insertId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, z.core.$strip>;
+export declare const mysqlQueryResultSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    kind: z.ZodLiteral<"resultset">;
+    columns: z.ZodArray<z.ZodString>;
+    rowCount: z.ZodNumber;
+    totalRows: z.ZodNumber;
+    truncated: z.ZodBoolean;
+    maxRows: z.ZodNumber;
+    rows: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodNull]>>>;
+}, z.core.$strip>, z.ZodObject<{
+    kind: z.ZodLiteral<"execute">;
+    affectedRows: z.ZodNumber;
+    insertId: z.ZodNullable<z.ZodString>;
+}, z.core.$strip>], "kind">;
+export type MysqlQueryResult = z.infer<typeof mysqlQueryResultSchema>;
+//# sourceMappingURL=schema.d.ts.map

package/dist/mysql/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/mysql/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,eAAO,MAAM,qBAAqB;;iBAShC,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;iBAUhC,CAAC;AAEH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;2BAejC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC"}

package/dist/mysql/schema.js

@@ -0,0 +1,36 @@
+import { z } from "zod";
+const rowValue = z.union([z.string(), z.number(), z.boolean(), z.null()]);
+export const mysqlQueryInputSchema = z.object({
+    sql: z
+        .string()
+        .check(z.trim(), z.minLength(1, "SQL cannot be empty"), z.maxLength(100_000, "SQL is too long (max 100,000 characters)"))
+        .describe("A single SQL statement. Multiple statements separated by ';' are not allowed."),
+});
+export const mysqlQueryOutputShape = z.object({
+    kind: z.enum(["resultset", "execute"]),
+    columns: z.array(z.string()).optional(),
+    rowCount: z.number().int().nonnegative().optional(),
+    totalRows: z.number().int().nonnegative().optional(),
+    truncated: z.boolean().optional(),
+    maxRows: z.number().int().positive().optional(),
+    rows: z.array(z.record(z.string(), rowValue)).optional(),
+    affectedRows: z.number().int().nonnegative().optional(),
+    insertId: z.string().nullable().optional(),
+});
+export const mysqlQueryResultSchema = z.discriminatedUnion("kind", [
+    z.object({
+        kind: z.literal("resultset"),
+        columns: z.array(z.string()),
+        rowCount: z.number().int().nonnegative(),
+        totalRows: z.number().int().nonnegative(),
+        truncated: z.boolean(),
+        maxRows: z.number().int().positive(),
+        rows: z.array(z.record(z.string(), rowValue)),
+    }),
+    z.object({
+        kind: z.literal("execute"),
+        affectedRows: z.number().int().nonnegative(),
+        insertId: z.string().nullable(),
+    }),
+]);
+//# sourceMappingURL=schema.js.map

package/dist/mysql/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/mysql/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;AAE1E,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,GAAG,EAAE,CAAC;SACH,MAAM,EAAE;SACR,KAAK,CACJ,CAAC,CAAC,IAAI,EAAE,EACR,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,qBAAqB,CAAC,EACrC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,0CAA0C,CAAC,CACjE;SACA,QAAQ,CAAC,+EAA+E,CAAC;CAC7F,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACnD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACpD,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC/C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxD,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACvD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACjE,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC5B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;QACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;QACzC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;QACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;QACpC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,CAAC;KAC9C,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;QAC1B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;QAC5C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAChC,CAAC;CACH,CAAC,CAAC"}

package/dist/tools/mysql_ddl.d.ts

@@ -0,0 +1,2 @@
+export declare const mysql_ddl: import("@achmadya-dev/mcp-core").RegisterableTool;
+//# sourceMappingURL=mysql_ddl.d.ts.map

package/dist/tools/mysql_ddl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_ddl.d.ts","sourceRoot":"","sources":["../../src/tools/mysql_ddl.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,SAAS,mDA0BpB,CAAC"}

package/dist/tools/mysql_ddl.js

@@ -0,0 +1,31 @@
+import { defineTool, ToolError } from "@achmadya-dev/mcp-core";
+import { runSql, safeQuery } from "../mysql/mysql.js";
+import { mysqlQueryInputSchema, mysqlQueryOutputShape, mysqlQueryResultSchema, } from "../mysql/schema.js";
+import config from "../mysql/config.js";
+export const mysql_ddl = defineTool({
+    name: "mysql_ddl",
+    description: "Modify the database schema or permissions using CREATE, ALTER, DROP, TRUNCATE, RENAME, GRANT, or REVOKE. Only a single query is allowed. If the operation is rejected as not allowed, you must respect this safety restriction and do not attempt to bypass it via terminal commands, custom scripts, or external tools.",
+    inputSchema: mysqlQueryInputSchema,
+    outputSchema: mysqlQueryOutputShape,
+    handler: async ({ sql }) => {
+        if (!config.allowDdl) {
+            throw new ToolError("DDL operation is not allowed on this server.");
+        }
+        const query = safeQuery(sql, [
+            "CREATE",
+            "ALTER",
+            "DROP",
+            "TRUNCATE",
+            "RENAME",
+            "GRANT",
+            "REVOKE",
+        ]);
+        const result = await runSql(query);
+        const parsed = mysqlQueryResultSchema.safeParse(result);
+        if (!parsed.success) {
+            throw new ToolError(`Invalid query result: ${parsed.error.message}`);
+        }
+        return parsed.data;
+    },
+});
+//# sourceMappingURL=mysql_ddl.js.map

package/dist/tools/mysql_ddl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_ddl.js","sourceRoot":"","sources":["../../src/tools/mysql_ddl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,MAAM,CAAC,MAAM,SAAS,GAAG,UAAU,CAAC;IAClC,IAAI,EAAE,WAAW;IACjB,WAAW,EACT,0TAA0T;IAC5T,WAAW,EAAE,qBAAqB;IAClC,YAAY,EAAE,qBAAqB;IACnC,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,IAAI,SAAS,CAAC,8CAA8C,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE;YAC3B,QAAQ;YACR,OAAO;YACP,MAAM;YACN,UAAU;YACV,QAAQ;YACR,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;CACF,CAAC,CAAC"}

package/dist/tools/mysql_delete.d.ts

@@ -0,0 +1,2 @@
+export declare const mysql_delete: import("@achmadya-dev/mcp-core").RegisterableTool;
+//# sourceMappingURL=mysql_delete.d.ts.map

package/dist/tools/mysql_delete.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_delete.d.ts","sourceRoot":"","sources":["../../src/tools/mysql_delete.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,YAAY,mDAkBvB,CAAC"}

package/dist/tools/mysql_delete.js

@@ -0,0 +1,23 @@
+import { defineTool, ToolError } from "@achmadya-dev/mcp-core";
+import { runSql, safeQuery } from "../mysql/mysql.js";
+import { mysqlQueryInputSchema, mysqlQueryOutputShape, mysqlQueryResultSchema, } from "../mysql/schema.js";
+import config from "../mysql/config.js";
+export const mysql_delete = defineTool({
+    name: "mysql_delete",
+    description: "Delete data from the database using DELETE. Only a single query is allowed. If the operation is rejected as not allowed, you must respect this safety restriction and do not attempt to bypass it via terminal commands, custom scripts, or external tools.",
+    inputSchema: mysqlQueryInputSchema,
+    outputSchema: mysqlQueryOutputShape,
+    handler: async ({ sql }) => {
+        if (!config.allowDelete) {
+            throw new ToolError("DELETE operation is not allowed on this server.");
+        }
+        const query = safeQuery(sql, ["DELETE"]);
+        const result = await runSql(query);
+        const parsed = mysqlQueryResultSchema.safeParse(result);
+        if (!parsed.success) {
+            throw new ToolError(`Invalid query result: ${parsed.error.message}`);
+        }
+        return parsed.data;
+    },
+});
+//# sourceMappingURL=mysql_delete.js.map

package/dist/tools/mysql_delete.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_delete.js","sourceRoot":"","sources":["../../src/tools/mysql_delete.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC;IACrC,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,6PAA6P;IAC/P,WAAW,EAAE,qBAAqB;IAClC,YAAY,EAAE,qBAAqB;IACnC,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;CACF,CAAC,CAAC"}

package/dist/tools/mysql_insert.d.ts

@@ -0,0 +1,2 @@
+export declare const mysql_insert: import("@achmadya-dev/mcp-core").RegisterableTool;
+//# sourceMappingURL=mysql_insert.d.ts.map

package/dist/tools/mysql_insert.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_insert.d.ts","sourceRoot":"","sources":["../../src/tools/mysql_insert.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,YAAY,mDAkBvB,CAAC"}

package/dist/tools/mysql_insert.js

@@ -0,0 +1,23 @@
+import { defineTool, ToolError } from "@achmadya-dev/mcp-core";
+import { runSql, safeQuery } from "../mysql/mysql.js";
+import { mysqlQueryInputSchema, mysqlQueryOutputShape, mysqlQueryResultSchema, } from "../mysql/schema.js";
+import config from "../mysql/config.js";
+export const mysql_insert = defineTool({
+    name: "mysql_insert",
+    description: "Insert new data into the database using INSERT or REPLACE. Only a single query is allowed. If the operation is rejected as not allowed, you must respect this safety restriction and do not attempt to bypass it via terminal commands, custom scripts, or external tools.",
+    inputSchema: mysqlQueryInputSchema,
+    outputSchema: mysqlQueryOutputShape,
+    handler: async ({ sql }) => {
+        if (!config.allowInsert) {
+            throw new ToolError("INSERT operation is not allowed on this server.");
+        }
+        const query = safeQuery(sql, ["INSERT", "REPLACE"]);
+        const result = await runSql(query);
+        const parsed = mysqlQueryResultSchema.safeParse(result);
+        if (!parsed.success) {
+            throw new ToolError(`Invalid query result: ${parsed.error.message}`);
+        }
+        return parsed.data;
+    },
+});
+//# sourceMappingURL=mysql_insert.js.map

package/dist/tools/mysql_insert.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_insert.js","sourceRoot":"","sources":["../../src/tools/mysql_insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC;IACrC,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,4QAA4Q;IAC9Q,WAAW,EAAE,qBAAqB;IAClC,YAAY,EAAE,qBAAqB;IACnC,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;CACF,CAAC,CAAC"}

package/dist/tools/mysql_select.d.ts

@@ -0,0 +1,2 @@
+export declare const mysql_select: import("@achmadya-dev/mcp-core").RegisterableTool;
+//# sourceMappingURL=mysql_select.d.ts.map

package/dist/tools/mysql_select.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_select.d.ts","sourceRoot":"","sources":["../../src/tools/mysql_select.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,YAAY,mDAevB,CAAC"}

package/dist/tools/mysql_select.js

@@ -0,0 +1,19 @@
+import { defineTool, ToolError } from "@achmadya-dev/mcp-core";
+import { runSql, safeQuery } from "../mysql/mysql.js";
+import { mysqlQueryInputSchema, mysqlQueryOutputShape, mysqlQueryResultSchema, } from "../mysql/schema.js";
+export const mysql_select = defineTool({
+    name: "mysql_select",
+    description: "Read data from the database using SELECT, SHOW, DESCRIBE, EXPLAIN, or DESC. Only a single query is allowed.",
+    inputSchema: mysqlQueryInputSchema,
+    outputSchema: mysqlQueryOutputShape,
+    handler: async ({ sql }) => {
+        const query = safeQuery(sql, ["SELECT", "SHOW", "DESCRIBE", "EXPLAIN", "DESC"]);
+        const result = await runSql(query);
+        const parsed = mysqlQueryResultSchema.safeParse(result);
+        if (!parsed.success) {
+            throw new ToolError(`Invalid query result: ${parsed.error.message}`);
+        }
+        return parsed.data;
+    },
+});
+//# sourceMappingURL=mysql_select.js.map

package/dist/tools/mysql_select.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_select.js","sourceRoot":"","sources":["../../src/tools/mysql_select.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC;IACrC,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,6GAA6G;IAC/G,WAAW,EAAE,qBAAqB;IAClC,YAAY,EAAE,qBAAqB;IACnC,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;QAChF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;CACF,CAAC,CAAC"}

package/dist/tools/mysql_update.d.ts

@@ -0,0 +1,2 @@
+export declare const mysql_update: import("@achmadya-dev/mcp-core").RegisterableTool;
+//# sourceMappingURL=mysql_update.d.ts.map

package/dist/tools/mysql_update.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_update.d.ts","sourceRoot":"","sources":["../../src/tools/mysql_update.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,YAAY,mDAkBvB,CAAC"}

package/dist/tools/mysql_update.js

@@ -0,0 +1,23 @@
+import { defineTool, ToolError } from "@achmadya-dev/mcp-core";
+import { runSql, safeQuery } from "../mysql/mysql.js";
+import { mysqlQueryInputSchema, mysqlQueryOutputShape, mysqlQueryResultSchema, } from "../mysql/schema.js";
+import config from "../mysql/config.js";
+export const mysql_update = defineTool({
+    name: "mysql_update",
+    description: "Update existing data in the database using UPDATE. Only a single query is allowed. If the operation is rejected as not allowed, you must respect this safety restriction and do not attempt to bypass it via terminal commands, custom scripts, or external tools.",
+    inputSchema: mysqlQueryInputSchema,
+    outputSchema: mysqlQueryOutputShape,
+    handler: async ({ sql }) => {
+        if (!config.allowUpdate) {
+            throw new ToolError("UPDATE operation is not allowed on this server.");
+        }
+        const query = safeQuery(sql, ["UPDATE"]);
+        const result = await runSql(query);
+        const parsed = mysqlQueryResultSchema.safeParse(result);
+        if (!parsed.success) {
+            throw new ToolError(`Invalid query result: ${parsed.error.message}`);
+        }
+        return parsed.data;
+    },
+});
+//# sourceMappingURL=mysql_update.js.map

package/dist/tools/mysql_update.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mysql_update.js","sourceRoot":"","sources":["../../src/tools/mysql_update.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC;IACrC,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,oQAAoQ;IACtQ,WAAW,EAAE,qBAAqB;IAClC,YAAY,EAAE,qBAAqB;IACnC,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;CACF,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@achmadya-dev/mcp-mysql-query",
+  "version": "0.2.0",
+  "description": "Model Context Protocol (MCP) server for MySQL to run SQL queries via stdio (read-only by default)",
+  "type": "module",
+  "author": "achmadya",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/achmadya-dev/mcp-mysql-query.git"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "mysql",
+    "database",
+    "cursor"
+  ],
+  "main": "dist/index.js",
+  "bin": {
+    "mcp-mysql-query": "./dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@achmadya-dev/mcp-core": "^0.3.3",
+    "mysql2": "3.11.0",
+    "zod": "4.3.6"
+  },
+  "devDependencies": {
+    "@jest/globals": "30.4.1",
+    "@types/jest": "30.0.0",
+    "@types/node": "22.10.0",
+    "jest": "30.4.2",
+    "ts-jest": "29.4.11",
+    "typescript": "5.7.2",
+    "@changesets/cli": "2.29.8"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
+    "start": "node dist/index.js",
+    "changeset": "changeset",
+    "version-packages": "changeset version",
+    "publish-packages": "pnpm run build && changeset publish"
+  }
+}