@berthojoris/mcp-mysql-server 1.40.6 → 1.40.7

package/CHANGELOG.md

@@ -5,6 +5,19 @@ All notable changes to the MySQL MCP Server will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.40.7] - 2026-05-06
+
+### Added
+- Implemented `export_query_to_csv` end-to-end for SELECT query CSV exports.
+- Enhanced `list_all_tools` with a live runtime tool catalog, enabled/disabled status, access profile, and AI-agent workflow guidance.
+
+### Fixed
+- Fixed `export_query_to_csv` being advertised but failing with `Unknown tool`.
+- Fixed `list_all_tools` returning stale manifest data instead of the active MCP tool catalog.
+- Fixed `execute_in_transaction` permission checks to match its advertised transaction permission.
+- Hardened DDL tools by validating raw DDL statements and checking structured table, column, and index inputs before building SQL.
+- Added argument validation for Cursor bridge dispatches.
+
 ## [1.40.6] - 2026-05-04
 
 ### Added

package/DOCUMENTATIONS.md

@@ -1,7 +1,7 @@
 # MySQL MCP Server - Documentation
 
-**Last Updated:** 2026-05-04 18:07:52
-**Version:** 1.40.6
+**Last Updated:** 2026-05-06 22:38:42
+**Version:** 1.40.7
 **Total Tools:** 79
 
 Comprehensive documentation for the MySQL MCP Server. For quick start, see [README.md](README.md).
@@ -93,6 +93,14 @@ Supported `mode` values are `auto`, `select`, `write`, and `ddl`. Set `MYSQL_MCP
 
 ---
 
+### AI Agent Tool Discovery
+
+Use `list_all_tools` first when connecting from Codex, Claude Code CLI, Cursor, Droid CLI, or other MCP agents. It returns the live runtime catalog from the server, enabled/disabled status for each tool, the active permission/category profile, and recommended workflows for common agent tasks.
+
+For CSV exports, use `export_table_to_csv` for table-based exports and `export_query_to_csv` for SELECT query exports.
+
+---
+
 ## Permission System
 
 ### Available Permissions
@@ -120,12 +128,11 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 
 ## Tool Categories
 
-### 1. Database Discovery (5 tools)
+### 1. Database Discovery (4 tools)
 - `list_databases` - List all databases
 - `list_tables` - List tables in database
 - `read_table_schema` - Get table structure
 - `get_all_tables_relationships` - Get all FK relationships
-- `list_all_tools` - List available MCP tools
 
 ### 2. Analysis (4 tools)
 - `get_database_summary` - Database overview with statistics
@@ -153,7 +160,11 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 - `drop_table` - Delete tables
 - `execute_ddl` - Execute raw DDL
 
-### 6. Index Management (10 tools)
+### 6. Data Export (2 tools)
+- `export_table_to_csv` - Export table data to CSV
+- `export_query_to_csv` - Export SELECT query results to CSV
+
+### 7. Index Management (10 tools)
 - `list_indexes` - List table indexes
 - `get_index_info` - Get index details
 - `create_index` - Create indexes
@@ -165,7 +176,7 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 - `get_fulltext_stats` - Get FULLTEXT index statistics
 - `optimize_fulltext` - Optimize FULLTEXT indexes
 
-### 7. Constraint Management (7 tools)
+### 8. Constraint Management (7 tools)
 - `list_foreign_keys` - List foreign keys
 - `list_constraints` - List all constraints
 - `add_foreign_key` - Add foreign key
@@ -174,7 +185,7 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 - `drop_constraint` - Remove constraint
 - `add_check_constraint` - Add check constraint
 
-### 8. Stored Procedures (6 tools)
+### 9. Stored Procedures (6 tools)
 - `list_stored_procedures` - List procedures
 - `get_stored_procedure_info` - Get procedure details
 - `execute_stored_procedure` - Execute procedures
@@ -182,7 +193,7 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 - `drop_stored_procedure` - Remove procedures
 - `show_create_procedure` - Show CREATE statement
 
-### 9. Views Management (6 tools)
+### 10. Views Management (6 tools)
 - `list_views` - List views
 - `get_view_info` - Get view details
 - `create_view` - Create views
@@ -190,14 +201,14 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 - `drop_view` - Remove views
 - `show_create_view` - Show CREATE statement
 
-### 10. Triggers Management (5 tools)
+### 11. Triggers Management (5 tools)
 - `list_triggers` - List triggers
 - `get_trigger_info` - Get trigger details
 - `create_trigger` - Create triggers
 - `drop_trigger` - Remove triggers
 - `show_create_trigger` - Show CREATE statement
 
-### 11. Table Maintenance (8 tools)
+### 12. Table Maintenance (8 tools)
 - `analyze_table` - Update statistics
 - `optimize_table` - Reclaim space
 - `check_table` - Check for errors
@@ -207,24 +218,24 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
 - `flush_table` - Close/reopen table
 - `get_table_size` - Get size information
 
-### 12. Transaction Management (5 tools)
+### 13. Transaction Management (5 tools)
 - `begin_transaction` - Start transaction
 - `commit_transaction` - Commit transaction
 - `rollback_transaction` - Rollback transaction
 - `get_transaction_status` - Check transaction state
 - `execute_in_transaction` - Execute within transaction
 
-### 13. Query Optimization (3 tools)
+### 14. Query Optimization (3 tools)
 - `analyze_query` - Analyze query performance
 - `get_optimization_hints` - Get optimizer hints
 - `repair_query` - Repair broken SQL queries
 
-### 14. Utilities (5 tools)
+### 15. Utilities (5 tools)
 - `test_connection` - Test connectivity
 - `describe_connection` - Connection info
 - `read_changelog` - Read changelog
-- `invalidate_table_cache` - Clear table cache
 - `cursor_execute_request` - Execute a file-backed request for clients that cannot send MCP arguments
+- `list_all_tools` - Runtime tool catalog with agent guidance
 
 ---
 

package/README.md

@@ -4,7 +4,7 @@
 
 **A production-ready Model Context Protocol (MCP) server for MySQL database integration with AI agents**
 
-**Last Updated:** 2026-05-04 18:07:52
+**Last Updated:** 2026-05-06 22:38:42
 
 [![npm version](https://img.shields.io/npm/v/@berthojoris/mcp-mysql-server)](https://www.npmjs.com/package/@berthojoris/mcp-mysql-server)
 [![npm downloads](https://img.shields.io/npm/dm/@berthojoris/mcp-mysql-server)](https://www.npmjs.com/package/@berthojoris/mcp-mysql-server)
@@ -237,6 +237,14 @@ Set `MYSQL_MCP_CURSOR_REQUEST_FILE` to override the request file path.
 
 ---
 
+### AI Agent Tool Discovery
+
+For Codex, Claude Code CLI, Cursor, Droid CLI, and other MCP agents, call `list_all_tools` first. It returns the live runtime catalog, enabled/disabled status, active permission/category profile, and recommended workflows for schema exploration, safe SELECT queries, CSV exports, transactions, and data changes.
+
+Use `export_table_to_csv` for table-based exports and `export_query_to_csv` for SELECT query exports.
+
+---
+
 ## Permission System
 
 Control database access with a **dual-layer filtering system** that provides both broad and fine-grained control:

package/dist/config/featureConfig.js

@@ -53,7 +53,8 @@ exports.toolCategoryMap = {
     listDatabases: ToolCategory.LIST,
     listTables: ToolCategory.LIST,
     readTableSchema: ToolCategory.LIST,
-    list_all_tools: ToolCategory.LIST,
+    listAllTools: ToolCategory.UTILITY,
+    list_all_tools: ToolCategory.UTILITY,
     // Analysis tools (added here to group with database tools)
     getDatabaseSummary: ToolCategory.LIST,
     getSchemaERD: ToolCategory.LIST,
@@ -194,6 +195,7 @@ exports.toolDocCategoryMap = {
     exportQueryToCsv: DocCategory.UTILITIES,
     export_query_to_csv: DocCategory.UTILITIES,
     read_changelog: DocCategory.UTILITIES,
+    listAllTools: DocCategory.UTILITIES,
     list_all_tools: DocCategory.UTILITIES,
     // Transaction Management
     beginTransaction: DocCategory.TRANSACTION_MANAGEMENT,

package/dist/index.d.ts

@@ -203,7 +203,19 @@ export declare class MySQLMCP {
         data?: any;
         error?: string;
     }>;
-    listAllTools(): Promise<{
+    listAllTools(params?: {
+        tools?: Array<{
+            name: string;
+            description?: string;
+            inputSchema?: any;
+            input_schema?: any;
+            output_schema?: any;
+        }>;
+        enabledToolNames?: string[];
+        accessProfile?: any;
+        serverName?: string;
+        serverVersion?: string;
+    }): Promise<{
         status: string;
         data?: any;
         error?: string;
@@ -315,6 +327,15 @@ export declare class MySQLMCP {
         data?: any;
         error?: string;
     }>;
+    exportQueryToCSV(params: {
+        query: string;
+        params?: any[];
+        include_headers?: boolean;
+    }): Promise<{
+        status: string;
+        data?: any;
+        error?: string;
+    }>;
     repairQuery(params: {
         query: string;
         error_message?: string;

package/dist/index.js

@@ -134,7 +134,7 @@ class MySQLMCP {
             return { status: "error", error: check.error };
         }
         // Additional security check
-        if (!this.security.isReadOnlyQuery(params.query)) {
+        if (!this.security.isReadOnlyQuery(params.query, this.security.hasExecutePermission())) {
             return {
                 status: "error",
                 error: "Only SELECT queries are allowed with run_select_query. Use execute_write_query for other operations.",
@@ -239,12 +239,12 @@ class MySQLMCP {
         }
         return await this.utilityTools.readChangelog(params);
     }
-    async listAllTools() {
+    async listAllTools(params) {
         const check = this.checkToolEnabled("list_all_tools");
         if (!check.enabled) {
             return { status: "error", error: check.error };
         }
-        return await this.utilityTools.listAllTools();
+        return await this.utilityTools.listAllTools(params);
     }
     // Transaction Tools
     async beginTransaction(params) {
@@ -276,7 +276,7 @@ class MySQLMCP {
         return await this.transactionTools.getTransactionStatus();
     }
     async executeInTransaction(params) {
-        const check = this.checkToolEnabled("executeWriteQuery"); // Use executeWriteQuery permission for transaction queries
+        const check = this.checkToolEnabled("executeInTransaction");
         if (!check.enabled) {
             return { status: "error", error: check.error };
         }
@@ -333,6 +333,13 @@ class MySQLMCP {
         }
         return await this.dataExportTools.exportTableToCSV(params);
     }
+    async exportQueryToCSV(params) {
+        const check = this.checkToolEnabled("exportQueryToCSV");
+        if (!check.enabled) {
+            return { status: "error", error: check.error };
+        }
+        return await this.dataExportTools.exportQueryToCSV(params);
+    }
     // AI Productivity Tools
     async repairQuery(params) {
         const check = this.checkToolEnabled("repairQuery");

package/dist/mcp-server.js

@@ -17,6 +17,8 @@ const toolArgumentValidation_js_1 = require("./tools/toolArgumentValidation.js")
 // Layer 2 (Categories): MCP_CATEGORIES (optional, for fine-grained control)
 const permissions = process.env.MCP_PERMISSIONS || process.env.MCP_CONFIG || "";
 const categories = process.env.MCP_CATEGORIES || "";
+const SERVER_NAME = "mysql-mcp-server";
+const SERVER_VERSION = "1.40.7";
 // Declare the MySQL MCP instance (will be initialized in main())
 let mysqlMCP;
 // Define all available tools with their schemas
@@ -1862,8 +1864,8 @@ const TOOLS = [
 ];
 // Create the MCP server
 const server = new index_js_1.Server({
-    name: "mysql-mcp-server",
-    version: "1.40.6",
+    name: SERVER_NAME,
+    version: SERVER_VERSION,
 }, {
     capabilities: {
         tools: {},
@@ -1884,6 +1886,20 @@ const TOOL_METHOD_OVERRIDES = {
     export_query_to_csv: "exportQueryToCSV",
 };
 const toCamelCase = (value) => value.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
+const getRuntimeToolCatalog = () => {
+    const enabledTools = (0, toolRegistry_js_1.getEnabledTools)(mysqlMCP, TOOLS);
+    return {
+        tools: TOOLS.map((tool) => ({
+            name: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema,
+        })),
+        enabledToolNames: enabledTools.map((tool) => tool.name),
+        accessProfile: mysqlMCP.getAccessProfile(),
+        serverName: SERVER_NAME,
+        serverVersion: SERVER_VERSION,
+    };
+};
 const getCursorRequestFilePath = () => {
     const configuredPath = process.env.MYSQL_MCP_CURSOR_REQUEST_FILE ||
         process.env.MCP_MYSQL_REQUEST_FILE ||
@@ -1919,6 +1935,13 @@ const executeToolByName = async (toolName, args = {}) => {
     if (toolName === "cursor_execute_request") {
         throw new Error("cursor_execute_request cannot dispatch to itself");
     }
+    const validation = (0, toolArgumentValidation_js_1.validateToolArguments)(toolName, args);
+    if (!validation.valid) {
+        throw new Error(`Validation Error: ${validation.errors?.join(", ") || "Invalid arguments"}`);
+    }
+    if (toolName === "list_all_tools") {
+        return await mysqlMCP.listAllTools(getRuntimeToolCatalog());
+    }
     const methodName = TOOL_METHOD_OVERRIDES[toolName] || toCamelCase(toolName);
     const method = mysqlMCP[methodName];
     if (typeof method !== "function") {
@@ -2055,7 +2078,7 @@ server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
                 result = await mysqlMCP.testConnection();
                 break;
             case "list_all_tools":
-                result = await mysqlMCP.listAllTools();
+                result = await mysqlMCP.listAllTools(getRuntimeToolCatalog());
                 break;
             case "read_changelog":
                 result = await mysqlMCP.readChangelog((args || {}));
@@ -2102,6 +2125,9 @@ server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
             case "export_table_to_csv":
                 result = await mysqlMCP.exportTableToCSV((args || {}));
                 break;
+            case "export_query_to_csv":
+                result = await mysqlMCP.exportQueryToCSV((args || {}));
+                break;
             // Query Optimization Tools
             case "analyze_query":
                 result = mysqlMCP.analyzeQuery((args || {}));

package/dist/security/securityLayer.d.ts

@@ -71,7 +71,7 @@ export declare class SecurityLayer {
     /**
      * Check if a query is a read-only SELECT query or information query (SHOW, DESCRIBE, etc.)
      */
-    isReadOnlyQuery(query: string): boolean;
+    isReadOnlyQuery(query: string, bypassDangerousCheck?: boolean): boolean;
     /**
      * Check if a query contains dangerous operations
      */

package/dist/security/securityLayer.js

@@ -404,13 +404,13 @@ class SecurityLayer {
     /**
      * Check if a query is a read-only SELECT query or information query (SHOW, DESCRIBE, etc.)
      */
-    isReadOnlyQuery(query) {
+    isReadOnlyQuery(query, bypassDangerousCheck = false) {
         // Check if it's an information query first (SHOW, DESCRIBE, EXPLAIN, etc.)
         if (this.isInformationQuery(query)) {
             return true;
         }
         // Check if it's a SELECT query
-        const validation = this.validateQuery(query);
+        const validation = this.validateQuery(query, bypassDangerousCheck);
         return validation.valid && validation.queryType === "SELECT";
     }
     /**

package/dist/tools/dataExportTools.d.ts

@@ -12,6 +12,8 @@ export declare class DataExportTools {
      * Escape string value for SQL INSERT statements
      */
     private escapeValue;
+    private escapeCsvValue;
+    private rowsToCSV;
     /**
      * Export table data to CSV format
      */
@@ -26,4 +28,13 @@ export declare class DataExportTools {
         data?: any;
         error?: string;
     }>;
+    exportQueryToCSV(queryParams: {
+        query: string;
+        params?: any[];
+        include_headers?: boolean;
+    }): Promise<{
+        status: string;
+        data?: any;
+        error?: string;
+    }>;
 }

package/dist/tools/dataExportTools.js

@@ -62,6 +62,33 @@ class DataExportTools {
             .replace(/\0/g, "\\0");
         return `'${escaped}'`;
     }
+    escapeCsvValue(value) {
+        if (value === null || value === undefined)
+            return "";
+        const normalizedValue = value instanceof Date
+            ? value.toISOString()
+            : Buffer.isBuffer(value)
+                ? value.toString("base64")
+                : String(value);
+        if (/[",\r\n]/.test(normalizedValue)) {
+            return `"${normalizedValue.replace(/"/g, '""')}"`;
+        }
+        return normalizedValue;
+    }
+    rowsToCSV(rows, includeHeaders) {
+        if (rows.length === 0) {
+            return "";
+        }
+        const columns = Object.keys(rows[0]);
+        const csvRows = [];
+        if (includeHeaders) {
+            csvRows.push(columns.map((column) => this.escapeCsvValue(column)).join(","));
+        }
+        for (const row of rows) {
+            csvRows.push(columns.map((column) => this.escapeCsvValue(row[column])).join(","));
+        }
+        return `${csvRows.join("\n")}\n`;
+    }
     /**
      * Export table data to CSV format
      */
@@ -179,33 +206,7 @@ class DataExportTools {
                     },
                 };
             }
-            // Generate CSV
-            let csv = "";
-            // Add headers if requested
-            if (include_headers) {
-                const headers = Object.keys(results[0]).join(",");
-                csv += headers + "\n";
-            }
-            // Add data rows
-            for (const row of results) {
-                const values = Object.values(row)
-                    .map((value) => {
-                    if (value === null)
-                        return "";
-                    if (typeof value === "string") {
-                        // Escape quotes and wrap in quotes if contains comma or newline
-                        if (value.includes(",") ||
-                            value.includes("\n") ||
-                            value.includes('"')) {
-                            return `"${value.replace(/"/g, '""')}"`;
-                        }
-                        return value;
-                    }
-                    return String(value);
-                })
-                    .join(",");
-                csv += values + "\n";
-            }
+            const csv = this.rowsToCSV(results, include_headers);
             return {
                 status: "success",
                 data: {
@@ -221,5 +222,45 @@ class DataExportTools {
             };
         }
     }
+    async exportQueryToCSV(queryParams) {
+        try {
+            const { query, params = [], include_headers = true, } = queryParams;
+            const queryValidation = this.security.validateQuery(query, this.security.hasExecutePermission());
+            if (!queryValidation.valid) {
+                return {
+                    status: "error",
+                    error: `Query validation failed: ${queryValidation.error}`,
+                };
+            }
+            if (queryValidation.queryType !== "SELECT") {
+                return {
+                    status: "error",
+                    error: "export_query_to_csv only accepts SELECT queries.",
+                };
+            }
+            const paramValidation = this.security.validateParameters(params);
+            if (!paramValidation.valid) {
+                return {
+                    status: "error",
+                    error: `Parameter validation failed: ${paramValidation.error}`,
+                };
+            }
+            const results = await this.db.query(query, paramValidation.sanitizedParams, false);
+            const maskedResults = this.security.masking.processResults(results);
+            return {
+                status: "success",
+                data: {
+                    csv: this.rowsToCSV(maskedResults, include_headers),
+                    row_count: maskedResults.length,
+                },
+            };
+        }
+        catch (error) {
+            return {
+                status: "error",
+                error: error.message,
+            };
+        }
+    }
 }
 exports.DataExportTools = DataExportTools;

package/dist/tools/ddlTools.d.ts

@@ -7,6 +7,8 @@ export declare class DdlTools {
      * Sanitize default value for SQL safety
      */
     private sanitizeDefaultValue;
+    private validateColumnType;
+    private validateIdentifier;
     /**
      * Create a new table
      */