@berthojoris/mcp-mysql-server 1.42.0 → 1.42.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/DOCUMENTATIONS.md +5 -5
- package/README.md +2 -2
- package/dist/mcp-server.js +4 -4
- package/dist/security/securityLayer.js +9 -0
- package/dist/tools/queryTools.d.ts +2 -1
- package/dist/tools/queryTools.js +2 -1
- package/dist/tools/utilityTools.js +1 -1
- package/manifest.json +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,19 @@ All notable changes to the MySQL MCP Server will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.42.2] - 2026-05-25
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
- Blocked DELETE SQL in `execute_write_query` and `execute_in_transaction` unless the `delete` permission is explicitly enabled, closing a bypass where `execute` alone could delete data via custom SQL.
|
|
12
|
+
|
|
13
|
+
### Changed
|
|
14
|
+
- Clarified tool and permission documentation: `execute` covers INSERT/UPDATE custom SQL; DELETE requires the separate `delete` permission.
|
|
15
|
+
|
|
16
|
+
## [1.42.1] - 2026-05-11
|
|
17
|
+
|
|
18
|
+
### Changed
|
|
19
|
+
- Bumped patch version metadata to `1.42.1`.
|
|
20
|
+
|
|
8
21
|
## [1.42.0] - 2026-05-11
|
|
9
22
|
|
|
10
23
|
### Added
|
package/DOCUMENTATIONS.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# MySQL MCP Server - Documentation
|
|
2
2
|
|
|
3
|
-
**Last Updated:** 2026-05-11
|
|
4
|
-
**Version:** 1.42.
|
|
3
|
+
**Last Updated:** 2026-05-11 13:33:42
|
|
4
|
+
**Version:** 1.42.1
|
|
5
5
|
**Total Tools:** 85
|
|
6
6
|
|
|
7
7
|
Comprehensive documentation for the MySQL MCP Server. For quick start, see [README.md](README.md).
|
|
@@ -111,8 +111,8 @@ For CSV exports, use `export_table_to_csv` for table-based exports and `export_q
|
|
|
111
111
|
| `read` | Read data | `read_records`, `run_select_query` |
|
|
112
112
|
| `create` | Insert records and seed data | `create_record`, `bulk_insert`, `execute_seed_plan` |
|
|
113
113
|
| `update` | Update records | `update_record`, `bulk_update` |
|
|
114
|
-
| `delete` | Delete records | `delete_record`, `bulk_delete` |
|
|
115
|
-
| `execute` | Custom SQL | `execute_write_query` |
|
|
114
|
+
| `delete` | Delete records | `delete_record`, `bulk_delete`, DELETE via `execute_write_query` (requires both `execute` and `delete`) |
|
|
115
|
+
| `execute` | Custom SQL (INSERT/UPDATE; not DELETE without `delete`) | `execute_write_query` |
|
|
116
116
|
| `ddl` | Schema changes | `create_table`, `alter_table` |
|
|
117
117
|
| `utility` | Utility operations | `test_connection`, `analyze_table` |
|
|
118
118
|
| `transaction` | Transaction management | `begin_transaction`, `commit_transaction` |
|
|
@@ -159,7 +159,7 @@ Tool enabled = (Has Permission) AND (Has Category OR No categories specified)
|
|
|
159
159
|
|
|
160
160
|
### 5. Query Management (3 tools)
|
|
161
161
|
- `run_select_query` - Execute SELECT queries
|
|
162
|
-
- `execute_write_query` - Execute INSERT/UPDATE
|
|
162
|
+
- `execute_write_query` - Execute INSERT/UPDATE (DELETE requires the `delete` permission)
|
|
163
163
|
- `repair_query` - Diagnose and fix SQL errors
|
|
164
164
|
|
|
165
165
|
### 6. Schema Management (4 tools)
|
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
|
|
5
5
|
**A production-ready Model Context Protocol (MCP) server for MySQL database integration with AI agents**
|
|
6
6
|
|
|
7
|
-
**Last Updated:** 2026-05-
|
|
7
|
+
**Last Updated:** 2026-05-25 12:00:00
|
|
8
8
|
|
|
9
9
|
[](https://www.npmjs.com/package/@berthojoris/mcp-mysql-server)
|
|
10
10
|
[](https://www.npmjs.com/package/@berthojoris/mcp-mysql-server)
|
|
@@ -263,7 +263,7 @@ Control database access with a **dual-layer filtering system** that provides bot
|
|
|
263
263
|
| `create` | INSERT new records | Data entry |
|
|
264
264
|
| `update` | UPDATE existing records | Data maintenance |
|
|
265
265
|
| `delete` | DELETE records | Data cleanup |
|
|
266
|
-
| `execute` | Execute custom SQL (
|
|
266
|
+
| `execute` | Execute custom INSERT/UPDATE SQL (DELETE requires `delete` permission too) | Complex write operations |
|
|
267
267
|
| `ddl` | CREATE/ALTER/DROP tables | Schema management |
|
|
268
268
|
| `procedure` | Stored procedures (CREATE/DROP/EXECUTE) | Procedure management |
|
|
269
269
|
| `transaction` | BEGIN, COMMIT, ROLLBACK | ACID operations |
|
package/dist/mcp-server.js
CHANGED
|
@@ -18,7 +18,7 @@ const toolArgumentValidation_js_1 = require("./tools/toolArgumentValidation.js")
|
|
|
18
18
|
const permissions = process.env.MCP_PERMISSIONS || process.env.MCP_CONFIG || "";
|
|
19
19
|
const categories = process.env.MCP_CATEGORIES || "";
|
|
20
20
|
const SERVER_NAME = "mysql-mcp-server";
|
|
21
|
-
const SERVER_VERSION = "1.42.
|
|
21
|
+
const SERVER_VERSION = "1.42.2";
|
|
22
22
|
// Declare the MySQL MCP instance (will be initialized in main())
|
|
23
23
|
let mysqlMCP;
|
|
24
24
|
// Define all available tools with their schemas
|
|
@@ -695,7 +695,7 @@ const TOOLS = [
|
|
|
695
695
|
},
|
|
696
696
|
{
|
|
697
697
|
name: "run_select_query",
|
|
698
|
-
description: "⚡ PRIMARY TOOL FOR SELECT QUERIES. Executes read-only SELECT statements with parameterization, optimizer hints, query caching, and dry-run mode. Supports complex queries with JOINs, subqueries, and aggregations. ⚠️ ONLY for SELECT - use execute_write_query for INSERT/UPDATE
|
|
698
|
+
description: "⚡ PRIMARY TOOL FOR SELECT QUERIES. Executes read-only SELECT statements with parameterization, optimizer hints, query caching, and dry-run mode. Supports complex queries with JOINs, subqueries, and aggregations. ⚠️ ONLY for SELECT - use execute_write_query for INSERT/UPDATE, use execute_ddl for CREATE/ALTER/DROP.",
|
|
699
699
|
inputSchema: {
|
|
700
700
|
type: "object",
|
|
701
701
|
properties: {
|
|
@@ -762,13 +762,13 @@ const TOOLS = [
|
|
|
762
762
|
},
|
|
763
763
|
{
|
|
764
764
|
name: "execute_write_query",
|
|
765
|
-
description: '⚡ PRIMARY TOOL FOR INSERT/UPDATE
|
|
765
|
+
description: '⚡ PRIMARY TOOL FOR INSERT/UPDATE QUERIES. Executes data modification statements with parameterization support. Returns affected row count and execution details. DELETE SQL requires the separate "delete" permission in addition to "execute". ⚠️ NOT for SELECT (use run_select_query), NOT for DDL (use execute_ddl for CREATE/ALTER/DROP/TRUNCATE/RENAME).',
|
|
766
766
|
inputSchema: {
|
|
767
767
|
type: "object",
|
|
768
768
|
properties: {
|
|
769
769
|
query: {
|
|
770
770
|
type: "string",
|
|
771
|
-
description: "SQL query to execute (INSERT
|
|
771
|
+
description: "SQL query to execute (INSERT or UPDATE; DELETE requires the delete permission)",
|
|
772
772
|
},
|
|
773
773
|
params: {
|
|
774
774
|
type: "array",
|
|
@@ -273,6 +273,15 @@ class SecurityLayer {
|
|
|
273
273
|
};
|
|
274
274
|
}
|
|
275
275
|
}
|
|
276
|
+
// DELETE requires explicit delete permission (execute alone is not sufficient)
|
|
277
|
+
if (type === "DELETE") {
|
|
278
|
+
if (!this.featureConfig.isCategoryEnabled(featureConfig_js_1.ToolCategory.DELETE)) {
|
|
279
|
+
return {
|
|
280
|
+
valid: false,
|
|
281
|
+
error: "DELETE operation requires 'delete' permission. Add 'delete' to your permissions configuration, or use delete_record / bulk_delete.",
|
|
282
|
+
};
|
|
283
|
+
}
|
|
284
|
+
}
|
|
276
285
|
return { valid: true, queryType: type };
|
|
277
286
|
}
|
|
278
287
|
}
|
|
@@ -33,7 +33,8 @@ export declare class QueryTools {
|
|
|
33
33
|
*/
|
|
34
34
|
getSuggestedHints(goal: "SPEED" | "MEMORY" | "STABILITY"): QueryHints;
|
|
35
35
|
/**
|
|
36
|
-
* Execute write operations (INSERT, UPDATE
|
|
36
|
+
* Execute write operations (INSERT, UPDATE) with validation.
|
|
37
|
+
* DELETE requires the separate delete permission and is validated in the security layer.
|
|
37
38
|
* Note: DDL operations are blocked by the security layer for safety
|
|
38
39
|
*/
|
|
39
40
|
executeWriteQuery(queryParams: {
|
package/dist/tools/queryTools.js
CHANGED
|
@@ -118,7 +118,8 @@ class QueryTools {
|
|
|
118
118
|
return this.optimizer.getSuggestedHints(goal);
|
|
119
119
|
}
|
|
120
120
|
/**
|
|
121
|
-
* Execute write operations (INSERT, UPDATE
|
|
121
|
+
* Execute write operations (INSERT, UPDATE) with validation.
|
|
122
|
+
* DELETE requires the separate delete permission and is validated in the security layer.
|
|
122
123
|
* Note: DDL operations are blocked by the security layer for safety
|
|
123
124
|
*/
|
|
124
125
|
async executeWriteQuery(queryParams) {
|
|
@@ -377,7 +377,7 @@ class UtilityTools {
|
|
|
377
377
|
selection_rules: [
|
|
378
378
|
"Use get_schema_rag_context before generating SQL to reduce token usage.",
|
|
379
379
|
"Use run_select_query only for SELECT statements.",
|
|
380
|
-
"Use execute_write_query for INSERT
|
|
380
|
+
"Use execute_write_query for INSERT and UPDATE. DELETE requires the delete permission.",
|
|
381
381
|
"Use execute_ddl only for CREATE, ALTER, DROP, TRUNCATE, and RENAME.",
|
|
382
382
|
"Use seed_operations for relational dummy data instead of manually chaining bulk_insert across foreign keys.",
|
|
383
383
|
"Prefer structured tools over raw SQL when possible.",
|
package/manifest.json
CHANGED
package/package.json
CHANGED