@bytebase/dbhub 0.11.1 → 0.11.3

package/README.md

@@ -10,10 +10,18 @@
 </p>
 
 <p align="center">
-  <a href="https://cursor.com/install-mcp?name=dbhub&config=eyJjb21tYW5kIjoibnB4IEBieXRlYmFzZS9kYmh1YiIsImVudiI6eyJUUkFOU1BPUlQiOiJzdGRpbyIsIkRTTiI6InBvc3RncmVzOi8vdXNlcjpwYXNzd29yZEBsb2NhbGhvc3Q6NTQzMi9kYm5hbWU%2Fc3NsbW9kZT1kaXNhYmxlIiwiUkVBRE9OTFkiOiJ0cnVlIn19"><img src="https://cursor.com/deeplink/mcp-install-dark.svg" alt="Add dbhub MCP server to Cursor" height="32" /></a>
   <a href="https://discord.gg/BjEkZpsJzn"><img src="https://img.shields.io/badge/%20-Hang%20out%20on%20Discord-5865F2?style=for-the-badge&logo=discord&labelColor=EEEEEE" alt="Join our Discord" height="32" /></a>
 </p>
 
+<p>
+Add to Cursor by copying the below link to browser
+
+```text
+cursor://anysphere.cursor-deeplink/mcp/install?name=dbhub&config=eyJjb21tYW5kIjoibnB4IEBieXRlYmFzZS9kYmh1YiIsImVudiI6eyJUUkFOU1BPUlQiOiJzdGRpbyIsIkRTTiI6InBvc3RncmVzOi8vdXNlcjpwYXNzd29yZEBsb2NhbGhvc3Q6NTQzMi9kYm5hbWU%2Fc3NsbW9kZT1kaXNhYmxlIiwiUkVBRE9OTFkiOiJ0cnVlIn19
+```
+
+</p>
+
 DBHub is a universal database gateway implementing the Model Context Protocol (MCP) server interface. This gateway allows MCP-compatible clients to connect to and explore different databases.
 
 ```bash
@@ -159,7 +167,14 @@ Check https://docs.anthropic.com/en/docs/claude-code/mcp
 
 ### Cursor
 
-[![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/install-mcp?name=dbhub&config=eyJjb21tYW5kIjoibnB4IEBieXRlYmFzZS9kYmh1YiIsImVudiI6eyJUUkFOU1BPUlQiOiJzdGRpbyIsIkRTTiI6InBvc3RncmVzOi8vdXNlcjpwYXNzd29yZEBsb2NhbGhvc3Q6NTQzMi9kYm5hbWU%2Fc3NsbW9kZT1kaXNhYmxlIiwiUkVBRE9OTFkiOiJ0cnVlIn19)
+<p>
+Add to Cursor by copying the below link to browser
+
+```text
+cursor://anysphere.cursor-deeplink/mcp/install?name=dbhub&config=eyJjb21tYW5kIjoibnB4IEBieXRlYmFzZS9kYmh1YiIsImVudiI6eyJUUkFOU1BPUlQiOiJzdGRpbyIsIkRTTiI6InBvc3RncmVzOi8vdXNlcjpwYXNzd29yZEBsb2NhbGhvc3Q6NTQzMi9kYm5hbWU%2Fc3NsbW9kZT1kaXNhYmxlIiwiUkVBRE9OTFkiOiJ0cnVlIn19
+```
+
+</p>
 
 ![cursor](https://raw.githubusercontent.com/bytebase/dbhub/main/resources/images/cursor.webp)
 
@@ -181,6 +196,18 @@ In read-only mode, only [readonly SQL operations](https://github.com/bytebase/db
 
 This provides an additional layer of security when connecting to production databases.
 
+### Row Limiting
+
+You can limit the number of rows returned from SELECT queries using the `--max-rows` parameter. This helps prevent accidentally retrieving too much data from large tables:
+
+```bash
+# Limit SELECT queries to return at most 1000 rows
+npx @bytebase/dbhub --dsn "postgres://user:password@localhost:5432/dbname" --max-rows 1000
+```
+
+- Row limiting is only applied to SELECT statements, not INSERT/UPDATE/DELETE
+- If your query already has a `LIMIT` or `TOP` clause, DBHub uses the smaller value
+
 ### SSL Connections
 
 You can specify the SSL mode using the `sslmode` parameter in your DSN string:
@@ -353,6 +380,7 @@ Extra query parameters:
 | transport      | `TRANSPORT`          | Transport mode: `stdio` or `http`                                | `stdio`                      |
 | port           | `PORT`               | HTTP server port (only applicable when using `--transport=http`) | `8080`                       |
 | readonly       | `READONLY`           | Restrict SQL execution to read-only operations                   | `false`                      |
+| max-rows       | N/A                  | Limit the number of rows returned from SELECT queries            | No limit                     |
 | demo           | N/A                  | Run in demo mode with sample employee database                   | `false`                      |
 | ssh-host       | `SSH_HOST`           | SSH server hostname for tunnel connection                        | N/A                          |
 | ssh-port       | `SSH_PORT`           | SSH server port                                                  | `22`                         |

package/dist/index.js

@@ -185,6 +185,97 @@ function obfuscateDSNPassword(dsn) {
   }
 }
 
+// src/utils/sql-row-limiter.ts
+var SQLRowLimiter = class {
+  /**
+   * Check if a SQL statement is a SELECT query that can benefit from row limiting
+   * Only handles SELECT queries
+   */
+  static isSelectQuery(sql2) {
+    const trimmed = sql2.trim().toLowerCase();
+    return trimmed.startsWith("select");
+  }
+  /**
+   * Check if a SQL statement already has a LIMIT clause
+   */
+  static hasLimitClause(sql2) {
+    const limitRegex = /\blimit\s+\d+/i;
+    return limitRegex.test(sql2);
+  }
+  /**
+   * Check if a SQL statement already has a TOP clause (SQL Server)
+   */
+  static hasTopClause(sql2) {
+    const topRegex = /\bselect\s+top\s+\d+/i;
+    return topRegex.test(sql2);
+  }
+  /**
+   * Extract existing LIMIT value from SQL if present
+   */
+  static extractLimitValue(sql2) {
+    const limitMatch = sql2.match(/\blimit\s+(\d+)/i);
+    if (limitMatch) {
+      return parseInt(limitMatch[1], 10);
+    }
+    return null;
+  }
+  /**
+   * Extract existing TOP value from SQL if present (SQL Server)
+   */
+  static extractTopValue(sql2) {
+    const topMatch = sql2.match(/\bselect\s+top\s+(\d+)/i);
+    if (topMatch) {
+      return parseInt(topMatch[1], 10);
+    }
+    return null;
+  }
+  /**
+   * Add or modify LIMIT clause in a SQL statement
+   */
+  static applyLimitToQuery(sql2, maxRows) {
+    const existingLimit = this.extractLimitValue(sql2);
+    if (existingLimit !== null) {
+      const effectiveLimit = Math.min(existingLimit, maxRows);
+      return sql2.replace(/\blimit\s+\d+/i, `LIMIT ${effectiveLimit}`);
+    } else {
+      const trimmed = sql2.trim();
+      const hasSemicolon = trimmed.endsWith(";");
+      const sqlWithoutSemicolon = hasSemicolon ? trimmed.slice(0, -1) : trimmed;
+      return `${sqlWithoutSemicolon} LIMIT ${maxRows}${hasSemicolon ? ";" : ""}`;
+    }
+  }
+  /**
+   * Add or modify TOP clause in a SQL statement (SQL Server)
+   */
+  static applyTopToQuery(sql2, maxRows) {
+    const existingTop = this.extractTopValue(sql2);
+    if (existingTop !== null) {
+      const effectiveTop = Math.min(existingTop, maxRows);
+      return sql2.replace(/\bselect\s+top\s+\d+/i, `SELECT TOP ${effectiveTop}`);
+    } else {
+      return sql2.replace(/\bselect\s+/i, `SELECT TOP ${maxRows} `);
+    }
+  }
+  /**
+   * Apply maxRows limit to a SELECT query only
+   */
+  static applyMaxRows(sql2, maxRows) {
+    if (!maxRows || !this.isSelectQuery(sql2)) {
+      return sql2;
+    }
+    return this.applyLimitToQuery(sql2, maxRows);
+  }
+  /**
+   * Apply maxRows limit to a SELECT query using SQL Server TOP syntax
+   */
+  static applyMaxRowsForSQLServer(sql2, maxRows) {
+    if (!maxRows || !this.isSelectQuery(sql2)) {
+      return sql2;
+    }
+    return this.applyTopToQuery(sql2, maxRows);
+  }
+};
+
 // src/connectors/postgres/index.ts
 var { Pool } = pg;
 var PostgresDSNParser = class {
@@ -494,7 +585,7 @@ var PostgresConnector = class {
       client.release();
     }
   }
-  async executeSQL(sql2) {
+  async executeSQL(sql2, options) {
     if (!this.pool) {
       throw new Error("Not connected to database");
     }
@@ -502,13 +593,15 @@ var PostgresConnector = class {
     try {
       const statements = sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
       if (statements.length === 1) {
-        return await client.query(statements[0]);
+        const processedStatement = SQLRowLimiter.applyMaxRows(statements[0], options.maxRows);
+        return await client.query(processedStatement);
       } else {
         let allRows = [];
         await client.query("BEGIN");
         try {
-          for (const statement of statements) {
-            const result = await client.query(statement);
+          for (let statement of statements) {
+            const processedStatement = SQLRowLimiter.applyMaxRows(statement, options.maxRows);
+            const result = await client.query(processedStatement);
             if (result.rows && result.rows.length > 0) {
               allRows.push(...result.rows);
             }
@@ -858,12 +951,16 @@ var SQLServerConnector = class {
       throw new Error(`Failed to get stored procedure details: ${error.message}`);
     }
   }
-  async executeSQL(sql2) {
+  async executeSQL(sql2, options) {
     if (!this.connection) {
       throw new Error("Not connected to SQL Server database");
     }
     try {
-      const result = await this.connection.request().query(sql2);
+      let processedSQL = sql2;
+      if (options.maxRows) {
+        processedSQL = SQLRowLimiter.applyMaxRowsForSQLServer(sql2, options.maxRows);
+      }
+      const result = await this.connection.request().query(processedSQL);
       return {
         rows: result.recordset || [],
         fields: result.recordset && result.recordset.length > 0 ? Object.keys(result.recordset[0]).map((key) => ({
@@ -1074,20 +1171,24 @@ var SQLiteConnector = class {
       "SQLite does not support stored procedures. Functions are defined programmatically through the SQLite API, not stored in the database."
     );
   }
-  async executeSQL(sql2) {
+  async executeSQL(sql2, options) {
     if (!this.db) {
       throw new Error("Not connected to SQLite database");
     }
     try {
       const statements = sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
       if (statements.length === 1) {
+        let processedStatement = statements[0];
         const trimmedStatement = statements[0].toLowerCase().trim();
         const isReadStatement = trimmedStatement.startsWith("select") || trimmedStatement.startsWith("with") || trimmedStatement.startsWith("explain") || trimmedStatement.startsWith("analyze") || trimmedStatement.startsWith("pragma") && (trimmedStatement.includes("table_info") || trimmedStatement.includes("index_info") || trimmedStatement.includes("index_list") || trimmedStatement.includes("foreign_key_list"));
+        if (options.maxRows) {
+          processedStatement = SQLRowLimiter.applyMaxRows(processedStatement, options.maxRows);
+        }
         if (isReadStatement) {
-          const rows = this.db.prepare(statements[0]).all();
+          const rows = this.db.prepare(processedStatement).all();
           return { rows };
         } else {
-          this.db.prepare(statements[0]).run();
+          this.db.prepare(processedStatement).run();
           return { rows: [] };
         }
       } else {
@@ -1105,7 +1206,8 @@ var SQLiteConnector = class {
           this.db.exec(writeStatements.join("; "));
         }
         let allRows = [];
-        for (const statement of readStatements) {
+        for (let statement of readStatements) {
+          statement = SQLRowLimiter.applyMaxRows(statement, options.maxRows);
           const result = this.db.prepare(statement).all();
           allRows.push(...result);
         }
@@ -1467,18 +1569,29 @@ var MySQLConnector = class {
     const [rows] = await this.pool.query("SELECT DATABASE() AS DB");
     return rows[0].DB;
   }
-  async executeSQL(sql2) {
+  async executeSQL(sql2, options) {
     if (!this.pool) {
       throw new Error("Not connected to database");
     }
     try {
-      const results = await this.pool.query(sql2);
+      let processedSQL = sql2;
+      if (options.maxRows) {
+        const statements = sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
+        const processedStatements = statements.map(
+          (statement) => SQLRowLimiter.applyMaxRows(statement, options.maxRows)
+        );
+        processedSQL = processedStatements.join("; ");
+        if (sql2.trim().endsWith(";")) {
+          processedSQL += ";";
+        }
+      }
+      const results = await this.pool.query(processedSQL);
       const [firstResult] = results;
-      if (Array.isArray(firstResult) && firstResult.length > 0 && Array.isArray(firstResult[0]) && firstResult[0].length === 2) {
+      if (Array.isArray(firstResult) && firstResult.length > 0 && Array.isArray(firstResult[0])) {
         let allRows = [];
-        for (const [rows, _fields] of firstResult) {
-          if (Array.isArray(rows)) {
-            allRows.push(...rows);
+        for (const result of firstResult) {
+          if (Array.isArray(result)) {
+            allRows.push(...result);
           }
         }
         return { rows: allRows };
@@ -1845,12 +1958,23 @@ var MariaDBConnector = class {
     const rows = await this.pool.query("SELECT DATABASE() AS DB");
     return rows[0].DB;
   }
-  async executeSQL(sql2) {
+  async executeSQL(sql2, options) {
     if (!this.pool) {
       throw new Error("Not connected to database");
     }
     try {
-      const results = await this.pool.query(sql2);
+      let processedSQL = sql2;
+      if (options.maxRows) {
+        const statements = sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
+        const processedStatements = statements.map(
+          (statement) => SQLRowLimiter.applyMaxRows(statement, options.maxRows)
+        );
+        processedSQL = processedStatements.join("; ");
+        if (sql2.trim().endsWith(";")) {
+          processedSQL += ";";
+        }
+      }
+      const results = await this.pool.query(processedSQL);
       if (Array.isArray(results)) {
         if (results.length > 0 && Array.isArray(results[0]) && results[0].length > 0) {
           let allRows = [];
@@ -2031,6 +2155,7 @@ import dotenv from "dotenv";
 import path from "path";
 import fs from "fs";
 import { fileURLToPath } from "url";
+import { homedir as homedir2 } from "os";
 
 // src/utils/ssh-config-parser.ts
 import { readFileSync as readFileSync2, existsSync } from "fs";
@@ -2065,7 +2190,7 @@ function findDefaultSSHKey() {
   return void 0;
 }
 function parseSSHConfig(hostAlias, configPath) {
-  const sshConfigPath = configPath || join(homedir(), ".ssh", "config");
+  const sshConfigPath = configPath;
   if (!existsSync(sshConfigPath)) {
     return null;
   }
@@ -2218,6 +2343,17 @@ function resolveTransport() {
   }
   return { type: "stdio", source: "default" };
 }
+function resolveMaxRows() {
+  const args = parseCommandLineArgs();
+  if (args["max-rows"]) {
+    const maxRows = parseInt(args["max-rows"], 10);
+    if (isNaN(maxRows) || maxRows <= 0) {
+      throw new Error(`Invalid --max-rows value: ${args["max-rows"]}. Must be a positive integer.`);
+    }
+    return { maxRows, source: "command line argument" };
+  }
+  return null;
+}
 function resolvePort() {
   const args = parseCommandLineArgs();
   if (args.port) {
@@ -2260,7 +2396,9 @@ function resolveSSHConfig() {
     sources.push("SSH_HOST from environment");
   }
   if (sshConfigHost && looksLikeSSHAlias(sshConfigHost)) {
-    const sshConfigData = parseSSHConfig(sshConfigHost);
+    const sshConfigPath = path.join(homedir2(), ".ssh", "config");
+    console.error(`Attempting to parse SSH config for host '${sshConfigHost}' from: ${sshConfigPath}`);
+    const sshConfigData = parseSSHConfig(sshConfigHost, sshConfigPath);
     if (sshConfigData) {
       config = { ...sshConfigData };
       sources.push(`SSH config for host '${sshConfigHost}'`);
@@ -2327,9 +2465,15 @@ var ConnectorManager = class {
     this.connected = false;
     this.sshTunnel = null;
     this.originalDSN = null;
+    this.maxRows = null;
     if (!managerInstance) {
       managerInstance = this;
     }
+    const maxRowsData = resolveMaxRows();
+    if (maxRowsData) {
+      this.maxRows = maxRowsData.maxRows;
+      console.error(`Max rows limit: ${this.maxRows} (from ${maxRowsData.source})`);
+    }
   }
   /**
    * Initialize and connect to the database using a DSN
@@ -2425,6 +2569,26 @@ var ConnectorManager = class {
     }
     return managerInstance.getConnector();
   }
+  /**
+   * Get execute options for SQL execution
+   */
+  getExecuteOptions() {
+    const options = {};
+    if (this.maxRows !== null) {
+      options.maxRows = this.maxRows;
+    }
+    return options;
+  }
+  /**
+   * Get the current execute options
+   * This is used by tool handlers
+   */
+  static getCurrentExecuteOptions() {
+    if (!managerInstance) {
+      throw new Error("ConnectorManager not initialized");
+    }
+    return managerInstance.getExecuteOptions();
+  }
   /**
    * Get default port for a database based on DSN protocol
    */
@@ -2844,9 +3008,20 @@ var executeSqlSchema = {
 function splitSQLStatements(sql2) {
   return sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
 }
+function stripSQLComments(sql2) {
+  let cleaned = sql2.split("\n").map((line) => {
+    const commentIndex = line.indexOf("--");
+    return commentIndex >= 0 ? line.substring(0, commentIndex) : line;
+  }).join("\n");
+  cleaned = cleaned.replace(/\/\*[\s\S]*?\*\//g, " ");
+  return cleaned.trim();
+}
 function isReadOnlySQL(sql2, connectorType) {
-  const normalizedSQL = sql2.trim().toLowerCase();
-  const firstWord = normalizedSQL.split(/\s+/)[0];
+  const cleanedSQL = stripSQLComments(sql2).toLowerCase();
+  if (!cleanedSQL) {
+    return true;
+  }
+  const firstWord = cleanedSQL.split(/\s+/)[0];
   const keywordList = allowedKeywords[connectorType] || allowedKeywords.default || [];
   return keywordList.includes(firstWord);
 }
@@ -2856,6 +3031,7 @@ function areAllStatementsReadOnly(sql2, connectorType) {
 }
 async function executeSqlToolHandler({ sql: sql2 }, _extra) {
   const connector = ConnectorManager.getCurrentConnector();
+  const executeOptions = ConnectorManager.getCurrentExecuteOptions();
   try {
     if (isReadOnlyMode() && !areAllStatementsReadOnly(sql2, connector.id)) {
       return createToolErrorResponse(
@@ -2863,7 +3039,7 @@ async function executeSqlToolHandler({ sql: sql2 }, _extra) {
         "READONLY_VIOLATION"
       );
     }
-    const result = await connector.executeSQL(sql2);
+    const result = await connector.executeSQL(sql2, executeOptions);
     const responseData = {
       rows: result.rows,
       count: result.rows.length

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bytebase/dbhub",
-  "version": "0.11.1",
+  "version": "0.11.3",
   "description": "Universal Database MCP Server",
   "main": "dist/index.js",
   "type": "module",