@bytebase/dbhub 0.13.1 → 0.14.0

package/README.md

@@ -32,12 +32,11 @@
 
 DBHub is a Minimal Database MCP Server implementing the Model Context Protocol (MCP) server interface. This lightweight gateway allows MCP-compatible clients to connect to and explore different databases:
 
-- **Minimal Design**: Just two general MCP tools (execute_sql, search_objects) for token-efficient operations, plus support for custom tools
-- **Multi-Database Support**: Single interface for PostgreSQL, MySQL, MariaDB, SQL Server, and SQLite
+- **Token Efficient**: Just two general MCP tools (execute_sql, search_objects) to minimize context window usage, plus support for custom tools
+- **Multi-Database**: Single interface for PostgreSQL, MySQL, MariaDB, SQL Server, and SQLite
 - **Secure Access**: Read-only mode, SSH tunneling, and SSL/TLS encryption support
 - **Multiple Connections**: Connect to multiple databases simultaneously with TOML configuration
 - **Production-Ready**: Row limiting, lock timeout control, and connection pooling
-- **MCP Native**: Full implementation of Model Context Protocol with comprehensive tools
 
 ## Supported Databases
 
@@ -72,13 +71,13 @@ docker run --rm --init \
 **NPM:**
 
 ```bash
-npx @bytebase/dbhub --transport http --port 8080 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
+npx @bytebase/dbhub@latest --transport http --port 8080 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
 ```
 
 **Demo Mode:**
 
 ```bash
-npx @bytebase/dbhub --transport http --port 8080 --demo
+npx @bytebase/dbhub@latest --transport http --port 8080 --demo
 ```
 
 See [Server Options](https://dbhub.ai/config/server-options) for all available parameters.
@@ -91,31 +90,18 @@ See [Multi-Database Configuration](https://dbhub.ai/config/multi-database) for c
 
 ## Development
 
-1. Install dependencies:
-
-   ```bash
-   pnpm install
-   ```
-
-1. Run in development mode:
-
-   ```bash
-   pnpm dev
-   ```
-
-1. Build for production:
-   ```bash
-   pnpm build
-   pnpm start --transport stdio --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
-   ```
-
-### Testing
+```bash
+# Install dependencies
+pnpm install
 
-See [TESTING.md](.claude/skills/testing/SKILL.md).
+# Run in development mode
+pnpm dev
 
-### Debug
+# Build and run for production
+pnpm build && pnpm start --transport stdio --dsn "postgres://user:password@localhost:5432/dbname"
+```
 
-See [Debug](https://dbhub.ai/config/debug).
+See [Testing](.claude/skills/testing/SKILL.md) and [Debug](https://dbhub.ai/config/debug).
 
 ## Contributors
 

package/dist/{chunk-KBVJEDZF.js → chunk-WGDSRFBW.js}

@@ -62,161 +62,11 @@ var ConnectorRegistry = _ConnectorRegistry;
 
 // src/utils/ssh-tunnel.ts
 import { Client } from "ssh2";
-import { readFileSync } from "fs";
+import { readFileSync as readFileSync2 } from "fs";
 import { createServer } from "net";
-var SSHTunnel = class {
-  constructor() {
-    this.sshClient = null;
-    this.localServer = null;
-    this.tunnelInfo = null;
-    this.isConnected = false;
-  }
-  /**
-   * Establish an SSH tunnel
-   * @param config SSH connection configuration
-   * @param options Tunnel options including target host and port
-   * @returns Promise resolving to tunnel information including local port
-   */
-  async establish(config, options) {
-    if (this.isConnected) {
-      throw new Error("SSH tunnel is already established");
-    }
-    return new Promise((resolve, reject) => {
-      this.sshClient = new Client();
-      const sshConfig = {
-        host: config.host,
-        port: config.port || 22,
-        username: config.username
-      };
-      if (config.password) {
-        sshConfig.password = config.password;
-      } else if (config.privateKey) {
-        try {
-          const privateKey = readFileSync(config.privateKey);
-          sshConfig.privateKey = privateKey;
-          if (config.passphrase) {
-            sshConfig.passphrase = config.passphrase;
-          }
-        } catch (error) {
-          reject(new Error(`Failed to read private key file: ${error instanceof Error ? error.message : String(error)}`));
-          return;
-        }
-      } else {
-        reject(new Error("Either password or privateKey must be provided for SSH authentication"));
-        return;
-      }
-      this.sshClient.on("error", (err) => {
-        this.cleanup();
-        reject(new Error(`SSH connection error: ${err.message}`));
-      });
-      this.sshClient.on("ready", () => {
-        console.error("SSH connection established");
-        this.localServer = createServer((localSocket) => {
-          this.sshClient.forwardOut(
-            "127.0.0.1",
-            0,
-            options.targetHost,
-            options.targetPort,
-            (err, stream) => {
-              if (err) {
-                console.error("SSH forward error:", err);
-                localSocket.end();
-                return;
-              }
-              localSocket.pipe(stream).pipe(localSocket);
-              stream.on("error", (err2) => {
-                console.error("SSH stream error:", err2);
-                localSocket.end();
-              });
-              localSocket.on("error", (err2) => {
-                console.error("Local socket error:", err2);
-                stream.end();
-              });
-            }
-          );
-        });
-        const localPort = options.localPort || 0;
-        this.localServer.listen(localPort, "127.0.0.1", () => {
-          const address = this.localServer.address();
-          if (!address || typeof address === "string") {
-            this.cleanup();
-            reject(new Error("Failed to get local server address"));
-            return;
-          }
-          this.tunnelInfo = {
-            localPort: address.port,
-            targetHost: options.targetHost,
-            targetPort: options.targetPort
-          };
-          this.isConnected = true;
-          console.error(`SSH tunnel established: localhost:${address.port} -> ${options.targetHost}:${options.targetPort}`);
-          resolve(this.tunnelInfo);
-        });
-        this.localServer.on("error", (err) => {
-          this.cleanup();
-          reject(new Error(`Local server error: ${err.message}`));
-        });
-      });
-      this.sshClient.connect(sshConfig);
-    });
-  }
-  /**
-   * Close the SSH tunnel and clean up resources
-   */
-  async close() {
-    if (!this.isConnected) {
-      return;
-    }
-    return new Promise((resolve) => {
-      this.cleanup();
-      this.isConnected = false;
-      console.error("SSH tunnel closed");
-      resolve();
-    });
-  }
-  /**
-   * Clean up resources
-   */
-  cleanup() {
-    if (this.localServer) {
-      this.localServer.close();
-      this.localServer = null;
-    }
-    if (this.sshClient) {
-      this.sshClient.end();
-      this.sshClient = null;
-    }
-    this.tunnelInfo = null;
-  }
-  /**
-   * Get current tunnel information
-   */
-  getTunnelInfo() {
-    return this.tunnelInfo;
-  }
-  /**
-   * Check if tunnel is connected
-   */
-  getIsConnected() {
-    return this.isConnected;
-  }
-};
-
-// src/config/toml-loader.ts
-import fs2 from "fs";
-import path2 from "path";
-import { homedir as homedir3 } from "os";
-import toml from "@iarna/toml";
-
-// src/config/env.ts
-import dotenv from "dotenv";
-import path from "path";
-import fs from "fs";
-import { fileURLToPath } from "url";
-import { homedir as homedir2 } from "os";
 
 // src/utils/ssh-config-parser.ts
-import { readFileSync as readFileSync2, existsSync } from "fs";
+import { readFileSync, realpathSync, statSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 import SSHConfig from "ssh-config";
@@ -232,28 +82,38 @@ function expandTilde(filePath) {
   }
   return filePath;
 }
-function fileExists(filePath) {
+function resolveSymlink(filePath) {
+  const expandedPath = expandTilde(filePath);
   try {
-    return existsSync(expandTilde(filePath));
+    return realpathSync(expandedPath);
+  } catch {
+    return expandedPath;
+  }
+}
+function isFile(filePath) {
+  try {
+    const stat = statSync(filePath);
+    return stat.isFile();
   } catch {
     return false;
   }
 }
 function findDefaultSSHKey() {
   for (const keyPath of DEFAULT_SSH_KEYS) {
-    if (fileExists(keyPath)) {
-      return expandTilde(keyPath);
+    const resolvedPath = resolveSymlink(keyPath);
+    if (isFile(resolvedPath)) {
+      return resolvedPath;
     }
   }
   return void 0;
 }
 function parseSSHConfig(hostAlias, configPath) {
-  const sshConfigPath = configPath;
-  if (!existsSync(sshConfigPath)) {
+  const sshConfigPath = resolveSymlink(configPath);
+  if (!isFile(sshConfigPath)) {
     return null;
   }
   try {
-    const configContent = readFileSync2(sshConfigPath, "utf8");
+    const configContent = readFileSync(sshConfigPath, "utf8");
     const config = SSHConfig.parse(configContent);
     const hostConfig = config.compute(hostAlias);
     if (!hostConfig || !hostConfig.HostName && !hostConfig.User) {
@@ -273,9 +133,9 @@ function parseSSHConfig(hostAlias, configPath) {
     }
     if (hostConfig.IdentityFile) {
       const identityFile = Array.isArray(hostConfig.IdentityFile) ? hostConfig.IdentityFile[0] : hostConfig.IdentityFile;
-      const expandedPath = expandTilde(identityFile);
-      if (fileExists(expandedPath)) {
-        sshConfig.privateKey = expandedPath;
+      const resolvedPath = resolveSymlink(identityFile);
+      if (isFile(resolvedPath)) {
+        sshConfig.privateKey = resolvedPath;
       }
     }
     if (!sshConfig.privateKey) {
@@ -284,8 +144,11 @@ function parseSSHConfig(hostAlias, configPath) {
         sshConfig.privateKey = defaultKey;
       }
     }
-    if (hostConfig.ProxyJump || hostConfig.ProxyCommand) {
-      console.error("Warning: ProxyJump/ProxyCommand in SSH config is not yet supported by DBHub");
+    if (hostConfig.ProxyJump) {
+      sshConfig.proxyJump = hostConfig.ProxyJump;
+    }
+    if (hostConfig.ProxyCommand) {
+      console.error("Warning: ProxyCommand in SSH config is not supported by DBHub. Use ProxyJump instead.");
     }
     if (!sshConfig.host || !sshConfig.username) {
       return null;
@@ -308,6 +171,332 @@ function looksLikeSSHAlias(host) {
   }
   return true;
 }
+function validatePort(port, jumpHostStr) {
+  if (isNaN(port) || port <= 0 || port > 65535) {
+    throw new Error(`Invalid port number in "${jumpHostStr}": port must be between 1 and 65535`);
+  }
+}
+function parseJumpHost(jumpHostStr) {
+  let username;
+  let host;
+  let port = 22;
+  let remaining = jumpHostStr.trim();
+  if (!remaining) {
+    throw new Error("Jump host string cannot be empty");
+  }
+  const atIndex = remaining.indexOf("@");
+  if (atIndex !== -1) {
+    const extractedUsername = remaining.substring(0, atIndex).trim();
+    if (extractedUsername) {
+      username = extractedUsername;
+    }
+    remaining = remaining.substring(atIndex + 1);
+  }
+  if (remaining.startsWith("[")) {
+    const closeBracket = remaining.indexOf("]");
+    if (closeBracket !== -1) {
+      host = remaining.substring(1, closeBracket);
+      const afterBracket = remaining.substring(closeBracket + 1);
+      if (afterBracket.startsWith(":")) {
+        const parsedPort = parseInt(afterBracket.substring(1), 10);
+        validatePort(parsedPort, jumpHostStr);
+        port = parsedPort;
+      }
+    } else {
+      throw new Error(`Invalid ProxyJump host "${jumpHostStr}": missing closing bracket in IPv6 address`);
+    }
+  } else {
+    const lastColon = remaining.lastIndexOf(":");
+    if (lastColon !== -1) {
+      const potentialPort = remaining.substring(lastColon + 1);
+      if (/^\d+$/.test(potentialPort)) {
+        host = remaining.substring(0, lastColon);
+        const parsedPort = parseInt(potentialPort, 10);
+        validatePort(parsedPort, jumpHostStr);
+        port = parsedPort;
+      } else {
+        host = remaining;
+      }
+    } else {
+      host = remaining;
+    }
+  }
+  if (!host) {
+    throw new Error(`Invalid jump host format: "${jumpHostStr}" - host cannot be empty`);
+  }
+  return { host, port, username };
+}
+function parseJumpHosts(proxyJump) {
+  if (!proxyJump || proxyJump.trim() === "" || proxyJump.toLowerCase() === "none") {
+    return [];
+  }
+  return proxyJump.split(",").map((s) => s.trim()).filter((s) => s.length > 0).map(parseJumpHost);
+}
+
+// src/utils/ssh-tunnel.ts
+var SSHTunnel = class {
+  constructor() {
+    this.sshClients = [];
+    // All SSH clients in the chain
+    this.localServer = null;
+    this.tunnelInfo = null;
+    this.isConnected = false;
+  }
+  /**
+   * Establish an SSH tunnel, optionally through jump hosts (ProxyJump).
+   * @param config SSH connection configuration
+   * @param options Tunnel options including target host and port
+   * @returns Promise resolving to tunnel information including local port
+   */
+  async establish(config, options) {
+    if (this.isConnected) {
+      throw new Error("SSH tunnel is already established");
+    }
+    this.isConnected = true;
+    try {
+      const jumpHosts = config.proxyJump ? parseJumpHosts(config.proxyJump) : [];
+      let privateKeyBuffer;
+      if (config.privateKey) {
+        try {
+          const resolvedKeyPath = resolveSymlink(config.privateKey);
+          privateKeyBuffer = readFileSync2(resolvedKeyPath);
+        } catch (error) {
+          throw new Error(`Failed to read private key file: ${error instanceof Error ? error.message : String(error)}`);
+        }
+      }
+      if (!config.password && !privateKeyBuffer) {
+        throw new Error("Either password or privateKey must be provided for SSH authentication");
+      }
+      const finalClient = await this.establishChain(jumpHosts, config, privateKeyBuffer);
+      return await this.createLocalTunnel(finalClient, options);
+    } catch (error) {
+      this.cleanup();
+      throw error;
+    }
+  }
+  /**
+   * Establish a chain of SSH connections through jump hosts.
+   * @returns The final SSH client connected to the target host
+   */
+  async establishChain(jumpHosts, targetConfig, privateKey) {
+    let previousStream;
+    for (let i = 0; i < jumpHosts.length; i++) {
+      const jumpHost = jumpHosts[i];
+      const nextHost = i + 1 < jumpHosts.length ? jumpHosts[i + 1] : { host: targetConfig.host, port: targetConfig.port || 22 };
+      let client = null;
+      let forwardStream;
+      try {
+        client = await this.connectToHost(
+          {
+            host: jumpHost.host,
+            port: jumpHost.port,
+            username: jumpHost.username || targetConfig.username
+          },
+          targetConfig.password,
+          privateKey,
+          targetConfig.passphrase,
+          previousStream,
+          `jump host ${i + 1}`
+        );
+        console.error(`  \u2192 Forwarding through ${jumpHost.host}:${jumpHost.port} to ${nextHost.host}:${nextHost.port}`);
+        forwardStream = await this.forwardTo(client, nextHost.host, nextHost.port);
+      } catch (error) {
+        if (client) {
+          try {
+            client.end();
+          } catch {
+          }
+        }
+        throw error;
+      }
+      this.sshClients.push(client);
+      previousStream = forwardStream;
+    }
+    const finalClient = await this.connectToHost(
+      {
+        host: targetConfig.host,
+        port: targetConfig.port || 22,
+        username: targetConfig.username
+      },
+      targetConfig.password,
+      privateKey,
+      targetConfig.passphrase,
+      previousStream,
+      jumpHosts.length > 0 ? "target host" : void 0
+    );
+    this.sshClients.push(finalClient);
+    return finalClient;
+  }
+  /**
+   * Connect to a single SSH host.
+   */
+  connectToHost(hostInfo, password, privateKey, passphrase, sock, label) {
+    return new Promise((resolve, reject) => {
+      const client = new Client();
+      const sshConfig = {
+        host: hostInfo.host,
+        port: hostInfo.port,
+        username: hostInfo.username
+      };
+      if (password) {
+        sshConfig.password = password;
+      }
+      if (privateKey) {
+        sshConfig.privateKey = privateKey;
+        if (passphrase) {
+          sshConfig.passphrase = passphrase;
+        }
+      }
+      if (sock) {
+        sshConfig.sock = sock;
+      }
+      const onError = (err) => {
+        client.removeListener("ready", onReady);
+        client.destroy();
+        reject(new Error(`SSH connection error${label ? ` (${label})` : ""}: ${err.message}`));
+      };
+      const onReady = () => {
+        client.removeListener("error", onError);
+        const desc = label || `${hostInfo.host}:${hostInfo.port}`;
+        console.error(`SSH connection established: ${desc}`);
+        resolve(client);
+      };
+      client.on("error", onError);
+      client.on("ready", onReady);
+      client.connect(sshConfig);
+    });
+  }
+  /**
+   * Forward a connection through an SSH client to a target host.
+   */
+  forwardTo(client, targetHost, targetPort) {
+    return new Promise((resolve, reject) => {
+      client.forwardOut("127.0.0.1", 0, targetHost, targetPort, (err, stream) => {
+        if (err) {
+          reject(new Error(`SSH forward error: ${err.message}`));
+          return;
+        }
+        resolve(stream);
+      });
+    });
+  }
+  /**
+   * Create the local server that tunnels connections to the database.
+   */
+  createLocalTunnel(sshClient, options) {
+    return new Promise((resolve, reject) => {
+      let settled = false;
+      this.localServer = createServer((localSocket) => {
+        sshClient.forwardOut(
+          "127.0.0.1",
+          0,
+          options.targetHost,
+          options.targetPort,
+          (err, stream) => {
+            if (err) {
+              console.error("SSH forward error:", err);
+              localSocket.end();
+              return;
+            }
+            localSocket.pipe(stream).pipe(localSocket);
+            stream.on("error", (err2) => {
+              console.error("SSH stream error:", err2);
+              localSocket.end();
+            });
+            localSocket.on("error", (err2) => {
+              console.error("Local socket error:", err2);
+              stream.end();
+            });
+          }
+        );
+      });
+      this.localServer.on("error", (err) => {
+        if (!settled) {
+          settled = true;
+          reject(new Error(`Local server error: ${err.message}`));
+        } else {
+          console.error("Local server error after tunnel established:", err);
+          this.cleanup();
+        }
+      });
+      const localPort = options.localPort || 0;
+      this.localServer.listen(localPort, "127.0.0.1", () => {
+        const address = this.localServer.address();
+        if (!address || typeof address === "string") {
+          if (!settled) {
+            settled = true;
+            reject(new Error("Failed to get local server address"));
+          }
+          return;
+        }
+        this.tunnelInfo = {
+          localPort: address.port,
+          targetHost: options.targetHost,
+          targetPort: options.targetPort
+        };
+        console.error(`SSH tunnel established: localhost:${address.port} \u2192 ${options.targetHost}:${options.targetPort}`);
+        settled = true;
+        resolve(this.tunnelInfo);
+      });
+    });
+  }
+  /**
+   * Close the SSH tunnel and clean up resources
+   */
+  async close() {
+    if (!this.isConnected) {
+      return;
+    }
+    return new Promise((resolve) => {
+      this.cleanup();
+      console.error("SSH tunnel closed");
+      resolve();
+    });
+  }
+  /**
+   * Clean up resources. Closes all SSH clients in reverse order (innermost first).
+   */
+  cleanup() {
+    if (this.localServer) {
+      this.localServer.close();
+      this.localServer = null;
+    }
+    for (let i = this.sshClients.length - 1; i >= 0; i--) {
+      try {
+        this.sshClients[i].end();
+      } catch {
+      }
+    }
+    this.sshClients = [];
+    this.tunnelInfo = null;
+    this.isConnected = false;
+  }
+  /**
+   * Get current tunnel information
+   */
+  getTunnelInfo() {
+    return this.tunnelInfo;
+  }
+  /**
+   * Check if tunnel is connected
+   */
+  getIsConnected() {
+    return this.isConnected;
+  }
+};
+
+// src/config/toml-loader.ts
+import fs2 from "fs";
+import path2 from "path";
+import { homedir as homedir3 } from "os";
+import toml from "@iarna/toml";
+
+// src/config/env.ts
+import dotenv from "dotenv";
+import path from "path";
+import fs from "fs";
+import { fileURLToPath } from "url";
+import { homedir as homedir2 } from "os";
 
 // src/utils/safe-url.ts
 var SafeURL = class {
@@ -815,6 +1004,13 @@ function resolveSSHConfig() {
     config.passphrase = process.env.SSH_PASSPHRASE;
     sources.push("SSH_PASSPHRASE from environment");
   }
+  if (args["ssh-proxy-jump"]) {
+    config.proxyJump = args["ssh-proxy-jump"];
+    sources.push("ssh-proxy-jump from command line");
+  } else if (process.env.SSH_PROXY_JUMP) {
+    config.proxyJump = process.env.SSH_PROXY_JUMP;
+    sources.push("SSH_PROXY_JUMP from environment");
+  }
   if (!config.host || !config.username) {
     throw new Error("SSH tunnel configuration requires at least --ssh-host and --ssh-user");
   }
@@ -917,8 +1113,13 @@ function loadTomlConfig() {
   try {
     const fileContent = fs2.readFileSync(configPath, "utf-8");
     const parsedToml = toml.parse(fileContent);
-    validateTomlConfig(parsedToml, configPath);
+    if (!Array.isArray(parsedToml.sources)) {
+      throw new Error(
+        `Configuration file ${configPath}: must contain a [[sources]] array. Use [[sources]] syntax for array of tables in TOML.`
+      );
+    }
     const sources = processSourceConfigs(parsedToml.sources, configPath);
+    validateTomlConfig({ ...parsedToml, sources }, configPath);
     return {
       sources,
       tools: parsedToml.tools,
@@ -960,11 +1161,6 @@ id = "my_db"
 dsn = "postgres://..."`
     );
   }
-  if (!Array.isArray(config.sources)) {
-    throw new Error(
-      `Configuration file ${configPath}: 'sources' must be an array. Use [[sources]] syntax for array of tables in TOML.`
-    );
-  }
   if (config.sources.length === 0) {
     throw new Error(
       `Configuration file ${configPath}: sources array cannot be empty. Please define at least one source with [[sources]].`
@@ -1081,10 +1277,10 @@ function validateSourceConfig(source, configPath) {
       );
     }
   }
-  if (source.request_timeout !== void 0) {
-    if (typeof source.request_timeout !== "number" || source.request_timeout <= 0) {
+  if (source.query_timeout !== void 0) {
+    if (typeof source.query_timeout !== "number" || source.query_timeout <= 0) {
       throw new Error(
-        `Configuration file ${configPath}: source '${source.id}' has invalid request_timeout. Must be a positive number (in seconds).`
+        `Configuration file ${configPath}: source '${source.id}' has invalid query_timeout. Must be a positive number (in seconds).`
       );
     }
   }
@@ -1095,6 +1291,54 @@ function validateSourceConfig(source, configPath) {
       );
     }
   }
+  if (source.sslmode !== void 0) {
+    if (source.type === "sqlite") {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has sslmode but SQLite does not support SSL. Remove the sslmode field for SQLite sources.`
+      );
+    }
+    const validSslModes = ["disable", "require"];
+    if (!validSslModes.includes(source.sslmode)) {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has invalid sslmode '${source.sslmode}'. Valid values: ${validSslModes.join(", ")}`
+      );
+    }
+  }
+  if (source.authentication !== void 0) {
+    if (source.type !== "sqlserver") {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has authentication but it is only supported for SQL Server.`
+      );
+    }
+    const validAuthMethods = ["ntlm", "azure-active-directory-access-token"];
+    if (!validAuthMethods.includes(source.authentication)) {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has invalid authentication '${source.authentication}'. Valid values: ${validAuthMethods.join(", ")}`
+      );
+    }
+    if (source.authentication === "ntlm" && !source.domain) {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' uses NTLM authentication but 'domain' is not specified.`
+      );
+    }
+  }
+  if (source.domain !== void 0) {
+    if (source.type !== "sqlserver") {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has domain but it is only supported for SQL Server.`
+      );
+    }
+    if (source.authentication === void 0) {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has domain but authentication is not set. Add authentication = "ntlm" to use Windows domain authentication.`
+      );
+    }
+    if (source.authentication !== "ntlm") {
+      throw new Error(
+        `Configuration file ${configPath}: source '${source.id}' has domain but authentication is set to '${source.authentication}'. Domain is only valid with authentication = "ntlm".`
+      );
+    }
+  }
 }
 function processSourceConfigs(sources, configPath) {
   return sources.map((source) => {
@@ -1154,9 +1398,15 @@ function buildDSNFromSource(source) {
     }
     return `sqlite:///${source.database}`;
   }
-  if (!source.host || !source.user || !source.password || !source.database) {
+  const passwordRequired = source.authentication !== "azure-active-directory-access-token";
+  if (!source.host || !source.user || !source.database) {
     throw new Error(
-      `Source '${source.id}': missing required connection parameters. Required: type, host, user, password, database`
+      `Source '${source.id}': missing required connection parameters. Required: type, host, user, database`
+    );
+  }
+  if (passwordRequired && !source.password) {
+    throw new Error(
+      `Source '${source.id}': password is required. (Password is optional only for azure-active-directory-access-token authentication)`
     );
   }
   const port = source.port || getDefaultPortForType(source.type);
@@ -1164,11 +1414,26 @@ function buildDSNFromSource(source) {
     throw new Error(`Source '${source.id}': unable to determine port`);
   }
   const encodedUser = encodeURIComponent(source.user);
-  const encodedPassword = encodeURIComponent(source.password);
+  const encodedPassword = source.password ? encodeURIComponent(source.password) : "";
   const encodedDatabase = encodeURIComponent(source.database);
   let dsn = `${source.type}://${encodedUser}:${encodedPassword}@${source.host}:${port}/${encodedDatabase}`;
-  if (source.type === "sqlserver" && source.instanceName) {
-    dsn += `?instanceName=${encodeURIComponent(source.instanceName)}`;
+  const queryParams = [];
+  if (source.type === "sqlserver") {
+    if (source.instanceName) {
+      queryParams.push(`instanceName=${encodeURIComponent(source.instanceName)}`);
+    }
+    if (source.authentication) {
+      queryParams.push(`authentication=${encodeURIComponent(source.authentication)}`);
+    }
+    if (source.domain) {
+      queryParams.push(`domain=${encodeURIComponent(source.domain)}`);
+    }
+  }
+  if (source.sslmode && source.type !== "sqlite") {
+    queryParams.push(`sslmode=${source.sslmode}`);
+  }
+  if (queryParams.length > 0) {
+    dsn += `?${queryParams.join("&")}`;
   }
   return dsn;
 }
@@ -1197,6 +1462,7 @@ var ConnectorManager = class {
     if (sources.length === 0) {
       throw new Error("No sources provided");
     }
+    console.error(`Connecting to ${sources.length} database source(s)...`);
     for (const source of sources) {
       await this.connectSource(source);
     }
@@ -1207,6 +1473,7 @@ var ConnectorManager = class {
   async connectSource(source) {
     const sourceId = source.id;
     const dsn = buildDSNFromSource(source);
+    console.error(`  - ${sourceId}: ${redactDSN(dsn)}`);
     let actualDSN = dsn;
     if (source.ssh_host) {
       if (!source.ssh_user) {
@@ -1220,7 +1487,8 @@ var ConnectorManager = class {
         username: source.ssh_user,
         password: source.ssh_password,
         privateKey: source.ssh_key,
-        passphrase: source.ssh_passphrase
+        passphrase: source.ssh_passphrase,
+        proxyJump: source.ssh_proxy_jump
       };
       if (!sshConfig.password && !sshConfig.privateKey) {
         throw new Error(
@@ -1255,8 +1523,8 @@ var ConnectorManager = class {
     if (source.connection_timeout !== void 0) {
       config.connectionTimeoutSeconds = source.connection_timeout;
     }
-    if (connector.id === "sqlserver" && source.request_timeout !== void 0) {
-      config.requestTimeoutSeconds = source.request_timeout;
+    if (source.query_timeout !== void 0 && connector.id !== "sqlite") {
+      config.queryTimeoutSeconds = source.query_timeout;
     }
     if (source.readonly !== void 0) {
       config.readonly = source.readonly;
@@ -1812,11 +2080,9 @@ export {
   isDemoMode,
   resolveTransport,
   resolvePort,
-  redactDSN,
   resolveSourceConfigs,
   BUILTIN_TOOL_EXECUTE_SQL,
   BUILTIN_TOOL_SEARCH_OBJECTS,
-  buildDSNFromSource,
   ConnectorManager,
   mapArgumentsToArray,
   ToolRegistry,

package/dist/index.js

@@ -5,7 +5,6 @@ import {
   ConnectorManager,
   ConnectorRegistry,
   SafeURL,
-  buildDSNFromSource,
   getDatabaseTypeFromDSN,
   getDefaultPortForType,
   getToolRegistry,
@@ -13,12 +12,11 @@ import {
   mapArgumentsToArray,
   obfuscateDSNPassword,
   parseConnectionInfoFromDSN,
-  redactDSN,
   resolvePort,
   resolveSourceConfigs,
   resolveTransport,
   stripCommentsAndStrings
-} from "./chunk-KBVJEDZF.js";
+} from "./chunk-WGDSRFBW.js";
 
 // src/connectors/postgres/index.ts
 import pg from "pg";
@@ -148,6 +146,7 @@ var { Pool } = pg;
 var PostgresDSNParser = class {
   async parse(dsn, config) {
     const connectionTimeoutSeconds = config?.connectionTimeoutSeconds;
+    const queryTimeoutSeconds = config?.queryTimeoutSeconds;
     if (!this.isValidDSN(dsn)) {
       const obfuscatedDSN = obfuscateDSNPassword(dsn);
       const expectedFormat = this.getSampleDSN();
@@ -159,7 +158,7 @@ Expected: ${expectedFormat}`
     }
     try {
       const url = new SafeURL(dsn);
-      const config2 = {
+      const poolConfig = {
         host: url.hostname,
         port: url.port ? parseInt(url.port) : 5432,
         database: url.pathname ? url.pathname.substring(1) : "",
@@ -170,18 +169,21 @@ Expected: ${expectedFormat}`
       url.forEachSearchParam((value, key) => {
         if (key === "sslmode") {
           if (value === "disable") {
-            config2.ssl = false;
+            poolConfig.ssl = false;
           } else if (value === "require") {
-            config2.ssl = { rejectUnauthorized: false };
+            poolConfig.ssl = { rejectUnauthorized: false };
           } else {
-            config2.ssl = true;
+            poolConfig.ssl = true;
           }
         }
       });
       if (connectionTimeoutSeconds !== void 0) {
-        config2.connectionTimeoutMillis = connectionTimeoutSeconds * 1e3;
+        poolConfig.connectionTimeoutMillis = connectionTimeoutSeconds * 1e3;
       }
-      return config2;
+      if (queryTimeoutSeconds !== void 0) {
+        poolConfig.query_timeout = queryTimeoutSeconds * 1e3;
+      }
+      return poolConfig;
     } catch (error) {
       throw new Error(
         `Failed to parse PostgreSQL DSN: ${error instanceof Error ? error.message : String(error)}`
@@ -521,7 +523,7 @@ import { DefaultAzureCredential } from "@azure/identity";
 var SQLServerDSNParser = class {
   async parse(dsn, config) {
     const connectionTimeoutSeconds = config?.connectionTimeoutSeconds;
-    const requestTimeoutSeconds = config?.requestTimeoutSeconds;
+    const queryTimeoutSeconds = config?.queryTimeoutSeconds;
     if (!this.isValidDSN(dsn)) {
       const obfuscatedDSN = obfuscateDSNPassword(dsn);
       const expectedFormat = this.getSampleDSN();
@@ -541,8 +543,16 @@ Expected: ${expectedFormat}`
           options.sslmode = value;
         } else if (key === "instanceName") {
           options.instanceName = value;
+        } else if (key === "domain") {
+          options.domain = value;
         }
       });
+      if (options.authentication === "ntlm" && !options.domain) {
+        throw new Error("NTLM authentication requires 'domain' parameter");
+      }
+      if (options.domain && options.authentication !== "ntlm") {
+        throw new Error("Parameter 'domain' requires 'authentication=ntlm'");
+      }
       if (options.sslmode) {
         if (options.sslmode === "disable") {
           options.encrypt = false;
@@ -553,8 +563,6 @@ Expected: ${expectedFormat}`
         }
       }
       const config2 = {
-        user: url.username,
-        password: url.password,
         server: url.hostname,
         port: url.port ? parseInt(url.port) : 1433,
         // Default SQL Server port
@@ -567,27 +575,44 @@ Expected: ${expectedFormat}`
           ...connectionTimeoutSeconds !== void 0 && {
             connectTimeout: connectionTimeoutSeconds * 1e3
           },
-          ...requestTimeoutSeconds !== void 0 && {
-            requestTimeout: requestTimeoutSeconds * 1e3
+          ...queryTimeoutSeconds !== void 0 && {
+            requestTimeout: queryTimeoutSeconds * 1e3
           },
           instanceName: options.instanceName
           // Add named instance support
         }
       };
-      if (options.authentication === "azure-active-directory-access-token") {
-        try {
-          const credential = new DefaultAzureCredential();
-          const token = await credential.getToken("https://database.windows.net/");
+      switch (options.authentication) {
+        case "azure-active-directory-access-token": {
+          try {
+            const credential = new DefaultAzureCredential();
+            const token = await credential.getToken("https://database.windows.net/");
+            config2.authentication = {
+              type: "azure-active-directory-access-token",
+              options: {
+                token: token.token
+              }
+            };
+          } catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            throw new Error(`Failed to get Azure AD token: ${errorMessage}`);
+          }
+          break;
+        }
+        case "ntlm":
           config2.authentication = {
-            type: "azure-active-directory-access-token",
+            type: "ntlm",
             options: {
-              token: token.token
+              domain: options.domain,
+              userName: url.username,
+              password: url.password
             }
           };
-        } catch (error) {
-          const errorMessage = error instanceof Error ? error.message : String(error);
-          throw new Error(`Failed to get Azure AD token: ${errorMessage}`);
-        }
+          break;
+        default:
+          config2.user = url.username;
+          config2.password = url.password;
+          break;
       }
       return config2;
     } catch (error) {
@@ -1327,6 +1352,16 @@ Expected: ${expectedFormat}`
       if (connectionTimeoutSeconds !== void 0) {
         config2.connectTimeout = connectionTimeoutSeconds * 1e3;
       }
+      if (url.password && url.password.includes("X-Amz-Credential")) {
+        config2.authPlugins = {
+          mysql_clear_password: () => () => {
+            return Buffer.from(url.password + "\0");
+          }
+        };
+        if (config2.ssl === void 0) {
+          config2.ssl = { rejectUnauthorized: false };
+        }
+      }
       return config2;
     } catch (error) {
       throw new Error(
@@ -1364,6 +1399,9 @@ var MySQLConnector = class _MySQLConnector {
     try {
       const connectionOptions = await this.dsnParser.parse(dsn, config);
       this.pool = mysql.createPool(connectionOptions);
+      if (config?.queryTimeoutSeconds !== void 0) {
+        this.queryTimeoutMs = config.queryTimeoutSeconds * 1e3;
+      }
       const [rows] = await this.pool.query("SELECT 1");
     } catch (err) {
       console.error("Failed to connect to MySQL database:", err);
@@ -1666,7 +1704,7 @@ var MySQLConnector = class _MySQLConnector {
       let results;
       if (parameters && parameters.length > 0) {
         try {
-          results = await conn.query(processedSQL, parameters);
+          results = await conn.query({ sql: processedSQL, timeout: this.queryTimeoutMs }, parameters);
         } catch (error) {
           console.error(`[MySQL executeSQL] ERROR: ${error.message}`);
           console.error(`[MySQL executeSQL] SQL: ${processedSQL}`);
@@ -1674,7 +1712,7 @@ var MySQLConnector = class _MySQLConnector {
           throw error;
         }
       } else {
-        results = await conn.query(processedSQL);
+        results = await conn.query({ sql: processedSQL, timeout: this.queryTimeoutMs });
       }
       const [firstResult] = results;
       const rows = parseQueryResults(firstResult);
@@ -1695,6 +1733,7 @@ import mariadb from "mariadb";
 var MariadbDSNParser = class {
   async parse(dsn, config) {
     const connectionTimeoutSeconds = config?.connectionTimeoutSeconds;
+    const queryTimeoutSeconds = config?.queryTimeoutSeconds;
     if (!this.isValidDSN(dsn)) {
       const obfuscatedDSN = obfuscateDSNPassword(dsn);
       const expectedFormat = this.getSampleDSN();
@@ -1706,7 +1745,7 @@ Expected: ${expectedFormat}`
     }
     try {
       const url = new SafeURL(dsn);
-      const config2 = {
+      const connectionConfig = {
         host: url.hostname,
         port: url.port ? parseInt(url.port) : 3306,
         database: url.pathname ? url.pathname.substring(1) : "",
@@ -1717,20 +1756,28 @@ Expected: ${expectedFormat}`
         // Enable native multi-statement support
         ...connectionTimeoutSeconds !== void 0 && {
           connectTimeout: connectionTimeoutSeconds * 1e3
+        },
+        ...queryTimeoutSeconds !== void 0 && {
+          queryTimeout: queryTimeoutSeconds * 1e3
         }
       };
       url.forEachSearchParam((value, key) => {
         if (key === "sslmode") {
           if (value === "disable") {
-            config2.ssl = void 0;
+            connectionConfig.ssl = void 0;
           } else if (value === "require") {
-            config2.ssl = { rejectUnauthorized: false };
+            connectionConfig.ssl = { rejectUnauthorized: false };
           } else {
-            config2.ssl = {};
+            connectionConfig.ssl = {};
           }
         }
       });
-      return config2;
+      if (url.password && url.password.includes("X-Amz-Credential")) {
+        if (connectionConfig.ssl === void 0) {
+          connectionConfig.ssl = { rejectUnauthorized: false };
+        }
+      }
+      return connectionConfig;
     } catch (error) {
       throw new Error(
         `Failed to parse MariaDB DSN: ${error instanceof Error ? error.message : String(error)}`
@@ -2229,7 +2276,7 @@ function getClientIdentifier(extra) {
 
 // src/tools/execute-sql.ts
 var executeSqlSchema = {
-  sql: z.string().describe("SQL query or multiple SQL statements to execute (separated by semicolons)")
+  sql: z.string().describe("SQL to execute (multiple statements separated by ;)")
 };
 function splitSQLStatements(sql2) {
   return sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
@@ -2291,12 +2338,12 @@ function createExecuteSqlToolHandler(sourceId) {
 // src/tools/search-objects.ts
 import { z as z2 } from "zod";
 var searchDatabaseObjectsSchema = {
-  object_type: z2.enum(["schema", "table", "column", "procedure", "index"]).describe("Type of database object to search for"),
-  pattern: z2.string().optional().default("%").describe("Search pattern (SQL LIKE syntax: % for wildcard, _ for single char). Case-insensitive. Defaults to '%' (match all)."),
-  schema: z2.string().optional().describe("Filter results to a specific schema/database (exact match)"),
-  table: z2.string().optional().describe("Filter to a specific table (exact match). Requires schema parameter. Only applies to columns and indexes."),
-  detail_level: z2.enum(["names", "summary", "full"]).default("names").describe("Level of detail to return: names (minimal), summary (with metadata), full (complete structure)"),
-  limit: z2.number().int().positive().max(1e3).default(100).describe("Maximum number of results to return (default: 100, max: 1000)")
+  object_type: z2.enum(["schema", "table", "column", "procedure", "index"]).describe("Object type to search"),
+  pattern: z2.string().optional().default("%").describe("LIKE pattern (% = any chars, _ = one char). Default: %"),
+  schema: z2.string().optional().describe("Filter to schema"),
+  table: z2.string().optional().describe("Filter to table (requires schema; column/index only)"),
+  detail_level: z2.enum(["names", "summary", "full"]).default("names").describe("Detail: names (minimal), summary (metadata), full (all)"),
+  limit: z2.number().int().positive().max(1e3).default(100).describe("Max results (default: 100, max: 1000)")
 };
 function likePatternToRegex(pattern) {
   const escaped = pattern.replace(/[.*+?^${}()|[\]\\]/g, "\\$&").replace(/%/g, ".*").replace(/_/g, ".");
@@ -2686,12 +2733,12 @@ function getExecuteSqlMetadata(sourceId) {
   const sourceConfig = ConnectorManager.getSourceConfig(sourceId);
   const executeOptions = ConnectorManager.getCurrentExecuteOptions(sourceId);
   const dbType = sourceConfig.type;
-  const toolName = sourceId === "default" ? "execute_sql" : `execute_sql_${normalizeSourceId(sourceId)}`;
-  const isDefault = sourceIds[0] === sourceId;
-  const title = isDefault ? `Execute SQL (${dbType})` : `Execute SQL on ${sourceId} (${dbType})`;
+  const isSingleSource = sourceIds.length === 1;
+  const toolName = isSingleSource ? "execute_sql" : `execute_sql_${normalizeSourceId(sourceId)}`;
+  const title = isSingleSource ? `Execute SQL (${dbType})` : `Execute SQL on ${sourceId} (${dbType})`;
   const readonlyNote = executeOptions.readonly ? " [READ-ONLY MODE]" : "";
   const maxRowsNote = executeOptions.maxRows ? ` (limited to ${executeOptions.maxRows} rows)` : "";
-  const description = `Execute SQL queries on the '${sourceId}' ${dbType} database${isDefault ? " (default)" : ""}${readonlyNote}${maxRowsNote}`;
+  const description = isSingleSource ? `Execute SQL queries on the ${dbType} database${readonlyNote}${maxRowsNote}` : `Execute SQL queries on the '${sourceId}' ${dbType} database${readonlyNote}${maxRowsNote}`;
   const isReadonly = executeOptions.readonly === true;
   const annotations = {
     title,
@@ -2711,10 +2758,14 @@ function getExecuteSqlMetadata(sourceId) {
     annotations
   };
 }
-function getSearchObjectsMetadata(sourceId, dbType, isDefault) {
-  const toolName = sourceId === "default" ? "search_objects" : `search_objects_${normalizeSourceId(sourceId)}`;
-  const title = isDefault ? `Search Database Objects (${dbType})` : `Search Database Objects on ${sourceId} (${dbType})`;
-  const description = `Search and list database objects (schemas, tables, columns, procedures, indexes) on the '${sourceId}' ${dbType} database${isDefault ? " (default)" : ""}. Supports SQL LIKE patterns (default: '%' for all), filtering, and token-efficient progressive disclosure.`;
+function getSearchObjectsMetadata(sourceId) {
+  const sourceIds = ConnectorManager.getAvailableSourceIds();
+  const sourceConfig = ConnectorManager.getSourceConfig(sourceId);
+  const dbType = sourceConfig.type;
+  const isSingleSource = sourceIds.length === 1;
+  const toolName = isSingleSource ? "search_objects" : `search_objects_${normalizeSourceId(sourceId)}`;
+  const title = isSingleSource ? `Search Database Objects (${dbType})` : `Search Database Objects on ${sourceId} (${dbType})`;
+  const description = isSingleSource ? `Search and list database objects (schemas, tables, columns, procedures, indexes) on the ${dbType} database` : `Search and list database objects (schemas, tables, columns, procedures, indexes) on the '${sourceId}' ${dbType} database`;
   return {
     name: toolName,
     description,
@@ -2742,11 +2793,7 @@ function buildExecuteSqlTool(sourceId) {
   };
 }
 function buildSearchObjectsTool(sourceId) {
-  const sourceConfig = ConnectorManager.getSourceConfig(sourceId);
-  const dbType = sourceConfig.type;
-  const sourceIds = ConnectorManager.getAvailableSourceIds();
-  const isDefault = sourceIds[0] === sourceId;
-  const searchMetadata = getSearchObjectsMetadata(sourceId, dbType, isDefault);
+  const searchMetadata = getSearchObjectsMetadata(sourceId);
   return {
     name: searchMetadata.name,
     description: searchMetadata.description,
@@ -2755,31 +2802,37 @@ function buildSearchObjectsTool(sourceId) {
         name: "object_type",
         type: "string",
         required: true,
-        description: "Type of database object to search for (schema, table, column, procedure, index)"
+        description: "Object type to search"
       },
       {
         name: "pattern",
         type: "string",
         required: false,
-        description: "Search pattern (SQL LIKE syntax: % for wildcard, _ for single char). Case-insensitive. Defaults to '%' (match all)."
+        description: "LIKE pattern (% = any chars, _ = one char). Default: %"
       },
       {
         name: "schema",
         type: "string",
         required: false,
-        description: "Filter results to a specific schema/database"
+        description: "Filter to schema"
+      },
+      {
+        name: "table",
+        type: "string",
+        required: false,
+        description: "Filter to table (requires schema; column/index only)"
       },
       {
         name: "detail_level",
         type: "string",
         required: false,
-        description: "Level of detail to return: names (minimal), summary (with metadata), full (complete structure). Defaults to 'names'."
+        description: "Detail: names (minimal), summary (metadata), full (all)"
       },
       {
         name: "limit",
         type: "integer",
         required: false,
-        description: "Maximum number of results to return (default: 100, max: 1000)"
+        description: "Max results (default: 100, max: 1000)"
       }
     ]
   };
@@ -2925,21 +2978,18 @@ function registerTools(server) {
   const registry = getToolRegistry();
   for (const sourceId of sourceIds) {
     const enabledTools = registry.getEnabledToolConfigs(sourceId);
-    const sourceConfig = ConnectorManager.getSourceConfig(sourceId);
-    const dbType = sourceConfig.type;
-    const isDefault = sourceIds[0] === sourceId;
     for (const toolConfig of enabledTools) {
       if (toolConfig.name === BUILTIN_TOOL_EXECUTE_SQL) {
-        registerExecuteSqlTool(server, sourceId, dbType);
+        registerExecuteSqlTool(server, sourceId);
       } else if (toolConfig.name === BUILTIN_TOOL_SEARCH_OBJECTS) {
-        registerSearchObjectsTool(server, sourceId, dbType, isDefault);
+        registerSearchObjectsTool(server, sourceId);
       } else {
-        registerCustomTool(server, toolConfig, dbType);
+        registerCustomTool(server, sourceId, toolConfig);
       }
     }
   }
 }
-function registerExecuteSqlTool(server, sourceId, dbType) {
+function registerExecuteSqlTool(server, sourceId) {
   const metadata = getExecuteSqlMetadata(sourceId);
   server.registerTool(
     metadata.name,
@@ -2951,8 +3001,8 @@ function registerExecuteSqlTool(server, sourceId, dbType) {
     createExecuteSqlToolHandler(sourceId)
   );
 }
-function registerSearchObjectsTool(server, sourceId, dbType, isDefault) {
-  const metadata = getSearchObjectsMetadata(sourceId, dbType, isDefault);
+function registerSearchObjectsTool(server, sourceId) {
+  const metadata = getSearchObjectsMetadata(sourceId);
   server.registerTool(
     metadata.name,
     {
@@ -2969,7 +3019,9 @@ function registerSearchObjectsTool(server, sourceId, dbType, isDefault) {
     createSearchDatabaseObjectsToolHandler(sourceId)
   );
 }
-function registerCustomTool(server, toolConfig, dbType) {
+function registerCustomTool(server, sourceId, toolConfig) {
+  const sourceConfig = ConnectorManager.getSourceConfig(sourceId);
+  const dbType = sourceConfig.type;
   const isReadOnly = isReadOnlySQL(toolConfig.statement, dbType);
   const zodSchema = buildZodSchemaFromParameters(toolConfig.parameters);
   server.registerTool(
@@ -2991,7 +3043,7 @@ function registerCustomTool(server, toolConfig, dbType) {
 }
 
 // src/api/sources.ts
-function transformSourceConfig(source, isDefault) {
+function transformSourceConfig(source) {
   if (!source.type && source.dsn) {
     const inferredType = getDatabaseTypeFromDSN(source.dsn);
     if (inferredType) {
@@ -3003,8 +3055,7 @@ function transformSourceConfig(source, isDefault) {
   }
   const dataSource = {
     id: source.id,
-    type: source.type,
-    is_default: isDefault
+    type: source.type
   };
   if (source.host) {
     dataSource.host = source.host;
@@ -3043,9 +3094,8 @@ function transformSourceConfig(source, isDefault) {
 function listSources(req, res) {
   try {
     const sourceConfigs = ConnectorManager.getAllSourceConfigs();
-    const sources = sourceConfigs.map((config, index) => {
-      const isDefault = index === 0;
-      return transformSourceConfig(config, isDefault);
+    const sources = sourceConfigs.map((config) => {
+      return transformSourceConfig(config);
     });
     res.json(sources);
   } catch (error) {
@@ -3059,7 +3109,6 @@ function listSources(req, res) {
 function getSource(req, res) {
   try {
     const sourceId = req.params.sourceId;
-    const sourceIds = ConnectorManager.getAvailableSourceIds();
     const sourceConfig = ConnectorManager.getSourceConfig(sourceId);
     if (!sourceConfig) {
       const errorResponse = {
@@ -3069,8 +3118,7 @@ function getSource(req, res) {
       res.status(404).json(errorResponse);
       return;
     }
-    const isDefault = sourceIds[0] === sourceId;
-    const dataSource = transformSourceConfig(sourceConfig, isDefault);
+    const dataSource = transformSourceConfig(sourceConfig);
     res.json(dataSource);
   } catch (error) {
     console.error(`Error getting source ${req.params.sourceId}:`, error);
@@ -3265,13 +3313,8 @@ See documentation for more details on configuring database connections.
     const connectorManager = new ConnectorManager();
     const sources = sourceConfigsData.sources;
     console.error(`Configuration source: ${sourceConfigsData.source}`);
-    console.error(`Connecting to ${sources.length} database source(s)...`);
-    for (const source of sources) {
-      const dsn = source.dsn || buildDSNFromSource(source);
-      console.error(`  - ${source.id}: ${redactDSN(dsn)}`);
-    }
     await connectorManager.connectWithSources(sources);
-    const { initializeToolRegistry } = await import("./registry-AWAIN6WO.js");
+    const { initializeToolRegistry } = await import("./registry-FVGT25UH.js");
     initializeToolRegistry({
       sources: sourceConfigsData.sources,
       tools: sourceConfigsData.tools
@@ -3365,9 +3408,9 @@ See documentation for more details on configuring database connections.
           console.error("   Backend API: http://localhost:8080");
           console.error("");
         } else {
-          console.error(`Admin console at http://0.0.0.0:${port}/`);
+          console.error(`Admin console at http://localhost:${port}/`);
         }
-        console.error(`MCP server endpoint at http://0.0.0.0:${port}/mcp`);
+        console.error(`MCP server endpoint at http://localhost:${port}/mcp`);
       });
     } else {
       const server = createServer();

package/dist/{registry-AWAIN6WO.js → registry-FVGT25UH.js}

@@ -2,7 +2,7 @@ import {
   ToolRegistry,
   getToolRegistry,
   initializeToolRegistry
-} from "./chunk-KBVJEDZF.js";
+} from "./chunk-WGDSRFBW.js";
 export {
   ToolRegistry,
   getToolRegistry,

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@bytebase/dbhub",
-  "version": "0.13.1",
+  "version": "0.14.0",
   "mcpName": "io.github.bytebase/dbhub",
-  "description": "Minimal Database MCP Server for PostgreSQL, MySQL, SQL Server, SQLite, MariaDB",
+  "description": "Minimal, token-efficient Database MCP Server for PostgreSQL, MySQL, SQL Server, SQLite, MariaDB",
   "repository": {
     "type": "git",
     "url": "https://github.com/bytebase/dbhub.git"
@@ -38,7 +38,7 @@
   "dependencies": {
     "@azure/identity": "^4.8.0",
     "@iarna/toml": "^2.2.5",
-    "@modelcontextprotocol/sdk": "^1.23.0",
+    "@modelcontextprotocol/sdk": "^1.25.1",
     "better-sqlite3": "^11.9.0",
     "dotenv": "^16.4.7",
     "express": "^4.18.2",