@bytebase/dbhub 0.3.1 → 0.3.2

package/README.md

@@ -49,7 +49,7 @@ https://demo.dbhub.ai/sse connects a [sample employee database](https://github.c
 
 | Tool            | Command Name      | PostgreSQL | MySQL | MariaDB | SQL Server | SQLite |
 | --------------- | ----------------- | :--------: | :---: | :-----: | :--------: | ------ |
-| Execute Query   | `run_query`       |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |
+| Execute SQL     | `execute_sql`     |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |
 | List Connectors | `list_connectors` |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |
 
 ### Prompt Capabilities
@@ -151,6 +151,19 @@ npx @bytebase/dbhub --transport sse --port 8080 --demo
 
 ## Usage
 
+### Read-only Mode
+
+You can run DBHub in read-only mode, which restricts SQL query execution to read-only operations:
+
+```bash
+# Enable read-only mode
+npx @bytebase/dbhub --readonly --dsn "postgres://user:password@localhost:5432/dbname"
+```
+
+In read-only mode, only [readonly SQL operations](https://github.com/bytebase/dbhub/blob/main/src/utils/allowed-keywords.ts) are allowed.
+
+This provides an additional layer of security when connecting to production databases.
+
 ### Configure your database connection
 
 You can use DBHub in demo mode with a sample employee database for testing:
@@ -186,13 +199,13 @@ For real databases, a Database Source Name (DSN) is required. You can provide th
 
 DBHub supports the following database connection string formats:
 
-| Database   | DSN Format                                               | Example                                                          |
-| ---------- | -------------------------------------------------------- | ---------------------------------------------------------------- |
-| MySQL      | `mysql://[user]:[password]@[host]:[port]/[database]`     | `mysql://user:password@localhost:3306/dbname`                    |
-| MariaDB    | `mariadb://[user]:[password]@[host]:[port]/[database]`   | `mariadb://user:password@localhost:3306/dbname`                  |
-| PostgreSQL | `postgres://[user]:[password]@[host]:[port]/[database]`  | `postgres://user:password@localhost:5432/dbname?sslmode=disable` |
-| SQL Server | `sqlserver://[user]:[password]@[host]:[port]/[database]` | `sqlserver://user:password@localhost:1433/dbname`                |
-| SQLite     | `sqlite:///[path/to/file]` or `sqlite::memory:`          | `sqlite:///path/to/database.db`, `sqlite:C:/Users/YourName/data/database.db (windows)`  or `sqlite::memory:`             |
+| Database   | DSN Format                                               | Example                                                                                                     |
+| ---------- | -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- |
+| MySQL      | `mysql://[user]:[password]@[host]:[port]/[database]`     | `mysql://user:password@localhost:3306/dbname`                                                               |
+| MariaDB    | `mariadb://[user]:[password]@[host]:[port]/[database]`   | `mariadb://user:password@localhost:3306/dbname`                                                             |
+| PostgreSQL | `postgres://[user]:[password]@[host]:[port]/[database]`  | `postgres://user:password@localhost:5432/dbname?sslmode=disable`                                            |
+| SQL Server | `sqlserver://[user]:[password]@[host]:[port]/[database]` | `sqlserver://user:password@localhost:1433/dbname`                                                           |
+| SQLite     | `sqlite:///[path/to/file]` or `sqlite::memory:`          | `sqlite:///path/to/database.db`, `sqlite:C:/Users/YourName/data/database.db (windows)` or `sqlite::memory:` |
 
 #### SQL Server
 
@@ -223,6 +236,7 @@ Extra query parameters:
 | dsn       | Database connection string                                      | Required if not in demo mode |
 | transport | Transport mode: `stdio` or `sse`                                | `stdio`                      |
 | port      | HTTP server port (only applicable when using `--transport=sse`) | `8080`                       |
+| readonly  | Restrict SQL execution to read-only operations                  | `false`                      |
 
 The demo mode uses an in-memory SQLite database loaded with the [sample employee database](https://github.com/bytebase/dbhub/tree/main/resources/employee-sqlite) that includes tables for employees, departments, titles, salaries, department employees, and department managers. The sample database includes SQL scripts for table creation, data loading, and testing.
 

package/dist/index.js

@@ -38,8 +38,8 @@ var _ConnectorRegistry = class _ConnectorRegistry {
   /**
    * Get sample DSN for a specific connector
    */
-  static getSampleDSN(connectorId) {
-    const connector = _ConnectorRegistry.getConnector(connectorId);
+  static getSampleDSN(connectorType) {
+    const connector = _ConnectorRegistry.getConnector(connectorType);
     if (!connector) return null;
     return connector.dsnParser.getSampleDSN();
   }
@@ -81,7 +81,9 @@ var PostgresDSNParser = class {
       });
       return config;
     } catch (error) {
-      throw new Error(`Failed to parse PostgreSQL DSN: ${error instanceof Error ? error.message : String(error)}`);
+      throw new Error(
+        `Failed to parse PostgreSQL DSN: ${error instanceof Error ? error.message : String(error)}`
+      );
     }
   }
   getSampleDSN() {
@@ -145,12 +147,15 @@ var PostgresConnector = class {
     const client = await this.pool.connect();
     try {
       const schemaToUse = schema || "public";
-      const result = await client.query(`
+      const result = await client.query(
+        `
         SELECT table_name 
         FROM information_schema.tables 
         WHERE table_schema = $1
         ORDER BY table_name
-      `, [schemaToUse]);
+      `,
+        [schemaToUse]
+      );
       return result.rows.map((row) => row.table_name);
     } finally {
       client.release();
@@ -163,13 +168,16 @@ var PostgresConnector = class {
     const client = await this.pool.connect();
     try {
       const schemaToUse = schema || "public";
-      const result = await client.query(`
+      const result = await client.query(
+        `
         SELECT EXISTS (
           SELECT FROM information_schema.tables 
           WHERE table_schema = $1 
           AND table_name = $2
         )
-      `, [schemaToUse, tableName]);
+      `,
+        [schemaToUse, tableName]
+      );
       return result.rows[0].exists;
     } finally {
       client.release();
@@ -182,7 +190,8 @@ var PostgresConnector = class {
     const client = await this.pool.connect();
     try {
       const schemaToUse = schema || "public";
-      const result = await client.query(`
+      const result = await client.query(
+        `
         SELECT 
           i.relname as index_name,
           array_agg(a.attname) as column_names,
@@ -209,7 +218,9 @@ var PostgresConnector = class {
           ix.indisprimary
         ORDER BY 
           i.relname
-      `, [tableName, schemaToUse]);
+      `,
+        [tableName, schemaToUse]
+      );
       return result.rows.map((row) => ({
         index_name: row.index_name,
         column_names: row.column_names,
@@ -227,7 +238,8 @@ var PostgresConnector = class {
     const client = await this.pool.connect();
     try {
       const schemaToUse = schema || "public";
-      const result = await client.query(`
+      const result = await client.query(
+        `
         SELECT 
           column_name, 
           data_type, 
@@ -237,7 +249,9 @@ var PostgresConnector = class {
         WHERE table_schema = $1
         AND table_name = $2
         ORDER BY ordinal_position
-      `, [schemaToUse, tableName]);
+      `,
+        [schemaToUse, tableName]
+      );
       return result.rows;
     } finally {
       client.release();
@@ -250,13 +264,16 @@ var PostgresConnector = class {
     const client = await this.pool.connect();
     try {
       const schemaToUse = schema || "public";
-      const result = await client.query(`
+      const result = await client.query(
+        `
         SELECT 
           routine_name
         FROM information_schema.routines
         WHERE routine_schema = $1
         ORDER BY routine_name
-      `, [schemaToUse]);
+      `,
+        [schemaToUse]
+      );
       return result.rows.map((row) => row.routine_name);
     } finally {
       client.release();
@@ -269,7 +286,8 @@ var PostgresConnector = class {
     const client = await this.pool.connect();
     try {
       const schemaToUse = schema || "public";
-      const result = await client.query(`
+      const result = await client.query(
+        `
         SELECT 
           routine_name as procedure_name,
           routine_type,
@@ -292,20 +310,25 @@ var PostgresConnector = class {
         FROM information_schema.routines
         WHERE routine_schema = $1
         AND routine_name = $2
-      `, [schemaToUse, procedureName]);
+      `,
+        [schemaToUse, procedureName]
+      );
       if (result.rows.length === 0) {
         throw new Error(`Stored procedure '${procedureName}' not found in schema '${schemaToUse}'`);
       }
       const procedure = result.rows[0];
       let definition = procedure.definition;
       try {
-        const oidResult = await client.query(`
+        const oidResult = await client.query(
+          `
           SELECT p.oid, p.prosrc
           FROM pg_proc p
           JOIN pg_namespace n ON p.pronamespace = n.oid
           WHERE p.proname = $1
           AND n.nspname = $2
-        `, [procedureName, schemaToUse]);
+        `,
+          [procedureName, schemaToUse]
+        );
         if (oidResult.rows.length > 0) {
           if (!definition) {
             const oid = oidResult.rows[0].oid;
@@ -336,10 +359,6 @@ var PostgresConnector = class {
     if (!this.pool) {
       throw new Error("Not connected to database");
     }
-    const safetyCheck = this.validateQuery(query);
-    if (!safetyCheck.isValid) {
-      throw new Error(safetyCheck.message || "Query validation failed");
-    }
     const client = await this.pool.connect();
     try {
       return await client.query(query);
@@ -347,16 +366,6 @@ var PostgresConnector = class {
       client.release();
     }
   }
-  validateQuery(query) {
-    const normalizedQuery = query.trim().toLowerCase();
-    if (!normalizedQuery.startsWith("select")) {
-      return {
-        isValid: false,
-        message: "Only SELECT queries are allowed for security reasons."
-      };
-    }
-    return { isValid: true };
-  }
 };
 var postgresConnector = new PostgresConnector();
 ConnectorRegistry.register(postgresConnector);
@@ -367,7 +376,9 @@ import { DefaultAzureCredential } from "@azure/identity";
 var SQLServerDSNParser = class {
   async parse(dsn) {
     if (!this.isValidDSN(dsn)) {
-      throw new Error("Invalid SQL Server DSN format. Expected: sqlserver://username:password@host:port/database");
+      throw new Error(
+        "Invalid SQL Server DSN format. Expected: sqlserver://username:password@host:port/database"
+      );
     }
     const url = new URL(dsn);
     const host = url.hostname;
@@ -644,10 +655,12 @@ var SQLServerConnector = class {
       const parameterResult = await request.query(parameterQuery);
       let parameterList = "";
       if (parameterResult.recordset.length > 0) {
-        parameterList = parameterResult.recordset.map((param) => {
-          const lengthStr = param.CHARACTER_MAXIMUM_LENGTH > 0 ? `(${param.CHARACTER_MAXIMUM_LENGTH})` : "";
-          return `${param.PARAMETER_NAME} ${param.PARAMETER_MODE} ${param.DATA_TYPE}${lengthStr}`;
-        }).join(", ");
+        parameterList = parameterResult.recordset.map(
+          (param) => {
+            const lengthStr = param.CHARACTER_MAXIMUM_LENGTH > 0 ? `(${param.CHARACTER_MAXIMUM_LENGTH})` : "";
+            return `${param.PARAMETER_NAME} ${param.PARAMETER_MODE} ${param.DATA_TYPE}${lengthStr}`;
+          }
+        ).join(", ");
       }
       const definitionQuery = `
           SELECT definition
@@ -679,10 +692,6 @@ var SQLServerConnector = class {
     if (!this.connection) {
       throw new Error("Not connected to SQL Server database");
     }
-    const safetyCheck = this.validateQuery(query);
-    if (!safetyCheck.isValid) {
-      throw new Error(safetyCheck.message || "Query validation failed");
-    }
     try {
       const result = await this.connection.request().query(query);
       return {
@@ -696,16 +705,6 @@ var SQLServerConnector = class {
       throw new Error(`Failed to execute query: ${error.message}`);
     }
   }
-  validateQuery(query) {
-    const normalizedQuery = query.trim().toLowerCase();
-    if (!normalizedQuery.startsWith("select")) {
-      return {
-        isValid: false,
-        message: "Only SELECT queries are allowed for security reasons."
-      };
-    }
-    return { isValid: true };
-  }
 };
 var sqlServerConnector = new SQLServerConnector();
 ConnectorRegistry.register(sqlServerConnector);
@@ -731,7 +730,9 @@ var SQLiteDSNParser = class {
       }
       return { dbPath };
     } catch (error) {
-      throw new Error(`Failed to parse SQLite DSN: ${error instanceof Error ? error.message : String(error)}`);
+      throw new Error(
+        `Failed to parse SQLite DSN: ${error instanceof Error ? error.message : String(error)}`
+      );
     }
   }
   getSampleDSN() {
@@ -792,11 +793,13 @@ var SQLiteConnector = class {
       throw new Error("Not connected to SQLite database");
     }
     try {
-      const rows = this.db.prepare(`
+      const rows = this.db.prepare(
+        `
         SELECT name FROM sqlite_master 
         WHERE type='table' AND name NOT LIKE 'sqlite_%'
         ORDER BY name
-      `).all();
+      `
+      ).all();
       return rows.map((row) => row.name);
     } catch (error) {
       throw error;
@@ -807,10 +810,12 @@ var SQLiteConnector = class {
       throw new Error("Not connected to SQLite database");
     }
     try {
-      const row = this.db.prepare(`
+      const row = this.db.prepare(
+        `
         SELECT name FROM sqlite_master 
         WHERE type='table' AND name = ?
-      `).get(tableName);
+      `
+      ).get(tableName);
       return !!row;
     } catch (error) {
       throw error;
@@ -821,7 +826,8 @@ var SQLiteConnector = class {
       throw new Error("Not connected to SQLite database");
     }
     try {
-      const indexInfoRows = this.db.prepare(`
+      const indexInfoRows = this.db.prepare(
+        `
         SELECT 
           name as index_name,
           CASE 
@@ -831,7 +837,8 @@ var SQLiteConnector = class {
         FROM sqlite_master 
         WHERE type = 'index' 
         AND tbl_name = ?
-      `).all(tableName);
+      `
+      ).all(tableName);
       const tableInfo = this.db.prepare(`PRAGMA table_info(${tableName})`).all();
       const pkColumns = tableInfo.filter((col) => col.pk > 0).map((col) => col.name);
       const results = [];
@@ -886,16 +893,14 @@ var SQLiteConnector = class {
     if (!this.db) {
       throw new Error("Not connected to SQLite database");
     }
-    throw new Error("SQLite does not support stored procedures. Functions are defined programmatically through the SQLite API, not stored in the database.");
+    throw new Error(
+      "SQLite does not support stored procedures. Functions are defined programmatically through the SQLite API, not stored in the database."
+    );
   }
   async executeQuery(query) {
     if (!this.db) {
       throw new Error("Not connected to SQLite database");
     }
-    const safetyCheck = this.validateQuery(query);
-    if (!safetyCheck.isValid) {
-      throw new Error(safetyCheck.message || "Query validation failed");
-    }
     try {
       const rows = this.db.prepare(query).all();
       return { rows };
@@ -903,16 +908,6 @@ var SQLiteConnector = class {
       throw error;
     }
   }
-  validateQuery(query) {
-    const normalizedQuery = query.trim().toLowerCase();
-    if (!normalizedQuery.startsWith("select")) {
-      return {
-        isValid: false,
-        message: "Only SELECT queries are allowed for security reasons."
-      };
-    }
-    return { isValid: true };
-  }
 };
 var sqliteConnector = new SQLiteConnector();
 ConnectorRegistry.register(sqliteConnector);
@@ -941,7 +936,9 @@ var MySQLDSNParser = class {
       });
       return config;
     } catch (error) {
-      throw new Error(`Failed to parse MySQL DSN: ${error instanceof Error ? error.message : String(error)}`);
+      throw new Error(
+        `Failed to parse MySQL DSN: ${error instanceof Error ? error.message : String(error)}`
+      );
     }
   }
   getSampleDSN() {
@@ -1003,12 +1000,15 @@ var MySQLConnector = class {
     try {
       const schemaClause = schema ? "WHERE TABLE_SCHEMA = ?" : "WHERE TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema] : [];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT TABLE_NAME 
         FROM INFORMATION_SCHEMA.TABLES 
         ${schemaClause}
         ORDER BY TABLE_NAME
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows.map((row) => row.TABLE_NAME);
     } catch (error) {
       console.error("Error getting tables:", error);
@@ -1022,12 +1022,15 @@ var MySQLConnector = class {
     try {
       const schemaClause = schema ? "WHERE TABLE_SCHEMA = ?" : "WHERE TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, tableName] : [tableName];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT COUNT(*) AS COUNT
         FROM INFORMATION_SCHEMA.TABLES 
         ${schemaClause} 
         AND TABLE_NAME = ?
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows[0].COUNT > 0;
     } catch (error) {
       console.error("Error checking if table exists:", error);
@@ -1041,7 +1044,8 @@ var MySQLConnector = class {
     try {
       const schemaClause = schema ? "TABLE_SCHEMA = ?" : "TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, tableName] : [tableName];
-      const [indexRows] = await this.pool.query(`
+      const [indexRows] = await this.pool.query(
+        `
         SELECT 
           INDEX_NAME,
           COLUMN_NAME,
@@ -1055,7 +1059,9 @@ var MySQLConnector = class {
         ORDER BY 
           INDEX_NAME, 
           SEQ_IN_INDEX
-      `, queryParams);
+      `,
+        queryParams
+      );
       const indexMap = /* @__PURE__ */ new Map();
       for (const row of indexRows) {
         const indexName = row.INDEX_NAME;
@@ -1094,7 +1100,8 @@ var MySQLConnector = class {
     try {
       const schemaClause = schema ? "WHERE TABLE_SCHEMA = ?" : "WHERE TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, tableName] : [tableName];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT 
           COLUMN_NAME as column_name, 
           DATA_TYPE as data_type, 
@@ -1104,7 +1111,9 @@ var MySQLConnector = class {
         ${schemaClause}
         AND TABLE_NAME = ?
         ORDER BY ORDINAL_POSITION
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows;
     } catch (error) {
       console.error("Error getting table schema:", error);
@@ -1118,12 +1127,15 @@ var MySQLConnector = class {
     try {
       const schemaClause = schema ? "WHERE ROUTINE_SCHEMA = ?" : "WHERE ROUTINE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema] : [];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT ROUTINE_NAME
         FROM INFORMATION_SCHEMA.ROUTINES
         ${schemaClause}
         ORDER BY ROUTINE_NAME
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows.map((row) => row.ROUTINE_NAME);
     } catch (error) {
       console.error("Error getting stored procedures:", error);
@@ -1137,7 +1149,8 @@ var MySQLConnector = class {
     try {
       const schemaClause = schema ? "WHERE r.ROUTINE_SCHEMA = ?" : "WHERE r.ROUTINE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, procedureName] : [procedureName];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT 
           r.ROUTINE_NAME AS procedure_name,
           CASE 
@@ -1161,7 +1174,9 @@ var MySQLConnector = class {
         FROM INFORMATION_SCHEMA.ROUTINES r
         ${schemaClause}
         AND r.ROUTINE_NAME = ?
-      `, queryParams);
+      `,
+        queryParams
+      );
       if (rows.length === 0) {
         const schemaName = schema || "current schema";
         throw new Error(`Stored procedure '${procedureName}' not found in ${schemaName}`);
@@ -1194,11 +1209,14 @@ var MySQLConnector = class {
           }
         }
         if (!definition) {
-          const [bodyRows] = await this.pool.query(`
+          const [bodyRows] = await this.pool.query(
+            `
             SELECT ROUTINE_DEFINITION, ROUTINE_BODY 
             FROM INFORMATION_SCHEMA.ROUTINES
             WHERE ROUTINE_SCHEMA = ? AND ROUTINE_NAME = ?
-          `, [schemaValue, procedureName]);
+          `,
+            [schemaValue, procedureName]
+          );
           if (bodyRows && bodyRows.length > 0) {
             if (bodyRows[0].ROUTINE_DEFINITION) {
               definition = bodyRows[0].ROUTINE_DEFINITION;
@@ -1233,10 +1251,6 @@ var MySQLConnector = class {
     if (!this.pool) {
       throw new Error("Not connected to database");
     }
-    const safetyCheck = this.validateQuery(query);
-    if (!safetyCheck.isValid) {
-      throw new Error(safetyCheck.message || "Query validation failed");
-    }
     try {
       const [rows, fields] = await this.pool.query(query);
       return { rows, fields };
@@ -1245,16 +1259,6 @@ var MySQLConnector = class {
       throw error;
     }
   }
-  validateQuery(query) {
-    const normalizedQuery = query.trim().toLowerCase();
-    if (!normalizedQuery.startsWith("select")) {
-      return {
-        isValid: false,
-        message: "Only SELECT queries are allowed for security reasons."
-      };
-    }
-    return { isValid: true };
-  }
 };
 var mysqlConnector = new MySQLConnector();
 ConnectorRegistry.register(mysqlConnector);
@@ -1282,7 +1286,9 @@ var MariadbDSNParser = class {
       });
       return config;
     } catch (error) {
-      throw new Error(`Failed to parse MariaDB DSN: ${error instanceof Error ? error.message : String(error)}`);
+      throw new Error(
+        `Failed to parse MariaDB DSN: ${error instanceof Error ? error.message : String(error)}`
+      );
     }
   }
   getSampleDSN() {
@@ -1345,12 +1351,15 @@ var MariaDBConnector = class {
     try {
       const schemaClause = schema ? "WHERE TABLE_SCHEMA = ?" : "WHERE TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema] : [];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT TABLE_NAME 
         FROM INFORMATION_SCHEMA.TABLES 
         ${schemaClause}
         ORDER BY TABLE_NAME
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows.map((row) => row.TABLE_NAME);
     } catch (error) {
       console.error("Error getting tables:", error);
@@ -1364,12 +1373,15 @@ var MariaDBConnector = class {
     try {
       const schemaClause = schema ? "WHERE TABLE_SCHEMA = ?" : "WHERE TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, tableName] : [tableName];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT COUNT(*) AS COUNT
         FROM INFORMATION_SCHEMA.TABLES 
         ${schemaClause} 
         AND TABLE_NAME = ?
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows[0].COUNT > 0;
     } catch (error) {
       console.error("Error checking if table exists:", error);
@@ -1383,7 +1395,8 @@ var MariaDBConnector = class {
     try {
       const schemaClause = schema ? "TABLE_SCHEMA = ?" : "TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, tableName] : [tableName];
-      const [indexRows] = await this.pool.query(`
+      const [indexRows] = await this.pool.query(
+        `
         SELECT 
           INDEX_NAME,
           COLUMN_NAME,
@@ -1397,7 +1410,9 @@ var MariaDBConnector = class {
         ORDER BY 
           INDEX_NAME, 
           SEQ_IN_INDEX
-      `, queryParams);
+      `,
+        queryParams
+      );
       const indexMap = /* @__PURE__ */ new Map();
       for (const row of indexRows) {
         const indexName = row.INDEX_NAME;
@@ -1436,7 +1451,8 @@ var MariaDBConnector = class {
     try {
       const schemaClause = schema ? "WHERE TABLE_SCHEMA = ?" : "WHERE TABLE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, tableName] : [tableName];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT 
           COLUMN_NAME as column_name, 
           DATA_TYPE as data_type, 
@@ -1446,7 +1462,9 @@ var MariaDBConnector = class {
         ${schemaClause}
         AND TABLE_NAME = ?
         ORDER BY ORDINAL_POSITION
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows;
     } catch (error) {
       console.error("Error getting table schema:", error);
@@ -1460,12 +1478,15 @@ var MariaDBConnector = class {
     try {
       const schemaClause = schema ? "WHERE ROUTINE_SCHEMA = ?" : "WHERE ROUTINE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema] : [];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT ROUTINE_NAME
         FROM INFORMATION_SCHEMA.ROUTINES
         ${schemaClause}
         ORDER BY ROUTINE_NAME
-      `, queryParams);
+      `,
+        queryParams
+      );
       return rows.map((row) => row.ROUTINE_NAME);
     } catch (error) {
       console.error("Error getting stored procedures:", error);
@@ -1479,7 +1500,8 @@ var MariaDBConnector = class {
     try {
       const schemaClause = schema ? "WHERE r.ROUTINE_SCHEMA = ?" : "WHERE r.ROUTINE_SCHEMA = DATABASE()";
       const queryParams = schema ? [schema, procedureName] : [procedureName];
-      const [rows] = await this.pool.query(`
+      const [rows] = await this.pool.query(
+        `
         SELECT 
           r.ROUTINE_NAME AS procedure_name,
           CASE 
@@ -1503,7 +1525,9 @@ var MariaDBConnector = class {
         FROM INFORMATION_SCHEMA.ROUTINES r
         ${schemaClause}
         AND r.ROUTINE_NAME = ?
-      `, queryParams);
+      `,
+        queryParams
+      );
       if (rows.length === 0) {
         const schemaName = schema || "current schema";
         throw new Error(`Stored procedure '${procedureName}' not found in ${schemaName}`);
@@ -1536,11 +1560,14 @@ var MariaDBConnector = class {
           }
         }
         if (!definition) {
-          const [bodyRows] = await this.pool.query(`
+          const [bodyRows] = await this.pool.query(
+            `
             SELECT ROUTINE_DEFINITION, ROUTINE_BODY 
             FROM INFORMATION_SCHEMA.ROUTINES
             WHERE ROUTINE_SCHEMA = ? AND ROUTINE_NAME = ?
-          `, [schemaValue, procedureName]);
+          `,
+            [schemaValue, procedureName]
+          );
           if (bodyRows && bodyRows.length > 0) {
             if (bodyRows[0].ROUTINE_DEFINITION) {
               definition = bodyRows[0].ROUTINE_DEFINITION;
@@ -1575,10 +1602,6 @@ var MariaDBConnector = class {
     if (!this.pool) {
       throw new Error("Not connected to database");
     }
-    const safetyCheck = this.validateQuery(query);
-    if (!safetyCheck.isValid) {
-      throw new Error(safetyCheck.message || "Query validation failed");
-    }
     try {
       const [rows, fields] = await this.pool.query(query);
       return { rows, fields };
@@ -1587,16 +1610,6 @@ var MariaDBConnector = class {
       throw error;
     }
   }
-  validateQuery(query) {
-    const normalizedQuery = query.trim().toLowerCase();
-    if (!normalizedQuery.startsWith("select")) {
-      return {
-        isValid: false,
-        message: "Only SELECT queries are allowed for security reasons."
-      };
-    }
-    return { isValid: true };
-  }
 };
 var mariadbConnector = new MariaDBConnector();
 ConnectorRegistry.register(mariadbConnector);
@@ -1746,6 +1759,16 @@ function isDemoMode() {
   const args = parseCommandLineArgs();
   return args.demo === "true";
 }
+function isReadOnlyMode() {
+  const args = parseCommandLineArgs();
+  if (args.readonly !== void 0) {
+    return args.readonly === "true";
+  }
+  if (process.env.READONLY !== void 0) {
+    return process.env.READONLY === "true";
+  }
+  return false;
+}
 function resolveDSN() {
   const args = parseCommandLineArgs();
   if (isDemoMode()) {
@@ -1863,39 +1886,47 @@ function formatErrorResponse(error, code = "ERROR", details) {
 }
 function createToolErrorResponse(error, code = "ERROR", details) {
   return {
-    content: [{
-      type: "text",
-      text: JSON.stringify(formatErrorResponse(error, code, details), null, 2),
-      mimeType: "application/json"
-    }],
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify(formatErrorResponse(error, code, details), null, 2),
+        mimeType: "application/json"
+      }
+    ],
     isError: true
   };
 }
 function createToolSuccessResponse(data, meta = {}) {
   return {
-    content: [{
-      type: "text",
-      text: JSON.stringify(formatSuccessResponse(data, meta), null, 2),
-      mimeType: "application/json"
-    }]
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify(formatSuccessResponse(data, meta), null, 2),
+        mimeType: "application/json"
+      }
+    ]
   };
 }
 function createResourceErrorResponse(uri, error, code = "ERROR", details) {
   return {
-    contents: [{
-      uri,
-      text: JSON.stringify(formatErrorResponse(error, code, details), null, 2),
-      mimeType: "application/json"
-    }]
+    contents: [
+      {
+        uri,
+        text: JSON.stringify(formatErrorResponse(error, code, details), null, 2),
+        mimeType: "application/json"
+      }
+    ]
   };
 }
 function createResourceSuccessResponse(uri, data, meta = {}) {
   return {
-    contents: [{
-      uri,
-      text: JSON.stringify(formatSuccessResponse(data, meta), null, 2),
-      mimeType: "application/json"
-    }]
+    contents: [
+      {
+        uri,
+        text: JSON.stringify(formatSuccessResponse(data, meta), null, 2),
+        mimeType: "application/json"
+      }
+    ]
   };
 }
 function formatPromptSuccessResponse(text, references = []) {
@@ -2032,11 +2063,7 @@ async function indexesResourceHandler(uri, variables, _extra) {
   const schemaName = variables && variables.schemaName ? Array.isArray(variables.schemaName) ? variables.schemaName[0] : variables.schemaName : void 0;
   const tableName = variables && variables.tableName ? Array.isArray(variables.tableName) ? variables.tableName[0] : variables.tableName : void 0;
   if (!tableName) {
-    return createResourceErrorResponse(
-      uri.href,
-      "Table name is required",
-      "MISSING_TABLE_NAME"
-    );
+    return createResourceErrorResponse(uri.href, "Table name is required", "MISSING_TABLE_NAME");
   }
   try {
     if (schemaName) {
@@ -2109,11 +2136,7 @@ async function procedureDetailResourceHandler(uri, variables, _extra) {
   const schemaName = variables && variables.schemaName ? Array.isArray(variables.schemaName) ? variables.schemaName[0] : variables.schemaName : void 0;
   const procedureName = variables && variables.procedureName ? Array.isArray(variables.procedureName) ? variables.procedureName[0] : variables.procedureName : void 0;
   if (!procedureName) {
-    return createResourceErrorResponse(
-      uri.href,
-      "Procedure name is required",
-      "MISSING_PARAMETER"
-    );
+    return createResourceErrorResponse(uri.href, "Procedure name is required", "MISSING_PARAMETER");
   }
   try {
     if (schemaName) {
@@ -2148,11 +2171,7 @@ async function procedureDetailResourceHandler(uri, variables, _extra) {
 
 // src/resources/index.ts
 function registerResources(server) {
-  server.resource(
-    "schemas",
-    "db://schemas",
-    schemasResourceHandler
-  );
+  server.resource("schemas", "db://schemas", schemasResourceHandler);
   server.resource(
     "tables_in_schema",
     new ResourceTemplate("db://schemas/{schemaName}/tables", { list: void 0 }),
@@ -2165,7 +2184,9 @@ function registerResources(server) {
   );
   server.resource(
     "indexes_in_table",
-    new ResourceTemplate("db://schemas/{schemaName}/tables/{tableName}/indexes", { list: void 0 }),
+    new ResourceTemplate("db://schemas/{schemaName}/tables/{tableName}/indexes", {
+      list: void 0
+    }),
     indexesResourceHandler
   );
   server.resource(
@@ -2175,24 +2196,42 @@ function registerResources(server) {
   );
   server.resource(
     "procedure_detail_in_schema",
-    new ResourceTemplate("db://schemas/{schemaName}/procedures/{procedureName}", { list: void 0 }),
+    new ResourceTemplate("db://schemas/{schemaName}/procedures/{procedureName}", {
+      list: void 0
+    }),
     procedureDetailResourceHandler
   );
 }
 
-// src/tools/run-query.ts
+// src/tools/execute-sql.ts
 import { z } from "zod";
-var runQuerySchema = {
+
+// src/utils/allowed-keywords.ts
+var allowedKeywords = {
+  postgres: ["select", "with", "explain", "analyze", "show"],
+  mysql: ["select", "with", "explain", "analyze", "show", "describe", "desc"],
+  mariadb: ["select", "with", "explain", "analyze", "show", "describe", "desc"],
+  sqlite: ["select", "with", "explain", "analyze", "pragma"],
+  sqlserver: ["select", "with", "explain", "showplan"]
+};
+
+// src/tools/execute-sql.ts
+var executeSqlSchema = {
   query: z.string().describe("SQL query to execute (SELECT only)")
 };
-async function runQueryToolHandler({ query }, _extra) {
+function isReadOnlyQuery(query, connectorType) {
+  const normalizedQuery = query.trim().toLowerCase();
+  const firstWord = normalizedQuery.split(/\s+/)[0];
+  const keywordList = allowedKeywords[connectorType] || allowedKeywords.default || [];
+  return keywordList.includes(firstWord);
+}
+async function executeSqlToolHandler({ query }, _extra) {
   const connector = ConnectorManager.getCurrentConnector();
   try {
-    const validationResult = connector.validateQuery(query);
-    if (!validationResult.isValid) {
+    if (isReadOnlyMode() && !isReadOnlyQuery(query, connector.id)) {
       return createToolErrorResponse(
-        validationResult.message ?? "Unknown validation error",
-        "VALIDATION_ERROR"
+        `Read-only mode is enabled. Only the following SQL operations are allowed: ${allowedKeywords[connector.id]?.join(", ") || "none"}`,
+        "READONLY_VIOLATION"
       );
     }
     const result = await connector.executeQuery(query);
@@ -2202,36 +2241,34 @@ async function runQueryToolHandler({ query }, _extra) {
     };
     return createToolSuccessResponse(responseData);
   } catch (error) {
-    return createToolErrorResponse(
-      error.message,
-      "EXECUTION_ERROR"
-    );
+    return createToolErrorResponse(error.message, "EXECUTION_ERROR");
   }
 }
 
 // src/tools/list-connectors.ts
 async function listConnectorsToolHandler(_args, _extra) {
   const samples = ConnectorRegistry.getAllSampleDSNs();
-  let activeConnectorId = null;
+  let activeConnectorType = null;
   try {
     const activeConnector = ConnectorManager.getCurrentConnector();
-    activeConnectorId = activeConnector.id;
+    activeConnectorType = activeConnector.id;
   } catch (error) {
   }
   const isDemo = isDemoMode();
-  if (isDemo && !activeConnectorId) {
-    activeConnectorId = "sqlite";
+  if (isDemo && !activeConnectorType) {
+    activeConnectorType = "sqlite";
   }
   const sampleObjects = Object.entries(samples).map(([id, dsn]) => ({
     id,
     dsn,
-    active: id === activeConnectorId
+    active: id === activeConnectorType
   }));
   const responseData = {
     connectors: sampleObjects,
     count: sampleObjects.length,
-    activeConnector: activeConnectorId,
-    demoMode: isDemo
+    activeConnector: activeConnectorType,
+    demoMode: isDemo,
+    readonlyMode: isReadOnlyMode()
   };
   return createToolSuccessResponse(responseData);
 }
@@ -2239,10 +2276,10 @@ async function listConnectorsToolHandler(_args, _extra) {
 // src/tools/index.ts
 function registerTools(server) {
   server.tool(
-    "run_query",
-    "Run a SQL query on the current database",
-    runQuerySchema,
-    runQueryToolHandler
+    "execute_sql",
+    "Execute a SQL query on the current database",
+    executeSqlSchema,
+    executeSqlToolHandler
   );
   server.tool(
     "list_connectors",
@@ -2258,7 +2295,10 @@ var sqlGeneratorSchema = {
   description: z2.string().describe("Natural language description of the SQL query to generate"),
   schema: z2.string().optional().describe("Optional database schema to use")
 };
-async function sqlGeneratorPromptHandler({ description, schema }, _extra) {
+async function sqlGeneratorPromptHandler({
+  description,
+  schema
+}, _extra) {
   try {
     const connector = ConnectorManager.getCurrentConnector();
     let sqlDialect;
@@ -2321,9 +2361,7 @@ async function sqlGeneratorPromptHandler({ description, schema }, _extra) {
       }
       const schemaContext = accessibleSchemas.length > 0 ? `Available tables and their columns:
 ${accessibleSchemas.map(
-        (schema2) => `- ${schema2.table}: ${schema2.columns.map(
-          (col) => `${col.name} (${col.type})`
-        ).join(", ")}`
+        (schema2) => `- ${schema2.table}: ${schema2.columns.map((col) => `${col.name} (${col.type})`).join(", ")}`
       ).join("\n")}` : "No schema information available.";
       const dialectExamples = {
         postgres: [
@@ -2375,7 +2413,11 @@ SELECT COUNT(*) AS count
 FROM ${accessibleSchemas.length > 0 ? accessibleSchemas[0].table : "table_name"};`;
       } else if (description.toLowerCase().includes("average") || description.toLowerCase().includes("avg")) {
         const table = accessibleSchemas.length > 0 ? accessibleSchemas[0].table : "table_name";
-        const numericColumn = accessibleSchemas.length > 0 ? accessibleSchemas[0].columns.find((col) => ["int", "numeric", "decimal", "float", "real", "double"].some((t) => col.type.includes(t)))?.name || "numeric_column" : "numeric_column";
+        const numericColumn = accessibleSchemas.length > 0 ? accessibleSchemas[0].columns.find(
+          (col) => ["int", "numeric", "decimal", "float", "real", "double"].some(
+            (t) => col.type.includes(t)
+          )
+        )?.name || "numeric_column" : "numeric_column";
         const schemaPrefix = schema ? `-- Schema: ${schema}
 ` : "";
         generatedSQL = `${schemaPrefix}-- Average query generated from: "${description}"
@@ -2423,7 +2465,10 @@ var dbExplainerSchema = {
   schema: z3.string().optional().describe("Optional database schema to use"),
   table: z3.string().optional().describe("Optional specific table to explain")
 };
-async function dbExplainerPromptHandler({ schema, table }, _extra) {
+async function dbExplainerPromptHandler({
+  schema,
+  table
+}, _extra) {
   try {
     const connector = ConnectorManager.getCurrentConnector();
     if (schema) {
@@ -2477,7 +2522,9 @@ ${determineRelationships(matchingTable, columns)}`;
       }
       try {
         const columns = await connector.getTableSchema(tableName, schema);
-        const column = columns.find((c) => c.column_name.toLowerCase() === columnName.toLowerCase());
+        const column = columns.find(
+          (c) => c.column_name.toLowerCase() === columnName.toLowerCase()
+        );
         if (column) {
           const columnDescription = `Column: ${tableName}.${column.column_name}
           
@@ -2568,11 +2615,15 @@ function determineRelationships(tableName, columns) {
   if (idColumns.length > 0) {
     idColumns.forEach((col) => {
       const referencedTable = col.column_name.toLowerCase().replace("_id", "");
-      potentialRelationships.push(`May have a relationship with the "${referencedTable}" table (via ${col.column_name})`);
+      potentialRelationships.push(
+        `May have a relationship with the "${referencedTable}" table (via ${col.column_name})`
+      );
     });
   }
   if (columns.some((c) => c.column_name.toLowerCase() === "id")) {
-    potentialRelationships.push(`May be referenced by other tables as "${tableName.toLowerCase()}_id"`);
+    potentialRelationships.push(
+      `May be referenced by other tables as "${tableName.toLowerCase()}_id"`
+    );
   }
   return potentialRelationships.length > 0 ? potentialRelationships.join("\n") : "No obvious relationships identified based on column names";
 }
@@ -2660,8 +2711,8 @@ var packageJsonPath = path3.join(__dirname3, "..", "package.json");
 var packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));
 var SERVER_NAME = "DBHub MCP Server";
 var SERVER_VERSION = packageJson.version;
-function generateBanner(version, isDemo = false) {
-  const demoText = isDemo ? " [DEMO MODE]" : "";
+function generateBanner(version, modes = []) {
+  const modeText = modes.length > 0 ? ` [${modes.join(" | ")}]` : "";
   return `
  _____  ____  _   _       _     
 |  __ \\|  _ \\| | | |     | |    
@@ -2670,7 +2721,7 @@ function generateBanner(version, isDemo = false) {
 | |__| | |_) | | | | |_| | |_) |
 |_____/|____/|_| |_|\\__,_|_.__/ 
                                 
-v${version}${demoText} - Universal Database MCP Server
+v${version}${modeText} - Universal Database MCP Server
 `;
 }
 async function main() {
@@ -2706,7 +2757,6 @@ See documentation for more details on configuring database connections.
     console.error(`Connecting with DSN: ${redactDSN(dsnData.dsn)}`);
     console.error(`DSN source: ${dsnData.source}`);
     if (dsnData.isDemo) {
-      console.error("Running in demo mode with sample employee database");
       const initScript = getSqliteInMemorySetupSql();
       await connectorManager.connectWithDSN(dsnData.dsn, initScript);
     } else {
@@ -2715,7 +2765,21 @@ See documentation for more details on configuring database connections.
     const transportData = resolveTransport();
     console.error(`Using transport: ${transportData.type}`);
     console.error(`Transport source: ${transportData.source}`);
-    console.error(generateBanner(SERVER_VERSION, dsnData.isDemo));
+    const readonly = isReadOnlyMode();
+    const activeModes = [];
+    const modeDescriptions = [];
+    if (dsnData.isDemo) {
+      activeModes.push("DEMO");
+      modeDescriptions.push("using sample employee database");
+    }
+    if (readonly) {
+      activeModes.push("READ-ONLY");
+      modeDescriptions.push("only read only queries allowed");
+    }
+    if (activeModes.length > 0) {
+      console.error(`Running in ${activeModes.join(" and ")} mode - ${modeDescriptions.join(", ")}`);
+    }
+    console.error(generateBanner(SERVER_VERSION, activeModes));
     if (transportData.type === "sse") {
       const app = express();
       let transport;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bytebase/dbhub",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Universal Database MCP Server",
   "main": "dist/index.js",
   "type": "module",
@@ -21,8 +21,8 @@
     "better-sqlite3": "^11.9.0",
     "dotenv": "^16.4.7",
     "express": "^4.18.2",
-    "mssql": "^11.0.1",
     "mariadb": "^3.4.0",
+    "mssql": "^11.0.1",
     "mysql2": "^3.13.0",
     "pg": "^8.13.3",
     "zod": "^3.24.2"
@@ -34,6 +34,7 @@
     "@types/node": "^22.13.10",
     "@types/pg": "^8.11.11",
     "cross-env": "^7.0.3",
+    "prettier": "^3.5.3",
     "ts-node": "^10.9.2",
     "tsup": "^8.4.0",
     "tsx": "^4.19.3",