@bytebase/dbhub 0.4.11 → 0.6.0

package/README.md

@@ -28,9 +28,9 @@ DBHub is a universal database gateway implementing the Model Context Protocol (M
       MCP Clients           MCP Server             Databases
 ```
 
-## Demo SSE Endpoint
+## Demo HTTP Endpoint
 
-https://demo.dbhub.ai/sse connects a [sample employee database](https://github.com/bytebase/employee-sample-database). You can point Cursor or MCP Inspector to it to see it in action.
+https://demo.dbhub.ai/message connects a [sample employee database](https://github.com/bytebase/employee-sample-database). You can point Cursor or MCP Inspector to it to see it in action.
 
 ![mcp-inspector](https://raw.githubusercontent.com/bytebase/dbhub/main/resources/images/mcp-inspector.webp)
 
@@ -49,10 +49,10 @@ https://demo.dbhub.ai/sse connects a [sample employee database](https://github.c
 
 ### Database Tools
 
-| Tool            | Command Name      | PostgreSQL | MySQL | MariaDB | SQL Server | SQLite | Oracle |
-| --------------- | ----------------- | :--------: | :---: | :-----: | :--------: | ------ | :----: |
-| Execute SQL     | `execute_sql`     |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |   ✅   |
-| List Connectors | `list_connectors` |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |   ✅   |
+| Tool            | Command Name      | Description                                                         | PostgreSQL | MySQL | MariaDB | SQL Server | SQLite | Oracle |
+| --------------- | ----------------- | ------------------------------------------------------------------- | :--------: | :---: | :-----: | :--------: | ------ | :----: |
+| Execute SQL     | `execute_sql`     | Execute single or multiple SQL statements (separated by semicolons) |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |   ✅   |
+| List Connectors | `list_connectors` | List all available database connectors                              |     ✅     |  ✅   |   ✅    |     ✅     | ✅     |   ✅   |
 
 ### Prompt Capabilities
 
@@ -71,7 +71,7 @@ docker run --rm --init \
    --name dbhub \
    --publish 8080:8080 \
    bytebase/dbhub \
-   --transport sse \
+   --transport http \
    --port 8080 \
    --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
 ```
@@ -82,7 +82,7 @@ docker run --rm --init \
    --name dbhub \
    --publish 8080:8080 \
    bytebase/dbhub \
-   --transport sse \
+   --transport http \
    --port 8080 \
    --demo
 ```
@@ -93,18 +93,18 @@ docker run --rm --init \
    --name dbhub \
    --publish 8080:8080 \
    bytebase/dbhub \
-   --transport sse \
+   --transport http \
    --port 8080 \
    --dsn "oracle://username:password@localhost:1521/service_name"
 ```
 
 ```bash
-# Oracle example with thick mode for connecting to 11g or older 
+# Oracle example with thick mode for connecting to 11g or older
 docker run --rm --init \
    --name dbhub \
    --publish 8080:8080 \
    bytebase/dbhub-oracle-thick \
-   --transport sse \
+   --transport http \
    --port 8080 \
    --dsn "oracle://username:password@localhost:1521/service_name"
 ```
@@ -113,12 +113,12 @@ docker run --rm --init \
 
 ```bash
 # PostgreSQL example
-npx @bytebase/dbhub --transport sse --port 8080 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
+npx @bytebase/dbhub --transport http --port 8080 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
 ```
 
 ```bash
 # Demo mode with sample employee database
-npx @bytebase/dbhub --transport sse --port 8080 --demo
+npx @bytebase/dbhub --transport http --port 8080 --demo
 ```
 
 > Note: The demo mode includes a bundled SQLite sample "employee" database with tables for employees, departments, salaries, and more.
@@ -170,7 +170,7 @@ npx @bytebase/dbhub --transport sse --port 8080 --demo
 
 ![cursor](https://raw.githubusercontent.com/bytebase/dbhub/main/resources/images/cursor.webp)
 
-- Cursor supports both `stdio` and `sse`.
+- Cursor supports both `stdio` and `http`.
 - Follow [Cursor MCP guide](https://docs.cursor.com/context/model-context-protocol) and make sure to use [Agent](https://docs.cursor.com/chat/agent) mode.
 
 ## Usage
@@ -179,14 +179,14 @@ npx @bytebase/dbhub --transport sse --port 8080 --demo
 
 You can specify the SSL mode using the `sslmode` parameter in your DSN string:
 
-| Database   | `sslmode=disable` | `sslmode=require` | Default SSL Behavior |
-|------------|:----------------:|:----------------:|:-------------------:|
-| PostgreSQL | ✅ | ✅ | Certificate verification |
-| MySQL      | ✅ | ✅ | Certificate verification |
-| MariaDB    | ✅ | ✅ | Certificate verification |
-| SQL Server | ✅ | ✅ | Certificate verification |
-| Oracle     | ✅ | ✅ | N/A (use Oracle client config) |
-| SQLite     | ❌ | ❌ | N/A (file-based)        |
+| Database   | `sslmode=disable` | `sslmode=require` |      Default SSL Behavior      |
+| ---------- | :---------------: | :---------------: | :----------------------------: |
+| PostgreSQL |        ✅         |        ✅         |    Certificate verification    |
+| MySQL      |        ✅         |        ✅         |    Certificate verification    |
+| MariaDB    |        ✅         |        ✅         |    Certificate verification    |
+| SQL Server |        ✅         |        ✅         |    Certificate verification    |
+| Oracle     |        ✅         |        ✅         | N/A (use Oracle client config) |
+| SQLite     |        ❌         |        ❌         |        N/A (file-based)        |
 
 **SSL Mode Options:**
 
@@ -196,6 +196,7 @@ You can specify the SSL mode using the `sslmode` parameter in your DSN string:
 Without specifying `sslmode`, most databases default to certificate verification, which provides the highest level of security.
 
 Example usage:
+
 ```bash
 # Disable SSL
 postgres://user:password@localhost:5432/dbname?sslmode=disable
@@ -255,14 +256,14 @@ For real databases, a Database Source Name (DSN) is required. You can provide th
 
 DBHub supports the following database connection string formats:
 
-| Database   | DSN Format                                                | Example                                                                                                     |
-| ---------- | --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- |
-| MySQL      | `mysql://[user]:[password]@[host]:[port]/[database]`      | `mysql://user:password@localhost:3306/dbname?sslmode=disable`                                                               |
-| MariaDB    | `mariadb://[user]:[password]@[host]:[port]/[database]`    | `mariadb://user:password@localhost:3306/dbname?sslmode=disable`                                                             |
-| PostgreSQL | `postgres://[user]:[password]@[host]:[port]/[database]`   | `postgres://user:password@localhost:5432/dbname?sslmode=disable`                                            |
-| SQL Server | `sqlserver://[user]:[password]@[host]:[port]/[database]`  | `sqlserver://user:password@localhost:1433/dbname?sslmode=disable`                                           |
-| SQLite     | `sqlite:///[path/to/file]` or `sqlite:///:memory:`           | `sqlite:///path/to/database.db`, `sqlite:C:/Users/YourName/data/database.db (windows)` or `sqlite:///:memory:` |
-| Oracle     | `oracle://[user]:[password]@[host]:[port]/[service_name]` | `oracle://username:password@localhost:1521/service_name?sslmode=disable`                                     |
+| Database   | DSN Format                                                | Example                                                                                                        |
+| ---------- | --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
+| MySQL      | `mysql://[user]:[password]@[host]:[port]/[database]`      | `mysql://user:password@localhost:3306/dbname?sslmode=disable`                                                  |
+| MariaDB    | `mariadb://[user]:[password]@[host]:[port]/[database]`    | `mariadb://user:password@localhost:3306/dbname?sslmode=disable`                                                |
+| PostgreSQL | `postgres://[user]:[password]@[host]:[port]/[database]`   | `postgres://user:password@localhost:5432/dbname?sslmode=disable`                                               |
+| SQL Server | `sqlserver://[user]:[password]@[host]:[port]/[database]`  | `sqlserver://user:password@localhost:1433/dbname?sslmode=disable`                                              |
+| SQLite     | `sqlite:///[path/to/file]` or `sqlite:///:memory:`        | `sqlite:///path/to/database.db`, `sqlite:C:/Users/YourName/data/database.db (windows)` or `sqlite:///:memory:` |
+| Oracle     | `oracle://[user]:[password]@[host]:[port]/[service_name]` | `oracle://username:password@localhost:1521/service_name?sslmode=disable`                                       |
 
 #### Oracle
 
@@ -301,9 +302,9 @@ Extra query parameters:
   npx @bytebase/dbhub --transport stdio --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
   ```
 
-- **sse** - for browser and network clients:
+- **http** - for browser and network clients:
   ```bash
-  npx @bytebase/dbhub --transport sse --port 5678 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
+  npx @bytebase/dbhub --transport http --port 5678 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
   ```
 
 ### Command line options
@@ -312,8 +313,8 @@ Extra query parameters:
 | --------- | --------------------------------------------------------------- | ---------------------------- |
 | demo      | Run in demo mode with sample employee database                  | `false`                      |
 | dsn       | Database connection string                                      | Required if not in demo mode |
-| transport | Transport mode: `stdio` or `sse`                                | `stdio`                      |
-| port      | HTTP server port (only applicable when using `--transport=sse`) | `8080`                       |
+| transport | Transport mode: `stdio` or `http`                               | `stdio`                      |
+| port      | HTTP server port (only applicable when using `--transport=http`) | `8080`                       |
 | readonly  | Restrict SQL execution to read-only operations                  | `false`                      |
 
 The demo mode uses an in-memory SQLite database loaded with the [sample employee database](https://github.com/bytebase/dbhub/tree/main/resources/employee-sqlite) that includes tables for employees, departments, titles, salaries, department employees, and department managers. The sample database includes SQL scripts for table creation, data loading, and testing.
@@ -340,16 +341,17 @@ The demo mode uses an in-memory SQLite database loaded with the [sample employee
 
 ### Testing
 
-The project uses Vitest for testing:
+The project uses Vitest for comprehensive unit testing:
 
-- Run tests: `pnpm test`
-- Run tests in watch mode: `pnpm test:watch`
+- **Run all tests**: `pnpm test`
+- **Run tests in watch mode**: `pnpm test:watch`
 
 #### Pre-commit Hooks (for Developers)
 
 The project includes pre-commit hooks to run tests automatically before each commit:
 
 1. After cloning the repository, set up the pre-commit hooks:
+
    ```bash
    ./scripts/setup-husky.sh
    ```
@@ -365,17 +367,17 @@ The project includes pre-commit hooks to run tests automatically before each com
 TRANSPORT=stdio DSN="postgres://user:password@localhost:5432/dbname?sslmode=disable" npx @modelcontextprotocol/inspector node /path/to/dbhub/dist/index.js
 ```
 
-#### SSE
+#### HTTP
 
 ```bash
-# Start DBHub with SSE transport
-pnpm dev --transport=sse --port=8080
+# Start DBHub with HTTP transport
+pnpm dev --transport=http --port=8080
 
 # Start the MCP Inspector in another terminal
 npx @modelcontextprotocol/inspector
 ```
 
-Connect to the DBHub server `/sse` endpoint
+Connect to the DBHub server `/message` endpoint
 
 ## Contributors
 

package/dist/index.js

@@ -457,7 +457,26 @@ var PostgresConnector = class {
     }
     const client = await this.pool.connect();
     try {
-      return await client.query(sql2);
+      const statements = sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
+      if (statements.length === 1) {
+        return await client.query(statements[0]);
+      } else {
+        let allRows = [];
+        await client.query("BEGIN");
+        try {
+          for (const statement of statements) {
+            const result = await client.query(statement);
+            if (result.rows && result.rows.length > 0) {
+              allRows.push(...result.rows);
+            }
+          }
+          await client.query("COMMIT");
+        } catch (error) {
+          await client.query("ROLLBACK");
+          throw error;
+        }
+        return { rows: allRows };
+      }
     } finally {
       client.release();
     }
@@ -1004,8 +1023,31 @@ var SQLiteConnector = class {
       throw new Error("Not connected to SQLite database");
     }
     try {
-      const rows = this.db.prepare(sql2).all();
-      return { rows };
+      const statements = sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
+      if (statements.length === 1) {
+        const rows = this.db.prepare(statements[0]).all();
+        return { rows };
+      } else {
+        const readStatements = [];
+        const writeStatements = [];
+        for (const statement of statements) {
+          const trimmedStatement = statement.toLowerCase().trim();
+          if (trimmedStatement.startsWith("select") || trimmedStatement.startsWith("with") || trimmedStatement.startsWith("explain") || trimmedStatement.startsWith("analyze") || trimmedStatement.startsWith("pragma")) {
+            readStatements.push(statement);
+          } else {
+            writeStatements.push(statement);
+          }
+        }
+        if (writeStatements.length > 0) {
+          this.db.exec(writeStatements.join("; "));
+        }
+        let allRows = [];
+        for (const statement of readStatements) {
+          const result = this.db.prepare(statement).all();
+          allRows.push(...result);
+        }
+        return { rows: allRows };
+      }
     } catch (error) {
       throw error;
     }
@@ -1029,7 +1071,9 @@ var MySQLDSNParser = class {
         database: url.pathname ? url.pathname.substring(1) : "",
         // Remove leading '/' if exists
         user: url.username,
-        password: url.password
+        password: url.password,
+        multipleStatements: true
+        // Enable native multi-statement support
       };
       url.forEachSearchParam((value, key) => {
         if (key === "sslmode") {
@@ -1359,8 +1403,19 @@ var MySQLConnector = class {
       throw new Error("Not connected to database");
     }
     try {
-      const [rows, fields] = await this.pool.query(sql2);
-      return { rows, fields };
+      const results = await this.pool.query(sql2);
+      const [firstResult] = results;
+      if (Array.isArray(firstResult) && firstResult.length > 0 && Array.isArray(firstResult[0]) && firstResult[0].length === 2) {
+        let allRows = [];
+        for (const [rows, _fields] of firstResult) {
+          if (Array.isArray(rows)) {
+            allRows.push(...rows);
+          }
+        }
+        return { rows: allRows };
+      } else {
+        return { rows: Array.isArray(firstResult) ? firstResult : [] };
+      }
     } catch (error) {
       console.error("Error executing query:", error);
       throw error;
@@ -1385,7 +1440,9 @@ var MariadbDSNParser = class {
         database: url.pathname ? url.pathname.substring(1) : "",
         // Remove leading '/' if exists
         user: url.username,
-        password: url.password
+        password: url.password,
+        multipleStatements: true
+        // Enable native multi-statement support
       };
       url.forEachSearchParam((value, key) => {
         if (key === "sslmode") {
@@ -1716,8 +1773,19 @@ var MariaDBConnector = class {
       throw new Error("Not connected to database");
     }
     try {
-      const [rows, fields] = await this.pool.query(sql2);
-      return { rows, fields };
+      const results = await this.pool.query(sql2);
+      const [firstResult] = results;
+      if (Array.isArray(firstResult) && firstResult.length > 0 && Array.isArray(firstResult[0]) && firstResult[0].length === 2) {
+        let allRows = [];
+        for (const [rows, _fields] of firstResult) {
+          if (Array.isArray(rows)) {
+            allRows.push(...rows);
+          }
+        }
+        return { rows: allRows };
+      } else {
+        return { rows: Array.isArray(firstResult) ? firstResult : [] };
+      }
     } catch (error) {
       console.error("Error executing query:", error);
       throw error;
@@ -2228,7 +2296,7 @@ ConnectorRegistry.register(new OracleConnector());
 
 // src/server.ts
 import { McpServer as McpServer2 } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import express from "express";
 import path3 from "path";
@@ -2405,11 +2473,11 @@ function resolveDSN() {
 function resolveTransport() {
   const args = parseCommandLineArgs();
   if (args.transport) {
-    const type = args.transport === "sse" ? "sse" : "stdio";
+    const type = args.transport === "http" ? "http" : "stdio";
     return { type, source: "command line argument" };
   }
   if (process.env.TRANSPORT) {
-    const type = process.env.TRANSPORT === "sse" ? "sse" : "stdio";
+    const type = process.env.TRANSPORT === "http" ? "http" : "stdio";
     return { type, source: "environment variable" };
   }
   return { type: "stdio", source: "default" };
@@ -2836,18 +2904,25 @@ var allowedKeywords = {
 
 // src/tools/execute-sql.ts
 var executeSqlSchema = {
-  sql: z.string().describe("SQL query to execute (SELECT only)")
+  sql: z.string().describe("SQL query or multiple SQL statements to execute (separated by semicolons)")
 };
+function splitSQLStatements(sql2) {
+  return sql2.split(";").map((statement) => statement.trim()).filter((statement) => statement.length > 0);
+}
 function isReadOnlySQL(sql2, connectorType) {
   const normalizedSQL = sql2.trim().toLowerCase();
   const firstWord = normalizedSQL.split(/\s+/)[0];
   const keywordList = allowedKeywords[connectorType] || allowedKeywords.default || [];
   return keywordList.includes(firstWord);
 }
+function areAllStatementsReadOnly(sql2, connectorType) {
+  const statements = splitSQLStatements(sql2);
+  return statements.every((statement) => isReadOnlySQL(statement, connectorType));
+}
 async function executeSqlToolHandler({ sql: sql2 }, _extra) {
   const connector = ConnectorManager.getCurrentConnector();
   try {
-    if (isReadOnlyMode() && !isReadOnlySQL(sql2, connector.id)) {
+    if (isReadOnlyMode() && !areAllStatementsReadOnly(sql2, connector.id)) {
       return createToolErrorResponse(
         `Read-only mode is enabled. Only the following SQL operations are allowed: ${allowedKeywords[connector.id]?.join(", ") || "none"}`,
         "READONLY_VIOLATION"
@@ -3399,27 +3474,49 @@ See documentation for more details on configuring database connections.
       console.error(`Running in ${activeModes.join(" and ")} mode - ${modeDescriptions.join(", ")}`);
     }
     console.error(generateBanner(SERVER_VERSION, activeModes));
-    if (transportData.type === "sse") {
+    if (transportData.type === "http") {
       const app = express();
-      let transport;
-      app.get("/sse", async (req, res) => {
-        transport = new SSEServerTransport("/message", res);
-        console.error("Client connected", transport?.["_sessionId"]);
-        await server.connect(transport);
-        res.on("close", () => {
-          console.error("Client Disconnected", transport?.["_sessionId"]);
-        });
+      app.use(express.json());
+      app.use((req, res, next) => {
+        const origin = req.headers.origin;
+        if (origin && !origin.startsWith("http://localhost") && !origin.startsWith("https://localhost")) {
+          return res.status(403).json({ error: "Forbidden origin" });
+        }
+        res.header("Access-Control-Allow-Origin", origin || "http://localhost");
+        res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+        res.header("Access-Control-Allow-Headers", "Content-Type, Mcp-Session-Id");
+        res.header("Access-Control-Allow-Credentials", "true");
+        if (req.method === "OPTIONS") {
+          return res.sendStatus(200);
+        }
+        next();
       });
-      app.post("/message", async (req, res) => {
-        console.error("Client Message", transport?.["_sessionId"]);
-        await transport.handlePostMessage(req, res, req.body);
+      const transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => `session_${Date.now()}_${Math.random().toString(36).substring(7)}`,
+        onsessioninitialized: (sessionId) => {
+          console.error(`Session initialized: ${sessionId}`);
+        },
+        enableJsonResponse: false
+        // Use SSE streaming
+      });
+      await server.connect(transport);
+      app.all("/message", async (req, res) => {
+        try {
+          const parsedBody = req.method === "POST" ? req.body : void 0;
+          await transport.handleRequest(req, res, parsedBody);
+        } catch (error) {
+          console.error("Error handling request:", error);
+          if (!res.headersSent) {
+            res.status(500).json({ error: "Internal server error" });
+          }
+        }
       });
       const portData = resolvePort();
       const port = portData.port;
       console.error(`Port source: ${portData.source}`);
-      app.listen(port, () => {
+      app.listen(port, "localhost", () => {
         console.error(`DBHub server listening at http://localhost:${port}`);
-        console.error(`Connect to MCP server at http://localhost:${port}/sse`);
+        console.error(`Connect to MCP server at http://localhost:${port}/message`);
       });
     } else {
       const transport = new StdioServerTransport();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bytebase/dbhub",
-  "version": "0.4.11",
+  "version": "0.6.0",
   "description": "Universal Database MCP Server",
   "main": "dist/index.js",
   "type": "module",
@@ -17,7 +17,7 @@
   "license": "MIT",
   "dependencies": {
     "@azure/identity": "^4.8.0",
-    "@modelcontextprotocol/sdk": "^1.6.1",
+    "@modelcontextprotocol/sdk": "^1.12.1",
     "better-sqlite3": "^11.9.0",
     "dotenv": "^16.4.7",
     "express": "^4.18.2",