npm - @hoststack.dev/mcp - Versions diffs - 0.7.0 → 0.8.0 - Mend

@hoststack.dev/mcp 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/hoststack-mcp.js CHANGED Viewed

@@ -680,6 +680,45 @@ defineTool({
     return respond({ summary: `Database ${args2.database_id} (${type}) is ${status}.`, data });
   }
 });
+defineTool({
+  name: "query_database",
+  category: "databases",
+  description: [
+    "Run a single READ-ONLY SQL statement against a managed Postgres database.",
+    "",
+    "When to use: ad-hoc data inspection \u2014 checking row counts, sampling rows, debugging a constraint. For schema changes or seed data, ship a Drizzle migration instead.",
+    "",
+    "Safety model (server-side, not bypassable):",
+    '  - Wrapped in `BEGIN TRANSACTION READ ONLY` \u2014 INSERT/UPDATE/DELETE/DDL fail with a clear "cannot execute \u2026 in a read-only transaction" error.',
+    "  - 30s statement_timeout \u2014 runaway queries are killed.",
+    "  - 1000-row cap; result CSV is also size-capped at 1 MiB. Both surface via `truncated: true`.",
+    "  - Postgres engine only (v1). Other engines return a 400.",
+    "  - Single statement only; no embedded `;` and no psql meta-commands (`\\\u2026`).",
+    '  - Every call is audit-logged (success or failure) as `database.query` so an admin can answer "who queried this DB, when, with what SQL".',
+    "",
+    "Inputs:",
+    `  - database_id: publicId of the postgres database (e.g. "db_\u2026"). Resolved via the SDK's publicId helper.`,
+    "  - sql: a single SELECT/WITH/SHOW/EXPLAIN statement, no trailing `;`. Max 16 KiB.",
+    "",
+    "Returns: { columns: string[], rows: string[][], rowCount: number, truncated: boolean, durationMs: number }. Values come back as strings (psql --csv); cast on the caller side when needed.",
+    "",
+    "Examples:",
+    '  - query_database({ database_id: "db_abc", sql: "SELECT count(*) FROM users" }) \u2192 { columns: ["count"], rows: [["1234"]], \u2026 }',
+    `  - query_database({ database_id: "db_abc", sql: "SELECT id, email FROM users WHERE created_at > now() - interval '1 day' LIMIT 50" })`
+  ].join("\n"),
+  input: {
+    database_id: z5.string().describe("Database publicId (e.g. db_abc)."),
+    sql: z5.string().min(1).max(16384).describe(
+      "A single READ-ONLY SQL statement. No trailing `;`, no embedded `;`, no psql meta-commands."
+    )
+  },
+  handler: async (args2, ctx) => {
+    const teamId = await ctx.resolveTeamId();
+    const result = await ctx.hoststack.databases.query(teamId, args2.database_id, args2.sql);
+    const summary = result.truncated ? `Query returned ${result.rowCount} row${result.rowCount === 1 ? "" : "s"} (truncated; raise LIMIT if needed) in ${result.durationMs}ms.` : `Query returned ${result.rowCount} row${result.rowCount === 1 ? "" : "s"} in ${result.durationMs}ms.`;
+    return respond({ summary, data: result });
+  }
+});
 // src/tools/deploys.ts
 import { z as z6 } from "zod";