npm - @neverinfamous/mysql-mcp - Versions diffs - 2.2.0 → 2.3.1 - Mend

@neverinfamous/mysql-mcp 2.2.0 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (216) hide show

package/.github/workflows/codeql.yml +0 -8
package/.github/workflows/docker-publish.yml +11 -10
package/CHANGELOG.md +96 -0
package/CODE_MODE.md +245 -0
package/DOCKER_README.md +71 -254
package/Dockerfile +5 -0
package/README.md +102 -55
package/VERSION +1 -1
package/dist/adapters/mysql/MySQLAdapter.d.ts +4 -0
package/dist/adapters/mysql/MySQLAdapter.d.ts.map +1 -1
package/dist/adapters/mysql/MySQLAdapter.js +9 -0
package/dist/adapters/mysql/MySQLAdapter.js.map +1 -1
package/dist/adapters/mysql/prompts/index.d.ts +8 -1
package/dist/adapters/mysql/prompts/index.d.ts.map +1 -1
package/dist/adapters/mysql/prompts/index.js +8 -1
package/dist/adapters/mysql/prompts/index.js.map +1 -1
package/dist/adapters/mysql/prompts/routerSetup.d.ts.map +1 -1
package/dist/adapters/mysql/prompts/routerSetup.js +5 -0
package/dist/adapters/mysql/prompts/routerSetup.js.map +1 -1
package/dist/adapters/mysql/resources/capabilities.d.ts.map +1 -1
package/dist/adapters/mysql/resources/capabilities.js +6 -5
package/dist/adapters/mysql/resources/capabilities.js.map +1 -1
package/dist/adapters/mysql/resources/index.d.ts +9 -1
package/dist/adapters/mysql/resources/index.d.ts.map +1 -1
package/dist/adapters/mysql/resources/index.js +9 -1
package/dist/adapters/mysql/resources/index.js.map +1 -1
package/dist/adapters/mysql/tools/admin/backup.d.ts.map +1 -1
package/dist/adapters/mysql/tools/admin/backup.js +3 -3
package/dist/adapters/mysql/tools/admin/backup.js.map +1 -1
package/dist/adapters/mysql/tools/admin/maintenance.d.ts.map +1 -1
package/dist/adapters/mysql/tools/admin/maintenance.js +5 -5
package/dist/adapters/mysql/tools/admin/maintenance.js.map +1 -1
package/dist/adapters/mysql/tools/cluster/innodb-cluster.d.ts.map +1 -1
package/dist/adapters/mysql/tools/cluster/innodb-cluster.js +26 -5
package/dist/adapters/mysql/tools/cluster/innodb-cluster.js.map +1 -1
package/dist/adapters/mysql/tools/codemode/index.d.ts +38 -0
package/dist/adapters/mysql/tools/codemode/index.d.ts.map +1 -0
package/dist/adapters/mysql/tools/codemode/index.js +203 -0
package/dist/adapters/mysql/tools/codemode/index.js.map +1 -0
package/dist/adapters/mysql/tools/core.d.ts.map +1 -1
package/dist/adapters/mysql/tools/core.js +32 -20
package/dist/adapters/mysql/tools/core.js.map +1 -1
package/dist/adapters/mysql/tools/events.js +18 -6
package/dist/adapters/mysql/tools/events.js.map +1 -1
package/dist/adapters/mysql/tools/json/core.d.ts.map +1 -1
package/dist/adapters/mysql/tools/json/core.js +5 -5
package/dist/adapters/mysql/tools/json/core.js.map +1 -1
package/dist/adapters/mysql/tools/json/helpers.d.ts.map +1 -1
package/dist/adapters/mysql/tools/json/helpers.js +9 -3
package/dist/adapters/mysql/tools/json/helpers.js.map +1 -1
package/dist/adapters/mysql/tools/partitioning.d.ts.map +1 -1
package/dist/adapters/mysql/tools/partitioning.js +38 -6
package/dist/adapters/mysql/tools/partitioning.js.map +1 -1
package/dist/adapters/mysql/tools/performance/analysis.d.ts.map +1 -1
package/dist/adapters/mysql/tools/performance/analysis.js +67 -20
package/dist/adapters/mysql/tools/performance/analysis.js.map +1 -1
package/dist/adapters/mysql/tools/performance/optimization.d.ts.map +1 -1
package/dist/adapters/mysql/tools/performance/optimization.js +36 -6
package/dist/adapters/mysql/tools/performance/optimization.js.map +1 -1
package/dist/adapters/mysql/tools/security/data-protection.d.ts.map +1 -1
package/dist/adapters/mysql/tools/security/data-protection.js +9 -4
package/dist/adapters/mysql/tools/security/data-protection.js.map +1 -1
package/dist/adapters/mysql/tools/shell/common.d.ts.map +1 -1
package/dist/adapters/mysql/tools/shell/common.js +28 -2
package/dist/adapters/mysql/tools/shell/common.js.map +1 -1
package/dist/adapters/mysql/tools/shell/restore.d.ts.map +1 -1
package/dist/adapters/mysql/tools/shell/restore.js +54 -4
package/dist/adapters/mysql/tools/shell/restore.js.map +1 -1
package/dist/adapters/mysql/tools/spatial/operations.d.ts.map +1 -1
package/dist/adapters/mysql/tools/spatial/operations.js +10 -2
package/dist/adapters/mysql/tools/spatial/operations.js.map +1 -1
package/dist/adapters/mysql/tools/spatial/setup.d.ts.map +1 -1
package/dist/adapters/mysql/tools/spatial/setup.js +18 -0
package/dist/adapters/mysql/tools/spatial/setup.js.map +1 -1
package/dist/adapters/mysql/tools/sysschema/resources.d.ts.map +1 -1
package/dist/adapters/mysql/tools/sysschema/resources.js +5 -0
package/dist/adapters/mysql/tools/sysschema/resources.js.map +1 -1
package/dist/adapters/mysql/tools/text/fulltext.d.ts.map +1 -1
package/dist/adapters/mysql/tools/text/fulltext.js +6 -4
package/dist/adapters/mysql/tools/text/fulltext.js.map +1 -1
package/dist/adapters/mysql/tools/text/processing.d.ts.map +1 -1
package/dist/adapters/mysql/tools/text/processing.js +10 -45
package/dist/adapters/mysql/tools/text/processing.js.map +1 -1
package/dist/adapters/mysql/tools/transactions.d.ts.map +1 -1
package/dist/adapters/mysql/tools/transactions.js +8 -8
package/dist/adapters/mysql/tools/transactions.js.map +1 -1
package/dist/adapters/mysql/types.d.ts +968 -78
package/dist/adapters/mysql/types.d.ts.map +1 -1
package/dist/adapters/mysql/types.js +1084 -78
package/dist/adapters/mysql/types.js.map +1 -1
package/dist/auth/scopes.d.ts.map +1 -1
package/dist/auth/scopes.js +1 -0
package/dist/auth/scopes.js.map +1 -1
package/dist/cli/args.d.ts.map +1 -1
package/dist/cli/args.js +12 -0
package/dist/cli/args.js.map +1 -1
package/dist/codemode/api.d.ts +69 -0
package/dist/codemode/api.d.ts.map +1 -0
package/dist/codemode/api.js +1035 -0
package/dist/codemode/api.js.map +1 -0
package/dist/codemode/index.d.ts +13 -0
package/dist/codemode/index.d.ts.map +1 -0
package/dist/codemode/index.js +17 -0
package/dist/codemode/index.js.map +1 -0
package/dist/codemode/sandbox-factory.d.ts +72 -0
package/dist/codemode/sandbox-factory.d.ts.map +1 -0
package/dist/codemode/sandbox-factory.js +88 -0
package/dist/codemode/sandbox-factory.js.map +1 -0
package/dist/codemode/sandbox.d.ts +96 -0
package/dist/codemode/sandbox.d.ts.map +1 -0
package/dist/codemode/sandbox.js +345 -0
package/dist/codemode/sandbox.js.map +1 -0
package/dist/codemode/security.d.ts +44 -0
package/dist/codemode/security.d.ts.map +1 -0
package/dist/codemode/security.js +149 -0
package/dist/codemode/security.js.map +1 -0
package/dist/codemode/types.d.ts +137 -0
package/dist/codemode/types.d.ts.map +1 -0
package/dist/codemode/types.js +46 -0
package/dist/codemode/types.js.map +1 -0
package/dist/codemode/worker-sandbox.d.ts +82 -0
package/dist/codemode/worker-sandbox.d.ts.map +1 -0
package/dist/codemode/worker-sandbox.js +244 -0
package/dist/codemode/worker-sandbox.js.map +1 -0
package/dist/codemode/worker-script.d.ts +8 -0
package/dist/codemode/worker-script.d.ts.map +1 -0
package/dist/codemode/worker-script.js +113 -0
package/dist/codemode/worker-script.js.map +1 -0
package/dist/constants/ServerInstructions.d.ts +1 -1
package/dist/constants/ServerInstructions.d.ts.map +1 -1
package/dist/constants/ServerInstructions.js +33 -9
package/dist/constants/ServerInstructions.js.map +1 -1
package/dist/filtering/ToolConstants.d.ts +11 -11
package/dist/filtering/ToolConstants.d.ts.map +1 -1
package/dist/filtering/ToolConstants.js +37 -19
package/dist/filtering/ToolConstants.js.map +1 -1
package/dist/filtering/ToolFilter.d.ts.map +1 -1
package/dist/filtering/ToolFilter.js +12 -0
package/dist/filtering/ToolFilter.js.map +1 -1
package/dist/server/McpServer.js +1 -1
package/dist/server/McpServer.js.map +1 -1
package/dist/types/modules/server.d.ts +2 -0
package/dist/types/modules/server.d.ts.map +1 -1
package/dist/types/modules/tools.d.ts +1 -1
package/dist/types/modules/tools.d.ts.map +1 -1
package/dist/utils/logger.d.ts +1 -1
package/dist/utils/logger.d.ts.map +1 -1
package/dist/utils/logger.js.map +1 -1
package/package.json +12 -7
package/releases/v2.2.0-release-notes.md +18 -18
package/releases/v2.3.0-release-notes.md +191 -0
package/releases/v2.3.1-release-notes.md +34 -0
package/src/__tests__/perf.test.ts +12 -12
package/src/adapters/mysql/MySQLAdapter.ts +10 -0
package/src/adapters/mysql/__tests__/MySQLAdapter.test.ts +1 -1
package/src/adapters/mysql/prompts/index.ts +8 -1
package/src/adapters/mysql/prompts/routerSetup.ts +5 -0
package/src/adapters/mysql/resources/__tests__/capabilities.test.ts +50 -1
package/src/adapters/mysql/resources/capabilities.ts +6 -4
package/src/adapters/mysql/resources/index.ts +9 -1
package/src/adapters/mysql/tools/__tests__/core.test.ts +68 -0
package/src/adapters/mysql/tools/__tests__/events.test.ts +56 -2
package/src/adapters/mysql/tools/__tests__/json_core.test.ts +1 -1
package/src/adapters/mysql/tools/__tests__/json_helpers.test.ts +46 -4
package/src/adapters/mysql/tools/__tests__/replication.test.ts +144 -42
package/src/adapters/mysql/tools/__tests__/security.test.ts +39 -0
package/src/adapters/mysql/tools/__tests__/spatial.test.ts +39 -7
package/src/adapters/mysql/tools/__tests__/spatial_handler.test.ts +35 -3
package/src/adapters/mysql/tools/__tests__/transactions.test.ts +3 -5
package/src/adapters/mysql/tools/admin/backup.ts +8 -3
package/src/adapters/mysql/tools/admin/maintenance.ts +8 -4
package/src/adapters/mysql/tools/cluster/__tests__/innodb-cluster.test.ts +35 -0
package/src/adapters/mysql/tools/cluster/innodb-cluster.ts +26 -5
package/src/adapters/mysql/tools/codemode/index.ts +249 -0
package/src/adapters/mysql/tools/core.ts +44 -27
package/src/adapters/mysql/tools/events.ts +23 -7
package/src/adapters/mysql/tools/json/__tests__/helpers.test.ts +59 -14
package/src/adapters/mysql/tools/json/core.ts +8 -4
package/src/adapters/mysql/tools/json/helpers.ts +13 -3
package/src/adapters/mysql/tools/partitioning.ts +53 -6
package/src/adapters/mysql/tools/performance/__tests__/analysis.test.ts +227 -4
package/src/adapters/mysql/tools/performance/__tests__/optimization.test.ts +35 -0
package/src/adapters/mysql/tools/performance/analysis.ts +75 -21
package/src/adapters/mysql/tools/performance/optimization.ts +44 -6
package/src/adapters/mysql/tools/security/data-protection.ts +10 -4
package/src/adapters/mysql/tools/shell/__tests__/common.test.ts +46 -0
package/src/adapters/mysql/tools/shell/__tests__/restore.test.ts +28 -1
package/src/adapters/mysql/tools/shell/common.ts +34 -2
package/src/adapters/mysql/tools/shell/restore.ts +70 -7
package/src/adapters/mysql/tools/spatial/__tests__/operations.test.ts +29 -0
package/src/adapters/mysql/tools/spatial/operations.ts +13 -2
package/src/adapters/mysql/tools/spatial/setup.ts +23 -0
package/src/adapters/mysql/tools/sysschema/__tests__/resources.test.ts +21 -0
package/src/adapters/mysql/tools/sysschema/resources.ts +5 -0
package/src/adapters/mysql/tools/text/fulltext.ts +13 -5
package/src/adapters/mysql/tools/text/processing.ts +20 -49
package/src/adapters/mysql/tools/transactions.ts +11 -7
package/src/adapters/mysql/types.ts +1241 -87
package/src/auth/scopes.ts +1 -0
package/src/cli/args.ts +14 -0
package/src/codemode/api.ts +1224 -0
package/src/codemode/index.ts +51 -0
package/src/codemode/sandbox-factory.ts +146 -0
package/src/codemode/sandbox.ts +450 -0
package/src/codemode/security.ts +188 -0
package/src/codemode/types.ts +194 -0
package/src/codemode/worker-sandbox.ts +326 -0
package/src/codemode/worker-script.ts +144 -0
package/src/constants/ServerInstructions.ts +33 -9
package/src/filtering/ToolConstants.ts +37 -19
package/src/filtering/ToolFilter.ts +15 -0
package/src/filtering/__tests__/ToolFilter.test.ts +65 -38
package/src/server/McpServer.ts +1 -1
package/src/types/modules/server.ts +3 -0
package/src/types/modules/tools.ts +2 -1
package/src/utils/logger.ts +2 -1

package/DOCKER_README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # MySQL MCP Server
-**Last Updated: February 8, 2026**
+**Last Updated February 18, 2026**
 [![GitHub](https://img.shields.io/badge/GitHub-neverinfamous/mysql--mcp-blue?logo=github)](https://github.com/neverinfamous/mysql-mcp)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
@@ -9,8 +9,8 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/writenotenow/mysql-mcp)](https://hub.docker.com/r/writenotenow/mysql-mcp)
 [![Security](https://img.shields.io/badge/Security-Enhanced-green.svg)](SECURITY.md)
 ![TypeScript](https://img.shields.io/badge/TypeScript-Strict-blue.svg)
-![Tests](https://img.shields.io/badge/Tests-1794%20passing-brightgreen.svg)
-![Coverage](https://img.shields.io/badge/Coverage-94%25-green.svg)
+![Tests](https://img.shields.io/badge/Tests-1835%20passing-brightgreen.svg)
+![Coverage](https://img.shields.io/badge/Coverage-86%25-green.svg)
 **[📚 Full Documentation (Wiki)](https://github.com/neverinfamous/mysql-mcp/wiki)** • **[Changelog](https://github.com/neverinfamous/mysql-mcp/blob/master/CHANGELOG.md)** • **[Security](https://github.com/neverinfamous/mysql-mcp/blob/master/SECURITY.md)** • **[Release Article](https://adamic.tech/articles/mysql-mcp-server)**
@@ -22,17 +22,17 @@
 | Feature                        | Description                                                                                                                                                       |
 | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **192 Specialized Tools**      | The largest MySQL tool collection for MCP — from core CRUD and native JSON functions (MySQL 5.7+) to advanced spatial/GIS, document store, and cluster management |
+| **193 Specialized Tools**      | The largest MySQL tool collection for MCP — from core CRUD and native JSON functions (MySQL 5.7+) to advanced spatial/GIS, document store, and cluster management |
 | **18 Observability Resources** | Real-time schema, performance metrics, process lists, status variables, replication status, and InnoDB diagnostics                                                |
 | **19 AI-Powered Prompts**      | Guided workflows for query building, schema design, performance tuning, and infrastructure setup                                                                  |
 | **OAuth 2.1 + Access Control** | Enterprise-ready security with RFC 9728/8414 compliance, granular scopes (`read`, `write`, `admin`, `full`, `db:*`, `table:*:*`), and Keycloak integration        |
-| **Smart Tool Filtering**       | 24 tool groups + 7 meta-groups let you stay within IDE limits while exposing exactly what you need                                                                |
+| **Smart Tool Filtering**       | 25 tool groups + 11 shortcuts let you stay within IDE limits while exposing exactly what you need                                                                 |
 | **HTTP Streaming Transport**   | SSE-based streaming with `/sse`, `/messages`, and `/health` endpoints for remote deployments                                                                      |
 | **High-Performance Pooling**   | Built-in connection pooling for efficient, concurrent database access                                                                                             |
 | **Ecosystem Integrations**     | First-class support for **MySQL Router**, **ProxySQL**, and **MySQL Shell** utilities                                                                             |
 | **Advanced Encryption**        | Full TLS/SSL support for secure connections, plus tools for managing data masking, encryption monitoring, and compliance                                          |
 | **Production-Ready Security**  | SQL injection protection, parameterized queries, input validation, and audit capabilities                                                                         |
-| **Strict TypeScript**          | 100% type-safe codebase with 1794 tests and 94% coverage                                                                                                          |
+| **Strict TypeScript**          | 100% type-safe codebase with 1833 tests and 86% coverage                                                                                                          |
 | **MCP 2025-11-25 Compliant**   | Full protocol support with tool safety hints, resource priorities, and progress notifications                                                                     |
 ---
@@ -50,13 +50,18 @@
 #### NPM (Recommended)
 ```bash
-# Install globally
 npm install -g @neverinfamous/mysql-mcp
+```
+Run the server:
-# Run
+```bash
 mysql-mcp --transport stdio --mysql mysql://user:password@localhost:3306/database
+```
-# Or use npx without installing
+Or use npx without installing:
+```bash
 npx @neverinfamous/mysql-mcp --transport stdio --mysql mysql://user:password@localhost:3306/database
 ```
@@ -116,14 +121,19 @@ mysql-mcp --mysql mysql://root:pass@localhost/db \
 **Start the HTTP server:**
+Local installation:
 ```bash
-# Local installation
-node dist/cli.js --transport http --port 3000 --mysql mysql://user:password@localhost:3306/database
+node dist/cli.js --transport http --port 3000 --server-host 0.0.0.0 --mysql mysql://user:password@localhost:3306/database
+```
+Docker (expose port 3000):
-# Docker (expose port 3000)
+```bash
 docker run -p 3000:3000 writenotenow/mysql-mcp \
   --transport http \
   --port 3000 \
+  --server-host 0.0.0.0 \
   --mysql mysql://user:password@host.docker.internal:3306/database
 ```
@@ -190,51 +200,30 @@ docker run -p 3000:3000 writenotenow/mysql-mcp \
 | **MySQL in Docker**       | Container name or network | `mysql://user:pass@mysql-container:3306/db`      |
 | **Remote/Cloud MySQL**    | Hostname or IP            | `mysql://user:pass@db.example.com:3306/db`       |
-### MySQL on Host Machine
-If MySQL is installed directly on your computer (via installer, Homebrew, etc.):
-```json
-"--mysql", "mysql://user:password@host.docker.internal:3306/database"
-```
-### MySQL in Another Docker Container
-Add both containers to the same Docker network, then use the container name:
-```bash
-# Create network and run MySQL
-docker network create mynet
-docker run -d --name mysql-db --network mynet -e MYSQL_ROOT_PASSWORD=pass mysql:8
-# Run MCP server on same network
-docker run -i --rm --network mynet writenotenow/mysql-mcp:latest \
-  --transport stdio --mysql mysql://root:pass@mysql-db:3306/mysql
-```
+> **Tip:** For remote connections, ensure your MySQL server allows connections from Docker's IP range and that firewalls/security groups permit port 3306.
-### Remote/Cloud MySQL (RDS, Cloud SQL, etc.)
+---
-Use the remote hostname directly:
+## Code Mode: Maximum Efficiency
-```json
-"--mysql", "mysql://user:password@your-instance.region.rds.amazonaws.com:3306/database"
-```
+Code Mode (`mysql_execute_code`) dramatically reduces token usage (70–90%) and is included by default in all presets.
-| Provider         | Example Hostname                                 |
-| ---------------- | ------------------------------------------------ |
-| AWS RDS          | `your-instance.xxxx.us-east-1.rds.amazonaws.com` |
-| Google Cloud SQL | `project:region:instance` (via Cloud SQL Proxy)  |
-| Azure MySQL      | `your-server.mysql.database.azure.com`           |
-| PlanetScale      | `aws.connect.psdb.cloud` (SSL required)          |
-| DigitalOcean     | `your-cluster-do-user-xxx.db.ondigitalocean.com` |
+> [!TIP]
+> **Maximize Token Savings:** For the best results, instruct your AI agent to prefer Code Mode over individual tool calls. Add a rule like this to your agent's prompt or system configuration:
+>
+> _"When using mysql-mcp, prefer `mysql_execute_code` (Code Mode) for multi-step database operations to minimize token usage."_
+>
+> This ensures the agent batches operations into single calls instead of making many individual tool calls. See the [Code Mode wiki](https://github.com/neverinfamous/mysql-mcp/wiki/Code-Mode) for full API documentation.
-> **Tip:** For remote connections, ensure your MySQL server allows connections from Docker's IP range and that firewalls/security groups permit port 3306.
+> [!NOTE]
+> **AntiGravity Users:** Server instructions are automatically sent to MCP clients during initialization. However, AntiGravity does not currently support MCP server instructions. For optimal Code Mode usage in AntiGravity, manually provide the contents of [`src/constants/ServerInstructions.ts`](https://github.com/neverinfamous/mysql-mcp/blob/master/src/constants/ServerInstructions.ts) to the agent in your prompt or user rules.
 ---
 ## 🛠️ Tool Filtering
 > [!IMPORTANT]
-> **AI IDEs like Cursor have tool limits (typically 40-50 tools).** With 192 tools available, you MUST use tool filtering to stay within your IDE's limits. We recommend `starter` (38 tools) as a starting point.
+> **AI IDEs like Cursor have tool limits (typically 40-50 tools).** With 193 tools available, you MUST use tool filtering to stay within your IDE's limits. We recommend `starter` (39 tools) as a starting point. Code Mode is included in all presets by default for 70-90% token savings on multi-step operations.
 ### What Can You Filter?
@@ -242,28 +231,28 @@ The `--tool-filter` argument accepts **shortcuts**, **groups**, or **tool names*
 | Filter Pattern   | Example                     | Tools | Description               |
 | ---------------- | --------------------------- | ----- | ------------------------- |
-| Shortcut only    | `starter`                   | 38    | Use a predefined bundle   |
+| Shortcut only    | `starter`                   | 39    | Use a predefined bundle   |
 | Groups only      | `core,json,transactions`    | 32    | Combine individual groups |
-| Shortcut + Group | `starter,spatial`           | 50    | Extend a shortcut         |
-| Shortcut - Tool  | `starter,-mysql_drop_table` | 37    | Remove specific tools     |
+| Shortcut + Group | `starter,spatial`           | 51    | Extend a shortcut         |
+| Shortcut - Tool  | `starter,-mysql_drop_table` | 38    | Remove specific tools     |
 ### Shortcuts (Predefined Bundles)
-| Shortcut        | Tools  | Use Case           | What's Included                                          |
-| --------------- | ------ | ------------------ | -------------------------------------------------------- |
-| `starter`       | **38** | 🌟 **Recommended** | core, json, transactions, text                           |
-| `essential`     | 15     | Minimal footprint  | core, transactions                                       |
-| `dev-power`     | 46     | Power Developer    | core, schema, performance, stats, fulltext, transactions |
-| `ai-data`       | 45     | AI Data Analyst    | core, json, docstore, text, fulltext                     |
-| `ai-spatial`    | 43     | AI Spatial Analyst | core, spatial, stats, performance, transactions          |
-| `dba-monitor`   | 35     | DBA Monitoring     | core, monitoring, performance, sysschema, optimization   |
-| `dba-manage`    | 33     | DBA Management     | core, admin, backup, replication, partitioning, events   |
-| `dba-secure`    | 32     | DBA Security       | core, security, roles, transactions                      |
-| `base-core`     | 48     | Base Ops           | core, json, transactions, text, schema                   |
-| `base-advanced` | 40     | Advanced Features  | docstore, spatial, stats, fulltext, events               |
-| `ecosystem`     | 41     | External Tools     | cluster, proxysql, router, shell                         |
-### Tool Groups (24 Available)
+| Shortcut        | Tools  | Use Case           | What's Included                                                    |
+| --------------- | ------ | ------------------ | ------------------------------------------------------------------ |
+| `starter`       | **39** | 🌟 **Recommended** | core, json, transactions, text, codemode                           |
+| `essential`     | 16     | Minimal footprint  | core, transactions, codemode                                       |
+| `dev-power`     | 47     | Power Developer    | core, schema, performance, stats, fulltext, transactions, codemode |
+| `ai-data`       | 46     | AI Data Analyst    | core, json, docstore, text, fulltext, codemode                     |
+| `ai-spatial`    | 44     | AI Spatial Analyst | core, spatial, stats, performance, transactions, codemode          |
+| `dba-monitor`   | 36     | DBA Monitoring     | core, monitoring, performance, sysschema, optimization, codemode   |
+| `dba-manage`    | 34     | DBA Management     | core, admin, backup, replication, partitioning, events, codemode   |
+| `dba-secure`    | 33     | DBA Security       | core, security, roles, transactions, codemode                      |
+| `base-core`     | 49     | Base Ops           | core, json, transactions, text, schema, codemode                   |
+| `base-advanced` | 41     | Advanced Features  | docstore, spatial, stats, fulltext, events, codemode               |
+| `ecosystem`     | 42     | External Tools     | cluster, proxysql, router, shell, codemode                         |
+### Tool Groups (25 Available)
 | Group          | Tools | Description                              |
 | -------------- | ----- | ---------------------------------------- |
@@ -291,131 +280,11 @@ The `--tool-filter` argument accepts **shortcuts**, **groups**, or **tool names*
 | `cluster`      | 10    | Group Replication, InnoDB Cluster        |
 | `proxysql`     | 12    | ProxySQL management                      |
 | `router`       | 9     | MySQL Router REST API                    |
+| `codemode`     | 1     | Sandboxed code execution                 |
 ---
-### Quick Start: Recommended IDE Configuration
-Add one of these configurations to your IDE's MCP settings file (e.g., `cline_mcp_settings.json`, `.cursorrules`, or equivalent):
-#### Option 1: Starter (38 Essential Tools)
-**Best for:** General MySQL database work - CRUD operations, schema management, and monitoring.
-```json
-{
-  "mcpServers": {
-    "mysql-mcp": {
-      "command": "node",
-      "args": [
-        "/path/to/mysql-mcp/dist/cli.js",
-        "--transport",
-        "stdio",
-        "--tool-filter",
-        "starter"
-      ],
-      "env": {
-        "MYSQL_HOST": "localhost",
-        "MYSQL_PORT": "3306",
-        "MYSQL_USER": "your_username",
-        "MYSQL_PASSWORD": "your_password",
-        "MYSQL_DATABASE": "your_database"
-      }
-    }
-  }
-}
-```
-#### Option 2: Cluster (10 Tools for InnoDB Cluster Monitoring)
-**Best for:** Monitoring InnoDB Cluster, Group Replication status, and cluster topology.
-> **⚠️ Prerequisites:**
->
-> - **InnoDB Cluster** must be configured and running with Group Replication enabled
-> - Connect to a cluster node directly (e.g., `localhost:3307`) — NOT a standalone MySQL instance
-> - Use `cluster_admin` or `root` user with appropriate privileges
-> - See [MySQL Ecosystem Setup Guide](https://github.com/neverinfamous/mysql-mcp/wiki/MySQL-Ecosystem-Setup) for cluster setup instructions
-```json
-{
-  "mcpServers": {
-    "mysql-mcp-cluster": {
-      "command": "node",
-      "args": [
-        "/path/to/mysql-mcp/dist/cli.js",
-        "--transport",
-        "stdio",
-        "--tool-filter",
-        "cluster"
-      ],
-      "env": {
-        "MYSQL_HOST": "localhost",
-        "MYSQL_PORT": "3307",
-        "MYSQL_USER": "cluster_admin",
-        "MYSQL_PASSWORD": "cluster_password",
-        "MYSQL_DATABASE": "mysql"
-      }
-    }
-  }
-}
-```
-#### Option 3: Ecosystem (41 Tools for InnoDB Cluster Deployments)
-**Best for:** MySQL Router, ProxySQL, MySQL Shell, and InnoDB Cluster deployments.
-> **⚠️ Prerequisites:**
->
-> - **InnoDB Cluster** with MySQL Router requires the cluster to be running for Router REST API authentication (uses `metadata_cache` backend)
-> - Router REST API uses HTTPS with self-signed certificates by default — set `MYSQL_ROUTER_INSECURE=true` to bypass certificate verification
-> - **X Protocol:** InnoDB Cluster includes the MySQL X Plugin by default. Set `MYSQL_XPORT` to the Router's X Protocol port (e.g., `6448`) for `mysqlsh_import_json` and `docstore` tools
-> - See [MySQL Ecosystem Setup Guide](https://github.com/neverinfamous/mysql-mcp/wiki/MySQL-Ecosystem-Setup) for detailed instructions
-```json
-{
-  "mcpServers": {
-    "mysql-mcp-ecosystem": {
-      "command": "node",
-      "args": [
-        "/path/to/mysql-mcp/dist/cli.js",
-        "--transport",
-        "stdio",
-        "--tool-filter",
-        "ecosystem"
-      ],
-      "env": {
-        "MYSQL_HOST": "localhost",
-        "MYSQL_PORT": "3307",
-        "MYSQL_XPORT": "6448",
-        "MYSQL_USER": "cluster_admin",
-        "MYSQL_PASSWORD": "cluster_password",
-        "MYSQL_DATABASE": "testdb",
-        "MYSQL_ROUTER_URL": "https://localhost:8443",
-        "MYSQL_ROUTER_USER": "rest_api",
-        "MYSQL_ROUTER_PASSWORD": "router_password",
-        "MYSQL_ROUTER_INSECURE": "true",
-        "PROXYSQL_HOST": "localhost",
-        "PROXYSQL_PORT": "6032",
-        "PROXYSQL_USER": "radmin",
-        "PROXYSQL_PASSWORD": "radmin",
-        "MYSQLSH_PATH": "/usr/local/bin/mysqlsh"
-      }
-    }
-  }
-}
-```
-**Customization Notes:**
-- Replace `/path/to/mysql-mcp/` with your actual installation path
-- Update credentials with your actual values
-- For Windows: Use forward slashes (e.g., `C:/mysql-mcp/dist/cli.js`) or escape backslashes
-- For Windows MySQL Shell: `"MYSQLSH_PATH": "C:\\Program Files\\MySQL\\MySQL Shell 9.5\\bin\\mysqlsh.exe"`
-- **Router Authentication:** Router REST API authenticates against the InnoDB Cluster metadata. The cluster must be running for authentication to work.
-- **Cluster Resource:** The `mysql://cluster` resource is only available when connected to an InnoDB Cluster node
-> **📖 See the [Tool Filtering Wiki](https://github.com/neverinfamous/mysql-mcp/wiki/Tool-Filtering)** for advanced examples.
+> **📖 See the [Tool Filtering Wiki](https://github.com/neverinfamous/mysql-mcp/wiki/Tool-Filtering)** for IDE configuration examples and advanced usage.
 ---
@@ -430,56 +299,13 @@ For debugging or manual reference, see the source: [`src/constants/ServerInstruc
 ## 🤖 AI-Powered Prompts
-This server includes **19 intelligent prompts** for guided workflows:
-| Prompt                        | Description                                            |
-| ----------------------------- | ------------------------------------------------------ |
-| `mysql_query_builder`         | Construct SQL queries with security best practices     |
-| `mysql_schema_design`         | Design table schemas with indexes and relationships    |
-| `mysql_performance_analysis`  | Analyze slow queries with optimization recommendations |
-| `mysql_migration`             | Generate migration scripts with rollback options       |
-| `mysql_database_health_check` | Comprehensive database health assessment               |
-| `mysql_backup_strategy`       | Enterprise backup planning with RTO/RPO                |
-| `mysql_index_tuning`          | Index analysis and optimization workflow               |
-| `mysql_setup_router`          | MySQL Router configuration guide                       |
-| `mysql_setup_proxysql`        | ProxySQL configuration guide                           |
-| `mysql_setup_replication`     | Replication setup guide                                |
-| `mysql_setup_shell`           | MySQL Shell usage guide                                |
-| `mysql_tool_index`            | Complete tool index with categories                    |
-| `mysql_quick_query`           | Quick query execution shortcut                         |
-| `mysql_quick_schema`          | Quick schema exploration                               |
-| **`mysql_setup_events`**      | Event Scheduler setup guide                            |
-| **`mysql_sys_schema_guide`**  | sys schema usage and diagnostics                       |
-| **`mysql_setup_spatial`**     | Spatial/GIS data setup guide                           |
-| **`mysql_setup_cluster`**     | InnoDB Cluster/Group Replication guide                 |
-| **`mysql_setup_docstore`**    | Document Store / X DevAPI guide                        |
+**19 intelligent prompts** for guided workflows including query building, schema design, performance analysis, migration planning, backup strategy, index tuning, and ecosystem setup (Router, ProxySQL, Replication, Shell, Cluster, Spatial, Events, Document Store).
 ---
 ## 📊 Resources
-This server exposes **18 resources** for database observability:
-| Resource                | Description                                 |
-| ----------------------- | ------------------------------------------- |
-| `mysql://schema`        | Full database schema                        |
-| `mysql://tables`        | Table listing with metadata                 |
-| `mysql://variables`     | Server configuration variables              |
-| `mysql://status`        | Server status metrics                       |
-| `mysql://processlist`   | Active connections and queries              |
-| `mysql://pool`          | Connection pool statistics                  |
-| `mysql://capabilities`  | Server version, features, tool categories   |
-| `mysql://health`        | Comprehensive health status                 |
-| `mysql://performance`   | Query performance metrics                   |
-| `mysql://indexes`       | Index usage and statistics                  |
-| `mysql://replication`   | Replication status and lag                  |
-| `mysql://innodb`        | InnoDB buffer pool and engine metrics       |
-| **`mysql://events`**    | Event Scheduler status and scheduled events |
-| **`mysql://sysschema`** | sys schema diagnostics summary              |
-| **`mysql://locks`**     | InnoDB lock contention detection            |
-| **`mysql://cluster`**   | Group Replication/InnoDB Cluster status     |
-| **`mysql://spatial`**   | Spatial columns and indexes                 |
-| **`mysql://docstore`**  | Document Store collections                  |
+**18 real-time resources** for database observability: schema, tables, variables, status, processlist, connection pool, capabilities, health, performance, indexes, replication, InnoDB metrics, events, sys schema, locks, cluster status, spatial metadata, and document store collections.
 ---
@@ -497,6 +323,8 @@ For specialized setups, see these Wiki pages:
 ## ⚡ Performance Tuning
+Schema metadata is cached to reduce repeated queries during tool/resource invocations.
 | Variable                | Default | Description                                        |
 | ----------------------- | ------- | -------------------------------------------------- |
 | `METADATA_CACHE_TTL_MS` | `30000` | Cache TTL for schema metadata (milliseconds)       |
@@ -504,17 +332,20 @@ For specialized setups, see these Wiki pages:
 > **Tip:** Lower `METADATA_CACHE_TTL_MS` for development (e.g., `5000`), or increase it for production with stable schemas (e.g., `300000` = 5 min).
+> **Built-in payload optimization:** Many tools support optional `summary: true` for condensed responses and `limit` parameters to cap result sizes. These are particularly useful for cluster status, monitoring, and sys schema tools where full responses can be large. See [`ServerInstructions.ts`](https://github.com/neverinfamous/mysql-mcp/blob/master/src/constants/ServerInstructions.ts) for per-tool details.
 ---
 ### CLI Options
-| Option                    | Environment Variable    | Description                 |
-| ------------------------- | ----------------------- | --------------------------- |
-| `--oauth-enabled`         | `OAUTH_ENABLED`         | Enable OAuth authentication |
-| `--oauth-issuer`          | `OAUTH_ISSUER`          | Authorization server URL    |
-| `--oauth-audience`        | `OAUTH_AUDIENCE`        | Expected token audience     |
-| `--oauth-jwks-uri`        | `OAUTH_JWKS_URI`        | JWKS URI (auto-discovered)  |
-| `--oauth-clock-tolerance` | `OAUTH_CLOCK_TOLERANCE` | Clock tolerance in seconds  |
+| Option                    | Environment Variable    | Description                                         |
+| ------------------------- | ----------------------- | --------------------------------------------------- |
+| `--server-host`           | `MCP_HOST`              | Host to bind HTTP transport to (default: localhost) |
+| `--oauth-enabled`         | `OAUTH_ENABLED`         | Enable OAuth authentication                         |
+| `--oauth-issuer`          | `OAUTH_ISSUER`          | Authorization server URL                            |
+| `--oauth-audience`        | `OAUTH_AUDIENCE`        | Expected token audience                             |
+| `--oauth-jwks-uri`        | `OAUTH_JWKS_URI`        | JWKS URI (auto-discovered)                          |
+| `--oauth-clock-tolerance` | `OAUTH_CLOCK_TOLERANCE` | Clock tolerance in seconds                          |
 ### Scopes
@@ -529,20 +360,6 @@ For specialized setups, see these Wiki pages:
 ---
-## Contributing
-Contributions are welcome! Please read our [Contributing Guidelines](CONTRIBUTING.md) before submitting a pull request.
-## Security
-For security concerns, please see our [Security Policy](SECURITY.md).
-> **⚠️ Never commit credentials** - Store secrets in `.env` (gitignored)
-## License
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
-## Code of Conduct
+## Contributing & Security
-Please read our [Code of Conduct](CODE_OF_CONDUCT.md) before participating in this project.
+[Contributing Guidelines](CONTRIBUTING.md) • [Security Policy](SECURITY.md) • [MIT License](LICENSE) • [Code of Conduct](CODE_OF_CONDUCT.md)

package/Dockerfile CHANGED Viewed

@@ -48,7 +48,12 @@ RUN apk upgrade --no-cache
 # - CVE-2024-21538: cross-spawn < 7.0.5
 # - CVE-2025-64756: glob < 10.5.0
 # - CVE-2025-5889: brace-expansion <= 2.0.1
+# - CVE-2026-26960: tar < 7.5.8 (patch npm's bundled copy)
 RUN npm install -g npm@latest && \
+    npm install -g tar@latest && \
+    rm -rf /usr/local/lib/node_modules/npm/node_modules/tar && \
+    cp -r /usr/local/lib/node_modules/tar /usr/local/lib/node_modules/npm/node_modules/tar && \
+    npm uninstall -g tar && \
     npm cache clean --force
 # Create non-root user for security