npm - @sigma4life/mysql-mcp-server - Versions diffs - 1.0.0 - Mend

@sigma4life/mysql-mcp-server 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/.env.example +35 -0
package/.github/workflows/ci.yml +18 -0
package/AUTHENTICATION.md +24 -0
package/CLAUDE.md +37 -0
package/CONTRIBUTING.md +19 -0
package/LICENSE +21 -0
package/QUERY_ACCESS_SETUP.md +65 -0
package/README.md +144 -0
package/SECURITY.md +10 -0
package/TESTING.md +54 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +197 -0
package/dist/cli.js.map +1 -0
package/dist/core/cache.d.ts +11 -0
package/dist/core/cache.d.ts.map +1 -0
package/dist/core/cache.js +30 -0
package/dist/core/cache.js.map +1 -0
package/dist/core/config.d.ts +24 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +63 -0
package/dist/core/config.js.map +1 -0
package/dist/core/database-url.d.ts +11 -0
package/dist/core/database-url.d.ts.map +1 -0
package/dist/core/database-url.js +37 -0
package/dist/core/database-url.js.map +1 -0
package/dist/core/database-url.test.d.ts +2 -0
package/dist/core/database-url.test.d.ts.map +1 -0
package/dist/core/database-url.test.js +22 -0
package/dist/core/database-url.test.js.map +1 -0
package/dist/core/logger.d.ts +3 -0
package/dist/core/logger.d.ts.map +1 -0
package/dist/core/logger.js +17 -0
package/dist/core/logger.js.map +1 -0
package/dist/core/mcp.d.ts +14 -0
package/dist/core/mcp.d.ts.map +1 -0
package/dist/core/mcp.js +23 -0
package/dist/core/mcp.js.map +1 -0
package/dist/core/query-safety.d.ts +10 -0
package/dist/core/query-safety.d.ts.map +1 -0
package/dist/core/query-safety.js +50 -0
package/dist/core/query-safety.js.map +1 -0
package/dist/core/query-safety.test.d.ts +2 -0
package/dist/core/query-safety.test.d.ts.map +1 -0
package/dist/core/query-safety.test.js +30 -0
package/dist/core/query-safety.test.js.map +1 -0
package/dist/core/schema-types.d.ts +53 -0
package/dist/core/schema-types.d.ts.map +1 -0
package/dist/core/schema-types.js +2 -0
package/dist/core/schema-types.js.map +1 -0
package/dist/core/security/access-control.d.ts +32 -0
package/dist/core/security/access-control.d.ts.map +1 -0
package/dist/core/security/access-control.js +244 -0
package/dist/core/security/access-control.js.map +1 -0
package/dist/core/security/config-loader.d.ts +20 -0
package/dist/core/security/config-loader.d.ts.map +1 -0
package/dist/core/security/config-loader.js +227 -0
package/dist/core/security/config-loader.js.map +1 -0
package/dist/core/security/types.d.ts +64 -0
package/dist/core/security/types.d.ts.map +1 -0
package/dist/core/security/types.js +28 -0
package/dist/core/security/types.js.map +1 -0
package/dist/core/sql-parser.d.ts +23 -0
package/dist/core/sql-parser.d.ts.map +1 -0
package/dist/core/sql-parser.js +460 -0
package/dist/core/sql-parser.js.map +1 -0
package/dist/core/sql-parser.test.d.ts +2 -0
package/dist/core/sql-parser.test.d.ts.map +1 -0
package/dist/core/sql-parser.test.js +21 -0
package/dist/core/sql-parser.test.js.map +1 -0
package/dist/handlers/accessible-schema.d.ts +53 -0
package/dist/handlers/accessible-schema.d.ts.map +1 -0
package/dist/handlers/accessible-schema.js +192 -0
package/dist/handlers/accessible-schema.js.map +1 -0
package/dist/handlers/data.d.ts +17 -0
package/dist/handlers/data.d.ts.map +1 -0
package/dist/handlers/data.js +30 -0
package/dist/handlers/data.js.map +1 -0
package/dist/handlers/relationships.d.ts +14 -0
package/dist/handlers/relationships.d.ts.map +1 -0
package/dist/handlers/relationships.js +77 -0
package/dist/handlers/relationships.js.map +1 -0
package/dist/handlers/schema.d.ts +14 -0
package/dist/handlers/schema.d.ts.map +1 -0
package/dist/handlers/schema.js +104 -0
package/dist/handlers/schema.js.map +1 -0
package/dist/handlers/search.d.ts +14 -0
package/dist/handlers/search.d.ts.map +1 -0
package/dist/handlers/search.js +18 -0
package/dist/handlers/search.js.map +1 -0
package/dist/handlers/validation.d.ts +32 -0
package/dist/handlers/validation.d.ts.map +1 -0
package/dist/handlers/validation.js +116 -0
package/dist/handlers/validation.js.map +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +294 -0
package/dist/index.js.map +1 -0
package/dist/mysql/connection.d.ts +15 -0
package/dist/mysql/connection.d.ts.map +1 -0
package/dist/mysql/connection.js +57 -0
package/dist/mysql/connection.js.map +1 -0
package/dist/mysql/identifiers.d.ts +3 -0
package/dist/mysql/identifiers.d.ts.map +1 -0
package/dist/mysql/identifiers.js +10 -0
package/dist/mysql/identifiers.js.map +1 -0
package/dist/mysql/identifiers.test.d.ts +2 -0
package/dist/mysql/identifiers.test.d.ts.map +1 -0
package/dist/mysql/identifiers.test.js +11 -0
package/dist/mysql/identifiers.test.js.map +1 -0
package/dist/mysql/queries.d.ts +49 -0
package/dist/mysql/queries.d.ts.map +1 -0
package/dist/mysql/queries.js +206 -0
package/dist/mysql/queries.js.map +1 -0
package/docs/clients/claude-code.md +28 -0
package/docs/clients/claude-desktop.md +35 -0
package/docs/clients/codex.md +28 -0
package/docs/clients/cursor.md +26 -0
package/docs/clients/opencode.md +35 -0
package/docs/clients/vscode.md +25 -0
package/package.json +49 -0
package/query-access.example.json +21 -0
package/src/cli.ts +221 -0
package/src/core/cache.ts +41 -0
package/src/core/config.ts +97 -0
package/src/core/database-url.test.ts +28 -0
package/src/core/database-url.ts +47 -0
package/src/core/logger.ts +24 -0
package/src/core/mcp.ts +23 -0
package/src/core/query-safety.test.ts +36 -0
package/src/core/query-safety.ts +63 -0
package/src/core/schema-types.ts +58 -0
package/src/core/security/access-control.ts +321 -0
package/src/core/security/config-loader.ts +315 -0
package/src/core/security/types.ts +114 -0
package/src/core/sql-parser.test.ts +37 -0
package/src/core/sql-parser.ts +572 -0
package/src/handlers/accessible-schema.ts +314 -0
package/src/handlers/data.ts +66 -0
package/src/handlers/relationships.ts +114 -0
package/src/handlers/schema.ts +154 -0
package/src/handlers/search.ts +34 -0
package/src/handlers/validation.ts +165 -0
package/src/index.ts +337 -0
package/src/mysql/connection.ts +68 -0
package/src/mysql/identifiers.test.ts +12 -0
package/src/mysql/identifiers.ts +10 -0
package/src/mysql/queries.ts +285 -0
package/tsconfig.json +24 -0

package/.env.example ADDED Viewed

@@ -0,0 +1,35 @@
+# MySQL connection. Prefer DATABASE_URL for the easiest setup.
+DATABASE_URL=mysql://mcp_reader:change_me@localhost:3306/app_db
+# Or configure individual fields instead. These override DATABASE_URL when set.
+DB_HOST=localhost
+DB_PORT=3306
+DB_NAME=app_db
+DB_USER=mcp_reader
+DB_PASSWORD=change_me
+# Optional: set to true for managed MySQL providers that require TLS.
+DB_SSL=false
+# MCP server metadata
+MCP_SERVER_NAME=mysql-mcp-server
+MCP_SERVER_VERSION=1.0.0
+# Safer first-run default: expose schema/introspection tools only.
+# Set to false to enable execute_query.
+SCHEMA_ONLY_MODE=true
+# Read query safety
+MAX_QUERY_ROWS=100
+QUERY_TIMEOUT_MS=30000
+# Optional access-control config path. Required before execute_query can run.
+# QUERY_ACCESS_CONFIG=/absolute/path/to/query-access.json
+# Cache
+CACHE_TTL=3600
+CACHE_ENABLED=true
+# Logging
+LOG_LEVEL=info
+LOG_FILE=mcp-server.log

package/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,18 @@
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - run: npm ci
+      - run: npm run build
+      - run: npm test

package/AUTHENTICATION.md ADDED Viewed

@@ -0,0 +1,24 @@
+# Authentication
+This server uses standard MySQL username/password authentication through `mysql2`.
+Required environment variables:
+```dotenv
+DB_HOST=localhost
+DB_PORT=3306
+DB_NAME=app_db
+DB_USER=mcp_reader
+DB_PASSWORD=change_me
+DB_SSL=false
+```
+For managed MySQL providers that require TLS, set `DB_SSL=true`. If your provider requires custom certificate configuration, extend `src/mysql/connection.ts` to load the provider CA certificate and pass it in the mysql2 `ssl` option.
+Recommended least-privilege grants:
+```sql
+CREATE USER 'mcp_reader'@'%' IDENTIFIED BY 'change_me';
+GRANT SELECT, SHOW VIEW ON app_db.* TO 'mcp_reader'@'%';
+FLUSH PRIVILEGES;
+```

package/CLAUDE.md ADDED Viewed

@@ -0,0 +1,37 @@
+# CLAUDE.md
+This repository is `mysql-mcp-server`, a MySQL-specific MCP server for schema introspection and guarded read-only queries.
+## Architecture
+- `src/index.ts` registers MCP tools and starts the stdio server.
+- `src/core/*` contains reusable code intended for future extraction:
+  - config, logging, cache, MCP response helpers
+  - schema metadata types
+  - read-only query safety and `LIMIT` enforcement
+  - SQL parsing and access-control validation
+- `src/mysql/*` contains MySQL-specific code:
+  - `mysql2` connection pool
+  - identifier helpers
+  - `information_schema` catalog queries
+- `src/handlers/*` adapts MCP tool input/output to the MySQL implementation.
+## Design Notes
+- One MCP server instance connects to one configured MySQL database (`DB_NAME`).
+- Tool `database` and `schema` inputs are compatibility fields and must match `DB_NAME` when provided.
+- MySQL catalog metadata comes from `information_schema`.
+- `execute_query` accepts read-only `SELECT`/`WITH` queries, validates access control, and enforces `LIMIT`.
+- Routine/function definition tools are intentionally deferred for v1.
+## Development Commands
+```bash
+npm run build
+npm test
+npm start
+```
+## Example Domain
+Use neutral examples such as `app_db`, `customers`, `orders`, `products`, and `order_items`. Do not add company-specific databases, internal hostnames, personal usernames, or private schema names to public docs or tests.

package/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,19 @@
+# Contributing
+Thanks for helping improve `mysql-mcp-server`.
+## Development
+```bash
+npm install
+npm run build
+npm test
+```
+Keep MySQL-specific catalog behavior in `src/mysql/*`. Shared behavior that could apply to future database-specific MCP servers belongs in `src/core/*`.
+## Pull Requests
+- Keep examples generic and public-safe.
+- Add tests for query-safety, parser, access-control, or MySQL catalog changes where practical.
+- Do not commit real credentials, hostnames, customer data, private database names, or personal usernames.

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/QUERY_ACCESS_SETUP.md ADDED Viewed

@@ -0,0 +1,65 @@
+# Query Access Setup
+`execute_query` is disabled until `QUERY_ACCESS_CONFIG` points to a JSON access-control file. This is intentionally restrictive so schema introspection can be enabled separately from data reads.
+## Example Policy
+```json
+{
+  "requireExplicitColumns": true,
+  "databases": {
+    "app_db": {
+      "tables": {
+        "mode": "whitelist",
+        "list": ["customers", "orders", "products", "order_items"],
+        "columnAccess": {
+          "customers": {
+            "mode": "exclusion",
+            "columns": ["password_hash", "api_token"]
+          },
+          "orders": {
+            "mode": "inclusion",
+            "columns": ["id", "customer_id", "status", "total", "created_at"]
+          }
+        }
+      }
+    }
+  }
+}
+```
+## Modes
+- `whitelist`: only listed tables can be queried.
+- `blacklist`: listed tables are blocked.
+- `none`: table-level access is unrestricted, while column rules may still apply.
+- `columnAccess.mode = inclusion`: only listed columns can be selected.
+- `columnAccess.mode = exclusion`: listed columns are blocked.
+When `requireExplicitColumns` is `true`, `SELECT *` and `table.*` are rejected. Prefer queries such as:
+```sql
+SELECT id, email, created_at FROM customers ORDER BY id LIMIT 20;
+```
+## MCP Env Example
+```json
+{
+  "mcpServers": {
+    "mysql-mcp-server": {
+      "command": "node",
+      "args": ["/absolute/path/to/mysql-mcp-server/dist/index.js"],
+      "env": {
+        "DB_HOST": "localhost",
+        "DB_PORT": "3306",
+        "DB_NAME": "app_db",
+        "DB_USER": "mcp_reader",
+        "DB_PASSWORD": "change_me",
+        "SCHEMA_ONLY_MODE": "false",
+        "QUERY_ACCESS_CONFIG": "/absolute/path/to/query-access.json"
+      }
+    }
+  }
+}
+```

package/README.md ADDED Viewed

@@ -0,0 +1,144 @@
+# MySQL MCP Server
+An open-source Model Context Protocol (MCP) server for MySQL schema introspection and guarded read-only queries. It helps MCP clients discover tables, columns, indexes, relationships, and safe queryable data from one configured MySQL database.
+## Features
+- Schema tools for tables, views, columns, primary keys, foreign keys, indexes, and approximate table statistics
+- Table and column search with simple `*` and `?` wildcards
+- Relationship discovery for join-path exploration
+- Optional read-only `execute_query` tool with SELECT-only validation, access control, and automatic `LIMIT`
+- Internal `src/core` boundary for code that can later be shared with other database-specific MCP servers
+## Requirements
+- Node.js 18+
+- MySQL 8.x or a compatible MySQL service
+- A MySQL user with read access to the configured database
+## Setup
+Fast path for users installing from npm:
+```bash
+npx -y @sigma4life/mysql-mcp-server init
+```
+Then edit `.env` and check the connection:
+```bash
+npx -y @sigma4life/mysql-mcp-server doctor
+```
+Local development from this repository:
+```bash
+npm install
+cp .env.example .env
+npm run build
+npm start
+```
+Configure `.env`:
+```dotenv
+DATABASE_URL=mysql://mcp_reader:change_me@localhost:3306/app_db
+SCHEMA_ONLY_MODE=true
+```
+You can also use individual `DB_HOST`, `DB_PORT`, `DB_NAME`, `DB_USER`, `DB_PASSWORD`, and `DB_SSL` variables. Individual variables override `DATABASE_URL`.
+This server connects to one configured database per process. Tool inputs may include `database` for compatibility, but it must match the configured database.
+## Least-Privilege MySQL User
+Schema-only usage needs metadata visibility and table access. Read-query usage also needs `SELECT` on allowed tables.
+```sql
+CREATE USER 'mcp_reader'@'%' IDENTIFIED BY 'change_me';
+GRANT SELECT, SHOW VIEW ON app_db.* TO 'mcp_reader'@'%';
+FLUSH PRIVILEGES;
+```
+Use a stronger host restriction and password in production.
+## MCP Client Example
+Client-specific docs:
+- [Claude Code](docs/clients/claude-code.md)
+- [Claude Desktop](docs/clients/claude-desktop.md)
+- [Codex](docs/clients/codex.md)
+- [OpenCode](docs/clients/opencode.md)
+- [Cursor](docs/clients/cursor.md)
+- [VS Code](docs/clients/vscode.md)
+```json
+{
+  "mcpServers": {
+    "mysql": {
+      "command": "npx",
+      "args": ["-y", "@sigma4life/mysql-mcp-server"],
+      "env": {
+        "DATABASE_URL": "mysql://mcp_reader:change_me@localhost:3306/app_db",
+        "SCHEMA_ONLY_MODE": "true"
+      }
+    }
+  }
+}
+```
+To enable `execute_query`, set `SCHEMA_ONLY_MODE=false` and provide `QUERY_ACCESS_CONFIG`.
+## Access Control
+`execute_query` is blocked unless `QUERY_ACCESS_CONFIG` points to a JSON policy file. Example:
+```json
+{
+  "requireExplicitColumns": true,
+  "databases": {
+    "app_db": {
+      "tables": {
+        "mode": "whitelist",
+        "list": ["customers", "orders", "products", "order_items"],
+        "columnAccess": {
+          "customers": {
+            "mode": "exclusion",
+            "columns": ["password_hash", "api_token"]
+          }
+        }
+      }
+    }
+  }
+}
+```
+## Tools
+- `get_schema`
+- `get_table_info`
+- `find_tables`
+- `search_objects`
+- `get_relationships`
+- `validate_objects`
+- `get_accessible_schema`
+- `get_accessible_table_info`
+- `execute_query` when schema-only mode is disabled
+Example prompts:
+- "Show me the schema for the customers and orders tables."
+- "Find tables with a column matching `*email*`."
+- "Show relationships from orders to customers."
+- "Run `SELECT id, email FROM customers ORDER BY id LIMIT 20`."
+## Development
+```bash
+npm run build
+npm test
+npm run lint
+```
+The first implementation is MySQL-specific. Shared logic lives under `src/core` so future database-specific repos can extract or reuse it without carrying MySQL catalog code.

package/SECURITY.md ADDED Viewed

@@ -0,0 +1,10 @@
+# Security Policy
+Please report security issues privately through the repository owner's preferred security contact once the GitHub repository is created. Do not open public issues for vulnerabilities.
+## Notes
+- `execute_query` is blocked unless `QUERY_ACCESS_CONFIG` is set.
+- Use least-privilege MySQL users.
+- Prefer `SCHEMA_ONLY_MODE=true` when an MCP client only needs metadata.
+- Never commit real credentials or production access-control policies.

package/TESTING.md ADDED Viewed

@@ -0,0 +1,54 @@
+# Testing
+Run local checks:
+```bash
+npm install
+npm run build
+npm test
+```
+## Optional MySQL Integration Test
+Start a local MySQL instance:
+```bash
+docker run --name mysql-mcp-test \
+  -e MYSQL_ROOT_PASSWORD=root_password \
+  -e MYSQL_DATABASE=app_db \
+  -e MYSQL_USER=mcp_reader \
+  -e MYSQL_PASSWORD=change_me \
+  -p 3306:3306 \
+  -d mysql:8
+```
+Create sample tables:
+```sql
+CREATE TABLE customers (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  email VARCHAR(255) NOT NULL,
+  name VARCHAR(255),
+  password_hash VARCHAR(255),
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+CREATE TABLE orders (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  customer_id INT NOT NULL,
+  status VARCHAR(32) NOT NULL,
+  total DECIMAL(10, 2) NOT NULL,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT fk_orders_customer
+    FOREIGN KEY (customer_id) REFERENCES customers(id)
+);
+```
+Configure `.env` with `DB_NAME=app_db`, then run:
+```bash
+npm run build
+npm start
+```
+Use an MCP client to call `get_schema`, `find_tables`, `get_relationships`, and, when access control is configured, `execute_query`.

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { maskDatabaseUrl } from './core/database-url.js';
+const DEFAULT_DATABASE_URL = 'mysql://mcp_reader:change_me@localhost:3306/app_db';
+function usage() {
+    console.log(`mysql-mcp-server
+Usage:
+  mysql-mcp-server                 Start the MCP stdio server
+  mysql-mcp-server serve           Start the MCP stdio server
+  mysql-mcp-server doctor          Check configuration and database connectivity
+  mysql-mcp-server init [--force]  Create starter .env, query-access.json, and client snippets
+Environment:
+  DATABASE_URL=mysql://user:password@host:3306/database
+`);
+}
+function writeFileIfMissing(filePath, content, force) {
+    if (fs.existsSync(filePath) && !force) {
+        return 'skipped';
+    }
+    fs.writeFileSync(filePath, content);
+    return 'created';
+}
+function envTemplate() {
+    return `# One-line setup. Individual DB_* variables may override parts of this URL.
+DATABASE_URL=${DEFAULT_DATABASE_URL}
+# Safer first-run default: schema tools only. Set false to enable execute_query.
+SCHEMA_ONLY_MODE=true
+# Required only when SCHEMA_ONLY_MODE=false.
+# QUERY_ACCESS_CONFIG=${path.resolve('query-access.json')}
+MAX_QUERY_ROWS=100
+QUERY_TIMEOUT_MS=30000
+MCP_SERVER_NAME=mysql-mcp-server
+MCP_SERVER_VERSION=1.0.0
+LOG_LEVEL=info
+LOG_FILE=mcp-server.log
+`;
+}
+function queryAccessTemplate() {
+    return JSON.stringify({
+        requireExplicitColumns: true,
+        databases: {
+            app_db: {
+                tables: {
+                    mode: 'whitelist',
+                    list: ['customers', 'orders', 'products', 'order_items'],
+                    columnAccess: {
+                        customers: {
+                            mode: 'exclusion',
+                            columns: ['password_hash', 'api_token'],
+                        },
+                    },
+                },
+            },
+        },
+    }, null, 2) + '\n';
+}
+function clientSnippetsTemplate() {
+    return `# mysql-mcp-server client snippets
+Replace the sample DATABASE_URL with your real MySQL connection string.
+## Claude Code
+\`\`\`bash
+claude mcp add --transport stdio mysql \\
+  --env DATABASE_URL=${DEFAULT_DATABASE_URL} \\
+  -- npx -y @sigma4life/mysql-mcp-server
+\`\`\`
+## Codex
+\`\`\`bash
+codex mcp add mysql \\
+  --env DATABASE_URL=${DEFAULT_DATABASE_URL} \\
+  -- npx -y @sigma4life/mysql-mcp-server
+\`\`\`
+## Claude Desktop
+\`\`\`json
+{
+  "mcpServers": {
+    "mysql": {
+      "command": "npx",
+      "args": ["-y", "@sigma4life/mysql-mcp-server"],
+      "env": {
+        "DATABASE_URL": "${DEFAULT_DATABASE_URL}"
+      }
+    }
+  }
+}
+\`\`\`
+## OpenCode
+\`\`\`json
+{
+  "$schema": "https://opencode.ai/config.json",
+  "mcp": {
+    "mysql": {
+      "type": "local",
+      "command": ["npx", "-y", "@sigma4life/mysql-mcp-server"],
+      "enabled": true,
+      "environment": {
+        "DATABASE_URL": "${DEFAULT_DATABASE_URL}"
+      }
+    }
+  }
+}
+\`\`\`
+`;
+}
+async function runInit(args) {
+    const force = args.includes('--force');
+    const files = [
+        ['.env', envTemplate()],
+        ['query-access.json', queryAccessTemplate()],
+        ['mysql-mcp-clients.md', clientSnippetsTemplate()],
+    ];
+    for (const [file, content] of files) {
+        const status = writeFileIfMissing(path.resolve(file), content, force);
+        console.log(`${status === 'created' ? 'created' : 'skipped'} ${file}`);
+    }
+    console.log('\nNext steps:');
+    console.log('1. Edit .env with your MySQL credentials.');
+    console.log('2. Run: mysql-mcp-server doctor');
+    console.log('3. Add one of the snippets from mysql-mcp-clients.md to your MCP client.');
+}
+async function runDoctor() {
+    console.log('mysql-mcp-server doctor\n');
+    try {
+        const { appConfig } = await import('./core/config.js');
+        const { db } = await import('./mysql/connection.js');
+        console.log(`server: ${appConfig.server.name} v${appConfig.server.version}`);
+        console.log(`database: ${appConfig.db.user}@${appConfig.db.host}:${appConfig.db.port}/${appConfig.db.name}`);
+        console.log(`ssl: ${appConfig.db.ssl ? 'enabled' : 'disabled'}`);
+        console.log(`schema-only mode: ${appConfig.server.schemaOnlyMode ? 'enabled' : 'disabled'}`);
+        if (process.env.DATABASE_URL) {
+            console.log(`DATABASE_URL: ${maskDatabaseUrl(process.env.DATABASE_URL)}`);
+        }
+        const versionRows = await db.query('SELECT VERSION() AS version');
+        console.log(`mysql: ${versionRows[0]?.version || 'connected'}`);
+        const tableRows = await db.query(`SELECT COUNT(*) AS tableCount
+FROM information_schema.TABLES
+WHERE TABLE_SCHEMA = :database
+  AND TABLE_TYPE IN ('BASE TABLE', 'VIEW')`, { database: appConfig.db.name });
+        console.log(`tables/views visible: ${tableRows[0]?.tableCount ?? 0}`);
+        if (!appConfig.server.schemaOnlyMode) {
+            if (process.env.QUERY_ACCESS_CONFIG) {
+                const { loadAccessControlConfig } = await import('./core/security/access-control.js');
+                loadAccessControlConfig();
+                console.log('query access config: ok');
+            }
+            else {
+                console.log('query access config: missing; execute_query will be blocked');
+            }
+        }
+        await db.close();
+        console.log('\nDoctor passed.');
+    }
+    catch (error) {
+        console.error('Doctor failed.');
+        console.error(error instanceof Error ? error.message : String(error));
+        process.exitCode = 1;
+    }
+}
+async function main() {
+    const [command = 'serve', ...args] = process.argv.slice(2);
+    switch (command) {
+        case 'serve':
+            await import('./index.js');
+            break;
+        case 'doctor':
+            await runDoctor();
+            break;
+        case 'init':
+            await runInit(args);
+            break;
+        case '--help':
+        case '-h':
+        case 'help':
+            usage();
+            break;
+        default:
+            console.error(`Unknown command: ${command}\n`);
+            usage();
+            process.exitCode = 1;
+    }
+}
+main();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,MAAM,oBAAoB,GAAG,oDAAoD,CAAC;AAElF,SAAS,KAAK;IACZ,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;CAUb,CAAC,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB,EAAE,OAAe,EAAE,KAAc;IAC3E,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACpC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;eACM,oBAAoB;;;;;;wBAMX,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC;;;;;;;;CAQxD,CAAC;AACF,CAAC;AAED,SAAS,mBAAmB;IAC1B,OAAO,IAAI,CAAC,SAAS,CACnB;QACE,sBAAsB,EAAE,IAAI;QAC5B,SAAS,EAAE;YACT,MAAM,EAAE;gBACN,MAAM,EAAE;oBACN,IAAI,EAAE,WAAW;oBACjB,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,CAAC;oBACxD,YAAY,EAAE;wBACZ,SAAS,EAAE;4BACT,IAAI,EAAE,WAAW;4BACjB,OAAO,EAAE,CAAC,eAAe,EAAE,WAAW,CAAC;yBACxC;qBACF;iBACF;aACF;SACF;KACF,EACD,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CAAC;AACX,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO;;;;;;;;uBAQc,oBAAoB;;;;;;;;uBAQpB,oBAAoB;;;;;;;;;;;;;2BAahB,oBAAoB;;;;;;;;;;;;;;;;;;2BAkBpB,oBAAoB;;;;;;CAM9C,CAAC;AACF,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAAc;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG;QACZ,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;QACvB,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,CAAC;QAC5C,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,CAAC;KAC1C,CAAC;IAEX,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;AAC1F,CAAC;AAED,KAAK,UAAU,SAAS;IACtB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAEzC,IAAI,CAAC;QACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACvD,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAErD,OAAO,CAAC,GAAG,CAAC,WAAW,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,aAAa,SAAS,CAAC,EAAE,CAAC,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7G,OAAO,CAAC,GAAG,CAAC,QAAQ,SAAS,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,qBAAqB,SAAS,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;QAC7F,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,iBAAiB,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,KAAK,CAAM,6BAA6B,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,UAAU,WAAW,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,WAAW,EAAE,CAAC,CAAC;QAEhE,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,KAAK,CAC9B;;;2CAGqC,EACrC,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,CAChC,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,yBAAyB,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,IAAI,CAAC,EAAE,CAAC,CAAC;QAEtE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;gBACpC,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAAC,mCAAmC,CAAC,CAAC;gBACtF,uBAAuB,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,CAAC,OAAO,GAAG,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3D,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;YAC3B,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,SAAS,EAAE,CAAC;YAClB,MAAM;QACR,KAAK,MAAM;YACT,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;YACpB,MAAM;QACR,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI,CAAC;QACV,KAAK,MAAM;YACT,KAAK,EAAE,CAAC;YACR,MAAM;QACR;YACE,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,IAAI,CAAC,CAAC;YAC/C,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACzB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/core/cache.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+declare class SchemaCache {
+    private cache;
+    private ttl;
+    private enabled;
+    get<T>(key: string): T | null;
+    set<T>(key: string, data: T): void;
+    clear(): void;
+}
+export declare const cache: SchemaCache;
+export {};
+//# sourceMappingURL=cache.d.ts.map

package/dist/core/cache.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../src/core/cache.ts"],"names":[],"mappings":"AAKA,cAAM,WAAW;IACf,OAAO,CAAC,KAAK,CAA0C;IACvD,OAAO,CAAC,GAAG,CAA+D;IAC1E,OAAO,CAAC,OAAO,CAAyC;IAExD,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,GAAG,IAAI;IAkB7B,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI;IAOlC,KAAK,IAAI,IAAI;CAGd;AAED,eAAO,MAAM,KAAK,aAAoB,CAAC"}