capybara-db-mcp 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +4 -4
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -95,19 +95,19 @@ capybara-db-mcp is a zero-dependency, token-efficient MCP server implementing th
95
95
 
96
96
  **This fork is unconditionally read-only.** Only read-only SQL (SELECT, WITH, EXPLAIN, SHOW, etc.) is allowed. Write operations (UPDATE, DELETE, INSERT, MERGE, etc.) are never permitted.
97
97
 
98
- **Your data is safe with Capybara.** Capybaras are famously safe and peaceful—and so is your data. Query results are **never shared with an LLM**. Raw data is written to local files (`.safe-sql-results/`) and opened in the editor; the LLM receives only success/failure. No file path, row count, or column names are returned (to prevent exfiltration via dynamic SQL). This prevents personally identifiable information (PII) from ever reaching the model.
98
+ **Your data is safe with Capybara.** Capybaras are famously safe and peaceful—and so is your data. Query results are **never shared with an LLM**. Raw data is written to local files (`.safe-sql-results/`) and opened in the editor; the LLM receives only success/failure. No file path, row count, or column names are returned (to prevent exfiltration via dynamic SQL). Error responses are also PII-safe: SQL statements and parameter values are never sent to the LLM; they are logged to stderr for local debugging, and database error messages are truncated. This prevents personally identifiable information (PII) from ever reaching the model. There is a default timeout of 60 seconds to ensure queries are not tying up the server.
99
99
 
100
100
  - **Local Development First**: Zero dependency, token efficient with just two MCP tools to maximize context window
101
101
  - **Multi-Database**: PostgreSQL, MySQL, MariaDB, SQL Server, and SQLite through a single interface
102
102
  - **Multi-Connection**: Connect to multiple databases simultaneously with TOML configuration
103
103
  - **Default schema**: Use `--schema` (or TOML `schema = "..."`) so PostgreSQL uses that schema for `execute_sql` and `search_objects` is restricted to it (see below)
104
104
  - **Guardrails**: Unconditionally read-only, row limiting, and a safe 60-second query timeout default (overridable per source via `query_timeout` in `dbhub.toml`) to prevent runaway operations
105
- - **PII-safe**: Query results are written to `.safe-sql-results/` and opened in the editor; only success/failure is sent to the LLM—no file path, row data, count, or column names (prevents exfiltration via dynamic column aliasing)
105
+ - **PII-safe**: Query results are written to `.safe-sql-results/` and opened in the editor; only success/failure is sent to the LLM—no file path, row data, count, or column names (prevents exfiltration via dynamic column aliasing). Error responses are hardened: SQL and parameter values are logged locally, not returned to the LLM; database error text is truncated.
106
106
  - **Secure Access**: SSH tunneling and SSL/TLS encryption
107
107
 
108
108
  ## Why Capybara?
109
109
 
110
- The capybara is the spirit animal of capybara-db-mcp: calm, social, and famously safe to be around. **Just as capybaras are safe**, your database data stays safe—never shared with an LLM. It reflects the project's philosophy of peaceful coexistence, predictable behavior, and built-in guardrails.
110
+ The capybara is the spirit animal of capybara-db-mcp: calm, social, and famously safe to be around. **Just as capybaras are safe, your database data stays safe—never shared with an LLM**. It reflects the project's philosophy of peaceful coexistence, predictable behavior, and built-in guardrails.
111
111
 
112
112
  ### The Capybara: A Paragon of Peaceful Coexistence
113
113
 
@@ -172,7 +172,7 @@ Full DBHub docs (including TOML and command-line options) apply; see [dbhub.ai](
172
172
 
173
173
  ### PII-safe output
174
174
 
175
- By default, `execute_sql` and custom tools write query results to `.safe-sql-results/` in your project directory and open them in the editor. The MCP tool response sent to the LLM contains only success/failure. **No file path, row data, row count, or column names** are returned—preventing both direct PII leakage and exfiltration via dynamic SQL (e.g. `SELECT secret AS "password_is_hunter2"`). The user inspects results in the editor. Output format is configurable via `--output-format=csv|json|markdown` (default: `csv`).
175
+ By default, `execute_sql` and custom tools write query results to `.safe-sql-results/` in your project directory and open them in the editor. The MCP tool response sent to the LLM contains only success/failure. **No file path, row data, row count, or column names** are returned—preventing both direct PII leakage and exfiltration via dynamic SQL (e.g. `SELECT secret AS "password_is_hunter2"`). Error responses are likewise hardened: SQL statements and parameter values are never included in tool error text sent to the LLM; they are logged to stderr for debugging. Database error messages are truncated before being returned. The user inspects results in the editor. Output format is configurable via `--output-format=csv|json|markdown` (default: `csv`).
176
176
 
177
177
  ### Read-only (unconditional)
178
178
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "capybara-db-mcp",
3
- "version": "1.0.1",
3
+ "version": "1.0.2",
4
4
  "mcpName": "io.github.ajgreyling/capybara-db-mcp",
5
5
  "description": "Minimal, token-efficient Database Read-Only PPI-safe MCP Server for PostgreSQL, MySQL, SQL Server, SQLite, MariaDB. Fork of DBHub with default-schema support.",
6
6
  "repository": {