db4app-mcp-server 0.1.2 → 0.1.4

package/README.md

@@ -35,7 +35,7 @@ npx db4app-mcp-server
         "db4app-mcp-server"
       ],
       "env": {
-        "MCP_PROXY_HTTP_URL": "http://localhost:8787/query",
+        "MCP_RELAY_HTTP_URL": "http://localhost:8787/query",
         "LM_STUDIO_EMBEDDING_URL": "http://localhost:1234/v1/embeddings",
         "LM_STUDIO_EMBEDDING_MODEL": "text-embedding-qwen3-embedding-4b",
         "MCP_ALLOWED_TABLES": "rag_mcp.documents",
@@ -72,7 +72,7 @@ Add to your `claude_desktop_config.json`:
         "db4app-mcp-server"
       ],
       "env": {
-        "MCP_PROXY_HTTP_URL": "http://localhost:8787/query",
+        "MCP_RELAY_HTTP_URL": "http://localhost:8787/query",
         "LM_STUDIO_EMBEDDING_URL": "http://localhost:1234/v1/embeddings",
         "LM_STUDIO_EMBEDDING_MODEL": "text-embedding-qwen3-embedding-4b",
         "MCP_ALLOWED_TABLES": "rag_mcp.documents",
@@ -90,12 +90,12 @@ Add to your `claude_desktop_config.json`:
 
 All configuration is done via environment variables:
 
-- `MCP_PROXY_HTTP_URL` - HTTP proxy endpoint (default: `http://localhost:8787/query`)
+- `MCP_RELAY_HTTP_URL` - HTTP relay endpoint (default: `http://localhost:8787/query`)
 - `LM_STUDIO_EMBEDDING_URL` - LM Studio embedding API endpoint (default: `http://localhost:1234/v1/embeddings`)
 - `LM_STUDIO_EMBEDDING_MODEL` - Optional model name for embeddings
-- `MCP_ALLOWED_TABLES` - **Required for recipes**: Comma-separated list of allowed tables (e.g., `"schema.table1,schema.table2"`). The proxy validates all SQL queries against this whitelist. If not set, the MCP server can access all tables (for direct use, not recommended for recipes).
-- `MCP_PUBLIC_KEY` - **Optional**: Base64-encoded public key for end-to-end encryption. If not provided, the MCP server will attempt to fetch it from the proxy's `/public-key` endpoint. Get your public key from the Database page → Management tab → Encryption section.
-- `MCP_USE_ENCRYPTION` - Enable end-to-end encryption (default: `true` if `MCP_PUBLIC_KEY` is set, otherwise `false`). When enabled, all SQL queries are encrypted with RSA-OAEP before being sent to the proxy, ensuring the proxy cannot decrypt them.
+- `MCP_ALLOWED_TABLES` - **Required for recipes**: Comma-separated list of allowed tables (e.g., `"schema.table1,schema.table2"`). The relay validates all SQL queries against this whitelist. If not set, the MCP server can access all tables (for direct use, not recommended for recipes).
+- `MCP_PUBLIC_KEY` - **Optional**: Base64-encoded public key for end-to-end encryption. If not provided, the MCP server will attempt to fetch it from the relay's `/public-key` endpoint. Get your public key from the Database page → Management tab → Encryption section.
+- `MCP_USE_ENCRYPTION` - Enable end-to-end encryption (default: `true` if `MCP_PUBLIC_KEY` is set, otherwise `false`). When enabled, all SQL queries are encrypted with RSA-OAEP before being sent to the relay, ensuring the relay cannot decrypt them.
 
 ## Available Tools
 
@@ -104,28 +104,28 @@ All configuration is done via environment variables:
 - `remember` - Store information in memory with automatic embedding (requires `MCP_ALLOWED_TABLES` for recipe use)
 - `search_memory` - Search through stored memories using semantic similarity (requires `MCP_ALLOWED_TABLES` for recipe use)
 
-**Note**: When used with recipes, `MCP_ALLOWED_TABLES` must be set to restrict access to only the recipe's tables. The proxy server validates all queries against this whitelist.
+**Note**: When used with recipes, `MCP_ALLOWED_TABLES` must be set to restrict access to only the recipe's tables. The relay server validates all queries against this whitelist.
 
 ## End-to-End Encryption
 
 This MCP server supports end-to-end encryption of SQL queries using RSA-OAEP (2048-bit). When encryption is enabled:
 
 - SQL queries are encrypted in the MCP server using the browser's public key
-- The proxy server relays encrypted queries without being able to decrypt them
+- The relay server relays encrypted queries without being able to decrypt them
 - Only the browser (with the private key) can decrypt and execute queries
-- This ensures complete privacy: even the proxy cannot see your SQL queries
+- This ensures complete privacy: even the relay cannot see your SQL queries
 
 To enable encryption:
 1. Get your public key from the Database page → Management tab → Encryption section
 2. Set `MCP_PUBLIC_KEY` to your public key (base64 string)
 3. Set `MCP_USE_ENCRYPTION` to `"true"`
 
-If `MCP_PUBLIC_KEY` is not provided, the MCP server will automatically fetch it from the proxy's `/public-key` endpoint.
+If `MCP_PUBLIC_KEY` is not provided, the MCP server will automatically fetch it from the relay's `/public-key` endpoint.
 
 ## Requirements
 
 - Node.js 18+
-- Postgres WASM proxy running (default: `http://localhost:8787/query`)
+- Postgres WASM relay running (default: `http://localhost:8787/query`)
 - For RAG features: LM Studio with embedding-capable model loaded
 
 ## License

package/dist/index.js

@@ -14659,11 +14659,12 @@ var StdioServerTransport = class {
 
 // src/index.js
 import { webcrypto } from "node:crypto";
-var DEFAULT_PROXY_URL = process.env.MCP_PROXY_HTTP_URL ?? "http://localhost:8787/query";
+var DEFAULT_RELAY_URL = process.env.MCP_RELAY_HTTP_URL ?? process.env.MCP_PROXY_HTTP_URL ?? "http://localhost:8787/query";
 var DEFAULT_EMBEDDING_URL = process.env.LM_STUDIO_EMBEDDING_URL ?? "http://localhost:1234/v1/embeddings";
 var DEFAULT_EMBEDDING_MODEL = process.env.LM_STUDIO_EMBEDDING_MODEL ?? "";
 var MCP_PUBLIC_KEY = process.env.MCP_PUBLIC_KEY ?? null;
 var USE_ENCRYPTION = process.env.MCP_USE_ENCRYPTION === "true" || MCP_PUBLIC_KEY !== null;
+var MCP_CONNECTION_ID = process.env.MCP_CONNECTION_ID ?? null;
 var mcpServer = new McpServer({
   name: "db4app-bridge",
   version: "0.1.0"
@@ -14671,28 +14672,32 @@ var mcpServer = new McpServer({
 var RunSqlSchema = external_exports.object({
   sql: external_exports.string().min(1).describe("SQL statement to execute against the browser-backed Postgres engine"),
   params: external_exports.array(external_exports.union([external_exports.string(), external_exports.number(), external_exports.boolean(), external_exports.null()])).describe("Optional positional parameters for the SQL statement").optional(),
-  proxyUrl: external_exports.string().url().describe("Override the HTTP proxy endpoint (defaults to MCP_PROXY_HTTP_URL or http://localhost:8787/query)").optional()
+  relayUrl: external_exports.string().url().describe("Override the HTTP relay endpoint (defaults to MCP_RELAY_HTTP_URL or http://localhost:8787/query)").optional(),
+  connectionId: external_exports.string().uuid().describe("Browser connection ID (required for multi-user support, defaults to MCP_CONNECTION_ID)").optional()
 });
 var ListTablesSchema = external_exports.object({
   schema: external_exports.string().describe("Schema name to filter by (default: public)").optional(),
-  proxyUrl: external_exports.string().url().describe("Override the HTTP proxy endpoint (defaults to MCP_PROXY_HTTP_URL or http://localhost:8787/query)").optional()
+  relayUrl: external_exports.string().url().describe("Override the HTTP relay endpoint (defaults to MCP_RELAY_HTTP_URL or http://localhost:8787/query)").optional(),
+  connectionId: external_exports.string().uuid().describe("Browser connection ID (required for multi-user support, defaults to MCP_CONNECTION_ID)").optional()
 });
 var RememberSchema = external_exports.object({
   content: external_exports.string().min(1).describe("Information to remember and store in memory. This will be automatically embedded and indexed for semantic search."),
   source: external_exports.string().describe('Optional source identifier for this memory (e.g. "conversation", "user_input", file path)').optional(),
   metadata: external_exports.record(external_exports.string(), external_exports.unknown()).describe("Optional metadata to store alongside the memory (JSON object).").optional(),
-  proxyUrl: external_exports.string().url().describe("Override the HTTP proxy endpoint (defaults to MCP_PROXY_HTTP_URL or http://localhost:8787/query)").optional(),
+  relayUrl: external_exports.string().url().describe("Override the HTTP relay endpoint (defaults to MCP_RELAY_HTTP_URL or http://localhost:8787/query)").optional(),
   embeddingUrl: external_exports.string().url().describe("Override the LM Studio embedding endpoint (defaults to LM_STUDIO_EMBEDDING_URL or http://localhost:1234/v1/embeddings)").optional(),
-  embeddingModel: external_exports.string().describe("Optional model name for embedding generation (defaults to LM_STUDIO_EMBEDDING_MODEL)").optional()
+  embeddingModel: external_exports.string().describe("Optional model name for embedding generation (defaults to LM_STUDIO_EMBEDDING_MODEL)").optional(),
+  connectionId: external_exports.string().uuid().describe("Browser connection ID (required for multi-user support, defaults to MCP_CONNECTION_ID)").optional()
 });
 var SemanticSearchSchema = external_exports.object({
   query: external_exports.string().min(1).describe("Natural language query for semantic search"),
   embedding: external_exports.array(external_exports.number()).nonempty().describe("Embedding for the query. If not provided, will be computed automatically using LM Studio.").optional(),
   topK: external_exports.number().int().positive().max(100).describe("Maximum number of matching chunks to return").default(5),
   source: external_exports.string().describe("Optional source identifier to filter results by").optional(),
-  proxyUrl: external_exports.string().url().describe("Override the HTTP proxy endpoint (defaults to MCP_PROXY_HTTP_URL or http://localhost:8787/query)").optional(),
+  relayUrl: external_exports.string().url().describe("Override the HTTP relay endpoint (defaults to MCP_RELAY_HTTP_URL or http://localhost:8787/query)").optional(),
   embeddingUrl: external_exports.string().url().describe("Override the LM Studio embedding endpoint (used only if embedding is not provided)").optional(),
-  embeddingModel: external_exports.string().describe("Optional model name for embedding generation (used only if embedding is not provided)").optional()
+  embeddingModel: external_exports.string().describe("Optional model name for embedding generation (used only if embedding is not provided)").optional(),
+  connectionId: external_exports.string().uuid().describe("Browser connection ID (required for multi-user support, defaults to MCP_CONNECTION_ID)").optional()
 });
 mcpServer.registerTool(
   "query_database",
@@ -14700,10 +14705,10 @@ mcpServer.registerTool(
     description: "Execute SQL queries against the database. Use this when you need to SELECT data, INSERT rows, UPDATE records, DELETE data, CREATE tables, or run any other SQL statement. This is the primary tool for interacting with the database schema and data. Note: This tool respects table permissions - you can only access tables specified in MCP_ALLOWED_TABLES.",
     inputSchema: RunSqlSchema
   },
-  async ({ sql, params = [], proxyUrl }) => {
+  async ({ sql, params = [], relayUrl, connectionId }) => {
     try {
       const allowedTables = process.env.MCP_ALLOWED_TABLES ? process.env.MCP_ALLOWED_TABLES.split(",").map((t) => t.trim()) : [];
-      const result = await executeSql(proxyUrl ?? DEFAULT_PROXY_URL, sql, params, allowedTables);
+      const result = await executeSql(relayUrl ?? DEFAULT_RELAY_URL, sql, params, allowedTables, connectionId);
       return formatToolResult(result);
     } catch (error) {
       return mcpServer.createToolError(error instanceof Error ? error.message : String(error));
@@ -14716,7 +14721,7 @@ mcpServer.registerTool(
     description: "List tables in the database that you have access to. Use this when you need to discover what tables exist, explore the database schema, or find out what data is available before writing queries. Returns table names and their schemas. Note: Only shows tables you have permission to access.",
     inputSchema: ListTablesSchema
   },
-  async ({ schema, proxyUrl }) => {
+  async ({ schema, relayUrl, connectionId }) => {
     const allowedTables = process.env.MCP_ALLOWED_TABLES ? process.env.MCP_ALLOWED_TABLES.split(",").map((t) => t.trim()) : [];
     let sql = `
       SELECT table_schema, table_name
@@ -14741,7 +14746,7 @@ mcpServer.registerTool(
       });
     }
     try {
-      const result = await executeSql(proxyUrl ?? DEFAULT_PROXY_URL, sql, params, allowedTables);
+      const result = await executeSql(relayUrl ?? DEFAULT_RELAY_URL, sql, params, allowedTables, connectionId);
       return formatToolResult(result);
     } catch (error) {
       return mcpServer.createToolError(error instanceof Error ? error.message : String(error));
@@ -14754,7 +14759,7 @@ mcpServer.registerTool(
     description: 'Store information in long-term memory for later retrieval. Use this when the user tells you something they want you to remember, such as personal facts, preferences, context from previous conversations, or any information that should persist across sessions. Automatically generates embeddings and makes the content searchable via semantic search. Examples: "Remember that I prefer dark mode", "Remember that Max is from Sweden", "Remember my API key is...".',
     inputSchema: RememberSchema
   },
-  async ({ content, source = null, metadata = null, proxyUrl, embeddingUrl, embeddingModel }) => {
+  async ({ content, source = null, metadata = null, relayUrl, embeddingUrl, embeddingModel, connectionId }) => {
     try {
       const embedding = await generateEmbedding(content, embeddingUrl, embeddingModel);
       const allowedTables = process.env.MCP_ALLOWED_TABLES ? process.env.MCP_ALLOWED_TABLES.split(",").map((t) => t.trim()) : [];
@@ -14765,7 +14770,7 @@ mcpServer.registerTool(
         RETURNING id, source, chunk_index, content;
       `;
       const params = [source, null, content, metadata ? JSON.stringify(metadata) : null, embedding];
-      const result = await executeSql(proxyUrl ?? DEFAULT_PROXY_URL, sql, params, allowedTables);
+      const result = await executeSql(relayUrl ?? DEFAULT_RELAY_URL, sql, params, allowedTables, connectionId);
       const insertedRow = result.rows[0];
       return {
         content: [
@@ -14792,7 +14797,7 @@ mcpServer.registerTool(
     description: 'Search through previously stored memories and information using semantic similarity. Use this when the user asks about something you might have remembered earlier, or when you need to recall information from past conversations. Examples: "Where is Max from?", "What did I tell you about my preferences?", "What information do you have about X?". Automatically computes embeddings if not provided. Returns the most relevant stored information ranked by similarity.',
     inputSchema: SemanticSearchSchema
   },
-  async ({ query, embedding, topK, source = null, proxyUrl, embeddingUrl, embeddingModel }) => {
+  async ({ query, embedding, topK, source = null, relayUrl, embeddingUrl, embeddingModel, connectionId }) => {
     try {
       let queryEmbedding = embedding;
       if (!queryEmbedding) {
@@ -14815,7 +14820,7 @@ mcpServer.registerTool(
       LIMIT $3::int;
     `;
       const params = [queryEmbedding, source, topK];
-      const result = await executeSql(proxyUrl ?? DEFAULT_PROXY_URL, sql, params, allowedTables);
+      const result = await executeSql(relayUrl ?? DEFAULT_RELAY_URL, sql, params, allowedTables, connectionId);
       result.command = "RAG_SEMANTIC_SEARCH";
       return formatToolResult(result);
     } catch (error) {
@@ -14893,41 +14898,82 @@ async function encryptWithPublicKey(publicKey, data) {
   );
   return Buffer.from(encrypted).toString("base64");
 }
-async function fetchPublicKey(proxyUrl) {
+async function fetchPublicKey(relayUrl, connectionId) {
   try {
-    const baseUrl = proxyUrl.replace("/query", "");
-    const response = await fetch(`${baseUrl}/public-key`);
+    const relayUrlObj = new URL(relayUrl);
+    const pathParts = relayUrlObj.pathname.split("/").filter(Boolean);
+    let effectiveConnectionId = connectionId;
+    if (pathParts.length >= 2 && (pathParts[1] === "query" || pathParts[1] === "public-key")) {
+      effectiveConnectionId = pathParts[0];
+    } else if (pathParts[0] === "query" && pathParts[1]) {
+      effectiveConnectionId = pathParts[1];
+    } else if (pathParts[0] === "public-key" && pathParts[1]) {
+      effectiveConnectionId = pathParts[1];
+    } else if (!effectiveConnectionId) {
+      effectiveConnectionId = MCP_CONNECTION_ID;
+    }
+    if (!effectiveConnectionId) {
+      throw new Error("Connection ID is required to fetch public key. Include it in MCP_RELAY_HTTP_URL as /{connectionId}/query or set MCP_CONNECTION_ID");
+    }
+    const basePath = relayUrlObj.pathname.replace(/\/.*$/, "") || "";
+    relayUrlObj.pathname = `${basePath}/${effectiveConnectionId}/public-key`;
+    const publicKeyUrl = relayUrlObj.toString();
+    const response = await fetch(publicKeyUrl);
     if (!response.ok) {
       throw new Error(`Failed to fetch public key: ${response.status}`);
     }
     const data = await response.json();
     return data.publicKey;
   } catch (err) {
-    throw new Error(`Failed to fetch public key from proxy: ${err.message}`);
+    throw new Error(`Failed to fetch public key from relay: ${err.message}`);
   }
 }
-var cachedPublicKey = null;
-var cachedPublicKeyString = null;
-async function getPublicKey(proxyUrl) {
-  if (cachedPublicKey && cachedPublicKeyString) {
-    return cachedPublicKey;
+var publicKeyCache = /* @__PURE__ */ new Map();
+async function getPublicKey(relayUrl, connectionId) {
+  const cacheKey = connectionId ?? "default";
+  if (publicKeyCache.has(cacheKey)) {
+    return publicKeyCache.get(cacheKey);
   }
   let publicKeyString = MCP_PUBLIC_KEY;
   if (!publicKeyString) {
-    publicKeyString = await fetchPublicKey(proxyUrl);
+    if (!connectionId && !MCP_CONNECTION_ID) {
+      throw new Error("Connection ID is required to fetch public key. Set MCP_CONNECTION_ID or pass connectionId.");
+    }
+    publicKeyString = await fetchPublicKey(relayUrl, connectionId ?? MCP_CONNECTION_ID);
   }
-  cachedPublicKey = await importPublicKey(publicKeyString);
-  cachedPublicKeyString = publicKeyString;
-  return cachedPublicKey;
+  const publicKey = await importPublicKey(publicKeyString);
+  publicKeyCache.set(cacheKey, publicKey);
+  return publicKey;
 }
-async function executeSql(proxyUrl, sql, params, allowedTables) {
-  if (!proxyUrl) {
-    throw new Error("Proxy URL is not set. Provide MCP_PROXY_HTTP_URL or pass proxyUrl in the tool call.");
+async function executeSql(relayUrl, sql, params, allowedTables, connectionId) {
+  if (!relayUrl) {
+    throw new Error("Relay URL is not set. Provide MCP_RELAY_HTTP_URL or pass relayUrl in the tool call.");
+  }
+  const relayUrlObj = new URL(relayUrl);
+  const pathParts = relayUrlObj.pathname.split("/").filter(Boolean);
+  let queryUrl = relayUrl;
+  let effectiveConnectionId = connectionId;
+  if (pathParts.length >= 2 && pathParts[1] === "query") {
+    effectiveConnectionId = pathParts[0];
+    queryUrl = relayUrl;
+  } else if (pathParts[0] === "query" && pathParts[1]) {
+    effectiveConnectionId = pathParts[1];
+    queryUrl = relayUrl;
+  } else {
+    effectiveConnectionId = connectionId ?? MCP_CONNECTION_ID;
+    if (!effectiveConnectionId) {
+      throw new Error(
+        "Connection ID is required. Either include it in MCP_RELAY_HTTP_URL as /{connectionId}/query, or set MCP_CONNECTION_ID environment variable, or pass connectionId in the tool call."
+      );
+    }
+    const basePath = relayUrlObj.pathname.replace(/\/.*$/, "") || "";
+    relayUrlObj.pathname = `${basePath}/${effectiveConnectionId}/query`;
+    queryUrl = relayUrlObj.toString();
   }
   let requestBody;
   if (USE_ENCRYPTION) {
     try {
-      const publicKey = await getPublicKey(proxyUrl);
+      const publicKey = await getPublicKey(relayUrl, effectiveConnectionId);
       const payloadToEncrypt = JSON.stringify({ sql, params });
       const encryptedPayload = await encryptWithPublicKey(publicKey, payloadToEncrypt);
       requestBody = {
@@ -14950,18 +14996,18 @@ async function executeSql(proxyUrl, sql, params, allowedTables) {
       requestBody.allowedTables = allowedTables;
     }
   }
-  const response = await fetch(proxyUrl, {
+  const response = await fetch(queryUrl, {
     method: "POST",
     headers: { "content-type": "application/json" },
     body: JSON.stringify(requestBody)
   });
   if (!response.ok) {
     const errorData = await response.json().catch(() => ({}));
-    throw new Error(errorData.error ?? `Proxy request failed (${response.status})`);
+    throw new Error(errorData.error ?? `Relay request failed (${response.status})`);
   }
   const payload = await response.json();
   if (!payload.ok) {
-    throw new Error(payload.error ?? "Proxy returned an error");
+    throw new Error(payload.error ?? "Relay returned an error");
   }
   return payload.result ?? { columns: [], rows: [], command: "QUERY", rowCount: 0 };
 }
@@ -15010,9 +15056,9 @@ function formatValue(value) {
 async function main() {
   const transport = new StdioServerTransport();
   await mcpServer.connect(transport);
-  console.error("[mcp-server-postgres-wasm] listening on stdio");
+  console.error("[db4app-mcp-server] listening on stdio");
 }
 main().catch((error) => {
-  console.error("[mcp-server-postgres-wasm] fatal", error);
+  console.error("[db4app-mcp-server] fatal", error);
   process.exit(1);
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "db4app-mcp-server",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "MCP server for db4.app - enables LLMs to interact with browser-based Postgres databases via Model Context Protocol",
   "type": "module",
   "main": "./dist/index.js",