npm - mssql-mcp - Versions diffs - 2.1.1 → 2.3.1 - Mend

mssql-mcp 2.1.1 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/LICENSE +21 -0
package/README.md +161 -89
package/dist/src/config.d.ts +39 -0
package/dist/src/config.js +37 -0
package/dist/src/constants.d.ts +15 -0
package/dist/src/constants.js +15 -0
package/dist/src/db/connection.d.ts +8 -0
package/dist/src/db/connection.js +80 -0
package/dist/src/db/query-builders.d.ts +3 -0
package/dist/src/db/query-builders.js +58 -0
package/dist/src/db/validators.d.ts +5 -0
package/dist/src/db/validators.js +25 -0
package/dist/src/index.js +26 -0
package/dist/src/resources/connection.d.ts +2 -0
package/dist/src/resources/connection.js +19 -0
package/dist/src/resources/metadata.d.ts +2 -0
package/dist/src/resources/metadata.js +58 -0
package/dist/src/schemas/outputs.d.ts +153 -0
package/dist/src/schemas/outputs.js +54 -0
package/dist/src/server.d.ts +2 -0
package/dist/src/server.js +27 -0
package/dist/src/tools/connect.d.ts +2 -0
package/dist/src/tools/connect.js +45 -0
package/dist/src/tools/databases.d.ts +2 -0
package/dist/src/tools/databases.js +53 -0
package/dist/src/tools/procedure.d.ts +2 -0
package/dist/src/tools/procedure.js +106 -0
package/dist/src/tools/query.d.ts +2 -0
package/dist/src/tools/query.js +92 -0
package/dist/src/tools/schema.d.ts +2 -0
package/dist/src/tools/schema.js +96 -0
package/dist/src/tools/status.d.ts +2 -0
package/dist/src/tools/status.js +17 -0
package/dist/src/tools/table.d.ts +2 -0
package/dist/src/tools/table.js +261 -0
package/dist/src/transports/http.d.ts +3 -0
package/dist/src/transports/http.js +54 -0
package/dist/src/transports/stdio.d.ts +2 -0
package/dist/src/transports/stdio.js +23 -0
package/dist/src/types.d.ts +37 -0
package/dist/src/types.js +1 -0
package/dist/src/utils/errors.d.ts +19 -0
package/dist/src/utils/errors.js +29 -0
package/dist/src/utils/format.d.ts +6 -0
package/dist/src/utils/format.js +27 -0
package/dist/src/utils/markdown.d.ts +3 -0
package/dist/src/utils/markdown.js +33 -0
package/dist/src/utils/pagination.d.ts +3 -0
package/dist/src/utils/pagination.js +18 -0
package/dist/tests/unit/markdown.test.d.ts +1 -0
package/dist/tests/unit/markdown.test.js +70 -0
package/dist/tests/unit/query-builders.test.d.ts +1 -0
package/dist/tests/unit/query-builders.test.js +63 -0
package/dist/tests/unit/tool-contracts.test.d.ts +1 -0
package/dist/tests/unit/tool-contracts.test.js +62 -0
package/dist/tests/unit/validators.test.d.ts +1 -0
package/dist/tests/unit/validators.test.js +51 -0
package/package.json +10 -6
package/dist/index.js +0 -648
/package/dist/{index.d.ts → src/index.d.ts} +0 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2024-2025 BYMCS
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,7 +1,18 @@
-# MS SQL Server MCP Server v2.1.1
+# MS SQL Server MCP Server v2.3.1
 🚀 **Model Context Protocol (MCP) server** for Microsoft SQL Server - compatible with Claude Desktop, Cursor, Windsurf and VS Code.
+[![CI](https://github.com/BYMCS/mssql-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/BYMCS/mssql-mcp/actions/workflows/ci.yml)
+[![npm version](https://img.shields.io/npm/v/mssql-mcp.svg)](https://www.npmjs.com/package/mssql-mcp)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+## Standards Alignment
+- Protocol target: [MCP draft/latest spec](https://modelcontextprotocol.io/specification/draft/server/tools)
+- Transport spec: [Transports](https://modelcontextprotocol.io/specification/draft/basic/transports)
+- Security: [Security best practices](https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices)
+- SDK: `@modelcontextprotocol/sdk` pinned to `1.28.0`
 ## 🚀 Quick Start
 ### 1. Install
@@ -52,118 +63,179 @@ npm install -g mssql-mcp
 }
 ```
-> Replace with your actual database credentials.
+**HTTP transport** (remote/hosted scenarios):
+```json
+{
+  "servers": {
+    "mssql": {
+      "type": "http",
+      "url": "http://127.0.0.1:3001",
+      "env": {}
+    }
+  }
+}
+```
+> Replace with your actual database credentials. Credentials are read from the **server environment only** — never passed as tool parameters.
+## ��️ Tool Catalog
+### Primary tools (use these)
+| Tool | Read-only | Description |
+|------|-----------|-------------|
+| `mssql_connect_database` | No | Connect using env variables. Idempotent. |
+| `mssql_disconnect_database` | No | Close connection. Idempotent. |
+| `mssql_connection_status` | ✅ | Connection state and pool metrics |
+| `mssql_run_sql_query` | ⚠️ No | Execute arbitrary SQL. **May mutate data.** |
+| `mssql_list_schema_objects` | ✅ | List tables/views/procedures/functions with pagination |
+| `mssql_describe_table_columns` | ✅ | Column definitions for a table |
+| `mssql_read_table_rows` | ✅ | Paginated rows with projection and safe WHERE |
+| `mssql_execute_stored_procedure` | ⚠️ No | Execute a stored procedure |
+| `mssql_list_databases` | ✅ | List all databases on the instance |
+All data tools accept a `response_format` parameter (`"json"` | `"markdown"`, default `"json"`). Use `"markdown"` to get human-readable table output.
+### Deprecated aliases (still work for backward compatibility)
+| Old name | Use instead |
+|----------|-------------|
+| `connect_database` | `mssql_connect_database` |
+| `disconnect_database` | `mssql_disconnect_database` |
+| `connection_status` | `mssql_connection_status` |
+| `execute_query` | `mssql_run_sql_query` |
+| `run_sql_query` | `mssql_run_sql_query` |
+| `get_schema` | `mssql_list_schema_objects` |
+| `list_schema_objects` | `mssql_list_schema_objects` |
+| `describe_table` | `mssql_describe_table_columns` |
+| `describe_table_columns` | `mssql_describe_table_columns` |
+| `get_table_data` | `mssql_read_table_rows` |
+| `read_table_rows` | `mssql_read_table_rows` |
+| `execute_procedure` | `mssql_execute_stored_procedure` |
+| `execute_stored_procedure` | `mssql_execute_stored_procedure` |
+| `list_databases` | `mssql_list_databases` |
+## 🚌 Transport Modes
+| Mode | Use when |
+|------|----------|
+| `stdio` (default) | Local IDE integration (Claude Desktop, Cursor, VS Code) |
+| `http` | Remote/hosted deployment, testing with MCP Inspector |
-## 🛠️ Available Tools
+```bash
+# stdio (default)
+node dist/src/index.js
-| Tool | Description |
-|------|-------------|
-| `connect_database` | Connect to database using environment variables |
-| `disconnect_database` | Close current database connection |
-| `connection_status` | Check connection state with pool info |
-| `execute_query` | Execute any SQL query with parameters |
-| `get_schema` | List database objects (tables, views, procedures) |
-| `describe_table` | Get detailed table structure |
-| `get_table_data` | Retrieve data with pagination |
-| `execute_procedure` | Execute stored procedures |
-| `list_databases` | List all databases |
+# HTTP on 127.0.0.1:3001
+MCP_TRANSPORT=http node dist/src/index.js
+# Custom HTTP host/port
+MCP_TRANSPORT=http MCP_HOST=0.0.0.0 MCP_PORT=8080 node dist/src/index.js
+```
 ## 🔧 Environment Variables
+### Database connection
 | Variable | Required | Default | Description |
 |----------|----------|---------|-------------|
-| `DB_SERVER` | ✅ | - | SQL Server hostname |
-| `DB_DATABASE` | ❌ | - | Database name |
-| `DB_USER` | ❌ | - | Username |
-| `DB_PASSWORD` | ❌ | - | Password |
-| `DB_PORT` | ❌ | 1433 | SQL Server port |
-| `DB_ENCRYPT` | ❌ | true | Enable TLS encryption (required for Azure SQL) |
-| `DB_TRUST_SERVER_CERTIFICATE` | ❌ | false | Trust self-signed certificates |
-| `DB_CONNECTION_TIMEOUT` | ❌ | 30000 | Connection timeout (ms) |
-| `DB_REQUEST_TIMEOUT` | ❌ | 30000 | Request timeout (ms) |
-### Azure SQL Configuration
-For Azure SQL Database, use these settings:
-```json
-{
-  "DB_ENCRYPT": "true",
-  "DB_TRUST_SERVER_CERTIFICATE": "false"
-}
-```
+| `DB_SERVER` | ✅ | — | SQL Server hostname or IP |
+| `DB_DATABASE` | ❌ | — | Database name |
+| `DB_USER` | ❌ | — | Login username |
+| `DB_PASSWORD` | ❌ | — | Login password |
+| `DB_PORT` | ❌ | 1433 | TCP port |
+| `DB_ENCRYPT` | ❌ | true | Enable TLS (required for Azure SQL) |
+| `DB_TRUST_SERVER_CERTIFICATE` | ❌ | false | Trust self-signed certs |
+| `DB_CONNECTION_TIMEOUT` | ❌ | 30000 | Connection timeout ms |
+| `DB_REQUEST_TIMEOUT` | ❌ | 30000 | Query timeout ms |
-### Local SQL Server (Self-signed cert)
-For local development with self-signed certificates:
-```json
-{
-  "DB_ENCRYPT": "true",
-  "DB_TRUST_SERVER_CERTIFICATE": "true"
-}
-```
+### Transport
-## 🏆 Features
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `MCP_TRANSPORT` | `stdio` | `stdio` or `http` |
+| `MCP_HOST` | `127.0.0.1` | HTTP bind address |
+| `MCP_PORT` | `3001` | HTTP port |
-- ✅ **MCP SDK 1.25.1**: Latest Model Context Protocol SDK
-- ✅ **Azure SQL Compatible**: TLS encryption enabled by default
-- ✅ **Complete SQL Support**: All database operations
-- ✅ **Parameterized Queries**: SQL injection protection
-- ✅ **Connection Pooling**: Efficient resource management
-- ✅ **Performance Monitoring**: Execution time tracking
+## 🔒 Security Model
-## 📋 Usage Examples
+- **No credential parameters**: All connection settings come from environment variables only. Tool inputs cannot override connection config.
+- **Identifier validation**: Schema, table, and procedure names are validated against a safe identifier pattern before interpolation into SQL.
+- **Parameterized queries**: All user-supplied values (WHERE clause values, column values) must be passed as named parameters via `@paramName` — never embedded in query strings.
+- **Origin validation**: HTTP transport validates `Origin` header and only allows localhost by default.
+- **SQL risk labeling**: `run_sql_query` and `execute_stored_procedure` are explicitly labeled as non-read-only and open-world.
-### Connect to Database
-```
-Use the connect_database tool to establish a connection.
-```
+### ⚠️ SQL Risk Notes
-### Execute a Query
-```sql
-SELECT TOP 10 * FROM Customers WHERE Country = @country
--- With parameters: { "country": "USA" }
-```
+`run_sql_query` accepts arbitrary SQL including DDL and DML. To minimize risk:
+- Use a least-privilege SQL login (SELECT-only where possible)
+- Never run the server with a `sysadmin` or `sa` account
+- Consider network firewall rules to limit what the server can reach
-### Get Table Schema
-```
-Use describe_table with tableName: "Customers" to see column details.
-```
+## 📄 Pagination
-## 🔍 Troubleshooting
+All list tools return a `pagination` object:
-**❌ Connection failed**
-- Verify all required environment variables are set
-- Check server accessibility and credentials
-- Ensure network connectivity to SQL Server
+```json
+{
+  "count": 20,
+  "limit": 20,
+  "offset": 0,
+  "has_more": true,
+  "next_offset": 20,
+  "total_count": 150
+}
+```
-**❌ SSL/Certificate errors**
-- For Azure SQL: Set `DB_ENCRYPT=true` (default)
-- For self-signed certs: Set `DB_TRUST_SERVER_CERTIFICATE=true`
-- For local dev without encryption: Set `DB_ENCRYPT=false`
+Default page size: **20 rows**. Maximum: **200 rows**.
-## 📋 Version History
+Results are also truncated if the serialized payload exceeds 100KB, with a `truncation_message` explaining how many rows were dropped.
-### v2.1.1 - Latest
-- ✅ Added `DB_ENCRYPT` environment variable (Issue #1)
-- ✅ Azure SQL Database compatibility improved
-- ✅ Encryption enabled by default (`DB_ENCRYPT=true`)
-- ✅ Fixed `DB_TRUST_SERVER_CERTIFICATE` default to `false`
+## 🏗️ Architecture
-### v2.1.0
-- ✅ Updated to MCP SDK 1.25.1
-- ✅ Migrated to `registerTool()` / `registerResource()` API
-- ✅ Added tool titles for better UI display
+```
+src/
+  index.ts          ← bootstrap (env, transport selection)
+  server.ts         ← createServer() factory
+  constants.ts      ← limits, defaults, protocol strings
+  config.ts         ← env parsing
+  types.ts          ← shared TypeScript interfaces
+  db/
+    connection.ts   ← connection pool singleton
+    validators.ts   ← SQL identifier validation
+    query-builders.ts ← safe parameterized query construction
+  tools/            ← one file per tool group
+  resources/        ← MCP resource handlers
+  transports/       ← stdio and HTTP transports
+  utils/
+    errors.ts       ← error normalization helpers
+    format.ts       ← JSON formatting, payload truncation
+    markdown.ts     ← markdown table/list rendering helpers
+    pagination.ts   ← pagination metadata helpers
+```
-### v2.0.3
-- ✅ Documentation improvements
+## 🧪 Inspector Smoke Test
-## 📄 License
+```bash
+npx @modelcontextprotocol/inspector
+```
-MIT License
+Expected:
+- stdio server connects
+- Tool list renders with all tools
+- `mssql_connection_status` returns JSON without a connection
+- `mssql_connect_database` works when env variables are set
-## 🆘 Support
+## 🔨 Development
-- **Issues**: [GitHub Issues](https://github.com/BYMCS/mssql-mcp/issues)
-- **Repository**: [BYMCS/mssql-mcp](https://github.com/BYMCS/mssql-mcp)
+```bash
+npm install
+npm run typecheck   # type check only
+npm run build       # compile TypeScript
+npm test            # run unit tests
+npm run ci          # typecheck + build + test
+```
----
+## License
-**🎉 v2.1.1: Azure SQL compatibility with DB_ENCRYPT support**
+[MIT](LICENSE) © BYMCS

package/dist/src/config.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { z } from "zod";
+import type { DatabaseConfig } from "./types.js";
+export declare const ConfigSchema: z.ZodObject<{
+    server: z.ZodString;
+    database: z.ZodOptional<z.ZodString>;
+    user: z.ZodOptional<z.ZodString>;
+    password: z.ZodOptional<z.ZodString>;
+    port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    encrypt: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    trustServerCertificate: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    connectionTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    requestTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, "strip", z.ZodTypeAny, {
+    server: string;
+    port: number;
+    encrypt: boolean;
+    trustServerCertificate: boolean;
+    connectionTimeout: number;
+    requestTimeout: number;
+    database?: string | undefined;
+    user?: string | undefined;
+    password?: string | undefined;
+}, {
+    server: string;
+    database?: string | undefined;
+    port?: number | undefined;
+    user?: string | undefined;
+    password?: string | undefined;
+    encrypt?: boolean | undefined;
+    trustServerCertificate?: boolean | undefined;
+    connectionTimeout?: number | undefined;
+    requestTimeout?: number | undefined;
+}>;
+export declare function loadConfigFromEnv(): DatabaseConfig;
+export interface HttpConfig {
+    host: string;
+    port: number;
+}
+export declare function loadHttpConfig(): HttpConfig;

package/dist/src/config.js ADDED Viewed

@@ -0,0 +1,37 @@
+import { z } from "zod";
+import { DEFAULT_PORT, DEFAULT_ENCRYPT, DEFAULT_TRUST_SERVER_CERTIFICATE, DEFAULT_CONNECTION_TIMEOUT, DEFAULT_REQUEST_TIMEOUT, } from "./constants.js";
+export const ConfigSchema = z.object({
+    server: z.string().min(1, "Server address is required"),
+    database: z.string().optional(),
+    user: z.string().optional(),
+    password: z.string().optional(),
+    port: z.number().int().min(1).max(65535).optional().default(DEFAULT_PORT),
+    encrypt: z.boolean().optional().default(DEFAULT_ENCRYPT),
+    trustServerCertificate: z.boolean().optional().default(DEFAULT_TRUST_SERVER_CERTIFICATE),
+    connectionTimeout: z.number().int().min(1000).max(60000).optional().default(DEFAULT_CONNECTION_TIMEOUT),
+    requestTimeout: z.number().int().min(1000).max(300000).optional().default(DEFAULT_REQUEST_TIMEOUT),
+});
+export function loadConfigFromEnv() {
+    const raw = {
+        server: process.env.DB_SERVER,
+        database: process.env.DB_DATABASE,
+        user: process.env.DB_USER,
+        password: process.env.DB_PASSWORD,
+        port: process.env.DB_PORT ? parseInt(process.env.DB_PORT, 10) : DEFAULT_PORT,
+        encrypt: process.env.DB_ENCRYPT !== "false",
+        trustServerCertificate: process.env.DB_TRUST_SERVER_CERTIFICATE === "true",
+        connectionTimeout: process.env.DB_CONNECTION_TIMEOUT
+            ? parseInt(process.env.DB_CONNECTION_TIMEOUT, 10)
+            : DEFAULT_CONNECTION_TIMEOUT,
+        requestTimeout: process.env.DB_REQUEST_TIMEOUT
+            ? parseInt(process.env.DB_REQUEST_TIMEOUT, 10)
+            : DEFAULT_REQUEST_TIMEOUT,
+    };
+    return ConfigSchema.parse(raw);
+}
+export function loadHttpConfig() {
+    return {
+        host: process.env.MCP_HOST ?? "127.0.0.1",
+        port: process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3001,
+    };
+}

package/dist/src/constants.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+export declare const SERVER_NAME = "mssql-mcp-server";
+export declare const SERVER_VERSION = "2.3.1";
+export declare const DEFAULT_PORT = 1433;
+export declare const DEFAULT_ENCRYPT = true;
+export declare const DEFAULT_TRUST_SERVER_CERTIFICATE = false;
+export declare const DEFAULT_CONNECTION_TIMEOUT = 30000;
+export declare const DEFAULT_REQUEST_TIMEOUT = 30000;
+export declare const POOL_MAX = 10;
+export declare const POOL_MIN = 0;
+export declare const POOL_IDLE_TIMEOUT_MS = 30000;
+export declare const DEFAULT_PAGE_SIZE = 20;
+export declare const MAX_PAGE_SIZE = 200;
+export declare const MAX_TEXT_PAYLOAD_BYTES = 100000;
+export declare const HTTP_DEFAULT_HOST = "127.0.0.1";
+export declare const HTTP_DEFAULT_PORT = 3001;

package/dist/src/constants.js ADDED Viewed

@@ -0,0 +1,15 @@
+export const SERVER_NAME = "mssql-mcp-server";
+export const SERVER_VERSION = "2.3.1";
+export const DEFAULT_PORT = 1433;
+export const DEFAULT_ENCRYPT = true;
+export const DEFAULT_TRUST_SERVER_CERTIFICATE = false;
+export const DEFAULT_CONNECTION_TIMEOUT = 30000;
+export const DEFAULT_REQUEST_TIMEOUT = 30000;
+export const POOL_MAX = 10;
+export const POOL_MIN = 0;
+export const POOL_IDLE_TIMEOUT_MS = 30000;
+export const DEFAULT_PAGE_SIZE = 20;
+export const MAX_PAGE_SIZE = 200;
+export const MAX_TEXT_PAYLOAD_BYTES = 100_000;
+export const HTTP_DEFAULT_HOST = "127.0.0.1";
+export const HTTP_DEFAULT_PORT = 3001;

package/dist/src/db/connection.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import sql from "mssql";
+import type { DatabaseConfig, ConnectionState } from "../types.js";
+export declare function connectPool(config: DatabaseConfig): Promise<void>;
+export declare function disconnectPool(): Promise<void>;
+export declare function getPool(): sql.ConnectionPool | null;
+export declare function requirePool(): sql.ConnectionPool;
+export declare function getConnectionState(): ConnectionState;
+export declare function closePoolOnShutdown(): Promise<void>;

package/dist/src/db/connection.js ADDED Viewed

@@ -0,0 +1,80 @@
+import sql from "mssql";
+import { POOL_MAX, POOL_MIN, POOL_IDLE_TIMEOUT_MS } from "../constants.js";
+let pool = null;
+let currentConfig = null;
+export async function connectPool(config) {
+    if (pool) {
+        console.error("Closing existing connection...");
+        await pool.close();
+        pool = null;
+    }
+    console.error(`Connecting to ${config.server}:${config.port}`);
+    const newPool = new sql.ConnectionPool({
+        server: config.server,
+        database: config.database,
+        user: config.user,
+        password: config.password,
+        port: config.port,
+        options: {
+            encrypt: config.encrypt,
+            trustServerCertificate: config.trustServerCertificate,
+            enableArithAbort: true,
+        },
+        connectionTimeout: config.connectionTimeout,
+        requestTimeout: config.requestTimeout,
+        pool: { max: POOL_MAX, min: POOL_MIN, idleTimeoutMillis: POOL_IDLE_TIMEOUT_MS },
+    });
+    newPool.on("error", (err) => {
+        console.error("Pool error:", err);
+    });
+    try {
+        await newPool.connect();
+        pool = newPool;
+        currentConfig = config;
+        console.error(`Connected to ${config.server}${config.database ? `/${config.database}` : ""}`);
+    }
+    catch (err) {
+        try {
+            await newPool.close();
+        }
+        catch { /* ignore */ }
+        throw err;
+    }
+}
+export async function disconnectPool() {
+    if (pool) {
+        await pool.close();
+        pool = null;
+        currentConfig = null;
+    }
+}
+export function getPool() {
+    return pool;
+}
+export function requirePool() {
+    if (!pool?.connected) {
+        throw new Error("No active database connection. Use connect_database first.");
+    }
+    return pool;
+}
+export function getConnectionState() {
+    return {
+        connected: pool?.connected ?? false,
+        config: currentConfig
+            ? { server: currentConfig.server, database: currentConfig.database, port: currentConfig.port }
+            : null,
+        pool_info: pool
+            ? { size: pool.size, available: pool.available, pending: pool.pending, borrowed: pool.borrowed }
+            : null,
+    };
+}
+export async function closePoolOnShutdown() {
+    if (pool) {
+        try {
+            await pool.close();
+        }
+        catch { /* ignore */ }
+        pool = null;
+        currentConfig = null;
+    }
+}

package/dist/src/db/query-builders.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare function buildSelectQuery(schemaName: string, tableName: string, columns: string[] | null, orderBy: string | null, offset: number, limit: number): string;
+export declare function buildSelectWithWhereQuery(schemaName: string, tableName: string, columns: string[] | null, whereClause: string, orderBy: string | null, offset: number, limit: number): string;
+export declare function buildSchemaObjectsQuery(objectType: "tables" | "views" | "procedures" | "functions" | "all", schemaName?: string): string;

package/dist/src/db/query-builders.js ADDED Viewed

@@ -0,0 +1,58 @@
+import { bracketIdentifier } from "./validators.js";
+export function buildSelectQuery(schemaName, tableName, columns, orderBy, offset, limit) {
+    const safeSchema = bracketIdentifier(schemaName);
+    const safeTable = bracketIdentifier(tableName);
+    const projection = columns && columns.length > 0 ? columns.map(bracketIdentifier).join(", ") : "*";
+    const order = orderBy ?? "(SELECT NULL)";
+    return (`SELECT ${projection} FROM ${safeSchema}.${safeTable}` +
+        ` ORDER BY ${order}` +
+        ` OFFSET ${offset} ROWS FETCH NEXT ${limit} ROWS ONLY`);
+}
+export function buildSelectWithWhereQuery(schemaName, tableName, columns, whereClause, orderBy, offset, limit) {
+    const safeSchema = bracketIdentifier(schemaName);
+    const safeTable = bracketIdentifier(tableName);
+    const projection = columns && columns.length > 0 ? columns.map(bracketIdentifier).join(", ") : "*";
+    const order = orderBy ?? "(SELECT NULL)";
+    return (`SELECT ${projection} FROM ${safeSchema}.${safeTable}` +
+        ` WHERE ${whereClause}` +
+        ` ORDER BY ${order}` +
+        ` OFFSET ${offset} ROWS FETCH NEXT ${limit} ROWS ONLY`);
+}
+export function buildSchemaObjectsQuery(objectType, schemaName) {
+    const parts = [];
+    const schemaFilter = schemaName ? "TABLE_SCHEMA = @schemaName" : null;
+    const routineSchemaFilter = schemaName ? "ROUTINE_SCHEMA = @schemaName" : null;
+    if (objectType === "tables" || objectType === "all") {
+        parts.push(`
+      SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_TYPE, 'table' as OBJECT_TYPE
+      FROM INFORMATION_SCHEMA.TABLES
+      ${schemaFilter ? `WHERE ${schemaFilter}` : ""}
+    `);
+    }
+    if (objectType === "views" || objectType === "all") {
+        parts.push(`
+      SELECT TABLE_SCHEMA, TABLE_NAME, 'VIEW' as TABLE_TYPE, 'view' as OBJECT_TYPE
+      FROM INFORMATION_SCHEMA.VIEWS
+      ${schemaFilter ? `WHERE ${schemaFilter}` : ""}
+    `);
+    }
+    if (objectType === "procedures" || objectType === "all") {
+        parts.push(`
+      SELECT ROUTINE_SCHEMA as TABLE_SCHEMA, ROUTINE_NAME as TABLE_NAME,
+             'PROCEDURE' as TABLE_TYPE, 'procedure' as OBJECT_TYPE
+      FROM INFORMATION_SCHEMA.ROUTINES
+      WHERE ROUTINE_TYPE = 'PROCEDURE'
+      ${routineSchemaFilter ? `AND ${routineSchemaFilter}` : ""}
+    `);
+    }
+    if (objectType === "functions" || objectType === "all") {
+        parts.push(`
+      SELECT ROUTINE_SCHEMA as TABLE_SCHEMA, ROUTINE_NAME as TABLE_NAME,
+             'FUNCTION' as TABLE_TYPE, 'function' as OBJECT_TYPE
+      FROM INFORMATION_SCHEMA.ROUTINES
+      WHERE ROUTINE_TYPE = 'FUNCTION'
+      ${routineSchemaFilter ? `AND ${routineSchemaFilter}` : ""}
+    `);
+    }
+    return parts.join(" UNION ALL ") + " ORDER BY TABLE_SCHEMA, TABLE_NAME";
+}

package/dist/src/db/validators.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare const SAFE_IDENTIFIER_RE: RegExp;
+export declare function isValidIdentifier(name: string): boolean;
+export declare function validateIdentifier(name: string, label: string): string;
+export declare function bracketIdentifier(name: string): string;
+export declare function validateOrderBy(orderBy: string): string;

package/dist/src/db/validators.js ADDED Viewed

@@ -0,0 +1,25 @@
+// Safe SQL identifier validation.
+// Only validates identifier names (schema, table, procedure) — never user values.
+// User values must always be passed as mssql parameters, never interpolated.
+export const SAFE_IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_$#@]{0,127}$/;
+export function isValidIdentifier(name) {
+    return SAFE_IDENTIFIER_RE.test(name);
+}
+export function validateIdentifier(name, label) {
+    if (!isValidIdentifier(name)) {
+        throw new Error(`Invalid ${label} "${name}". Identifiers must start with a letter or underscore and contain only letters, digits, underscores, $, #, @.`);
+    }
+    return name;
+}
+export function bracketIdentifier(name) {
+    validateIdentifier(name, "identifier");
+    return `[${name}]`;
+}
+// ORDER BY: allows column names (optionally bracketed), dotted refs, ASC/DESC
+const ORDER_BY_RE = /^(\[?[a-zA-Z_][a-zA-Z0-9_$#@.]*\]?(\s+(ASC|DESC))?)((\s*,\s*)\[?[a-zA-Z_][a-zA-Z0-9_$#@.]*\]?(\s+(ASC|DESC))?)*$/i;
+export function validateOrderBy(orderBy) {
+    if (!ORDER_BY_RE.test(orderBy.trim())) {
+        throw new Error("Invalid ORDER BY clause. Only column names, commas, and ASC/DESC direction keywords are allowed.");
+    }
+    return orderBy.trim();
+}

package/dist/src/index.js ADDED Viewed

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+import dotenv from "dotenv";
+import { createServer } from "./server.js";
+import { runStdioTransport } from "./transports/stdio.js";
+import { runHttpTransport } from "./transports/http.js";
+import { loadHttpConfig } from "./config.js";
+import { SERVER_VERSION } from "./constants.js";
+dotenv.config();
+async function main() {
+    const transport = process.env.MCP_TRANSPORT ?? "stdio";
+    const server = createServer();
+    if (transport === "http") {
+        const httpConfig = loadHttpConfig();
+        console.error(`MSSQL MCP Server v${SERVER_VERSION} starting (HTTP mode)...`);
+        await runHttpTransport(server, httpConfig);
+    }
+    else {
+        console.error(`MSSQL MCP Server v${SERVER_VERSION} starting (stdio mode)...`);
+        await runStdioTransport(server);
+        console.error("Server ready.");
+    }
+}
+main().catch((err) => {
+    console.error("Fatal startup error:", err);
+    process.exit(1);
+});

package/dist/src/resources/connection.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2	+ export declare function registerConnectionResource(server: McpServer): void;

package/dist/src/resources/connection.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { getConnectionState } from "../db/connection.js";
+export function registerConnectionResource(server) {
+    server.registerResource("connection-info", "mssql://connection/info", {
+        title: "Connection Info",
+        description: "Current MSSQL connection status and configuration (no credentials exposed).",
+        mimeType: "application/json",
+    }, async () => {
+        const state = getConnectionState();
+        return {
+            contents: [
+                {
+                    uri: "mssql://connection/info",
+                    text: JSON.stringify(state, null, 2),
+                    mimeType: "application/json",
+                },
+            ],
+        };
+    });
+}

package/dist/src/resources/metadata.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2	+ export declare function registerMetadataResources(server: McpServer): void;