mssql-agent-mcp 1.0.0__py3-none-any.whl → 1.1.0__py3-none-any.whl

mssql_agent_mcp/config.py

@@ -2,8 +2,23 @@
 
 import os
 
+
+def _parse_bool(value: str, default: bool = False) -> bool:
+    """Parse a string value to boolean."""
+    if not value:
+        return default
+    return value.lower() in ("true", "1", "yes")
+
+
 # Security configuration
-READONLY_MODE = os.getenv("MSSQL_READONLY", "true").lower() in ("true", "1", "yes")
+READONLY_MODE = _parse_bool(os.getenv("MSSQL_READONLY", "true"), default=True)
+
+# Granular write permission controls (only effective when READONLY_MODE is False)
+ALLOW_INSERT = _parse_bool(os.getenv("MSSQL_ALLOW_INSERT", "true"), default=True)
+ALLOW_UPDATE = _parse_bool(os.getenv("MSSQL_ALLOW_UPDATE", "true"), default=True)
+ALLOW_DELETE = _parse_bool(os.getenv("MSSQL_ALLOW_DELETE", "true"), default=True)
+ALLOW_DDL = _parse_bool(os.getenv("MSSQL_ALLOW_DDL", "true"), default=True)  # CREATE, ALTER, DROP
+ALLOW_EXEC = _parse_bool(os.getenv("MSSQL_ALLOW_EXEC", "true"), default=True)  # EXEC, EXECUTE
 
 # Database configuration from environment variables
 DB_CONFIG = {
@@ -18,8 +33,77 @@ DB_CONFIG = {
     "auth_mode": os.getenv("MSSQL_AUTH_MODE", "sql"),  # sql, windows, azure
 }
 
-# Blocked SQL statement types when in readonly mode
-BLOCKED_STATEMENT_TYPES = {
-    "INSERT", "UPDATE", "DELETE", "DROP", "CREATE", "ALTER",
-    "TRUNCATE", "MERGE", "EXEC", "EXECUTE", "GRANT", "REVOKE", "DENY",
-}
+# Statement type categories for granular control
+INSERT_STATEMENTS = {"INSERT", "MERGE"}
+UPDATE_STATEMENTS = {"UPDATE"}
+DELETE_STATEMENTS = {"DELETE", "TRUNCATE"}
+DDL_STATEMENTS = {"CREATE", "ALTER", "DROP", "GRANT", "REVOKE", "DENY"}
+EXEC_STATEMENTS = {"EXEC", "EXECUTE"}
+
+# All blocked statement types when in full readonly mode
+BLOCKED_STATEMENT_TYPES = (
+    INSERT_STATEMENTS | UPDATE_STATEMENTS | DELETE_STATEMENTS | DDL_STATEMENTS | EXEC_STATEMENTS
+)
+
+
+def is_readonly() -> bool:
+    """Check if the server is in read-only mode."""
+    return READONLY_MODE
+
+
+def is_insert_allowed() -> bool:
+    """Check if INSERT operations are allowed."""
+    return not READONLY_MODE and ALLOW_INSERT
+
+
+def is_update_allowed() -> bool:
+    """Check if UPDATE operations are allowed."""
+    return not READONLY_MODE and ALLOW_UPDATE
+
+
+def is_delete_allowed() -> bool:
+    """Check if DELETE operations are allowed."""
+    return not READONLY_MODE and ALLOW_DELETE
+
+
+def is_ddl_allowed() -> bool:
+    """Check if DDL operations (CREATE, ALTER, DROP) are allowed."""
+    return not READONLY_MODE and ALLOW_DDL
+
+
+def is_exec_allowed() -> bool:
+    """Check if EXEC/EXECUTE operations are allowed."""
+    return not READONLY_MODE and ALLOW_EXEC
+
+
+def get_blocked_statements() -> set[str]:
+    """Get the set of currently blocked statement types based on configuration."""
+    if READONLY_MODE:
+        return BLOCKED_STATEMENT_TYPES.copy()
+
+    blocked = set()
+    if not ALLOW_INSERT:
+        blocked.update(INSERT_STATEMENTS)
+    if not ALLOW_UPDATE:
+        blocked.update(UPDATE_STATEMENTS)
+    if not ALLOW_DELETE:
+        blocked.update(DELETE_STATEMENTS)
+    if not ALLOW_DDL:
+        blocked.update(DDL_STATEMENTS)
+    if not ALLOW_EXEC:
+        blocked.update(EXEC_STATEMENTS)
+
+    return blocked
+
+
+def get_permission_summary() -> dict:
+    """Get a summary of current permission settings."""
+    return {
+        "readonly_mode": READONLY_MODE,
+        "allow_insert": is_insert_allowed(),
+        "allow_update": is_update_allowed(),
+        "allow_delete": is_delete_allowed(),
+        "allow_ddl": is_ddl_allowed(),
+        "allow_exec": is_exec_allowed(),
+        "blocked_statements": list(get_blocked_statements()),
+    }

mssql_agent_mcp/tools/database.py

@@ -2,7 +2,7 @@
 
 from typing import Annotated
 
-from ..config import READONLY_MODE
+from ..config import is_readonly
 from ..utils import format_result, get_connection, rows_to_dicts, validate_query
 
 
@@ -30,10 +30,10 @@ def execute(
     sql: Annotated[str, "The SQL statement to execute (INSERT, UPDATE, DELETE, CREATE, etc.)"]
 ) -> str:
     """Execute a SQL statement (INSERT, UPDATE, DELETE, CREATE, etc.) and return affected rows count."""
-    if READONLY_MODE:
-        return format_result({
-            "error": "Write operations are disabled in read-only mode. Set MSSQL_READONLY=false to enable."
-        })
+    # Use validate_query for granular permission checking
+    is_valid, error_msg = validate_query(sql)
+    if not is_valid:
+        return format_result({"error": error_msg})
 
     conn = get_connection()
     try:

mssql_agent_mcp/tools/jobs.py

@@ -6,7 +6,7 @@ import shutil
 from pathlib import Path
 from typing import Annotated
 
-from ..config import READONLY_MODE
+from ..config import is_exec_allowed
 from ..utils import (
     format_result,
     get_connection,
@@ -488,8 +488,8 @@ def update_job_step_from_file(
     if not validation_result["valid"]:
         return format_result({"success": False, "error": f"SQL validation failed: {validation_result['error']}"})
 
-    if READONLY_MODE:
-        return format_result({"success": False, "error": "Write operations are disabled in read-only mode."})
+    if not is_exec_allowed():
+        return format_result({"success": False, "error": "EXEC operations are disabled by configuration."})
 
     # Update job step
     try:
@@ -627,8 +627,8 @@ def create_job_step_from_file(
 
     db_name = database_name or "master"
 
-    if READONLY_MODE:
-        return format_result({"success": False, "error": "Write operations are disabled in read-only mode."})
+    if not is_exec_allowed():
+        return format_result({"success": False, "error": "EXEC operations are disabled by configuration."})
 
     # Create job step
     try:

mssql_agent_mcp/tools/procedures.py

@@ -4,7 +4,7 @@ import re
 from pathlib import Path
 from typing import Annotated
 
-from ..config import READONLY_MODE
+from ..config import is_ddl_allowed
 from ..utils import (
     format_result,
     get_connection,
@@ -323,8 +323,8 @@ def update_procedure_from_file(
     elif not sql_upper.startswith("ALTER"):
         return format_result({"success": False, "error": "SQL must contain CREATE or ALTER PROCEDURE statement"})
 
-    if READONLY_MODE:
-        return format_result({"success": False, "error": "Write operations are disabled in read-only mode."})
+    if not is_ddl_allowed():
+        return format_result({"success": False, "error": "DDL operations (ALTER PROCEDURE) are disabled by configuration."})
 
     safe_db_name = "".join(c for c in database_name if c.isalnum() or c in "_-")
 

mssql_agent_mcp/utils.py

@@ -7,27 +7,36 @@ import struct
 import pyodbc
 import sqlparse
 
-from .config import BLOCKED_STATEMENT_TYPES, DB_CONFIG, READONLY_MODE
+from .config import DB_CONFIG, get_blocked_statements, is_readonly
 
 
 def validate_query(sql: str) -> tuple[bool, str]:
-    """Validate SQL query against readonly restrictions."""
-    if not READONLY_MODE:
+    """Validate SQL query against permission restrictions."""
+    blocked_statements = get_blocked_statements()
+
+    # If nothing is blocked, allow all queries
+    if not blocked_statements:
         return True, ""
 
     try:
         parsed = sqlparse.parse(sql)
         for statement in parsed:
             stmt_type = statement.get_type()
-            if stmt_type and stmt_type.upper() in BLOCKED_STATEMENT_TYPES:
-                return False, f"Blocked: {stmt_type} statements are not allowed in read-only mode."
+            if stmt_type and stmt_type.upper() in blocked_statements:
+                if is_readonly():
+                    return False, f"Blocked: {stmt_type} statements are not allowed in read-only mode."
+                else:
+                    return False, f"Blocked: {stmt_type} statements are disabled by configuration."
 
             tokens = [t for t in statement.tokens if not t.is_whitespace]
             if tokens:
                 first_token = str(tokens[0]).upper().strip()
-                for blocked in BLOCKED_STATEMENT_TYPES:
+                for blocked in blocked_statements:
                     if first_token.startswith(blocked):
-                        return False, f"Blocked: {blocked} statements are not allowed in read-only mode."
+                        if is_readonly():
+                            return False, f"Blocked: {blocked} statements are not allowed in read-only mode."
+                        else:
+                            return False, f"Blocked: {blocked} statements are disabled by configuration."
     except Exception as e:
         return False, f"Query validation failed: {str(e)}"
 

{mssql_agent_mcp-1.0.0.dist-info → mssql_agent_mcp-1.1.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mssql-agent-mcp
-Version: 1.0.0
+Version: 1.1.0
 Summary: MCP server for Microsoft SQL Server with SQL Agent job management and stored procedure version control
 Project-URL: Homepage, https://github.com/yyinhsu/mssql-agent-mcp
 Project-URL: Repository, https://github.com/yyinhsu/mssql-agent-mcp
@@ -37,6 +37,10 @@ Description-Content-Type: text/markdown
 
 # MSSQL Agent MCP
 
+[![PyPI version](https://badge.fury.io/py/mssql-agent-mcp.svg)](https://badge.fury.io/py/mssql-agent-mcp)
+[![Python](https://img.shields.io/pypi/pyversions/mssql-agent-mcp.svg)](https://pypi.org/project/mssql-agent-mcp/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
 A Model Context Protocol (MCP) server that provides tools for interacting with Microsoft SQL Server databases and managing SQL Server Agent Jobs.
 Beyond basic database query functionality, this server supports managing stored procedures and SQL Server Agent jobs as code. Users can easily export, edit, and update these objects, and integrate them into version control systems.
 
@@ -329,7 +333,9 @@ Download and install from [Microsoft ODBC Driver for SQL Server](https://docs.mi
 
 ## Installation
 
-### Using pip
+This package is available on [PyPI](https://pypi.org/project/mssql-agent-mcp/).
+
+### Using pip (Recommended)
 
 ```bash
 pip install mssql-agent-mcp
@@ -341,9 +347,16 @@ pip install mssql-agent-mcp
 pip install mssql-agent-mcp[azure]
 ```
 
+### Using uvx (No Installation Required)
+
+```bash
+uvx mssql-agent-mcp
+```
+
 ### Development Installation
 
 ```bash
+git clone https://github.com/yyinhsu/mssql-agent-mcp.git
 cd mssql-agent-mcp
 pip install -e .
 ```
@@ -366,6 +379,40 @@ MSSQL_READONLY=true
 MSSQL_READONLY=false
 ```
 
+### Granular Permission Control
+
+When `MSSQL_READONLY=false`, you can further control which operations are allowed using these environment variables:
+
+| Variable | Default | Controls |
+|----------|---------|----------|
+| `MSSQL_ALLOW_INSERT` | `true` | INSERT, MERGE statements |
+| `MSSQL_ALLOW_UPDATE` | `true` | UPDATE statements |
+| `MSSQL_ALLOW_DELETE` | `true` | DELETE, TRUNCATE statements |
+| `MSSQL_ALLOW_DDL` | `true` | CREATE, ALTER, DROP, GRANT, REVOKE, DENY |
+| `MSSQL_ALLOW_EXEC` | `true` | EXEC, EXECUTE (also controls job step updates) |
+
+**Example: Allow only SELECT and INSERT:**
+```env
+MSSQL_READONLY=false
+MSSQL_ALLOW_INSERT=true
+MSSQL_ALLOW_UPDATE=false
+MSSQL_ALLOW_DELETE=false
+MSSQL_ALLOW_DDL=false
+MSSQL_ALLOW_EXEC=false
+```
+
+**Example: Allow data modifications but block schema changes:**
+```env
+MSSQL_READONLY=false
+MSSQL_ALLOW_INSERT=true
+MSSQL_ALLOW_UPDATE=true
+MSSQL_ALLOW_DELETE=true
+MSSQL_ALLOW_DDL=false
+MSSQL_ALLOW_EXEC=false
+```
+
+> **Note**: These granular settings only take effect when `MSSQL_READONLY=false`. When `MSSQL_READONLY=true`, all write operations are blocked regardless of other settings.
+
 ### Environment Variables
 
 | Variable | Default | Description |
@@ -379,7 +426,12 @@ MSSQL_READONLY=false
 | `MSSQL_ENCRYPT` | `yes` | Connection encryption (`yes`/`no`) |
 | `MSSQL_TRUST_SERVER_CERTIFICATE` | `no` | Trust self-signed certificates (`yes`/`no`) |
 | `MSSQL_AUTH_MODE` | `sql` | Authentication mode: `sql`, `windows`, or `azure` |
-| `MSSQL_READONLY` | `true` | Block write operations (`true`/`false`) |
+| `MSSQL_READONLY` | `true` | Block all write operations (`true`/`false`) |
+| `MSSQL_ALLOW_INSERT` | `true` | Allow INSERT/MERGE (when not readonly) |
+| `MSSQL_ALLOW_UPDATE` | `true` | Allow UPDATE (when not readonly) |
+| `MSSQL_ALLOW_DELETE` | `true` | Allow DELETE/TRUNCATE (when not readonly) |
+| `MSSQL_ALLOW_DDL` | `true` | Allow DDL operations (when not readonly) |
+| `MSSQL_ALLOW_EXEC` | `true` | Allow EXEC/EXECUTE (when not readonly) | |
 
 ### Authentication Modes
 
@@ -440,28 +492,26 @@ Add to your Claude Desktop configuration file:
 {
   "mcpServers": {
     "mssql": {
-      "command": "python",
-      "args": ["-m", "mssql_mcp.server"],
-      "cwd": "/path/to/eagle_eye_sql_agent_job/mssql_db_mcp/src",
+      "command": "mssql-agent-mcp",
       "env": {
         "MSSQL_SERVER": "localhost",
         "MSSQL_DATABASE": "your_database",
         "MSSQL_USER": "your_username",
-        "MSSQL_PASSWORD": "your_password",
-        "MSSQL_PORT": "1433"
+        "MSSQL_PASSWORD": "your_password"
       }
     }
   }
 }
 ```
 
-Or if installed as a package:
+Or using uvx (no installation required):
 
 ```json
 {
   "mcpServers": {
     "mssql": {
-      "command": "mssql-agent-mcp",
+      "command": "uvx",
+      "args": ["mssql-agent-mcp"],
       "env": {
         "MSSQL_SERVER": "localhost",
         "MSSQL_DATABASE": "your_database",
@@ -481,9 +531,26 @@ Add to your VS Code MCP configuration (`.vscode/mcp.json`):
 {
   "servers": {
     "mssql": {
-      "command": "python",
-      "args": ["-m", "mssql_mcp.server"],
-      "cwd": "${workspaceFolder}/mssql_db_mcp/src",
+      "command": "mssql-agent-mcp",
+      "env": {
+        "MSSQL_SERVER": "localhost",
+        "MSSQL_DATABASE": "your_database",
+        "MSSQL_USER": "your_username",
+        "MSSQL_PASSWORD": "your_password"
+      }
+    }
+  }
+}
+```
+
+Or using uvx:
+
+```json
+{
+  "servers": {
+    "mssql": {
+      "command": "uvx",
+      "args": ["mssql-agent-mcp"],
       "env": {
         "MSSQL_SERVER": "localhost",
         "MSSQL_DATABASE": "your_database",

mssql_agent_mcp-1.1.0.dist-info/RECORD

@@ -0,0 +1,14 @@
+mssql_agent_mcp/__init__.py,sha256=MfmrU93VrH_hW9q2jUMDS2ZAVlWCNgtsFU7EYmNv2zg,238
+mssql_agent_mcp/__main__.py,sha256=_Er170jrffogRV4UfASEsoITnb4yNZW3Z9pSkQaE7YY,129
+mssql_agent_mcp/config.py,sha256=PhddzuTEVHeFYCBg0FmRL615BxVUnXsYDpE6jRSHMNQ,3728
+mssql_agent_mcp/server.py,sha256=jneped9wQ0Awp1VAB9n5da6ppfnJXajSgUXHS-WzX18,1992
+mssql_agent_mcp/utils.py,sha256=5ol1KOiK_Kc-LetwoYovYTuYTVqb_80W34gD1pWzfg8,4840
+mssql_agent_mcp/tools/__init__.py,sha256=2qVsw2nYKa0KnbVQxBhwJVQ_chWyqHxqA62fyo1wGZU,1272
+mssql_agent_mcp/tools/database.py,sha256=Atx_ufTXLU55-YLTGIKZ6annEC2taljxjZcjQakmMz0,7351
+mssql_agent_mcp/tools/jobs.py,sha256=p92P-OeX9iuhxVoYRADR7WoAN-acQni4uJWDfiz6OUg,26713
+mssql_agent_mcp/tools/procedures.py,sha256=k2GVBEmXEITRJgHr-n6nURX0k_RGgnmXZEr14_Tr-g8,14433
+mssql_agent_mcp-1.1.0.dist-info/METADATA,sha256=y5yzbG6kuimutcx9ERslnECpD4JkLQdICm2lpbVpYCQ,20647
+mssql_agent_mcp-1.1.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+mssql_agent_mcp-1.1.0.dist-info/entry_points.txt,sha256=u6w8znCIeZxC6bnBRGqtbE4JTVZ822eX0bW2uF38MuU,64
+mssql_agent_mcp-1.1.0.dist-info/licenses/LICENSE,sha256=JD9Y1eaSlUIIYz8SZDUVAa6pe7wH6aNF87PlbavycNI,1063
+mssql_agent_mcp-1.1.0.dist-info/RECORD,,

mssql_agent_mcp-1.0.0.dist-info/RECORD

@@ -1,14 +0,0 @@
-mssql_agent_mcp/__init__.py,sha256=MfmrU93VrH_hW9q2jUMDS2ZAVlWCNgtsFU7EYmNv2zg,238
-mssql_agent_mcp/__main__.py,sha256=_Er170jrffogRV4UfASEsoITnb4yNZW3Z9pSkQaE7YY,129
-mssql_agent_mcp/config.py,sha256=tIAKUwrF40R6lZWpgoDyP2ueHcBIdcTdF2yKOLusLKY,1001
-mssql_agent_mcp/server.py,sha256=jneped9wQ0Awp1VAB9n5da6ppfnJXajSgUXHS-WzX18,1992
-mssql_agent_mcp/utils.py,sha256=HnQnOy2XZWmf-Huw__cvUdFcB8LVmBl9Vjos-tCejAU,4406
-mssql_agent_mcp/tools/__init__.py,sha256=2qVsw2nYKa0KnbVQxBhwJVQ_chWyqHxqA62fyo1wGZU,1272
-mssql_agent_mcp/tools/database.py,sha256=Rj1ESc88UOguc_-AxyqUtjoIqFgiLW8uZG0UgcfvRy4,7349
-mssql_agent_mcp/tools/jobs.py,sha256=f-WsuWX_LsNNSQ9oLzD8ay-OYCrop-uMypksIwS-_tk,26699
-mssql_agent_mcp/tools/procedures.py,sha256=WAPg2BKMiOBso4_H8tAE1f7wI8IiOID3vdHf3dh2MAk,14410
-mssql_agent_mcp-1.0.0.dist-info/METADATA,sha256=LklUZR_77LCi9SjcbIkyaLtcG_qCoQlVVaU8Id3_Ch8,18443
-mssql_agent_mcp-1.0.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-mssql_agent_mcp-1.0.0.dist-info/entry_points.txt,sha256=u6w8znCIeZxC6bnBRGqtbE4JTVZ822eX0bW2uF38MuU,64
-mssql_agent_mcp-1.0.0.dist-info/licenses/LICENSE,sha256=JD9Y1eaSlUIIYz8SZDUVAa6pe7wH6aNF87PlbavycNI,1063
-mssql_agent_mcp-1.0.0.dist-info/RECORD,,