narekmalk/safedb-mcp
FreeNot checkedSecure MCP server for safe, read-only DB access by AI agents, with SQL guardrails, table allowlists, PII masking, and audit logs.
About
Secure MCP server for safe, read-only DB access by AI agents, with SQL guardrails, table allowlists, PII masking, and audit logs.
README
CI npm version safedb-mcp MCP server
SafeDB MCP is a secure Model Context Protocol server that lets AI agents inspect and query Postgres, MySQL, MariaDB, and SQLite with strict read-only guardrails. It is designed for teams that want useful database access without handing an agent unrestricted production credentials.
Direct database credentials are dangerous for agents because a single bad prompt, tool call, or generated SQL statement can mutate data, exfiltrate sensitive columns, or run expensive queries. SafeDB MCP puts a policy layer between the agent and your database: only configured schemas and tables are visible, SQL is parsed and validated before execution, row counts are capped, results are masked, and every query attempt is audited.
This project is an MVP. It prefers false positives and blocked queries over unsafe access, and it does not claim perfect SQL security.
Features
- MCP tools:
list_schemas,list_tables,describe_table,run_readonly_query,explain_query,get_safedb_policy - Postgres support through
pg - MySQL and MariaDB support through
mysql2 - SQLite file support through
sql.js - YAML or JSON config with environment expansion
- AST-backed read-only SQL guardrails for
SELECT,WITH ... SELECT,UNION, andEXPLAIN SELECT - Table detection through joins, CTEs, nested subqueries, aliases, and unions
- Column projection checks that block masked fields selected through aliases or expressions
- Configurable table allowlists, denylists, row limits, and statement timeout
- PII masking:
redact,email,partial, and deterministichash - JSONL audit log with no raw result data
- CLI binary:
safedb-mcp - TypeScript, Vitest, ESLint, Prettier
Quickstart
npx @safedb/safedb-mcp init --output safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx @safedb/safedb-mcp validate-config --config safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx @safedb/safedb-mcp test-connection --config safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx @safedb/safedb-mcp --config safedb.yaml
Use a dedicated database role with read-only permissions. SafeDB MCP is a defense-in-depth layer, not a replacement for least-privilege database credentials.
Docker
A Docker image packages SafeDB MCP with Node.js and its production dependencies so it can run the same way on any host with Docker.
Build the image locally:
docker build -t safedb-mcp .
Run the MCP server with a mounted config file:
docker run --rm -i \
-e DATABASE_URL=postgres://readonly:[email protected]:5432/app \
-v "$PWD/safedb.yaml:/config/safedb.yaml:ro" \
safedb-mcp
Pass CLI commands after the image name:
docker run --rm \
-e DATABASE_URL=postgres://readonly:[email protected]:5432/app \
-v "$PWD/safedb.yaml:/config/safedb.yaml:ro" \
safedb-mcp --config /config/safedb.yaml validate-config
Example Config
database:
type: postgres
url: ${DATABASE_URL}
safety:
default_limit: 100
max_limit: 1000
statement_timeout_ms: 5000
allow_explain: true
access:
schemas:
public:
allow_tables:
- users
- orders
- products
deny_tables:
- secrets
column_masks:
users.email: email
users.phone: partial
users.password_hash: redact
users.ssn: redact
audit:
path: safedb-audit.jsonl
For MySQL or MariaDB, set database.type and use the database name as the access schema:
database:
type: mysql
url: ${DATABASE_URL}
access:
schemas:
app:
allow_tables:
- users
- orders
deny_tables:
- secrets
For SQLite, set database.type to sqlite, point database.path at the .db file, and use main as the access schema:
database:
type: sqlite
path: ./app.db
access:
schemas:
main:
allow_tables:
- users
- orders
deny_tables:
- secrets
MCP Client Config
Claude Desktop:
{
"mcpServers": {
"safedb": {
"command": "safedb-mcp",
"args": ["--config", "/absolute/path/to/safedb.yaml"],
"env": {
"DATABASE_URL": "postgres://readonly:password@localhost:5432/app"
}
}
}
}
Cursor or Hermes-style MCP config:
{
"servers": {
"safedb": {
"command": "safedb-mcp",
"args": ["--config", "/absolute/path/to/safedb.yaml"],
"env": {
"DATABASE_URL": "postgres://readonly:password@localhost:5432/app"
}
}
}
}
Security Guarantees
SafeDB MCP aims to guarantee that:
- Only configured schemas and tables are inspectable or queryable through the MCP tools.
- SQL is parsed before execution, and mutating statement types or multiple statements are blocked.
- Table access policy is checked against real tables found through joins, CTEs, nested subqueries, aliases, and unions.
- Masked columns cannot be selected through aliases or expressions that would bypass response masking.
- Query execution happens inside a read-only transaction with a local statement timeout where the driver supports it.
- Returned rows are capped by an outer
LIMIT. - Configured PII fields are masked before tool responses are returned.
- Audit logs record attempts, decisions, detected tables, row counts, and duration without logging raw result rows.
- Passwords and secrets are not intentionally logged.
Non-Goals
- Formal proof of query safety.
- Support for every valid dialect-specific read-only SQL construct.
- Write operations, migrations, stored procedure execution, or
COPY.
Development
npm install
npm run build
npm test
npm run lint
Roadmap
- Per-tool and per-table rate limits.
- Optional OpenTelemetry traces.
- Signed audit logs.
- Published Docker image and Helm chart.
License
MIT
Install narekmalk/safedb-mcp in Claude Desktop, Claude Code & Cursor
unyly install narekmalk-safedb-mcpInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add narekmalk-safedb-mcp -- npx -y @safedb/safedb-mcpFAQ
Is narekmalk/safedb-mcp MCP free?
Yes, narekmalk/safedb-mcp MCP is free — one-click install via Unyly at no cost.
Does narekmalk/safedb-mcp need an API key?
No, narekmalk/safedb-mcp runs without API keys or environment variables.
Is narekmalk/safedb-mcp hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install narekmalk/safedb-mcp in Claude Desktop, Claude Code or Cursor?
Open narekmalk/safedb-mcp on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
wenb1n-dev/SmartDB_MCP
A universal database MCP server supporting simultaneous connections to multiple databases. It provides tools for database operations, health analysis, SQL optim
by wenb1n-devPostgres Server
This server enables interaction with PostgreSQL databases through the Model Context Protocol, optimized for the AWS Bedrock AgentCore Runtime. It provides tools
by madhurprashPostgres
Query your database in natural language
by AnthropicPostgreSQL
Read-only database access with schema inspection.
by modelcontextprotocolCompare narekmalk/safedb-mcp with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All data MCPs
