MCPQL

Instructions

Implementation Reference

• src/tools/securityOperations.ts:7-41 (handler)

  The primary handler function that executes the mcp_get_security_status tool logic. It retrieves the security status using getSecurityStatus(), formats it with environment variables and configuration guides, and returns a ToolResult.
  export const mcp_get_security_status = async (): Promise<ToolResult<any>> => { console.log('Executing mcp_get_security_status'); try { const status = getSecurityStatus(); const result = { security_configuration: { modifications_enabled: status.modifications_enabled, stored_procedures_enabled: status.stored_procedures_enabled, security_level: status.security_level }, environment_variables: { DB_ALLOW_MODIFICATIONS: process.env.DB_ALLOW_MODIFICATIONS || 'not set (defaults to false)', DB_ALLOW_STORED_PROCEDURES: process.env.DB_ALLOW_STORED_PROCEDURES || 'not set (defaults to false)' }, recommendations: status.recommendations, configuration_guide: { enable_modifications: 'Set DB_ALLOW_MODIFICATIONS=true in your environment', enable_stored_procedures: 'Set DB_ALLOW_STORED_PROCEDURES=true in your environment', security_best_practices: [ 'Keep modifications disabled in production environments', 'Only enable stored procedures when necessary', 'Review all queries before execution in production', 'Use read-only database users when possible' ] } }; return { success: true, data: result }; } catch (error: any) { console.error('Error in mcp_get_security_status:', error.message); return { success: false, error: error.message }; } };
• src/tools.ts:214-222 (registration)

  Registration of the mcp_get_security_status tool in the MCP_MSQL_TOOLS array, including its description and input schema (no parameters required). This defines the tool for the MCP server.
  { name: "mcp_get_security_status", description: "Get current security configuration and status for database operations", inputSchema: { type: "object", properties: {}, required: [] } }
• src/tools.ts:217-221 (schema)

  Input schema definition for the tool, specifying no required parameters.
  inputSchema: { type: "object", properties: {}, required: [] }
• src/security.ts:125-159 (helper)

  Core helper function getSecurityStatus() that provides the security configuration status, level, and recommendations based on environment variables. Used by the tool handler.
  export function getSecurityStatus(): { modifications_enabled: boolean; stored_procedures_enabled: boolean; security_level: string; recommendations: string[]; } { const modifications = SECURITY_CONFIG.ALLOW_MODIFICATIONS; const storedProcs = SECURITY_CONFIG.ALLOW_STORED_PROCEDURES; let securityLevel = 'MAXIMUM'; let recommendations: string[] = []; if (modifications && storedProcs) { securityLevel = 'LOW'; recommendations.push('[!] Consider disabling modifications in production'); recommendations.push('[!] Consider disabling stored procedures in production'); } else if (modifications || storedProcs) { securityLevel = 'MEDIUM'; if (modifications) { recommendations.push('[!] Modifications are enabled - use with caution'); } if (storedProcs) { recommendations.push('[!] Stored procedures are enabled - use with caution'); } } else { recommendations.push('[OK] Optimal security configuration for production'); } return { modifications_enabled: modifications, stored_procedures_enabled: storedProcs, security_level: securityLevel, recommendations }; }
• src/security.ts:12-15 (helper)

  SECURITY_CONFIG constant that parses environment variables for modification and stored procedure allowances, foundational to the security status.
  export const SECURITY_CONFIG = { ALLOW_MODIFICATIONS: parseBoolean(process.env.DB_ALLOW_MODIFICATIONS, false), ALLOW_STORED_PROCEDURES: parseBoolean(process.env.DB_ALLOW_STORED_PROCEDURES, false) };