A
securityF
licenseA
qualityAn MCP server that allows AI models to execute system commands on local machines or remote hosts via SSH, supporting persistent sessions and environment variables.
Last updated -
1
12
24
The SentryFrogg MCP Server is a Node.js-based command plane that provides secure, auditable management of PostgreSQL databases, SSH connections, and HTTP APIs through MCP-compatible agents.
Core Capabilities:
PostgreSQL Management: Execute parameterized SQL queries, perform CRUD operations, discover database catalogs, and manage connection profiles with TLS support and connection profiling
SSH Operations: Securely execute commands on remote servers with sequential execution enforcement, system information retrieval, and reachability diagnostics
HTTP API Access: Perform RESTful operations (GET, POST, PUT, DELETE, PATCH) with JSON payloads, programmable headers, and bearer token authentication
Encrypted Profile Management: AES-256 encrypted storage of connection profiles with secure key lifecycle and rotation capabilities
Enterprise Security: Input validation, payload size limits, SQL injection protection, command sanitization, and comprehensive audit trail logging
Telemetry & Monitoring: Tool-level statistics generation and timestamped event capture for SIEM platforms and monitoring stack integration
The server enforces enterprise-grade security through encrypted credential storage, governance controls, and robust input validation while maintaining full auditability for compliance requirements.
Allows cloning of repositories as part of the installation process, with specific instructions for repository management in the setup documentation.
Enables execution of Node.js applications through the MCP server architecture, with version 16+ support as indicated in the documentation badges.
Provides comprehensive database management capabilities including connection profile setup, executing SQL queries, listing tables, describing table structures, and performing CRUD operations on data with built-in protection against SQL injection.
SentryFrogg MCP Server v4.2.0
Document Profile
Field | Value |
Product | SentryFrogg MCP Server |
Version | 4.2.0 |
Runtime | Node.js ≥ 16 |
Interfaces | Model Context Protocol (PostgreSQL · SSH · HTTP) |
License | MIT |
Executive Synopsis
SentryFrogg MCP Server supplies a governed command plane for MCP-compatible agents that operate data platforms, remote shells and web services. The implementation prioritises deterministic behaviour, encrypted credential storage and prescriptive workflows so that autonomous agents can execute infrastructure tasks with enterprise auditability.
Functional Surface
Capability | Detail |
PostgreSQL control | Parameterised SQL, catalog discovery, CRUD helpers, mutual TLS, connection profiling. |
SSH execution | Serial command dispatch per profile, password/key authentication, reachability diagnostics. |
HTTP access | REST verbs with JSON payloads, health checks, programmable headers and bearer tokens. |
Secret vault | AES-256 encrypted profiles persisted in
with managed key material. |
Telemetry | Tool-level statistics via
for integration with monitoring stacks. |
System Components
Component | Scope |
| MCP entry point, tool catalogue, lifecycle supervision. |
| Service registration, dependency wiring, resource cleanup. |
| SQL execution, profile validation, TLS configuration, pool management. |
| SSH sessions, sequential execution enforcement, profile hygiene. |
| HTTP invocation, header synthesis, response shaping. |
| Encrypted persistence and retrieval of profile objects. |
| Key lifecycle, cryptographic primitives, payload size guards. |
| Canonical validation for incoming payloads. |
MCP Tools
mcp_psql_manager
Attribute | Specification |
Required flow |
→ downstream action using same
. |
Actions |
,
,
,
,
,
,
,
,
,
. |
Credentials | Either discrete fields (
,
,
,
,
) or
. |
TLS options |
,
,
,
,
,
,
; omitted values reuse stored secrets. |
Query rules |
injects
when absent; bind variables supplied via
array (
,
, ...). |
Response format | JSON with
,
,
,
,
; failures raise MCP internal errors. |
Rejection triggers | Missing profile, malformed SQL, payload limits exceeded, invalid TLS configuration. |
mcp_ssh_manager
Attribute | Specification |
Required flow |
(password or PEM
, optional
) → operational action. |
Actions |
,
,
,
,
. |
Execution model | Commands trimmed and length-limited; pipes/redirects permitted; per-profile execution is strictly sequential. |
Outputs | JSON containing
,
,
,
,
; errors propagate as MCP internal errors. |
Security posture | Secrets encrypted at rest; no templating—agents must supply fully qualified commands. |
mcp_api_client
Attribute | Specification |
Actions |
,
,
,
,
,
. |
Inputs |
(required),
(JSON body for mutating verbs),
(string map),
(prefixed into
unless already set). |
Behaviour | Local and private addresses allowed; HTTP status/body returned in structured JSON; transport or parsing failures emit MCP internal errors. |
Profile Lifecycle
Invoke
setup_profileto persist credentials and TLS artefacts; secrets encrypt with AES-256 using.mcp_profiles.key(0600permissions).Reference the same
profile_namefor subsequent operations; omitted sensitive fields inherit stored encrypted values.Rotate credentials by reissuing
setup_profile; the latest payload supersedes previous entries.Audit existing profiles via
list_profiles; responses never disclose secrets.Retire unused profiles by editing
profiles.jsonunder change control.
TLS Configuration Guidance
Prefer embedding
sslmodedirectives inconnection_url; explicit payload fields override URL parameters.Keep
ssl_reject_unauthorizedattrueunless communicating with trusted self-signed endpoints.Provide
ssl_servernamewhenever certificate CN/SAN mismatches the host.Supply PEM blocks as single-line strings using
\nescape sequences; leading/trailing spaces are disallowed.ssl_passphrasemust be non-empty if provided; omit otherwise.
Installation and Operations
Task | Command |
Clone and install |
|
Syntax check |
|
Launch (stdio) |
|
Update dependencies |
(subject to governance) |
Reset profile store | Remove
after confirming backups |
Security & Compliance
Encryption key lifecycle:
.mcp_profiles.keygenerated on first run; override viaENCRYPTION_KEYfor coordinated environments.Secret exposure: MCP responses never include decrypted values; rotation requires explicit
setup_profile.Input governance: SQL statements, SSH commands and HTTP payloads are length-limited; oversized inputs are rejected pre-execution.
Audit trail: stderr logging captures timestamped events per tool to support collection by SIEM platforms.
Dependency governance: locked versions of
pg,ssh2,node-fetch,@modelcontextprotocol/sdk; monitor advisories for patch cadence.
Troubleshooting Matrix
Symptom | Diagnostic Actions | Remediation |
PostgreSQL TLS failure | Inspect
,
, certificate chain, Postgres logs. | Update TLS materials; rerun
. |
SSH command hang | Validate command length, ensure non-interactive execution, check remote prompts. | Adjust command or script; rerun
if credentials changed. |
HTTP error response | Review returned status/body, verify
and
. | Correct payload; retry request. |
Missing profile | Execute
to confirm presence; ensure consistent
. | Recreate via
. |
Change History Reference
Consult CHANGELOG.md for a dated record of functional and operational updates, including TLS support and renaming.
Contribution & Support
Submit changes through pull requests accompanied by verification evidence (
npm run check).Never commit
.mcp_profiles.keyor environment-specific secrets.Use maintainer contact information in
package.jsonfor escalation or integration assistance.
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A universal MCP server that enables AI agents to securely manage PostgreSQL databases, make API requests, and execute SSH commands with features for database analysis, schema editing, and data operations.
Related MCP Servers
- -securityFlicense-qualityPG-MCP is an HTTP server implementation that enables AI systems to interact with PostgreSQL databases via MCP, providing tools for querying, connecting to multiple databases, and exploring schema resources. The system enriches context by extracting table/column description from database catalogs.Last updated -24
- AsecurityAlicenseAqualityAn open-source MCP server that connects to various data sources (SQL databases, CSV, Parquet files), allowing AI models to execute SQL queries and generate data visualizations for analytics and business intelligence.Last updated -959MIT License
- AsecurityAlicenseAqualityA blazing fast MCP server that enables AI agents to interact with multiple PostgreSQL databases, providing functionality to list tables, inspect schemas, execute queries, and run transactions.Last updated -481MIT License