MySQL MCP Server

# mysql-mcp v3.0.0 Release Notes ## 🚀 Major Release — February 26, 2026 **mysql-mcp v3.0.0** is a landmark release delivering **Code Mode with worker-thread sandbox isolation**, **OAuth 2.1 authentication**, **deterministic error handling** across all 192 tools, and hundreds of bug fixes and security hardening improvements. ### ✨ Highlights #### Code Mode (`mysql_execute_code`) New sandboxed code execution tool enabling AI agents to compose multi-step MySQL workflows as JavaScript/TypeScript code. Features: - **Worker-thread isolation** — separate V8 isolate via `worker_threads` with `MessagePort` RPC bridge - **Readonly enforcement** — write methods return structured errors when `readonly: true` - **Memory limits** — enforced `resourceLimits` (`maxOldGenerationSizeMb`, `maxYoungGenerationSizeMb`) - **Full API access** — all 24 tool groups available via `mysql.*` namespace - **Auto-injection** — `mysql_execute_code` included in all tool filter presets #### OAuth 2.1 + Configurable Server Host - HTTP/SSE transport with `--server-host` / `MCP_HOST` binding configuration - RFC 9728/8414 compliance with granular scopes (`read`, `write`, `admin`, `full`, `db:*`, `table:*:*`) #### Deterministic Error Handling Every tool now returns structured `{success, error}` responses — no raw exceptions, no silent failures. Agents get actionable context instead of cryptic MySQL error codes. #### Parameter Aliases (Split Schema Pattern) Tools accept alternative parameter names automatically normalized via Zod schema preprocessing: `table`/`tableName`/`name`, `query`/`sql`, `where`/`filter`, `column`/`col`. ### 🔒 Security - **Worker sandbox API bridge** — `MessagePort`-based RPC for Code Mode isolation - **Code Mode readonly enforcement** — write tools blocked when `readonly: true` - **SQL injection fixes** — `mysql_doc_find` filter, `mysql_create_schema` charset/collation, `mysql_security_user_privileges` identifier quoting - **ProxySQL credential redaction** — variables containing `password`/`credentials` auto-redacted - **CVE patches** — `hono` timing comparison (GHSA-gq3j-xvxp-8hrf), `rollup` path traversal (GHSA-mw96-cpmx-2vgc), `ajv` ReDoS (GHSA-2g4f-4pwh-qvx6), `qs` arrayLimit bypass (GHSA-w7fw-mjwx-w883), `tar` path traversal (CVE-2026-26960) - **HTTP security headers** — HSTS, Referrer-Policy, Permissions-Policy - **Sandbox pattern hardening** — bracket-notation constructor access and `Reflect.construct` bypass detection ### ⚡ Performance - **Cache invalidation after DDL** — `clearSchemaCache()` on 14 DDL handlers across 7 files - **Parallelized queries** — `SchemaManager.describeTable()` and 8 resource handlers use `Promise.all()` - **Test suite parallelism** — 4 workers, ~37s total runtime (44% faster) ### 💔 Breaking Changes - **`proxysql_hostgroups` removed** — use `proxysql_connection_pool` (with `hostgroup_id` filtering) instead. Tool count: 193 → 192 - **`reason` → `error` field normalization** — all `{success: false}` error responses use `error` field; `reason` reserved for informational `{success: true, skipped: true}` responses - **`mysql_drop_table` default** — `ifExists` default changed from `true` to `false` - **`mysql2` 3.18.0 type** — adjusted `QueryValues` type constraint on `execute()`/`query()` ### 📦 Dependencies - `@modelcontextprotocol/sdk`: 1.26.0 → 1.27.1 - `@types/node`: 25.2.3 → 25.3.1 - `eslint`: 10.0.0 → 10.0.2 - `mysql2`: 3.17.2 → 3.18.1 - `typescript-eslint`: 8.56.0 → 8.56.1 ### 🏗️ Infrastructure - **Default branch** renamed from `master` to `main` - **`.gitattributes`** — enforces LF line endings with CRLF exceptions for Windows scripts - **Vitest JSON reporter** — `test-results.json` output for agent consumption --- ### Installation ```bash # NPM npm install -g @neverinfamous/mysql-mcp@3.0.0 # Docker docker pull writenotenow/mysql-mcp:v3.0.0 ``` **Full Changelog:** [v2.3.1...v3.0.0](https://github.com/neverinfamous/mysql-mcp/compare/v2.3.1...v3.0.0)