Uses environment variables for configuration of database connections and server settings.
Uses Jest for comprehensive testing of schema validation and core database functionality.
Runs on Node.js platform to provide SQL Server connectivity and database operations via MCP protocol.
Recommended package manager for installing and managing dependencies of the MCP server.
Provides type safety and TypeScript implementation for database operations through the MCP server.
Utilizes Zod for runtime type validation of database queries and parameters.
SQL Server MCP Service
A secure and robust Model Context Protocol (MCP) service for executing SQL Server queries via MCP protocol. This service provides a safe way to interact with SQL Server databases while preventing destructive operations and SQL injection attacks.
🚀 Features
- 🔒 Secure Query Execution: Built-in protection against SQL injection and destructive operations
- 📊 Schema Discovery: Get table, function, and procedure schemas and database information
- 🛠️ Multiple Tools: 9 specialized tools for different database operations
- ⚡ High Performance: Connection pooling for efficient database operations
- 🔧 TypeScript Support: Full TypeScript implementation with type safety
- 🧪 Comprehensive Testing: Jest-based test suite for reliability
🛠️ Available Tools
1. execute_query
Executes safe SQL queries with parameter support.
Parameters:
query
(string, required): The SQL query to executeparameters
(object, optional): Query parameters for prepared statements
Example:
2. get_table_schema
Retrieves detailed column information for a specific table.
Parameters:
tableName
(string, required): Name of the tableschemaName
(string, optional): Schema name (default: "dbo")
Example:
3. list_tables
Lists all tables in the database with optional schema filtering.
Parameters:
schemaName
(string, optional): Filter tables by specific schema
Example:
4. get_database_info
Retrieves general database information (name, version, edition, etc.).
Parameters: None
5. list_procedures
Lists all stored procedures in the database, optionally filtered by schema.
Parameters:
schemaName
(string, optional): Filter procedures by schema
Example:
6. list_functions
Lists all functions (scalar and table-valued) in the database, optionally filtered by schema and function type.
Parameters:
schemaName
(string, optional): Filter functions by schemafunctionType
(string, optional): 'SCALAR' or 'TABLE'
Example:
7. get_procedure_schema
Gets the schema and parameters of a specific stored procedure.
Parameters:
procedureName
(string, required): Name of the procedureschemaName
(string, optional): Schema name (default: "dbo")
Example:
8. get_function_schema
Gets the schema and parameters of a specific function.
Parameters:
functionName
(string, required): Name of the functionschemaName
(string, optional): Schema name (default: "dbo")
Example:
9. execute_procedure
Executes a stored procedure with parameters.
Parameters:
procedureName
(string, required): Name of the procedureparameters
(object, optional): Procedure parametersschemaName
(string, optional): Schema name (default: "dbo")
Example:
📦 Installation
Prerequisites
- Node.js >= 20.0.0
- SQL Server instance
- pnpm (recommended)
Install Dependencies
⚙️ Configuration
- Copy Environment Template
- Configure Environment Variables
Variable | Description | Default |
---|---|---|
HTTP_PORT | HTTP server port | 3333 |
NODE_ENV | Node environment (development /production ) | development |
ORIGIN | Allowed CORS origins (comma-separated) | - |
SQL_SERVER | SQL Server hostname/IP | localhost |
SQL_DATABASE | Database name | master |
SQL_USER | Database username | - |
SQL_PASSWORD | Database password | - |
SQL_PORT | SQL Server port | 1433 |
SQL_ENCRYPT | Enable encryption | true |
SQL_TRUST_CERT | Trust server certificate | false |
Example .env:
🚀 Usage
Start HTTP Server (Recommended)
Build for Production
Running Tests
🔒 Security Features
Query Validation
The service automatically blocks potentially destructive operations:
- ❌
DROP TABLE
- ❌
DELETE FROM
- ❌
TRUNCATE TABLE
- ❌
INSERT INTO
- ❌
UPDATE
- ❌
CREATE TABLE
- ❌
ALTER TABLE
- ❌ Stored procedures (
sp_
,xp_
) - ❌ SQL injection patterns
- ❌ Comments (
--
,/* */
)
Allowed Operations
- ✅
SELECT
queries - ✅
WITH
clauses (CTEs) - ✅
SHOW
commands - ✅
DESCRIBE
commands - ✅
EXPLAIN
commands - ✅ Safe
EXEC
/EXECUTE
for procedures/functions
Parameter Sanitization
All query and procedure parameters are automatically sanitized to prevent injection attacks.
🧪 Testing
The project includes comprehensive tests for schema validation and core functionality:
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
👨💻 Author
Vinicius de Souza Santos
- Email: viniciuskt0@gmail.com
- GitHub: @vini-cius
🙏 Acknowledgments
- Model Context Protocol for the MCP specification
- mssql for SQL Server connectivity
- Zod for runtime type validation
⭐ If this project helps you, please give it a star!
This server cannot be installed
A secure Model Context Protocol service that enables executing SQL Server queries with built-in protection against SQL injection and destructive operations.
Related MCP Servers
- AsecurityAlicenseAqualityEnables execution of SQL queries and management of Microsoft SQL Server database connections through the Model Context Protocol.Last updated -295414TypeScriptMIT License
- -securityAlicense-qualityA Model Context Protocol server that enables secure and structured interaction with Microsoft SQL Server databases, allowing AI assistants to list tables, read data, and execute SQL queries with controlled access.Last updated -39PythonMIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables secure interaction with Microsoft SQL Server databases, allowing AI assistants to list tables, read data, and execute SQL queries through a controlled interface.Last updated -1194PythonMIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables executing SQL queries and managing connections with Microsoft SQL Server databases.Last updated -1545TypeScriptMIT License