PostgreSQL MCP Server

delete-data

Remove records from PostgreSQL tables using WHERE conditions for targeted deletion, with confirmation prompts for large operations to prevent accidental data loss.

Instructions

Delete records from a table. Requires WHERE conditions for safety. Includes confirmation prompt for large deletions.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`table`	Yes
`where`	Yes
`confirm_delete`	No
`returning`	No

Implementation Reference

tools/deleteData.ts:25-134 (handler)

The main handler function for the 'delete-data' tool. It validates input, builds a safe DELETE query with parameterized WHERE conditions supporting equality, NULL, IN arrays, and LIKE patterns. Includes safety checks like requiring WHERE clause, estimating row count, and confirmation for large deletions (>100 rows). Executes the query and returns deleted count and optionally returned rows.

export async function deleteData(
  rawParams: any
): McpToolResponse {
  try {
    // Validate and parse parameters
    const params = deleteDataSchema.parse(rawParams);
    // Check database connection status
    const connectionStatus = getConnectionStatus();
    if (connectionStatus.status !== 'connected') {
      return createDatabaseUnavailableResponse("delete data");
    }
    
    const { table, where, confirm_delete, returning } = params;

    // Validate table name
    const sanitizedTable = sanitizeIdentifier(table);

    // Validate that we have WHERE conditions (safety check)
    if (!where || Object.keys(where).length === 0) {
      throw new Error("WHERE clause is required for DELETE operations for safety");
    }

    // Build WHERE clause
    const whereConditions: string[] = [];
    const queryParams: any[] = [];
    let paramIndex = 1;

    for (const [column, value] of Object.entries(where)) {
      const sanitizedColumn = sanitizeIdentifier(column);
      
      if (value === null) {
        whereConditions.push(`${sanitizedColumn} IS NULL`);
      } else if (Array.isArray(value)) {
        // Handle IN operator for arrays
        const placeholders = value.map(() => `$${paramIndex++}`).join(", ");
        whereConditions.push(`${sanitizedColumn} IN (${placeholders})`);
        queryParams.push(...value);
      } else if (typeof value === 'string' && value.includes('%')) {
        // Handle LIKE operator for strings with wildcards
        whereConditions.push(`${sanitizedColumn} LIKE $${paramIndex}`);
        queryParams.push(value);
        paramIndex++;
      } else {
        // Handle equality
        whereConditions.push(`${sanitizedColumn} = $${paramIndex}`);
        queryParams.push(value);
        paramIndex++;
      }
    }

    const whereClause = whereConditions.join(" AND ");

    // Safety check: estimate impact before deletion
    if (!confirm_delete) {
      const countQuery = `SELECT COUNT(*) as count FROM ${sanitizedTable} WHERE ${whereClause}`;
      const countResult = await executePostgresQuery(countQuery, queryParams);
      const affectedRows = parseInt(countResult[0].count);

      if (affectedRows > 100) {
        throw new Error(
          `This operation would delete ${affectedRows} rows. ` +
          `If you're sure you want to proceed, set confirm_delete to true.`
        );
      }

      if (affectedRows === 0) {
        return createMcpSuccessResponse({
          table: sanitizedTable,
          deleted_count: 0,
          message: "No rows match the WHERE conditions",
          deleted_at: new Date().toISOString(),
        });
      }
    }

    // Build DELETE query
    let deleteQuery = `DELETE FROM ${sanitizedTable} WHERE ${whereClause}`;

    // Add RETURNING clause if specified
    let hasEmptyReturning = false;
    if (returning !== undefined) {
      if (returning.length > 0) {
        const sanitizedReturning = returning.map((col: string) => 
          col === "*" ? "*" : sanitizeIdentifier(col)
        );
        deleteQuery += ` RETURNING ${sanitizedReturning.join(", ")}`;
      } else {
        hasEmptyReturning = true;
      }
    }

    const result = await executePostgresModification(deleteQuery, queryParams);

    const response = {
      table: sanitizedTable,
      deleted_count: result.affectedCount,
      ...(returning !== undefined && { 
        data: hasEmptyReturning 
          ? Array(result.affectedCount).fill({}) 
          : result.rows 
      }),
      deleted_at: new Date().toISOString(),
    };

    return createMcpSuccessResponse(response);

  } catch (error) {
    return createMcpErrorResponse("delete data", error);
  }
}

tools/deleteData.ts:15-22 (schema)

Zod schema definition for input validation of the delete-data tool, including table name, where conditions, confirmation flag, and optional returning columns.

export const deleteDataShape: ZodRawShape = {
  table: z.string().min(1, "Table name is required"),
  where: z.record(z.any()),
  confirm_delete: z.boolean().optional().default(false),
  returning: z.array(z.string()).optional(),
};

export const deleteDataSchema = z.object(deleteDataShape);

index.ts:62-67 (registration)

Registration of the 'delete-data' tool on the MCP server, linking the name, description, input schema, and handler function.

server.tool(
  "delete-data",
  "Delete records from a table. Requires WHERE conditions for safety. Includes confirmation prompt for large deletions.",
  deleteDataShape,
  deleteData
);

Tool Definition Quality

A3.7/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden and does well by disclosing key behavioral traits: it's a destructive operation (implied by 'Delete'), requires safety measures ('WHERE conditions for safety'), and includes interactive elements ('confirmation prompt for large deletions'). It doesn't cover aspects like permissions or rate limits, but provides solid foundational context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is highly concise and front-loaded, with two sentences that directly convey purpose and key behaviors without any wasted words. Each sentence earns its place by providing essential information, making it efficient and well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (destructive operation with 4 parameters, no output schema, and no annotations), the description is minimally adequate. It covers the core action and safety notes but lacks details on parameter usage, return values, or error handling. It meets basic needs but has clear gaps for a tool of this nature.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate, but it only partially does so. It mentions 'WHERE conditions' (mapping to the 'where' parameter) and hints at 'confirmation prompt' (related to 'confirm_delete'), but doesn't explain 'table', 'returning', or the structure of 'where'. This adds some meaning but leaves significant gaps, aligning with the baseline for moderate coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Delete records') and target resource ('from a table'), which is specific and unambiguous. However, it doesn't explicitly differentiate from sibling tools like 'execute-query' or 'update-data' that might also modify data, though the verb 'Delete' is distinct enough for basic differentiation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage by stating 'Requires WHERE conditions for safety' and 'Includes confirmation prompt for large deletions,' which suggests when to use it (for deletion with conditions) and hints at safety considerations. However, it doesn't explicitly compare to alternatives like 'update-data' or specify when not to use it, leaving some ambiguity.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cesarvarela/postgres-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server