PostgreSQL MCP Server
Enables AI-driven database administration, observability, and querying with support for schema management, SQL execution, JSONB operations, text processing, statistical analysis, query optimization, and extensions including pgvector, PostGIS, and pg_stat_statements.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@PostgreSQL MCP Servershow me the top 10 users by last login date"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
postgres-mcp
Last Updated March 9, 2026
PostgreSQL MCP Server enabling AI assistants (AntiGravity, Claude, Cursor, etc.) to interact with PostgreSQL databases through the Model Context Protocol. Features Code Mode — a revolutionary approach that provides access to all 232 tools through a single, secure JavaScript sandbox, eliminating the massive token overhead of multi-step tool calls. Also includes schema introspection, migration tracking, smart tool filtering, deterministic error handling, connection pooling, HTTP/SSE Transport, OAuth 2.1 authentication, and extension support for citext, ltree, pgcrypto, pg_cron, pg_stat_kcache, pgvector, PostGIS, and HypoPG.
232 Specialized Tools · 20 Resources · 19 AI-Powered Prompts
Docker Hub • npm Package • MCP Registry • Wiki • Tool Reference • Changelog
🎯 What Sets Us Apart
Feature | Description |
232 Specialized Tools | The largest PostgreSQL tool collection for MCP — from core CRUD and native JSONB to pgvector, PostGIS, pg_cron, ltree, pgcrypto, introspection analysis, migration tracking, and 8 extension ecosystems |
20 Observability Resources | Real-time schema, performance metrics, connection pool status, replication lag, vacuum stats, lock contention, and extension diagnostics |
19 AI-Powered Prompts | Guided workflows for query building, schema design, performance tuning, and extension setup |
Code Mode | Massive Token Savings: Execute complex, multi-step operations inside a fast, secure JavaScript sandbox. Instead of spending thousands of tokens on back-and-forth tool calls, Code Mode exposes all 232 capabilities locally, reducing token overhead by up to 90% and supercharging AI agent reasoning. |
OAuth 2.1 + Access Control | Enterprise-ready security with RFC 9728/8414 compliance, granular scopes ( |
Smart Tool Filtering | 22 tool groups + 16 shortcuts let you stay within IDE limits while exposing exactly what you need |
Dual HTTP Transport | Streamable HTTP ( |
High-Performance Pooling | Built-in connection pooling with health checks for efficient, concurrent database access |
8 Extension Ecosystems | First-class support for pgvector, PostGIS, pg_cron, pg_partman, pg_stat_kcache, citext, ltree, and pgcrypto |
Introspection & Migration Tracking | Simulate cascade impacts, generate safe DDL ordering, analyze constraint health, and track schema migrations with SHA-256 dedup — 12 agent-optimized tools split into read-only analysis and migration management groups |
Deterministic Error Handling | Every tool returns structured |
Production-Ready Security | SQL injection protection, parameterized queries, input validation, sandboxed code execution, SSL certificate verification by default, and HTTP body size enforcement |
Benchmarked Performance | 93+ Vitest benchmarks across 10 domains: tool dispatch at 6.9M ops/sec, identifier sanitization at 4.4M ops/sec, auth checks at 5.3M ops/sec, and schema parsing at 2.1M ops/sec |
Strict TypeScript | 100% type-safe codebase with 3448 tests and 95.09% coverage |
MCP 2025-11-25 Compliant | Full protocol support with tool safety hints, resource priorities, and progress notifications |
🚀 Quick Start
Prerequisites
PostgreSQL 12-18 (tested with PostgreSQL 18.1)
Docker (recommended) or Node.js 24+ (LTS)
Docker (Recommended)
docker pull writenotenow/postgres-mcp:latest{
"mcpServers": {
"postgres-mcp": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"POSTGRES_HOST",
"-e",
"POSTGRES_PORT",
"-e",
"POSTGRES_USER",
"-e",
"POSTGRES_PASSWORD",
"-e",
"POSTGRES_DATABASE",
"writenotenow/postgres-mcp:latest",
"--tool-filter",
"starter"
],
"env": {
"POSTGRES_HOST": "host.docker.internal",
"POSTGRES_PORT": "5432",
"POSTGRES_USER": "your_username",
"POSTGRES_PASSWORD": "your_password",
"POSTGRES_DATABASE": "your_database"
}
}
}
}Customization Notes:
Update credentials (
your_username,your_password, etc.) with your PostgreSQL credentialsExtension tools gracefully handle cases where extensions are not installed
Note for Docker: Use
host.docker.internalto connect to PostgreSQL running on your host machine.
📖 Full Docker guide: DOCKER_README.md · Docker Hub
npm
npm install -g @neverinfamous/postgres-mcp
postgres-mcp --transport stdio --postgres postgres://user:password@localhost:5432/databaseFrom Source
git clone https://github.com/neverinfamous/postgres-mcp.git
cd postgres-mcp
npm install
npm run build
node dist/cli.js --transport stdio --postgres postgres://user:password@localhost:5432/databaseCode Mode: Maximum Efficiency
Code Mode (pg_execute_code) dramatically reduces token usage (70–90%) and is included by default in all presets.
Code executes in a sandboxed VM context with multiple layers of security. All pg.* API calls execute against the database within the sandbox, providing:
Static code validation — blocked patterns include
require(),process,eval(), and filesystem accessRate limiting — 60 executions per minute per client
Hard timeouts — configurable execution limit (default 30s)
Full API access — all 22 tool groups are available via
pg.*(e.g.,pg.core.readQuery(),pg.jsonb.extract(),pg.introspection.dependencyGraph(),pg.migration.migrationStatus())Requires
adminOAuth scope — execution is logged for audit
⚡ Code Mode Only (Maximum Token Savings)
If you control your own setup, you can run with only Code Mode enabled — a single tool that provides access to all 232 tools' worth of capability through the pg.* API:
{
"mcpServers": {
"postgres-mcp": {
"command": "node",
"args": [
"/path/to/postgres-mcp/dist/cli.js",
"--transport",
"stdio",
"--tool-filter",
"codemode"
],
"env": {
"POSTGRES_HOST": "localhost",
"POSTGRES_PORT": "5432",
"POSTGRES_USER": "your_user",
"POSTGRES_PASSWORD": "your_password",
"POSTGRES_DATABASE": "your_database"
}
}
}
}This exposes just pg_execute_code. The agent writes JavaScript against the typed pg.* SDK — composing queries, chaining operations across all 22 tool groups, and returning exactly the data it needs — in one execution. This mirrors the Code Mode pattern pioneered by Cloudflare for their entire API: fixed token cost regardless of how many capabilities exist.
Disabling Code Mode (Non-Admin Users)
If you don't have admin access or prefer individual tool calls, exclude codemode:
{
"args": ["--tool-filter", "starter,-codemode"]
}📖 Full documentation: docs/CODE_MODE.md
Development
See From Source above for setup. After cloning:
npm run lint && npm run typecheck # Run checks
npm run bench # Run performance benchmarks
node dist/cli.js info # Test CLI
node dist/cli.js list-tools # List available toolsBenchmarks
Run npm run bench to execute the performance benchmark suite (10 files, 93+ scenarios) powered by Vitest Bench. Use npm run bench:verbose for detailed table output.
Performance Highlights (Node.js 24, Windows 11):
Area | Benchmark | Throughput |
Tool Dispatch | Map.get() single tool lookup | ~6.9M ops/sec |
WHERE Validation | Simple clause (combined regex fast-path) | ~3.7M ops/sec |
Identifier Sanitization | validateIdentifier() | ~4.4M ops/sec |
Auth — Token Extraction | extractBearerToken() | ~2.7M ops/sec |
Auth — Scope Checking | hasScope() | ~5.3M ops/sec |
Rate Limiting | Single IP check | ~2.3M ops/sec |
Logger | Filtered debug (no-op path) | ~5.4M ops/sec |
Schema Parsing | MigrationInitSchema.parse() | ~2.1M ops/sec |
Metadata Cache | Cache hit + miss pattern | ~1.7M ops/sec |
Sandbox Creation | CodeModeSandbox.create() cold start | ~863 ops/sec |
Full benchmark results and methodology are available on the Performance wiki page.
🔗 Database Connection Scenarios
Scenario | Host to Use | Example Connection String |
PostgreSQL on host machine |
|
|
PostgreSQL in Docker | Container name or network |
|
Remote/Cloud PostgreSQL | Hostname or IP |
|
Provider | Example Hostname |
AWS RDS PostgreSQL |
|
Google Cloud SQL |
|
Azure PostgreSQL |
|
Supabase |
|
Neon |
|
🛠️ Tool Filtering
All shortcuts and tool groups includeCode Mode (pg_execute_code) by default for token-efficient operations. To exclude it, add -codemode to your filter: --tool-filter cron,pgcrypto,-codemode
What Can You Filter?
The --tool-filter argument accepts shortcuts, groups, or tool names — mix and match freely:
Filter Pattern | Example | Tools | Description |
Shortcut only |
| 60 | Use a predefined bundle |
Groups only |
| 48 | Combine individual groups |
Shortcut + Group |
| 73 | Extend a shortcut |
Shortcut - Tool |
| 59 | Remove specific tools |
Shortcuts (Predefined Bundles)
Shortcut | Tools | Use Case | What's Included |
| 60 | Standard Package | Core, trans, JSONB, schema, codemode |
| 48 | Minimal footprint | Core, trans, JSONB, codemode |
| 53 | Dev Schema & Migrations | Core, trans, schema, introspection, migration, codemode |
| 43 | Dev Analytics | Core, trans, stats, partitioning, codemode |
| 61 | AI Data Analyst | Core, JSONB, text, trans, codemode |
| 51 | AI/ML with pgvector | Core, vector, trans, part, codemode |
| 64 | DBA Monitoring | Core, monitoring, perf, trans, codemode |
| 45 | DBA Schema & Migrations | Core, schema, introspection, migration, codemode |
| 46 | DBA Infrastructure | Core, admin, backup, partitioning, codemode |
| 58 | DBA Stats | Core, admin, monitoring, trans, stats, codemode |
| 44 | Geospatial Workloads | Core, PostGIS, trans, codemode |
| 51 | Operations Block | Admin, monitoring, backup, part, stats, citext, codemode |
| 26 | Extension: AI/Security | pgvector, pgcrypto, codemode |
| 24 | Extension: Spatial | PostGIS, ltree, codemode |
| 19 | Extension: Scheduling | pg_cron, pg_partman, codemode |
| 32 | Extension: Perf/Analysis | pg_stat_kcache, performance, codemode |
Tool Groups (22 Available)
Group | Tools | Description |
| 1 | Code Mode (sandboxed code execution) 🌟 Recommended |
| 21 | Read/write queries, tables, indexes, convenience/drop tools |
| 9 | BEGIN, COMMIT, ROLLBACK, savepoints, status |
| 20 | JSONB manipulation and queries |
| 14 | Full-text search, fuzzy matching |
| 25 | EXPLAIN, query analysis, optimization, diagnostics, anomaly detection |
| 11 | VACUUM, ANALYZE, REINDEX |
| 12 | Database sizes, connections, status |
| 10 | pg_dump, COPY, restore |
| 13 | Schemas, views, sequences, functions, triggers |
| 7 | Dependency graphs, cascade simulation, schema analysis |
| 7 | Schema migration tracking and management |
| 7 | Native partition management |
| 9 | Statistical analysis |
| 17 | pgvector (AI/ML similarity search) |
| 16 | PostGIS (geospatial) |
| 9 | pg_cron (job scheduling) |
| 11 | pg_partman (auto-partitioning) |
| 8 | pg_stat_kcache (OS-level stats) |
| 7 | citext (case-insensitive text) |
| 9 | ltree (hierarchical data) |
| 10 | pgcrypto (encryption, UUIDs) |
Syntax Reference
Prefix | Target | Example | Effect |
(none) | Shortcut |
| Whitelist Mode: Enable ONLY this shortcut |
(none) | Group |
| Whitelist Mode: Enable ONLY this group |
| Group |
| Add tools from this group to current set |
| Group |
| Remove tools in this group from current set |
| Tool |
| Add one specific tool |
| Tool |
| Remove one specific tool |
Legacy Syntax (still supported):
If you start with a negative filter (e.g., -base,-extensions), it assumes you want to start with all tools enabled and then subtract.
🌐 HTTP/SSE Transport (Remote Access)
For remote access, web-based clients, or HTTP-compatible MCP hosts, use the HTTP transport:
node dist/cli.js \
--transport http \
--port 3000 \
--postgres "postgres://user:pass@localhost:5432/db"Docker:
docker run --rm -p 3000:3000 \
-e POSTGRES_URL=postgres://user:pass@host:5432/db \
writenotenow/postgres-mcp:latest \
--transport http --port 3000The server supports two MCP transport protocols simultaneously, enabling both modern and legacy clients to connect:
Streamable HTTP (Recommended)
Modern protocol (MCP 2025-03-26) — single endpoint, session-based:
Method | Endpoint | Purpose |
|
| JSON-RPC requests (initialize, tools/list, etc.) |
|
| SSE stream for server notifications |
|
| Session termination |
Sessions are managed via the Mcp-Session-Id header.
Legacy SSE (Backward Compatibility)
Legacy protocol (MCP 2024-11-05) — for clients like Python mcp.client.sse:
Method | Endpoint | Purpose |
|
| Opens SSE stream, returns |
|
| Send JSON-RPC messages to the session |
Utility Endpoints
Method | Endpoint | Purpose |
|
| Health check (database connectivity) |
🔐 OAuth 2.1 Authentication
When using HTTP/SSE transport, oauth 2.1 authentication can protect your MCP endpoints.
Configuration
CLI Options:
node dist/cli.js \
--transport http \
--port 3000 \
--postgres "postgres://user:pass@localhost:5432/db" \
--oauth-enabled \
--oauth-issuer http://localhost:8080/realms/postgres-mcp \
--oauth-audience postgres-mcp-clientEnvironment Variables (Required):
OAUTH_ENABLED=true
OAUTH_ISSUER=http://localhost:8080/realms/postgres-mcp
OAUTH_AUDIENCE=postgres-mcp-clientEnvironment Variables (Optional — auto-discovered from issuer):
OAUTH_JWKS_URI=http://localhost:8080/realms/postgres-mcp/protocol/openid-connect/certs
OAUTH_CLOCK_TOLERANCE=60OAuth Scopes
Access control is managed through OAuth scopes:
Scope | Access Level |
| Read-only queries (SELECT, EXPLAIN) |
| Read + write operations |
| Full administrative access |
| Grants all access |
| Access to specific database |
| Access to specific schema |
| Access to specific table |
RFC Compliance
This implementation follows:
RFC 9728 — OAuth 2.0 Protected Resource Metadata
RFC 8414 — OAuth 2.0 Authorization Server Metadata
RFC 7591 — OAuth 2.0 Dynamic Client Registration
The server exposes metadata at /.well-known/oauth-protected-resource.
Note for Keycloak users: Add an Audience mapper to your client (Client → Client scopes → dedicated scope → Add mapper → Audience) to include the correct
audclaim in tokens.
Per-tool scope enforcement: Scopes are enforced at the tool level — each tool group maps to a required scope (read, write, or admin). When OAuth is enabled, every tool invocation checks the calling token's scopes before execution. When OAuth is not configured, scope checks are skipped entirely.
HTTP without OAuth: When using --transport http without enabling OAuth, all clients have full unrestricted access. Always enable OAuth for production HTTP deployments. See SECURITY.md for details.
⚡ Performance Tuning
Variable | Default | Description |
|
| Server bind host ( |
|
| Cache TTL for schema metadata (milliseconds) |
|
| Log verbosity: |
Tip: Lower
METADATA_CACHE_TTL_MSfor development (e.g.,5000), or increase it for production with stable schemas (e.g.,300000= 5 min).
Pool Tuning for IAM Auth: For cloud-managed databases with IAM authentication (e.g., AWS RDS, Google Cloud SQL), set
POSTGRES_POOL_MIN=2to keep warm connections and reduce authentication latency.
🤖 AI-Powered Prompts
Prompts provide step-by-step guidance for complex database tasks. Instead of figuring out which tools to use and in what order, simply invoke a prompt and follow its workflow — great for learning PostgreSQL best practices or automating repetitive DBA tasks.
This server includes 19 intelligent prompts for guided workflows:
Prompt | Description | Required Groups | Shortcut |
| Construct queries with CTEs and window functions | core |
|
| Design schemas with constraints and indexes | core |
|
| Analyze queries with EXPLAIN and optimization | core, performance |
|
| Generate migration scripts with rollback support | core |
|
| Lazy hydration - compact index of all tools | — | any |
| Quick SQL query guidance for common operations | core |
|
| Quick reference for exploring database schema | core |
|
| Comprehensive database health assessment | core, performance, monitoring |
|
| Enterprise backup planning with RTO/RPO | core, monitoring, backup |
|
| Index analysis and optimization workflow | core, performance |
|
| Extension installation and configuration guide | core |
|
| Complete pgvector setup for semantic search | core, vector |
|
| Complete PostGIS setup for geospatial operations | core, postgis |
|
| Complete pg_cron setup for job scheduling | core |
|
| Complete pg_partman setup for partition management | core, partman |
|
| Complete pg_stat_kcache setup for OS monitoring | core, kcache |
|
| Complete citext setup for case-insensitive text | core, citext |
|
| Complete ltree setup for hierarchical data | core, ltree |
|
| Complete pgcrypto setup for cryptographic funcs | core, pgcrypto |
|
📦 Resources
Resources give you instant snapshots of database state without writing queries. Perfect for quickly checking schema, health, or performance metrics — the AI can read these to understand your database context before suggesting changes.
This server provides 20 resources for structured data access:
Resource | URI | Description |
Schema |
| Full database schema |
Tables |
| Table listing with sizes |
Settings |
| PostgreSQL configuration |
Statistics |
| Database statistics with stale detection |
Activity |
| Current connections |
Pool |
| Connection pool status |
Capabilities |
| Server version, extensions, tool categories |
Performance |
| pg_stat_statements query metrics |
Health |
| Comprehensive database health status |
Extensions |
| Extension inventory with recommendations |
Indexes |
| Index usage with unused detection |
Replication |
| Replication status and lag monitoring |
Vacuum |
| Vacuum stats and wraparound warnings |
Locks |
| Lock contention detection |
Cron |
| pg_cron job status and execution history |
Partman |
| pg_partman partition configuration and health |
Kcache |
| pg_stat_kcache CPU/I/O metrics summary |
Vector |
| pgvector columns, indexes, and recommendations |
PostGIS |
| PostGIS spatial columns and index status |
Crypto |
| pgcrypto availability and security recommendations |
🔧 Extension Support
Extension | Purpose | Tools |
| Query performance tracking |
|
| Text similarity |
|
| Fuzzy matching |
|
| Hypothetical indexes |
|
| Vector similarity search | 16 vector tools |
| Geospatial operations | 15 postgis tools |
| Job scheduling | 8 cron tools |
| Automated partition management | 10 partman tools |
| OS-level CPU/memory/I/O stats | 7 kcache tools |
| Case-insensitive text | 6 citext tools |
| Hierarchical tree labels | 8 ltree tools |
| Hashing, encryption, UUIDs | 9 pgcrypto tools |
Extension tools gracefully handle cases where extensions are not installed. Extension tool counts include
create_extensionhelpers but exclude Code Mode; the Tool Groups table above adds +1 per group for Code Mode.
Contributing
Contributions are welcome! Please read our Contributing Guidelines before submitting a pull request.
Security
For security concerns, please see our Security Policy.
⚠️ Never commit credentials - Store secrets in environment variables
License
This project is licensed under the MIT License - see the LICENSE file for details.
Code of Conduct
Please read our Code of Conduct before participating in this project.
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/neverinfamous/postgresql-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server