mcp-turso-cloud

generate_database_token

Create a new token with specified permissions for a Turso database using the MCP server, enabling secure access and management of database operations.

Instructions

Generate a new token for a specific database

Input Schema

TableJSON Schema

Name	Required	Description	Default
`database`	Yes	Name of the database to generate a token for
`permission`	No	Permission level for the token

Implementation Reference

src/tools/handler.ts:159-181 (registration)

MCP tool registration for 'generate_database_token', including inline handler that delegates to organization_client and formats the response

server.tool(
	{
		name: 'generate_database_token',
		description: 'Generate a new token for a specific database',
		schema: GenerateDatabaseTokenSchema,
	},
	async ({ database, permission = 'full-access' }) => {
		try {
			const jwt = await organization_client.generate_database_token(
				database,
				permission,
			);
			return create_tool_response({
				success: true,
				database,
				token: { jwt, permission, database },
				message: `Token generated successfully for database '${database}' with '${permission}' permissions`,
			});
		} catch (error) {
			return create_tool_error_response(error);
		}
	},
);

src/tools/handler.ts:27-30 (schema)

Zod schema for validating inputs to the generate_database_token tool: requires database name, optional permission ('full-access' or 'read-only')

const GenerateDatabaseTokenSchema = z.object({
	database: z.string().describe('Name of the database to generate a token for'),
	permission: z.enum(['full-access', 'read-only']).optional().describe('Permission level for the token'),
});

src/clients/organization.ts:198-207 (helper)

Wrapper in organization client that dynamically imports token-manager's generate_database_token to avoid circular dependencies

export async function generate_database_token(
	database_name: string,
	permission: 'full-access' | 'read-only' = 'full-access',
): Promise<string> {
	// Import here to avoid circular dependencies
	const { generate_database_token: generate_token } = await import(
		'./token-manager.js'
	);
	return generate_token(database_name, permission);
}

src/clients/token-manager.ts:46-88 (handler)

Core implementation of generate_database_token: makes authenticated POST request to Turso API to create a JWT token for the specified database with given permissions

export async function generate_database_token(
	database_name: string,
	permission: 'full-access' | 'read-only' = 'full-access',
): Promise<string> {
	const config = get_config();
	const url = `https://api.turso.tech/v1/organizations/${config.TURSO_ORGANIZATION}/databases/${database_name}/auth/tokens`;

	try {
		const response = await fetch(url, {
			method: 'POST',
			headers: {
				Authorization: `Bearer ${config.TURSO_API_TOKEN}`,
				'Content-Type': 'application/json',
			},
			body: JSON.stringify({
				expiration: config.TOKEN_EXPIRATION,
				permission,
			}),
		});

		if (!response.ok) {
			const errorData = await response.json().catch(() => ({}));
			const errorMessage = errorData.error || response.statusText;
			throw new TursoApiError(
				`Failed to generate token for database ${database_name}: ${errorMessage}`,
				response.status,
			);
		}

		const data = await response.json();
		return data.jwt;
	} catch (error) {
		if (error instanceof TursoApiError) {
			throw error;
		}
		throw new TursoApiError(
			`Failed to generate token for database ${database_name}: ${
				(error as Error).message
			}`,
			500,
		);
	}
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states the tool generates a token, implying a creation/mutation operation, but fails to disclose critical traits: whether this requires specific permissions, if tokens are revocable, rate limits, security implications, or what the output looks like (e.g., token format, expiration). This is a significant gap for a tool that likely involves sensitive operations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with zero waste—it directly states the tool's purpose without redundancy or fluff. It's appropriately sized and front-loaded, making it easy for an agent to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of token generation (a mutation with security implications), no annotations, and no output schema, the description is incomplete. It doesn't cover behavioral aspects like authentication needs, token lifecycle, or error handling, leaving the agent under-informed for safe and effective use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, clearly documenting both parameters ('database' name and 'permission' enum). The description adds no additional parameter semantics beyond what the schema provides, such as explaining token use cases for different permission levels or database naming conventions. Baseline 3 is appropriate since the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('generate a new token') and the target resource ('for a specific database'), which is specific and unambiguous. However, it doesn't explicitly distinguish this tool from potential sibling tools like 'create_database' or 'execute_query', which might also involve database operations but serve different purposes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing authentication or existing database), exclusions, or comparisons to sibling tools like 'list_databases' for checking database existence first. This leaves the agent without context for appropriate tool selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

create_databaseC
@spences10/mcp-turso-cloud
delete_databaseC
@spences10/mcp-turso-cloud
execute_queryC
@spences10/mcp-turso-cloud
create_privilege_token
@MarlBurroW/teamspeak-mcp
list_tablesC
@spences10/mcp-turso-cloud
pb_admin_create_userB
@paullippert/pb_mcp

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/spences10/mcp-turso-cloud'

If you have feedback or need assistance with the MCP directory API, please join our Discord server