Uses environment variables for configuration of database connections and server settings.
Uses Jest for comprehensive testing of schema validation and core database functionality.
Runs on Node.js platform to provide SQL Server connectivity and database operations via MCP protocol.
Recommended package manager for installing and managing dependencies of the MCP server.
Provides type safety and TypeScript implementation for database operations through the MCP server.
Utilizes Zod for runtime type validation of database queries and parameters.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SQL Server MCP Serviceshow me the top 10 customers by order value"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
SQL Server MCP Service
A secure and robust Model Context Protocol (MCP) service for executing SQL Server queries via MCP protocol. This service provides a safe way to interact with SQL Server databases while preventing destructive operations and SQL injection attacks.
π Features
π Secure Query Execution: Built-in protection against SQL injection and destructive operations
π Schema Discovery: Get table, function, and procedure schemas and database information
π οΈ Multiple Tools: 9 specialized tools for different database operations
β‘ High Performance: Connection pooling for efficient database operations
π§ TypeScript Support: Full TypeScript implementation with type safety
π§ͺ Comprehensive Testing: Jest-based test suite for reliability
Related MCP server: MSSQL MCP Server
π οΈ Available Tools
1. execute_query
Executes safe SQL queries with parameter support.
Parameters:
query(string, required): The SQL query to executeparameters(object, optional): Query parameters for prepared statements
Example:
{
"query": "SELECT * FROM Users WHERE Status = @status",
"parameters": {
"status": "active"
}
}2. get_table_schema
Retrieves detailed column information for a specific table.
Parameters:
tableName(string, required): Name of the tableschemaName(string, optional): Schema name (default: "dbo")
Example:
{
"tableName": "Users",
"schemaName": "dbo"
}3. list_tables
Lists all tables in the database with optional schema filtering.
Parameters:
schemaName(string, optional): Filter tables by specific schema
Example:
{
"schemaName": "dbo"
}4. get_database_info
Retrieves general database information (name, version, edition, etc.).
Parameters: None
5. list_procedures
Lists all stored procedures in the database, optionally filtered by schema.
Parameters:
schemaName(string, optional): Filter procedures by schema
Example:
{
"schemaName": "dbo"
}6. list_functions
Lists all functions (scalar and table-valued) in the database, optionally filtered by schema and function type.
Parameters:
schemaName(string, optional): Filter functions by schemafunctionType(string, optional): 'SCALAR' or 'TABLE'
Example:
{
"schemaName": "dbo",
"functionType": "SCALAR"
}7. get_procedure_schema
Gets the schema and parameters of a specific stored procedure.
Parameters:
procedureName(string, required): Name of the procedureschemaName(string, optional): Schema name (default: "dbo")
Example:
{
"procedureName": "MyProcedure",
"schemaName": "dbo"
}8. get_function_schema
Gets the schema and parameters of a specific function.
Parameters:
functionName(string, required): Name of the functionschemaName(string, optional): Schema name (default: "dbo")
Example:
{
"functionName": "MyFunction",
"schemaName": "dbo"
}9. execute_procedure
Executes a stored procedure with parameters.
Parameters:
procedureName(string, required): Name of the procedureparameters(object, optional): Procedure parametersschemaName(string, optional): Schema name (default: "dbo")
Example:
{
"procedureName": "MyProcedure",
"parameters": {
"param1": 123,
"param2": "abc"
},
"schemaName": "dbo"
}π¦ Installation
Prerequisites
Node.js >= 20.0.0
SQL Server instance
pnpm (recommended)
Install Dependencies
pnpm installβοΈ Configuration
Copy Environment Template
cp .env.example .envConfigure Environment Variables
Variable | Description | Default |
| HTTP server port |
|
| Node environment ( |
|
| Allowed CORS origins (comma-separated) | - |
| SQL Server hostname/IP |
|
| Database name |
|
| Database username | - |
| Database password | - |
| SQL Server port |
|
| Enable encryption |
|
| Trust server certificate |
|
Example .env:
HTTP_PORT=3333
NODE_ENV=development
ORIGIN=http://localhost:3000,http://example.com
SQL_SERVER=localhost
SQL_DATABASE=master
SQL_USER=sa
SQL_PASSWORD=YourSecurePassword123!
SQL_PORT=1433
SQL_ENCRYPT=true
SQL_TRUST_CERT=falseπ Usage
Start HTTP Server (Recommended)
pnpm run dev:http
# or
pnpm run start:httpBuild for Production
pnpm run buildRunning Tests
pnpm run testπ₯οΈ Desktop App Integration
To integrate this server with a desktop app, add the following to your app's server configuration:
Using Node.js directly:
{
"mcpServers": {
"sqlserver": {
"command": "node",
"args": [
"{ABSOLUTE PATH TO FILE HERE}/dist/cli.js"
]
}
}
}Using npx:
{
"mcpServers": {
"sqlserver": {
"command": "npx",
"args": [
"mcp-mssql-server"
]
}
}
}Note: Replace {ABSOLUTE PATH TO FILE HERE} with the actual absolute path to your project's dist/cli.js file.
π€ OpenAI Integration
To use this MCP server with OpenAI's API, you can integrate it using the MCP protocol. Here's an example:
import OpenAI from "openai";
const client = new OpenAI();
const resp = await client.responses.create({
model: "gpt-5",
tools: [
{
type: "mcp",
server_label: "mssql",
server_description: "A SQL Server MCP server for executing safe database queries and schema discovery.",
server_url: "http://localhost:3333/mcp",
require_approval: "never",
},
],
input: "Show me all tables in the database",
});
console.log(resp.output_text);Note: Make sure your HTTP server is running on the specified port before making requests to OpenAI.
π Security Features
Query Validation
The service automatically blocks potentially destructive operations:
β
DROP TABLEβ
DELETE FROMβ
TRUNCATE TABLEβ
INSERT INTOβ
UPDATEβ
CREATE TABLEβ
ALTER TABLEβ Stored procedures (
sp_,xp_)β SQL injection patterns
β Comments (
--,/* */)
Allowed Operations
β
SELECTqueriesβ
WITHclauses (CTEs)β
SHOWcommandsβ
DESCRIBEcommandsβ
EXPLAINcommandsβ Safe
EXEC/EXECUTEfor procedures/functions
Parameter Sanitization
All query and procedure parameters are automatically sanitized to prevent injection attacks.
π§ͺ Testing
The project includes comprehensive tests for schema validation and core functionality:
# Run all tests
pnpm run test
# Run tests in watch mode
pnpm run test -- --watch
# Run tests with coverage
pnpm run test -- --coverageπ License
This project is licensed under the MIT License - see the LICENSE file for details.
π¨βπ» Author
Vinicius de Souza Santos
Email: viniciuskt0@gmail.com
GitHub: @vini-cius
π Acknowledgments
Model Context Protocol for the MCP specification
mssql for SQL Server connectivity
Zod for runtime type validation
β If this project helps you, please give it a star!
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.