N
Neon4mo ago
itchy-amethyst

Separate MCP SQL tool to read and write for added protection

Currently, the run_sql can execute read and write operations. Concerned about the affect that AI queries can have on our production database, even when reviewing tool calls, it would be great to have the run_sql tool separated into run_sql_write and run_sql_read or something similar. This would allow our team to confidently run queries without concern about changing data.
10 Replies
cloudy-cyan
cloudy-cyan4mo ago
@David Gomes what are your thoughts here?
molecular-blue
molecular-blue3mo ago
Ah, very good idea! Should not be hard to implement either. My only concern here is an LLM client (Claude, etc.) could always still call “run_sql_read” and pass an “INSERT” query (if we just naively implement this). So we’d probably need to make the implementation a bit more robust to make it actually safe. Looping in our PM here @brian-holt , maybe we should create a github issue
itchy-amethyst
itchy-amethystOP2mo ago
@brian-holt Curious to hear where this request ended up. Thanks @Tristan Partin @David Gomes @brian-holt What's the status on this request or evaluation of it?
continuing-cyan
continuing-cyan2mo ago
Hello! Sorry for the delay - I hadn’t been getting Discord notifications - we haven’t prioritized this for work so I can’t give you an ETA. I’ll let know when we do
ratty-blush
ratty-blush3w ago
Is there a way to instead setup user preferences when configuring the tool? I find it annoying that I have to constantly tell it my project id, branch id, etc. You could have it read from a user preferences file instead, and in there you could setup readonly mode.
deep-jade
deep-jade3w ago
Hey! There isn't as of now, but we have had this request before (specifically for setting the branch), so the team is aware
itchy-amethyst
itchy-amethystOP7d ago
Any insights as to when we'll get these updates? They're decently large limitations.
deep-jade
deep-jade7d ago
I unfortunately don't have a timeline I can give you as of now.
itchy-amethyst
itchy-amethystOP7d ago
@fifo - I get around this by adding agent instructions (specifically a Cursor quick command) to auto-supply that information each time. I also put in the instructions to not auto-execute any SQL that changes anything and give it to me to copy and paste instead. It's not perfect, but it does the trick.
ratty-blush
ratty-blush7d ago
Yup, I have that on my Claude setup too, it’s just a little wasteful token wise and it feels wrong given it’s a deterministic input / static config

Did you find this page helpful?