Separate MCP SQL tool to read and write for added protection
Currently, the
run_sql can execute read and write operations. Concerned about the affect that AI queries can have on our production database, even when reviewing tool calls, it would be great to have the run_sql tool separated into run_sql_write and run_sql_read or something similar. This would allow our team to confidently run queries without concern about changing data.2 Replies
manual-pink•4w ago
@David Gomes what are your thoughts here?
conscious-sapphire•4w ago
Ah, very good idea! Should not be hard to implement either. My only concern here is an LLM client (Claude, etc.) could always still call “run_sql_read” and pass an “INSERT” query (if we just naively implement this). So we’d probably need to make the implementation a bit more robust to make it actually safe.
Looping in our PM here @brian-holt , maybe we should create a github issue