Separate MCP SQL tool to read and write for added protection
Currently, the
run_sql can execute read and write operations. Concerned about the affect that AI queries can have on our production database, even when reviewing tool calls, it would be great to have the run_sql tool separated into run_sql_write and run_sql_read or something similar. This would allow our team to confidently run queries without concern about changing data.4 Replies
genetic-orange•3mo ago
@David Gomes what are your thoughts here?
optimistic-gold•3mo ago
Ah, very good idea! Should not be hard to implement either. My only concern here is an LLM client (Claude, etc.) could always still call “run_sql_read” and pass an “INSERT” query (if we just naively implement this). So we’d probably need to make the implementation a bit more robust to make it actually safe.
Looping in our PM here @brian-holt , maybe we should create a github issue
quickest-silverOP•3w ago
@brian-holt Curious to hear where this request ended up. Thanks
@Tristan Partin @David Gomes @brian-holt What's the status on this request or evaluation of it?
sunny-green•2w ago
Hello! Sorry for the delay - I hadn’t been getting Discord notifications - we haven’t prioritized this for work so I can’t give you an ETA. I’ll let know when we do