How do I install Safedb?

Safedb is a local plugin. Install it using npm package: @safedb/safedb-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Safedb need?

Safedb requires the following credentials or environment variables: YOUR_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Safedb?

Safedb uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Safedb MCP Server

by Narekmalk

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

A secure MCP server that lets AI agents query databases safely.

About

A secure MCP server that lets AI agents query databases safely.

Security Report

5.2

Moderate5.2Moderate Risk

SafeDB MCP is a well-architected security-focused database access server with strong query validation, proper sandboxing, and comprehensive access controls. The codebase demonstrates solid security practices with read-only transaction enforcement, SQL guardrails, PII masking, and audit logging. Minor code quality issues and a single low-severity finding do not materially impact the security posture. Supply chain analysis found 6 known vulnerabilities in dependencies (1 critical, 3 high severity). Package verification found 1 issue.

7 files analyzed · 9 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

database

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Your API key for the serviceRequired

Environment variable: YOUR_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-narekmalk-safedb-mcp": {
      "env": {
        "YOUR_API_KEY": "your-your-api-key-here"
      },
      "args": [
        "-y",
        "@safedb/safedb-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

SafeDB MCP

SafeDB MCP is a secure Model Context Protocol server that lets AI agents inspect and query Postgres with strict read-only guardrails. It is designed for teams that want useful database access without handing an agent unrestricted production credentials.

Direct database credentials are dangerous for agents because a single bad prompt, tool call, or generated SQL statement can mutate data, exfiltrate sensitive columns, or run expensive queries. SafeDB MCP puts a policy layer between the agent and Postgres: only configured schemas and tables are visible, SQL is conservatively validated, row counts are capped, results are masked, and every query attempt is audited.

This project is an MVP. It prefers false positives and blocked queries over unsafe access, and it does not claim perfect SQL security.

Features

MCP tools: list_schemas, list_tables, describe_table, run_readonly_query, explain_query, get_safedb_policy
Postgres support through pg
YAML or JSON config with environment expansion
Read-only SQL guardrails for SELECT, WITH ... SELECT, and EXPLAIN SELECT
Configurable table allowlists, denylists, row limits, and statement timeout
PII masking: redact, email, partial, and deterministic hash
JSONL audit log with no raw result data
CLI binary: safedb-mcp
TypeScript, Vitest, ESLint, Prettier

Quickstart

npm install
npm run build
npx safedb-mcp init --output safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx safedb-mcp validate-config --config safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx safedb-mcp test-connection --config safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx safedb-mcp --config safedb.yaml

Use a dedicated Postgres role with database-level read-only permissions. SafeDB MCP is a defense-in-depth layer, not a replacement for least-privilege database credentials.

Example Config

database:
  url: ${DATABASE_URL}

safety:
  default_limit: 100
  max_limit: 1000
  statement_timeout_ms: 5000
  allow_explain: true

access:
  schemas:
    public:
      allow_tables:
        - users
        - orders
        - products
      deny_tables:
        - secrets
      column_masks:
        users.email: email
        users.phone: partial
        users.password_hash: redact
        users.ssn: redact

audit:
  path: safedb-audit.jsonl

MCP Client Config

Claude Desktop:

{
  "mcpServers": {
    "safedb": {
      "command": "safedb-mcp",
      "args": ["--config", "/absolute/path/to/safedb.yaml"],
      "env": {
        "DATABASE_URL": "postgres://readonly:password@localhost:5432/app"
      }
    }
  }
}

Cursor or Hermes-style MCP config:

{
  "servers": {
    "safedb": {
      "command": "safedb-mcp",
      "args": ["--config", "/absolute/path/to/safedb.yaml"],
      "env": {
        "DATABASE_URL": "postgres://readonly:password@localhost:5432/app"
      }
    }
  }
}

Security Guarantees

SafeDB MCP aims to guarantee that:

Only configured schemas and tables are inspectable or queryable through the MCP tools.
Mutating SQL keywords and multiple statements are blocked before execution.
Query execution happens inside a read-only transaction with a local statement_timeout.
Returned rows are capped by an outer LIMIT.
Configured PII fields are masked before tool responses are returned.
Audit logs record attempts, decisions, detected tables, row counts, and duration without logging raw result rows.
Passwords and secrets are not intentionally logged.

Non-Goals

Perfect SQL parsing or formal proof of query safety.
Support for every valid Postgres read-only construct.
Write operations, migrations, stored procedure execution, or COPY.
Cross-database support in the first version.

Development

npm install
npm run build
npm test
npm run lint

Roadmap

Integrate a mature Postgres AST parser for more accurate table and CTE analysis.
Column-level projection enforcement so masked fields cannot be bypassed with aliases.
Per-tool and per-table rate limits.
Optional OpenTelemetry traces.
MySQL and SQLite adapters.
Signed audit logs.
Docker image and Helm chart.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Safedb MCP Server

About

Security Report

Findings (9)Action required

Permissions Required

What You'll Need

How to Install

Documentation

SafeDB MCP

Features

Quickstart

Example Config

MCP Client Config

Security Guarantees

Non-Goals

Development

Roadmap

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript