MCP Toolbox for Databases

Manages connection pools across 60+ database source types (PostgreSQL, MySQL, BigQuery, Cloud SQL, Spanner, etc.) through a centralized Source Architecture pattern. Each database type has a dedicated source handler that manages connection lifecycle, credential rotation, and pool sizing. The system maintains persistent connections with automatic reconnection logic and supports both direct connections and cloud-managed database proxies, eliminating the need for applications to implement database-specific connection logic.

Implements the Model Context Protocol (MCP) as a native server transport, enabling seamless integration with MCP-compatible clients (Claude Desktop, Cursor IDE, custom agents). The server operates in two modes: stdio mode for local IDE integration (cmd/root.go --stdio flag) and HTTP server mode for production agent deployments (cmd/root.go --address flag). The MCP Protocol Handler translates between MCP resource/tool requests and internal tool execution, maintaining full protocol compliance while exposing database tools as callable resources.

Provides extensibility through pre-processing hooks (executed before tool invocation) and post-processing hooks (executed after tool invocation) defined in YAML configuration. Pre-processing hooks validate parameters, rewrite queries, or fetch additional context. Post-processing hooks filter results, aggregate data, or transform output format. Hooks are implemented as embedded scripts or external command invocations, allowing custom logic without modifying the core server. This enables tool customization for specific use cases without code changes.

Provides tools for managing Google Cloud SQL instances through the Cloud SQL Admin API, including instance listing, user creation, database provisioning, and backup management. The system authenticates to Cloud SQL Admin using IAM, discovers available instances, and exposes management operations as callable tools. This enables AI agents to provision databases, create users, or manage backups as part of automated workflows. Tools support parameter validation and dry-run modes for safety.

Automatically generates optimized LLM prompts (agent skills) from tool definitions, including tool descriptions, parameter schemas, and usage examples. The system analyzes tool metadata to create clear, concise prompts that help LLMs understand tool capabilities and constraints. Generated skills can be exported in multiple formats (text, JSON, YAML) for use in different agent frameworks (LangChain, LlamaIndex, Genkit). This reduces manual prompt engineering and ensures consistency across agents.

Provides pre-configured tool templates for common database operations (list tables, describe schema, count rows, etc.) that can be instantiated with minimal configuration. Templates are defined in internal/prebuiltconfigs/prebuiltconfigs.go and include parameter schemas, execution policies, and result formatting. Users can reference templates in tools.yaml and override specific parameters without redefining entire tools. This accelerates tool development and ensures consistency across common patterns.

Loads tool definitions from tools.yaml configuration files at startup and supports dynamic reloading without server restarts. The system parses YAML to define SQL tools, BigQuery tools, Looker tools, and HTTP utilities with parameter schemas, pre/post-processing hooks, and execution policies. Changes to tools.yaml are detected and reloaded at runtime, allowing operators to add new tools, modify parameters, or adjust execution policies without downtime. Tool definitions are compiled into JSON schemas for MCP protocol exposure.

Provides pluggable authentication architecture supporting Google Cloud IAM, OAuth2, and OpenID Connect (OIDC) for secure database access. Credentials are managed through internal/server/config.go (lines 190-198) with automatic token refresh and rotation logic. The system supports service account JSON files, OAuth2 authorization code flows, and OIDC token exchange, enabling fine-grained access control without embedding credentials in configuration. Authentication is decoupled from tool execution, allowing different tools to use different credential sources.

Executes parameterized SQL queries against relational databases (PostgreSQL, MySQL, SQL Server) through a template-based tool system. Tools are defined with parameter schemas that map to SQL placeholders, preventing SQL injection through strict parameter binding. Results are formatted as structured data (JSON, CSV, or raw rows) with configurable row limits and timeout policies. The system supports pre-processing (parameter validation, query rewriting) and post-processing (result filtering, aggregation) hooks defined in YAML.

Provides specialized tools for BigQuery including dataset listing, table schema inspection, and optimized query execution. Tools leverage BigQuery's native APIs to discover available datasets and tables, expose schema information to agents, and execute queries with automatic cost estimation. The system handles BigQuery-specific features like partitioning, clustering, and query caching, exposing these as tool parameters. Results are streamed and formatted as JSON with automatic pagination for large result sets.

Integrates with Looker instances to expose saved looks, dashboards, and explores as callable tools. The system authenticates to Looker using OAuth2 or API keys, discovers available content, and executes saved queries with parameter substitution. Results are returned as structured data (JSON) with metadata about the underlying Looker model. This enables agents to access BI insights without direct database access, leveraging Looker's data modeling and access control.

Provides generic HTTP tools for calling external APIs and utility tools for data transformation (JSON parsing, CSV conversion, string manipulation). HTTP tools support GET, POST, PUT, DELETE with configurable headers, authentication, and request/response transformation. Utility tools enable agents to transform query results or API responses without additional processing steps. All tools support parameter schemas and pre/post-processing hooks for custom logic.

Provides built-in OpenTelemetry instrumentation for distributed tracing, metrics, and logging across all tool executions. The system exports traces to OpenTelemetry-compatible backends (Jaeger, Datadog, Google Cloud Trace) with automatic span creation for tool calls, database queries, and authentication events. Metrics include tool execution latency, error rates, and connection pool utilization. Telemetry is configured through internal/server/config.go (lines 61-66) and can be enabled/disabled per environment.

Implements the MCP Resource Manager to expose database schemas, tool definitions, and configuration metadata as discoverable resources. Resources are organized hierarchically (e.g., /databases/postgres/schemas/public/tables/users) and support both static resources (pre-defined tools) and dynamic resources (discovered database objects). Clients can list resources, read resource contents, and subscribe to resource updates. This enables IDE integration where database schemas appear as browsable resources.