mcp-jpa
Health Warn
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Pass
- Code scan — Scanned 3 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Read-only MCP server for JPA/Hibernate schema introspection in Spring Boot
mcp-jpa
Read-only Model Context Protocol server for JPA / Hibernate schema introspection
Expose your Spring Boot persistence model to AI clients (Cursor, Claude Desktop, custom MCP hosts) over Streamable HTTP or STDIO — without writing SQL migrations or leaking write access.
Quick start ·
Tools ·
Configuration ·
Cursor ·
Security ·
Architecture
Why mcp-jpa?
| Problem | mcp-jpa |
|---|---|
| AI needs to understand your domain model | list_entities / describe_entity from the live JPA metamodel |
| JDBC URLs and hand-written schema docs drift | Schema is read from the same EntityManagerFactory as production |
| Full DB access is too dangerous | Read-only guard: schema tools + SELECT JPQL only |
| STDIO MCP does not work in Kubernetes | Spring Boot starter exposes Streamable HTTP on /mcp |
| Lazy Hibernate proxies break JSON | Query results are normalized to safe maps before serialization |
Modules
| Module | Artifact | Description |
|---|---|---|
| Core | mcp-jpa |
Framework-agnostic MCP tools, JPA schema reader, query executor |
| Starter | mcp-jpa-spring-boot-starter |
Auto-configures Streamable HTTP MCP endpoint |
| Example | mcp-jpa-example |
Minimal Spring Boot + H2 demo app |
Architecture
flowchart LR
subgraph client["AI client"]
Cursor["Cursor / MCP host"]
end
subgraph app["Spring Boot app"]
EP["/mcp\nStreamable HTTP"]
MCP["McpSyncServer"]
Tools["JpaSchemaTools"]
EMF["EntityManagerFactory"]
EP --> MCP --> Tools --> EMF
end
subgraph db["Database"]
PG[("PostgreSQL / …")]
end
Cursor -->|"VPN / internal network"| EP
EMF --> PG
Transports
| Transport | Entry point | Best for |
|---|---|---|
| Streamable HTTP | mcp-jpa-spring-boot-starter |
Staging, production, Kubernetes |
| STDIO | McpJpaStdioLauncher |
Local IDE, persistence.xml on classpath |
MCP tools
| Tool | Description |
|---|---|
list_entities |
All JPA entities in the persistence unit |
describe_entity |
Fields, types, relations, @Version, unique flags, indexes, column names |
list_tables |
Database tables (JDBC metadata; Hibernate-aware) |
run_select |
Read-only JPQL SELECT with row cap and query timeout |
Example: describe_entity
{
"entityName": "Order"
}
Returns field descriptors with physical column names (Hibernate naming strategy), join columns, and index metadata.
Example: run_select
{
"jpql": "SELECT u.email FROM User u WHERE u.active = true",
"maxResults": 50
}
Blocked keywords: UPDATE, DELETE, INSERT, MERGE, DDL, etc.
Quick start
1. Add the starter (Spring Boot 3.x, Java 21+)
<dependency>
<groupId>io.github.nullpoint3rdev</groupId>
<artifactId>mcp-jpa-spring-boot-starter</artifactId>
<version>0.3.0</version>
</dependency>
Requires an existing EntityManagerFactory (e.g. from spring-boot-starter-data-jpa).
2. Enable MCP (opt-in — disabled by default)
mcp:
jpa:
enabled: true
endpoint: /mcp
persistence-unit-name: default
3. Start the app
Look for this log line:
MCP JPA HTTP server ready endpoint=/mcp pu=default
4. Verify
curl -i http://localhost:8080/mcp
A non-404 response means the servlet is registered (MCP protocol handshake may require an MCP client).
Cursor setup
Point Cursor at your backend MCP endpoint (local or over VPN / internal network):
~/.cursor/mcp.json
{
"mcpServers": {
"jpa": {
"url": "http://your-host:8080/mcp"
}
}
}
Reload MCP servers in Cursor, then invoke list_entities in chat.
{
"mcpServers": {
"jpa": {
"url": "http://your-host:8080/mcp",
"headers": {
"Authorization": "Basic bWNwOnlvdXItc2VjcmV0"
}
}
}
}
Generate Base64: echo -n 'mcp:your-secret' | base64
Configuration
All properties under mcp.jpa:
| Property | Default | Description |
|---|---|---|
enabled |
false |
Enable MCP HTTP auto-configuration |
endpoint |
/mcp |
Servlet path for Streamable HTTP |
persistence-unit-name |
default |
Label passed to schema tools |
query-default-max-results |
100 |
Default row limit for run_select |
query-max-results-cap |
1000 |
Hard cap for maxResults |
query-timeout-seconds |
30 |
JPQL query timeout |
metrics-enabled |
true |
Micrometer counter mcp.jpa.tool.invocations |
Optional HTTP Basic security
Requires spring-boot-starter-security on the classpath.
spring:
autoconfigure:
import: io.github.nullpoint3rdev.mcpjpa.spring.McpJpaSecurityAutoConfiguration
mcp:
jpa:
enabled: true
security:
enabled: true
username: mcp
password: ${MCP_JPA_PASSWORD}
Only /mcp is protected; your existing security config remains unchanged.
Security
mcp-jpa is read-only by design, but schema metadata is still sensitive.
| Layer | Recommendation |
|---|---|
| Network | Internal IP / VPN only; do not expose /mcp on public ingress |
| Auth | Enable McpJpaSecurityAutoConfiguration or restrict /mcp in your SecurityFilterChain |
| Queries | run_select allows only SELECT; timeout and row caps are enforced |
| Production | Keep mcp.jpa.enabled=false unless explicitly needed; enable per environment |
Health checks should use /actuator/health on your management port — not /mcp.
STDIO (local development)
For local MCP without HTTP, use the core launcher with META-INF/persistence.xml:
export MCP_JPA_PERSISTENCE_UNIT=default
java -cp ... io.github.nullpoint3rdev.mcpjpa.server.McpJpaStdioLauncher
Example application
git clone https://github.com/nullpoint3rdev/mcp-jpa.git
cd mcp-jpa
mvn install
mvn -pl mcp-jpa-example spring-boot:run
MCP endpoint: http://localhost:8080/mcp
Build from source
mvn clean test
mvn install
Production checklist
□ Add mcp-jpa-spring-boot-starter dependency (from Maven Central or GitHub Packages)
□ mcp.jpa.enabled=true in a non-production profile only (or restrict by network)
□ Deploy backend; confirm log "MCP JPA HTTP server ready"
□ curl http://<host>:<backend-port>/mcp
□ Configure Cursor mcp.json
□ Secure /mcp (Basic auth or Spring Security)
□ Keep management (health/metrics) on a separate port
Roadmap
- Maven Central release
0.3.0 - MCP servers registry listing
- Native SQL read-only tools (separate security profile)
- EclipseLink compatibility tests
Contributing
Issues and pull requests are welcome. Please run mvn clean test before submitting a PR.
License
Apache License 2.0 — see LICENSE.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found