tsurugi-mcp-server
mcp
Warn
Health Warn
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 9 GitHub stars
Code Pass
- Code scan — Scanned 2 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This is a Model Context Protocol (MCP) server designed to connect AI assistants to a Tsurugi database. It allows the AI to inspect table schemas, query data using SQL SELECT statements, and modify the database by executing UPDATE, INSERT, DELETE, and DDL operations.
Security Assessment
Overall Risk: Medium. The tool is designed to access and modify database contents, which is highly sensitive by nature. It does not appear to execute arbitrary shell commands or make external network requests outside of connecting directly to your specified database endpoint. There are no hardcoded secrets in the repository; authentication credentials must be explicitly provided by the user during setup.
However, the database connection configuration itself (such as passing a username, password, or authentication token via the Claude Desktop JSON configuration file) is handled entirely in plaintext. There is a strict risk that an AI assistant utilizing this server could be prompted to execute destructive SQL commands (such as DROP or mass DELETE). Fortunately, the developers included a built-in mitigation feature via the `--enable-tools` flag, allowing users to restrict the server to read-only operations if desired.
Quality Assessment
The project is actively maintained, with its most recent updates pushed today. It uses the standard Apache-2.0 open-source license and clearly documents its limitations and setup instructions. However, the tool currently has extremely low community visibility, holding only 9 GitHub stars. Because of this, it has not undergone widespread peer review or community security testing. A light code audit scanned core files and found no dangerous patterns.
Verdict
Use with caution: The code itself appears safe and well-intentioned, but the combination of low community oversight and direct read/write database access requires strict user-side safeguards, such as enforcing read-only modes and limiting database user permissions.
This is a Model Context Protocol (MCP) server designed to connect AI assistants to a Tsurugi database. It allows the AI to inspect table schemas, query data using SQL SELECT statements, and modify the database by executing UPDATE, INSERT, DELETE, and DDL operations.
Security Assessment
Overall Risk: Medium. The tool is designed to access and modify database contents, which is highly sensitive by nature. It does not appear to execute arbitrary shell commands or make external network requests outside of connecting directly to your specified database endpoint. There are no hardcoded secrets in the repository; authentication credentials must be explicitly provided by the user during setup.
However, the database connection configuration itself (such as passing a username, password, or authentication token via the Claude Desktop JSON configuration file) is handled entirely in plaintext. There is a strict risk that an AI assistant utilizing this server could be prompted to execute destructive SQL commands (such as DROP or mass DELETE). Fortunately, the developers included a built-in mitigation feature via the `--enable-tools` flag, allowing users to restrict the server to read-only operations if desired.
Quality Assessment
The project is actively maintained, with its most recent updates pushed today. It uses the standard Apache-2.0 open-source license and clearly documents its limitations and setup instructions. However, the tool currently has extremely low community visibility, holding only 9 GitHub stars. Because of this, it has not undergone widespread peer review or community security testing. A light code audit scanned core files and found no dangerous patterns.
Verdict
Use with caution: The code itself appears safe and well-intentioned, but the combination of low community oversight and direct read/write database access requires strict user-side safeguards, such as enforcing read-only modes and limiting database user permissions.
MCP server to access Tsurugi
README.md
tsurugi-mcp-server
Model Context Protocol server to access Tsurugi.
Limitations
- Tsurugi 1.10.0 or later.
- Java21 or later.
Components
Tools
listTableNames- list table names.
getTableMetadata- get table metadata (table schema).
- parameter
tableName- table name (string, required)
query- execute SQL (select).
- parameter
sql- SQL (string, required)transaction_type-OCC,LTX,RTX. (string, default:RTX)cursor- To continue the previous query. (string)
- If there is a continuation,
nextCursoris returned.
update- execute SQL (insert, update, delete).
- parameter
sql- SQL (string, required)transaction_type-OCC,LTX. (string, default:OCC)write_preserve- write preserve table names. (string, required whentransaction_typeisLTX)
executeDdl- execute DDL (create, drop)
- parameter
sql- SQL (string, required)transaction_type-OCC,LTX. (string, default:OCC)
Resources
- table metadata
Prompts
tableList-prompt- Prompt to display the list of tables.
tableMetadata-prompt- Prompt to display the table metadata.
query-prompt- Prompt to display the table data.
Configuration
Usage with Claude Desktop
First, download the tsurugi-mcp-server jar file from release page.
To use this server with the Claude Desktop, add the following configuration to the "mcpServers" section of your claude_desktop_config.json:
{
"mcpServers": {
"tsurugidb": {
"command": "java",
"args": [
"-jar",
"/path/to/tsurugi-mcp-server-all.jar",
"-c", "tcp://localhost:12345",
"--credentials", "/path/to/credential-file"
]
}
}
}
command- If the
javacommand is not included in the PATH, specify the full path. (e.g.,"C:/Program Files/Java/jdk-21/bin/java")
- If the
args- Specify the jar file by full path.
-cor--connection- the endpoint URL to connect Tsurugi. (required)- Specify one of the following credentials.
"--user", "user"and"--password", "password""--auth-token", "auth token""--credentials", "/path/to/credential-file""--no-auth"- If none of these are specified, authentication will be performed in the following order of priority.
- If
TSURUGI_AUTH_TOKENis specified inenv, authenticate using it as the auth token. - If a default credential file (
USER_HOME/.tsurugidb/credentials.json) exists, use it for authentication. - Authenticate without authentication.
- If
- If you want to limit the tools used, add
--enable-tools. (e.g., for read-only access:"--enable-tools", "listTableNames, getTableMetadata, query") - If resources is not used, add
"--resource", "false". - If prompts is not used, add
"--prompt", "false".
How to build
cd tsurugi-mcp-server
./gradlew shadowJar
ls build/libs/
How to test
cd tsurugi-mcp-server
./gradlew test -Pdbtest.endpoint=tcp://localhost:12345 \
-Pdbtest.user=user \
-Pdbtest.password=password \
-Pdbtest.auth-token=token \
-Pdbtest.credentials=/path/to/credential-file
License
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found