Skip to content

mbentham/SqlAugur

MCP Data & Storage

An MCP server that gives AI assistants safe, read‑only access to SQL Server databases with AST‑level query validation and rate limiting

Track releases GitHub
C# Latest v1.4.0 · 3mo ago Security brief →

Features

  • Read‑only by design – only SELECT/CTE queries permitted via AST parsing
  • AST‑based T‑SQL validation using official ScriptDom parser (blocks injection tricks)
  • Rate limiting with token bucket to prevent runaway AI query loops
  • Integrated DBA diagnostics (First Responder Kit, DarlingData, sp_WhoIsActive) with response size optimisation
  • Progressive discovery – core tools load on demand, reducing context window usage

Recent releases

View all 7 releases →
No immediate action
v1.4.0 New feature

Response size optimisation + maxRows

Open
No immediate action
v1.3.1 Breaking risk

Docker build fix + SELinux mount

Open
v1.3.0 Breaking risk
Breaking changes
  • Renamed project from SqlServerMcp to SqlAugur (config section "SqlAugur", CLI command `sqlaugur`)
  • Removed create/modify dates from `list_programmable_objects` output
Notable features
  • NuGet global tool packaging (`dotnet tool install -g SqlAugur`)
  • Docker and Podman container support with Dockerfile
  • Configuration search path (app directory, user config directory, current working directory, env vars, CLI args)
Full changelog

Added

  • NuGet global tool packaging (dotnet tool install -g SqlAugur)
  • Docker and Podman container support with Dockerfile
  • Configuration search path (app directory, user config directory, current working directory, env vars, CLI args)
  • Server version reported from assembly metadata
  • Schema exploration toolset: list_programmable_objects, get_object_definition, get_extended_properties, get_object_dependencies
  • Mermaid ER diagram generation (get_mermaid_diagram)
  • Toolset reorganization: Schema Exploration and Diagrams as always-available toolsets in dynamic mode
  • Documentation rework: restructured README, added CONTRIBUTING.md and CHANGELOG.md

Changed

  • Breaking: Renamed project from SqlServerMcp to SqlAugur (config section "SqlAugur", CLI command sqlaugur)
  • Removed create/modify dates from list_programmable_objects output

Fixed

  • Sanitized markdown table cells in TableDescribeService to prevent output corruption
View release on GitHub
v1.2.0 Breaking risk
Breaking changes
  • `list_servers` now returns comma‑separated text instead of a JSON array
  • `list_databases` now returns comma‑separated text without envelope metadata (server, databaseCount, per‑database fields)
  • `read_data` response removed `server`, `rowCount`, and `columns`; only `truncated` and `rows` remain
Full changelog

What's Changed

Strips JSON overhead from all tool responses to reduce token usage. LLMs already know the server/database they asked about, can count array elements, and can infer column types from values — so redundant metadata was removed across the board.

Breaking Changes

  • list_servers — Returns plain comma-separated text (production, staging) instead of a JSON array
  • list_databases — Returns plain comma-separated text (master, AdventureWorks) instead of a JSON envelope with server, databaseCount, and per-database metadata
  • read_data — Response now contains only truncated and rows. Removed server, rowCount, and columns (type metadata)
  • get_query_plan — Now writes XML to a .sqlplan file and returns a confirmation message instead of returning inline JSON with the plan XML. New required outputPath parameter
  • All stored procedure tools (sp_Blitz, sp_BlitzFirst, sp_BlitzCache, sp_BlitzIndex, sp_BlitzWho, sp_BlitzLock, sp_WhoIsActive, sp_PressureDetector, sp_QuickieStore, sp_HealthParser, sp_LogHunter, sp_HumanEventsBlockViewer, sp_IndexCleanup, sp_QueryReproBuilder) — Response is now a JSON array of {truncated, rows} objects (one per result set). Removed server, procedureName, columns, and rowCount

Internal Improvements

  • Extracted ToolHelper.SaveToFileAsync shared helper for file-write validation (extension check, directory creation, line count confirmation) — used by both get_plantuml_diagram and get_query_plan
  • File extension validation now uses Path.GetExtension instead of EndsWith for precision
  • Tightened tool descriptions for diagram and schema overview tools
  • Updated README with release install and clone-from-source setup options

Full Changelog: https://github.com/mbentham/MCP-Server-SQLServer/compare/v1.1.0...v1.2.0

View release on GitHub
v1.1.0 Breaking risk
Breaking changes
  • `includeSchema` parameter renamed to `includeSchemas` on both `get_plantuml_diagram` and `get_schema_overview` tools
Notable features
  • Table‑level filtering via `includeTables` and `excludeTables` parameters
  • Multi‑schema support with comma‑separated `includeSchemas` (and existing `excludeSchemas`) parameters
Full changelog

What's Changed

Adds table-level filtering and multi-schema support to get_plantuml_diagram and get_schema_overview tools.

New Features

  • Table filtering — New includeTables and excludeTables comma-separated parameters on both get_plantuml_diagram and get_schema_overview. Filter diagrams and overviews to specific tables (e.g. includeTables: "Users,Orders") or exclude tables (e.g. excludeTables: "AuditLog,TempData"). Include overrides exclude.
  • Multi-schema includeincludeSchema (single value) replaced with includeSchemas (comma-separated list, e.g. includeSchemas: "dbo,sales"). Now consistent with excludeSchemas.
  • Schema and table filters compose independently — both are applied as separate WHERE clauses joined by AND, so you can combine includeSchemas: "dbo" with includeTables: "Users,Products" to narrow results precisely.

Breaking Changes

  • includeSchema parameter renamed to includeSchemas on both get_plantuml_diagram and get_schema_overview tools. Update any existing tool calls that use this parameter.

Internal Improvements

  • ParseExcludeSchemas renamed to generic ParseCommaSeparatedList — used for all four filter parameters
  • Extracted AppendFilter helper in SchemaQueryHelper to deduplicate parameterized IN/NOT IN clause generation
  • All filter values use parameterized SQL (SqlParameter) — no string concatenation

Test Coverage

  • 9 new unit tests for table filters, multi-schema includes, and filter composition
  • 8 new integration tests (4 per service) verifying table include/exclude, multi-schema include, and combined schema+table filtering against a real SQL Server instance

Full Changelog: https://github.com/mbentham/MCP-Server-SQLServer/compare/v1.0.1...v1.1.0

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
3
Forks
1
Languages
C# Dockerfile
View on GitHub

Install & Platforms

Install via
docker
Platforms
linux macos windows

Similar tools

andyWang1688/sql-query-mcp
xexr/mcp-libsql
jparkerweb/mcp-sqlite
designcomputer/mysql_mcp_server
pab1it0/prometheus-mcp-server

Beta — feedback welcome: [email protected]