Examples
Database API to MCP
Database MCP servers are useful for internal agents, but raw database access is too much power. The safer pattern is approved views, named queries, strict parameters, and separate write tools with explicit policy.
Implementation
Path to ship.
Guide
Recommended tool surface
Good database MCP tools read like operations, not SQL. get_customer_health, list_failed_jobs, lookup_order_by_id, and explain_recent_errors are easier for an agent to choose than query_database.
If you need a flexible query tool, bind it to approved views and parameterized filters. Never pass model-authored SQL directly to production.
database_lookup_customer_health
Reads an approved customer health view by account id and returns bounded operational fields.
Generated input schema
{
"type": "object",
"properties": {
"account_id": { "type": "string" },
"include_recent_errors": { "type": "boolean", "default": true }
},
"required": ["account_id"]
}Example tools/call
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "database_lookup_customer_health",
"arguments": {
"account_id": "acct_42",
"include_recent_errors": true
}
}
}database_list_failed_jobs
Lists recent failed background jobs from an approved operations view with limit and service filters.
Generated input schema
{
"type": "object",
"properties": {
"service": { "type": "string" },
"since": { "type": "string", "format": "date-time" },
"limit": { "type": "integer", "minimum": 1, "maximum": 50, "default": 20 }
},
"required": ["since"]
}Example tools/call
{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "database_list_failed_jobs",
"arguments": {
"service": "billing",
"since": "2026-06-25T00:00:00Z",
"limit": 20
}
}
}Guide
Production guardrails
Use parameterized queries, approved views, row limits, response redaction, and read-only roles. The MCP layer should refuse arbitrary SQL, table names, and unbounded exports.
For mutation tools, require idempotency, explicit resource ids, and audit metadata. Direct delete, truncate, migration, and permission changes should stay outside the agent surface.
FAQ
Common questions.
Can an MCP server safely query a database?
Yes, if it uses approved views, strict schemas, parameterized queries, row limits, and read-only credentials.
Should an agent write SQL?
Not against production. Use named tools or constrained query builders instead of model-authored SQL.