https://github.com/achmadya-dev/mcp-sqlite-query
Model Context Protocol (MCP) server for SQLite to run SQL queries via stdio
https://github.com/achmadya-dev/mcp-sqlite-query
cursor database mcp model-context-protocol sqlite typescript
Last synced: 1 day ago
JSON representation
Model Context Protocol (MCP) server for SQLite to run SQL queries via stdio
- Host: GitHub
- URL: https://github.com/achmadya-dev/mcp-sqlite-query
- Owner: achmadya-dev
- License: mit
- Created: 2026-05-23T13:41:19.000Z (23 days ago)
- Default Branch: main
- Last Pushed: 2026-06-14T02:46:04.000Z (1 day ago)
- Last Synced: 2026-06-14T03:05:43.981Z (1 day ago)
- Topics: cursor, database, mcp, model-context-protocol, sqlite, typescript
- Language: TypeScript
- Homepage:
- Size: 112 KB
- Stars: 0
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# @achmadya-dev/mcp-sqlite-query
MCP server for SQLite. Runs a single SQL statement per tool call over **stdio** using Node.js built-in `node:sqlite` (no native add-ons). **Read-only by default** — writes and DDL require explicit env flags.
## Requirements
- Node.js **≥ 22.5.0** (`node:sqlite` built-in)
- A SQLite database file path, or `:memory:` for ephemeral storage
## Install from npm
```json
{
"mcpServers": {
"sqlite": {
"command": "npx",
"args": ["-y", "@achmadya-dev/mcp-sqlite-query"],
"env": {
"SQLITE_DB_PATH": "/absolute/path/to/database.db"
}
}
}
}
```
Use `:memory:` for an in-memory database (data is lost when the server stops).
Or use `envFile` instead of inline `env`.
## Develop from source
```bash
git clone https://github.com/achmadya-dev/mcp-sqlite-query.git
cd mcp-sqlite-query
pnpm install
pnpm run build
pnpm test
```
Open the repo root in Cursor and point at a database file (or `:memory:`):
```json
{
"mcpServers": {
"sqlite": {
"command": "node",
"args": ["${workspaceFolder}/dist/index.js"],
"env": {
"SQLITE_DB_PATH": "/absolute/path/to/database.db"
}
}
}
}
```
Or use `envFile` pointing at a `.env` in the repo root. Paths are resolved relative to the workspace folder when Cursor starts the server.
## Environment variables
### Database
| Variable | Default | Description |
| ----------------- | ---------- | -------------------------------- |
| `SQLITE_DB_PATH` | `:memory:` | Database file path or `:memory:` |
| `SQLITE_MAX_ROWS` | `500` | Max rows for `SELECT` results |
### Write access
| Variable | Allows |
| ------------------------ | ----------------------------------------- |
| `ALLOW_INSERT_OPERATION` | `INSERT`, `REPLACE` |
| `ALLOW_UPDATE_OPERATION` | `UPDATE` |
| `ALLOW_DELETE_OPERATION` | `DELETE` |
| `ALLOW_DDL_OPERATION` | DDL (`CREATE`, `ALTER`, `DROP`, `VACUUM`) |
Enabled values: `true`, `1`, `yes`, `on`.
## Tools
| Tool | Statements | Env flag |
| --------------- | ----------------------------- | ------------------------ |
| `sqlite_select` | `SELECT`, `PRAGMA`, `EXPLAIN` | always on |
| `sqlite_insert` | `INSERT`, `REPLACE` | `ALLOW_INSERT_OPERATION` |
| `sqlite_update` | `UPDATE` | `ALLOW_UPDATE_OPERATION` |
| `sqlite_delete` | `DELETE` | `ALLOW_DELETE_OPERATION` |
| `sqlite_ddl` | DDL | `ALLOW_DDL_OPERATION` |
Each tool accepts one `sql` string.
## Behavior and security
- One SQL statement per request.
- SQL is validated with a parser that handles string literals, quoted identifiers, and comments before extracting the statement keyword.
- Always blocked: `XP_CMDSHELL`, `EXEC`, `EXECUTE`, `PREPARE`, `DEALLOCATE`, `ATTACH DATABASE`, `LOAD_FILE`, `INTO OUTFILE`, `COPY ... PROGRAM`.
- `SELECT` results are capped by `SQLITE_MAX_ROWS`.
## Package scripts
```bash
pnpm run build
pnpm test
pnpm start
```