MCP.so
Sign In

Db Whisper

@404-UNKNOW

About Db Whisper

No overview available yet

Basic information

Category

Databases

License

MIT

Runtime

node

Transports

stdio

Publisher

404-UNKNOW

Submitted by

Dennis LIU

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "db-whisper": {
      "command": "npx",
      "args": [
        "-y",
        "db-whisper-mcp"
      ],
      "env": {
        "DATABASE_URL": "postgresql://username:password@host:port/database",
        "NODE_ENV": "production"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Db Whisper?

DB-Whisper is a production-hardened, read-only database inspection server built on the Model Context Protocol (MCP). It is designed for AI assistants such as Cursor and Claude Desktop, using deep AST validation and strict security boundaries to ensure that AI can safely and securely query databases in a controlled, read-only environment.

How to use Db Whisper?

Db Whisper is invoked via npx -y db-whisper-mcp and configured through environment variables such as DATABASE_URL, ALLOWED_TABLES, DB_SSL, and QUERY_TIMEOUT_MS. Integration with Claude Desktop or Cursor requires adding a JSON configuration block under mcpServers with the appropriate command, args, and env.

Key features of Db Whisper

  • Deep AST firewall with strict whitelist and default-deny policy.
  • Isolation from system metadata tables (e.g., information_schema, pg_catalog, sqlite_schema).
  • Complexity limits: AST nodes ≤150, nesting depth ≤8.
  • Driver-level read-only enforcement for SQLite and PostgreSQL.
  • Rate limiting: default 10 queries per minute via token bucket.
  • Zero‑information leakage on security blocks; audit masking for sensitive data.

Use cases of Db Whisper

  • Safely allow AI assistants to inspect production database schemas and data.
  • Enable read-only, rate‑limited database queries from MCP clients like Cursor.
  • Provide a hardened bridge between AI tools and databases without write risk.
  • Audit and limit AI‑generated SQL to prevent resource exhaustion or information leakage.

FAQ from Db Whisper

What security mechanisms does Db Whisper use?

It enforces a deep AST firewall with a whitelist of allowed SELECT node types, isolates system metadata, limits AST complexity, and uses driver-level read-only (SQLite PRAGMA query_only, PostgreSQL BEGIN READ ONLY).

Which databases are supported?

Db Whisper supports SQLite (in forced read‑only mode) and PostgreSQL (transactions are wrapped in BEGIN READ ONLY).

How do I restrict which tables the AI can access?

Set the ALLOWED_TABLES environment variable with a comma‑separated list of allowed table names. If unset, only blacklist mode is active (system tables are blocked).

What is the default query rate limit?

The default rate limit is 10 queries per minute per server instance, enforced by a token bucket mechanism.

Does Db Whisper support SSL?

Yes. By default rejectUnauthorized: true is enabled. You can additionally force SSL verification via the DB_SSL environment variable.

Comments

More Databases MCP servers