Overview
What is PostgreSQL Model Context Protocol (PG-MCP) Server?
It is an MCP server for PostgreSQL databases that provides a comprehensive API for AI agents to discover, connect to, query, and understand PostgreSQL databases through MCP's resource-oriented architecture. It is built for AI agents and developers who need to integrate natural language interfaces with PostgreSQL.
How to use PostgreSQL Model Context Protocol (PG-MCP) Server?
Install via Docker or manual setup with Python 3.13+. Run python -m server.app after installing dependencies with uv sync --frozen. Clients connect to the SSE endpoint (default http://localhost:8000/sse) and invoke tools like connect, pg_query, and pg_explain using a secure connection ID.
Key features of PostgreSQL Model Context Protocol (PG-MCP) Server
- Multi-database support with simultaneous connections.
- Rich catalog information from table/column descriptions.
- Query execution plan analysis via
pg_explaintool. - Built-in extension context for PostGIS and pgvector.
- Read-only mode enforced via transaction settings.
- Connection pooling and secure opaque connection IDs.
Use cases of PostgreSQL Model Context Protocol (PG-MCP) Server
- AI agents exploring database schema and sample data.
- Natural language to SQL conversion using Claude CLI.
- Automated database introspection for documentation or analysis.
- Query performance analysis with execution plan tool.
FAQ from PostgreSQL Model Context Protocol (PG-MCP) Server
What are the runtime requirements?
Python 3.13+ and a PostgreSQL database. The server can be run via Docker or manually.
How do I connect a database?
Use the connect tool with a PostgreSQL connection string to obtain an opaque connection ID for subsequent queries.
Is the server read-only?
Yes, the server runs in read-only mode enforced via transaction settings.
What PostgreSQL extensions are supported?
Built-in context for PostGIS and pgvector is provided, and additional extensions can be added via YAML files.
How is security handled?
Connection details are never exposed in resource URLs; only opaque connection IDs are used. Credentials are sent only once during the initial connection.


