Multi-DB Support and Schema-Specific Permissions

[saarthak-gupta-architect]

Summary

This PR adds two major features to the MCP-Server-MySQL:

1. Multi-Database Mode - Allows connecting to multiple databases when no specific database name is provided
2. Schema-Specific Permissions - Enables fine-grained control over database operations on a per-schema basis

These changes address the limitation where the server could only connect to a single database at a time, which was hindering progress on several projects.

Changes

New Features

• Multi-DB Mode

  • When MYSQL_DB is empty, the server can connect to all databases the MySQL user has access to
  • Enhanced resource listing to show tables from all available databases
  • Improved query parsing to extract schema context
  • Default read-only safety for multi-DB mode

• Schema-Specific Permissions

  • Added environment variables for schema-specific permissions:
    • SCHEMA_INSERT_PERMISSIONS
    • SCHEMA_UPDATE_PERMISSIONS
    • SCHEMA_DELETE_PERMISSIONS
    • SCHEMA_DDL_PERMISSIONS
  • Fine-grained permission control using format: database1:true,database2:false
  • Schema context detection for better error messages

• DDL Operations Support

  • Added support for Data Definition Language operations (CREATE, ALTER, DROP, TRUNCATE)
  • New ALLOW_DDL_OPERATION global permission flag
  • Schema-specific DDL permissions

Implementation Details

• Modified index.ts to support multi-DB connections and schema-specific permissions
• Enhanced SQL query parser to extract schema context from queries
• Updated response messages to include schema context
• Added comprehensive test coverage for new features
• Created detailed documentation

Documentation

• Updated main README.md with information about new features
• Added detailed README-MULTI-DB.md with comprehensive documentation
• Updated environment variables documentation
• Added example configurations

Testing

Added new test cases:

• Integration tests for schema-specific permissions
• Integration tests for multi-DB mode functionality
• Both positive and negative test cases to verify permission enforcement

Security Considerations

• Multi-DB mode defaults to read-only for safety
• Write operations in multi-DB mode require explicit schema permissions
• Added documentation with security best practices
• Schema extraction fallback maintains safety

Backwards Compatibility

This change is fully backwards compatible. Existing configurations will continue to work as before, with the new features being opt-in.

[saarthak-gupta-architect]

@benborla hope you're doing well. Please review this PR and merge if it woks for you. I have been using your MCP connector to run queries using Claude Desktop for all the schemas, but the latest changes seem to be focussed on security and having 1 DB access at a time. I have just tried to extend this functionality to cover the DB in large while also trying to maintain the security aspect.

[benborla]

Hi @saarthak-gupta-architect I will review this now. Thank you

[benborla]

Done. Releasing this as v2 of the tool, as this is like an entire new configuration. :-)

[saarthak-gupta-architect]

Thank you for the quick turnaround! Appreciate it.