{"id":"dbbaskette-gp-mcp-server","name":"gp-mcp-server","homepage":null,"repo_url":"https://github.com/dbbaskette/gp-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","postgresql","greenplum","spring-boot","database-proxy","api-key-auth","sql-policy","streaming","observability"],"what_it_does":"Provides a Spring Boot Model Context Protocol (MCP) server (streamable HTTP transport) exposing Greenplum/PostgreSQL database tools (schema discovery and query execution) with API-key authentication, policy enforcement (query validation, row/byte limits, allow-lists, redaction), and observability features (health, metrics, tracing).","use_cases":["Letting AI agents safely inspect database schemas and run constrained read-only queries against Greenplum/PostgreSQL","Building an MCP tool interface for data analysis workflows with enforced governance (allowed schemas/tables, result-size limits, redaction)","Providing streaming query results and server-side cursors for large read workloads","Centralizing query validation and safe execution controls for multi-tenant agent access via per-key credentials/pooling"],"not_for":["Executing non-SELECT or write operations (not presented as supported)","Highly interactive admin usage without proper access controls (admin endpoints and API key generation are referenced)","Publicly exposing database access without TLS and strong API-key management","Workloads requiring complex transactional semantics or long-running stateful DB sessions beyond stated timeouts"],"best_when":"You need an MCP-compatible database tool layer where agents must be constrained by SQL validation and governance controls, with API-key-based tenancy.","avoid_when":"You cannot ensure TLS termination, secure secret management (encryption key and credentials), or you need strong guarantees about dependency/security posture without reviewing the actual implementation code.","alternatives":["Use an MCP server built on an officially supported database access proxy/gateway (if available)","Direct database access with an agent-side query validator and strict least-privilege DB roles (harder to enforce consistently)","Use a data query service (read-only SQL gateway) that offers OpenAPI/REST plus policy enforcement and streaming responses"],"af_score":56.8,"security_score":65.5,"reliability_score":28.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T20:01:49.531064+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["X-API-Key header","Authorization: Bearer"],"oauth":false,"scopes":false,"notes":"Tool execution requires authentication (isAuthenticated()). API key format described as gpmcp_live_{id}.{secret}; execution depends on Spring Security principal set by ApiKeyAuthenticationFilter and method-level @PreAuthorize."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided; appears to be a self-hosted open-source server."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":56.8,"security_score":65.5,"reliability_score":28.8,"mcp_server_quality":80.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":75.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":80.0,"scope_granularity":60.0,"dependency_hygiene":30.0,"secret_handling":75.0,"security_notes":"Positive signals: API-key authentication with encryption-key-based credential encryption (AES-256-GCM), method-level authorization (@PreAuthorize isAuthenticated()), and policy enforcement (SQL validation, schema/table allow-lists, row/byte limits, redaction, statement timeout). Unclear/unspecified: TLS requirement details (no explicit statement that HTTP is always HTTPS), rate limiting controls, dependency/Vulnerability management, and how errors are sanitized (to avoid leaking SQL/metadata). Also, admin endpoints and API key generation are mentioned; operational security depends on deployment hardening and strict access control.","uptime_documented":20.0,"version_stability":25.0,"breaking_changes_history":20.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":"Not described. Some operations (e.g., query runs/cursor operations) may not be idempotent; cancel behavior exists but idempotency is not stated.","pagination_style":"tool-based (pagination mentioned for listSchemas/listTables; cursor-based pagination for query results)","retry_guidance_documented":false,"known_agent_gotchas":["Tool discovery (/mcp tools/list) is described as public while execution requires authentication; agents must provide valid API keys for tool calls.","Result-size controls (max-rows/max-bytes) may cause truncated/limited outputs; agents should adapt queries accordingly.","Cursor-based tools require correct session/cursor handling (open/fetch/close); agents may leak resources if closeCursor is not called.","Streaming/operation cancellation depends on operation IDs; agents may need to capture and use them for cancel."]}}