{"id":"swanhtetaungphyo-postgres-mcp-server","name":"postgres-mcp-server","homepage":null,"repo_url":"https://github.com/SwanHtetAungPhyo/postgres-mcp-server","category":"api-gateway","subcategories":[],"tags":["mcp","postgresql","golang","database","ai","sql","stdio","model-context-protocol"],"what_it_does":"Provides an MCP (Model Context Protocol) server that enables an AI assistant to interact with a PostgreSQL database using three tools: execute_query (SELECT/read), ddl_query (schema changes), and modify_query (INSERT/UPDATE/DELETE). The README claims queries are validated and restricted to block dangerous operations (e.g., DROP/administrative commands) before execution.","use_cases":["Allowing AI assistants to run safe read-only analytics queries (SELECT) against PostgreSQL","Enabling controlled schema changes via an AI workflow (CREATE/ALTER/etc.)","Performing controlled data modifications (INSERT/UPDATE/DELETE) with validation"],"not_for":["Public-facing usage where untrusted users can directly trigger SQL execution via the MCP tool","Use cases requiring strict auditing/traceability of every SQL statement beyond basic validation claims","Environments that require API-level authentication/authorization for the MCP server itself (no such mechanism is documented here)"],"best_when":"You run the MCP server in a trusted environment (e.g., local/dev or tightly controlled backend) and use database credentials with least privilege to limit what the assistant can do.","avoid_when":"When you cannot enforce network/trust boundaries or cannot ensure the database user has least-privilege permissions, since the assistant may still be able to execute allowed statements that impact data.","alternatives":["A dedicated read-only service/proxy in front of PostgreSQL (REST/GraphQL) that exposes specific query endpoints","LangChain/LlamaIndex database tool wrappers with explicit query allowlists and parameter binding","PostgREST or Hasura (GraphQL) for controlled access to database operations","Use PostgreSQL views and a read-only role for analytics rather than general SQL execution"],"af_score":38.0,"security_score":44.5,"reliability_score":16.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:21:02.628665+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication/authorization mechanism for the MCP transport is described. Connection security is handled via PostgreSQL credentials; therefore security depends heavily on where/how the MCP server is exposed and the permissions of the database user."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open source (MIT) per repository metadata; pricing not applicable."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":38.0,"security_score":44.5,"reliability_score":16.2,"mcp_server_quality":55.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":30.0,"rate_limit_clarity":0.0,"tls_enforcement":70.0,"auth_strength":25.0,"scope_granularity":35.0,"dependency_hygiene":35.0,"secret_handling":60.0,"security_notes":"README claims query validation and blocking of dangerous operations (e.g., DROP/TRUNCATE/GRANT) and mentions SSL support for PostgreSQL. However, there is no documented MCP-level authentication/authorization, no documented per-tool/per-scope access control beyond the conceptual separation of tools, and no explicit statement about audit logging, SQL parameterization approach in the MCP layer (beyond a claim that GORM helps against SQL injection). Security therefore relies strongly on running the MCP server behind trusted boundaries and using a least-privilege database role.","uptime_documented":0.0,"version_stability":20.0,"breaking_changes_history":20.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["The server does not automatically LIMIT results; agents should include LIMIT to avoid huge result sets and timeouts.","Tool routing matters: SELECT queries go to execute_query; schema changes go to ddl_query; data modifications go to modify_query.","Validation/rules are described at a high level in README; exact allow/deny behavior may differ, so agents may need to iteratively adapt to rejected queries."]}}