This MCP server provides a secure text-to-SQL interface for querying a MySQL database. Built on the FastMCP framework, it exposes a set of API tools that allow you to check service health, inspect user permissions, list and inspect database tables, and execute safe SQL queries. Authentication is handled via RSA-based JWT Bearer tokens, and each tool enforces granular permissions to protect sensitive data. Available tools include: health_check (service and database status), get_user_permissions (current user permissions), get_database_tables (list all tables), get_table_structure (structure, row count, and sample data for a table), execute_sql_query (safely run SQL with automatic LIMIT enforcement), generate_sql_from_question (natural language to SQL generator), and analyze_query_result (inspect results). To use these tools, obtain a valid Bearer token, include it in the Authorization header, and supply required parameters (for example, table_name for table structure or sql_query for execute_sql_query).

Prerequisites:

• Python 3.10+ installed on the host
• MySQL server reachable from the host
• Network access to bind MCP (default 127.0.0.1:8000 can be changed in .env)

1. Clone or download the repository containing the MCP server.
2. Create and activate a Python virtual environment (optional but recommended): python -m venv venv source venv/bin/activate # on Unix/macOS venv\Scripts\activate.bat # on Windows
3. Install dependencies from requirements.txt: pip install -r requirements.txt
4. Copy the example environment file and customize connection details: cp .env.example .env

   Edit .env to set DB_HOST, DB_PORT, DB_USER, DB_PASSWORD, DB_NAME, MCP_HOST, MCP_PORT as needed

5. Initialize the MySQL database if needed using dataset.sql (optional example data): mysql -u your_username -p your_database < dataset.sql
6. Start the MCP server: python mcp_server.py
7. Verify the server is running by visiting the configured address, e.g. http://127.0.0.1:8000, and using the provided tools.

Tips and considerations:

• Ensure the database user has the minimum required privileges for read operations and any specific queries you plan to run.
• Use the environment variables in .env to customize host/port and security settings; consider enabling HTTPS and firewall rules for production.
• Tokens should be rotated regularly; keep a robust key management process for RSA keys used to sign JWTs.
• The server automatically applies LIMIT to SQL queries to prevent large data dumps; construct queries accordingly and request specific columns when possible.
• If you encounter connection failures, verify network reachability between the MCP server and MySQL and confirm that DB_HOST/DB_PORT are correct.
• Review and adjust permissions in your application to enforce data access controls at the tool level (data:read_tables, data:read_table_data, etc.).