MCP Toolbox for Databases — AI Agent Database Server

Introduction

MCP Toolbox for Databases is a Google-built open-source server that implements the Model Context Protocol (MCP) to give AI agents structured, safe access to relational and analytical databases. It acts as a middleware layer between LLMs and your data.

What MCP Toolbox Does

• Exposes database queries as MCP tools that AI agents can call directly
• Supports PostgreSQL, MySQL, SQL Server, Spanner, BigQuery, Firestore, and more
• Enforces parameterized queries to prevent SQL injection from agent-generated inputs
• Provides connection pooling, authentication, and authorization out of the box
• Integrates with Google Cloud IAM and supports workload identity federation

Architecture Overview

The toolbox is a Go binary that reads a YAML configuration defining available database tools (queries, templates, and schemas). It starts an MCP-compatible server that AI agents connect to over stdio or HTTP. Each tool definition specifies the SQL template, parameters, and access controls. The server manages connection pools for each configured data source.

Self-Hosting & Configuration

• Install as a single Go binary or use the provided Docker image
• Define database connections and tool schemas in a YAML configuration file
• Support for environment variables and secret managers for credential injection
• Deploy alongside your AI agent or as a shared service in your infrastructure
• Configure per-tool authorization rules to limit what agents can access

Key Features

• Protocol-native MCP implementation for broad AI agent compatibility
• Parameterized query templates prevent SQL injection by design
• Multi-database support from a single server instance
• Built-in connection pooling and health checking
• Extensible tool definitions with input validation and output formatting

Comparison with Similar Tools

• LangChain SQL Agent — Framework-level SQL integration, but less governance and no MCP protocol
• Vanna — AI text-to-SQL tool focused on training custom models, different scope
• Hasura — GraphQL API layer for databases, not designed for AI agent protocols
• PostgREST — Auto-generates REST APIs from Postgres, but no MCP or agent-aware features
• DB-GPT — AI-native database platform with its own UI, heavier footprint

FAQ

Q: Which AI agents work with MCP Toolbox? A: Any agent that supports the Model Context Protocol, including Claude, Gemini, and custom agents built with LangChain, CrewAI, or the Anthropic Agent SDK.

Q: Is a Google Cloud account required? A: No. The toolbox works with any supported database, whether self-hosted or on any cloud provider. Google Cloud features like IAM integration are optional.

Q: Can I restrict which tables or queries an agent can access? A: Yes. Tools are defined with explicit SQL templates and parameter schemas, so agents can only execute the queries you configure.

Q: What is the license? A: Apache 2.0.

Sources

• https://github.com/googleapis/mcp-toolbox
• https://googleapis.github.io/mcp-toolbox/