Releases: danielmeppiel/oracle-mcp-server
Releases · danielmeppiel/oracle-mcp-server
v0.1.5
v0.1.5 – Safe Query Execution & Read‑Only Hardening
This release introduces the first iteration of safe query execution plus substantial security hardening, formatting improvements, and CI/test infrastructure upgrades.
✨ New Features
- Query Execution (
run_sql_query): Execute parameterized, strictly validated read-only SQL (single SELECT / WITH) returning structured JSON results. You can also execute write operations (DDL/DML), see the security improvements section below. - Related Tables Discovery: Improved cross‑schema foreign key resolution (falls back to actual owner when initial schema context yields no relations).
🔐 Security & Safety Improvements
- Read‑Only Mode enforcement: Unified guard blocks non-SELECT statements early; write ops only possible when
READ_ONLY_MODE="0". - Robust SQL parsing using
sqlparsereplaces regex approach (prevents stacked statements, semicolon injection, and comment-based bypasses). wrap_untrustedimproved (XML escaping + clearer boundaries) to reduce prompt-injection risk.- Defensive token / permission validation adjustments.
🧪 Testing & CI
- Added GitHub Actions workflows: unit tests on every push/PR; integration tests gated after unit success.
- Expanded integration coverage: injection blocking, formatting, related table resolution.
🛠 Refactors & Internal Changes
- Centralized cursor management and explicit commit control—only commits on explicit DML/DDL when write mode enabled.
- Externalized and enhanced result formatter (auto column width, consistent padding).
- Unified query executability assertion method consolidating permission + type checks.
- Relocated
wrap_untrustedintodb_context.utilsfor reuse.
🐛 Fixes
- Accurate cross‑schema foreign key detection in
get_related_tablesusingr_ownerplus fallback lookup. - Improved error handling in
run_sql_queryand broader exception handling paths.
📦 Dependency & Metadata Updates
- Added
sqlparsedependency for safe parsing. - Version bumped to
0.1.5.
📊 Output & Usability Enhancements
- JSON query output now includes ordered
columns, structuredrows, androw_count.
⚠️ Notes / Potential Breaking Changes
- Stricter read-only checks may now reject ambiguous multi-statement inputs that previously (incorrectly) worked.
- Multi-statement or non-SELECT inputs are intentionally blocked; enable write mode only when necessary.
🔄 Upgrade Guidance
- Pull latest image or reinstall package.
- Ensure
READ_ONLY_MODEenv var reflects desired behavior (defaults to secure read-only). - Refresh MCP tools in your client to surface updated behavior.
🧩 Commit Summary (since v0.1.4)
Representative commits:
- fix: cross-schema foreign key detection
- feat: query result formatting & related table tests
- docs: improved MCP tool docstrings & usage clarity
- ci: add layered unit → integration workflow
- refactor: wrap_untrusted relocation & unified query assertions
- chore: dependency (
sqlparse) + defensive read-only enforcement - formatter & execution pipeline improvements
Full list: git log v0.1.4..v0.1.5 --oneline
🙏 Thanks
Thanks to contributors enhancing safety, reliability, and developer ergonomics ahead of broader adoption.
If legitimate read-only queries are rejected, open an issue with the sanitized SQL and mode settings.
v0.1.4
- New environment variable: ORACLE_CLIENT_LIB_DIR to optionally specify a non-default Oracle client libraries path when using THICK_MODE
- Chinese readme
- Bugfix: Thin mode now works
v0.1.3
- Renamed the project and Docker image to
oracle-mcp-server
v0.1.2
- Adds a database connection pool to improve performance
v0.1.1
- Adds thick mode support with THICK_MODE=True environment variable
- The Docker image supports thick mode on Oracle 19c onwards
v0.1.0
Version 0.1.0