Skip to main content
mcpSource-backed

Neon MCP Server for Claude

Official Neon MCP server that connects Claude and other MCP clients to Neon Postgres projects, branches, schemas, SQL queries, migrations, performance tuning, Neon Auth, Data API setup, and Neon documentation through a hosted Streamable HTTP endpoint.

by Neon · submitted by oktofeesh1·added 2026-06-04·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://neon.com/docs/ai/neon-mcp-server, https://github.com/neondatabase/mcp-server-neon
Safety notes
Neon documents the MCP server as intended for development and testing only, and warns users to review and authorize LLM-requested actions before execution., Full-access mode can create and delete projects, create and delete branches, reset branches from parents, run SQL, run SQL transactions, prepare and complete migrations, tune queries, provision Neon Auth, and provision the Neon Data API., Prefer OAuth read-only mode or `readonly=true` for exploration. In read-only mode, write tools are unavailable and SQL execution is constrained to read-only queries., Use `projectId` scoping and tool category filters when an agent should work inside one project or only use schema, querying, docs, or branch tools., API keys created by `neonctl init` or stored in MCP headers grant Neon account or organization access. Revoke unused keys, avoid committing bearer tokens, and do not expose API keys in prompts, logs, screenshots, or shared config files., Database rows, docs pages, migration output, SQL errors, and query plans are model-visible context. Treat returned data as untrusted input that may contain prompt injection, stale assumptions, secrets, or customer records., Migration and query-tuning workflows use temporary branches before applying changes, but the final complete actions can affect the original branch and should require explicit human review., The deprecated SSE endpoint exists for clients without Streamable HTTP support; prefer the documented `https://mcp.neon.tech/mcp` endpoint when the client supports it.
Privacy notes
Tool results can expose Neon organization IDs, project IDs, branch IDs, compute endpoints, database names, table names, schemas, SQL text, query results, query plans, slow query details, connection strings, documentation content, and Neon Console links., OAuth authorization can disclose the Neon account identity and grants the connected MCP client access according to the approved scopes and URL parameters., API-key setup stores bearer credentials in MCP client configuration or process arguments when configured that way; protect local config files, shell history, CI variables, and agent transcripts., Generated migrations, SQL errors, query tuning suggestions, logs, client debug output, and AI chat transcripts can retain database schema and sample data outside Neon., ChatGPT connectors, hosted IDEs, remote agents, MCP proxies, and other clients may have separate logging, retention, connector trust, and data-use policies from Neon., Connection string tools may return credentials or connection details for a Neon database. Avoid exposing those values to untrusted clients or shared conversations.
Author
Neon
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.

0/6 ready
Account & credentials4Configuration1Review & approval110 minutes

Safety & privacy surface

Safety & privacy surface

8 safety and 6 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

5 areas
  • SafetyPermissions & scopesNeon documents the MCP server as intended for development and testing only, and warns users to review and authorize LLM-requested actions before execution.
  • SafetyExecution & processesFull-access mode can create and delete projects, create and delete branches, reset branches from parents, run SQL, run SQL transactions, prepare and complete migrations, tune queries, provision Neon Auth, and provision the Neon Data API.
  • SafetyCredentials & tokensPrefer OAuth read-only mode or `readonly=true` for exploration. In read-only mode, write tools are unavailable and SQL execution is constrained to read-only queries.
  • SafetyGeneralUse `projectId` scoping and tool category filters when an agent should work inside one project or only use schema, querying, docs, or branch tools.
  • SafetyCredentials & tokensAPI keys created by `neonctl init` or stored in MCP headers grant Neon account or organization access. Revoke unused keys, avoid committing bearer tokens, and do not expose API keys in prompts, logs, screenshots, or shared config files.
  • SafetyCredentials & tokensDatabase rows, docs pages, migration output, SQL errors, and query plans are model-visible context. Treat returned data as untrusted input that may contain prompt injection, stale assumptions, secrets, or customer records.
  • SafetyGeneralMigration and query-tuning workflows use temporary branches before applying changes, but the final complete actions can affect the original branch and should require explicit human review.
  • SafetyNetwork accessThe deprecated SSE endpoint exists for clients without Streamable HTTP support; prefer the documented `https://mcp.neon.tech/mcp` endpoint when the client supports it.
  • PrivacyNetwork accessTool results can expose Neon organization IDs, project IDs, branch IDs, compute endpoints, database names, table names, schemas, SQL text, query results, query plans, slow query details, connection strings, documentation content, and Neon Console links.
  • PrivacyCredentials & tokensOAuth authorization can disclose the Neon account identity and grants the connected MCP client access according to the approved scopes and URL parameters.
  • PrivacyCredentials & tokensAPI-key setup stores bearer credentials in MCP client configuration or process arguments when configured that way; protect local config files, shell history, CI variables, and agent transcripts.
  • PrivacyExecution & processesGenerated migrations, SQL errors, query tuning suggestions, logs, client debug output, and AI chat transcripts can retain database schema and sample data outside Neon.
  • PrivacyNetwork accessChatGPT connectors, hosted IDEs, remote agents, MCP proxies, and other clients may have separate logging, retention, connector trust, and data-use policies from Neon.
  • PrivacyCredentials & tokensConnection string tools may return credentials or connection details for a Neon database. Avoid exposing those values to untrusted clients or shared conversations.

Safety notes

  • Neon documents the MCP server as intended for development and testing only, and warns users to review and authorize LLM-requested actions before execution.
  • Full-access mode can create and delete projects, create and delete branches, reset branches from parents, run SQL, run SQL transactions, prepare and complete migrations, tune queries, provision Neon Auth, and provision the Neon Data API.
  • Prefer OAuth read-only mode or `readonly=true` for exploration. In read-only mode, write tools are unavailable and SQL execution is constrained to read-only queries.
  • Use `projectId` scoping and tool category filters when an agent should work inside one project or only use schema, querying, docs, or branch tools.
  • API keys created by `neonctl init` or stored in MCP headers grant Neon account or organization access. Revoke unused keys, avoid committing bearer tokens, and do not expose API keys in prompts, logs, screenshots, or shared config files.
  • Database rows, docs pages, migration output, SQL errors, and query plans are model-visible context. Treat returned data as untrusted input that may contain prompt injection, stale assumptions, secrets, or customer records.
  • Migration and query-tuning workflows use temporary branches before applying changes, but the final complete actions can affect the original branch and should require explicit human review.
  • The deprecated SSE endpoint exists for clients without Streamable HTTP support; prefer the documented `https://mcp.neon.tech/mcp` endpoint when the client supports it.

Privacy notes

  • Tool results can expose Neon organization IDs, project IDs, branch IDs, compute endpoints, database names, table names, schemas, SQL text, query results, query plans, slow query details, connection strings, documentation content, and Neon Console links.
  • OAuth authorization can disclose the Neon account identity and grants the connected MCP client access according to the approved scopes and URL parameters.
  • API-key setup stores bearer credentials in MCP client configuration or process arguments when configured that way; protect local config files, shell history, CI variables, and agent transcripts.
  • Generated migrations, SQL errors, query tuning suggestions, logs, client debug output, and AI chat transcripts can retain database schema and sample data outside Neon.
  • ChatGPT connectors, hosted IDEs, remote agents, MCP proxies, and other clients may have separate logging, retention, connector trust, and data-use policies from Neon.
  • Connection string tools may return credentials or connection details for a Neon database. Avoid exposing those values to untrusted clients or shared conversations.

Prerequisites

  • Neon account with access to the projects, branches, databases, organizations, or shared projects Claude should inspect or manage.
  • MCP-capable client that supports remote Streamable HTTP MCP servers, OAuth, `mcp-remote`, or Neon-supported configuration through `add-mcp`.
  • Authentication plan using Neon OAuth for local clients, an API key for remote or headless agents, or `neonctl init` when intentionally creating a local API key and editor configuration.
  • Access-control plan for OAuth scopes, `readonly=true`, project scoping with `projectId`, tool categories, organization access, and API key ownership.
  • Database safety plan for SQL execution, schema inspection, migrations, branch resets, query tuning, Neon Auth setup, Data API provisioning, and destructive project or branch actions.
  • Client configuration review for Claude Code, Claude Desktop, Cursor, VS Code, ChatGPT connectors, Codex, Zed, Cline, Windsurf, Kiro, Goose, or other supported MCP clients.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "mcpServers": {
    "neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp?readonly=true"
    }
  }
}

About this resource

Content

The Neon MCP server connects Claude and other MCP-capable clients to Neon Postgres through Neon's hosted Streamable HTTP endpoint at https://mcp.neon.tech/mcp. It lets an assistant list projects, inspect branches and schemas, run SQL, compare database schemas, work with migrations, find slow queries, provision Neon Auth or the Neon Data API, and fetch Neon documentation without building a custom database integration.

The conservative default is to start with OAuth, read-only mode, and a single project scope. Neon supports broader write-capable workflows, but those should be reserved for development or testing environments with explicit human review.

Features

  • Hosted remote MCP endpoint at https://mcp.neon.tech/mcp.
  • Quick setup through npx neonctl@latest init or MCP-only setup through npx add-mcp https://mcp.neon.tech/mcp.
  • OAuth setup for local IDEs and API-key setup for remote or headless agents.
  • Read-only mode through OAuth scope selection or the readonly=true query parameter.
  • Project scoping through the projectId query parameter.
  • Tool category filtering for projects, branches, schema, querying, Neon Auth, Data API, and docs capabilities.
  • Project and organization discovery, shared project lookup, and detailed project and branch descriptions.
  • SQL execution, table listing, table schema inspection, connection string lookup, slow query analysis, and explain plans.
  • Branch-based migration and query-tuning flows that prepare changes on temporary branches before a separate completion step.
  • Neon documentation search and fetch tools backed by the Neon docs index.
  • Client setup coverage for Claude Code, Claude Desktop, Cursor, VS Code, ChatGPT connectors, Codex, Zed, Cline, Windsurf, Kiro, Goose, and other MCP clients supported by add-mcp.

Use Cases

  • Ask Claude to inspect a Neon project and summarize branches, databases, and tables before making schema changes.
  • Explore schemas in read-only mode before writing SQL or application code.
  • Run bounded read-only SQL to understand test data, development fixtures, or staging data.
  • Prepare a migration on a temporary Neon branch, test it, and require human approval before applying it to the original branch.
  • Compare schemas between branches before merging a migration.
  • Investigate slow queries and explain plans in a development database.
  • Fetch Neon docs into the conversation when building with Neon Auth, Data API, Postgres branching, or framework integrations.

Installation

MCP-only hosted setup

Use Neon's documented add-mcp flow to add the hosted MCP endpoint to detected clients in the current workspace:

npx add-mcp https://mcp.neon.tech/mcp

Restart or refresh the MCP client, then complete the Neon OAuth authorization flow when prompted.

Full Neon editor setup

Use neonctl init when you intentionally want Neon to configure supported editors, create an API key, and install Neon agent skills as part of the setup:

npx neonctl@latest init

Review generated API keys in the Neon Console afterward and revoke any key that is no longer needed.

Configuration

Read-only hosted configuration

{
  "mcpServers": {
    "neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp?readonly=true"
    }
  }
}

Read-only and project-scoped configuration

{
  "mcpServers": {
    "neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp?readonly=true&projectId=PROJECT_ID"
    }
  }
}

API-key configuration

Use API-key authentication only when OAuth is not available or a remote agent needs bearer-token authentication:

npx add-mcp https://mcp.neon.tech/mcp --header "Authorization: Bearer $NEON_API_KEY"

Examples

Inspect projects read-only

Using the Neon MCP server in read-only mode, list my projects and summarize the branches and databases without changing anything.

Inspect a schema

For project PROJECT_ID, describe the default branch schema and list the tables that look relevant to user accounts.

Run a bounded query

Run a read-only SQL query against project PROJECT_ID to count rows in the users table and return only aggregate results.

Prepare a migration safely

Prepare a migration on a temporary Neon branch that adds an indexed created_at column, then stop and show the diff before completing it.

Fetch Neon docs

Search Neon docs for branch-based migrations and summarize the official guidance before proposing database changes.

Source notes

  • The official Neon docs describe the Neon MCP Server as an open-source tool for managing Neon Postgres projects through natural language.
  • Neon documents the hosted endpoint as https://mcp.neon.tech/mcp and the fastest MCP-only setup as npx add-mcp https://mcp.neon.tech/mcp.
  • Neon documents npx neonctl@latest init as a broader setup flow that creates a Neon API key, configures supported clients, and installs Neon agent skills.
  • The docs describe supported clients including Claude Code, Claude Desktop, Cursor, VS Code with GitHub Copilot, ChatGPT connectors, Codex, Zed, Cline, Windsurf, Kiro, Goose, and other clients supported by add-mcp.
  • The README says the MCP server bridges natural language requests to the Neon API for project management, branch management, SQL queries, and database migrations.
  • The README and docs warn that the Neon MCP server grants powerful database management capabilities and is intended for local development, IDE integrations, development, and testing rather than production environments.
  • The README documents OAuth authentication, API-key authentication, read-only mode, readonly=true, project scoping with projectId, category filtering, and the deprecated SSE transport fallback.
  • The README lists read-only tools such as project listing, branch description, schema comparison, read-only SQL, table listing, table schema description, slow query listing, explain plans, docs search, and docs fetch.
  • The README lists write-access tools including project creation and deletion, branch creation and deletion, branch reset, Neon Auth provisioning, Data API provisioning, migration preparation and completion, and query-tuning preparation and completion.
  • The README describes the remote server as a Next.js App Router application running on Vercel at mcp.neon.tech.
  • The repository is neondatabase/mcp-server-neon, is MIT licensed, active, and maintained by Neon.

Duplicate check

Checked current content/mcp/, content/tools/, guides, skills, agents, hooks, open pull requests, live issue state, and repository-wide content for Neon MCP, neondatabase/mcp-server-neon, mcp-server-neon, mcp.neon.tech, neon.com/docs/ai/neon-mcp-server, neonctl init, Neon Postgres, branch-based migrations, and read-only Neon MCP. No dedicated Neon MCP entry, target file, exact source URL duplicate, issue duplicate, semantic duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used. Neon MCP Server is MIT-licensed open-source software maintained by Neon; Neon accounts, Neon compute and storage usage, Postgres databases, API keys, OAuth providers, MCP clients, hosted IDEs, ChatGPT connectors, remote agents, and downstream logs or artifact stores may have separate licenses, billing, terms, privacy obligations, and access controls.

Source citations

Add this badge to your README

Show that Neon MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/neon-mcp-server.svg)](https://heyclau.de/entry/mcp/neon-mcp-server)

How it compares

Neon MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field

Official Neon MCP server that connects Claude and other MCP clients to Neon Postgres projects, branches, schemas, SQL queries, migrations, performance tuning, Neon Auth, Data API setup, and Neon documentation through a hosted Streamable HTTP endpoint.

Open dossier

Token-efficient database MCP server for PostgreSQL, MySQL, MariaDB, SQL Server, and SQLite.

Open dossier

SQLAlchemy-backed MCP server for exploring relational databases, inspecting schemas and relationships, and executing SQL queries from Claude.

Open dossier

Open source MCP server and tool framework from Google for connecting AI agents, IDEs, and applications to databases through prebuilt or custom database tools.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
Submitteroktofeesh1oktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandDBHub logoDBHubMCP Toolbox for Databases logoMCP Toolbox for Databases
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorNeonBytebaseRune KaagaardGoogle
Added2026-06-042026-06-052026-06-062026-06-05
Platforms
Harness
Source repo
Safety notesNeon documents the MCP server as intended for development and testing only, and warns users to review and authorize LLM-requested actions before execution. Full-access mode can create and delete projects, create and delete branches, reset branches from parents, run SQL, run SQL transactions, prepare and complete migrations, tune queries, provision Neon Auth, and provision the Neon Data API. Prefer OAuth read-only mode or `readonly=true` for exploration. In read-only mode, write tools are unavailable and SQL execution is constrained to read-only queries. Use `projectId` scoping and tool category filters when an agent should work inside one project or only use schema, querying, docs, or branch tools. API keys created by `neonctl init` or stored in MCP headers grant Neon account or organization access. Revoke unused keys, avoid committing bearer tokens, and do not expose API keys in prompts, logs, screenshots, or shared config files. Database rows, docs pages, migration output, SQL errors, and query plans are model-visible context. Treat returned data as untrusted input that may contain prompt injection, stale assumptions, secrets, or customer records. Migration and query-tuning workflows use temporary branches before applying changes, but the final complete actions can affect the original branch and should require explicit human review. The deprecated SSE endpoint exists for clients without Streamable HTTP support; prefer the documented `https://mcp.neon.tech/mcp` endpoint when the client supports it.DBHub can execute SQL queries against configured databases. SQL execution can read, create, update, delete, or otherwise modify data depending on database permissions and requested queries. Configure read-only mode, row limits, query timeouts, least-privilege credentials, and human review before using DBHub with production or sensitive databases. Custom tools can wrap reusable parameterized SQL, so review their definitions before allowing agents to call them.MCP Alchemy exposes database table discovery, schema inspection, relationship mapping, and SQL execution. The execute_query tool can run arbitrary SQL text against the configured SQLAlchemy database. The source creates SQLAlchemy connections with AUTOCOMMIT, so successful write, DDL, or administrative statements can commit immediately. The server does not enforce read-only SQL; use database permissions, read-only users, and human review to constrain writes. Query results are truncated by EXECUTE_QUERY_MAX_CHARS unless Claude Local Files output is configured. When CLAUDE_LOCAL_FILES_PATH is set, full result sets can be written to local files for artifact access.Database tools can expose sensitive schemas and data, and some custom tools can modify data if configured that way. Prefer least-privilege accounts, read-only roles for exploration, query limits, and approved toolsets. Review every `tools.yaml` statement, parameter, source, and toolset before giving it to an agent. Avoid broad `execute_sql` access in production; expose structured, parameterized tools where possible. Query loops can create high database load, unexpected cloud costs, lock contention, or noisy audit logs.
Privacy notesTool results can expose Neon organization IDs, project IDs, branch IDs, compute endpoints, database names, table names, schemas, SQL text, query results, query plans, slow query details, connection strings, documentation content, and Neon Console links. OAuth authorization can disclose the Neon account identity and grants the connected MCP client access according to the approved scopes and URL parameters. API-key setup stores bearer credentials in MCP client configuration or process arguments when configured that way; protect local config files, shell history, CI variables, and agent transcripts. Generated migrations, SQL errors, query tuning suggestions, logs, client debug output, and AI chat transcripts can retain database schema and sample data outside Neon. ChatGPT connectors, hosted IDEs, remote agents, MCP proxies, and other clients may have separate logging, retention, connector trust, and data-use policies from Neon. Connection string tools may return credentials or connection details for a Neon database. Avoid exposing those values to untrusted clients or shared conversations.Database connection strings, hostnames, schemas, table names, column names, row data, query text, query results, traces, and errors may be visible to the MCP client and model provider. Databases can contain personal data, customer records, credentials, business metrics, audit logs, payment data, healthcare data, and proprietary operational state. Avoid exposing production databases or regulated data unless the database, MCP client, and model session are approved for that access.DB_URL can contain database hostnames, usernames, passwords, database names, driver names, and connection options. Schemas, table names, column names, foreign keys, SQL text, query results, errors, row counts, and generated local result files may be visible to the MCP client and model provider. SQLAlchemy-compatible databases can contain customer records, credentials, analytics, payment data, healthcare data, source-code metadata, or other regulated information. DB_URL, DB_ENGINE_OPTIONS, CLAUDE_LOCAL_FILES_PATH, result files, and database credentials should stay out of prompts, issues, logs, screenshots, and committed files.Schema names, table names, query text, query results, connection metadata, and business data may pass through the MCP server and AI client. Database passwords, IAM credentials, service account keys, and connection strings are secrets and should never be committed or pasted into prompts. Logs, traces, and metrics can include tool names, query metadata, error messages, and database identifiers.
Prerequisites
  • Neon account with access to the projects, branches, databases, organizations, or shared projects Claude should inspect or manage.
  • MCP-capable client that supports remote Streamable HTTP MCP servers, OAuth, `mcp-remote`, or Neon-supported configuration through `add-mcp`.
  • Authentication plan using Neon OAuth for local clients, an API key for remote or headless agents, or `neonctl init` when intentionally creating a local API key and editor configuration.
  • Access-control plan for OAuth scopes, `readonly=true`, project scoping with `projectId`, tool categories, organization access, and API key ownership.
  • Node.js and npx available to the MCP client runtime.
  • A PostgreSQL, MySQL, MariaDB, SQL Server, or SQLite database connection.
  • Database credentials with the minimum privileges needed for the workflow.
  • Read-only permissions or DBHub guardrails configured before connecting production data.
  • Python 3.10 and uvx available to the MCP client runtime.
  • SQLAlchemy-compatible database URL for an approved database.
  • Database driver selected with uvx `--with` when the target database requires one.
  • Least-privilege database user with only the schemas and operations Claude should access.
  • Node.js and npx for the npm server path, or another documented Toolbox runtime.
  • Database credentials scoped to the exact database, schema, and permissions needed.
  • Environment variables or secret storage for database connection settings.
  • A reviewed prebuilt database target or `tools.yaml` file before exposing tools to an agent.
Install
npx add-mcp https://mcp.neon.tech/mcp
npx @bytebase/dbhub@latest --transport stdio --dsn YOUR_DATABASE_DSN
uvx --from mcp-alchemy mcp-alchemy
claude mcp add toolbox-postgres -- npx -y @toolbox-sdk/server --prebuilt=postgres --stdio
Config
{
  "mcpServers": {
    "neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp?readonly=true&projectId=PROJECT_ID"
    }
  }
}
{
  "mcpServers": {
    "dbhub": {
      "command": "npx",
      "args": [
        "@bytebase/dbhub@latest",
        "--transport",
        "stdio",
        "--dsn",
        "YOUR_DATABASE_DSN"
      ]
    }
  }
}
{
  "mcpServers": {
    "mcp-alchemy": {
      "command": "uvx",
      "args": ["--from", "mcp-alchemy", "mcp-alchemy"],
      "env": {
        "DB_URL": "<sqlalchemy-database-url>",
        "EXECUTE_QUERY_MAX_CHARS": "4000"
      }
    }
  }
}
{
  "mcpServers": {
    "toolbox-postgres": {
      "command": "npx",
      "args": ["-y", "@toolbox-sdk/server", "--prebuilt=postgres", "--stdio"]
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.