mcp-sql gives AI agents safe, human-controlled database access
A new open-source MCP server called `mcp-sql` lets LLM agents query databases freely while requiring human approval for any data-modifying operations, with DML previews via transaction rollback.
Score breakdown
The tool directly addresses the risk of LLM agents making unreviewed, destructive changes to production databases by inserting a human-approval gate and a safe preview mechanism before any DML is committed.
- 01mcp-sql is an MCP server for giving LLM agents safe, controlled access to databases
- 02Part of the broader Polymr platform (polymr-platform.github.io)
- 03Agents can run SELECT queries freely; data-modifying (DML) operations require human approval
`mcp-sql` is an open-source MCP server posted by its-a-new-world on Hacker News, designed to give LLM agents safe access to databases as part of the Polymr platform. The core design philosophy separates read access from write access: agents are permitted to run SELECT queries freely to establish context, while any data-modifying operations require explicit human oversight.
DML Previews execute a transaction and immediately roll it back, letting the user see exactly what a proposed change would do before approving it.
The server ships with three headline features. DML Previews execute a transaction and immediately roll it back, letting the user see exactly what a proposed change would do before approving it. Dynamic Permission Prompts introspect the SQL being executed to determine what permissions are required, and if the agent attempts a query it doesn't have auto-approval for, the server prompts the user — keeping the human in control of the agent's autonomy level. Environment Routing allows policies to dynamically switch the database connection a query runs against, making it straightforward to route between environments such as staging and production.
Key facts
- 01mcp-sql is an MCP server for giving LLM agents safe, controlled access to databases
- 02Part of the broader Polymr platform (polymr-platform.github.io)
- 03Agents can run SELECT queries freely; data-modifying (DML) operations require human approval
- 04DML Previews execute a transaction and immediately roll it back to show the effect without committing
- 05Dynamic Permission Prompts introspect SQL to determine required permissions and prompt the user if auto-approval is absent
- 06Environment Routing uses policies to dynamically switch the database connection a query runs on
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 18, 2026 · 10:40 UTC. How this works →