Build an MCP Server for a Real Data Source

Overview

The Model Context Protocol (MCP) is an open standard for connecting AI assistants to external data sources and tools. Instead of every AI app implementing custom integrations, MCP provides a universal interface: servers expose tools and resources, clients (like Claude Desktop or Cursor) consume them. In this tutorial, you'll build a production-quality MCP server that connects an AI assistant to a PostgreSQL database.

What you'll build:

An MCP server with tool definitions for querying, inserting, and analyzing data
Resource endpoints that expose database schema and table previews
Input validation and SQL injection prevention
Rate limiting and query complexity controls
A configuration system for connecting to any PostgreSQL database

Prerequisites: TypeScript, Node.js 20+, PostgreSQL, basic understanding of SQL and client-server architecture.

Step 1: Project Setup

Initialize the project with the MCP SDK:

Configure TypeScript:

Create the entry point structure:

Step 2: Database Connection

Create a connection pool with proper error handling:

Step 3: Query Validation

Before executing any SQL from an AI, validate it rigorously. The AI should only run SELECT queries through the query tool — never DROP, DELETE, or ALTER:

Step 4: Define the Query Tool

MCP tools are functions the AI can call. The query tool lets the AI run read-only SQL:

Step 5: Schema Resource

Resources in MCP are read-only data the AI can access for context. Expose the database schema so the AI knows what tables and columns exist:

Step 6: Table Preview Resource

Let the AI peek at sample data from any table:

Step 7: Analyze Tool

A higher-level tool that runs common analytical queries:

Step 8: Server Assembly

Wire everything together using the MCP SDK:

Step 9: Rate Limiting

Prevent abuse by tracking query frequency:

Step 10: Configuration and Deployment

Create a Claude Desktop configuration file so users can connect:

Build and test:

For production deployment, add these safety measures:

Read-only database user — create a PostgreSQL role with only SELECT permissions
Connection pooling — use PgBouncer for connection management at scale
Query timeout — already set at 10 seconds in the pool config
Row limits — enforced in the validation layer
Audit logging — log every query with timestamp and requester

Your MCP server now provides AI assistants with safe, structured access to PostgreSQL. The query validation prevents destructive operations, rate limiting prevents abuse, and the resource system gives the AI context about your schema without requiring explicit queries. This same pattern extends to any data source — swap PostgreSQL for MongoDB, Redis, an API, or a file system.

Overview

What you'll build:

An MCP server with tool definitions for querying, inserting, and analyzing data

Resource endpoints that expose database schema and table previews

Input validation and SQL injection prevention

Rate limiting and query complexity controls

A configuration system for connecting to any PostgreSQL database

Prerequisites: TypeScript, Node.js 20+, PostgreSQL, basic understanding of SQL and client-server architecture.

Step 10: Configuration and Deployment

Create a Claude Desktop configuration file so users can connect:

Build and test:

For production deployment, add these safety measures:

Read-only database user — create a PostgreSQL role with only SELECT permissions

Connection pooling — use PgBouncer for connection management at scale

Query timeout — already set at 10 seconds in the pool config

Row limits — enforced in the validation layer

Audit logging — log every query with timestamp and requester

// src/tools/analyze.ts import { query } from "../db"; export const analyzeTool = { name: "analyze_table", description: `Get statistical analysis of a table: row count, column statistics (min, max, avg, null count, distinct count). Useful for understanding data distribution before writing queries.`, inputSchema: { type: "object" as const, properties: { table: { type: "string", description: "The table name to analyze", }, columns: { type: "array", items: { type: "string" }, description: "Specific columns to analyze. If empty, analyzes all columns.", default: [], }, }, required: ["table"], }, async execute(args: { table: string; columns?: string[] }): Promise<{ content: Array<{ type: "text"; text: string }>; isError?: boolean; }> { if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(args.table)) { return { content: [{ type: "text", text: "Invalid table name" }], isError: true, }; } try { const countResult = await query(`SELECT COUNT(*) as total FROM "${args.table}"`); const total = countResult.rows[0].total; // Get column info const colResult = await query( `SELECT column_name, data_type FROM information_schema.columns WHERE table_name = $1 AND table_schema = 'public'`, [args.table] ); const stats: Record<string, unknown> = { rowCount: total, columns: {} }; for (const col of colResult.rows) { if (args.columns?.length && !args.columns.includes(col.column_name)) { continue; } const colName = col.column_name; const isNumeric = ["integer", "bigint", "numeric", "real", "double precision"].includes( col.data_type ); const nullCount = await query( `SELECT COUNT(*) as c FROM "${args.table}" WHERE "${colName}" IS NULL` ); const distinctCount = await query( `SELECT COUNT(DISTINCT "${colName}") as c FROM "${args.table}"` ); const colStats: Record<string, unknown> = { type: col.data_type, nullCount: nullCount.rows[0].c, distinctCount: distinctCount.rows[0].c, }; if (isNumeric) { const numStats = await query( `SELECT MIN("${colName}") as min, MAX("${colName}") as max, AVG("${colName}")::numeric(10,2) as avg FROM "${args.table}"` ); colStats.min = numStats.rows[0].min; colStats.max = numStats.rows[0].max; colStats.avg = numStats.rows[0].avg; } (stats.columns as Record<string, unknown>)[colName] = colStats; } return { content: [{ type: "text", text: JSON.stringify(stats, null, 2) }], }; } catch (error) { return { content: [{ type: "text", text: `Analysis failed: ${(error as Error).message}` }], isError: true, }; } }, };

// src/index.ts import { Server } from "@modelcontextprotocol/sdk/server/index.js"; import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, } from "@modelcontextprotocol/sdk/types.js"; import { queryTool } from "./tools/query.js"; import { analyzeTool } from "./tools/analyze.js"; import { schemaResource } from "./resources/schema.js"; import { query, shutdown } from "./db.js"; const server = new Server( { name: "postgres-mcp", version: "1.0.0" }, { capabilities: { tools: {}, resources: {} } } ); // List available tools server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: [ { name: queryTool.name, description: queryTool.description, inputSchema: queryTool.inputSchema, }, { name: analyzeTool.name, description: analyzeTool.description, inputSchema: analyzeTool.inputSchema, }, ], })); // Execute tools server.setRequestHandler(CallToolRequestSchema, async (request) => { const { name, arguments: args } = request.params; switch (name) { case "query_database": return queryTool.execute(args as { sql: string; params?: string[] }); case "analyze_table": return analyzeTool.execute(args as { table: string; columns?: string[] }); default: return { content: [{ type: "text", text: `Unknown tool: ${name}` }], isError: true, }; } }); // List resources server.setRequestHandler(ListResourcesRequestSchema, async () => { const tables = await query( `SELECT table_name FROM information_schema.tables WHERE table_schema = 'public' AND table_type = 'BASE TABLE'` ); return { resources: [ { uri: schemaResource.uri, name: schemaResource.name, description: schemaResource.description, mimeType: schemaResource.mimeType, }, ...tables.rows.map((t) => ({ uri: `postgres://preview/${t.table_name}`, name: `Preview: ${t.table_name}`, description: `Sample data from ${t.table_name}`, mimeType: "application/json", })), ], }; }); // Read resources server.setRequestHandler(ReadResourceRequestSchema, async (request) => { const { uri } = request.params; if (uri === "postgres://schema") { return schemaResource.read(); } const match = uri.match(/^postgres:\/\/preview\/(\w+)$/); if (match) { const tableName = match[1]; const result = await query(`SELECT * FROM "${tableName}" LIMIT 5`); return { contents: [ { uri, mimeType: "application/json", text: JSON.stringify(result.rows, null, 2), }, ], }; } throw new Error(`Unknown resource: ${uri}`); }); // Start server async function main(): Promise<void> { const transport = new StdioServerTransport(); await server.connect(transport); console.error("MCP PostgreSQL server running on stdio"); process.on("SIGINT", async () => { await shutdown(); process.exit(0); }); } main().catch((error) => { console.error("Server failed to start:", error); process.exit(1); });