README.md
MCP Agent POC
This project demonstrates a secure, production-ready implementation of the Model Context Protocol (MCP) as a connector layer between AI agents and PostgreSQL databases. The solution enables natural language queries without exposing database credentials to the LLM.
Key Achievement: LLM cannot access database directly - only through predefined MCP tools.
šļø Architecture Overview
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā USER QUERY ā
ā "Fetch employees in AI department" ā
āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā PLANNER AGENT (LLM) ā
ā ā Natural Language Understanding ā
ā ā NO database credentials ā
ā Output: {"tool": "get_employees_by_department", ā
ā "parameters": {"department": "AI"}} ā
āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā EXECUTOR AGENT ā
ā ā Validates tool request ā
ā ā Maps to allowed operations only ā
ā ā Cannot execute arbitrary SQL ā
āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā MCP TOOLS LAYER (Sandbox) ā
ā ā get_employees_by_department("AI") ā
ā ā get_projects_by_status("Completed") ā
ā ā get_issues_by_priority("High") ā
ā ā Cannot run arbitrary SQL ā
āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā DATABASE CONNECTION (Secure) ā
ā ā Credentials in environment variables ā
ā ā Only parameterized queries (SQL injection safe) ā
āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā RESULT TO USER ā
ā [Secure data retrieval via MCP] ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
š Security Features
| Feature | With MCP |
|---|---|
| DB Credentials | Secure in .env ā |
| SQL Access | Predefined tools only ā |
| Attack Surface | Limited operations only ā |
| Audit Trail | Full logging ā |
| Connection Pool | Yes ā |
Project Structure
app/agents/: The brain (Planner, Executor, Orchestrator)app/mcp/: The tool layer (Connector to DB)app/database/: Low-level DB connection poolapp/api/: FastAPI routes
Getting Started
1. Setup Env
Copy the example config:
cp .env.example .env
2. Run with Docker
The easiest way to stand it up (Postgres + API):
docker-compose up --build
The API listens on http://localhost:8000.
3. Test It
You can use the swagger UI at /docs or curl:
curl -X POST "http://localhost:8000/api/v1/query" \
-H "Content-Type: application/json" \
-d '{"query": "Find all projects that are in progress"}'
Local Dev (No Docker)
If you have Python 3.11+ and a local Postgres running:
pip install -r requirements.txt- Update
.envwith your DB credentials python -m app.main
Tools 3
get_employees_by_departmentRetrieves a list of employees belonging to a specific department.get_projects_by_statusRetrieves a list of projects filtered by their current status.get_issues_by_priorityRetrieves a list of issues filtered by their priority level.Environment Variables
DB_URLrequiredDatabase connection string for PostgreSQLTry it
āFetch all employees currently working in the AI department.
āList all projects that have been marked as Completed.
āShow me all issues that are currently set to High priority.