project-mcp-server

The server dynamically generates tools for API and database interaction. For APIs, it uses axios with an authentication context, which is standard. For databases, it employs a `SqlValidator` to restrict query types (e.g., read-only, update-only, delete-only) and block dangerous SQL keywords before execution. This is a good layer of defense. Crucially, the most dangerous database tool, `db_run_statement` (allowing arbitrary SQL), is explicitly disabled by default and requires an opt-in via environment variable or programmatic configuration, with clear warnings. However, relying on keyword blocking for SQL validation, while implemented with care (stripping comments/strings and tokenizing), is not 100% foolproof against highly sophisticated or novel SQL injection techniques by a sufficiently capable or adversarial LLM. Users must be cautious with the `enableRunDeleteStatement` and especially `enableRunStatement` permissions.