Azure SQL + AI agents. 34 tools. One command.
Enterprise MCP server for Azure SQL & SQL Server.
Azure AD auth • Tiered safety gates • Zero dependencies • Written in Go.
CLI agents — one command, done:
# Claude Code (Anthropic)
claude mcp add --transport stdio --scope user azure-sql -- npx -y mcp-azure-sql
# Codex CLI (OpenAI)
codex mcp add azure-sql -- npx -y mcp-azure-sql
# Gemini CLI (Google)
gemini mcp add -s user azure-sql npx -y mcp-azure-sqlIDE agents — add this JSON block to your agent's config file:
{
"azure-sql": {
"command": "npx",
"args": ["-y", "mcp-azure-sql"],
"env": {
"AZURE_SQL_CONFIG_FILE": "~/.config/azure-sql-mcp/connections.json"
}
}
}Where does this go? (click to expand)
| Agent | File | Key |
|---|---|---|
 |
VS Code settings.json |
"mcp" > "servers" |
 |
~/.cursor/mcp.json |
"mcpServers" |
 |
~/.codeium/windsurf/mcp_config.json |
"mcpServers" |
 |
Cline Settings UI or cline_mcp_settings.json |
"mcpServers" |
 |
~/.continue/config.yaml |
mcpServers: (YAML) |
 |
claude_desktop_config.json |
"mcpServers" |
Create ~/.config/azure-sql-mcp/connections.json:
{
"defaults": { "auth": "azuread" },
"connections": [
{
"name": "dev",
"server": "myserver.database.windows.net",
"database": "myapp-dev",
"environment": "dev"
},
{
"name": "prod",
"server": "myserver.database.windows.net",
"database": "myapp-prod",
"environment": "prod",
"prod": true
}
]
}See
example-config.jsonfor SQL auth, connection strings, and all options.
az loginRestart your AI agent. You now have 34 database tools.
| Query & Execute | query • execute |
| Schema | list_tables • describe_table • describe_indexes • describe_foreign_keys • search_columns • table_row_counts • search_objects • describe_triggers |
| Views / Procs / Functions | list_views • describe_view • list_stored_procs • describe_sproc • list_functions • describe_function |
| Performance | explain_query • active_queries • long_running_queries • top_queries_by_cpu • wait_stats • blocking_chains • index_usage_stats • missing_indexes • table_statistics_health • database_size |
| Connections | list_connections • test_connection • connection_info • add_connection |
| Compliance | compare_tables • ef6_migration_status • permission_audit • hangfire_dashboard |
Your AI agent cannot accidentally destroy production.
query |
execute on dev |
execute on prod |
|
|---|---|---|---|
| SELECT | ✓ | — | — |
| INSERT / UPDATE / DELETE | ✗ | confirm=true |
confirm=true |
| DROP / TRUNCATE / ALTER | ✗ | confirm=true |
Blocked |
| EXEC / {call} | ✗ | confirm=true |
confirm=true |
Production = any connection with "prod": true or "environment": "prod".
| Mode | When to use |
|---|---|
azuread (default) |
Azure SQL via az login, managed identity, or service principal |
sql |
Legacy SQL Server — add "user" and "password" to connection |
connstr |
Custom — add "connection_string" with full connection string |
| Go | TypeScript / Python | |
|---|---|---|
| Startup | ~5ms | 500ms+ |
| Binary | Single 16MB file | Runtime + packages |
| Memory | ~15MB | 80MB+ |
| Install | Download → run | npm install + Node.js |
| Azure AD | Native driver | @azure/identity shim |
| Concurrency | Goroutines | Event loop / GIL |
Configuration reference
{
"defaults": { "auth": "azuread", "app_name": "my-app" },
"connections": [{
"name": "unique-name",
"server": "server.database.windows.net",
"database": "dbname",
"auth": "azuread",
"environment": "dev",
"description": "Human-readable note",
"prod": false
}]
}Environment tags: dev sqa qa beta delta test preprod prod
# Legacy (no config file needed)
export AZURE_SQL_CONNECTIONS="dev=server.database.windows.net/mydb;qa=qaserver.database.windows.net/qadb"
# Override production list
export AZURE_SQL_PROD_CONNECTIONS="my-prod-db,my-staging-db"Architecture
AI Agent ──stdio/JSON-RPC──> mcp-azure-sql ──Azure AD──> Azure SQL
│
├── 34 tools with MCP annotations
├── Tiered safety (read/write/dangerous)
├── Connection pool (30s ping skip)
├── Audit logging
└── Error sanitization
Built with mcp-go + go-mssqldb. MCP protocol 2024-11-05. Tool annotations (ReadOnlyHint, DestructiveHint, IdempotentHint, OpenWorldHint) on all 34 tools. Logging capability enabled.
Development & releases
go build -o mcp-azure-sql .
go vet ./...
./mcp-azure-sql --versionRelease: git tag v1.3.0 && git push origin v1.3.0 → GitHub Actions builds 6 platform binaries via GoReleaser → npm auto-publishes.