v3.0.7 - KCache and Anomaly Detection Patch

Postgres-MCP v3.0.7

Highlights

• Patched pg_kcache_database_stats Zod schema description to explicitly state behavior when omitting the database parameter.

Fixed

• kcache: Updated pg_kcache_database_stats Zod schema description to clarify that omitting the database parameter queries all databases.
• kcache: Added robust numeric coercion for internal calculation limits to prevent unhandled TypeErrors when parameters specify string numbers.
• core: Hardened Validation logic to explicitly coerce and clamp cache TTL values.

Documentation

• docs: Corrected kcache tool group count to accurately reflect 7 tools across all validation endpoints and README files.
• docs: Refreshed server instructions payload generation to align markdown table column-counts with current standards.

---

Full Changelog: v3.0.6...v3.0.7

Installation

npx @neverinfamous/postgres-mcp@latest
# or
docker pull writenotenow/postgres-mcp:v3.0.7

v3.0.6 - KCache and Anomaly Detection Patch

v3.0.6 - KCache and Anomaly Detection Patch

Highlights

• KCache Optimization: Ensured query_preview preservation and increased API bounds.
• Security Hardening: Pinned hono to 4.12.12 to mitigate middleware vulnerabilities.
• Core Stability: Constrained DDL validations and improved anomaly detection edge cases.

Security

• hono: Pinned to 4.12.12 to address moderate vulnerabilities including path traversal and middleware bypass.

Changed

• Dependencies: Bumped @vitest/coverage-v8, typescript-eslint, and vitest.
• Dockerfile: Extracted duplicated CVE patch instructions into scripts/patch-npm-deps.sh to eliminate stage drift and enforce cache purging.

Fixed

• anomaly-detection: Modified pg_detect_bloat_risk to return empty responses instead of validation errors on nonexistent schemas.
• caching: Added robust validation for METADATA_CACHE_TTL_MS to prevent cache expiration failures.
• core: Removed .unknown() from column type schemas to constrain default values and prevent DDL validation errors.
• kcache: Ensured query_preview remains preserved during compact payload generation across CPU, IO, and query tools.
• kcache: Increased API parameter bounds from 10 to 100 and improved property aliasing.
• kcache: Added coerceNumber data preprocessing to all numeric thresholds to properly handle string inputs.
• partitioning: Patched syntax errors by escaping embedded single quotes within DDL fragment values.

---

Full Compare

docker pull writenotenow/postgres-mcp:v3.0.6

v3.0.5 - Comprehensive Patch Validation

v3.0.5 - Comprehensive Patch Validation

This patch concludes the Docker Scout vulnerability fixes with a perfectly sound patching strategy that handles NPM tree hoisting, metadata drift, and hidden file omission.

Build and Integrity

• Safe Hidden File Patching: Replaced the cp -r / glob logic with cp -a and directory-level overwrites. This guarantees that all hidden/dot files within patched NPM bundles (such as picomatch) are accurately captured when manually copying to nested node_modules folders, ensuring complete artifact parity without polluting cache paths.

v3.0.4 - Defensive Build Pathing

v3.0.4 - Defensive Build Pathing

This patch explicitly fortifies the multi-stage Docker build process against upstream NPM restructuring logic.

Resiliency

• Defensive NPM Cache Patching: Updated the Dockerfile to create parent directories prior to injecting patched picomatch@4.0.4 assets. This ensures the Docker build doesn't break if npm@latest arbitrarily flattens or restructures its dependency tree (lib/node_modules/npm/...) on any given build. Unpacked assets are now consistently copied into both root and nested paths unconditionally.

v3.0.3 - Nested Vulnerability Patch

v3.0.3 - Nested Vulnerability Patch

This patch resolves the remaining picomatch vulnerability flagged by Docker Scout, which persisted because the vulnerable package was deeply nested within a subdependency.

Security

• Deep Patching for picomatch: Updated the npm bundler patch in the Dockerfile (for both builder and production stages) to extract picomatch@4.0.4 directly into node_modules/tinyglobby/node_modules/picomatch. The previous top-level patch failed to overwrite this nested dependency, leaving the image vulnerable to Docker Scout scans.

v3.0.2 - Vulnerability Patch Addendum

v3.0.2 - Vulnerability Patch Addendum

This patch release addresses missed metadata synchronization and a multi-stage Docker build oversight from v3.0.1.

Security & Build

• Production Image Patching: Applied the picomatch@4.0.4 and brace-expansion@5.0.5 npm bundle patches to the final production stage of the Dockerfile. Previously, these were only unpacked in the builder stage, causing the generated production image to retain the vulnerable dependencies.
• Version Metadata Sync: Synchronized lingering 3.0.0 version strings in server.json, Dockerfile (LABEL), and test assertions securely to 3.0.2 to ensure artifact, test, and registry consistency.

v3.0.1 - Vulnerability Patch

v3.0.1 - Vulnerability Patch

This patch release addresses vulnerabilities detected by Docker Scout in the base image's bundled npm dependencies immediately following the v3.0.0 release.

Security

• Patched picomatch: Updated npm's bundled picomatch dependency to 4.0.4 to resolve CVE-2026-33671 (Inefficient Regular Expression Complexity) and CVE-2026-33672 (Prototype Pollution).
• Patched brace-expansion: Updated npm's bundled brace-expansion dependency to 5.0.5 to resolve CVE-2026-33750 (Uncontrolled Resource Consumption).

(Docker images for v3.0.0 were blocked from publishing; users should pull and use the v3.0.1 images.)

v3.0.0 - Secure Code Mode, Auth Scopes & Audit Subsystem

v3.0.0 - Secure Code Mode, Auth Scopes & Audit Subsystem

⚠️ Breaking Changes

• OAuth Scope Requirements: Core write tools now require the write OAuth scope; destructive tools require admin. Clients using HTTP/OAuth transport must update their scope configurations.

Highlights

• 🔒 Auth Module: Transport-agnostic auth with SCOPE_PATTERNS, BASE_SCOPES, and RFC 6750 enforcement across all tool groups.
• 🏗️ Worker-Thread Code Mode: True V8 isolate sandbox with resource limits, RPC bridge, and configurable timeouts.
• 📋 Audit Subsystem: Session token estimation, JSONL logging with rotation, redaction, pre-mutation DDL snapshots, and dedicated pg_audit_* tools.
• 📉 30–41% Payload Reduction: Reduced default row limits (10–20), capped max limits (50–100), and eliminated null/empty sections across all major tool groups.
• 🛡️ Security Hardening: Replaced raw exceptions with PostgresMcpError, SLSA Build L3 via --provenance, Docker vulnerability patches, and secrets scanning on push.

Added

• Worker-thread Code Mode sandbox with resource limits, RPC bridge, and configurable timeouts.
• Transport-agnostic Auth module supporting SCOPE_PATTERNS, BASE_SCOPES, and RFC 6750.
• Audit subsystem with session token estimates, JSONL logging, redaction, and pg_audit_* tools.
• 13 new statistics and admin tools (including pg_stats_outliers, pg_append_insight, and pg_jsonb_pretty).
• 22 group-specific help resources accessible via postgres://help.
• Playwright E2E test coverage for Code Mode, authentication, and backups.
• Parameter extensions and aliases for core tools (e.g., toType, indexName).
• Agent-optimized documentation and Code Mode integration guides.

Changed

• BREAKING: Core write tools require write scope; destructive tools require admin.
• Modularized source files using strict kebab-case convention.
• Optimized payload sizes (~30–41% reduction) by reducing default limits, capping max limits, and omitting null/empty sections across Performance, Stats, Monitoring, and Introspection tools.
• Configurable safety limits (default 100, max 500) for pg_schema_snapshot and pg_dependency_graph.
• Applied openWorldHint: false to all tools.
• Centralized default connection pool timeout to 30,000ms.
• Switched to SWC compilation for Vitest and reduced npm package size by excluding test/source map artifacts.

Removed

• Obsolete META_GROUPS shortcut bundles.
• Unused hono router dependency.
• Duplicate validation logic across performance handlers.

Fixed

• Corrected the static totalResources count reported by postgres://capabilities to 23.
• Standardized P154 error structures and double-quote formatting across all 230+ tools.
• Resolved Split Schema Pattern violations across Search, JSONB, Vector, Stats, Performance, and Admin groups.
• Improved reliability for Performance tools (pg_stat_statements, pg_diagnose_database_performance, pg_cache_hit_ratio).
• Implemented strict numeric type coercion (coerceNumber) and Zod validation for performance tools.
• Partitioning tools: Fixed membership checks, added ifNotExists parameters, and implemented pagination limits.
• Transaction tools: Fixed isolation_level alias mapping and improved transaction error hints.
• Improved resilience in Admin and Monitoring tools when handling missing tables or extensions.
• Bypassed Docker Hub rate-limit blocks in CI using authenticated pulls.
• Resolved logic regressions in cascade simulators, progress logging, and snake_case alias parsing.

Security

• Patched prototype pollution vulnerabilities in hono.
• Replaced raw exceptions with PostgresMcpError to prevent SQL syntax leaks.
• Enforced SLSA Build L3 compliance via --provenance in publishing workflows.
• Patched vulnerabilities in Docker builds.
• Added push trigger to secrets-scanning.yml for early leak detection on feature branches.
• Cleaned .trivyignore to contain only CVE IDs (removed inert path entries).

---

Full Compare

Install

npm install -g @neverinfamous/postgres-mcp@3.0.0

Docker

docker pull writenotenow/postgres-mcp:v3.0.0
# or
docker pull writenotenow/postgres-mcp:latest

v2.3.0 - Transaction Status & Schema Validation Hardening

v2.3.0 - Transaction Status & Schema Validation Hardening

Highlights

• New pg_transaction_status tool — Check active transaction state (active, aborted, not_found) without modifying it
• 3 introspection tools now fail-fast on nonexistent schemas — pg_dependency_graph, pg_topological_sort, and pg_constraint_analysis return structured {success: false} errors instead of silently returning empty results
• Anomaly detection NaN safety — Passing invalid string values for numeric params now gracefully falls back to defaults instead of crashing
• SQL injection hardening — Replaced ad-hoc string escaping with validateIdentifier() in diagnostics and anomaly detection tools
• Dependency updates — jose 6.2.0 → 6.2.1, npm-bundled tar 7.5.10 → 7.5.11, minimatch pinned to 10.2.4

Added

• pg_transaction_status — Read-only tool to probe active managed transactions via SELECT 1, returning {status, transactionId, active, message}. Exposed in Code Mode as pg.transactions.status(). Transaction tools: 7 → 8

Fixed

• 3 introspection tools (pg_dependency_graph, pg_topological_sort, pg_constraint_analysis) now return {success: false} for nonexistent schemas via shared checkSchemaExists() helper
• pg_constraint_analysis returns {success: false} for nonexistent tables via shared checkTableExists() helper
• pg_cascade_simulator returns clean {success: false} error instead of mixing error and success fields
• pg_migration_record now inserts with explicit status: 'recorded' instead of defaulting to 'applied'; added 'recorded' to CHECK constraint, Zod enum, and dashboard counts
• 3 anomaly detection tools (pg_detect_query_anomalies, pg_detect_bloat_risk, pg_detect_connection_spike) handle NaN for wrong-type numeric params via safeNum() helper
• Migration tool icons now use correct "migration" group instead of "introspection"
• SQL injection fix: validateIdentifier() replaces ad-hoc .replace() in diagnostics.ts and anomaly-detection.ts
• InvalidFtsConfigError now properly exported from fts-config.ts
• Tool counts updated from 227 → 231 across documentation

Changed

• jose: 6.2.0 → 6.2.1
• Dockerfile: npm-bundled tar 7.5.10 → 7.5.11, minimatch pinned to 10.2.4
• package.json overrides: exactly pinned tar to 7.5.11 and minimatch to 10.2.4

---

Full Compare

Install:

npm install -g @neverinfamous/postgres-mcp@2.3.0

Docker:

docker pull writenotenow/postgres-mcp:v2.3.0

v2.2.0 - Performance Monitoring & Migration Tracking

v2.2.0 - Performance Monitoring & Migration Tracking

🌟 Highlights

• New Performance Monitoring Suite: Added pg_diagnose_database_performance for a unified 0-100 health score and actionable recommendations, plus anomaly detection tools for query outliers, bloat risks, and connection spikes.
• Dedicated Migration Tool Group: Separated migration schema tracking into its own migration tool group (from introspection), adding 6 dedicated tools like pg_migration_apply and pg_migration_rollback for robust tracking with SHA-256 deduplication.
• Improved Code Mode & Sandbox Security: Added an LRU cache for vm.Script instances, dropped redundant process.memoryUsage() overhead, and hardened sandbox configurations to prevent escape vectors involving Proxy and Reflect.
• Comprehensive Dependency Protection: Pinned all 37 base GitHub Action uses: lines to full SHA SHAs and fully mitigated a 10MB streaming body bypass in our HTTP transport alongside other key dependency CVEs.

✨ Added

• pg_diagnose_database_performance tool — Consolidated performance diagnostics with slow queries, locks, connection pressure, and an overall health score (0-100).
• Anomaly detection tools (pg_detect_query_anomalies, pg_detect_bloat_risk, pg_detect_connection_spike) — Proactive Z-score-based analysis and automated health insights.
• migration tool group — 6 tools providing schema migration tracking and management, previously part of the introspection group.
• 6 migration edge-case unit tests — Additional coverage for rollbacks and already-applied states.
• 18 new Vitest parsing benchmarks covering code paths for both introspection and migration groups.

🔒 Security

• pg_migration_init template hardening — Explicit identifier handling.
• Docker Scout fallback execution drop — Any unexpected Docker Scout exit codes will now hard-fail the build explicitly.
• Trivy integration into pipeline — Security checks scan local Docker images with reports uploaded natively to GitHub.
• OAUTH-A1 enforcement & Auth Logging — Startup emits a loud warning on --transport http lacking --oauth-enabled.
• Added trust-proxy configuration for rate limit IP extractions --trust-proxy.

📈 Improved

• Concurrent pg_schema_snapshot generation — Execution of all 9 independent schema tables/views/indexes/constraints queries using Promise.all() to dramatically slice tool round trips.
• Unified pg_topological_sort array iterations down to a single pass to save on repeated allocations.

🐛 Fixed

• Over 55 instances of improperly raw MCP -32602 parameter validation errors returned as raw JSON values instead of the structured error patterns designed for standard agent consumption.
• Addressed multiple duplicate index and partition listing existence gaps.
• Over 80 TypeScript any typings transformed over to accurate parameter z.coerce declarations for numerical optional fields.
• Added connection and statement error catching to standalone testing tools (pg_text_sentiment, pg_text_normalize, pg_citext_compare, etc.).

🔄 Changed

• Split the 12-tool introspection group into the introspection (read-only) and migration (write) groups for better access controls.
• Renamed shortcut scopes dev-schema, dba-schema, and ext-perf to fit the broader ranges.
• Separated schema.ts and monitoring.ts into isolated folder directories for maintainability.

🗑️ Removed

• Unused worker_threads sandbox execution mode which didn't properly share scope endpoints.
• 6 dead exports and completely orphaned documentation stubs across standard code bases.

---

Comparison & Installation

Full Compare

NPM:

npm install -g @neverinfamous/postgres-mcp@2.2.0

Docker:

docker pull writenotenow/postgres-mcp:v2.2.0