v3.0.0 - Branch rename, deterministic error handling, Code Mode

mysql-mcp v3.0.0 Release Notes

🚀 Major Release — February 26, 2026

mysql-mcp v3.0.0 is a landmark release delivering Code Mode with worker-thread sandbox isolation, OAuth 2.1 authentication, deterministic error handling across all 192 tools, and hundreds of bug fixes and security hardening improvements.

✨ Highlights

Code Mode (mysql_execute_code)

New sandboxed code execution tool enabling AI agents to compose multi-step MySQL workflows as JavaScript/TypeScript code. Features:

• Worker-thread isolation — separate V8 isolate via worker_threads with MessagePort RPC bridge
• Readonly enforcement — write methods return structured errors when readonly: true
• Memory limits — enforced resourceLimits (maxOldGenerationSizeMb, maxYoungGenerationSizeMb)
• Full API access — all 24 tool groups available via mysql.* namespace
• Auto-injection — mysql_execute_code included in all tool filter presets

OAuth 2.1 + Configurable Server Host

• HTTP/SSE transport with --server-host / MCP_HOST binding configuration
• RFC 9728/8414 compliance with granular scopes (read, write, admin, full, db:*, table:*:*)

Deterministic Error Handling

Every tool now returns structured {success, error} responses — no raw exceptions, no silent failures. Agents get actionable context instead of cryptic MySQL error codes.

Parameter Aliases (Split Schema Pattern)

Tools accept alternative parameter names automatically normalized via Zod schema preprocessing: table/tableName/name, query/sql, where/filter, column/col.

🔒 Security

• Worker sandbox API bridge — MessagePort-based RPC for Code Mode isolation
• Code Mode readonly enforcement — write tools blocked when readonly: true
• SQL injection fixes — mysql_doc_find filter, mysql_create_schema charset/collation, mysql_security_user_privileges identifier quoting
• ProxySQL credential redaction — variables containing password/credentials auto-redacted
• CVE patches — hono timing comparison (GHSA-gq3j-xvxp-8hrf), rollup path traversal (GHSA-mw96-cpmx-2vgc), ajv ReDoS (GHSA-2g4f-4pwh-qvx6), qs arrayLimit bypass (GHSA-w7fw-mjwx-w883), tar path traversal (CVE-2026-26960)
• HTTP security headers — HSTS, Referrer-Policy, Permissions-Policy
• Sandbox pattern hardening — bracket-notation constructor access and Reflect.construct bypass detection

⚡ Performance

• Cache invalidation after DDL — clearSchemaCache() on 14 DDL handlers across 7 files
• Parallelized queries — SchemaManager.describeTable() and 8 resource handlers use Promise.all()
• Test suite parallelism — 4 workers, ~37s total runtime (44% faster)

💔 Breaking Changes

• proxysql_hostgroups removed — use proxysql_connection_pool (with hostgroup_id filtering) instead. Tool count: 193 → 192
• reason → error field normalization — all {success: false} error responses use error field; reason reserved for informational {success: true, skipped: true} responses
• mysql_drop_table default — ifExists default changed from true to false
• mysql2 3.18.0 type — adjusted QueryValues type constraint on execute()/query()

📦 Dependencies

• @modelcontextprotocol/sdk: 1.26.0 → 1.27.1
• @types/node: 25.2.3 → 25.3.1
• eslint: 10.0.0 → 10.0.2
• mysql2: 3.17.2 → 3.18.1
• typescript-eslint: 8.56.0 → 8.56.1

🏗️ Infrastructure

• Default branch renamed from master to main
• .gitattributes — enforces LF line endings with CRLF exceptions for Windows scripts
• Vitest JSON reporter — test-results.json output for agent consumption

---

Installation

# NPM
npm install -g @neverinfamous/mysql-mcp@3.0.0

# Docker
docker pull writenotenow/mysql-mcp:v3.0.0

Full Changelog: v2.3.1...v3.0.0