Curated Claude Code catalog
Updated 07.05.2026 · 19:39 CET
01 / Skill
GreptimeTeam

greptimedb-mcp-server

Quality
9.0

This Model Context Protocol (MCP) server integrates GreptimeDB, an open-source observability database, with AI assistants. It provides a rich set of tools for executing SQL, TQL (PromQL-compatible), and time-window RANGE queries. Developers can manage data pipelines and Perses dashboards directly. Key features include robust security with read-only enforcement, data masking for sensitive information, and comprehensive audit logging. It also offers built-in prompt templates for common tasks like metrics analysis, log processing, and IoT monitoring, streamlining AI-driven data exploration and m

USP

Securely query GreptimeDB with AI using SQL, TQL, and RANGE queries. Features include read-only enforcement, automatic data masking, and audit logging. Manage data pipelines and Perses dashboards directly from your AI assistant with built-…

Use cases

  • 01AI-driven analysis of time-series metrics for system health monitoring.
  • 02Automated querying of logs and traces for incident investigation.
  • 03Creating and managing data pipelines for observability data.
  • 04Generating and updating Perses dashboards programmatically.
  • 05Securely exploring database schemas and data with AI assistants.

Detected files (1)

  • server.jsonmcp_server
    Show content (3794 bytes)
    {
  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
  "name": "io.github.GreptimeTeam/greptimedb-mcp-server",
  "description": "Query and analyze GreptimeDB metrics, logs and traces via SQL, TQL and RANGE queries. Manage pipelines and Perses dashboards.",
  "repository": {
    "url": "https://github.com/GreptimeTeam/greptimedb-mcp-server",
    "source": "github"
  },
  "version": "0.4.7",
  "packages": [
    {
      "registryType": "pypi",
      "identifier": "greptimedb-mcp-server",
      "version": "0.4.7",
      "transport": {
        "type": "stdio"
      },
      "packageArguments": [
        {
          "type": "named",
          "name": "--host",
          "description": "GreptimeDB host address",
          "isRequired": false,
          "valueHint": "localhost"
        },
        {
          "type": "named",
          "name": "--port",
          "description": "GreptimeDB MySQL protocol port",
          "isRequired": false,
          "valueHint": "4002"
        },
        {
          "type": "named",
          "name": "--database",
          "description": "Database name to connect to",
          "isRequired": false,
          "valueHint": "public"
        },
        {
          "type": "named",
          "name": "--user",
          "description": "Database username",
          "isRequired": false
        },
        {
          "type": "named",
          "name": "--password",
          "description": "Database password",
          "isRequired": false,
          "isSecret": true
        },
        {
          "type": "named",
          "name": "--timezone",
          "description": "Session timezone",
          "isRequired": false,
          "valueHint": "UTC"
        }
      ],
      "environmentVariables": [
        {
          "name": "GREPTIMEDB_HOST",
          "description": "GreptimeDB host address",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_PORT",
          "description": "GreptimeDB MySQL protocol port (default: 4002)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_USER",
          "description": "Database username",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_PASSWORD",
          "description": "Database password",
          "isRequired": false,
          "isSecret": true
        },
        {
          "name": "GREPTIMEDB_DATABASE",
          "description": "Database name to connect to",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_TIMEZONE",
          "description": "Session timezone (default: UTC)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_POOL_SIZE",
          "description": "Connection pool size (default: 5)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_HTTP_PORT",
          "description": "HTTP API port for pipeline/dashboard management (default: 4000)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_HTTP_PROTOCOL",
          "description": "HTTP protocol for pipeline/dashboard API: http or https (default: http)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_MASK_ENABLED",
          "description": "Enable sensitive data masking (default: true)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_MASK_PATTERNS",
          "description": "Additional column name patterns for data masking (comma-separated)",
          "isRequired": false
        },
        {
          "name": "GREPTIMEDB_AUDIT_ENABLED",
          "description": "Enable audit logging for tool invocations (default: true)",
          "isRequired": false
        }
      ]
    }
  ]
}

README

greptimedb-mcp-server

PyPI - Version build workflow MCP Registry MIT License

A Model Context Protocol (MCP) server for GreptimeDB — an open-source observability database that handles metrics, logs, and traces in one engine.

Enables AI assistants to query and analyze GreptimeDB using SQL, TQL (PromQL-compatible), and RANGE queries, with built-in security features like read-only enforcement and data masking.

Quick Start

# Install
pip install greptimedb-mcp-server

# Run (connects to localhost:4002 by default)
greptimedb-mcp-server --host localhost --database public

For Claude Desktop, add this to your config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "greptimedb": {
      "command": "greptimedb-mcp-server",
      "args": ["--host", "localhost", "--database", "public"]
    }
  }
}

Features

Tools

ToolDescription
execute_sqlExecute SQL queries with format (csv/json/markdown) and limit options
execute_tqlExecute TQL (PromQL-compatible) queries for time-series analysis
query_rangeExecute time-window aggregation queries with RANGE/ALIGN syntax
describe_tableGet table schema including column names, types, and constraints
explain_queryAnalyze SQL or TQL query execution plans
health_checkCheck database connection status and server version

Pipeline Management

ToolDescription
list_pipelinesList all pipelines or get details of a specific pipeline
create_pipelineCreate a new pipeline with YAML configuration
dryrun_pipelineTest a pipeline with sample data without writing to database
delete_pipelineDelete a specific version of a pipeline

Dashboard Management

ToolDescription
list_dashboardsList all Perses dashboard definitions
create_dashboardCreate or update a Perses dashboard definition
delete_dashboardDelete a dashboard definition

Resources & Prompts

  • Resources: Browse tables via greptime://<table>/data URIs
  • Prompts: Built-in templates for common tasks — pipeline_creator, log_pipeline, metrics_analysis, promql_analysis, iot_monitoring, trace_analysis, table_operation

For LLM integration and prompt usage, see docs/llm-instructions.md.

Configuration

Environment Variables

GREPTIMEDB_HOST=localhost      # Database host
GREPTIMEDB_PORT=4002           # MySQL protocol port (default: 4002)
GREPTIMEDB_USER=root           # Database user
GREPTIMEDB_PASSWORD=           # Database password
GREPTIMEDB_DATABASE=public     # Database name
GREPTIMEDB_TIMEZONE=UTC        # Session timezone

# Optional
GREPTIMEDB_HTTP_PORT=4000      # HTTP API port for pipeline/dashboard management
GREPTIMEDB_HTTP_PROTOCOL=http  # HTTP protocol (http/https)
GREPTIMEDB_POOL_SIZE=5         # Connection pool size
GREPTIMEDB_MASK_ENABLED=true   # Enable sensitive data masking
GREPTIMEDB_MASK_PATTERNS=      # Additional patterns (comma-separated)
GREPTIMEDB_AUDIT_ENABLED=true  # Enable audit logging

# Transport (for HTTP server mode)
GREPTIMEDB_TRANSPORT=stdio     # stdio, sse, or streamable-http
GREPTIMEDB_LISTEN_HOST=0.0.0.0 # HTTP server bind host
GREPTIMEDB_LISTEN_PORT=8080    # HTTP server bind port
GREPTIMEDB_ALLOWED_HOSTS=      # DNS rebinding protection (comma-separated)
GREPTIMEDB_ALLOWED_ORIGINS=    # CORS allowed origins (comma-separated)

CLI Arguments

greptimedb-mcp-server \
  --host localhost \
  --port 4002 \
  --database public \
  --user root \
  --password "" \
  --timezone UTC \
  --pool-size 5 \
  --mask-enabled true \
  --transport stdio

HTTP Server Mode

For containerized or Kubernetes deployments. Requires mcp>=1.8.0:

# Streamable HTTP (recommended for production)
greptimedb-mcp-server --transport streamable-http --listen-port 8080

# SSE mode (legacy)
greptimedb-mcp-server --transport sse --listen-port 3000

DNS Rebinding Protection

By default, DNS rebinding protection is disabled for compatibility with proxies, gateways, and Kubernetes services. To enable it, use --allowed-hosts:

# Enable DNS rebinding protection with allowed hosts
greptimedb-mcp-server --transport streamable-http \
  --allowed-hosts "localhost:*,127.0.0.1:*,my-service.namespace:*"

# With custom allowed origins for CORS
greptimedb-mcp-server --transport streamable-http \
  --allowed-hosts "my-service.namespace:*" \
  --allowed-origins "http://localhost:*,https://my-app.example.com"

# Or via environment variables
GREPTIMEDB_ALLOWED_HOSTS="localhost:*,my-service.namespace:*" \
GREPTIMEDB_ALLOWED_ORIGINS="http://localhost:*" \
  greptimedb-mcp-server --transport streamable-http

If you encounter 421 Invalid Host Header errors, either disable protection (default) or add your host to the allowed list.

Security

Read-Only Database User (Recommended)

Create a read-only user in GreptimeDB using static user provider:

mcp_readonly:readonly=your_secure_password

Application-Level Security Gate

All queries go through a security gate that:

  • Blocks: DROP, DELETE, TRUNCATE, UPDATE, INSERT, ALTER, CREATE, GRANT, REVOKE, EXEC, LOAD, COPY
  • Blocks: Encoded bypass attempts (hex, UNHEX, CHAR)
  • Allows: SELECT, SHOW, DESCRIBE, TQL, EXPLAIN, UNION

Data Masking

Sensitive columns are automatically masked (******) based on column name patterns:

  • Authentication: password, secret, token, api_key, credential
  • Financial: credit_card, cvv, bank_account
  • Personal: ssn, id_card, passport

Configure with --mask-patterns phone,email to add custom patterns.

Audit Logging

All tool invocations are logged:

2025-12-10 10:30:45 - greptimedb_mcp_server.audit - INFO - [AUDIT] execute_sql | query="SELECT * FROM cpu LIMIT 10" | success=True | duration_ms=45.2

Disable with --audit-enabled false.

Development

# Clone and setup
git clone https://github.com/GreptimeTeam/greptimedb-mcp-server.git
cd greptimedb-mcp-server
uv venv && source .venv/bin/activate
uv sync

# Run tests
pytest

# Format & lint
uv run black .
uv run flake8 src

# Debug with MCP Inspector
npx @modelcontextprotocol/inspector uv --directory . run -m greptimedb_mcp_server.server

License

MIT License - see LICENSE.md.

Acknowledgement

Inspired by: