Official ClickHouse MCP server for querying and exploring ClickHouse clusters and chDB.
io.github.ClickHouse/mcp-clickhouse (MCP)
Official ClickHouse Model Context Protocol (MCP) server for querying and exploring ClickHouse clusters and chDB. It is provided as an MCP server under the slug io-github-clickhouse-mcp-clickhouse, intended to integrate ClickHouse exploration and query capabilities via the MCP interface.
🛠️ Key Features
Query ClickHouse clusters
Explore ClickHouse clusters and chDB
🚀 Use Cases
Searching for information about ClickHouse deployments
Running queries against ClickHouse via an MCP server
⚡ Developer Benefits
Centralizes ClickHouse querying and cluster exploration behind an MCP server
Provides a named, repository-style integration: io.github.ClickHouse/mcp-clickhouse
⚠️ Limitations
Available description only states querying and exploration of ClickHouse clusters and chDB; no additional capabilities or constraints are provided.
Queries run in read-only mode by default (CLICKHOUSE_ALLOW_WRITE_ACCESS=false), but writes can be enabled explicitly if needed.
list_databases
List all databases on your ClickHouse cluster.
list_tables
List tables in a database with pagination.
Required input: database (string).
Optional inputs:
like / not_like (string): Apply LIKE or NOT LIKE filters to table names.
page_token (string): Token returned by a previous call for fetching the next page.
page_size (int, default 50): Number of tables returned per page.
include_detailed_columns (bool, default true): When false, omits column metadata for lighter responses while keeping the full create_table_query.
Response shape:
tables: Array of table objects for the current page.
next_page_token: Pass this value back to fetch the next page, or null when there are no more tables.
total_tables: Total count of tables that match the supplied filters.
chDB Tools
run_chdb_select_query
Execute SQL queries using chDB's embedded ClickHouse engine.
Input: query (string): The SQL query to execute.
Query data directly from various sources (files, URLs, databases) without ETL processes.
Requires the optional chdb extra: pip install 'mcp-clickhouse[chdb]'
Health Check Endpoint
When running with HTTP or SSE transport, a health check endpoint is available at /health. This endpoint:
Returns 200 OK (body: OK) if the server is healthy and can connect to ClickHouse
Returns 503 Service Unavailable with a generic error message if the server cannot connect to ClickHouse
The endpoint is intentionally unauthenticated so orchestrator probes (e.g. Kubernetes liveness/readiness, load balancers) can reach it without credentials. The response body is deliberately minimal to avoid leaking backend version strings or error details; debug failures via the server logs.
Example:
bash
curl http://localhost:8000/health
# Response: OK
Security
Authentication for HTTP/SSE Transports
When using HTTP or SSE transport, authentication is required by default. The stdio transport (default) does not require authentication as it only communicates via standard input/output.
Three authentication modes are supported. Pick one:
Note: the /health endpoint is intentionally unauthenticated (see Health Check Endpoint above). To verify that bearer-token auth is actually rejecting unauthenticated requests, hit the MCP endpoint itself e.g. with the MCP Inspector, or by POSTing a JSON-RPC request to /mcp with and without the Authorization header and confirming the unauthenticated call returns 401.
OAuth / OIDC via FastMCP
For production deployments with identity providers (Azure Entra, Google, GitHub, WorkOS, etc.), delegate authentication to FastMCP's built-in auth providers instead of using a static token. Set FASTMCP_SERVER_AUTH to the full class path of a FastMCP auth provider, along with the provider-specific FASTMCP_SERVER_AUTH_* variables, and leave CLICKHOUSE_MCP_AUTH_TOKEN unset.
Locate the command entry for uv and replace it with the absolute path to the uv executable. This ensures that the correct version of uv is used when starting the server. On a mac, you can find this path using which uv.
Restart Claude Desktop to apply the changes.
Optional Write Access
By default, this MCP enforces read-only queries so that accidental mutations cannot happen during exploration. To allow DDL or INSERT/UPDATE statements, set the CLICKHOUSE_ALLOW_WRITE_ACCESS environment variable to true. The server keeps enforcing read-only mode if the ClickHouse instance itself disallows writes.
Destructive Operation Protection
Even when write access is enabled (CLICKHOUSE_ALLOW_WRITE_ACCESS=true), destructive operations (DROP TABLE, DROP DATABASE, DROP VIEW, DROP DICTIONARY, TRUNCATE TABLE) require an additional opt-in flag for safety. This prevents accidental data deletion during AI exploration.
Note: Make sure to use the full path to the Python executable or the mcp-clickhouse script if they are not in your system PATH. You can find the paths using:
which python3 for the Python executable
which mcp-clickhouse for the installed script
Custom Middleware
You can add custom middleware to the MCP server without modifying the source code. FastMCP provides a middleware system that allows you to intercept and process MCP protocol messages (tool calls, resource reads, prompts, etc.).
How to Use
Create a Python module with middleware classes extending Middleware and a setup_middleware(mcp) function:
python
# my_middleware.pyimport logging
from fastmcp.server.middleware import Middleware, MiddlewareContext, CallNext
logger = logging.getLogger("my-middleware")
classLoggingMiddleware(Middleware):
"""Log all tool calls."""asyncdefon_call_tool(self, context: MiddlewareContext, call_next: CallNext):
tool_name = context.message.name ifhasattr(context.message, 'name') else'unknown'
logger.info(f"Calling tool: {tool_name}")
result = await call_next(context)
logger.info(f"Tool {tool_name} completed")
return result
defsetup_middleware(mcp):
"""Register middleware with the MCP server."""
mcp.add_middleware(LoggingMiddleware())
Set the MCP_MIDDLEWARE_MODULE environment variable to the module name (without .py extension):
The Middleware base class provides hooks for different MCP operations:
on_message(context, call_next) - Called for all messages
on_request(context, call_next) - Called for all requests
on_notification(context, call_next) - Called for all notifications
on_call_tool(context, call_next) - Called when a tool is executed
on_read_resource(context, call_next) - Called when a resource is read
on_get_prompt(context, call_next) - Called when a prompt is retrieved
on_list_tools(context, call_next) - Called when listing tools
on_list_resources(context, call_next) - Called when listing resources
on_list_resource_templates(context, call_next) - Called when listing resource templates
on_list_prompts(context, call_next) - Called when listing prompts
Each hook receives a MiddlewareContext object containing the message and metadata, and a call_next function to continue the pipeline.
Dynamic Client Configuration via Context State
Middleware can override ClickHouse client configuration on a per-request basis using the CLIENT_CONFIG_OVERRIDES_KEY context state key. The server merges these overrides with the base configuration from environment variables.
python
from fastmcp.server.dependencies import get_context
from mcp_clickhouse.mcp_server import CLIENT_CONFIG_OVERRIDES_KEY
ctx = get_context()
ctx.set_state(CLIENT_CONFIG_OVERRIDES_KEY, {
"connect_timeout": 60,
"send_receive_timeout": 120
})
This enables advanced use cases like dynamic timeout adjustments, tenant-specific routing, or per-user connection settings.
Development
In test-services directory run docker compose up -d to start the ClickHouse cluster.
Add the following variables to a .env file in the root of the repository.
Note: The use of the default user in this context is intended solely for local development purposes.
Run uv sync to install the dependencies. To install uv follow the instructions here. Then do source .venv/bin/activate.
For easy testing with the MCP Inspector, run fastmcp dev mcp_clickhouse/mcp_server.py to start the MCP server.
To test with HTTP transport and the health check endpoint:
bash
# For development, disable authentication
CLICKHOUSE_MCP_SERVER_TRANSPORT=http CLICKHOUSE_MCP_AUTH_DISABLED=true python -m mcp_clickhouse.main
# Or with authentication (generate a token first)
CLICKHOUSE_MCP_SERVER_TRANSPORT=http CLICKHOUSE_MCP_AUTH_TOKEN="your-token" python -m mcp_clickhouse.main
# Then in another terminal:
curl http://localhost:8000/health
Environment Variables
The following environment variables are used to configure the ClickHouse and chDB connections:
ClickHouse Variables
Required Variables
CLICKHOUSE_HOST: The hostname of your ClickHouse server
CLICKHOUSE_USER: The username for authentication
CLICKHOUSE_PASSWORD: The password for authentication
CAUTION
It is important to treat your MCP database user as you would any external client connecting to your database, granting only the minimum necessary privileges required for its operation. The use of default or administrative users should be strictly avoided at all times.
Optional Variables
CLICKHOUSE_PORT: The port number of your ClickHouse server
Default: 8443 if HTTPS is enabled, 8123 if disabled
Usually doesn't need to be set unless using a non-standard port
CLICKHOUSE_ROLE: The role to use for authentication
Set to "false" to disable certificate verification (not recommended for production)
TLS certificates: The package uses your operating system trust store for TLS certificate verification via truststore. We call truststore.inject_into_ssl() at startup to ensure proper certificate handling. Python’s default SSL behavior is used as a fallback only if an unexpected error occurs.
CLICKHOUSE_SERVER_HOST_NAME: Server hostname for SNI override and certificate validation
Default: None (uses the connection hostname)
This is useful when connecting through proxies or load balancers where the certificate hostname differs from the connection hostname. When set, this hostname will be used for both SNI (Server Name Indication) during the TLS handshake and for certificate hostname validation.
CLICKHOUSE_CONNECT_TIMEOUT: Connection timeout in seconds
Default: "30"
Increase this value if you experience connection timeouts
CLICKHOUSE_SEND_RECEIVE_TIMEOUT: Send/receive timeout in seconds
Default: "300"
Increase this value for long-running queries
CLICKHOUSE_DATABASE: Default database to use
Default: None (uses server default)
Set this to automatically connect to a specific database
CLICKHOUSE_MCP_SERVER_TRANSPORT: Sets the transport method for the MCP server.
Default: "stdio"
Valid options: "stdio", "http", "sse". This is useful for local development with tools like MCP Inspector.
CLICKHOUSE_MCP_BIND_HOST: Host to bind the MCP server to when using HTTP or SSE transport
Default: "127.0.0.1"
Set to "0.0.0.0" to bind to all network interfaces (useful for Docker or remote access)
Only used when transport is "http" or "sse"
CLICKHOUSE_MCP_BIND_PORT: Port to bind the MCP server to when using HTTP or SSE transport
Default: "8000"
Only used when transport is "http" or "sse"
CLICKHOUSE_MCP_QUERY_TIMEOUT: Timeout in seconds for SELECT tools
Default: "30"
Increase this if you see Query timed out after ... errors for heavy queries
CLICKHOUSE_MCP_AUTH_TOKEN: Static bearer token for HTTP/SSE transports
Default: None
One of CLICKHOUSE_MCP_AUTH_TOKEN, FASTMCP_SERVER_AUTH, or CLICKHOUSE_MCP_AUTH_DISABLED=true is required for HTTP/SSE transports
Generate using uuidgen or openssl rand -hex 32
Clients must send this token in the Authorization: Bearer <token> header
Value is the full class path of an AuthProvider subclass, e.g. fastmcp.server.auth.providers.azure.AzureProvider or fastmcp.server.auth.providers.google.GoogleProvider
When set, FastMCP auto-loads the provider from its own FASTMCP_SERVER_AUTH_* environment variables; leave CLICKHOUSE_MCP_AUTH_TOKEN unset in this mode
CLICKHOUSE_MCP_AUTH_DISABLED: Disable authentication for HTTP/SSE transports
Default: "false" (authentication is enabled)
Set to "true" to disable authentication for local development/testing only
WARNING: Only use for local development. Do not disable when exposed to networks
Requires installing the optional extra: mcp-clickhouse[chdb]
CHDB_DATA_PATH: The path to the chDB data directory
Default: ":memory:" (in-memory database)
Use :memory: for in-memory database
Use a file path for persistent storage (e.g., /path/to/chdb/data)
Example Configurations
For local development with Docker:
env
# Required variables
CLICKHOUSE_HOST=localhost
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=clickhouse
# Optional: Override defaults for local development
CLICKHOUSE_SECURE=false # Uses port 8123 automatically
CLICKHOUSE_VERIFY=false
For ClickHouse Cloud:
env
# Required variables
CLICKHOUSE_HOST=your-instance.clickhouse.cloud
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=your-password
# Optional: These use secure defaults
# CLICKHOUSE_SECURE=true # Uses port 8443 automatically
# CLICKHOUSE_DATABASE=your_database
For ClickHouse SQL Playground:
env
CLICKHOUSE_HOST=sql-clickhouse.clickhouse.com
CLICKHOUSE_USER=demo
CLICKHOUSE_PASSWORD=
# Uses secure defaults (HTTPS on port 8443)
For chDB only (in-memory):
env
# chDB configuration
CHDB_ENABLED=true
CLICKHOUSE_ENABLED=false
# CHDB_DATA_PATH defaults to :memory:
For MCP Inspector or remote access with HTTP transport:
env
CLICKHOUSE_HOST=localhost
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=clickhouse
CLICKHOUSE_MCP_SERVER_TRANSPORT=http
CLICKHOUSE_MCP_BIND_HOST=0.0.0.0 # Bind to all interfaces
CLICKHOUSE_MCP_BIND_PORT=4200 # Custom port (default: 8000)
CLICKHOUSE_MCP_AUTH_TOKEN=your-generated-token # One auth mode required for HTTP/SSE (or FASTMCP_SERVER_AUTH, or CLICKHOUSE_MCP_AUTH_DISABLED=true)
For local development with HTTP transport (authentication disabled):
env
CLICKHOUSE_HOST=localhost
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=clickhouse
CLICKHOUSE_MCP_SERVER_TRANSPORT=http
CLICKHOUSE_MCP_AUTH_DISABLED=true # Only for local development!
When using HTTP transport, the server will run on the configured port (default 8000). For example, with the above configuration:
MCP endpoint: http://localhost:4200/mcp
Health check: http://localhost:4200/health
You can set these variables in your environment, in a .env file, or in the Claude Desktop configuration: