# SQL Parser AST Engine MCP

> SQL Parser AST Engine provides deep, programmatic analysis of any SQL query. Instead of just running code, this MCP breaks down the syntax into an Abstract Syntax Tree, revealing every table, column, and join condition. It's essential for security teams checking for unauthorized data access or DevOps engineers validating complex database migrations across 15+ dialects like PostgreSQL, BigQuery, and Snowflake.

## Overview
- **Category:** developer-tools
- **Price:** Free
- **Tags:** sql-parsing, ast, query-analysis, security-firewall, database-security, code-inspection

## Description

When you deal with SQL queries from user input, the biggest risk isn't just bad syntax; it's what might be hidden inside. This MCP doesn't execute your code. Instead, it takes a raw query string and converts it into an Abstract Syntax Tree (AST). Think of the AST as a detailed blueprint of the query, showing exactly how every piece connects—every table reference, every column name, every join type, and even nested subqueries.

This structured view is critical for governance. Your agent can now inspect the query's intent without ever risking execution. It lets you programmatically check if a query accesses tables outside of an allowed list or if it contains malicious patterns like injection attempts. Because this MCP supports over 15 major SQL dialects, from MySQL to Snowflake, you get one reliable source for analyzing database language across your entire stack. You'll find this engine cataloged and managed easily on Vinkius, giving your AI client a single connection point for all your parsing needs.

## Tools

### parse_sql
Sends an SQL query and receives its Abstract Syntax Tree (AST) structure, along with lists of all tables, columns, and clauses used. Supports major dialects like MySQL, PostgreSQL, and BigQuery.

## Prompt Examples

**Prompt:** 
```
A user submitted this SQL query through our API. Parse it and check if it accesses any tables beyond 'orders' and 'products'.
```

**Response:** 
```
Tables extracted: orders, products, users. ⚠️ 'users' table access detected — not in allowed list.
```

**Prompt:** 
```
Extract all columns referenced in this BigQuery analytics query for our data governance audit.
```

**Response:** 
```
14 columns extracted across 3 tables with full table.column qualified names.
```

**Prompt:** 
```
Validate this PostgreSQL migration query for syntax errors before deploying to production.
```

**Response:** 
```
AST parsed successfully — no syntax errors. Query is valid PostgreSQL.
```

## Capabilities

### Detecting unauthorized table access
The MCP analyzes the query to see exactly which tables are referenced, allowing you to enforce data governance rules before execution.

### Extracting schema details
It lists every column and table name used in a query, providing fully qualified names necessary for auditing or documentation generation.

### Validating SQL syntax fidelity
You can parse an existing query into an AST and then reconstruct valid SQL from that tree structure to ensure full compatibility across different database dialects.

## Use Cases

### Auditing a third-party API query
A marketing team submits an ad copy that includes an SQL snippet for data extraction. You feed the snippet to your agent, which uses `parse_sql` to verify that the query only touches the 'leads' and 'campaigns' tables, flagging any attempt to access internal HR records.

### Validating a cross-platform migration
Your DevOps pipeline needs to migrate a schema from PostgreSQL to BigQuery. Before deployment, you run the `parse_sql` tool on critical DDL statements across both dialects to ensure all necessary clauses and types are correctly represented in the AST.

### Building a query validation layer
You're building an internal data portal where users submit custom queries. Your agent intercepts every request, using `parse_sql` to check for disallowed functions or table joins before sending it to the database.

### Analyzing user-submitted search logic
A client gives you a complex SQL query meant for their analytics dashboard. You use the MCP's parsing capabilities to extract all referenced columns, giving your data governance team an immediate list of assets needing review.

## Benefits

- Security checks are airtight. By using the `parse_sql` tool, you don't trust the query text; you inspect its underlying structure for unauthorized operations or injection patterns.
- Data governance compliance becomes automated. You can use this MCP to extract and list every table and column referenced in any given SQL query, essential for auditing data access rights.
- It handles database diversity. Since it supports 15+ dialects—including Snowflake, MariaDB, and SQLite—you get one tool that works reliably across your entire mixed-environment stack.
- Debugging complex logic is easier. You can parse a working query into an AST, then rebuild SQL from the tree to spot subtle syntax differences between dialect versions.
- The analysis happens safely. The MCP reads the structure; it never executes the code. This means you get deep insight without any risk of running malicious or faulty queries.

## How It Works

The bottom line is that instead of treating SQL as just text, the MCP gives your agent a machine-readable blueprint of what the query actually intends to do.

1. Feed the MCP a raw SQL query string, whether it's user input or a script segment needing review.
2. The engine processes the text and generates a structured Abstract Syntax Tree, breaking the entire query into inspectable components like JOIN clauses and column lists.
3. Your agent receives this structured data, which you can then pass to other tools—for example, checking if any extracted tables are on an approved list.

## Frequently Asked Questions

**Can the SQL Parser AST Engine handle dialects I haven't used before?**
Yes, this MCP supports 15+ major dialects, including MySQL, PostgreSQL, BigQuery, and Snowflake. You specify the dialect when calling `parse_sql` to ensure accurate parsing for your environment.

**Does using the SQL Parser AST Engine execute the query against my database?**
No. This MCP analyzes the syntax structure (the Abstract Syntax Tree) and never executes the code. It's purely a reading and validation tool, making it safe for use with untrusted input.

**What is an Abstract Syntax Tree in relation to SQL?**
The AST is a structured representation of the query's logic. Instead of seeing text like 'SELECT * FROM t1 JOIN t2', you receive data showing: 'Operation: SELECT; Target Columns: (*); Source 1: (t1); Join Type: INNER; Source 2: (t2)'. This structure is what makes it useful.

**Is this better than just using a standard database client for validation?**
Yes. A database client only validates against its own engine rules. The MCP provides an external, programmatic audit layer that can check the query's structure against your custom governance policies (e.g., 'This user cannot access tables X, Y, and Z').

**Does parse_sql extract only table names or also column details?**
The `parse_sql` tool extracts both. It provides lists of all referenced tables and, critically, the fully qualified names for every single column used in the query.