How to add MCP Server for MySQL to Windsurf
Read-only (optionally write) access to MySQL databases for LLMs — inspect schemas and run SQL queries. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 1.8k★ · stdio · no auth
Windsurf config for MCP Server for MySQL
npm install -g @benborla29/mcp-server-mysql{
"mcpServers": {
"mcp-server-for-mysql": {
"command": "/path/to/npx/binary/npx",
"args": [
"-y",
"@benborla29/mcp-server-mysql"
],
"env": {
"MYSQL_HOST": "127.0.0.1",
"MYSQL_PORT": "3306",
"MYSQL_USER": "root",
"MYSQL_PASS": "",
"MYSQL_DB": "db_name",
"PATH": "/path/to/node/bin:/usr/bin:/bin",
"ALLOW_INSERT_OPERATION": "false",
"ALLOW_UPDATE_OPERATION": "false",
"ALLOW_DELETE_OPERATION": "false"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the MCP Server for MySQL config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5MCP Server for MySQL's tools become available to Cascade.
Before you start
- Node.js v20 or higher
- MySQL 5.7 or higher (MySQL 8.0+ recommended)
- A MySQL user with appropriate permissions for the operations you need (INSERT/UPDATE/DELETE privileges required for write operations)
What MCP Server for MySQL can do in Windsurf
mysql_queryExecute a SQL query against the connected database. Input: sql (string). Read-only by default; INSERT/UPDATE/DELETE require the corresponding ALLOW_*_OPERATION flag. Runs within a transaction with commit/rollback handling, supports prepared statements, configurable timeouts, result pagination, and built-in execution statistics.
Security
All write operations are disabled by default; enable INSERT/UPDATE/DELETE/DDL only via the ALLOW_*_OPERATION env flags and only with a MySQL user holding the corresponding privileges. MYSQL_DISABLE_READ_ONLY_TRANSACTIONS removes read-only transaction enforcement — only enable for full write capability when you trust the LLM with your database. For credentials, use local or user scope to keep them private; the MYSQL_CONNECTION_STRING should only be set via environment variables, never committed to version control. Remote MCP mode requires a strong REMOTE_SECRET_KEY (sent as an Authorization: Bearer header).
MCP Server for MySQL + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the MCP Server for MySQL config there under the "mcpServers" key and restart the client.
Is MCP Server for MySQL safe to use with Windsurf?
All write operations are disabled by default; enable INSERT/UPDATE/DELETE/DDL only via the ALLOW_*_OPERATION env flags and only with a MySQL user holding the corresponding privileges. MYSQL_DISABLE_READ_ONLY_TRANSACTIONS removes read-only transaction enforcement — only enable for full write capability when you trust the LLM with your database. For credentials, use local or user scope to keep them private; the MYSQL_CONNECTION_STRING should only be set via environment variables, never committed to version control. Remote MCP mode requires a strong REMOTE_SECRET_KEY (sent as an Authorization: Bearer header).
Is the server read-only by default?
Yes. Only read operations are allowed unless you explicitly set ALLOW_INSERT_OPERATION, ALLOW_UPDATE_OPERATION, ALLOW_DELETE_OPERATION, or ALLOW_DDL_OPERATION to "true" (and ensure the MySQL user has the matching privileges).
How do I enable multi-database mode?
Leave the MYSQL_DB environment variable empty. Queries then require schema-qualified table names (e.g. database_name.table_name) or USE statements. Writes in multi-DB mode additionally require MULTI_DB_WRITE_MODE=true.
Can it run as a remote server instead of stdio?
Yes. Set IS_REMOTE_MCP=true and a REMOTE_SECRET_KEY, optionally a PORT (default 3000), then point your agent at http://your-host:3000/mcp using the streamableHttp transport with an Authorization: Bearer <REMOTE_SECRET_KEY> header.