ClickHouse MCP Server
An MCP server for ClickHouse.
<a href="https://glama.ai/mcp/servers/yvjy4csvo1"><img width="380" height="200" src="https://glama.ai/mcp/servers/yvjy4csvo1/badge" alt="mcp-clickhouse MCP server" /></a>
Features
ClickHouse Tools
-
run_query- Execute SQL queries on your ClickHouse cluster.
- Input:
query(string): The SQL query to execute. - Queries run in read-only mode by default (
CLICKHOUSE_ALLOW_WRITE_ACCESS=false), but writes can be enabled explicitly if needed.
-
list_databases- List all databases on your ClickHouse cluster.
-
list_tables- List tables in a database with pagination.
- Required input:
database(string). - Optional inputs:
like/not_like(string): ApplyLIKEorNOT LIKEfilters to table names.page_token(string): Token returned by a previous call for fetching the next page.page_size(int, default50): Number of tables returned per page.include_detailed_columns(bool, defaulttrue): Whenfalse, omits column metadata for lighter responses while keeping the fullcreate_table_query.
- Response shape:
tables: Array of table objects for the current page.next_page_token: Pass this value back to fetch the next page, ornullwhen there are no more tables.total_tables: Total count of tables that match the supplied filters.
chDB Tools
run_chdb_select_query- Execute SQL queries using chDB's embedded ClickHouse engine.
- Input:
query(string): The SQL query to execute. - Query data directly from various sources (files, URLs, databases) without ETL processes.
- Requires the optional
chdbextra:pip install 'mcp-clickhouse[chdb]'
Health Check Endpoint
When running with HTTP or SSE transport, a health check endpoint is available at /health. This endpoint:
- Returns
200 OK(body:OK) if the server is healthy and can connect to ClickHouse - Returns
503 Service Unavailablewith a generic error message if the server cannot connect to ClickHouse
The endpoint is intentionally unauthenticated so orchestrator probes (e.g. Kubernetes liveness/readiness, load balancers) can reach it without credentials. The response body is deliberately minimal to avoid leaking backend version strings or error details; debug failures via the server logs.
Example:
curl http://localhost:8000/health
# Response: OKSecurity
Authentication for HTTP/SSE Transports
When using HTTP or SSE transport, authentication is required by default. The stdio transport (default) does not require authentication as it only communicates via standard input/output.
Three authentication modes are supported. Pick one:
| Mode | When to use | Env var |
|---|---|---|
| Static bearer token | Simple deployments, internal services | CLICKHOUSE_MCP_AUTH_TOKEN |
| OAuth / OIDC (via FastMCP) | Azure Entra, Google, GitHub, WorkOS, etc. | FASTMCP_SERVER_AUTH=<provider-class-path> (+ provider-specific FASTMCP_SERVER_AUTH_* vars) |
| Disabled | Local development only | CLICKHOUSE_MCP_AUTH_DISABLED=true |
Startup fails if none of these are configured for HTTP/SSE transports.
Setting Up Authentication
-
Generate a secure token (can be any random string):
# Using uuidgen (macOS/Linux) uuidgen # Using openssl openssl rand -hex 32 -
Configure the server with the token:
export CLICKHOUSE_MCP_AUTH_TOKEN="your-generated-token" -
Configure your MCP client to include the token in requests:
For Claude Desktop with HTTP/SSE transport:
{ "mcpServers": { "mcp-clickhouse": { "url": "http://127.0.0.1:8000", "headers": { "Authorization": "Bearer your-generated-token" } } } }Note: the
/healthendpoint is intentionally unauthenticated (see Health Check Endpoint above). To verify that bearer-token auth is actually rejecting unauthenticated requests, hit the MCP endpoint itself e.g. with the MCP Inspector, or by POSTing a JSON-RPC request to/mcpwith and without theAuthorizationheader and confirming the unauthenticated call returns401.
OAuth / OIDC via FastMCP
For production deployments with identity providers (Azure Entra, Google, GitHub, WorkOS, etc.), delegate authentication to FastMCP's built-in auth providers instead of using a static token. Set FASTMCP_SERVER_AUTH to the full class path of a FastMCP auth provider, along with the provider-specific FASTMCP_SERVER_AUTH_* variables, and leave CLICKHOUSE_MCP_AUTH_TOKEN unset.
Example (Azure Entra):
export FASTMCP_SERVER_AUTH=fastmcp.server.auth.providers.azure.AzureProvider
export FASTMCP_SERVER_AUTH_AZURE_TENANT_ID="<tenant-id>"
export FASTMCP_SERVER_AUTH_AZURE_CLIENT_ID="<client-id>"
export FASTMCP_SERVER_AUTH_AZURE_CLIENT_SECRET="<client-secret>"See the FastMCP docs for the full list of providers and their required environment variables.
Development Mode (Disabling Authentication)
For local development and testing only, you can disable authentication by setting:
export CLICKHOUSE_MCP_AUTH_DISABLED=trueWARNING: Only use this for local development. Do not disable authentication when the server is exposed to any network.
Configuration
This MCP server supports both ClickHouse and chDB. You can enable either or both depending on your needs.
-
Open the Claude Desktop configuration file located at:
- On macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - On Windows:
%APPDATA%/Claude/claude_desktop_config.json
- On macOS:
-
Add the following:
{
"mcpServers": {
"mcp-clickhouse": {
"command": "uv",
"args": [
"run",
"--with",
"mcp-clickhouse",
"--python",
"3.10",
"mcp-clickhouse"
],
"env": {
"CLICKHOUSE_HOST": "<clickhouse-host>",
"CLICKHOUSE_PORT": "<clickhouse-port>",
"CLICKHOUSE_USER": "<clickhouse-user>",
"CLICKHOUSE_PASSWORD": "<clickhouse-password>",
"CLICKHOUSE_ROLE": "<clickhouse-role>",
"CLICKHOUSE_SECURE": "true",
"CLICKHOUSE_VERIFY": "true",
"CLICKHOUSE_CONNECT_TIMEOUT": "30",
"CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
}
}
}
}Update the environment variables to point to your own ClickHouse service.
Or, if you'd like to try it out with the ClickHouse SQL Playground, you can use the following config:
{
"mcpServers": {
"mcp-clickhouse": {
"command": "uv",
"args": [
"run",
"--with",
"mcp-clickhouse",
"--python",
"3.10",
"mcp-clickhouse"
],
"env": {
"CLICKHOUSE_HOST": "sql-clickhouse.clickhouse.com",
"CLICKHOUSE_PORT": "8443",
"CLICKHOUSE_USER": "demo",
"CLICKHOUSE_PASSWORD": "",
"CLICKHOUSE_SECURE": "true",
"CLICKHOUSE_VERIFY": "true",
"CLICKHOUSE_CONNECT_TIMEOUT": "30",
"CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
}
}
}
}For chDB (embedded ClickHouse engine), add the following configuration:
{
"mcpServers": {
"mcp-clickhouse": {
"command": "uv",
"args": [
"run",
"--with",
"mcp-clickhouse[chdb]",
"--python",
"3.10",
"mcp-clickhouse"
],
"env": {
"CHDB_ENABLED": "true",
"CLICKHOUSE_ENABLED": "false",
"CHDB_DATA_PATH": "/path/to/chdb/data"
}
}
}
}You can also enable both ClickHouse and chDB simultaneously:
{
"mcpServers": {
"mcp-clickhouse": {
"command": "uv",
"args": [
"run",
"--with",
"mcp-clickhouse[chdb]",
"--python",
"3.10",
"mcp-clickhouse"
],
"env": {
"CLICKHOUSE_HOST": "<clickhouse-host>",
"CLICKHOUSE_PORT": "<clickhouse-port>",
"CLICKHOUSE_USER": "<clickhouse-user>",
"CLICKHOUSE_PASSWORD": "<clickhouse-password>",
"CLICKHOUSE_SECURE": "true",
"CLICKHOUSE_VERIFY": "true",
"CLICKHOUSE_CONNECT_TIMEOUT": "30",
"CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30",
"CHDB_ENABLED": "true",
"CHDB_DATA_PATH": "/path/to/chdb/data"
}
}
}
}-
Locate the command entry for
uvand replace it with the absolute path to theuvexecutable. This ensures that the correct version ofuvis used when starting the server. On a mac, you can find this path usingwhich uv. -
Restart Claude Desktop to apply the changes.
Optional Write Access
By default, this MCP enforces read-only queries so that accidental mutations cannot happen during exploration. To allow DDL or INSERT/UPDATE statements, set the CLICKHOUSE_ALLOW_WRITE_ACCESS environment variable to true. The server keeps enforcing read-only mode if the ClickHouse instance itself disallows writes.
Destructive Operation Protection
Even when write access is enabled (CLICKHOUSE_ALLOW_WRITE_ACCESS=true), destructive operations (DROP TABLE, DROP DATABASE, DROP VIEW, DROP DICTIONARY, TRUNCATE TABLE) require an additional opt-in flag for safety. This prevents accidental data deletion during AI exploration.
To enable destructive operations, set both flags:
"env": {
"CLICKHOUSE_ALLOW_WRITE_ACCESS": "true",
"CLICKHOUSE_ALLOW_DROP": "true"
}This two-tier approach ensures that accidental drops are very difficult:
- Write operations (INSERT, UPDATE, CREATE) require
CLICKHOUSE_ALLOW_WRITE_ACCESS=true - Destructive operations (DROP, TRUNCATE) additionally require
CLICKHOUSE_ALLOW_DROP=true
Running Without uv (Using System Python)
If you prefer to use the system Python installation instead of uv, you can install the package from PyPI and run it directly:
-
Install the package using pip:
python3 -m pip install mcp-clickhouseTo install chDB support as well:
python3 -m pip install 'mcp-clickhouse[chdb]'To upgrade to the latest version:
python3 -m pip install --upgrade mcp-clickhouse -
Update your Claude Desktop configuration to use Python directly:
{
"mcpServers": {
"mcp-clickhouse": {
"command": "python3",
"args": [
"-m",
"mcp_clickhouse.main"
],
"env": {
"CLICKHOUSE_HOST": "<clickhouse-host>",
"CLICKHOUSE_PORT": "<clickhouse-port>",
"CLICKHOUSE_USER": "<clickhouse-user>",
"CLICKHOUSE_PASSWORD": "<clickhouse-password>",
"CLICKHOUSE_SECURE": "true",
"CLICKHOUSE_VERIFY": "true",
"CLICKHOUSE_CONNECT_TIMEOUT": "30",
"CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
}
}
}
}Alternatively, you can use the installed script directly:
{
"mcpServers": {
"mcp-clickhouse": {
"command": "mcp-clickhouse",
"env": {
"CLICKHOUSE_HOST": "<clickhouse-host>",
"CLICKHOUSE_PORT": "<clickhouse-port>",
"CLICKHOUSE_USER": "<clickhouse-user>",
"CLICKHOUSE_PASSWORD": "<clickhouse-password>",
"CLICKHOUSE_SECURE": "true",
"CLICKHOUSE_VERIFY": "true",
…