Server Neon

Neon MCP Server

Neon MCP Server is an open-source tool that lets you interact with your Neon Postgres databases in natural language.

The Model Context Protocol (MCP) is a standardized protocol designed to manage context between large language models (LLMs) and external systems. This repository provides a remote MCP Server for Neon.

Neon's MCP server acts as a bridge between natural language requests and the Neon API. Built upon MCP, it translates your requests into the necessary API calls, enabling you to manage tasks such as creating projects and branches, running queries, and performing database migrations seamlessly.

Some of the key features of the Neon MCP server include:

• Natural language interaction: Manage Neon databases using intuitive, conversational commands.
• Simplified database management: Perform complex actions without writing SQL or directly using the Neon API.
• Accessibility for non-developers: Empower users with varying technical backgrounds to interact with Neon databases.
• Database migration support: Leverage Neon's branching capabilities for database schema changes initiated via natural language.

For example, in Claude Code, or any MCP Client, you can use natural language to accomplish things with Neon, such as:

• Let's create a new Postgres database, and call it "my-database". Let's then create a table called users with the following columns: id, name, email, and password.
• I want to run a migration on my project called "my-project" that alters the users table to add a new column called "created_at".
• Can you give me a summary of all of my Neon projects and what data is in each one?

[!WARNING]
Neon MCP Server Security Considerations
The Neon MCP Server grants powerful database management capabilities through natural language requests. Always review and authorize actions requested by the LLM before execution. Ensure that only authorized users and applications have access to the Neon MCP Server.

The Neon MCP Server is intended for local development and IDE integrations only. We do not recommend using the Neon MCP Server in production environments. It can execute powerful operations that may lead to accidental or unauthorized changes.

For more information, see MCP security guidance →.

Setting up Neon MCP Server

There are a few options for setting up the Neon MCP Server:

1. Quick Setup with API Key (Cursor, VS Code, and Claude Code): Run neonctl@latest init to automatically configure Neon's MCP Server, agent skills, and VS Code extension with one command.
2. Remote MCP Server (OAuth Based Authentication): Connect to Neon's managed MCP server using OAuth for authentication. This method is more convenient as it eliminates the need to manage API keys. Additionally, you will automatically receive the latest features and improvements as soon as they are released.
3. Remote MCP Server (API Key Based Authentication): Connect to Neon's managed MCP server using API key for authentication. This method is useful if you want to connect a remote agent to Neon where OAuth is not available. Additionally, you will automatically receive the latest features and improvements as soon as they are released.

Prerequisites

• An MCP Client application.
• A Neon account.
• Node.js (>= v18.0.0): Download from nodejs.org.

For development, you'll need Node.js 22+ (pnpm is provided via Corepack — run corepack enable to activate it).

Option 1. Quick Setup with API Key

Don't want to manually create an API key?

Run neonctl@latest init to automatically configure Neon's MCP Server with one command:

npx neonctl@latest init

This works with Cursor, VS Code (GitHub Copilot), and Claude Code. It will authenticate via OAuth, create a Neon API key for you, and configure your editor automatically.

Option 2. Remote Hosted MCP Server (OAuth Based Authentication)

Connect to Neon's managed MCP server using OAuth for authentication. This is the easiest setup, requires no local installation of this server, and doesn't need a Neon API key configured in the client.

Run the following command to add the Neon MCP Server for all detected agents and editors in your workspace:

npx add-mcp https://mcp.neon.tech/mcp

Add the -g flag to add the Neon MCP Server to the global MCP server list instead of project-scoped.

Alternatively, you can add the following "Neon" entry to your client's MCP server configuration file (e.g., mcp.json, mcp_config.json):

{
  "mcpServers": {
    "Neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp"
    }
  }
}

Kiro: Add the following to your Kiro MCP config file (~/.kiro/settings/mcp.json for global, or .kiro/settings/mcp.json for project-scoped):

{
  "mcpServers": {
    "Neon": {
      "url": "https://mcp.neon.tech/mcp"
    }
  }
}

Or use the one-click install button at the top of this README. For more information, see the Kiro MCP documentation.

• Restart or refresh your MCP client.
• An OAuth window will open in your browser. Follow the prompts to authorize your MCP client to access your Neon account.

With OAuth-based authentication, the MCP server will, by default, operate on projects under your personal Neon account. To access or manage projects that belong to an organization, you must explicitly provide either the org_id or the project_id in your prompt to MCP client.

Option 3. Remote Hosted MCP Server (API Key Based Authentication)

Remote MCP Server also supports authentication using an API key in the Authorization header if your client supports it.

Create a Neon API key in the Neon Console. Next, run the following command to add the Neon MCP Server for all detected agents and editors in your workspace:

npx add-mcp https://mcp.neon.tech/mcp --header "Authorization: Bearer <$NEON_API_KEY>"

Alternatively, you can add the following "Neon" entry to your client's MCP server configuration file (e.g., mcp.json, mcp_config.json):

{
  "mcpServers": {
    "Neon": {
      "type": "http",
      "url": "https://mcp.neon.tech/mcp",
      "headers": {
        "Authorization": "Bearer <$NEON_API_KEY>"
      }
    }
  }
}

Provide an organization's API key to limit access to projects under the organization only.

Scopes and Read-Only Mode

Neon MCP supports OAuth scopes read, write, and * (* means both). Your MCP client can request these scopes directly, or you can make the selection in the OAuth permissions UI.

Read-only mode restricts which tools are available, disabling write operations like creating projects, branches, or running migrations. Read-only tools include listing projects, describing schemas, querying data, and viewing performance metrics.

You can set read-only mode in two ways:

1. OAuth scope selection (recommended): In OAuth, select read-only by unchecking Full access in the authorization UI.
2. readonly query param: Add ?readonly=true to your MCP server URL:

{
  "mcpServers": {
    "Neon": {
      "url": "https://mcp.neon.tech/mcp?readonly=true"
    }
  }
}

How the query param behaves:

• API key flow: readonly=true is the way to enable read-only mode (there is no OAuth scope exchange in this flow).
• OAuth flow: readonly=true overrides the OAuth scope. Without it, read-only is determined by the scope selected in the OAuth consent UI.

Legacy HTTP header x-read-only is also supported as a fallback (lower priority than the query param).

Note: Read-only mode restricts which tools are available. Further, the run_sql tool remains available only for read-only queries.

URL Query Params for Access Control

Grant context (scope categories, project scoping, read-only mode) is configured via URL query params on the MCP server URL. Config travels with every request and takes effect immediately — no re-auth needed.

Read-only + project-scoped example:

{
  "mcpServers": {
    "Neon": {
      "url": "https://mcp.neon.tech/mcp?readonly=true&projectId=my-project-id"
    }
  }
}

Category-filtered example (only querying and schema tools):

{
  "mcpServers": {
    "Neon": {
      "url": "https://mcp.neon.tech/mcp?category=querying&category=schema"
    }
  }
}

You can preview which tools are visible for any configuration using the /api/list-tools endpoint (no auth required):

curl "https://mcp.neon.tech/api/list-tools?readonly=true&category=querying"

• list_projects, list_shared_projects, describe_project, list_organizations
• describe_branch, list_branch_computes, compare_database_schema
• run_sql, run_sql_transaction, get_database_tables, describe_table_schema
• list_slow_queries, explain_sql_statement
• get_connection_string
• search, fetch, list_docs_resources, get_doc_resource

Tools requiring write access:

• create_project, delete_project
• create_branch, delete_branch, reset_from_parent
• provision_neon_auth, provision_neon_data_api
• prepare_database_migration, complete_database_migration
• prepare_query_tuning, complete_query_tuning

Server-Sent Events (SSE) Transport (Deprecated)

MCP supports two remote server transports: the deprecated Server-Sent Events (SSE) and the newer, recommended Streamable HTTP. If your LLM client doesn't support Streamable HTTP yet, you can switch the endpoint from https://mcp.neon.tech/mcp to https://mcp.neon.tech/sse to use SSE instead.

Run the following command to add the Neon MCP Server for all detected agents and editors in your workspace using the SSE transport:

npx add-mcp https://mcp.neon.tech/sse --type sse

Remote Server Architecture

The remote server runs as a Next.js App Router application on Vercel at mcp.neon.tech.

[!NOTE] The root / path redirects to Neon MCP Server docs. There is no landing page.

Core imple

…