How does pricing work?

Free tier covers 100 reads/day anonymously. For production usage, Starter is $499 one-time for setup + audit (see /managed), Managed Retainer is $999/mo, Enterprise starts at $4,999/mo. No per-query metering surprises.

mcp server · postgres

Postgres MCP server, without the self-hosting tax.

Q: Is there an official Postgres MCP server?

A reference Postgres MCP server existed in the modelcontextprotocol/servers repository and was moved to the archived-servers repo. It still functions as reference code but is no longer actively maintained by the steering group. Several community Postgres MCP servers exist and work fine for single-tenant local use. wmcp.sh is not affiliated with PostgreSQL or any community server; it is a hosted alternative that adds per-user credential isolation, edge routing, and audit logging.

Q: Does wmcp.sh store my database password?

Connection strings are stored encrypted in a per-user vault scoped to your wmcp.sh account. Each query call decrypts in-memory at the edge, runs against your Postgres, and the plaintext is never logged. You can rotate or revoke a connection string from the dashboard at any time without redeploying.

Q: Can agents write to my database?

By default the Postgres MCP tools wmcp.sh exposes are read-only. The query tool rejects DDL and DML statements (CREATE / INSERT / UPDATE / DELETE / ALTER / DROP / TRUNCATE) at the parser layer before they reach your database. Write access is opt-in per connection and requires explicit role configuration.

Q: Does the audit log capture parameter values?

Yes. Every query call writes a row containing: timestamp, calling client (Claude / Cursor / agent id), SQL statement, parameter values, row count returned, and execution time. The log is exportable from the dashboard and retained 30 days on Pro, 1 year on Enterprise.

Route Claude, Cursor, Codex, and any MCP client to your Postgres through wmcp.sh. Per-user credential vault, edge query routing, row-level audit log, parameterized read-only queries by default. wmcp.sh is not affiliated with PostgreSQL or the PostgreSQL Global Development Group.

Connect at https://wmcp.sh/mcp/postgres · setup ~3 minutes · free tier covers 100 reads/day

The wedge

Why route through wmcp.sh instead of running the official server.

The reference Postgres MCP server (originally shipped in the modelcontextprotocol/servers repo) was moved to the archived-servers repository in 2025 and is no longer actively maintained by the steering group. Community forks exist but are typically single-tenant: one binary, one connection string baked into config.

That's fine for local dev. It breaks the moment you want (a) more than one developer hitting the same DB, (b) credentials that aren't checked into a shared config, (c) an audit trail of which agent called which query, (d) Claude.ai / Cursor remote-MCP integration that needs an HTTPS endpoint, not stdio.

wmcp.sh adds the multi-tenant layer: encrypted per-user connection strings, an HTTPS endpoint with OAuth, automatic parameterized-query enforcement, and a row-level audit log. No Docker, no VPC, no on-call rotation for a database proxy.

What your agent gets

Postgres tools, MCP-shaped.

Eight tools, ready for Claude tool_use, OpenAI function-calling, or any MCP client.

postgres.queryRun a parameterized SELECT. Rejects DDL/DML at the parser.
postgres.list_schemasList non-system schemas in the connected database.
postgres.list_tablesList tables in a schema with row count estimates.
postgres.describe_tableColumns, types, nullability, defaults, indexes.
postgres.list_indexesIndexes for a table including the SQL definition.
postgres.explainRun EXPLAIN (FORMAT JSON) on a candidate query — no execution.
postgres.list_foreign_keysFK relationships for graph-style schema discovery.
postgres.list_extensionsInstalled extensions (pgvector, postgis, timescaledb, etc.).

Wire it up

Python — call Postgres MCP from a Claude agent.

# pip install anthropic mcp
import os
from anthropic import Anthropic
from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client

WMCP = "https://wmcp.sh/mcp/postgres"
TOKEN = os.environ["WMCP_TOKEN"]  # grab from /dashboard

async def ask(question: str):
    async with streamablehttp_client(WMCP, headers={"Authorization": f"Bearer {TOKEN}"}) as (r, w, _):
        async with ClientSession(r, w) as session:
            await session.initialize()
            tools = (await session.list_tools()).tools
            client = Anthropic()
            msg = client.messages.create(
                model="claude-opus-4-5",
                max_tokens=1024,
                tools=[{"name": t.name, "description": t.description, "input_schema": t.inputSchema} for t in tools],
                messages=[{"role": "user", "content": question}],
            )
            # dispatch tool_use blocks back to session.call_tool(...) — standard MCP loop
            return msg

# > await ask("How many orders did we ship last week, grouped by region?")

Side by side

Self-hosted Postgres MCP server vs wmcp.sh-routed.

Capability	Self-hosted reference / community server	wmcp.sh-routed
Transport	stdio (local only)	Streamable HTTP + OAuth, remote-MCP friendly
Multi-user credential isolation	Single conn-string in config	Per-user encrypted vault, rotatable
Audit log	None (you'd build it)	Row-level: who, when, statement, params, rows, ms
Read-only enforcement	Manual role config	Parser-layer rejection of DDL/DML + role-side belt
Schema introspection	Basic list_tables	Schemas, tables, columns, FKs, indexes, extensions
Works with Claude.ai connectors	No (stdio)	Yes (HTTPS + OAuth 2.1 DCR)
Setup time	30–90 min (Docker, network, secrets)	~3 minutes — paste conn-string, copy URL
Maintenance burden	You own it	We run it on Cloudflare's edge

FAQ

Common questions.

Is there an official Postgres MCP server?

A reference implementation existed in the modelcontextprotocol/servers repo and was moved to the archived-servers repo in 2025. Community Postgres MCP servers exist on GitHub and work for single-tenant local use. wmcp.sh is not affiliated with any of them — we're a hosted alternative that adds multi-tenant credential isolation, audit logging, and an HTTPS endpoint.

Does wmcp.sh store my database password?

Connection strings live in a per-user encrypted vault scoped to your wmcp.sh account. Plaintext is decrypted in-memory at the edge per request and never logged. Rotate or revoke at any time from /dashboard.

Can agents write to my database?

Default is read-only. postgres.query rejects DDL and DML at the parser before any traffic reaches your DB. Write access is opt-in per connection and recommended only for service-role connections.

What about pgvector / pgvector queries?

Yes — the query tool runs any valid read SQL, including vector similarity (<->, <=>) operators. postgres.list_extensions reports whether pgvector is installed so your agent can plan accordingly.

Does the audit log capture parameter values?

Yes — timestamp, client identity, statement, parameter values, row count, execution time. Retention is 30 days on Pro, 1 year on Enterprise.

Pricing?

Free 100 reads/day anonymous. Managed Starter $499 one-time for setup + audit, Managed Retainer $999/mo, Enterprise $4,999+/mo. See /managed.

For production

Need this in production?

If you're past the prototype stage and want a routed Postgres MCP endpoint with audit logs, SSO, and a configured read-only role on your DB, we'll set it up end-to-end. $499 one-time for Starter (setup + audit + one connection), Managed Retainer $999/mo for ongoing, Enterprise $4,999+/mo for VPC peering + dedicated support.

→ Managed setup ($499) Submit your MCP server (free)

Why route through wmcp.sh instead of running the official server.

Postgres tools, MCP-shaped.

Python — call Postgres MCP from a Claude agent.

Self-hosted Postgres MCP server vs wmcp.sh-routed.

Common questions.

Need this in production?

Related pages.