mcp-sql — Cross-Platform DB Bridge for Copilot
Read-Only MCP for SQL Server + IBM DB2 (z/OS & LUW)
Context
MCP-SQL is the integration layer that lets a Claude agent safely read across legacy DB2 (z/OS and LUW) and SQL Server analytics replicas without exposing per-developer database credentials. The architectural call: pull database access out of every individual developer's hands and into a single auditable, read-only MCP boundary — defence-in-depth read-only (connection-level readonly=True plus a statement-prefix allow-list), a catalog-resolution waterfall that transparently handles SYSCAT (DB2 LUW) → SYSIBM (DB2 z/OS) → INFORMATION_SCHEMA, and hard query caps (500 rows / 60 seconds) so a hallucinated query can't block the agent or run away the DB. In the Modernization Factory, MCP-SQL is the tool layer the schema-analysis agents call when they need to ground a translation decision in real legacy schema state. Includes a domain-specific COBOL PIC mapper that auto-generates copybook host-variable declarations from DB2 column types — the single most repetitive task in mainframe modernization, collapsed to seconds. Saves an estimated 30–45 minutes per developer per day on DB exploration; the copybook generator collapses a 20-min manual task to seconds.
Architecture
What I owned
- The architectural call: one auditable read-only boundary instead of per-developer DB credentials — the pattern that makes LLM-assisted modernization safe at team scale
- Component of the Modernization Factory: the tool layer the schema-analysis agents call to ground every translation decision in real legacy schema state
- Defence-in-depth read-only: connection-level readonly=True AND statement-prefix allow-list (rejects EXEC, MERGE, etc.) — write paths blocked even if the model hallucinates one
- Catalog waterfall — tries DB2 LUW SYSCAT, then DB2 z/OS SYSIBM, then ANSI INFORMATION_SCHEMA, returns first non-empty (transparent to the agent)
- COBOL copybook auto-generation: CHAR(n)→PIC X(n), DECIMAL(p,s)→PIC S9(p-s)V9(s) COMP-3, nullable indicators included — the domain-specific tool nobody else's MCP server has
- Hard caps: 500 rows/query, 60-second timeout — prevents runaway queries from blocking the agent or saturating the DB
- Saves ~30–45 min/day per developer on DB exploration; copybook generator collapses a 20-min manual task to seconds