Best used with an AI agent

40+ live apps, open data APIs, MCP servers, and 200+ guides - more than anyone wants to click through. Point your AI here and it reads the whole map and does the work: finds the tool, pulls the data, runs the analysis, and hands you the links.

Here for the open-source code? Your agent finds the right repo for you - and can even clone and deploy it.

Prefer to explore on your own? Go right ahead.

Paste this to Claude Code, Codex, or any AI agent:
Go to tigzig.com and read tigzig.com/llms.txt. It is a practitioner toolkit - 40+ analytics apps, open no-auth data APIs, MCP servers, open-source repos (github.com/amararun), and 200+ build guides. Help me [your task]. Surface the exact links; where there is an API or MCP, call it directly; and if I want to self-host, find the repo and help me deploy it.

MCP Server: Database Query Tool

A security-hardened, read-only SQL query API exposing Postgres and DuckDB as MCP tools for AI clients. Open endpoint for public use, secured endpoint with Auth0 OAuth.

GitHub Repo Security Checklist

Live Endpoints

#

Open MCP Endpoint (No Auth)

https://db-mcp.tigzig.com/v1/mcp/http

Recommended - Streamable HTTP (newer MCP spec, 2025-03-26). Try this first with Claude.ai, Cursor, n8n.

https://db-mcp.tigzig.com/v1/mcp/sse

SSE transport (2024-11-05).

https://db-mcp.tigzig.com/mcp

Legacy SSE - original endpoint, kept for backward compatibility. No API key, no login required on any open endpoint. Protected by 23 layers of security hardening.

Secured MCP Endpoint (Auth0 OAuth)

https://db-mcp.tigzig.com/v1/mcp-secure/http

Recommended - Streamable HTTP, Auth0-gated.

https://db-mcp.tigzig.com/v1/mcp-secure/sse

SSE transport, Auth0-gated.

https://db-mcp.tigzig.com/mcp-secure

Legacy SSE, Auth0-gated - kept for backward compatibility. All secured endpoints require Auth0 login with email whitelist. To get access, reach out via the contact link below. Same databases and tools, with authentication on top.

What's Inside

#

Two databases, ~2 million rows of cricket ball-by-ball data (2013-2025):

  • Postgres (Supabase) - ODI cricket, ~1M rows
  • DuckDB (embedded) - T20 cricket, ~1M rows
  • Both read-only at database and application level
  • JSON and TSV output (TSV uses ~70% fewer tokens)

Connect from Claude Code, Claude Desktop, Claude.ai (web connectors), Claude in Excel, or any MCP-compatible client. Setup instructions in the README.

Security Hardening

#

The open endpoint is intentionally public - no auth, anyone with the URL can query. This is safe because of a 23-layer defense stack covering:

  • Cloudflare WAF + application-level rate limiting
  • Per-IP and global concurrency caps
  • 12-layer SQL validation - prefix allowlist, keyword blocklist, resource exhaustion blocking, self-join detection, response size limits, comment rejection
  • System catalog and metadata function blocking
  • Query timeouts with DuckDB engine interrupt
  • Database-level read-only enforcement (Postgres + DuckDB)
  • DuckDB resource limits + container resource limits
  • Error message sanitization - no internal details leaked
  • Auth0 OAuth with JWT verification on the secured endpoint

Full details in the README. For a broader web app security checklist (95 items across all stacks), see tigzig.com/security.

Deploy Your Own

#

The source code is open (Apache 2.0). Clone, configure your databases, and deploy:

git clone https://github.com/amararun/shared-fastapi-database-mcp.git
pip install -r requirements.txt
cp .env.example .env  # add your DB connection strings
uvicorn app:app --host 0.0.0.0 --port 8000

Swap in your own Postgres or DuckDB databases. Auth0 OAuth is optional - set the AUTH0_* environment variables to enable the secured endpoint, or leave them unset to run with just the open endpoint.

Stack: FastAPI, asyncpg, DuckDB, fastapi-mcp, python-jose, SlowAPI.

Resources

Database MCP GitHub

Source code, README, security-hardening notes
TIGZIG Security Checklist

95-item security checklist for AI-coded web apps
FastAPI-MCP

Tadata's package to convert any FastAPI into an MCP server
Bugs,issues,questions? Drop a note: [email protected]