MCP in ide99

ide99 doesn't bring its own LLM into the IDE. Instead, the app acts as an MCP server that an AI agent of your choice connects to — Claude Code, Cursor, Windsurf, Cline, or any other compatible client. The agent sees the active connection, the current query, and the last result — and writes SQL in the context of what you're looking at.

What MCP is

Model Context Protocol — an open standard from Anthropic for connecting LLM agents to external tools and data sources. Spec: modelcontextprotocol.io.

In the context of ide99 it means:

ide99 runs a local MCP server (by default on a Unix socket, no network port).
The client (Claude Code etc.) connects to the socket.
The client invokes ide99's tools: "run a SELECT", "get EXPLAIN", "read this table's schema", "show the last result".
Every call passes through your confirmation in ide99.

Why this and not "AI directly in the editor"

Your agent — your keys. You pick the LLM, billed by the provider directly. ide99 doesn't route prompts through our servers.
Wider context. An agent in Claude Code knows not just the database but also the repo, files, tests. That gives answers a built-in "AI helper" in the IDE can't.
Less lock-in. Tomorrow a better agent comes out — switch the client, ide99 doesn't need to change.

What the agent can do

The agent has access to 20 tools, split into three security tiers:

Read (auto-allow in read-only mode)

db_query_readonly — run a SELECT
db_explain — fetch the query plan
db_explain_analyze — run with EXPLAIN ANALYZE
schema_list — list tables/views/functions
schema_describe — DDL and columns of one table
result_last_get — last result in the editor
editor_current_query — what's currently in the editor
health_status — current Health screen indicators

Write (requires confirmation)

db_query_write — INSERT/UPDATE/DELETE
db_ddl — CREATE INDEX/ALTER TABLE/etc.
index_create_concurrently
vacuum_analyze

Dangerous (requires confirmation + name typing)

db_drop — DROP TABLE/INDEX
db_truncate
pg_terminate_backend

Access control

For every call from the agent ide99 shows a dialog:

Claude Code → run db_query_write
  UPDATE orders SET status='paid' WHERE id IN (123, 456);

[ Allow once ]  [ Allow read-only session ]
[ Allow with confirm for each ]  [ Deny ]

Writes to the database are never auto-executed — every write requires manual confirmation, even after Allow once.

Details: Access control & audit.

Audit

Every MCP call is written to mcp-audit.log next to the profile:

OS	Path
macOS	`~/Library/Application Support/ide99/mcp-audit.log`
Linux	`~/.config/ide99/mcp-audit.log`
Windows	`%APPDATA%\ide99\mcp-audit.log`

Format — JSONL, one line per action with timestamp, tool, args, decision (allow/deny), client ID. The file is local, never sent anywhere.

What ide99 does NOT do

Doesn't run its own LLM on your data.
Doesn't send your queries or results to our servers.
Doesn't store agent prompts and responses outside the local audit log.
Doesn't connect to external APIs without your explicit action.

Connect AI clients — set up Claude Code, Cursor, Windsurf.
Access control & audit — allow/deny details and audit.