Guides
Jun 15, 2026
What a raw MCP server leaves wide open
Every agent shares one connection string
A raw MCP server hands each agent the same database credentials. With no per-agent identity, you can't tell which agent ran which query — or revoke just one of them.
Full-table reads, PII included
Without masking on the read path, an agent that queries a users table sees every email, token, and secret in clear text — the model, the logs, and the context window now hold it too.
Writes reach production unreviewed
An agent can run an UPDATE or a DROP with no approval, no SQL review, and no rollback path. One bad tool call and there's no record of what changed or who to ask.
How Bytebase governs the agent-to-database path
Per-agent identity, not a shared secret
Every agent connects through Bytebase as itself — scoped, revocable, and traceable — and never holds a database credential.
Every agent authenticates as itself
Each agent connects with its own identity, so access can be scoped, revoked, and traced per agent instead of hidden behind a shared connection string.
Scoped to the data it needs
Grant an agent read on three tables, not the whole database. Permissions are explicit, least-privilege, and can expire automatically.
No raw connection string
Agents never hold database credentials. Bytebase brokers the connection, so the secret never leaves your control or lands in a prompt.
Masking on the read path
Sensitive columns are masked at query time, so an agent gets the answer it needs without ever seeing the raw PII behind it.
Dynamic masking by role
Sensitive columns are masked the moment results render, based on the agent's role — emails, tokens, and keys stay hidden.
Policies follow the data
Define sensitivity labels once; masking applies across every schema change, every database, and every agent session.
Read access without exposure
Agents answer questions over your data without the underlying secrets ever entering the model context or the audit log.
Writes go through review
Every agent write clears the same SQL review and approval bar as a human change — with full history and a clean rollback path.
SQL review before execution
Every agent write is checked against your review policies before it touches the database, catching unsafe patterns up front.
Approvals for risky changes
DDL and bulk DML route to a human approver automatically; bounded, low-risk writes stay on the fast path.
Full history and rollback
Every agent change carries actor, diff, and timestamp, with a clean rollback path — auditors never need a spreadsheet export.
One MCP server, controls for every team
Integrations
Designed to integrate across modern enterprise environments
Bytebase connects to databases, developer tooling, and collaboration platforms to fit naturally into complex, multi-tool enterprise ecosystems.
Resources
