MCP database servers give AI agents direct database access — and most ship without masking, RBAC, or audit. FutrixData wraps your MCP database access with masking on the agent result path, query guardrails, per-agent identity, and a local hash-chained audit log (with a built-in audit verify CLI) — without changing how Claude Code, Cursor, or Codex connect. Local verification only; trust and limitations pages document the full scope.
The Model Context Protocol (MCP) is an open standard that lets AI agents discover and call external tools — including databases. Reference MCP servers exist for Postgres, MySQL, MongoDB, and others. They make agent integration easy. They also tend to give every connected agent the same database privileges, with no per-agent identity, no field-level masking, and no centralized audit trail.
If your only database boundary is "the MCP server is on a private port," you have a perimeter — not a policy.
FutrixData speaks MCP as one of several entry points (alongside Skill, HTTP, and CLI). From Claude Code or Cursor it looks like an MCP server with the standard tools (list_data_sources, execute_query, etc.). Internally, every call passes through:
The agent's tool surface is the same. The behavior — and the assurance you can give a security team — is not.
Configuration is the same as any MCP server: a JSON entry in the agent's MCP config pointing at the FutrixData binary or the Enterprise Edition HTTP endpoint, plus a per-agent access key. Each installation gets its own key, so revocation is precise.
{
"mcpServers": {
"futrixdata": {
"command": "futrixdata",
"args": ["mcp"],
"env": {
"FUTRIXDATA_AGENT_KEY": "fxd_live_..."
}
}
}
}{
"mcpServers": {
"futrixdata": {
"url": "https://futrixdata.internal.example.com/mcp",
"headers": { "Authorization": "Bearer fxd_live_..." }
}
}
}The Model Context Protocol — an open standard for connecting AI agents to external tools. Anthropic shipped reference servers for several databases. MCP defines the wire protocol, not the security model.
FutrixData speaks MCP as one entry point. It's also reachable via Skill, HTTP, and CLI — all sharing the same risk engine and audit pipeline. From the agent's side, it looks and behaves like an MCP server.
They're great for getting started and risky as a long-term production posture. They have no per-agent identity, no field-level masking, no risk engine, and minimal audit. FutrixData is what you put in front of (or in place of) them once an actual production database is in scope.
Yes. Any MCP-compliant client connects (Cursor, Codex, Windsurf, OpenCode, custom). For agents that don't speak MCP, the Skill and HTTP entry points cover everything else.
Yes — they're entry points to the same gateway. An organization commonly uses MCP for IDE-side agents (Claude Code, Cursor) and HTTP for backend automation, with one audit log covering both.
Free desktop app on macOS, Windows, and Linux. Self-hosted Enterprise Edition for production deployments.