Custom tools allow you to define reusable, parameterized SQL operations that are automatically registered as MCP tools. They provide type-safe interfaces for common database queries without writing repetitive code.
Custom tools are ideal for:
- Frequently used queries: Define once, use everywhere without rewriting SQL
- Standardized data access: Ensure consistent query patterns across your team
- Controlled database access: Expose specific operations without granting broad SQL access
- AI-friendly interfaces: Give AI models well-defined tools with clear parameters instead of open-ended SQL
- Complex queries: Encapsulate JOINs, aggregations, or multi-step operations into simple tool calls
- Parameter validation: Enforce type checking and allowed values before queries execute
Configuration
Custom tools are defined in your dbhub.toml configuration file. See the TOML Configuration documentation for complete configuration reference.
Required fields:
name - Unique tool identifier
description - What the tool does (helps AI models)
source - Database source ID to use
statement - SQL query with parameter placeholders
parameters - Parameter definitions (optional)
See TOML Configuration - Tool Options for detailed field descriptions, parameter types, and validation rules.
Examples
Basic Query
Simple SELECT query with a single parameter:
Search with Limit
Search query with optional limit parameter:
Optional Filter with Enum
Query with optional status filter using enum validation:
Multiple Database Types
The same tool pattern works across different databases, just adjust the parameter placeholder syntax:
PostgreSQL
MySQL/MariaDB/SQLite
SQL Server
See Parameter Placeholders for syntax reference.
Common Patterns
Flexible Filtering
Use COALESCE or NULL checks to make parameters optional:
Date Range Queries
Aggregation Queries
Security & Validation
SQL Injection Protection
Custom tools use parameterized queries, which provide automatic protection against SQL injection attacks. Parameter values are never interpolated directly into SQL strings.
Always use parameter placeholders. Never concatenate user input into SQL statements.
Readonly Mode
The readonly setting on execute_sql only affects that tool. Custom tools are controlled by their SQL statement - DBHub analyzes the statement to determine if it’s read-only.
Max Rows Enforcement
For custom tools with parameterized LIMIT clauses, the connector’s max_rows setting still applies:
Startup Validation
Tools are validated when the server starts:
- All required fields must be present
- The specified source must exist
- Tool names must be unique and cannot conflict with built-in tools (
execute_sql, search_objects)
- Parameter count must match SQL placeholders
- Parameter types must be valid
If validation fails, the server will not start and will display detailed error messages.
Custom tools return the same response format as execute_sql:
Success:
Error:
Best Practices
- Use descriptive names: Tool names should clearly indicate their purpose (e.g.,
get_active_users_by_department rather than query1)
- Write detailed descriptions: Help AI models understand when to use the tool by providing clear, complete descriptions
- Document parameter constraints: Include units, ranges, and format expectations in parameter descriptions
- Leverage enums: Use
allowed_values for parameters with a fixed set of valid options
- Provide defaults: Make tools easier to use by providing sensible defaults for optional parameters
- Keep tools focused: Each tool should perform a single, well-defined operation
- Test parameter combinations: Ensure optional parameters work correctly in all combinations
- Use multi-line strings: For complex SQL, use TOML’s
""" multi-line syntax for readability
See Also