Tools Reference
Complete reference for the tools available to Claude via dbtrail
The following tools are available to Claude and other AI assistants connected to dbtrail.
list_servers
List all registered MySQL servers for the current tenant.
Parameters
None required.
Response
Returns a list of servers, each containing:
id— server UUID (use asserver_idin other tools)name— human-readable server namehost— MySQL hostnameport— MySQL portstatus— current server status (pending,active,disconnected, etc.)
list_tables
List schemas and tables that have indexed binlog data on a server. Call this before query or recover to discover valid schema and table names.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server (from list_servers) |
Response
Returns a list of schema/table pairs that have indexed change data:
server_id— UUID of the queried servertables— array of{"schema": "...", "table": "..."}objects
query
Search indexed binlog changes by schema, table, time range, or event type.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
schema | string | yes | Database schema name (e.g. mydb) |
table | string | yes | Table name (e.g. orders) |
event_type | string | no | INSERT, UPDATE, or DELETE |
pk | string | no | Filter by primary key value (use | for composites, e.g. 12345|2) |
gtid | string | no | Filter by GTID (e.g. 3e11fa47-...:42) |
changed_column | string | no | Filter UPDATEs by changed column name (e.g. email) |
since | string | no | Start time (ISO 8601) |
until | string | no | End time (ISO 8601) |
limit | integer | no | Max results (1–1000, default: 100) |
order | string | no | ASC (oldest first) or DESC (newest first, default) |
include_forensics | boolean | no | Enrich events with who made the change (user, host, program). Default: false |
Response
Returns:
success— whether the operation succeededtotal_count— the true total number of matching events (regardless oflimit)has_more— whether there are more events beyond the limitevents— list of change events (capped bylimit), each containing:event_type— INSERT, UPDATE, or DELETEtimestamp— when the change occurredschema/table— where the change happenedprimary_key— primary key of the affected row (as an object)before— row state before the change (null for INSERTs)after— row state after the change (null for DELETEs)
total_count vs events length
total_count reflects the real number of matching events in the index, not the number of events returned. If you only need the count (not the events themselves), use count_events instead — it's much more efficient.
count_events
Count indexed binlog change events with optional grouping. Returns aggregate counts without transferring row data — much more efficient than query for answering volume questions.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
schema | string | no | Filter by schema (omit for all schemas) |
table | string | no | Filter by table (omit for all tables) |
event_type | string | no | INSERT, UPDATE, or DELETE |
since | string | no | Start time (ISO 8601) |
until | string | no | End time (ISO 8601) |
group_by | array | no | Group results by schema, table, and/or event_type |
Response
Returns:
success— whether the operation succeededtotal— sum of all event countsgroups— array of count groups (sorted by count descending), each containing:schema— schema name (present when grouped by schema)table— table name (present when grouped by table)event_type— event type (present when grouped by event_type)count— number of matching events
Example
With group_by: ["schema", "table"] and event_type: "INSERT":
{
"success": true,
"groups": [
{ "schema": "demo", "table": "metrics", "count": 12440 },
{ "schema": "demo", "table": "order_items", "count": 8910 },
{ "schema": "demo", "table": "audit_log", "count": 4823 },
{ "schema": "demo", "table": "orders", "count": 3022 }
],
"total": 29195
}recover
Generate SQL statements to reverse database changes. Always runs in dry-run mode — the SQL is generated but never executed.
Recovery is FK-aware by default — if a parent row referenced by a foreign key was also deleted, it is automatically included in the recovery SQL in the correct dependency order.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
schema | string | yes | Database schema name |
table | string | yes | Table name |
primary_keys | array | no | Primary key values to recover |
target_time | string | no | ISO 8601 point-in-time to recover to |
resolve_fk | boolean | no | Auto-resolve missing FK parent rows (default: true) |
include_dependents | boolean | no | Also recover deleted child rows that reference the recovered parent (default: false) |
Response
Returns:
success— whether the operation succeededsql— the recovery SQL (wrapped in a transaction, topologically sorted for FK correctness)affected_rows— number of rows affectedoperations— list of individual recovery operationsrecovery_steps— (when FK resolution is active) ordered list of steps, each with areasonexplaining why it was includedwarnings— notes about skipped tables, depth limits reached, or circular dependencies detected
Recovery logic
| Original event | Generated SQL |
|---|---|
| DELETE | INSERT INTO ... (restores deleted row) |
| UPDATE | UPDATE ... SET (reverts to previous values) |
| INSERT | DELETE FROM ... (removes inserted row) |
FK resolution
When resolve_fk is enabled (the default), recover automatically:
- Walks up the FK chain to find deleted parent rows that must be restored first (up to 5 levels deep)
- Walks down the FK chain when
include_dependents: trueto include deleted child rows - Topologically sorts all statements so parents are inserted before children
- Wraps with
SET FOREIGN_KEY_CHECKS=0/1when circular or self-referencing FKs are detected - Deeper FK chains are skipped with a warning
status
Get streaming status for a server — replication lag, binlog position, events indexed, and disk usage.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | no | UUID of a registered server (omit for the most recent active server) |
Response
Returns server and stream health details including:
server_id— UUID of the server- Replication position, lag, and event counts
forensics_capabilities
Check what forensic data sources are available on a MySQL server — whether performance_schema is enabled, which consumers are active for statement history, and whether an audit log plugin is installed.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
Response
Returns performance_schema status (enabled, consumers, thread accessibility) and audit_log status (installed, plugin name, variant, config).
who_changed
Trace who modified a specific row. Queries binlog events for the given table and primary key to show what changed and when, with forensic enrichment (user/host attribution) when available from performance_schema.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
schema | string | yes | Database schema name |
table | string | yes | Table name |
pk | string | yes | Primary key value |
since | string | no | Only show changes after this time (ISO 8601) |
until | string | no | End time filter (ISO 8601) |
limit | integer | no | Max events to return (1–1000, default: 50) |
Response
Returns binlog change events with forensic metadata (user, host, program) when available.
user_activity
Show all recent activity by a specific MySQL user. Queries performance_schema.events_statements_history_long for recent SQL statements including query text, duration, rows affected, and connection details.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
user | string | yes | MySQL username to investigate |
since | string | no | Start time (ISO 8601) |
until | string | no | End time (ISO 8601) |
limit | integer | no | Max results (default: 50) |
Response
Returns recent SQL statements with query text, duration, and rows affected. When performance_schema is unavailable, returns fallback SQL queries.
connection_history
Show connections from a specific MySQL user or host/IP. Returns current active connections with user, host, database, command state, and running query.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
server_id | string | yes | UUID of the registered server |
user | string | no | MySQL username (at least one of user or host required) |
host | string | no | Client host or IP address |
limit | integer | no | Max results (default: 50) |
Response
Returns matching connections with metadata. When performance_schema is unavailable, returns fallback SQL queries.
Access rules
Several tools enforce access rules:
query/batch_query— strips unauthorized columns frombefore/afterimages and removes forensic SQL text when columns are restrictedcount_events— enforces table-level access when a specific schema and table are targetedwho_changed— enforces table-level access and removes forensic SQL text when columns are restrictedrecover— enforces table-level access and removes forensic SQL text when columns are restricted
If the connected user's role has no access to the queried table, the tool returns an error.
Permissions
All tools require the mcp:connect permission, which is available to analysts, operators, admins, and owners. Viewers do not have access to these tools.
AI integration vs REST API permissions
Through the AI integration, all tools are accessible to any role with mcp:connect. The REST API endpoints have additional per-operation permission requirements (e.g., recover:execute for the /recover endpoint).