
Turso Cloud MCP Server
Manage Turso databases and run SQL from an agent, with separate read-only and destructive query tools.
Add to your client
Copy the config for your MCP client and paste it into its config file.
npx -y mcp-turso-cloudPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"turso-cloud-mcp-server": {
"command": "npx",
"args": [
"-y",
"mcp-turso-cloud"
],
"env": {
"TURSO_API_TOKEN": "<your-turso-api-token>",
"TURSO_ORGANIZATION": "<your-organization-name>",
"TURSO_DEFAULT_DATABASE": "<optional-default-database>"
}
}
}
}Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- Node.js with npx
- A Turso account with a Platform API token (from the Turso dashboard)
- Your Turso organization name; optionally a default database name
About Turso Cloud MCP Server
Turso hosts libSQL (SQLite-compatible) databases at the edge, and this server exposes both halves of the platform to agents. Organization tools call the Turso Platform API: list every database in the org, create new ones (with group and multi-region options), delete them, and generate scoped database tokens with configurable expiration and permission ('full-access' or 'read-only'). Database tools then run against individual databases: table listing, schema description, queries, and vector similarity search using SQLite vector extensions.
The two-level auth model is the interesting design decision. You configure one org-level API token; the server derives database-level tokens on demand, caches them, and rotates as needed (defaults tunable via TOKEN_EXPIRATION and TOKEN_PERMISSION). That means one credential in config, but it is the most powerful credential Turso offers — the trade-off to weigh.
The read/write split addresses the classic LLM-runs-SQL risk: execute_read_only_query rejects anything that isn't SELECT/PRAGMA, so MCP clients can safely auto-approve it, while execute_query is the explicit-approval path for mutations. The README is emphatic about reviewing SQL before approving destructive calls.
Caveats: it is a small community project (16 stars) maintained by one developer, not affiliated with Turso, and there is no HTTP transport — stdio only, via npx or a WSL-wrapped node invocation on Windows. For personal projects and prototyping against Turso it covers the full workflow; for team production use, evaluate maturity first.
Tools & capabilities (9)
list_databasesList all databases in your Turso organization.
create_databaseCreate a database with optional group and regions.
delete_databaseDelete a database from the organization.
generate_database_tokenMint a token for a database with expiration and permission level.
list_tablesList all tables in a database.
execute_read_only_queryRun SELECT/PRAGMA queries only — safe for auto-approval.
execute_queryRun INSERT/UPDATE/DELETE/CREATE/DROP and other mutating SQL.
describe_tableGet schema information for a table.
vector_searchVector similarity search using SQLite vector extensions.
What this server can do
Turso Cloud MCP Server provides tools for these capabilities — tap one to see every MCP server that does the same:
When to use it
- Query and explore Turso databases conversationally during development
- Spin up or tear down edge databases for prototypes from chat
- Vector similarity search over embeddings stored in libSQL
- Generate scoped read-only tokens for apps without opening the dashboard
Quick setup
- 1Create a Platform API token in the Turso dashboard
- 2Add {"command": "npx", "args": ["-y", "mcp-turso-cloud"]} under mcpServers with TURSO_API_TOKEN and TURSO_ORGANIZATION in env
- 3Optionally set TURSO_DEFAULT_DATABASE so queries need no explicit database parameter
- 4Restart your MCP client and test with 'list my turso databases'
- 5On Windows/WSL, use the README's wsl.exe bash -c wrapper configuration
Security notes
Early-stage community project (small user base), and the org-level TURSO_API_TOKEN it holds can create and delete entire databases — scope expectations accordingly and keep destructive tools behind approval. The README's own warning applies: always read the SQL before approving execute_query, and note generated database tokens default to full-access with 7-day expiry.
Turso Cloud MCP Server FAQ
Is mcp-turso-cloud safe to point at production databases?
Be careful: it holds an organization-level token that can create and delete databases, and execute_query runs arbitrary mutating SQL. The tool split helps — auto-approve only execute_read_only_query — but for production data prefer read-only usage and review every destructive statement. It is also an early-stage community project, not an official Turso product.
How does the two-level authentication work?
You supply one org-level Platform API token; the server uses it for management operations and to automatically generate per-database tokens, which are cached and rotated. Generated token defaults are configurable via TOKEN_EXPIRATION (default 7d) and TOKEN_PERMISSION (default full-access).
Does it support vector search?
Yes — the vector_search tool performs similarity search over a vector column using SQLite vector extensions, with a query vector and result limit as parameters. Store embeddings in a libSQL table and the agent can query nearest neighbors.
Alternatives to Turso Cloud MCP Server
Compare all alternatives →Google's official MCP server with prebuilt BigQuery tools, querying datasets via Application Default Credentials.
Create, manage, and query your InstantDB apps, schemas, permissions, and data from your AI editor.
Compare Turso Cloud MCP Server with: