Add SQL_ENCRYPT flags and keep MCP stdio JSON-clean

src/node/README.md

@@ -59,6 +59,8 @@ npm install -g @connorbritain/mssql-mcp-server@latest
 | `DATABASE_NAME` | Yes | Target database |
 | `SQL_AUTH_MODE` | | `sql`, `windows`, or `aad` (default: `aad`) |
 | `SQL_USERNAME` / `SQL_PASSWORD` | | Required for `sql`/`windows` modes |
+| `SQL_ENCRYPT` | | `true`/`false` (default: `true`). Azure SQL / Synapse require encryption. |
+| `TRUST_SERVER_CERTIFICATE` | | `true`/`false` (default: `false`) |
 | `READONLY` | | `true` disables write tools |
 | `ENVIRONMENTS_CONFIG_PATH` | | Multi-environment JSON config |
 | `SCRIPTS_PATH` | | Named SQL scripts directory |

src/node/src/config/EnvironmentManager.ts

@@ -17,6 +17,7 @@ export interface EnvironmentConfig {
   username?: string;
   password?: string;
   domain?: string;
+  encrypt?: boolean;
   trustServerCertificate?: boolean;
   connectionTimeout?: number;
 
@@ -80,6 +81,14 @@ function resolveSecretsInConfig<T extends Record<string, any>>(config: T): T {
   return resolved;
 }
 
+const parseBool = (value: string | undefined, defaultValue: boolean): boolean => {
+  if (value === undefined) return defaultValue;
+  const normalized = value.toString().trim().toLowerCase();
+  if (["true", "1", "yes"].includes(normalized)) return true;
+  if (["false", "0", "no"].includes(normalized)) return false;
+  return defaultValue;
+};
+
 export class EnvironmentManager {
   private readonly environments: Map<string, EnvironmentConfig>;
   private defaultEnvironment?: string;
@@ -144,7 +153,8 @@ export class EnvironmentManager {
       username: process.env.SQL_USERNAME,
       password: process.env.SQL_PASSWORD,
       domain: process.env.SQL_DOMAIN,
-      trustServerCertificate: process.env.TRUST_SERVER_CERTIFICATE?.toLowerCase() === "true",
+      encrypt: parseBool(process.env.SQL_ENCRYPT ?? process.env.ENCRYPT, true),
+      trustServerCertificate: parseBool(process.env.TRUST_SERVER_CERTIFICATE, false),
       connectionTimeout: process.env.CONNECTION_TIMEOUT
         ? parseInt(process.env.CONNECTION_TIMEOUT, 10)
         : 30,
@@ -318,7 +328,7 @@ export class EnvironmentManager {
           user: env.username,
           password: env.password,
           options: {
-            encrypt: false,
+            encrypt: env.encrypt ?? true,
             trustServerCertificate: env.trustServerCertificate ?? false,
           },
         },
@@ -336,7 +346,7 @@ export class EnvironmentManager {
         config: {
           ...baseConfig,
           options: {
-            encrypt: false,
+            encrypt: env.encrypt ?? true,
             trustServerCertificate: env.trustServerCertificate ?? false,
           },
           authentication: {
@@ -365,7 +375,7 @@ export class EnvironmentManager {
       config: {
         ...baseConfig,
         options: {
-          encrypt: true,
+          encrypt: env.encrypt ?? true,
           trustServerCertificate: env.trustServerCertificate ?? false,
         },
         authentication: {

src/node/src/index.ts

@@ -1,6 +1,11 @@
 #!/usr/bin/env node
 
 // External imports
+// Keep MCP stdio JSON clean by sending logs to stderr
+const origError = console.error.bind(console);
+console.log = origError;
+console.info = origError;
+console.warn = origError;
 import { Buffer } from "node:buffer";
 import * as dotenv from "dotenv";
 import sql from "mssql";