GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท mcp-server-neon

MCP Neon Server

vhosted remote (mcp.neon.tech); npm 0.6.5 deprecated

Neon (Databricks)

MCPdatabasepostgresqlserverlessneon
79
Strong
About This MCP

Official Neon MCP server for managing serverless Postgres via natural language: projects, branches, SQL execution, and branch-based safe migrations (20+ tools). Remote-only since Feb 2026 at https://mcp.neon.tech/mcp with OAuth (or API-key header); the local stdio CLI was removed and npm @neondatabase/mcp-server-neon (0.6.5) is deprecated. Full DDL/DML capability means Neon (Databricks-owned since May 2025) recommends development/testing use, not production databases.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
api reliability

API stability review of the hosted endpoint and underlying Neon platform

Evidence
Neon MCP Server docs โ€” Hosted server fronts the Neon Management API and Postgres; managed by Neon with automatic updates, removing local-version drift
highVerified: 2026-07-09
sql execution

SQL execution capability review

Evidence
Neon MCP Server docs - tools โ€” run_sql and transaction tools execute full Postgres queries and DDL/DML against any project branch, with schema-inspection tools for tables and columns
highVerified: 2026-07-09
branching operations

Branch tool review against Neon's instant-branching architecture

Evidence
Databricks-Neon acquisition announcement โ€” Neon's copy-on-write architecture spins up Postgres branches in under half a second; MCP tools create branches, compare schemas, and reset to parent state
highVerified: 2026-07-09
migration safety

Review of the prepare/complete migration workflow design

Evidence
Neon MCP Server docs - migrations โ€” Schema changes use a safe temporary-branch workflow: migrations are prepared and tested on a throwaway branch before being applied to the target, reducing the chance of destructive mistakes
highVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
authentication security

Authentication mechanism review of the OAuth flow and API-key fallback

Evidence
Neon blog - Bringing MCP to the Cloud โ€” Remote server acts as an OAuth client to Neon and OAuth server to MCP clients: users authorize via their Neon account instead of placing long-lived API keys in plaintext config files; API-key Authorization header remains available for non-interactive use
highVerified: 2026-07-09
prompt injection sql risk

Prompt-injection and SQL execution risk assessment relative to database MCP attack research

Evidence
Neon MCP Server docs - security guidance โ€” Docs instruct: 'Always review and authorize LLM-requested actions before execution. Restrict MCP access to trusted users and regularly audit access.' An agent reading untrusted rows while holding full SQL access remains exposed to the prompt-injection/data-leak class demonstrated against database MCPs in 2025; no result-wrapping mitigation is documented
highVerified: 2026-07-09
destructive operation control

Capability analysis of destructive tools and available guardrails

Evidence
Neon MCP Server docs - tools โ€” Tools include project deletion, branch deletion, and unrestricted DDL/DML; branch-based migration flow adds a safety layer for schema changes, but destructive actions are otherwise gated only by client-side tool approval and URL-parameter access controls
mediumVerified: 2026-07-09
key management

Key management review of OAuth-first credential model

Evidence
Neon blog - Bringing MCP to the Cloud โ€” Motivation for the remote model explicitly cited eliminating plaintext API keys in configuration files; OAuth grants are revocable from the Neon account, and hosted operation removes stale-version credential handling
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data exposure to llm

Data flow analysis of query and schema tool outputs

Evidence
MCP data flow architecture โ€” SQL result sets, schema definitions, and connection metadata returned by tools are sent to the LLM provider as tool results
highVerified: 2026-07-09
data residency

Data residency review of the remote-only architecture

Evidence
Neon MCP Server docs โ€” All MCP traffic now transits Neon's hosted server at mcp.neon.tech regardless of client; database regions are selectable in Neon, but there is no self-hosted MCP path since the stdio removal
mediumVerified: 2026-07-09
platform compliance

Platform compliance documentation review

Evidence
Neon privacy and compliance โ€” Neon platform (now part of Databricks) maintains SOC 2 and GDPR-aligned data processing commitments; MCP access inherits the platform's compliance posture
mediumVerified: 2026-07-09
self hosted option

Self-hosting options review after the remote-only transition

Evidence
neondatabase/mcp-server-neon issue #214 โ€” Local stdio CLI removed (Feb 2026, PR #198) and npm package @neondatabase/mcp-server-neon (0.6.5) deprecated; users report headless/gateway deployments broken with no self-hosted migration path
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review

Evidence
Neon docs - AI section โ€” Clear official documentation covering setup, OAuth and API-key auth, full tool reference by category, safety guidance, and explicit development-only recommendation
highVerified: 2026-07-09
open source transparency

Source code and license review

Evidence
neondatabase/mcp-server-neon repository โ€” Server source is MIT-licensed and public (617 stars, 115 forks), so the remote server's tool logic remains inspectable even though only Neon operates it
highVerified: 2026-07-09
deprecation communication

Change management and deprecation communication assessment

Evidence
neondatabase/mcp-server-neon issue #214 โ€” The forced local-to-remote shift deprecated the npm package and removed stdio with limited notice; CI/CD and gateway users were left without a supported migration path, an open trust concern for teams that depended on the local server
highVerified: 2026-07-09
vendor credibility

Maintainer reputation and corporate backing analysis

Evidence
Databricks press release โ€” Neon acquired by Databricks for ~$1B (announced 2025-05-14); the platform is officially maintained with strong backing and an AI-agent-first roadmap (80%+ of Neon databases were created by agents)
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of setup

Setup complexity assessment

Evidence
Neon MCP Server docs - setup โ€” Add https://mcp.neon.tech/mcp and complete the browser OAuth flow โ€” no installation, no API key handling, automatic updates
highVerified: 2026-07-09
operation coverage

Feature coverage assessment against database management workflows

Evidence
Neon MCP Server docs - tool reference โ€” 20+ tools across projects/organizations, branches (create, compare schemas, reset), SQL execution and transactions, safe migrations, query optimization, Neon Auth provisioning, Data API setup, and documentation search
highVerified: 2026-07-09
reliability

Reliability analysis of the hosted deployment model

Evidence
Neon status and platform โ€” Hosted MCP rides Neon's managed platform; single hosted endpoint is a shared dependency but removes local-version breakage
mediumVerified: 2026-07-09
ci cd compatibility

Non-interactive deployment compatibility assessment

Evidence
neondatabase/mcp-server-neon issue #214 โ€” OAuth-first remote server complicates headless, gateway, and CI/CD deployments; users report the stdio deprecation broke automated pipelines, with API-key header auth the remaining workaround
highVerified: 2026-07-09
maintenance activity

Repository activity and release model review

Evidence
neondatabase/mcp-server-neon repository โ€” Active development on the remote server with hosted auto-updates; local npm package frozen at deprecated 0.6.5
mediumVerified: 2026-07-09
Strengths
  • +OAuth-based remote server: no API keys in config files, revocable grants, automatic updates
  • +Branch-based safe migration workflow tests schema changes on throwaway branches first
  • +Sub-second copy-on-write branching makes disposable AI sandboxes practical
  • +20+ tools covering projects, branches, SQL, migrations, query optimization, and Neon Auth
  • +Backed by Databricks (acquired ~$1B, May 2025) with an AI-agent-first roadmap
  • +MIT-licensed source remains public and inspectable
Limitations
  • !Remote-only since Feb 2026: stdio removed, npm package deprecated, no self-hosted option
  • !Forced local-to-remote migration broke headless/gateway/CI-CD deployments (issue #214)
  • !Full DDL/DML on any connected database โ€” destructive actions gated mainly by client approval
  • !No documented prompt-injection mitigations (e.g., result wrapping or read-only mode) unlike some database MCP peers
  • !Query results and schemas exposed to the LLM provider
  • !Neon explicitly recommends development/testing use only, not production
  • !All MCP traffic transits Neon's hosted endpoint โ€” a shared availability and trust dependency
Metadata
license: MIT (source); hosted service operated by Neon
supported platforms
0: Any MCP client supporting streamable HTTP (remote)
programming languages
0: TypeScript
mcp version: 1.0
github repo: https://github.com/neondatabase/mcp-server-neon
github stars: 617
remote endpoint: https://mcp.neon.tech/mcp
deprecated package: @neondatabase/mcp-server-neon (0.6.5, deprecated; stdio CLI removed Feb 2026)
api dependency: Neon Management API / Postgres
authentication: OAuth (browser flow, default); Neon API key via Authorization header for non-interactive use
first release: 2024-12
remote launch: 2025-04-11
remote only since: 2026-02
maintained by: Neon (Databricks)
status: Active - remote-only hosted server
transport types
0: streamable-http (hosted)
installation methods
0: Remote MCP endpoint (OAuth)
1: Remote MCP endpoint (API-key header)

Use Case Ratings

code generation

Excellent for scaffolding schemas, migrations, and app databases during development

customer support

Can inspect data for support workflows, but production access is discouraged

content creation

Useful for spinning up content backends and prototypes quickly

data analysis

Full SQL over Postgres branches; branch snapshots enable safe analysis copies

research assistant

Good for building research datasets on disposable branches

legal compliance

Remote-only MCP path and LLM data exposure complicate strict compliance regimes

healthcare

Not recommended: PHI would transit Neon's MCP endpoint and the LLM provider

financial analysis

Usable on non-production branches; avoid live financial data

education

Great for learning Postgres โ€” instant free branches make experimentation safe

creative writing

Limited relevance beyond storing creative project data