feat: Add configurable verbose error mode for AI debugging

nateGeorge · nateGeorge · commit 8a5ff0cffcb4 · 2025-11-12T14:32:33.000-08:00
Problem: Error messages were intentionally sanitized for security,
making it impossible for AI agents to debug SQL command failures.

Solution: Added VERBOSE_ERRORS environment variable that exposes
full error details when enabled while keeping secure defaults.

Features:
- New errorHandler utility with formatError() and formatSqlError()
- SQL error details: number, state, class, lineNumber, serverName
- Stack traces and original error context
- Query context in error messages
- Secure by default (VERBOSE_ERRORS not set)
- Comprehensive error logging to console

Usage:
Set VERBOSE_ERRORS=true in MCP env config to enable full errors

Files Added:
- src/utils/errorHandler.ts (error formatting utilities)
- VERBOSE_ERRORS.md (complete documentation)

Files Modified:
- src/index.ts (use formatError in main handler)
- src/tools/ReadDataTool.ts (use formatSqlError for SQL errors)

Benefits:
✅ AI agents can debug SQL syntax errors
✅ Full error context for troubleshooting
✅ Toggle on/off without code changes
✅ Secure defaults for production

Ready for PR to upstream microsoft/SQL-AI-samples
diff --git a/MssqlMcp/Node/VERBOSE_ERRORS.md b/MssqlMcp/Node/VERBOSE_ERRORS.md
@@ -0,0 +1,201 @@
+# Enhanced Error Handling for MSSQL MCP Server
+
+## Problem
+
+The original MSSQL MCP server intentionally hides error details for security reasons, making it impossible for AI agents to debug SQL commands. Errors like this:
+
+```
+Failed to execute query: Database query execution failed
+```
+
+Provide no actionable information for debugging.
+
+## Solution
+
+Added configurable **VERBOSE_ERRORS** mode that exposes full error details when enabled, while keeping secure defaults for production.
+
+## Usage
+
+### Enable Verbose Errors
+
+Set the `VERBOSE_ERRORS` environment variable to `true` in your MCP configuration:
+
+**~/.mcp.json:**
+```json
+{
+  "mcpServers": {
+    "mssql_analytics": {
+      "command": "node",
+      "args": ["/path/to/SQL-AI-samples/MssqlMcp/Node/dist/index.js"],
+      "env": {
+        "SERVER_NAME": "your-server.database.windows.net",
+        "DATABASE_NAME": "your-database",
+        "READONLY": "true",
+        "VERBOSE_ERRORS": "true"
+      }
+    }
+  }
+}
+```
+
+### Error Output Comparison
+
+**Before (Production Mode - VERBOSE_ERRORS not set):**
+```json
+{
+  "success": false,
+  "message": "Failed to execute query: Database query execution failed",
+  "error": "SQL_EXECUTION_FAILED"
+}
+```
+
+**After (Verbose Mode - VERBOSE_ERRORS=true):**
+```json
+{
+  "success": false,
+  "message": "Failed to execute query: Invalid column name 'nonexistent_column'.",
+  "error": "SQL_EXECUTION_FAILED",
+  "details": {
+    "code": "EREQUEST",
+    "number": 207,
+    "state": 1,
+    "class": 16,
+    "lineNumber": 1,
+    "serverName": "your-server",
+    "procName": "",
+    "stack": "RequestError: Invalid column name 'nonexistent_column'.\n    at..."
+  }
+}
+```
+
+## Benefits
+
+### For AI Agents
+- **Full SQL error details**: Error number, state, line number
+- **Stack traces**: Complete error context for debugging
+- **Query context**: See which query failed (truncated for safety)
+- **Actionable feedback**: AI can identify and fix SQL syntax errors
+
+### For Developers
+- **Debug mode**: Toggle verbose errors on/off without code changes
+- **Secure by default**: Production mode hides sensitive details
+- **Comprehensive logging**: All errors logged to console regardless of mode
+
+## Error Information Exposed
+
+When `VERBOSE_ERRORS=true`, the following details are included:
+
+| Field | Description | Example |
+|-------|-------------|---------|
+| `code` | Error code | "EREQUEST" |
+| `number` | SQL error number | 207 |
+| `state` | SQL error state | 1 |
+| `class` | SQL error severity | 16 |
+| `lineNumber` | Line number in SQL | 1 |
+| `serverName` | Database server | "your-server.database.windows.net" |
+| `procName` | Stored procedure name | "" |
+| `stack` | Full stack trace | "RequestError: Invalid..." |
+| `originalError` | Original error object | {...} |
+
+## Security Considerations
+
+### Production Mode (Default)
+- ✅ Hides internal error details
+- ✅ Only shows safe patterns ("Invalid object name", "Invalid column name")
+- ✅ Prevents information leakage
+- ✅ Suitable for production environments
+
+### Verbose Mode (VERBOSE_ERRORS=true)
+- ⚠️ Exposes full error details
+- ⚠️ May reveal schema information
+- ⚠️ May expose server details
+- ✅ Excellent for development and debugging
+- ✅ Required for AI-assisted SQL debugging
+
+**Recommendation**: Only enable `VERBOSE_ERRORS=true` in:
+- Development environments
+- Testing/debugging sessions
+- Read-only database connections
+- Trusted environments where you control the AI agent
+
+## Implementation Details
+
+### Files Modified
+
+1. **src/utils/errorHandler.ts** (NEW)
+   - `formatError()`: General error formatting with verbose mode
+   - `formatSqlError()`: SQL-specific error formatting
+   - `isVerboseErrorMode()`: Check environment variable
+
+2. **src/index.ts**
+   - Updated main error handler to use `formatError()`
+
+3. **src/tools/ReadDataTool.ts**
+   - Updated catch block to use `formatSqlError()`
+   - Extracts query before try/catch for error context
+
+### Testing
+
+Test verbose error mode with an intentional error:
+
+```typescript
+// This will fail with verbose details
+const result = await callMCPTool('mcp__mssql_analytics__read_data', {
+  query: 'SELECT nonexistent_column FROM nonexistent_table'
+});
+
+console.log(JSON.stringify(result, null, 2));
+```
+
+**Expected Output (VERBOSE_ERRORS=true):**
+```json
+{
+  "success": false,
+  "message": "Failed to execute query: Invalid object name 'nonexistent_table'.",
+  "error": "SQL_EXECUTION_FAILED",
+  "details": {
+    "code": "EREQUEST",
+    "number": 208,
+    "state": 1,
+    "class": 16,
+    "lineNumber": 1,
+    "serverName": "...",
+    "stack": "..."
+  }
+}
+```
+
+## Future Enhancements
+
+Potential improvements for this feature:
+
+1. **Granular verbosity levels**:
+   - `VERBOSE_ERRORS=minimal`: Show error message only
+   - `VERBOSE_ERRORS=normal`: Show message + error codes
+   - `VERBOSE_ERRORS=full`: Show everything (current behavior)
+
+2. **Apply to all tools**: Currently only applied to ReadDataTool and main handler. Could extend to:
+   - UpdateDataTool
+   - InsertDataTool
+   - CreateTableTool
+   - etc.
+
+3. **Structured error codes**: Standardize error codes across all tools
+
+4. **Error categorization**: Group errors by type (syntax, permission, connection, etc.)
+
+## Contributing
+
+To open a PR with this feature:
+
+1. Fork the repository
+2. Create a feature branch: `git checkout -b feature/verbose-errors`
+3. Commit changes with clear messages
+4. Add tests demonstrating error visibility
+5. Update main README with VERBOSE_ERRORS documentation
+6. Open PR against upstream
+
+---
+
+*Last Updated: November 12, 2025*
+*Status: Ready for Testing & PR*
diff --git a/MssqlMcp/Node/src/index.ts b/MssqlMcp/Node/src/index.ts
@@ -138,8 +138,11 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
     };
   } catch (error) {
+    // Enhanced error handling with configurable verbosity
+    const { formatError } = await import("./utils/errorHandler.js");
+    const errorDetails = formatError(error, `call tool '${name}'`, 'TOOL_EXECUTION_FAILED');
     return {
-      content: [{ type: "text", text: `Error occurred: ${error}` }],
+      content: [{ type: "text", text: JSON.stringify(errorDetails, null, 2) }],
       isError: true,
     };
   }
diff --git a/MssqlMcp/Node/src/tools/ReadDataTool.ts b/MssqlMcp/Node/src/tools/ReadDataTool.ts
@@ -204,8 +204,8 @@ export class ReadDataTool implements Tool {
    * @returns Query execution result
    */
   async run(params: any) {
+    const { query } = params;  // Extract query before try/catch for error handler access
     try {
-      const { query } = params;
       
       // Validate the query for security issues
       const validation = this.validateQuery(query);
@@ -241,19 +241,9 @@ export class ReadDataTool implements Tool {
       };
       
     } catch (error) {
-      console.error("Error executing query:", error);
-      
-      // Don't expose internal error details to prevent information leakage
-      const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
-      const safeErrorMessage = errorMessage.includes('Invalid object name') 
-        ? errorMessage 
-        : 'Database query execution failed';
-      
-      return {
-        success: false,
-        message: `Failed to execute query: ${safeErrorMessage}`,
-        error: 'QUERY_EXECUTION_FAILED'
-      };
+      // Use enhanced error handler with configurable verbosity
+      const { formatSqlError } = await import('../utils/errorHandler.js');
+      return formatSqlError(error, query);
     }
   }
 }
diff --git a/MssqlMcp/Node/src/utils/errorHandler.ts b/MssqlMcp/Node/src/utils/errorHandler.ts
