How to Set Up a MySQL MCP Server With OpenAI Codex

Friday afternoon. Payroll review was coming up and someone on the ops team pinged asking which employees had logged overtime above 10 hours that week. I wasn't going to write that query by hand and I wasn't going to hand them a CSV from a BI tool that was three days stale. I was already in Codex. I typed the question. It wrote the query. Done in a minute.

Here's how to set that up for your MySQL database.

Part of the MySQL MCP Server guide.

What you'll need

• A MySQL database (read replica recommended)
• A QueryBear account (free to start)
• OpenAI Codex CLI installed (npm install -g @openai/codex or the platform installer)

Why route through a gateway

Handing Codex a raw DATABASE_URL gives the agent write access if your user has it, and even a SELECT-only role won't catch expensive queries that hammer your production instance. QueryBear's gateway parses every query before execution, checks tables against your allowlist, blocks specific columns, enforces row limits, and logs every call. Your credentials stay inside QueryBear. The full explanation lives in the MySQL MCP Server guide.

Connect QueryBear to your MySQL database

1. Open the QueryBear dashboard and click "New connection."
2. Pick MySQL, then paste a connection URL for a read replica with a user that has SELECT privilege only.
3. Under "Allowed tables," add the tables you want the agent to query. Under "Blocked columns," add anything you don't want in terminal output: password_hash, salary, ssn.
4. Save. QueryBear tests the connection and you're done.

Install the QueryBear MCP server in Codex

Open ~/.codex/config.toml and add:

[mcp_servers.querybear]
url = "https://mcp.querybear.com/mcp"

Codex reads this on the next invocation. No service restart, no daemon. You can also drop a .codex/config.toml file at your project root if you only want QueryBear available inside that project.

Ask your first question

I asked: "List employees with overtime above 10 hours this week."

Codex pulled the schema from QueryBear, identified the employees and time_entries tables, and generated:

SELECT
  e.id,
  e.name,
  SUM(t.hours_worked) - 40 AS overtime_hours
FROM employees e
JOIN time_entries t ON t.employee_id = e.id
WHERE t.hours_worked > 40
  AND t.week_starting >= DATE_SUB(CURDATE(), INTERVAL DAYOFWEEK(CURDATE()) - 1 DAY)
GROUP BY e.id, e.name
HAVING overtime_hours > 10
ORDER BY overtime_hours DESC;

QueryBear ran it through the parser, confirmed every table was on the allowlist, and returned the result set. The ops team had their answer before I finished my coffee.

One MySQL-specific thing to know: MySQL does implicit type coercion in WHERE clauses, so if your hours_worked column is stored as a DECIMAL and Codex writes a comparison against an integer, it'll still work -- but be specific in your question if you need exact types. QueryBear will pass through whatever MySQL returns, including coerced results.

A Codex-specific tip

Pass --resume when starting a new Codex session to carry forward the last MCP context:

codex --resume

If you've already done schema discovery in a previous session, --resume skips that round-trip and goes straight to the query. For multi-step investigations -- checking overtime, then drilling into a specific team, then comparing against last week -- this saves meaningful time.

Codex runs sandboxed by default, so your local filesystem is protected. Any MCP error (a blocked table, an allowlist miss) comes back as readable plain text in the terminal, not a silent failure.

Using a different tool?

• Claude Code
• Claude Cowork
• Cursor
• Windsurf
• ChatGPT
• Gemini

Querying a different database?

• Postgres MCP Server
• SQLite MCP Server