Skip to main content
By default, Isthmus exposes all non-system schemas in your database. The SCHEMAS environment variable lets you restrict visibility to only the schemas you choose.

Configuration

Set the SCHEMAS environment variable to a comma-separated list: 
SCHEMAS=public,analytics isthmus
Or in your MCP client config: 
{
  "mcpServers": {
    "isthmus": {
      "command": "isthmus",
      "env": {
        "DATABASE_URL": "postgres://user:pass@localhost:5432/mydb",
        "SCHEMAS": "public,analytics"
      }
    }
  }
}

Behavior

When SCHEMAS is not set (default)

All non-system schemas are visible. System schemas (pg_catalog, information_schema, pg_toast) are always excluded. The AI can discover and query any user-created schema in the database.

When SCHEMAS is set

Only the listed schemas are visible. All tools respect this filter:
ToolEffect
discoverOnly returns the allowed schemas and their tables
describe_tableOnly works for tables in allowed schemas
queryQueries can reference any table, but schema discovery is limited
Schema filtering restricts discovery, not SQL execution. A query like SELECT * FROM hidden_schema.secret_table will still execute if the database user has access. For true access control, use PostgreSQL roles and grants. See Security.

Use cases

  • Multi-tenant databases — expose only the tenant’s schema
  • Staging vs. production — hide staging schemas from the AI
  • Large databases — reduce noise by focusing on the schemas that matter
  • Compliance — limit discovery of schemas containing sensitive data

Example

A database with schemas public, analytics, staging, and internal: 
# AI sees only public and analytics
SCHEMAS=public,analytics

# AI sees everything except system schemas
# (just don't set SCHEMAS)