1 question
Run a Postgres MCP server through a read-replica with a role that has only the column-level SELECT grants you actually want, plus row-level security on every multi-tenant table. The npm reference server is archived; vendor a known-good copy or write a thin wrapper.