Connects Claude to Postgres, MySQL, MariaDB, or SQLite databases with AST-based read-only guardrails. Exposes six MCP tools: list_schemas, list_tables, describe_table, run_readonly_query, explain_query, and get_safedb_policy. The SQL parser blocks writes, enforces table allowlists and denylists, caps row counts, and masks PII fields using redact, email, partial, or hash strategies before returning results. Every query attempt lands in a JSONL audit log. Reach for this when you want AI agents to inspect and query production databases without risking mutations or credential leaks. Ships with a CLI, Docker support, and YAML config with environment variable expansion for connection strings.
claude mcp add --transport stdio narekmalk-safedb-mcp uvx safedb-mcp