Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.querybear.com/llms.txt

Use this file to discover all available pages before exploring further.

QueryBear is a managed MCP (Model Context Protocol) server that gives AI assistants safe, read-only access to your databases. Drop the QueryBear MCP endpoint into Claude Code, Cursor, ChatGPT, Codex, Windsurf, or Claude Desktop, and your agent can answer questions like “how many users signed up last week?” by writing a real SQL query against your real database — without you giving it the ability to break anything.

The problem

AI agents are useful only when they can see your data. But pointing them at your production database directly is a disaster waiting to happen:
  • A misbehaving agent could run DROP TABLE users and you’d find out at 3am.
  • A prompt-injected agent could SELECT * FROM api_keys and exfiltrate secrets.
  • A naive agent could SELECT * from your 800-million-row events table and DoS your read replica.
  • A non-technical user has no way to audit what queries the agent actually ran.
The standard advice — “just use a read-only Postgres role” — solves the first problem and none of the others. Read-only roles can still read every column, run unbounded scans, and don’t help you when the agent itself is being manipulated.

What QueryBear does

QueryBear sits between the agent and your database as a hardened SQL gateway:

SQL parser enforces read-only

Every query is parsed before execution. INSERT, UPDATE, DELETE, and all DDL are rejected at the gateway — not just by the database role.

Allow-listed tables

Only tables you opt in are visible to the agent. Everything else is invisible in schema responses and rejected if queried.

Blocked columns

Mark sensitive columns (passwords, tokens, PII) once. They’re stripped from schema results and any query referencing them is rejected.

Row limits and timeouts

Every query gets an enforced LIMIT and a wall-clock timeout. The agent can’t accidentally pull millions of rows or run a 10-minute scan.

Full audit log

Every query, every schema fetch, every connection — logged with timestamp and originating client. Available in the dashboard.

Works with any MCP client

Claude Code, Claude Desktop, Cursor, Codex, Windsurf, and ChatGPT all supported with one-line config.

Supported databases

Supported AI clients

Next steps

Quickstart

Connect your first database and wire up an AI client in 5 minutes.

What is MCP?

New to Model Context Protocol? Start here.

Security model

The full defense-in-depth model and threat assumptions.

Setup guides

Step-by-step guides for every database × AI client combination.