Queryshield

Name: Queryshield
Author: bch1212

bch1212/queryshield

Route agent-generated natural language into audited, row-level-scoped SQL instead of handing your database credentials to the model.

Overview

QueryShield is a MCP server for the Operate phase that proxies agent SQL with NL→SQL, AST safety, per-agent RLS, and audit logging.

What is this MCP server?

Natural language to SQL with AST-based safety checks before execution
Per-agent row-level security (RLS) so each agent sees only allowed rows
Audit log of agent queries for production accountability
PyPI stdio package queryshield-mcp with QUERYSHIELD_API_KEY
Optional QUERYSHIELD_BASE_URL override for non-default deployments
Server version 1.0.1 via PyPI package queryshield-mcp
Capabilities: NL→SQL, AST safety, per-agent RLS, audit log
Optional QUERYSHIELD_BASE_URL endpoint override

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 1 GitHub stars.

What problem does it solve?

You want your coding agent to query the database, but direct credentials and unreviewed SQL are an unacceptable leak and blast-radius risk.

Who is it for?

Indie operators running agent-assisted internal tools or support bots who need NL queries with RLS and auditability on a real database.

Skip if: Greenfield projects with no database yet, or teams fine with read-only static exports instead of live governed SQL.

What do I get? / Deliverables

After you issue agent keys and connect the MCP, queries flow through QueryShield with safety checks, scoped rows, and logs you can review.

Agent-executed SQL passing AST safety and RLS boundaries
Audit log entries for accountability on agent-driven queries

Recommended MCP Servers

A2dbagentic-eng/a2db

a2db is a stdio MCP server that provides safe, read-only database access for AI agents, supporting five database types w…2 stars

AdoMcpJohn0King/AdoMCP

io.github.JoeyBrar/agentseal is misplaced - wait, this is adomcp. AdoMcp is a database-focused MCP server for solo build…

Afgong Sqlite Mcp Serverafgong/sqlite-mcp-server

ai.smithery/afgong-sqlite-mcp-server is a Smithery-hosted MCP server that lets coding agents interact with a Messages-st…

AI ERD

com.ai-erd/ai-erd is a hosted MCP server for AI-powered entity-relationship diagramming and database schema management e…

Airtablemcparmory/registry

com.mcparmory/airtable is an MCP server that performs create, read, update, and delete operations against Airtable bases…25 stars

Airtabledomdomegg/airtable-mcp-server

The Airtable MCP server by domdomegg bridges Claude Code, Cursor, Codex, and other MCP clients to Airtable’s REST API so…447 stars

Journey fit

Primary fit

OperateInfrastructure & cost

A secure SQL proxy matters when agents touch production or staging data—a post-ship operations and infra control. Infra is the shelf because QueryShield sits between agents and your database with policy, AST checks, and logging.

How it compares

Secure database proxy MCP—not a generic ORM code-generation skill.

Common Questions / FAQ

Who is QueryShield for?

Builders who already expose databases to AI agents and need AST-checked SQL, per-agent RLS, and audit logs instead of sharing connection strings.

When should I use QueryShield?

Use it in Operate when agents run recurring analytics or ops queries against staging or production and you must enforce scope and traceability.

How do I add QueryShield to my agent?

Install queryshield-mcp from PyPI, set QUERYSHIELD_API_KEY (and QUERYSHIELD_BASE_URL if needed), register the stdio server in your MCP client, and restart.

Queryshield

bch1212/queryshield

Route agent-generated natural language into audited, row-level-scoped SQL instead of handing your database credentials to the model.

Overview

QueryShield is a MCP server for the Operate phase that proxies agent SQL with NL→SQL, AST safety, per-agent RLS, and audit logging.

What is this MCP server?

Natural language to SQL with AST-based safety checks before execution
Per-agent row-level security (RLS) so each agent sees only allowed rows
Audit log of agent queries for production accountability
PyPI stdio package queryshield-mcp with QUERYSHIELD_API_KEY
Optional QUERYSHIELD_BASE_URL override for non-default deployments
Server version 1.0.1 via PyPI package queryshield-mcp
Capabilities: NL→SQL, AST safety, per-agent RLS, audit log
Optional QUERYSHIELD_BASE_URL endpoint override

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 1 GitHub stars.

What problem does it solve?

You want your coding agent to query the database, but direct credentials and unreviewed SQL are an unacceptable leak and blast-radius risk.

Who is it for?

Indie operators running agent-assisted internal tools or support bots who need NL queries with RLS and auditability on a real database.

Skip if: Greenfield projects with no database yet, or teams fine with read-only static exports instead of live governed SQL.

What do I get? / Deliverables

After you issue agent keys and connect the MCP, queries flow through QueryShield with safety checks, scoped rows, and logs you can review.

Agent-executed SQL passing AST safety and RLS boundaries
Audit log entries for accountability on agent-driven queries

Recommended MCP Servers

A2dbagentic-eng/a2db

a2db is a stdio MCP server that provides safe, read-only database access for AI agents, supporting five database types w…2 stars

AdoMcpJohn0King/AdoMCP

io.github.JoeyBrar/agentseal is misplaced - wait, this is adomcp. AdoMcp is a database-focused MCP server for solo build…

Afgong Sqlite Mcp Serverafgong/sqlite-mcp-server

ai.smithery/afgong-sqlite-mcp-server is a Smithery-hosted MCP server that lets coding agents interact with a Messages-st…

AI ERD

com.ai-erd/ai-erd is a hosted MCP server for AI-powered entity-relationship diagramming and database schema management e…

Airtablemcparmory/registry

com.mcparmory/airtable is an MCP server that performs create, read, update, and delete operations against Airtable bases…25 stars

Airtabledomdomegg/airtable-mcp-server

The Airtable MCP server by domdomegg bridges Claude Code, Cursor, Codex, and other MCP clients to Airtable’s REST API so…447 stars

Journey fit

Primary fit

OperateInfrastructure & cost

How it compares

Secure database proxy MCP—not a generic ORM code-generation skill.

Common Questions / FAQ

Who is QueryShield for?

Builders who already expose databases to AI agents and need AST-checked SQL, per-agent RLS, and audit logs instead of sharing connection strings.

When should I use QueryShield?

Use it in Operate when agents run recurring analytics or ops queries against staging or production and you must enforce scope and traceability.

How do I add QueryShield to my agent?

Install queryshield-mcp from PyPI, set QUERYSHIELD_API_KEY (and QUERYSHIELD_BASE_URL if needed), register the stdio server in your MCP client, and restart.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is QueryShield for?

When should I use QueryShield?

How do I add QueryShield to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is QueryShield for?

When should I use QueryShield?

How do I add QueryShield to my agent?