Built for agents

Talk to your database with MCP. Securely.

All it takes is one DROP TABLE to ruin a weekend. QueryBear sits between your AI agents and your database — blocking unsafe, slow, or destructive queries.

Download for macOS Use web version

See architecture

One platform, total control.

Everything you need to give AI agents safe database access — from schema discovery to audit logging.

querybear — Auto-detect schema

$ querybear schema refresh --connection prod-postgres
Connecting to prod-postgres...
Scanning tables...  ████████████████████  100%
✓ Found 24 tables, 186 columns, 12 foreign keys
 
  users           14 columns
  orders          11 columns
  products         9 columns
  subscriptions    8 columns
  invoices         7 columns
  payments        10 columns
  teams            6 columns
  addresses       12 columns
  reviews          5 columns
  ... 15 more tables
 
Detecting relationships...
✓ 12 foreign keys mapped
✓ Schema cached and ready for queries

All local, own your data.

Every query, credential, and result stays on your engineer's machine. Nothing touches the cloud.

Download for macOS

Native Desktop App

A macOS app. No browser, no cloud, no middleman.

Local Network Only

Queries go from your machine to your database. Nothing in between.

Zero Data Exposure

Credentials, schema, and results never touch an external server.

Works with your databases.

Connect Postgres, MySQL, or SQLite in seconds. Same safety layers, same audit trail, zero config.

PostgreSQL

Full schema detection, instant connection. Just add your credentials.

MySQL

Works with MySQL out of the box — same safety layers, same audit trail, zero config.

SQLite

Lightweight and local. Great for prototyping and embedded use cases.

Fine-grained access control.

Define exactly which columns each role can see. Sensitive data stays hidden from the people who don't need it.

access_policy

Role	id	name	email	phone	address	dob	salary	ssn	bank_account
Admin
Engineer
Analyst
Support
Marketing

Connect your AI agent.

QueryBear exposes an MCP server your AI agents can use to safely query your databases — no extra setup required.

{
  "mcpServers": {
    "querybear": {
      "url": "https://mcp.querybear.com/mcp"
    }
  }
}

Paste into .cursor/mcp.json in your project root.

get_schemarun_query

claude mcp add querybear https://mcp.querybear.com/mcp

Run this command in your terminal.

get_schemarun_query

{
  "mcpServers": {
    "querybear": {
      "serverUrl": "https://mcp.querybear.com/mcp"
    }
  }
}

Add to your MCP config in Windsurf settings.

get_schemarun_query

{
  "mcpServers": {
    "querybear": {
      "url": "https://mcp.querybear.com/mcp"
    }
  }
}

Add to your claude_desktop_config.json file.

get_schemarun_query

https://mcp.querybear.com/mcp

Paste this URL when adding an MCP server in ChatGPT.

get_schemarun_query

Common questions.

QueryBear currently supports PostgreSQL, MySQL, and SQLite. We're actively expanding to more databases — reach out if you need a specific one.

Your database credentials are encrypted at rest. Every query goes through a security layer with table allowlists, column-level privacy controls, and read-only enforcement. A full audit log tracks every query an agent runs.

No. You control exactly which tables and columns agents can see. QueryBear enforces read-only access by default, and your database credentials are never exposed to agents. We also have a desktop app coming soon — with it, database requests never leave your computer.

Any MCP-compatible client works out of the box — including Cursor, Claude Desktop, Claude Code, Windsurf, and ChatGPT. You just paste a single URL.

Absolutely. The Business plan supports team API key management so multiple agents and team members can share controlled access to the same databases. Admins get full RBAC controls to limit which tables, columns, and operations each team member or agent can access.