MR DB Query Guard

Database MCP query guard

Let agents query data without turning the database into a liability.

A hosted remote MCP SaaS that lets agents query databases through policy, approval, redaction, and audit reports.

View pricing plans
Read-only runner PII redaction Approval queue Query audit
Policy verdict Review Approval required
Generated SQL 
SELECT status, COUNT(*) AS row_count, SUM(amount) AS total_amount
FROM payments
WHERE created_at >= CURRENT_DATE - INTERVAL '30 days'
GROUP BY status
ORDER BY total_amount DESC
LIMIT 100

Policy console

Connect a database, classify schema, simulate SQL, approve exceptions, and export proof.

DSN vault

Encrypted binding design
Postgres productionServer-side binding, read-only role, no prompt-visible secret.
Supabase warehousePolicy scope: customers, payments, subscriptions.
MongoDB analyticsCollection rules and audit-only preview path.

Read-only runner

Allowlist
CheckRuleVerdict
SQL verbSELECT onlyPass
Row limit100 defaultPass
PII fieldsMask or approveReview
DDL / writesBlockedDeny

Approval queue

Team plan
  1. Agent asksNatural-language request and generated SQL are captured.
  2. Policy simulatesRisky SQL is blocked; sensitive reads request approval.
  3. Reviewer decidesExceptional queries get a reviewer, reason, and expiry.
  4. Evidence exportsQuery hash, verdict, and redaction policy are packaged.

Usage logs

No raw secrets
simulate_queryq_7b92a18e - approval_required - team
run_approved_queryq_12c90b21 - allowed - redacted preview
export_query_auditaudit_61af0c - evidence_packet

Paid remote MCP

Agents get fixed tools, not broad database credentials.

DB Query Guard exposes inspect_schema, classify_columns, simulate_query, request_query_approval, run_approved_query, and export_query_audit. Every response is structured JSON with verdict, query hash, sensitive columns, redacted preview, and audit metadata.

{
  "endpoint": "https://dbqueryguard.clauxel.com/mcp",
  "auth": "Authorization: Bearer <token>",
  "tool": "simulate_query",
  "returns": ["verdict", "queryHash", "sensitiveColumns", "redactedPreview", "audit"]
}

Pricing

Choose the query governance workflow your team needs.

Team is the default plan for shared SQL approval, redaction, and audit exports.

Analyst

For one analyst or BI consultant proving safe agent SQL access.

$69/mo
  • One DSN vault binding design
  • Schema sensitivity classification
  • Read-only simulation
  • One paid MCP token
Default

Team

For data teams approving agent SQL with shared evidence.

$219/mo
  • Approval queue
  • PII redaction policies
  • Query hash audit logs
  • Report exports and usage history

Regulated

For finance, healthcare, and regulated teams that need durable proof.

$699/mo
  • Two-reviewer approvals
  • Evidence packet exports
  • Regional policy profiles
  • Priority onboarding support