QueryBear
Get started
Built for agents

Talk to your database with MCP. Securely.

All it takes is one DROP TABLE to ruin a weekend. QueryBear sits between your AI agents and your database — blocking unsafe, slow, or destructive queries.

Get started freeHow it works
AI AGENTSYOUR KNOWLEDGE GRAPHClaudeCursorMCPuserssessionseventsordersproductsreviewssubscriptionspaymentsWOVEN FROMPostgresMySQLSQLiteQueryBearQUERY FLOW1Hears your ask“who signed up this week andwhat's their average usage?”2Maps your knowledge graph47 tables, 312 relations indexed3Traces the pathusers → sessions → events4Casts the SQLSELECT id, name FROM users…SELECT user_id, count(*)…SELECT AVG(duration) FROM…5Returns the answer
See architecture
What this unlocks

What QueryBear unlocks.

Automatically debug customer complaints.

Build this with QueryBearHow it works
1
User reports
"User 4821 says their March renewal failed."
2
Agent queries QueryBear
querybear.run_query(sql: "SELECT * FROM payments WHERE user_id = 4821 ORDER BY created_at DESC LIMIT 3")
3 rows · last attempt 2026-03-12 · status: declined · code: insufficient_funds
3
Agent answers
Card was declined for insufficient funds. The retry job did not re-run because the user has "manual retry" enabled. Send a payment-method update link.

Pick the audience that fits.

For startupsFor developersFor enterprises

One platform, total control.

Everything you need to give AI agents safe database access — from schema discovery to audit logging.

querybear — Auto-detect schema
$ querybear schema refresh --connection prod-postgres
Connecting to prod-postgres...
Scanning tables...  ████████████████████  100%
✓ Found 24 tables, 186 columns, 12 foreign keys
 
  users           14 columns
  orders          11 columns
  products         9 columns
  subscriptions    8 columns
  invoices         7 columns
  payments        10 columns
  teams            6 columns
  addresses       12 columns
  reviews          5 columns
  ... 15 more tables
 
Detecting relationships...
✓ 12 foreign keys mapped
✓ Schema cached and ready for queries

Works with your database.

Connect Postgres, MySQL, or SQLite in seconds — including every managed flavor built on them. Same safety layers, same audit trail, zero config.

Core engine

PostgreSQL

Full schema detection. Connect with just your credentials.

Core engine

MySQL

Works out of the box — same safety layers, zero config.

Core engine

SQLite

Lightweight, local, and embedded. Great for prototyping.

Postgres

Neon

Postgres

Supabase

Postgres

AWS Aurora

Postgres

Amazon RDS

Postgres

Cloud SQL

Postgres

Timescale

Postgres

CockroachDB

Postgres

Railway

Postgres

PlanetScale

MySQL

MariaDB

MySQL

Aurora MySQL

MySQL

MySQL

TiDB

MySQL

Turso

SQLite

SQLite

libSQL

SQLite

Fine-grained access control.

Define exactly which columns each role can see. Sensitive data stays hidden from the people who don't need it.

access_policy
Roleidnameemailphoneaddressdobsalaryssnbank_account
Admin
Engineer
Analyst
Support
Marketing

Connect your AI agent.

QueryBear exposes an MCP server your AI agents can use to safely query your databases — no extra setup required.

{
  "mcpServers": {
    "querybear": {
      "url": "https://mcp.querybear.com/mcp"
    }
  }
}

Paste into .cursor/mcp.json in your project root.

get_schemarun_query
claude mcp add querybear https://mcp.querybear.com/mcp

Run this command in your terminal.

get_schemarun_query
{
  "mcpServers": {
    "querybear": {
      "serverUrl": "https://mcp.querybear.com/mcp"
    }
  }
}

Add to your MCP config in Windsurf settings.

get_schemarun_query
{
  "mcpServers": {
    "querybear": {
      "url": "https://mcp.querybear.com/mcp"
    }
  }
}

Add to your claude_desktop_config.json file.

get_schemarun_query
https://mcp.querybear.com/mcp

Paste this URL when adding an MCP server in ChatGPT.

get_schemarun_query

Common questions.

QueryBear currently supports PostgreSQL, MySQL, and SQLite. We're actively expanding to more databases — reach out if you need a specific one.

Your database credentials are encrypted at rest. Every query goes through a security layer with table allowlists, column-level privacy controls, and read-only enforcement. A full audit log tracks every query an agent runs.

No. You control exactly which tables and columns agents can see. QueryBear enforces read-only access by default, and your database credentials are never exposed to agents. We also have a desktop app coming soon — with it, database requests never leave your computer.

Any MCP-compatible client works out of the box — including Cursor, Claude Desktop, Claude Code, Windsurf, and ChatGPT. You just paste a single URL.

Absolutely. The Business plan supports team API key management so multiple agents and team members can share controlled access to the same databases. Admins get full RBAC controls to limit which tables, columns, and operations each team member or agent can access.