Read-only SQL CLI for agentic workflows

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for pseudosavant from gravatar.com pseudosavant

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Paul
  • Tags agent , cli , mysql , postgresql , sql , sqlite
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

sql-agent-cli

sql-agent-cli is a read-only SQL CLI for agentic workflows.

It is designed to run safe, single-statement queries against configured database targets and return deterministic output that tools like Codex CLI and Claude Code can consume reliably.

V1 targets:

  • MySQL
  • MariaDB
  • PostgreSQL
  • SQLite

Status

This repo is currently under active development.

The current behavior target is defined in spec.md.

Install and run

Local development:

uv run ./sql_agent_cli.py --help
uv run ./sql_agent_cli.py "SELECT 1"

Packaged command target:

uvx sql-agent-cli --help
sql-agent-cli "SELECT 1"

Primary usage

Happy path for agents and humans:

sql-agent-cli "SELECT id, name FROM users LIMIT 10"

If a default target is configured, that should usually be the first thing you try. You normally do not need to inspect config files or hunt for environment details before running a query.

Default target:

sql-agent-cli "SELECT id, name FROM users LIMIT 10"

Named target:

sql-agent-cli --target reporting "SELECT COUNT(*) AS total FROM users"

Explicit query flag:

sql-agent-cli --target reporting --query "SELECT NOW()"

SQL file:

sql-agent-cli --target reporting --sql-file query.sql

Stdin:

Get-Content query.sql | sql-agent-cli --target reporting

One-off SQLite query without config:

sql-agent-cli --engine sqlite --path C:\data\app.db "SELECT * FROM customers LIMIT 5"

Auth

sql-agent-cli is designed to prefer native client credential mechanisms over password arguments.

Supported v1 auth patterns:

  • PostgreSQL: PG* environment variables and .pgpass
  • MySQL/MariaDB: option files such as ~/.my.cnf
  • Generic fallback: --password-stdin
  • Optional human fallback: --prompt-password

sql-agent-cli does not document or guarantee MYSQL_PWD as a public credential source.

Bootstrap native auth files

Seed a PostgreSQL template:

sql-agent-cli config init-native-auth --engine postgres
sql-agent-cli config init-native-auth --engine postgres --target reporting

Seed a MySQL template:

sql-agent-cli config init-native-auth --engine mysql
sql-agent-cli config init-native-auth --engine mysql --target dev

When --target NAME is provided, the tool pre-fills non-secret fields such as host, port, database, and user where possible, while leaving the password blank.

Config

User config path:

~/.sql-agent-cli/config.toml

Example:

[defaults]
target = "dev"
format = "json"
max_rows = 200
connect_timeout_seconds = 8
query_timeout_seconds = 15

[targets.dev]
engine = "mysql"
host = "az-mysql-pub-sona-asia1-dev.mysql.database.azure.com"
port = 3306
database = "asiadev_2794"
user = "paul"
ssl_mode = "required"

[targets.reporting]
engine = "postgres"
host = "db.example.com"
port = 5432
database = "app"
user = "report_reader"
ssl_mode = "required"

[targets.local_sqlite]
engine = "sqlite"
path = "C:/data/app.db"

Config commands:

sql-agent-cli config show
sql-agent-cli config set-default-target NAME
sql-agent-cli config add-target NAME [options]
sql-agent-cli config remove-target NAME
sql-agent-cli config init-native-auth --engine postgres [--target NAME]
sql-agent-cli config init-native-auth --engine mysql [--target NAME]
sql-agent-cli targets

config show displays effective target settings and credential-source hints without revealing secrets.

Output

Supported formats:

  • json
  • markdown
  • table
  • csv

Default format:

  • json

Stdout is reserved for payload output. Diagnostics and errors go to stderr.

Read-only guarantee

V1 is read-only by design.

Intended allowed statement classes include:

  • SELECT
  • WITH ... SELECT
  • SHOW
  • DESCRIBE / DESC
  • EXPLAIN

The tool rejects mutating or administrative statements before execution and executes exactly one statement per invocation.

SSL

Secure defaults are required by default for network databases.

Supported model:

  • --ssl-mode required
  • --ssl-mode preferred
  • --ssl-mode disabled
  • --insecure as shorthand for --ssl-mode preferred

Development direction

Implementation choices currently targeted by the spec:

  • PyMySQL[rsa] for MySQL and MariaDB
  • psycopg[binary] for PostgreSQL
  • stdlib sqlite3 for SQLite
  • sqlglot for parser-backed SQL validation

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for pseudosavant from gravatar.com pseudosavant

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Paul
  • Tags agent , cli , mysql , postgresql , sql , sqlite
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

This version

0.10.0

0.9.2

0.9.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sql_agent_cli-0.10.0.tar.gz (44.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sql_agent_cli-0.10.0-py3-none-any.whl (19.0 kB view details)

Uploaded Python 3

File details

Details for the file sql_agent_cli-0.10.0.tar.gz.

File metadata

  • Download URL: sql_agent_cli-0.10.0.tar.gz
  • Upload date:
  • Size: 44.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sql_agent_cli-0.10.0.tar.gz
Algorithm Hash digest
SHA256 e6a81db6b63aca4be63ad2021a14ee3a0fa3cb54a32f63088390f3670fe4833b
MD5 6b0d1fd3ee330f8ddf121e37ca065ca6
BLAKE2b-256 cc855d57f146a688b4e71c8085f37bc965ac68f185155f0a5308408a28dd774d

See more details on using hashes here.

Provenance

The following attestation bundles were made for sql_agent_cli-0.10.0.tar.gz:

Publisher: publish.yml on pseudosavant/sql-agent-cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sql_agent_cli-0.10.0-py3-none-any.whl.

File metadata

  • Download URL: sql_agent_cli-0.10.0-py3-none-any.whl
  • Upload date:
  • Size: 19.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sql_agent_cli-0.10.0-py3-none-any.whl
Algorithm Hash digest
SHA256 110f7c1ddfab0720417b9a3ab884174ff9966298fb18dad6250ffb6129e80a37
MD5 1dcfcf0bd8a5ee0e6e0adc7117b56e36
BLAKE2b-256 9e5b5c11f1fa0f219fe56ab8d2699c8b1c0ba9340b1457fab5aa3e9a4c5ec113

See more details on using hashes here.

Provenance

The following attestation bundles were made for sql_agent_cli-0.10.0-py3-none-any.whl:

Publisher: publish.yml on pseudosavant/sql-agent-cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page