Skip to content

SQLatte Documentation

The Governed Data Layer for AI Agents and Analysts

Most teams give AI assistants raw database credentials. SQLatte sits in between: short-lived tokens, schema-scoped access, a full audit trail, one-click revocation. Analysts get a chat interface; AI agents get MCP tools. Both go through the same intent detection → SQL generation → validation → audit pipeline — there is no separate, unaudited path for AI agents.

  • MCP Server for AI Agents


    Give Claude Desktop, Claude Code, or any MCP client governed, audited access to your warehouse — no raw credentials.

    MCP Overview

  • Quick Start


    Get SQLatte running in a few minutes with Docker or Python.

    Installation Guide

  • Configuration


    One config.yaml for databases, LLMs, and every optional feature.

    Configuration Guide

  • Security


    SQL injection protection, risk scoring, token-based credential isolation.

    Security Overview

Who Is This For?

  • Data teams running Trino, BigQuery, or Postgres who want analysts asking questions in plain English instead of filing SQL tickets
  • Platform and security teams who need governed, audited AI agent access to the warehouse without distributing raw credentials
  • SaaS builders embedding a conversational data interface into their product via the embeddable widget or multi-tenant auth plugin

Core Guarantee

Whether a query is typed by a human in the chat UI or generated by an AI agent through MCP, it passes through the same pipeline:

Intent Detection → SQL Generation → Validation & Risk Scoring → Execution → Audit Log

There is no shortcut that lets an AI agent skip validation or logging.

Key Features

  • Natural Language to SQL — ask in plain English, get validated SQL and results
  • Native MCP Server — stdio (local) and SSE (network) transport, field-level output masking, short-lived tokens
  • Multi-Database — Trino, PostgreSQL, MySQL, Google BigQuery
  • Multi-LLM — Anthropic Claude, Google Gemini, Vertex AI, with per-task model routing
  • Semantic Layer — business-friendly names, auto-JOINs, and centralized metric definitions that improve SQL accuracy
  • BigQuery Ops Console — cost, security, and performance diagnostics for BigQuery environments, with schedulable cost alarms
  • Audit Logs — every LLM call logged with token counts, risk score, and source (UI / widget / MCP)
  • Scheduler & Email Reports — cron-based recurring queries delivered as CSV/Excel/HTML
  • Embeddable Widgets — standard (shared credentials) or auth (per-user, multi-tenant) variants
  • Admin Panel — runtime configuration, prompt editing, mask rules, token policy — all hot-reloaded, no restart

Deployment Options

Shared backend credentials, no user login. Best for internal tools and single-tenant dashboards. Embed with a single <script> tag.

Per-user database credentials, session-based auth, isolated connections. Best for multi-tenant SaaS.

Connect Claude Desktop, Claude Code, or any MCP client directly to your warehouse via ask_database, list_tables, and get_schema tools. See MCP Overview.

Full interface at / with chat, dashboards, scheduler, analytics, and admin panel — plus /ops-agent for the BigQuery Ops Console.

Getting Help


Ready to brew some queries? Start with the Installation Guide, or jump straight to MCP Setup if you're connecting an AI agent. ☕