Skip to content

NemoAlex/SQLTunnel

Repository files navigation

SQLTunnel app icon

SQLTunnel

A controlled database gateway for agents, automation platforms, and internal applications

Docker Pulls Docker Image Version

English | 中文 | 日本語 | 한국어 | Français | Deutsch

SQLTunnel lets Codex, Claude Code, Hermes, Dify, and internal applications access MySQL and PostgreSQL with controlled permissions, without exposing database ports directly.

Key capabilities

  • Supports MySQL and PostgreSQL through direct connections or SSH tunnels.
  • Identifies callers with API keys and configures read/write access per client and database.
  • Supports SSH Config, Host aliases, and ProxyJump.
  • Provides an OpenAPI HTTP API and a Streamable HTTP MCP endpoint.
  • Enforces row limits and timeouts; writes require explicit permission.

Desktop app

The desktop app is available for macOS and Windows, bringing SQLTunnel configuration, operation, and monitoring into a graphical interface.

SQLTunnel desktop app running in English

Headless service

The headless edition uses the same gateway core and is designed for Docker, servers, and background deployments. It manages databases, SSH tunnels, and client permissions through gateway.yaml, and exposes the same MCP/OpenAPI interfaces as the desktop app.

How it works

flowchart LR
  ExternalApp["Agents, AI platforms, internal applications"]
  SQLTunnel["SQLTunnel<br/>Authentication, permissions, connection management"]
  Database[("MySQL / PostgreSQL")]

  ExternalApp -->|"MCP or OpenAPI"| SQLTunnel
  SQLTunnel -->|"SSH tunnel or direct connection"| Database
Loading

SQLTunnel identifies callers with Bearer API keys, controls read/write access per client and database, and applies row, query, and connection limits. Database passwords and SSH private keys are never exposed to callers.

Documentation

About

No description, website, or topics provided.

Resources

Stars

2 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages