One command to get governed database APIs with AI agent integration
Give Claude AI (or any LLM) secure database access in 3 minutes:
npx @dreamfactory/create my-projectWhat you get: Self-hosted REST API for your databases with field-level security, SQL injection protection, and Claude Desktop integration out of the box.
Perfect for: AI agents, chatbots, LLM-powered analytics, RAG applications, agentic workflows.
Supported databases: PostgreSQL, MySQL, MongoDB (OSS) | Oracle, SQL Server, Snowflake, SAP HANA (Commercial).
Connecting AI agents directly to databases:
- ❌ Exposes credentials to LLMs
- ❌ Lacks governance and audit trails
- ❌ Risks SQL injection from prompt injection attacks
- ❌ No field-level access control
DreamFactory provides a secure API layer with:
- ✅ Field-level RBAC (block PII from AI queries)
- ✅ Parameterized queries (prevents SQL injection)
- ✅ Audit logging (track all AI database access)
- ✅ 25+ database connectors (Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, Snowflake, etc.)
- ✅ Identity passthrough for end-user attribution
npx @dreamfactory/create my-project
cd my-project
# DreamFactory + Claude AI integration ready in 3 minutes ⚡- DreamFactory OSS running in Docker
- PostgreSQL demo database (Pagila dataset with 15 tables, 100k+ records)
- MCP server for Claude Desktop integration
- Pre-configured RBAC with example access rules
- Auto-generated API key ready to use
The Problem with Direct Database Access: When AI agents connect directly to databases, they see everything - including PII, credentials, and sensitive business data. Prompt injection attacks can trick LLMs into executing malicious SQL, and there's no audit trail of what the AI accessed.
DreamFactory's AI-First Solution:
- No Exposed Credentials: API keys instead of database passwords
- Field-Level Control: Block specific columns (SSN, credit cards, salaries) from AI queries
- SQL Injection Proof: All queries are parameterized automatically
- Identity Passthrough: Track which end-user triggered each AI query
- Complete Audit Trail: Log every API call for compliance (GDPR, HIPAA, SOC 2)
Scenario: Data analyst needs to query production PostgreSQL via natural language
Setup: 5 minutes with this package
Security: RBAC blocks PII fields, read-only access
Benefit: Instant insights without SQL knowledge or security risks
Scenario: Support bot needs customer order history and account status
Setup: Connect your database, configure RBAC to allow orders table (read-only)
Security: Block customer.email, customer.phone, payment.card_number
Benefit: Bot answers questions without exposing sensitive data
Scenario: LLM generates reports from sales, inventory, and customer data
Setup: DreamFactory API + your favorite LLM (GPT-4, Claude, Llama)
Security: Row-level filters (tenant_id = {user.tenant_id})
Benefit: Multi-tenant SaaS with AI features, zero data leakage
Scenario: Hybrid search across vector DB (documents) + relational DB (metadata)
Setup: DreamFactory for SQL, your vector DB for embeddings
Security: Consistent RBAC across both data sources
Benefit: AI answers questions using both knowledge sources
Scenario: AI agent manages inventory, orders, notifications
Setup: DreamFactory REST API with POST/PUT permissions for specific tables
Security: Restrict AI to specific operations (e.g., can create orders, can't delete)
Benefit: Autonomous AI workflows with governance guardrails
| Feature | DreamFactory | Direct DB Access | Custom API | Supabase |
|---|---|---|---|---|
| Field-level RBAC | ✅ | ❌ | Manual | Row-level only |
| Oracle/SQL Server/Snowflake | ✅ (Commercial) | ✅ | Manual | ❌ |
| Identity Passthrough | ✅ | ❌ | Manual | ✅ |
| Audit Logging | ✅ | ❌ | Manual | ✅ |
| SQL Injection Protection | ✅ | Risk | Risk | ✅ |
| Self-hosted | ✅ | ✅ | ✅ | ✅ |
| AI/MCP Integration | ✅ | ❌ | Manual | ❌ |
| Time to Setup | 3 min | N/A | Weeks | Minutes |
After setup, restart Claude Desktop and try these prompts:
You: "What tables are in the demo database?"
Claude: Queries and lists: actor, film, customer, rental, payment, store, etc.
You: "Show me the schema for the customer table"
Claude: Returns columns: customer_id, first_name, last_name, email, phone, address_id...
You: "Show me the top 10 most rented films"
Claude: SELECT film.title, COUNT(*) as rentals
FROM rental JOIN inventory JOIN film
GROUP BY film.title ORDER BY rentals DESC LIMIT 10
You: "Find all customers who rented action movies in the last month"
Claude: [Executes complex JOIN across customer, rental, film, category tables]
You: "Get all customer records with their email addresses"
Claude: Returns customer data, but email field shows null (blocked by RBAC)
You: "Show payment amounts for customer ID 5"
Claude: Returns payment records, but amount field is blocked by field-level restrictions
You: "Which actor appears in the most films?"
Claude: Queries actor_film join table, returns top actor
You: "Now show me all their films sorted by rental count"
Claude: Uses previous context to query films for that actor + rental stats
┌─────────────────┐
│ Claude Desktop │
└────────┬────────┘
│ MCP Protocol
▼
┌─────────────────────────────┐
│ DreamFactory API Layer │
│ ┌───────────────────────┐ │
│ │ Field-level RBAC │ │
│ │ Parameterized Queries │ │
│ │ Audit Logging │ │
│ └───────────────────────┘ │
└─────────┬───────────────────┘
│ Secure Connection
▼
┌──────────────┐
│ Database │
└──────────────┘
npx @dreamfactory/create [options] [project-name]
Options:
-p, --port <number> DreamFactory port (default: 8080)
--admin-password <password> Admin password
--skip-claude Skip Claude Desktop configuration
--no-demo Skip demo database setup
-h, --help Display help
-V, --version Display versionnpx @dreamfactory/create my-apinpx @dreamfactory/create my-api --port 3000npx @dreamfactory/create my-api --skip-claudenpx @dreamfactory/create production-api --no-demo --port 8443- Node.js 18+ (for running the setup tool)
- Docker & Docker Compose (for running DreamFactory)
- 8GB RAM recommended
- 10GB disk space for Docker images
my-project/
├── docker-compose.yml # DreamFactory, MySQL, Redis, Demo DB
├── Dockerfile # DreamFactory image configuration
├── docker-entrypoint.sh # Startup script
├── .env # Credentials (DO NOT COMMIT)
├── daemon/ # MCP daemon (Node.js)
│ ├── src/
│ ├── dist/
│ └── package.json
├── README.md # Project documentation
└── SETUP.md # Example queries and guides
- Admin UI: http://localhost:8080
- API Docs: http://localhost:8080/api/v2/docs
- Demo DB API: http://localhost:8080/api/v2/demo_db
cd my-project
# Start
docker-compose up -d
# Stop
docker-compose down
# Logs
docker-compose logs -f web
# Restart
docker-compose restart- Log into admin interface
- Navigate to Services → Create
- Select database type (PostgreSQL, MySQL, MongoDB, etc.)
- Enter connection details
- Test & Save
Your database is now available at:
http://localhost:8080/api/v2/YOUR_SERVICE_NAME
The setup automatically configures Claude Desktop. To use:
- Restart Claude Desktop
- Start a new chat
- Try these prompts:
- "List all tables in the demo database"
- "Show me the schema for the film table"
- "Get the top 10 most rented films"
- "Find all customers who rented action movies"
Get the latest DreamFactory features and bug fixes:
cd my-project
# Pull latest Docker images
docker compose pull
# Restart with new images
docker compose up -d
# Verify update
curl http://localhost:8080/api/v2/system/environment | jq '.platform.version_current'What gets updated:
- ✅ DreamFactory core application
- ✅ MCP server (PHP package inside DreamFactory)
- ✅ Security patches and bug fixes
- ✅ New database connectors (if added to OSS)
The MCP daemon (Node.js proxy in daemon/ folder) rarely needs updates. When it does:
Option 1: Manual Update (Quick)
cd my-project/daemon
npm update # Updates dependencies onlyOption 2: Fresh Install (For major daemon changes)
# Run create command again in new directory
npx @dreamfactory/create@latest my-project-v2
# Copy .env from old project if desiredFuture: v0.2.0 will include npx @dreamfactory/create upgrade command for seamless updates.
Update DreamFactory immediately for:
- Security vulnerabilities
- Critical bug fixes
- New features you need
Update daemon only when:
- Release notes mention daemon changes
- You encounter MCP connection issues
- New authentication methods are added
For production stability, pin Docker image versions:
# docker-compose.yml
services:
web:
image: dreamfactorysoftware/df-docker:5.0.0 # Specific version
# Instead of: dreamfactorysoftware/df-docker:latestThen update deliberately:
# Edit docker-compose.yml to new version
docker compose pull
docker compose up -d- Change admin password (stored in
.env) - Configure HTTPS (use nginx/Caddy reverse proxy)
- Set up field-level RBAC for all services
- Enable audit logging
- Rotate API keys regularly
- Use environment-specific credentials
- Never commit
.envto version control
- Create roles for different use cases (read-only, admin, etc.)
- Assign roles to API keys or users
- Configure field-level restrictions:
- Block PII fields (email, phone, SSN)
- Restrict sensitive columns (salary, credit card)
- Apply row-level filters
OSS supports PostgreSQL, MySQL, MongoDB. Need more?
- 20+ Additional Connectors
- Oracle, SQL Server, SAP HANA, Snowflake, IBM DB2
- Salesforce, ServiceNow, Microsoft Dynamics
- SOAP, WSDL, Custom APIs
- Enterprise Authentication
- Active Directory / LDAP
- SAML 2.0 SSO
- OAuth 2.0 providers
- Advanced Security
- Field-level encryption
- Data masking
- Advanced RBAC rules
- Enterprise Support
- Professional support & SLA
- Dedicated success manager
- Custom integrations
- Analytics & Monitoring
- API usage analytics
- Rate limiting & throttling
- Performance monitoring
The commercial edition includes 20+ additional connectors. We provide free access to community developers - no payment required, we just want feedback.
If you need enterprise database connectors, email dspsupport@dreamfactory.com with:
- You're using
@dreamfactory/create - Which connectors you need (Oracle, SQL Server, Snowflake, SAP HANA, etc.)
- Your use case
You'll get commercial Docker images and setup guidance at no cost. We're actively looking for feedback from developers building AI applications.
- FAQ - Frequently asked questions: AI integration, security, Claude Desktop, troubleshooting
- AI Integration Guide - Complete guide: MCP, REST API patterns, security, RAG, agentic workflows
- Security & RBAC - Field-level access control, PII protection, audit logging
- Connecting Your Database - Step-by-step database configuration
- Troubleshooting - Common issues, debugging, performance tuning
- DreamFactory Official Docs
- API Documentation
- Model Context Protocol
- ROADMAP - Upcoming features and vision
# Check Docker is running
docker ps
# Check Docker Compose version
docker-compose --version
# View logs
cd my-project
docker-compose logs -fThe CLI automatically detects port conflicts and suggests alternatives.
# Rebuild containers
docker-compose down -v
docker-compose up --build- Verify MCP config at
~/.config/Claude/claude_desktop_config.json(Linux) - Check API key in config matches
.env - Restart Claude Desktop
- Verify DreamFactory is running:
curl http://localhost:8080/api/v2/system/environment
We welcome contributions! Please see CONTRIBUTING.md.
Apache License 2.0 - see LICENSE
DreamFactory is an open-source REST API platform for databases, with enterprise features available commercially. Founded in 2013, DreamFactory powers thousands of applications worldwide.
Created with ❤️ by DreamFactory Software
Keywords: dreamfactory, database-api, rest-api, postgresql, mysql, mongodb, oracle, sql-server, claude, mcp, model-context-protocol, ai-agent, llm-database, rbac, field-level-security, database-governance, api-gateway, self-hosted, docker, scaffolding