SchemaBrain is the trust and intelligence layer between AI agents and your database. It learns your schema, then compiles every query read-only, PII-aware, and audited.
Safety is downstream of understanding. Four layers turn a raw schema into something an agent can reason over, and an operator can trust.
Every column gets an AI-generated meaning, and real business entities are identified out of raw tables — each with a rationale and a confidence band.
Declared foreign keys plus join paths mined from real query logs — surfacing relationships the schema never declared, with cardinality.
A real, traversable graph with multi-hop join paths and cardinality. Ask for a rollup and get the canonical path back.
Local semantic search returns what's relevant and why it matched — all process-local, nothing leaves the box.
The agent never writes SQL. SchemaBrain compiles it from definitions you control.
Agent calls one of 12 read-only MCP tools over stdio. SchemaBrain resolves intent against the semantic layer.
It classifies and refuses PII, looks up cosine-similar entities, and resolves the canonical join path.
It compiles strictly parameterized read-only SQL, runs it, and writes a hash-chained audit row.
Because SchemaBrain understands the data, every safeguard is precise — not a blunt allowlist. The firewall is the floor, not the headline.
Twelve sensitivity categories, scored per column with a confidence band.
Credentials, government IDs, and card data are hard-blocked, regardless of policy.
Tag or clear any column; preview the diff before it applies.
Every query writes a SHA-256 hash-chained row. Verify the chain in ms.
Agents never write SQL — it's compiled from definitions you own.
Read-only connections, statement timeouts, row caps — one guarantee among many.
Point SchemaBrain at a Postgres URL, add it to your MCP client, and the agent talks to a schema it finally understands — safely.