An AI agent that reads your SQLite database and answers questions in plain English. No SQL required. No schema docs to write. Just point it at your .sqlite file and start asking.

The agent inspects your database structure automatically. You never need to paste CREATE TABLE statements or explain your column names. It knows your tables, columns, types, and foreign keys before it writes a single query.
This isn't a one-shot SQL generator. The agent remembers context across your conversation. Ask "top customers," then "what did they buy," then "plot a monthly trend" β it maintains state and builds on previous answers.
You ask in English. The agent:
- Reads the relevant schema
- Generates the correct SQL
- Executes it safely
- Returns a human-readable answer β not just a raw table dump
You: "Which products had revenue drop last quarter?"
Agent: "Based on your orders and products tables, here are the 3 products
with declining Q-over-Q revenue..."
Beyond SQL, the agent can run Python code in a sandbox to compute statistics, generate charts with matplotlib, or export results to Excel β all from natural language requests.
Read CSV and Excel files and import them directly into the database. All changes can be undone.
Read-only queries run through dedicated read tools. When the agent needs to modify data, it routes through write tools that enforce validation rules:
DELETEandUPDATEmust include aWHEREclause.DROPoperations requireconfirm_drop=True.DROP DATABASEand dangerous Python patterns (os.system,subprocess,eval, etc.) are rejected.- Every tool call is logged with a trace ID.
- Write operations are recorded in an undo log and can be reverted.
High-risk mutations β such as importing large CSV/Excel files β are paused and surfaced in the web UI for explicit approval before execution. You review the pending tool call, choose to approve or deny, and the agent resumes or cancels accordingly.
Session history is searchable so you can quickly find past questions and results across long-running conversations.
Every run that changes data is grouped into an undo log. From the CLI or the web UI you can list those groups and revert the database to a previous state. Sessions persist with a 24-hour TTL, so you can close the app and pick up where you left off.
Every project lives in its own workspace β a self-contained bundle of database path, LLM provider, model, API key, and session history. Run five SQLite projects side by side and switch between them with one command. The agent only ever sees the active workspace's database, so nothing crosses the line.
uv sync # backend
npm install # concurrently
cd frontend && npm install && cd .. # UI
npm run devThat's it. Backend at http://localhost:8000, UI at http://localhost:5173. Create workspaces, plug in your API key, and start asking β all from the web interface. A CLI is available for scripting; run uv run python main.py --help to see it.
OpenAI, Anthropic, Google, Groq, Mistral, OpenRouter, NVIDIA NIM, Together β or any third-party relay with an OpenAI-compatible endpoint. Switch providers in one setting without rewriting prompts.
| Provider | Example model string |
|---|---|
| OpenAI | openai:gpt-5.5 |
| Anthropic | anthropic:claude-sonnet-4-6 |
google:gemini-3.5-flash |
|
| Groq | groq:kimi-2.6 |
| Mistral | mistral:mistral-medium-3.5 |
| OpenRouter | openrouter:deepseek-v4-pro |
| NVIDIA NIM | openai:kimi-k2.6 |
| Together | openai:gpt-5.5 |
Use uv run python main.py models to see the live model list for a provider, or pass a substring like --model gpt-5.5 and the agent will fuzzy-match it.
| Fear | Plain-English Meaning | How You're Protected |
|---|---|---|
| AI turns into a backstabber | A clever prompt tricks it into leaking data or deleting tables | Read/write tools are separate; validators reject dangerous SQL/DDL. All tool calls are logged. |
| AI formats your hard drive | It runs code outside its lane and wrecks files | Python execution is restricted to a sandbox and dangerous patterns are blocked. File paths cannot escape the workspace outputs directory. |
| Your API keys get stolen | Keys accidentally end up in logs, git, or screenshots | Keys live in the OS keychain. Never in repo files or .env. |
| Locked into one LLM vendor | You can't switch providers without rewriting everything | provider:model naming means one-line swaps. |
| You can't take back a bad change | The agent modifies data and you need to recover | Every write run is recorded in an undo log and can be reverted from the CLI or web UI. |
π€ Commercial Partners / API Providers Wanted
ScriptorDB is designed to route users to API providers and relays. If you operate a stable API relay, token-resale platform, or self-hosted model endpoint, we are open to revenue-sharing partnerships. Telegram: @your_telegram_handle WeChat: your_wechat_id Email: partnerships@yourdomain.com
ScriptorDB/
βββ agents/ # Pydantic AI agent, toolsets, audit/undo hooks
βββ cli/ # Typer commands: setup, ask, interactive, serve, workspace, undo
βββ config/ # Settings, workspace registry, model resolution, secrets, global defaults
βββ frontend/ # React 19 + Vite + TypeScript + HeroUI + Tailwind CSS v4
βββ server/ # FastAPI app + routers: chat (SSE), sessions, schema, models, settings, files, undo
βββ tools/ # SQLite queries, DDL/DML validators, Python sandbox, export, visualization, undo log
βββ tests/ # pytest suite using TestModel (zero real LLM calls)
βββ main.py # Entry point: no args β menu; args β Typer CLI
βββ pyproject.toml # uv project config
βββ package.json # Concurrent dev scripts for backend + frontend
- Multi-provider LLM agent with SQLite tools
- Workspace-based config and key isolation
- CLI, FastAPI backend, and React frontend
- Session persistence with TTL
- Undo log for write operations
- Fine-grained permission model per workspace
- Query result diffing and rollback snapshots
- Built-in prompt-injection test harness