Let your agent query the database through the app, not a .env
The usual way to give an AI agent database access is to hand it a connection string. That means a credential in a .env file, or worse, in a repo. SnoutData takes a different path: the agent talks to your database through the app, and your passwords never leave the keychain.
SnoutData runs a small local MCP server on 127.0.0.1. An external agent (Claude Code, Codex, Cline, or any MCP client) connects with a bearer token and gets a set of read-only tools: list connections, list tables, describe a table, search columns, run a query, and EXPLAIN. Every one of those calls is brokered by the app's own connection manager. Turn it on in Settings, copy the config, paste it into your agent, and you are connected.
Credentials never leave the keychain
The agent never sees a password. It names a connection by its label; the app resolves the secret from the OS keychain, opens the pooled connection it already manages, runs the query, and hands back rows. The credential stays exactly where it was encrypted, and nothing has to be copied into a config file the agent can read. It is the same trust model as the gh CLI or Docker Desktop: the agent gets a capability, not a secret.
Opt-in, read-only, per connection
Nothing is reachable by default. You tick exactly which connections an agent may use, and everything else stays private. Queries run read-only: writes and DDL are refused unless you explicitly allow writes for a specific connection, and a connection you marked read-only can never be made writable over MCP, no matter what. You get the leverage of an agent that understands your data without handing it the keys to change it.
Everything the agent runs is logged
Every query the agent runs is recorded to a dedicated Agent log inside the app, separate from your own query history, so you can see exactly what it touched and when. Point an agent at a database and keep the receipts.