I had to reconnect with nature after reading native Snowflake MCP setup docs so for my server I’ve made a nice CLI wizard to set up DB connection and install the Claude Code plugin: MCP + skill - you can ask it like `/db write dbt model to rank leads`.
It also has a `plan` tool for complex questions. when you ask a blurry question, it triggers a separate text-to-SQL agent that uses 1. (kinda) RAG for your schema (along with some values) that builds during DB connection (if you agree) 2. subagents to explore your data. 3. planning. This is what Snowflake Cortex is supposed to do, but when I try it, it never finds the right tables.
Database-as-MCP sounds like a security nightmare, but I put a lot of effort into making it safer. I’d appreciate any thoughts on the secure design. by default, CLI asks for select permissions on all schemas, not just information_schema. I’m convinced that it’s impossible to write good SQL without peeking into the data. maybe it's a hot take - share your thoughts!
Everything is free and hosted by me, but rate-limited. In the future, I want to charge for planning calls above the limit. I have a bunch of ideas on how to make a smarter text-to-SQL, so I want to keep this part closed-source. I’ll open-source more though - it’s just deployed as a monolith now.