MCP Hub
Back to servers

@dreamfactory/create

Zero-friction DreamFactory setup: Governed database APIs for AI agents in minutes. The only self-hosted MCP server with field-level RBAC across 25+ databases (PostgreSQL, MySQL, Oracle, SQL Server, Snowflake). Blocks AI agents from accessing PII, prevents

npm35/wk
AI & MLAPIs & ServicesData & AnalyticsDatabases
Updated
Feb 13, 2026
View Source
Claim this server

Quick Install

npx -y @dreamfactory/create

@dreamfactory/create

One command to get governed database APIs with AI agent integration

npm version License Docker MCP

TL;DR

Give Claude AI (or any LLM) secure database access in 3 minutes:

npx @dreamfactory/create my-project

What you get: Self-hosted REST API for your databases with field-level security, SQL injection protection, and Claude Desktop integration out of the box.

Perfect for: AI agents, chatbots, LLM-powered analytics, RAG applications, agentic workflows.

Supported databases: PostgreSQL, MySQL, MongoDB (OSS) | Oracle, SQL Server, Snowflake, SAP HANA (Commercial).

Problem

Connecting AI agents directly to databases:

  • ❌ Exposes credentials to LLMs
  • ❌ Lacks governance and audit trails
  • ❌ Risks SQL injection from prompt injection attacks
  • ❌ No field-level access control

Solution

DreamFactory provides a secure API layer with:

  • ✅ Field-level RBAC (block PII from AI queries)
  • ✅ Parameterized queries (prevents SQL injection)
  • ✅ Audit logging (track all AI database access)
  • ✅ 25+ database connectors (Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, Snowflake, etc.)
  • ✅ Identity passthrough for end-user attribution

Quick Start

npx @dreamfactory/create my-project
cd my-project

# DreamFactory + Claude AI integration ready in 3 minutes ⚡

What You Get

  • DreamFactory OSS running in Docker
  • PostgreSQL demo database (Pagila dataset with 15 tables, 100k+ records)
  • MCP server for Claude Desktop integration
  • Pre-configured RBAC with example access rules
  • Auto-generated API key ready to use

Why DreamFactory for AI Applications

The Problem with Direct Database Access: When AI agents connect directly to databases, they see everything - including PII, credentials, and sensitive business data. Prompt injection attacks can trick LLMs into executing malicious SQL, and there's no audit trail of what the AI accessed.

DreamFactory's AI-First Solution:

  • No Exposed Credentials: API keys instead of database passwords
  • Field-Level Control: Block specific columns (SSN, credit cards, salaries) from AI queries
  • SQL Injection Proof: All queries are parameterized automatically
  • Identity Passthrough: Track which end-user triggered each AI query
  • Complete Audit Trail: Log every API call for compliance (GDPR, HIPAA, SOC 2)

AI Use Cases

1. Claude Desktop with Production Databases

Scenario: Data analyst needs to query production PostgreSQL via natural language
Setup: 5 minutes with this package
Security: RBAC blocks PII fields, read-only access
Benefit: Instant insights without SQL knowledge or security risks

2. Customer Support Chatbot

Scenario: Support bot needs customer order history and account status
Setup: Connect your database, configure RBAC to allow orders table (read-only)
Security: Block customer.email, customer.phone, payment.card_number
Benefit: Bot answers questions without exposing sensitive data

3. AI-Powered Analytics Dashboard

Scenario: LLM generates reports from sales, inventory, and customer data
Setup: DreamFactory API + your favorite LLM (GPT-4, Claude, Llama)
Security: Row-level filters (tenant_id = {user.tenant_id})
Benefit: Multi-tenant SaaS with AI features, zero data leakage

4. RAG with Structured + Unstructured Data

Scenario: Hybrid search across vector DB (documents) + relational DB (metadata)
Setup: DreamFactory for SQL, your vector DB for embeddings
Security: Consistent RBAC across both data sources
Benefit: AI answers questions using both knowledge sources

5. Agentic Workflows with Database State

Scenario: AI agent manages inventory, orders, notifications
Setup: DreamFactory REST API with POST/PUT permissions for specific tables
Security: Restrict AI to specific operations (e.g., can create orders, can't delete)
Benefit: Autonomous AI workflows with governance guardrails

Comparison to Alternatives

FeatureDreamFactoryDirect DB AccessCustom APISupabase
Field-level RBACManualRow-level only
Oracle/SQL Server/Snowflake✅ (Commercial)Manual
Identity PassthroughManual
Audit LoggingManual
SQL Injection ProtectionRiskRisk
Self-hosted
AI/MCP IntegrationManual
Time to Setup3 minN/AWeeksMinutes

Example: Claude AI Integration

After setup, restart Claude Desktop and try these prompts:

Schema Exploration

You: "What tables are in the demo database?"
Claude: Queries and lists: actor, film, customer, rental, payment, store, etc.

You: "Show me the schema for the customer table"
Claude: Returns columns: customer_id, first_name, last_name, email, phone, address_id...

Data Queries with Natural Language

You: "Show me the top 10 most rented films"
Claude: SELECT film.title, COUNT(*) as rentals
        FROM rental JOIN inventory JOIN film
        GROUP BY film.title ORDER BY rentals DESC LIMIT 10

You: "Find all customers who rented action movies in the last month"
Claude: [Executes complex JOIN across customer, rental, film, category tables]

RBAC in Action

You: "Get all customer records with their email addresses"
Claude: Returns customer data, but email field shows null (blocked by RBAC)

You: "Show payment amounts for customer ID 5"
Claude: Returns payment records, but amount field is blocked by field-level restrictions

Multi-Step Analysis

You: "Which actor appears in the most films?"
Claude: Queries actor_film join table, returns top actor

You: "Now show me all their films sorted by rental count"
Claude: Uses previous context to query films for that actor + rental stats

Architecture

┌─────────────────┐
│  Claude Desktop │
└────────┬────────┘
         │ MCP Protocol
         ▼
┌─────────────────────────────┐
│  DreamFactory API Layer     │
│  ┌───────────────────────┐  │
│  │ Field-level RBAC      │  │
│  │ Parameterized Queries │  │
│  │ Audit Logging         │  │
│  └───────────────────────┘  │
└─────────┬───────────────────┘
          │ Secure Connection
          ▼
    ┌──────────────┐
    │   Database   │
    └──────────────┘

CLI Options

npx @dreamfactory/create [options] [project-name]

Options:
  -p, --port <number>           DreamFactory port (default: 8080)
  --admin-password <password>   Admin password
  --skip-claude                 Skip Claude Desktop configuration
  --no-demo                     Skip demo database setup
  -h, --help                    Display help
  -V, --version                 Display version

Examples

Basic Setup

npx @dreamfactory/create my-api

Custom Port

npx @dreamfactory/create my-api --port 3000

Skip Claude Integration

npx @dreamfactory/create my-api --skip-claude

Production Setup (No Demo)

npx @dreamfactory/create production-api --no-demo --port 8443

Requirements

  • Node.js 18+ (for running the setup tool)
  • Docker & Docker Compose (for running DreamFactory)
  • 8GB RAM recommended
  • 10GB disk space for Docker images

What Gets Created

my-project/
├── docker-compose.yml       # DreamFactory, MySQL, Redis, Demo DB
├── Dockerfile               # DreamFactory image configuration
├── docker-entrypoint.sh     # Startup script
├── .env                     # Credentials (DO NOT COMMIT)
├── daemon/                  # MCP daemon (Node.js)
│   ├── src/
│   ├── dist/
│   └── package.json
├── README.md                # Project documentation
└── SETUP.md                 # Example queries and guides

Post-Setup

Access DreamFactory

Manage Services

cd my-project

# Start
docker-compose up -d

# Stop
docker-compose down

# Logs
docker-compose logs -f web

# Restart
docker-compose restart

Connect Your Databases

  1. Log into admin interface
  2. Navigate to Services → Create
  3. Select database type (PostgreSQL, MySQL, MongoDB, etc.)
  4. Enter connection details
  5. Test & Save

Your database is now available at:

http://localhost:8080/api/v2/YOUR_SERVICE_NAME

Claude Desktop Integration

The setup automatically configures Claude Desktop. To use:

  1. Restart Claude Desktop
  2. Start a new chat
  3. Try these prompts:
    • "List all tables in the demo database"
    • "Show me the schema for the film table"
    • "Get the top 10 most rented films"
    • "Find all customers who rented action movies"

Updating Your Installation

Update DreamFactory Core

Get the latest DreamFactory features and bug fixes:

cd my-project

# Pull latest Docker images
docker compose pull

# Restart with new images
docker compose up -d

# Verify update
curl http://localhost:8080/api/v2/system/environment | jq '.platform.version_current'

What gets updated:

  • ✅ DreamFactory core application
  • ✅ MCP server (PHP package inside DreamFactory)
  • ✅ Security patches and bug fixes
  • ✅ New database connectors (if added to OSS)

Update MCP Daemon

The MCP daemon (Node.js proxy in daemon/ folder) rarely needs updates. When it does:

Option 1: Manual Update (Quick)

cd my-project/daemon
npm update  # Updates dependencies only

Option 2: Fresh Install (For major daemon changes)

# Run create command again in new directory
npx @dreamfactory/create@latest my-project-v2
# Copy .env from old project if desired

Future: v0.2.0 will include npx @dreamfactory/create upgrade command for seamless updates.

When to Update

Update DreamFactory immediately for:

  • Security vulnerabilities
  • Critical bug fixes
  • New features you need

Update daemon only when:

  • Release notes mention daemon changes
  • You encounter MCP connection issues
  • New authentication methods are added

Version Pinning (Production)

For production stability, pin Docker image versions:

# docker-compose.yml
services:
  web:
    image: dreamfactorysoftware/df-docker:5.0.0  # Specific version
    # Instead of: dreamfactorysoftware/df-docker:latest

Then update deliberately:

# Edit docker-compose.yml to new version
docker compose pull
docker compose up -d

Security Best Practices

Production Checklist

  • Change admin password (stored in .env)
  • Configure HTTPS (use nginx/Caddy reverse proxy)
  • Set up field-level RBAC for all services
  • Enable audit logging
  • Rotate API keys regularly
  • Use environment-specific credentials
  • Never commit .env to version control

RBAC Configuration

  1. Create roles for different use cases (read-only, admin, etc.)
  2. Assign roles to API keys or users
  3. Configure field-level restrictions:
    • Block PII fields (email, phone, SSN)
    • Restrict sensitive columns (salary, credit card)
    • Apply row-level filters

Upgrading to Commercial

OSS supports PostgreSQL, MySQL, MongoDB. Need more?

DreamFactory Commercial Adds:

  • 20+ Additional Connectors
    • Oracle, SQL Server, SAP HANA, Snowflake, IBM DB2
    • Salesforce, ServiceNow, Microsoft Dynamics
    • SOAP, WSDL, Custom APIs
  • Enterprise Authentication
    • Active Directory / LDAP
    • SAML 2.0 SSO
    • OAuth 2.0 providers
  • Advanced Security
    • Field-level encryption
    • Data masking
    • Advanced RBAC rules
  • Enterprise Support
    • Professional support & SLA
    • Dedicated success manager
    • Custom integrations
  • Analytics & Monitoring
    • API usage analytics
    • Rate limiting & throttling
    • Performance monitoring

Need Oracle, SQL Server, or Other Enterprise Databases?

The commercial edition includes 20+ additional connectors. We provide free access to community developers - no payment required, we just want feedback.

If you need enterprise database connectors, email dspsupport@dreamfactory.com with:

  • You're using @dreamfactory/create
  • Which connectors you need (Oracle, SQL Server, Snowflake, SAP HANA, etc.)
  • Your use case

You'll get commercial Docker images and setup guidance at no cost. We're actively looking for feedback from developers building AI applications.

Documentation

Guides Included with This Package

  • FAQ - Frequently asked questions: AI integration, security, Claude Desktop, troubleshooting
  • AI Integration Guide - Complete guide: MCP, REST API patterns, security, RAG, agentic workflows
  • Security & RBAC - Field-level access control, PII protection, audit logging
  • Connecting Your Database - Step-by-step database configuration
  • Troubleshooting - Common issues, debugging, performance tuning

External Resources

Troubleshooting

Docker Issues

# Check Docker is running
docker ps

# Check Docker Compose version
docker-compose --version

# View logs
cd my-project
docker-compose logs -f

Port Conflicts

The CLI automatically detects port conflicts and suggests alternatives.

DreamFactory Won't Start

# Rebuild containers
docker-compose down -v
docker-compose up --build

Claude Desktop Not Connecting

  1. Verify MCP config at ~/.config/Claude/claude_desktop_config.json (Linux)
  2. Check API key in config matches .env
  3. Restart Claude Desktop
  4. Verify DreamFactory is running: curl http://localhost:8080/api/v2/system/environment

Contributing

We welcome contributions! Please see CONTRIBUTING.md.

License

Apache License 2.0 - see LICENSE

Support

About DreamFactory

DreamFactory is an open-source REST API platform for databases, with enterprise features available commercially. Founded in 2013, DreamFactory powers thousands of applications worldwide.

Created with ❤️ by DreamFactory Software

Keywords: dreamfactory, database-api, rest-api, postgresql, mysql, mongodb, oracle, sql-server, claude, mcp, model-context-protocol, ai-agent, llm-database, rbac, field-level-security, database-governance, api-gateway, self-hosted, docker, scaffolding

Reviews

No reviews yet

Sign in to write a review