Your coding agent inside your database as a SQLite extension.
sqlatte embeds a coding-harness agent (Claude, Codex, or a custom CLI) directly inside SQLite to assist with exploratory data analysis. Text columns are automatically obfuscated before any data leaves the process, protecting PII by design.
.load ./libsqlatte
SELECT sqlatte_ask('Which customers have the most completed orders, and what is their total spend?');sqlatte runs a multi-turn conversation between you and the coding agent:
- You call
sqlatte_ask('your question')from any SQL context. - sqlatte introspects the database schema and samples a few rows per table.
- All text/string column values are obfuscated to same-length random alphabetical characters.
- A system prompt is built with schema, obfuscated samples, PII rules, and the conversation protocol.
- The agent responds with SQL queries in fenced code blocks.
- sqlatte executes each query against the real database:
- You see the real, unobfuscated results.
- The agent sees obfuscated results (text columns scrambled).
- The agent iterates — inspecting results, refining queries, drilling deeper.
- When the agent responds without SQL, the conversation ends and the full report is returned.
The same obfuscated value is always produced for the same input string, so the agent can reason about equality, grouping, joins, and aggregation accurately — it just can't read the actual PII.
The core differentiator: unlike giving an AI agent external access to your database, sqlatte guarantees that no real text data leaves the process. Every string value is scrambled to random alphabetical characters of the same byte length before being sent to any external model provider. Column names, table names, and numeric values are not obfuscated.
| Environment Variable | Description | Default |
|---|---|---|
SQLATTE_ADAPTER |
Which adapter to use (claude, codex, custom) |
claude |
SQLATTE_CLI_PATH |
Path to CLI binary (required when adapter is custom) |
— |
SQLATTE_SAMPLE_ROWS |
Number of sample rows per table included in context | 5 |
SQLATTE_MAX_TURNS |
Maximum conversation turns before stopping | 10 |
- claude — shells out to the Claude Code CLI (
claude -p) - codex — shells out to the OpenAI Codex CLI (
codex --quiet) - custom — shells out to any user-specified binary; conversation as JSON on stdin, response as plain text on stdout
cargo build --releaseThe extension is produced at target/release/libsqlatte.dylib (macOS), target/release/libsqlatte.so (Linux), or target/release/sqlatte.dll (Windows).
Load it in a SQLite session that supports extensions (the Homebrew build does; the macOS system sqlite3 does not):
sqlite3 mydb.sqlite ".load ./target/release/libsqlatte"src/
├── lib.rs # Extension entry point, multi-turn conversation loop
├── conversation.rs # Message, Role, Conversation types
├── sql_parser.rs # SQL extraction from markdown + read-only validation
├── error.rs # Error types
├── config.rs # Environment-based configuration
├── ffi/
│ ├── bindings.rs # Bindgen output from sqlite3ext.h
│ └── api.rs # Safe wrappers over the SQLite vtable API
├── adapter/
│ ├── mod.rs # CodingHarnessAdapter trait (SOLID)
│ ├── claude.rs # Claude CLI adapter
│ ├── codex.rs # Codex CLI adapter
│ ├── custom.rs # User-provided CLI adapter (JSON stdin/stdout)
│ └── registry.rs # Adapter factory
├── obfuscation/
│ ├── engine.rs # Hash-based deterministic per-value obfuscation
│ └── scrambler.rs # Byte-level string scrambling
├── schema/
│ └── introspector.rs # PRAGMA-based schema discovery
├── prompt/
│ └── builder.rs # System prompt assembly for multi-turn EDA
└── query/
└── executor.rs # SQL execution via prepared statements + markdown formatting
MIT