npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dreamfactory/create

v0.1.0

Published

Zero-friction DreamFactory setup: Governed database APIs for AI agents in minutes. The only self-hosted MCP server with field-level RBAC across 25+ databases (PostgreSQL, MySQL, Oracle, SQL Server, Snowflake). Blocks AI agents from accessing PII, prevents

Downloads

46

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dreamfactorydreamfactory

Keywords

dreamfactorydatabase-apirest-apiapi-gatewayapi-managementmcpmcp-servermodel-context-protocolclaudeclaude-desktopclaude-codeai-agentai-agentsai-databaseai-governanceai-securityai-gatewayagentic-aillm-databasellm-toolschatgpt-databasecopilotcursorwindsurfpostgresqlmysqlmongodboraclesql-serversnowflakesap-hanaibm-db2bigquerydatabricksrbacfield-level-securitydatabase-governancedata-governancepii-protectionsql-injection-preventionprompt-injection-protectionsecure-database-accessdatabase-proxyaudit-loggingidentity-passthroughhipaasoc2gdpreu-ai-actcomplianceenterprise-apiself-hostedair-gappedon-premisedockerdocker-composescaffoldingzero-codelow-codesupabase-alternativehasura-alternativepostrest-alternative

Readme

@dreamfactory/create

One command to get governed database APIs with AI agent integration

npm version License Docker MCP

TL;DR

Give Claude AI (or any LLM) secure database access in 3 minutes:

npx @dreamfactory/create my-project

What you get: Self-hosted REST API for your databases with field-level security, SQL injection protection, and Claude Desktop integration out of the box.

Perfect for: AI agents, chatbots, LLM-powered analytics, RAG applications, agentic workflows.

Supported databases: PostgreSQL, MySQL, MongoDB (OSS) | Oracle, SQL Server, Snowflake, SAP HANA (Commercial).

Problem

Connecting AI agents directly to databases:

  • ❌ Exposes credentials to LLMs
  • ❌ Lacks governance and audit trails
  • ❌ Risks SQL injection from prompt injection attacks
  • ❌ No field-level access control

Solution

DreamFactory provides a secure API layer with:

  • ✅ Field-level RBAC (block PII from AI queries)
  • ✅ Parameterized queries (prevents SQL injection)
  • ✅ Audit logging (track all AI database access)
  • ✅ 25+ database connectors (Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, Snowflake, etc.)
  • ✅ Identity passthrough for end-user attribution

Quick Start

npx @dreamfactory/create my-project
cd my-project

# DreamFactory + Claude AI integration ready in 3 minutes ⚡

What You Get

  • DreamFactory OSS running in Docker
  • PostgreSQL demo database (Pagila dataset with 15 tables, 100k+ records)
  • MCP server for Claude Desktop integration
  • Pre-configured RBAC with example access rules
  • Auto-generated API key ready to use

Why DreamFactory for AI Applications

The Problem with Direct Database Access: When AI agents connect directly to databases, they see everything - including PII, credentials, and sensitive business data. Prompt injection attacks can trick LLMs into executing malicious SQL, and there's no audit trail of what the AI accessed.

DreamFactory's AI-First Solution:

  • No Exposed Credentials: API keys instead of database passwords
  • Field-Level Control: Block specific columns (SSN, credit cards, salaries) from AI queries
  • SQL Injection Proof: All queries are parameterized automatically
  • Identity Passthrough: Track which end-user triggered each AI query
  • Complete Audit Trail: Log every API call for compliance (GDPR, HIPAA, SOC 2)

AI Use Cases

1. Claude Desktop with Production Databases

Scenario: Data analyst needs to query production PostgreSQL via natural language
Setup: 5 minutes with this package
Security: RBAC blocks PII fields, read-only access
Benefit: Instant insights without SQL knowledge or security risks

2. Customer Support Chatbot

Scenario: Support bot needs customer order history and account status
Setup: Connect your database, configure RBAC to allow orders table (read-only)
Security: Block customer.email, customer.phone, payment.card_number
Benefit: Bot answers questions without exposing sensitive data

3. AI-Powered Analytics Dashboard

Scenario: LLM generates reports from sales, inventory, and customer data
Setup: DreamFactory API + your favorite LLM (GPT-4, Claude, Llama)
Security: Row-level filters (tenant_id = {user.tenant_id})
Benefit: Multi-tenant SaaS with AI features, zero data leakage

4. RAG with Structured + Unstructured Data

Scenario: Hybrid search across vector DB (documents) + relational DB (metadata)
Setup: DreamFactory for SQL, your vector DB for embeddings
Security: Consistent RBAC across both data sources
Benefit: AI answers questions using both knowledge sources

5. Agentic Workflows with Database State

Scenario: AI agent manages inventory, orders, notifications
Setup: DreamFactory REST API with POST/PUT permissions for specific tables
Security: Restrict AI to specific operations (e.g., can create orders, can't delete)
Benefit: Autonomous AI workflows with governance guardrails

Performance: MCP vs REST Benchmark

Benchmarked with Claude Opus 4.5 against PostgreSQL (20K customers, 12K orders, 60K orderlines):

| Metric | DreamFactory MCP | Vanilla REST | Advantage | |--------|-----------------|-------------|-----------| | API calls (6 queries) | 146 | 457 | 68% fewer | | Data transferred | 15.0 MB | 22.1 MB | 32% less | | LLM reasoning cycles | — | — | 311 fewer | | Correctness | 6/6 | 6/6 | Tie | | Best single query | 5 calls | 78 calls | 93% fewer |

Bottom line: DreamFactory's enhanced MCP means lower token costs, faster responses, and fewer hallucination-prone reasoning steps for your AI agents.

Comparison to Alternatives

| Feature | DreamFactory | Supabase | Hasura | PostgREST | DBHub | Direct DB | |---------|--------------|----------|--------|-----------|-------|-----------| | Databases | 25+ | PostgreSQL | ~5 | PostgreSQL | 5 | Any | | Field-level RBAC | ✅ | Row-level | Limited | ❌ | ❌ | ❌ | | MCP Server | ✅ Production | Dev-only | PromptQL | ❌ | Limited | ❌ | | Self-hosted | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | | Air-gapped | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | | Identity Passthrough | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | | Audit Logging | ✅ | ✅ | Limited | ❌ | ❌ | ❌ | | SQL Injection Safe | ✅ | ✅ | ✅ | ✅ | ❌ | Risk | | Oracle/SQL Server | ✅ | ❌ | ❌ | ❌ | ❌ | Manual | | Enterprise Customers | NIH, Intel, Deloitte | Startups | Mid-market | Individuals | Individuals | — | | Setup Time | 3 min | ~10 min | ~15 min | ~5 min | ~5 min | Weeks |

Example: Claude AI Integration

After setup, restart Claude Desktop and try these prompts:

Schema Exploration

You: "What tables are in the demo database?"
Claude: Queries and lists: actor, film, customer, rental, payment, store, etc.

You: "Show me the schema for the customer table"
Claude: Returns columns: customer_id, first_name, last_name, email, phone, address_id...

Data Queries with Natural Language

You: "Show me the top 10 most rented films"
Claude: SELECT film.title, COUNT(*) as rentals
        FROM rental JOIN inventory JOIN film
        GROUP BY film.title ORDER BY rentals DESC LIMIT 10

You: "Find all customers who rented action movies in the last month"
Claude: [Executes complex JOIN across customer, rental, film, category tables]

RBAC in Action

You: "Get all customer records with their email addresses"
Claude: Returns customer data, but email field shows null (blocked by RBAC)

You: "Show payment amounts for customer ID 5"
Claude: Returns payment records, but amount field is blocked by field-level restrictions

Multi-Step Analysis

You: "Which actor appears in the most films?"
Claude: Queries actor_film join table, returns top actor

You: "Now show me all their films sorted by rental count"
Claude: Uses previous context to query films for that actor + rental stats

Enterprise & Compliance

DreamFactory is used by Fortune 500 companies and government agencies (NIH, Intel, Deloitte, ExxonMobil, Verizon) for governed data access. Built-in compliance support for:

  • HIPAA — Field-level RBAC blocks PHI from AI queries, audit trails track all access
  • SOC 2 — Complete audit logging with identity attribution satisfies trust service criteria
  • GDPR — Self-hosted deployment keeps data on-premises, eliminates cross-border transfer issues
  • EU AI Act (enforcement Aug 2026) — Documented governance for AI systems accessing personal data
  • FedRAMP — Self-hosted architecture bypasses cloud authorization requirements entirely
  • NIST AI RMF — RBAC and audit trails map to Govern and Manage pillars

Air-gapped deployments supported for defense, healthcare, and government environments where no cloud dependency is permitted.

Architecture

┌─────────────────┐
│  Claude Desktop │
└────────┬────────┘
         │ MCP Protocol
         ▼
┌─────────────────────────────┐
│  DreamFactory API Layer     │
│  ┌───────────────────────┐  │
│  │ Field-level RBAC      │  │
│  │ Parameterized Queries │  │
│  │ Audit Logging         │  │
│  └───────────────────────┘  │
└─────────┬───────────────────┘
          │ Secure Connection
          ▼
    ┌──────────────┐
    │   Database   │
    └──────────────┘

CLI Options

npx @dreamfactory/create [options] [project-name]

Options:
  -p, --port <number>           DreamFactory port (default: 8080)
  --admin-password <password>   Admin password
  --skip-claude                 Skip Claude Desktop configuration
  --no-demo                     Skip demo database setup
  -h, --help                    Display help
  -V, --version                 Display version

Examples

Basic Setup

npx @dreamfactory/create my-api

Custom Port

npx @dreamfactory/create my-api --port 3000

Skip Claude Integration

npx @dreamfactory/create my-api --skip-claude

Production Setup (No Demo)

npx @dreamfactory/create production-api --no-demo --port 8443

Requirements

  • Node.js 18+ (for running the setup tool)
  • Docker & Docker Compose (for running DreamFactory)
  • 8GB RAM recommended
  • 10GB disk space for Docker images

What Gets Created

my-project/
├── docker-compose.yml       # DreamFactory, MySQL, Redis, Demo DB
├── Dockerfile               # DreamFactory image configuration
├── docker-entrypoint.sh     # Startup script
├── .env                     # Credentials (DO NOT COMMIT)
├── daemon/                  # MCP daemon (Node.js)
│   ├── src/
│   ├── dist/
│   └── package.json
├── README.md                # Project documentation
└── SETUP.md                 # Example queries and guides

Post-Setup

Access DreamFactory

  • Admin UI: http://localhost:8080
  • API Docs: http://localhost:8080/api/v2/docs
  • Demo DB API: http://localhost:8080/api/v2/demo_db

Manage Services

cd my-project

# Start
docker-compose up -d

# Stop
docker-compose down

# Logs
docker-compose logs -f web

# Restart
docker-compose restart

Connect Your Databases

  1. Log into admin interface
  2. Navigate to Services → Create
  3. Select database type (PostgreSQL, MySQL, MongoDB, etc.)
  4. Enter connection details
  5. Test & Save

Your database is now available at:

http://localhost:8080/api/v2/YOUR_SERVICE_NAME

Claude Desktop Integration

The setup automatically configures Claude Desktop. To use:

  1. Restart Claude Desktop
  2. Start a new chat
  3. Try these prompts:
    • "List all tables in the demo database"
    • "Show me the schema for the film table"
    • "Get the top 10 most rented films"
    • "Find all customers who rented action movies"

Updating Your Installation

Update DreamFactory Core

Get the latest DreamFactory features and bug fixes:

cd my-project

# Pull latest Docker images
docker compose pull

# Restart with new images
docker compose up -d

# Verify update
curl http://localhost:8080/api/v2/system/environment | jq '.platform.version_current'

What gets updated:

  • ✅ DreamFactory core application
  • ✅ MCP server (PHP package inside DreamFactory)
  • ✅ Security patches and bug fixes
  • ✅ New database connectors (if added to OSS)

Update MCP Daemon

The MCP daemon (Node.js proxy in daemon/ folder) rarely needs updates. When it does:

Option 1: Manual Update (Quick)

cd my-project/daemon
npm update  # Updates dependencies only

Option 2: Fresh Install (For major daemon changes)

# Run create command again in new directory
npx @dreamfactory/create@latest my-project-v2
# Copy .env from old project if desired

Future: v0.2.0 will include npx @dreamfactory/create upgrade command for seamless updates.

When to Update

Update DreamFactory immediately for:

  • Security vulnerabilities
  • Critical bug fixes
  • New features you need

Update daemon only when:

  • Release notes mention daemon changes
  • You encounter MCP connection issues
  • New authentication methods are added

Version Pinning (Production)

For production stability, pin Docker image versions:

# docker-compose.yml
services:
  web:
    image: dreamfactorysoftware/df-docker:5.0.0  # Specific version
    # Instead of: dreamfactorysoftware/df-docker:latest

Then update deliberately:

# Edit docker-compose.yml to new version
docker compose pull
docker compose up -d

Security Best Practices

Production Checklist

  • [ ] Change admin password (stored in .env)
  • [ ] Configure HTTPS (use nginx/Caddy reverse proxy)
  • [ ] Set up field-level RBAC for all services
  • [ ] Enable audit logging
  • [ ] Rotate API keys regularly
  • [ ] Use environment-specific credentials
  • [ ] Never commit .env to version control

RBAC Configuration

  1. Create roles for different use cases (read-only, admin, etc.)
  2. Assign roles to API keys or users
  3. Configure field-level restrictions:
    • Block PII fields (email, phone, SSN)
    • Restrict sensitive columns (salary, credit card)
    • Apply row-level filters

Upgrading to Commercial

OSS supports PostgreSQL, MySQL, MongoDB. Need more?

DreamFactory Commercial Adds:

  • 20+ Additional Connectors
    • Oracle, SQL Server, SAP HANA, Snowflake, IBM DB2
    • Salesforce, ServiceNow, Microsoft Dynamics
    • SOAP, WSDL, Custom APIs
  • Enterprise Authentication
    • Active Directory / LDAP
    • SAML 2.0 SSO
    • OAuth 2.0 providers
  • Advanced Security
    • Field-level encryption
    • Data masking
    • Advanced RBAC rules
  • Enterprise Support
    • Professional support & SLA
    • Dedicated success manager
    • Custom integrations
  • Analytics & Monitoring
    • API usage analytics
    • Rate limiting & throttling
    • Performance monitoring

Need Oracle, SQL Server, or Other Enterprise Databases?

The commercial edition includes 20+ additional connectors. We provide free access to community developers - no payment required, we just want feedback.

If you need enterprise database connectors, email [email protected] with:

  • You're using @dreamfactory/create
  • Which connectors you need (Oracle, SQL Server, Snowflake, SAP HANA, etc.)
  • Your use case

You'll get commercial Docker images and setup guidance at no cost. We're actively looking for feedback from developers building AI applications.

Documentation

Guides Included with This Package

  • FAQ - Frequently asked questions: AI integration, security, Claude Desktop, troubleshooting
  • AI Integration Guide - Complete guide: MCP, REST API patterns, security, RAG, agentic workflows
  • Security & RBAC - Field-level access control, PII protection, audit logging
  • Connecting Your Database - Step-by-step database configuration
  • Troubleshooting - Common issues, debugging, performance tuning

External Resources

Troubleshooting

Docker Issues

# Check Docker is running
docker ps

# Check Docker Compose version
docker-compose --version

# View logs
cd my-project
docker-compose logs -f

Port Conflicts

The CLI automatically detects port conflicts and suggests alternatives.

DreamFactory Won't Start

# Rebuild containers
docker-compose down -v
docker-compose up --build

Claude Desktop Not Connecting

  1. Verify MCP config at ~/.config/Claude/claude_desktop_config.json (Linux)
  2. Check API key in config matches .env
  3. Restart Claude Desktop
  4. Verify DreamFactory is running: curl http://localhost:8080/api/v2/system/environment

Contributing

We welcome contributions! Please see CONTRIBUTING.md.

License

Apache License 2.0 - see LICENSE

Support

About DreamFactory

DreamFactory is an open-source REST API platform for databases, with enterprise features available commercially. Founded in 2013, DreamFactory powers thousands of applications worldwide.

Created with ❤️ by DreamFactory Software

Keywords: dreamfactory, database-api, rest-api, postgresql, mysql, mongodb, oracle, sql-server, claude, mcp, model-context-protocol, ai-agent, llm-database, rbac, field-level-security, database-governance, api-gateway, self-hosted, docker, scaffolding