MCP SQL verification for AI agents

Every model can write SQL; none can know its SQL is correct. Verification requires execution, and execution is exactly what a language model cannot do internally — so it's a tool call. This page IS the tool (browser edition); the same engine runs as a paid MCP server.

press RUN (or Ctrl+Enter) — everything executes in your browser, nothing is uploaded

What the server does

Five tools, one engine: run_sql (execute, get rows), validate_sql (parse+bind without executing), explain_plan (query plan + full-scan warnings), run_sql_batch (up to 10 isolated runs), and diff_results (are two queries' result sets equal — the refactor self-check). Each call builds a fresh in-memory SQLite from the agent's DDL, executes, returns strict JSON, and destroys the sandbox. Errors are a stable taxonomy (unknown_column, syntax, type_mismatch, …) with positions and rule-based suggestions, so agents branch on error.type and self-correct in one round trip.

Payment: x402, no accounts

The server speaks x402: 20 free calls per day per client, then HTTP 402 with payment requirements; agents holding a wallet pay fractions of a cent per call (prices on the homepage) and retry with an X-PAYMENT header. No API keys, no signup, no subscription. A failed query after payment is a delivered product — the error is the answer your agent needed.

Add it to your agent

{ "mcpServers": { "sql-verifier": { "type": "http", "url": "https://mcp.sqlai.dev/mcp" } } }

There's also a plain HTTP interface (POST /api/run_sql etc.) documented in the docs, plus openapi.yaml and llms.txt for framework auto-discovery.

FAQ

Why can't the LLM just check its own SQL?

Checking requires executing against the actual schema semantics — parsing, binding, constraint evaluation. A model predicts text; it cannot instantiate a database engine internally. This is a capability gap, not a prompting gap.

What engine does the server run?

SQLite 3.49 (WASM) in an ephemeral per-call sandbox. dialect_notes flag constructs that behave differently on Postgres/MySQL/DuckDB. It does not execute native Postgres or MySQL.

Is submitted SQL stored?

No. The sandbox is destroyed after each call and only anonymous per-tool counters are kept. Schemas, queries, and seed data are never persisted.

How do agents pay?

Via x402: the 402 response carries machine-readable payment requirements; x402-capable clients sign a USDC transfer authorization and retry. Free tier first — agents can evaluate before any wallet is involved.

Related: Validate a SQL query against your schema · Do these two queries return the same thing? · Test SQL without a database