QueryFolio — a SQL client desktop app

QueryFolio is a SQL client desktop app I built as a lightweight alternative to JetBrains DataGrip. I wanted the everyday task of connecting to MySQL / PostgreSQL / SQLite and running queries to feel as light, safe, and comfortable as possible.
Why I built it
DataGrip is powerful, but it is heavy to start up and felt like overkill for simply "connect, run a query, look at the result." Lightweight clients, on the other hand, often support only a few databases or have poor handling of SSH tunnels and connection secrets. I wanted one tool that was light, spoke to multiple databases, kept credentials safe, and helped me with AI — so I wrote it myself.
Tech stack
- Tauri 2 — Rust backend + WKWebView, producing a far lighter binary than Electron.
- SvelteKit + Svelte 5 (runes) — frontend.
- CodeMirror 6 — SQL editor with per-engine dialect highlighting and autocompletion.
- sqlx 0.8 — connections to MySQL / PostgreSQL / SQLite.
- ssh2 — SSH local port forwarding with known_hosts verification.
Key features
- Multiple databases — MySQL / PostgreSQL / SQLite from a single app.
- Connection config in YAML — compatible with the sql-agent-mcp-server format. Secrets can stay in 1Password and be fetched lazily through a getter command like
op read "op://...", so passwords never have to be written into the config file. - SSH tunnel — local port forwarding with known_hosts verification, for databases behind a bastion host.
- Schema-based autocompletion — table and column names. The schema browser (TABLES pane) lazy-loads columns.
- Safety guards — set
readonly: trueper connection to reject write statements (INSERT / UPDATE / DELETE / DDL, including CTE-wrapped DML). SELECTs without a LIMIT get one appended automatically (default 500). - psql-style meta commands —
\l\dt\dv\dn\du\d [table]translated into per-engine catalog queries (with MySQL / SQLite equivalents where possible). - Query history — stored locally per connection. Because SQL can contain sensitive data, the files are written with restrictive permissions.
- Working with results — tabs, pinning, a cell inspector, and CSV / TSV / JSON copy (formula-injection safe). Running queries can be cancelled.
- AI features (OpenAI) — SQL generation from natural language, Fix with AI on errors, EXPLAIN plan analysis with index suggestions, and explanation of selected SQL. Generated SQL is only inserted into the editor, never auto-executed. Only the schema (table / column names), engine dialect, statements, and plans are sent — query results are never sent.
Security decisions
A SQL client handles sensitive information, so I set a few rules. The API key is never handed to the frontend (WebView); it stays inside the Rust backend only. What goes to the AI is schema structure and query text — never the actual data (query results). Connection passwords can be referenced from 1Password so they never sit in plaintext in a config file.
Status
It can be distributed as a Developer ID–signed build for macOS (notarization not yet supported). The source is open on GitHub under the MIT license.