Erick E. Shepherd

Project

OracleDB AI Bridge — A Credentialed Local Abstraction Layer

A locally-running, credentialed Python utility that let Claude and Cursor work against enterprise OracleDB environments — AI-assisted database engineering without exposing credentials or the database to any outside service.

  • Python
  • Oracle Database
  • PL/SQL
  • Claude Code
  • Cursor

AI coding assistants are good at SQL and PL/SQL. They’re also, by design, outside your network — exactly where an enterprise database can’t go. I wanted an assistant on real Oracle work without the database, or its credentials, ever leaving the environment. So I built the boundary myself.

The problem

Day-to-day Oracle work — exploring a schema, drafting PL/SQL, checking a query against real data — is exactly what an assistant accelerates. But in a regulated environment you can’t hand an external tool a connection string and credentials. The obvious options were all wrong: paste data into a chat, expose the database, or give up the assist.

Constraints

  • Credentials never leave the local machine. No connection string, password, or token is transmitted anywhere.
  • The database is never exposed. Nothing opens a path to Oracle except the local utility.
  • It runs entirely locally, inside the existing security posture.

Approach

I built a locally-running, credentialed Python utility that owns the database connection and sits between the AI tools and Oracle. Claude (through Claude Code) and Cursor Composer work through it rather than connecting directly: the assistant expresses intent; the utility, holding the credentials, runs it against Oracle and returns the results.

In practice it was a small Python API in an interactive shell — instantiate a session for an environment, call query(), get a pandas DataFrame back. Connection settings came from a per-environment config; credentials loaded from the OS keyring at runtime, so nothing sensitive lived in code. Several sessions could run at once, development through production, and because every call went through that one object, credentials were read locally and never surfaced to the assistant.

Outcome

What it unlocked was autonomy. Because the assistant could run real queries and read real results, it could self-direct through the database — tracing a dependency web too tangled to hold in your head: which tables, packages, jobs, and external systems connected to what. I leaned on it for exactly that work: mapping dependencies, migrating test data between environments, and debugging problems whose root cause sat three joins and a scheduled job from the symptom.

The pattern generalizes: when a capable tool lives outside a boundary it shouldn’t cross, you don’t lower the boundary — you build a small local bridge and let the tool work through it.