Mask credentials in UI, add MySQL support, add screenshots to README

- Config.db_display_name property: shows db type + name without credentials
- Overview page shows masked DB identifier instead of raw connection URL
- Settings page: Connection URL field uses password mask (reveal on focus)
- Add pymysql to requirements, MySQL to supported databases in README
- Add admin UI screenshots (overview, sandbox, settings) to README

Author: loglux

README.md

@@ -16,6 +16,12 @@
 
 ---
 
+## Screenshots
+
+| Overview | Sandbox | Settings |
+|---|---|---|
+| ![Overview](docs/screenshots/overview.png) | ![Sandbox](docs/screenshots/sandbox.png) | ![Settings](docs/screenshots/settings.png) |
+
 ## What is this?
 
 SQL Cortex MCP is a [Model Context Protocol](https://modelcontextprotocol.io) server that exposes SQL databases as tools for AI agents. It sits between your LLM and your database, providing:
@@ -158,6 +164,7 @@ Settings changed via the admin UI override environment variables at runtime and
 ### Supported databases
 
 - **SQLite** — built-in, no extra dependencies
+- **MySQL** — via `pymysql` (included in requirements)
 - **PostgreSQL** — via `psycopg2` (included in requirements)
 
 ## Development

app/config.py

@@ -118,6 +118,27 @@ def load(cls) -> "Config":
             chat_history_limit=chat_history_limit,
         )
 
+    @property
+    def db_display_name(self) -> str:
+        """Human-readable DB identifier without credentials."""
+        from urllib.parse import urlparse
+
+        try:
+            # Normalize: strip driver prefix (mysql+pymysql → mysql)
+            url = self.db_url
+            if ":///" in url:
+                # SQLite-style: sqlite:///./data/dev.db
+                return f"{self.db_type} — {url.split('///')[-1]}"
+            parsed = urlparse(url)
+            host = parsed.hostname or ""
+            port = f":{parsed.port}" if parsed.port else ""
+            db_name = parsed.path.lstrip("/") if parsed.path else ""
+            if host:
+                return f"{self.db_type} — {db_name}@{host}{port}"
+            return self.db_type
+        except Exception:
+            return self.db_type
+
     @property
     def db_type(self) -> str:
         url = self.db_url.lower()

app/web/routes.py

@@ -47,7 +47,7 @@ def index(request: Request):
             {
                 "request": request,
                 "mode": cfg.mode,
-                "db_url": cfg.db_url,
+                "db_url": cfg.db_display_name,
             },
         )
 

app/web/templates/settings.html

@@ -57,7 +57,8 @@ <h2>Database</h2>
   <form method="post" action="/settings/db">
     <div class="form-group">
       <label class="field-label">Connection URL</label>
-      <input type="text" name="db_url" value="{{ live_db_url }}" placeholder="sqlite:///./data/dev.db">
+      <input type="password" name="db_url" value="{{ live_db_url }}" placeholder="sqlite:///./data/dev.db"
+             onfocus="this.type='text'" onblur="this.type='password'">
       <span class="field-hint">Changing this requires server restart.</span>
       <div class="chips">
         <button type="button" class="chip" onclick="setDbTemplate('sqlite:///./data/dev.db')">SQLite</button>

tests/test_mcp_api.py

@@ -252,5 +252,5 @@ async def test_ui_routes_use_latest_runtime_config(
     monkeypatch.setattr(main_module, "registry", ToolRegistry())
     resp = await client.get("/")
     assert resp.status_code == 200
-    assert "sqlite:///./runtime-refresh.db" in resp.text
+    assert "SQLite" in resp.text and "runtime-refresh.db" in resp.text
     assert "execute" in resp.text