|
| ▲ | Too 3 days ago | parent | next [-] |
| Do you have a less hypothetical example to share? Just a basic prompt that makes use of this server and how it responds. Or a simple agent conversation that continues successfully beyond 5 roundtrips. |
|
| ▲ | dakiol 3 days ago | parent | prev | next [-] |
| Why wouldn't we just give the agent read permission on a replica db? Wouldn't that be enough for the agent to know about: - what tables are there - table schemas and relationships Based on that, the agent could easily query the tables to extract info. Not sure why we need a "framework" for this. |
| |
| ▲ | robmccoll 3 days ago | parent | next [-] | | Disclaimer: I don't know the details of how this works. Time-to-solution and quality would be my guess. In my experience, adding high level important details about the way information is organized to the beginning of the context and then explaining the tools to further explore schema or access data produces much more consistent results rather than each inference having to query the system and build its own world view before trying to figure out how to answer your query and then doing it. It's a bit like giving you a book or giving you that book without the table of contents and no index, but you you can do basic text search over the whole thing. | |
| ▲ | RobertDeNiro 3 days ago | parent | prev [-] | | Because you also need proper access controls. In many cases database access is too low level, you need to bring it up a layer or two to know who can access what. Even more so when you want to do more than read data. |
|
|
| ▲ | TZubiri 3 days ago | parent | prev | next [-] |
| Cool. Can you give the agent a db user with restricted read permissions? Also, generic db question, but can you protect against resource overconsumption? Like if the junior/agent makes a query with 100 joins, can a marshall kill the process and time it out? |
| |
| ▲ | simba-k 3 days ago | parent [-] | | Yeah to restricted read, still a lot of API work to do here and we're a bit blocked by MCP itself changing its auth spec (was just republished yesterday). If you use the lower-level enrichMCP API (without SQLAlchemy) you can fully control all retrieval logic and add things like rate limiting, not dissimilar to how you'd solve this problem with a traditional API. | | |
| ▲ | TZubiri 2 days ago | parent [-] | | You could do this out of the MCP protocol, just by making a SQL user account with restricted privileges.
I'm assuming at some point you have to give the mcp orm credentials. I think it's easier and more maintainable to just add a doc page tutorial showing how to do it instead of making it part of the dependency. It also reduces the scope of the library. |
|
|
|
| ▲ | skuenzli 3 days ago | parent | prev | next [-] |
| This is the motivating example I was looking for on the readme: a client making a request and an agent handling it using the MCP. Along with a log of the agent reasoning its way to the answer. |
| |
| ▲ | simba-k 3 days ago | parent [-] | | Yes but the agent reasoning is going to use an LLM, I sometimes run our openai_chat_agent example just to test things out. Try giving it a shot, ask it to do something then ask it to explain its tool use. Obviously, it can (and sometimes will) hallucinate and make up why its using a tool. The thing is, we don't really have true LLM explainability so this is the best we can really do. |
|
|
| ▲ | polskibus 3 days ago | parent | prev | next [-] |
| are you saying that a current gen LLM can answer such queries with EnrichMCP directly? or does it need guidance via prompts (for example tell it which tables to look at, etc. ) ? I did expose a db schema to LLM before, and it was ok-ish, however often times the devil was in the details (one join wrong, etc.), causing the whole thing to deliver junk answers. what is your experience with non trivial db schemas? |
| |
| ▲ | simba-k 3 days ago | parent [-] | | So one big difference is that we aren't doing text2sql here, and the framework requires clear descriptions on all fields, entities, and relationships (it literally won't run otherwise). We also generate a few tools for the LLM specifically to explain the data model to it. It works quite well, even on complex schemas. The use case is more transactional than analytical, though we've seen it used for both. I recommend running the openai_chat_agent in examples/ (also supports ollama for local run) and connect it to the shop_api server and ask it a question like : "Find and explain fraud transactions" | | |
| ▲ | polskibus 3 days ago | parent [-] | | So explicit model description (kind of repeating the schema into explicit model definition) provides better results when used with LLM because it’s closer to the business domain(or maybe the extra step from DDL to business model is what confuses the LLM?). I think I’m failing to grasp why does this approach work better than straight schema fed to Llm. | | |
| ▲ | simba-k 3 days ago | parent [-] | | Yeah, think of it as a data analyst. If I give you a Postgres account with all of our tables in it, you wouldn't even know when to start and would spend tons of time just running queries to figure out what you were looking at. If I explain the semantic graph, entities, relationships, etc. with proper documentations and descriptions you'd be able to reason about it much faster and more accurately. A postgres schema might have the data type and a name and a table name vs. all the rich metadata that would be required in EnrichMCP. |
|
|
|
|
| ▲ | Sytten 3 days ago | parent | prev | next [-] |
| This is opening a new can of worm of information disclosure, at least one job the AI won't kill is people in security. MCP is the new IoT, where S stands for security /s |
| |
| ▲ | TZubiri 3 days ago | parent [-] | | What is the difference between a junior and an agent. Can't you give them smart permissions on a need to know basis? I guess you also need per user contexts, such that you depend on the user auth to access user data, and the agent can only access that data. But this same concern exists for employees in big corps. If I work at google, I probably am not able to access arbitrary data, so I can't leak it. |
|
|
| ▲ | smohare 3 days ago | parent | prev [-] |
| [dead] |