This looks very interesting but I’m not sure how to use it well. Would you mind sharing some prompts that use it and solve a real problem that you encountered ?

Imagine you're building a support agent for DoorDash. A user asks, "Why is my order an hour late?" Most teams today would build a RAG system that surfaces a help center article saying something like, "Here are common reasons orders might be delayed."

That doesn't actually solve the problem. What you really need is access to internal systems. The agent should be able to look up the order, check the courier status, pull the restaurant's delay history, and decide whether to issue a refund. None of that lives in documentation. It lives in your APIs and databases.

LLMs aren't limited by reasoning. They're limited by access.

EnrichMCP gives agents structured access to your real systems. You define your internal data model using Python, similar to how you'd define models in an ORM. EnrichMCP turns those definitions into typed, discoverable tools the LLM can use directly. Everything is schema-aware, validated with Pydantic, and connected by a semantic layer that describes what each piece of data actually means.

You can integrate with SQLAlchemy, REST APIs, or custom logic. Once defined, your agent can use tools like get_order, get_restaurant, or escalate_if_late with no additional prompt engineering.

It feels less like stitching prompts together and more like giving your agent a real interface to your business.

Do you have a less hypothetical example to share?

Just a basic prompt that makes use of this server and how it responds. Or a simple agent conversation that continues successfully beyond 5 roundtrips.

Why wouldn't we just give the agent read permission on a replica db? Wouldn't that be enough for the agent to know about:

- what tables are there

- table schemas and relationships

Based on that, the agent could easily query the tables to extract info. Not sure why we need a "framework" for this.

Disclaimer: I don't know the details of how this works.

Time-to-solution and quality would be my guess. In my experience, adding high level important details about the way information is organized to the beginning of the context and then explaining the tools to further explore schema or access data produces much more consistent results rather than each inference having to query the system and build its own world view before trying to figure out how to answer your query and then doing it.

It's a bit like giving you a book or giving you that book without the table of contents and no index, but you you can do basic text search over the whole thing.

Because you also need proper access controls. In many cases database access is too low level, you need to bring it up a layer or two to know who can access what. Even more so when you want to do more than read data.

Cool. Can you give the agent a db user with restricted read permissions?

Also, generic db question, but can you protect against resource overconsumption? Like if the junior/agent makes a query with 100 joins, can a marshall kill the process and time it out?

Yeah to restricted read, still a lot of API work to do here and we're a bit blocked by MCP itself changing its auth spec (was just republished yesterday).

If you use the lower-level enrichMCP API (without SQLAlchemy) you can fully control all retrieval logic and add things like rate limiting, not dissimilar to how you'd solve this problem with a traditional API.

You could do this out of the MCP protocol, just by making a SQL user account with restricted privileges. I'm assuming at some point you have to give the mcp orm credentials. I think it's easier and more maintainable to just add a doc page tutorial showing how to do it instead of making it part of the dependency. It also reduces the scope of the library.

This is the motivating example I was looking for on the readme: a client making a request and an agent handling it using the MCP. Along with a log of the agent reasoning its way to the answer.

Yes but the agent reasoning is going to use an LLM, I sometimes run our openai_chat_agent example just to test things out. Try giving it a shot, ask it to do something then ask it to explain its tool use.

Obviously, it can (and sometimes will) hallucinate and make up why its using a tool. The thing is, we don't really have true LLM explainability so this is the best we can really do.

are you saying that a current gen LLM can answer such queries with EnrichMCP directly? or does it need guidance via prompts (for example tell it which tables to look at, etc. ) ? I did expose a db schema to LLM before, and it was ok-ish, however often times the devil was in the details (one join wrong, etc.), causing the whole thing to deliver junk answers.

what is your experience with non trivial db schemas?

So one big difference is that we aren't doing text2sql here, and the framework requires clear descriptions on all fields, entities, and relationships (it literally won't run otherwise).

We also generate a few tools for the LLM specifically to explain the data model to it. It works quite well, even on complex schemas.

The use case is more transactional than analytical, though we've seen it used for both.

I recommend running the openai_chat_agent in examples/ (also supports ollama for local run) and connect it to the shop_api server and ask it a question like : "Find and explain fraud transactions"

So explicit model description (kind of repeating the schema into explicit model definition) provides better results when used with LLM because it’s closer to the business domain(or maybe the extra step from DDL to business model is what confuses the LLM?). I think I’m failing to grasp why does this approach work better than straight schema fed to Llm.

Yeah, think of it as a data analyst. If I give you a Postgres account with all of our tables in it, you wouldn't even know when to start and would spend tons of time just running queries to figure out what you were looking at.

If I explain the semantic graph, entities, relationships, etc. with proper documentations and descriptions you'd be able to reason about it much faster and more accurately.

A postgres schema might have the data type and a name and a table name vs. all the rich metadata that would be required in EnrichMCP.

This is opening a new can of worm of information disclosure, at least one job the AI won't kill is people in security.

MCP is the new IoT, where S stands for security /s

What is the difference between a junior and an agent. Can't you give them smart permissions on a need to know basis?

I guess you also need per user contexts, such that you depend on the user auth to access user data, and the agent can only access that data.

But this same concern exists for employees in big corps. If I work at google, I probably am not able to access arbitrary data, so I can't leak it.

It’s also an excellent example on how lack of forced machine-readable format for gov publishing is a PITA.

If I was in power and wanted to continue said rule, I’d definitely discourage the adoption of any standardized formatting for election results.

Not, you know, for any nefarious purpose…but because what we’ve used forever was good enough for grandpappy, so it’s obviously good enough for us.

/cough

My experiments with copilot and Claude desktop via mcp on the same codebase suggest that copilot is trimming the context much more than desktop. Using the same model the outputs are just less informed.

How can I order it to Europe?

Which country are you in? I can set up the delivery option for your country.

I guess it’s too late now, please consider EU next time. Whether I would buy it would depend on total cost. I joined the waitlist.

Is this a reaction to Apple paper showing that reasoning models don’t really reason?

Why would that be?

If these kids could read, they would be very upset.

How does it work for outsourcing? Do you get full tax deduction if f you just pay offshore company to do dev?

What is your team’s take on the copyright for commits generated by ai agent ? Would the copyright protect it?

Current US stance seems to be: https://www.copyright.gov/newsnet/2025/1060.html “It concludes that the outputs of generative AI can be protected by copyright only where a human author has determined sufficient expressive elements”.

If entire commit is generated by AI then it is obvious what created it - it’s AI. Such commit might not be covered by the law. Is this something your team has already analysed?

This is a very fascinating aspect which is not discussed much. So far in human history every text was written by someone and thus there is some kind of copyright.

Now we have text which is legally not owned by anybody. Is it "public domain" though? It is not possible to verify it, so maybe it is but it still poses legal risks.

>If entire commit is generated by AI then it is obvious what created it - it’s AI.

Whether it's committed or not is irrelevant to the conclusion there, the question is what was the input.

For something like a compiler where the output is mostly deterministic[0] I agree. For an AI that was trained on an unknown corpus, and that corpus changes over time, the output is much less deterministic and I would say you lose the human element needed of copyright claims.

If it can be shown that for the same prompt, run through the AI several times over perhaps a year, results in the same output - then I will change my mind. Or if the AI achieves personhood.

[0] Allowances for register & loop optimization, etc.

> “It concludes that the outputs of generative AI can be protected by copyright only where a human author has determined sufficient expressive elements”

How would that work if it's a patch to a project with a copyleft license like GPL which requires all derivate work to be licensed the same?

IANAL, but it means the commit itself is public domain. When integrated into a code base with a more restrictive license, you can still use that isolated snippet in whatever way you want.

More interesting question is whether one could remove the GPL restrictions on public code by telling AI to rewrite the code from scratch, providing only the behavior of the code.

This could be accomplished by making AI generate a comprehensive test suite first, and then let it write the code of the app seeing only the test suite.

Hmm, so basically automated clean room reimplementation, using coding agents? Our concepts of authorship, copying, and equivalence are getting a real workout these days!

you'd need a pretty good opsec and non-search capable agent and logs of all its actions/chain of thought/process to be able to truly claim cleanroom implementation tho

The logs and traceability are the secret sauce here. It's one thing to have an artifact that mysteriously replicates the functionality of a well known IP-protected product without just straight up copying it. It's another thing to be able to demonstrate that said artifact was generated solely from information in the public domain or otherwise legally valid to use.

if its of your interest, i was investigating this and found out all the big labs like openai offer and indemnity clause for enterprise customers, that is supposed to assure you that it doesn't output non-compliant license code (like copyrighted or AGPL or whatever), BUT you have to accept them keeping all your logs, give them access, and let them and their lawyers do build their own case in case of getting sued.

I guess they're mostly selling insurance to bigCo's, and saying, hey we have the money to go to law, and the interests to win such a case, so we'll handle it

GPL is a copyright licence, not a ToS.

> GPL is a copyright licence, not a ToS.

How is ToS relevant to this thread?

AI Code and Copyright - Risky Business or Creative Power-Up(AI Generated Podcast)

https://open.spotify.com/episode/6o2Ik3w6c4x4DYILXwRSos?si=5...

An unconventional license for AI-generated code. Maybe public domain, maybe not. Use freely, vibe responsibly.

https://jilvin.github.io/vibe-license/

I wonder how long did it take to bisect such issue. Build image every time and reboot a vm?

I can't remember exactly but it was a few hours. I already knew which week the issue arose (from comparing weekly snapshots) so that gave me a head start.

But yes, I built a lot of AMIs. And launched new EC2 instances for each of them -- it wasn't just a matter of rebooting since the first time an AMI launches there's different behaviour (both from FreeBSD, e.g. growing the root disk, and from EC2, e.g. disk caching).

Thanks for the additional information, a few hours sounds great, I was expecting multiple days to narrow it down, given a lengthy feedback loop.

Question for those who burn through Max limits- what type of tasks do you do that burn so much of the limit? I’d imagine it has to be a lot of code being produced? Or is it large inputs that burn through it quickly? If you run Claude so often during the day - what is it doing for you all the time?

I am guessing part of it is the size of the code base it has to read to do any changes or understand the required changes?

Still it means it does really heavy lift. I’d like to understand how to extract bigger efficiency gains from Claude etc , because currently often times I just waste time with it and give up after several attempts

Shouldn’t this be a launch HN/ shown HN?