AI Agents
Pipeline automation for AI agents
Connect Cursor, Claude Code, GitHub Copilot, and custom scripts to MantrixFlow. Draft source-to-destination workflows, inspect runs, and query delivered data cleanly — with strict security guards.
Interactive Demo
Watch MCP Agent in Action
How It Works
Multi-service trust boundary
A MantrixFlow custom agent is a model-powered pipeline worker tied to a specific pipeline. Go server acts as the secure boundary, enforcing permission checks before decrypting credentials or calling the ELT runner.
Agent Settings Hub
Configure publisher permissions, allowed origin domains, and table scopes for each worker agent.
AI Flow Planner
Translates natural language prompts into structural tool calls and formatted query options.
Query Guard Boundary
Validates all generated SQL. Blocks mutations, table creation, and queries to unauthorized tables.
Secure Runner
Executes isolated read-only queries against allowlisted sources and destinations.
Client-Side SDK
Loads a lightweight embedded query widget or hooks directly into IDE interfaces via safe API keys.
Secure Query Execution
Every user question is translated into queries that run within isolated read-only environments. Safe parsing ensures that queries do not mutate destination tables or expose unauthorized connection credentials.
SELECT
SUM(total) AS revenue,
COUNT(*) AS orders
FROM analytics.order_history
WHERE created_at >= NOW()
- INTERVAL '7 days'Query Guard
Guarded read-only execution
When an agent requests database content, the system parses the SQL, extracts table references, and matches them against the explicit scoped allowlist. Mutating queries are immediately rejected.
Queries restricted to authorized allowed_tables configuration.
Queries disabled by default unless explicitly allowed.
Security First
Public embed security model
Your public `agent_key` is safe to put in HTML. Next.js and Go enforce multiple strict runtime barriers to ensure external visitors cannot access private configurations.
Domain allowlisting
Rejects unknown browser origins
Table scoping
Rejects SQL outside the selected table set
Read-only SQL
Rejects mutating SQL before ELT execution
Rate limiting
100 requests per browser session per hour
No public run tools
Embeds cannot trigger pipeline runs
Internal token
Next.js calls Go via X-Internal-Token
Model Agnostic
Model provider integrations
Configure your preferred LLM provider at runtime. The platform dynamically adapts the prompt format and tool completions.
Anthropic
Hosted model with strong tool-call reasoning
OpenRouter
Access 100+ models through a single API
Ollama
Run locally on M3 Pro — no API key needed
Vercel AI Gateway
Unified routing with analytics and rate limiting
OpenAI-compatible
Any proxy that exposes chat completions
Agent Workflows
Designed for IDE-native operations
Manage agents cleanly from workspace configuration down to public external embedded widgets.
Authenticated Test Chat
Workspace users test the agent before embedding. Tools include execute_query, run_pipeline, and get_run_status — all gated through Go.
Public Embedded Chat
Run the same agent from an external website via agent.js or the React SDK. Public chat never receives pipeline-run tools.
Pipeline Worker Tools
Authenticated users operate the pipeline from chat: trigger runs, check status, and query delivered data with full SQL validation.
Launch pipeline agent
Create an agent for any existing PostgreSQL pipeline in your workspace with zero code needed.
