The problem
When you connect databases and files to an AI agent, how do you control what it can see?
If you dump everything into context, the agent effectively has access to all of it. Prompts can
ask it to stay in bounds, but prompts don’t enforce anything — and models still hallucinate.
You could bolt on custom workflows or one-off code paths, but that doesn’t scale. What if you have a
million records and only want the agent to see a slice? RAG helps with documents, not governed row-level
access across live systems. And if you let the agent write SQL against your database, you’ve lost real
control the moment that query hits the source.
It gets harder when data lives in more than one place. How do you join CRM, warehouse, and flat files,
scope the result to the right person or role, and return only what the agent needs — with an
audit trail?
The answer
That’s why we built AnythingGraph: a thin CLI layer between your AI agents and your
systems of record.
It connects to your data without moving it. You define an ontology
(entities, relationships, access rules) in versioned playbooks and
bindings — a human-controlled semantic layer that sits between the agent and your sources.
Agents don’t get raw schema dumps or ad-hoc SQL. They call governed MCP tools (query_graph
and related APIs) that compile questions into read-only plans, enforce relationship-based access, and
return answers with proof — which rows, which sources, which path.
Building an ontology used to mean months of platform work. AnythingGraph works with the agents you already
use (Claude, Cursor, OpenAI, and others): introspect live sources, propose mappings, test bindings, and
save playbooks — often in minutes, not quarters.
It’s written in Rust — small, fast, and suitable for local dev or your own deployment.
Policy as code means playbooks and bindings live in git: review,
version, and approve changes like any other critical config.