10 โ Non-Goals
What we are deliberately not building. Listed here so they don't creep in.
Not a BI toolโ
No dashboards. No saved queries. No charts. No "share this result with my team." Agents are the read-out; if humans want a dashboard, they have Metabase / Superset / Looker / whatever they already use. Adding even one chart starts a feature treadmill that ends in us competing with Tableau and losing.
Not a query builderโ
No visual SQL editor. No "drag a table onto a canvas." The agent writes the SQL; the human writes prompts. If a person wants to write SQL by hand against the gateway, that's a sign they should be using psql with their own credential, not this product.
Not a credential vaultโ
We use a secret manager; we don't replace one. The gateway is not Vault, not 1Password, not AWS Secrets Manager. If you have one of those, point us at it. If you don't, get one first.
Not a SaaSโ
There is no hosted version, no control plane, no "sign up." Every install is self-hosted, single-tenant, in the customer's own infra. We will never see your queries.
Not multi-tenantโ
One install = one organization. Two organizations sharing one gateway is explicitly unsupported. If you have two organizations, run two gateways.
Not a write-heavy toolโ
Writes are possible (see 06-permissions) but the system is shaped around read-only debugging. Migrations, data corrections, bulk updates โ those belong in your existing CI/CD or runbooks, not in an agent's tool call.
Not a databaseโ
The state Postgres is internal plumbing for sessions + audit. It's not exposed, not extensible, not queryable through the gateway's own MCP tools. Don't try to use it as application storage.
Not an AI productโ
There is no embedded LLM, no vector store, no "natural language to SQL" feature inside the gateway. The agent calling us has all of that. Our job is plumbing.
Not a tool for end usersโ
The user of this system is an engineer running an AI agent. Not a customer-success rep checking an order. Not a finance analyst pulling numbers. Not a marketing person querying campaigns. Those use cases are real but they need a different product with different guardrails.
Not "agentic" anythingโ
We don't run agents. We don't host agents. We don't coordinate agents. We expose tools to whatever agent the user is already running.
Not a network proxyโ
We don't tunnel arbitrary DB protocol traffic. We expose specific MCP tools that internally run specific queries. "Just let me connect to the DB through you" is the thing this product replaces; it's not a feature we add later.
Not an admin UIโ
Permissions live in YAML in git. There is no /admin web UI for editing groups, granting access, or rotating credentials. The platform/infra teams who deploy this prefer config-as-code and we are not going to talk them out of it.