HN Distilled

Essential insights from Hacker News discussions

Show HN: EnrichMCP – A Python ORM for Agents

Original Article

Hacker News Discussion

Here's a summary of the key themes and opinions expressed in the Hacker News discussion about EnrichMCP, with direct quotations where appropriate:

Integration with Existing Frameworks (Django)

The feasibility of integrating EnrichMCP with existing web frameworks, particularly Django, is a point of interest.

  • "Super interesting idea. How feasible would it be to integrate this with Django?" - knowsuchagency
  • "Very! We had quite a few people do this at a hackathon we hosted this past weekend." - simba-k
  • "Currently would have to be done on the SQLAlchemy side, but someone asked to contribute django directly" - simba-k
  • "You could also build an EnrichMCP server that calls your Django server manually" - simba-k

How EnrichMCP Solves Real-World Problems

Users are interested in concrete use cases and how EnrichMCP addresses them, particularly in scenarios where LLMs need access to internal systems.

  • "This looks very interesting but I’m not sure how to use it well. Would you mind sharing some prompts that use it and solve a real problem that you encountered ?" - polskibus
  • simba-k provides an example of a support agent for DoorDash needing access to order, courier, and restaurant data to resolve customer inquiries about late orders. "LLMs aren't limited by reasoning. They're limited by access." - simba-k
  • "This is the motivating example I was looking for on the readme: a client making a request and an agent handling it using the MCP. Along with a log of the agent reasoning its way to the answer." - skuenzli
  • "Imagine you're building a support agent for DoorDash... None of that lives in documentation. It lives in your APIs and databases." - simba-k
  • "It feels less like stitching prompts together and more like giving your agent a real interface to your business." - simba-k
  • "Do you have a less hypothetical example to share? Just a basic prompt that makes use of this server and how it responds. Or a simple agent conversation that continues successfully beyond 5 roundtrips. " - Too

Data Model and Schema Handling

The discussion explores the advantages of using explicit model descriptions and rich metadata instead of directly feeding database schemas to LLMs.

  • "So one big difference is that we aren't doing text2sql here, and the framework requires clear descriptions on all fields, entities, and relationships (it literally won't run otherwise)." - simba-k
  • "If I give you a Postgres account with all of our tables in it, you wouldn't even know when to start and would spend tons of time just running queries to figure out what you were looking at. If I explain the semantic graph, entities, relationships, etc. with proper documentations and descriptions you'd be able to reason about it much faster and more accurately." - simba-k
  • "So explicit model description (kind of repeating the schema into explicit model definition) provides better results when used with LLM because it’s closer to the business domain(or maybe the extra step from DDL to business model is what confuses the LLM?)." - polskibus

Security and Access Control Concerns

A significant theme revolves around the security implications of giving agents access to production systems, especially concerning PII and sensitive data.

  • "This is opening a new can of worm of information disclosure, at least one job the AI won't kill is people in security." - Sytten
  • "MCP is the new IoT, where S stands for security /s" - Sytten
  • "How does this handle auth/security?" - aolfat
  • simba-k notes: "Auth/Security is interesting in MCP. As of yesterday a new spec was released with MCP servers converted to OAuth resource servers. There's still a lot more work to do on the MCP upstream side, but we're keeping up with it and going to have a deeper integration to have AuthZ support once the upstream enables it."
  • "Cool. Can you give the agent a db user with restricted read permissions?" - TZubiri
  • "Yeah to restricted read, still a lot of API work to do here and we're a bit blocked by MCP itself changing its auth spec (was just republished yesterday)." - simba-k
  • "How do you handle PII or other sensitive data that the LLM shouldn’t know or care about?" - ljm
  • "In most other progams you don't directly plug your database full of PII to an external service provider... The README repeats an example that makes the user's email available for an agent to query (enabling PII leakage), setting a bad precedent in a space that's already chock-full of vibe coders without any concern about data privacy." - hobofan
  • traverseda argues that handling sensitive data is similar to regular ORM programs, suggesting logic and filters for permission access.
  • "What you are talking about is essentially only row level security (which is important for tenant seperation), while in the case of integrating external service providers, you column level security is a more important factor." - hobofan
  • "You could implement field-level access controls with attribute decorators that mask PII during serialization, similar to how SQLAlchemy's hybrid_property can transform data before it reaches the agent context." - ethan_smith

Alternatives and Comparisons

The discussion touches upon alternative approaches, such as giving agents direct read access to replica databases, and compares EnrichMCP to tools like Prisma.

  • "Why wouldn't we just give the agent read permission on a replica db? Wouldn't that be enough for the agent to know about: - what tables are there - table schemas and relationships Based on that, the agent could easily query the tables to extract info. Not sure why we need a "framework" for this." - dakiol
  • "It's a bit like giving you a book or giving you that book without the table of contents and no index, but you you can do basic text search over the whole thing." - robmccoll
  • "Because you also need proper access controls. In many cases database access is too low level, you need to bring it up a layer or two to know who can access what. Even more so when you want to do more than read data." - RobertDeNiro
  • "Do you provide prisma alternative ?" - revskill
  • "Not sure exactly what you mean here. Prisma is an ORM for developers working with databases in TypeScript. EnrichMCP is more like an ORM for AI agents. It’s not focused on replacing Prisma in your backend stack, but it serves a similar role for agents that need to understand and use your data model." - simba-k

Agent Reasoning and Explainability

The limitations of LLM explainability and hallucination are acknowledged, with EnrichMCP aiming to provide a structured way for agents to access and reason about data.

  • "Obviously, it can (and sometimes will) hallucinate and make up why its using a tool. The thing is, we don't really have true LLM explainability so this is the best we can really do." - simba-k
  • "The agent reasoning is going to use an LLM, I sometimes run our openai_chat_agent example just to test things out. Try giving it a shot, ask it to do something then ask it to explain its tool use." - simba-k

Resource Consumption

  • "Also, generic db question, but can you protect against resource overconsumption? Like if the junior/agent makes a query with 100 joins, can a marshall kill the process and time it out?" - Tzubiri
  • "If you use the lower-level enrichMCP API (without SQLAlchemy) you can fully control all retrieval logic and add things like rate limiting, not dissimilar to how you'd solve this problem with a traditional API." - simba-k