[HN Gopher] Show HN: EnrichMCP - A Python ORM for Agents
___________________________________________________________________
Show HN: EnrichMCP - A Python ORM for Agents
I've been working with the Featureform team on their new open-
source project, [EnrichMCP][1], a Python ORM framework that helps
AI agents understand and interact with your data in a structured,
semantic way. EnrichMCP is built on top of [MCP][2] and acts like
an ORM, but for agents instead of humans. You define your data
model using SQLAlchemy, APIs, or custom logic, and EnrichMCP turns
it into a type-safe, introspectable interface that agents can
discover, traverse, and invoke. It auto-generates tools from your
models, validates all I/O with Pydantic, handles relationships, and
supports schema discovery. Agents can go from user - orders -
product naturally, just like a developer navigating an ORM. We use
this internally to let agents query production systems, call APIs,
apply business logic, and even integrate ML models. It works out of
the box with SQLAlchemy and is easy to extend to any data source.
If you're building agentic systems or anything AI-native, I'd love
your feedback. Code and docs are here:
https://github.com/featureform/enrichmcp. Happy to answer any
questions. [1]: https://github.com/featureform/enrichmcp [2]:
https://modelcontextprotocol.io/introduction
Author : bloppe
Score : 69 points
Date : 2025-06-19 17:32 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| knowsuchagency wrote:
| Super interesting idea. How feasible would it be to integrate
| this with Django?
| simba-k wrote:
| Very! We had quite a few people do this at a hackathon we
| hosted this past weekend.
| aolfat wrote:
| Woah, it generates the SQLAlchemy automatically? How does this
| handle auth/security?
| simba-k wrote:
| Yep, we can essentially convert from SQLAlchemy into an MCP
| server.
|
| Auth/Security is interesting in MCP. As of yesterday a new spec
| was released with MCP servers converted to OAuth resource
| servers. There's still a lot more work to do on the MCP
| upstream side, but we're keeping up with it and going to have a
| deeper integration to have AuthZ support once the upstream
| enables it.
| polskibus wrote:
| This looks very interesting but I'm not sure how to use it well.
| Would you mind sharing some prompts that use it and solve a real
| problem that you encountered ?
| simba-k wrote:
| Imagine you're building a support agent for DoorDash. A user
| asks, "Why is my order an hour late?" Most teams today would
| build a RAG system that surfaces a help center article saying
| something like, "Here are common reasons orders might be
| delayed."
|
| That doesn't actually solve the problem. What you really need
| is access to internal systems. The agent should be able to look
| up the order, check the courier status, pull the restaurant's
| delay history, and decide whether to issue a refund. None of
| that lives in documentation. It lives in your APIs and
| databases.
|
| LLMs aren't limited by reasoning. They're limited by access.
|
| EnrichMCP gives agents structured access to your real systems.
| You define your internal data model using Python, similar to
| how you'd define models in an ORM. EnrichMCP turns those
| definitions into typed, discoverable tools the LLM can use
| directly. Everything is schema-aware, validated with Pydantic,
| and connected by a semantic layer that describes what each
| piece of data actually means.
|
| You can integrate with SQLAlchemy, REST APIs, or custom logic.
| Once defined, your agent can use tools like get_order,
| get_restaurant, or escalate_if_late with no additional prompt
| engineering.
|
| It feels less like stitching prompts together and more like
| giving your agent a real interface to your business.
| skuenzli wrote:
| This is the motivating example I was looking for on the
| readme: a client making a request and an agent handling it
| using the MCP. Along with a log of the agent reasoning its
| way to the answer.
| simba-k wrote:
| Yes but the agent reasoning is going to use an LLM, I
| sometimes run our openai_chat_agent example just to test
| things out. Try giving it a shot, ask it to do something
| then ask it to explain its tool use.
|
| Obviously, it can (and sometimes will) hallucinate and make
| up why its using a tool. The thing is, we don't really have
| true LLM explainability so this is the best we can really
| do.
| polskibus wrote:
| are you saying that a current gen LLM can answer such queries
| with EnrichMCP directly? or does it need guidance via prompts
| (for example tell it which tables to look at, etc. ) ? I did
| expose a db schema to LLM before, and it was ok-ish, however
| often times the devil was in the details (one join wrong,
| etc.), causing the whole thing to deliver junk answers.
|
| what is your experience with non trivial db schemas?
| simba-k wrote:
| So one big difference is that we aren't doing text2sql
| here, and the framework requires clear descriptions on all
| fields, entities, and relationships (it literally won't run
| otherwise).
|
| We also generate a few tools for the LLM specifically to
| explain the data model to it. It works quite well, even on
| complex schemas.
|
| The use case is more transactional than analytical, though
| we've seen it used for both.
|
| I recommend running the openai_chat_agent in examples/
| (also supports ollama for local run) and connect it to the
| shop_api server and ask it a question like : "Find and
| explain fraud transactions"
| polskibus wrote:
| So explicit model description (kind of repeating the
| schema into explicit model definition) provides better
| results when used with LLM because it's closer to the
| business domain(or maybe the extra step from DDL to
| business model is what confuses the LLM?). I think I'm
| failing to grasp why does this approach work better than
| straight schema fed to Llm.
| Sytten wrote:
| This is opening a new can of worm of information disclosure,
| at least one job the AI won't kill is people in security.
|
| MCP is the new IoT, where S stands for security /s
| TZubiri wrote:
| What is the difference between a junior and an agent. Can't
| you give them smart permissions on a need to know basis?
|
| I guess you also need per user contexts, such that you
| depend on the user auth to access user data, and the agent
| can only access that data.
|
| But this same concern exists for employees in big corps. If
| I work at google, I probably am not able to access
| arbitrary data, so I can't leak it.
| TZubiri wrote:
| Cool. Can you give the agent a db user with restricted read
| permissions?
|
| Also, generic db question, but can you protect against
| resource overconsumption? Like if the junior/agent makes a
| query with 100 joins, can a marshall kill the process and
| time it out?
| dakiol wrote:
| Why wouldn't we just give the agent read permission on a
| replica db? Wouldn't that be enough for the agent to know
| about:
|
| - what tables are there
|
| - table schemas and relationships
|
| Based on that, the agent could easily query the tables to
| extract info. Not sure why we need a "framework" for this.
| robmccoll wrote:
| Disclaimer: I don't know the details of how this works.
|
| Time-to-solution and quality would be my guess. In my
| experience, adding high level important details about the
| way information is organized to the beginning of the
| context and then explaining the tools to further explore
| schema or access data produces much more consistent results
| rather than each inference having to query the system and
| build its own world view before trying to figure out how to
| answer your query and then doing it.
|
| It's a bit like giving you a book or giving you that book
| without the table of contents and no index, but you you can
| do basic text search over the whole thing.
| revskill wrote:
| Do you provide prisma alternative ?
| simba-k wrote:
| Not sure exactly what you mean here. Prisma is an ORM for
| developers working with databases in TypeScript. EnrichMCP is
| more like an ORM for AI agents. It's not focused on replacing
| Prisma in your backend stack, but it serves a similar role for
| agents that need to understand and use your data model.
|
| It's also Python.
| ljm wrote:
| > agents query production systems
|
| How do you handle PII or other sensitive data that the LLM
| shouldn't know or care about?
| traverseda wrote:
| That's an odd question. If you have a regular ORM how do you
| handle sensitive data that your user shouldn't know about? You
| add some logic or filters so that the user can only query their
| own data, or other data they have permission to access.
|
| It's also addressed directly in the README.
| https://github.com/featureform/enrichmcp?tab=readme-ov-file#...
|
| I know LLMs can be scary, but this is the same problem that any
| ORM or program that handles user data would deal with.
___________________________________________________________________
(page generated 2025-06-19 23:00 UTC)