Chatzuri - AI Agents & Workflows for Business Automation

Database tools let the agent run real queries against your data — not a copy, not a snapshot — so it can answer questions about today's orders, this week's signups, or the customer's current balance.

Shared safety model

Every database tool ships with three layers of protection:

Your DB role — the database user the connection string points to. Provision it with least privilege (a read-only replica, a role with SELECT only).
Capability profile — read-only by default on every new credential. Read+write enables INSERT / UPDATE; full access enables DELETE. Enforced before the query reaches the DB.
Hard caps — 500 rows per response, 256 KB serialized, 30 s timeout, DDL (DROP/CREATE/ALTER) rejected unconditionally, multi-statement SQL rejected.

Heads up

Always pair the capability profile with a least-privilege DB role. Two locks must fail before anything bad happens. Don't use your production admin connection string.

PostgreSQL

Tool id: postgres_query. Credential type: postgres.

Use list_schemas, list_tables, or describe_table as discovery shortcuts, then run parameterised SQL with $1, $2 placeholders.

Setup

Create a least-privilege role in Postgres: CREATE ROLE chatzuri_agent LOGIN PASSWORD '…'; GRANT CONNECT ON DATABASE app TO chatzuri_agent; GRANT USAGE ON SCHEMA public TO chatzuri_agent; GRANT SELECT ON ALL TABLES IN SCHEMA public TO chatzuri_agent;
Save the connection details — either a full URI (postgresql://user:pass@host:5432/db?sslmode=require) or the discrete host / port / database / username / password / sslMode fields.
Pick the SSL mode — use require for cloud-hosted Postgres (Supabase, Neon, RDS).

MySQL / MariaDB

Tool id: mysql_query. Credential type: mysql.

Same shape as Postgres but with ? placeholders. Works for self-hosted MySQL, MariaDB, PlanetScale, and AWS RDS.

Setup

Create a least-privilege user: CREATE USER 'chatzuri'@'%' IDENTIFIED BY '…'; GRANT SELECT ON app.* TO 'chatzuri'@'%'; FLUSH PRIVILEGES;
Save connection details on a MySQL credential. Set SSL mode to require on managed providers (PlanetScale, RDS).

MongoDB

Tool id: mongodb_query. Credential type: mongodb.

Actions: find, findOne, aggregate, countDocuments, distinct, list_collections, describe_collection, plus inserts / updates / deletes gated by the profile.

Setup

Get the connection string from MongoDB Atlas (Database → Connect → Drivers) or your self-hosted cluster.
Make sure the user in the URI has only the roles you want — e.g. read on a specific database for a read-only agent.
Save the URI + optional defaultDatabase on a MongoDB credential.
On Atlas, allow chatzuri's outbound IPs (or use 0.0.0.0/0 for a public test cluster). Production: lock to your VPC peer.

Note

Aggregation pipelines with $out or $merge stages are treated as writes — they're rejected on a read-only credential even though the named action is aggregate.

Redis

Tool id: redis_query. Credential type: redis.

24 commands across read (GET, MGET, EXISTS, TYPE, TTL, HGET, HGETALL, LRANGE, SCAN, …), write (SET, HSET, LPUSH, ZADD, EXPIRE, INCR, …), and delete (DEL, HDEL, SREM). FLUSHDB / FLUSHALL / KEYS * are never reachable regardless of profile.

Setup

Get connection details from your provider (Upstash, AWS ElastiCache, self-hosted). Use a rediss:// URI for TLS, or set the TLS field on discrete-field credentials.
Set a namespacePrefix (e.g. chatzuri:agent:abc:) — the tool prefixes every key the LLM supplies and limits SCAN to {prefix}*. Strong multi-tenant isolation; recommended for shared Redis.

Supabase

Tool id: supabase_query. Credential type: supabase.

Talks to your Supabase project's PostgREST endpoint — select, insert, update, upsert, delete, rpc, list_tables, describe_table.

Setup

Open your project in app.supabase.com → Project Settings → API.
Copy the Project URL.
Pick a key: anon key (subject to Row-Level Security — recommended) or service_role key (bypasses RLS — full access).
Save URL + key + optional defaultSchema (defaults to public) as a Supabase credential. Set the capability profile.

Tip

If you need raw SQL against your Supabase database (not PostgREST verbs), use the Postgres tool instead with the connection string from Project Settings → Database → Connection string.

Airtable

Tool id: airtable. Credential type: airtable.

Actions: list_tables, list_records, get_record, create_record, update_record, delete_record.

Setup

Open airtable.com/create/tokens.
Click Create new token. Add scopes: data.records:read at minimum, plus data.records:write and schema.bases:read if you want writes and list_tables.
Add access to the specific base(s) you want the agent to touch.
Click Create token and copy the personal access token (starts with pat…).
Save the token + base id (visible in the base URL, https://airtable.com/{base_id}/…) as an Airtable credential.

Shared safety model

Every database tool ships with three layers of protection:

Your DB role — the database user the connection string points to. Provision it with least privilege (a read-only replica, a role with SELECT only).
Capability profile — read-only by default on every new credential. Read+write enables INSERT / UPDATE; full access enables DELETE. Enforced before the query reaches the DB.
Hard caps — 500 rows per response, 256 KB serialized, 30 s timeout, DDL (DROP/CREATE/ALTER) rejected unconditionally, multi-statement SQL rejected.

Heads up

Always pair the capability profile with a least-privilege DB role. Two locks must fail before anything bad happens. Don't use your production admin connection string.

PostgreSQL

Tool id: postgres_query. Credential type: postgres.

Use list_schemas, list_tables, or describe_table as discovery shortcuts, then run parameterised SQL with $1, $2 placeholders.

Setup

Create a least-privilege role in Postgres: CREATE ROLE chatzuri_agent LOGIN PASSWORD '…'; GRANT CONNECT ON DATABASE app TO chatzuri_agent; GRANT USAGE ON SCHEMA public TO chatzuri_agent; GRANT SELECT ON ALL TABLES IN SCHEMA public TO chatzuri_agent;
Save the connection details — either a full URI (postgresql://user:pass@host:5432/db?sslmode=require) or the discrete host / port / database / username / password / sslMode fields.
Pick the SSL mode — use require for cloud-hosted Postgres (Supabase, Neon, RDS).

MySQL / MariaDB

Tool id: mysql_query. Credential type: mysql.

Same shape as Postgres but with ? placeholders. Works for self-hosted MySQL, MariaDB, PlanetScale, and AWS RDS.

Setup

Create a least-privilege user: CREATE USER 'chatzuri'@'%' IDENTIFIED BY '…'; GRANT SELECT ON app.* TO 'chatzuri'@'%'; FLUSH PRIVILEGES;
Save connection details on a MySQL credential. Set SSL mode to require on managed providers (PlanetScale, RDS).

MongoDB

Tool id: mongodb_query. Credential type: mongodb.

Actions: find, findOne, aggregate, countDocuments, distinct, list_collections, describe_collection, plus inserts / updates / deletes gated by the profile.

Setup

Get the connection string from MongoDB Atlas (Database → Connect → Drivers) or your self-hosted cluster.
Make sure the user in the URI has only the roles you want — e.g. read on a specific database for a read-only agent.
Save the URI + optional defaultDatabase on a MongoDB credential.
On Atlas, allow chatzuri's outbound IPs (or use 0.0.0.0/0 for a public test cluster). Production: lock to your VPC peer.

Note

Aggregation pipelines with $out or $merge stages are treated as writes — they're rejected on a read-only credential even though the named action is aggregate.

Redis

Tool id: redis_query. Credential type: redis.

Setup

Get connection details from your provider (Upstash, AWS ElastiCache, self-hosted). Use a rediss:// URI for TLS, or set the TLS field on discrete-field credentials.
Set a namespacePrefix (e.g. chatzuri:agent:abc:) — the tool prefixes every key the LLM supplies and limits SCAN to {prefix}*. Strong multi-tenant isolation; recommended for shared Redis.

Supabase

Tool id: supabase_query. Credential type: supabase.

Talks to your Supabase project's PostgREST endpoint — select, insert, update, upsert, delete, rpc, list_tables, describe_table.

Setup

Open your project in app.supabase.com → Project Settings → API.
Copy the Project URL.
Pick a key: anon key (subject to Row-Level Security — recommended) or service_role key (bypasses RLS — full access).
Save URL + key + optional defaultSchema (defaults to public) as a Supabase credential. Set the capability profile.

Tip

If you need raw SQL against your Supabase database (not PostgREST verbs), use the Postgres tool instead with the connection string from Project Settings → Database → Connection string.

Airtable

Tool id: airtable. Credential type: airtable.

Actions: list_tables, list_records, get_record, create_record, update_record, delete_record.

Setup

Open airtable.com/create/tokens.
Click Create new token. Add scopes: data.records:read at minimum, plus data.records:write and schema.bases:read if you want writes and list_tables.
Add access to the specific base(s) you want the agent to touch.
Click Create token and copy the personal access token (starts with pat…).
Save the token + base id (visible in the base URL, https://airtable.com/{base_id}/…) as an Airtable credential.