A read-only, self-verifying data layer for the SQL database behind your ERP — weekly reports, and a guarded MCP server for AI agents.
Every query provably read-only, measured against 28 attacks. No BI license, no agent installed on the ERP server, no writes.
✓ read-only guard: 28/28 attacks refused — try to break it →
pipx install erp-report-engine erp-report-engine init-demo erp-report-engine run -c config.demo.yaml
One command against the bundled demo database: four KPIs vs an 8-week baseline, named drivers, a data-quality gate, reconciled counts — self-contained HTML.
open the reportThe premium dark dashboard: animated KPIs, SPC control-band charts, receivables aging and revenue concentration — a real chart in every cell, no external assets.
open the dashboardPaste SQL and watch the real read-only guard allow or refuse it — running in your browser, on the exact code the engine ships. Interactive.
try it yourselfPrefer the static results? See the full 28-attack trust benchmark → — where the same corpus is run through the shortcuts real tools ship: a starts-with-SELECT check refuses just 6 of the 28, a keyword blocklist 9 (and it blocks a legitimate read); this guard refuses all 28.
Or read the story: why "read-only-in-prose" is not read-only → — the two famous MCP database failures, and how to build a guard you can prove.
Weighing your options? Read-only database access for AI agents, compared → — transactions vs roles vs statement guards vs semantic layers, and where each is the right choice.