erp-report-engine

A read-only, self-verifying data layer for the SQL database behind your ERP — weekly reports, and a guarded MCP server for AI agents.

Every query provably read-only, measured against 28 attacks. No BI license, no agent installed on the ERP server, no writes.

✓ read-only guard: 28/28 attacks refused — try to break it → The read-only guard in the browser playground: a server-file read and the famous COMMIT; DROP Postgres bypass are refused, real analytics is allowed
pipx install erp-report-engine
erp-report-engine init-demo
erp-report-engine run -c config.demo.yaml

Live sample report →

One command against the bundled demo database: four KPIs vs an 8-week baseline, named drivers, a data-quality gate, reconciled counts — self-contained HTML.

open the report

Command Center →

The premium dark dashboard: animated KPIs, SPC control-band charts, receivables aging and revenue concentration — a real chart in every cell, no external assets.

open the dashboard

Break the guard →

Paste SQL and watch the real read-only guard allow or refuse it — running in your browser, on the exact code the engine ships. Interactive.

try it yourself

Prefer the static results? See the full 28-attack trust benchmark → — where the same corpus is run through the shortcuts real tools ship: a starts-with-SELECT check refuses just 6 of the 28, a keyword blocklist 9 (and it blocks a legitimate read); this guard refuses all 28.

Or read the story: why "read-only-in-prose" is not read-only → — the two famous MCP database failures, and how to build a guard you can prove.

Weighing your options? Read-only database access for AI agents, compared → — transactions vs roles vs statement guards vs semantic layers, and where each is the right choice.

What one run produces

Read-only, enforced in code