Skip to main content
Database operations tools enable agents to execute read-only queries, inspect database schemas, and retrieve detailed information about system resources. All queries are validated for security and scoped to the authenticated user’s permissions through Supabase row-level security.

Overview

The database tools suite provides agents with structured access to OpsHub data across multiple schemas:
  • validation: Validation rules, runs, and breach data
  • investment: Portfolio, holdings, and NAV information
  • analytics: Dashboards and reporting
  • workflow: Temporal workflow definitions and execution history
  • integration: ETL pipeline configurations
All tools use authenticated Supabase clients and enforce row-level security at the database level.

Quick Reference

ToolPurposeKey Parameters
query_databaseExecute SELECT queriesquery, schema, limit
inspect_schemaDiscover tables and columnsschema_name, include_columns
get_validation_summaryValidation status snapshotNone (context-aware)
get_portfolio_summaryPortfolio overview dataportfolio_id (optional)
query_resource_detailsDashboard/workflow/pipeline metadatatype, id

Tools Reference

query_database

Type: Tool Parameters: DatabaseQueryInput Returns: Dict with success, data, row_count, schema, context_aware Execute read-only SQL queries against the OpsHub database with automatic schema context detection. Parameters:
  • query (string, required): SQL SELECT query to execute. Only SELECT statements are allowed.
  • schema (string, optional): Database schema to scope the query (e.g., ‘validation’, ‘investment’, ‘analytics’, ‘workflow’, ‘integration’). If not provided, automatically detects from workspace focus mode.
  • limit (integer, optional): Maximum rows to return. Default: 100, Maximum: 1000. Automatically appended to query if not present.
Returns:
  • success (boolean): Query execution status
  • data (array): List of row objects
  • row_count (integer): Number of rows returned
  • schema (string): Schema that was queried
  • context_aware (object): Context detection info including focus_mode and schema_auto_detected flag
  • error (string, optional): Error message if query failed
Security:
  • Beta SQL injection protection via query validator
  • Only SELECT queries allowed; DROP, DELETE, TRUNCATE, and other dangerous keywords blocked
  • Multiple statements blocked
  • SQL comments blocked
  • Queries automatically scoped by workspace context
  • Row-level security enforced at database layer
  • Dangerous keywords: DROP, DELETE, TRUNCATE, ALTER, EXEC, etc.
Examples: Validation data query with automatic schema detection: 
query_database(
  query="SELECT id, rule_name, status, last_run_at FROM validation_rules ORDER BY last_run_at DESC",
  limit=20
)
Returns: 
{
  "success": true,
  "row_count": 20,
  "schema": "validation",
  "context_aware": {
    "context_used": true,
    "schema_auto_detected": true,
    "focus_mode": "validation"
  },
  "data": [
    {
      "id": "rule-123",
      "rule_name": "NAV Variance Check",
      "status": "active",
      "last_run_at": "2025-10-29T14:30:00Z"
    }
  ]
}
Portfolio holdings query with explicit schema: 
query_database(
  query="SELECT p.id, p.name, COUNT(h.id) as holding_count FROM portfolios p LEFT JOIN holdings h ON p.id = h.portfolio_id GROUP BY p.id, p.name",
  schema="investment",
  limit=50
)
Portfolio NAV analysis: 
query_database(
  query="SELECT id, portfolio_code, total_nav, currency, as_of_date FROM portfolios WHERE status = 'active'",
  schema="investment",
  limit=100
)
Recent validation breaches: 
query_database(
  query="SELECT id, rule_id, portfolio_id, breach_value, severity, detected_at FROM breaches WHERE status = 'unresolved' ORDER BY detected_at DESC",
  schema="validation",
  limit=50
)
Note: Workspace context is automatically extracted from agent config. Focus mode mapping: validation -> validation schema, dashboard -> analytics schema, workflow -> workflow schema, pipeline -> integration schema, spreadsheet -> investment schema.

inspect_schema

Type: Tool Parameters: SchemaInspectionInput Returns: Dict with success, schema, tables, table_count Discover available tables and column structure within a database schema before querying. Parameters:
  • schema_name (string, required): Schema to inspect (e.g., ‘validation’, ‘investment’, ‘analytics’, ‘workflow’, ‘integration’)
  • include_columns (boolean, optional): If true, include detailed column information (names, types, constraints) for each table. Default: false
Returns:
  • success (boolean): Inspection status
  • schema (string): Schema name inspected
  • tables (array): List of table objects with metadata
  • table_count (integer): Number of tables in schema
  • error (string, optional): Error message if inspection failed
Examples: List validation schema tables: 
inspect_schema(
  schema_name="validation"
)
Returns: 
{
  "success": true,
  "schema": "validation",
  "table_count": 5,
  "tables": [
    {
      "table_name": "validation_rules",
      "row_estimate": 150
    },
    {
      "table_name": "validation_runs",
      "row_estimate": 5000
    },
    {
      "table_name": "breaches",
      "row_estimate": 320
    }
  ]
}
Inspect investment schema with column details: 
inspect_schema(
  schema_name="investment",
  include_columns=true
)

get_validation_summary

Type: Tool Parameters: None (context-aware) Returns: Dict with success, summary, active_rules, breached_rules, unresolved_breaches Get a quick snapshot of validation status and outstanding breaches without writing custom queries. Parameters: None Returns:
  • success (boolean): Execution status
  • summary (object): Validation summary with metrics
  • active_rules (integer): Number of active validation rules
  • breached_rules (integer): Number of rules with active breaches
  • unresolved_breaches (integer): Count of unresolved breaches
  • error (string, optional): Error message if call failed
Examples: Get validation status: 
get_validation_summary()
Returns: 
{
  "success": true,
  "active_rules": 45,
  "breached_rules": 8,
  "unresolved_breaches": 23,
  "summary": {
    "active_rules": 45,
    "breached_rules": 8,
    "unresolved_breaches": 23,
    "total_validations_today": 1250
  }
}

get_portfolio_summary

Type: Tool Parameters: portfolio_id (optional string) Returns: Dict with success, portfolio/portfolios, count Retrieve portfolio overview data including NAV, status, and holdings information. Parameters:
  • portfolio_id (string, optional): ID of specific portfolio to query. If omitted, returns summary of all portfolios (limited to 50).
Returns (specific portfolio):
  • success (boolean): Execution status
  • portfolio (object): Portfolio object with nested holdings count
  • error (string, optional): Error message if call failed
Returns (all portfolios):
  • success (boolean): Execution status
  • portfolios (array): List of portfolio objects (id, name, portfolio_code, total_nav, status)
  • count (integer): Number of portfolios returned
  • error (string, optional): Error message if call failed
Examples: Get all portfolios summary: 
get_portfolio_summary()
Returns: 
{
  "success": true,
  "count": 12,
  "portfolios": [
    {
      "id": "p-001",
      "name": "Growth Fund Alpha",
      "portfolio_code": "GFA",
      "total_nav": 2500000,
      "status": "active"
    },
    {
      "id": "p-002",
      "name": "Value Fund Beta",
      "portfolio_code": "VFB",
      "total_nav": 1850000,
      "status": "active"
    }
  ]
}
Get specific portfolio details: 
get_portfolio_summary(portfolio_id="p-001")
Returns: 
{
  "success": true,
  "portfolio": {
    "id": "p-001",
    "name": "Growth Fund Alpha",
    "portfolio_code": "GFA",
    "total_nav": 2500000,
    "status": "active",
    "holdings": {
      "count": 42
    }
  }
}

query_resource_details

Type: Tool (Async) Parameters: type (string), id (string) Returns: Dict with success, type, data, message Retrieve detailed configuration and metadata for dashboards, workflows, and integration pipelines. Parameters:
  • type (string, required): Resource type - must be one of: “dashboard”, “workflow”, or “pipeline”
  • id (string, required): ID of the resource to retrieve
Returns:
  • success (boolean): Query status
  • type (string): Resource type queried
  • data (object, optional): Resource details object (structure varies by type)
  • message (string): Human-readable status message
  • error (string, optional): Error details if query failed
Resource Types: dashboard: Analytics dashboards with widget configurations, filters, data sources, layout definition
  • Fields: id, name, description, category, status, visibility, layout, widgets, filters, data_sources, tags, created_at, updated_at
workflow: Temporal workflows with execution history and scheduling
  • Fields: id, name, description, definition, status, schedule, version, created_by, updated_by, created_at, updated_at, last_run_at
pipeline: ETL/integration pipelines with source and destination configuration
  • Fields: id, name, description, status, source_config, destination_table, destination_schema, schedule_type, schedule_config, tags, created_by, created_at, updated_at
Examples: Get dashboard configuration: 
query_resource_details(
  type="dashboard",
  id="daily-nav-dashboard"
)
Returns: 
{
  "success": true,
  "type": "dashboard",
  "message": "Found dashboard: Daily NAV Report",
  "data": {
    "id": "daily-nav-dashboard",
    "name": "Daily NAV Report",
    "description": "Real-time portfolio NAV tracking",
    "category": "portfolio",
    "status": "active",
    "visibility": "public",
    "widgets": [
      {
        "id": "nav-chart",
        "type": "line_chart",
        "title": "NAV Trend"
      }
    ],
    "filters": ["date_range", "portfolio_id"],
    "created_at": "2025-06-01T10:00:00Z"
  }
}
Get workflow definition: 
query_resource_details(
  type="workflow",
  id="pricing-update-workflow"
)
Get pipeline configuration: 
query_resource_details(
  type="pipeline",
  id="bloomberg-daily-sync"
)
Returns: 
{
  "success": true,
  "type": "pipeline",
  "message": "Found pipeline: bloomberg-daily-sync",
  "data": {
    "id": "bloomberg-daily-sync",
    "name": "Bloomberg Daily Sync",
    "description": "Synchronize pricing data from Bloomberg",
    "status": "active",
    "source_config": {
      "type": "bloomberg",
      "symbols": ["BLX", "DLVRY"]
    },
    "destination_table": "pricing_data",
    "destination_schema": "investment",
    "schedule_type": "daily",
    "schedule_config": "0 3 * * *"
  }
}

Security Considerations

Read-Only Access

  • Only SELECT queries are allowed
  • INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, and EXEC statements are blocked
  • Multiple statements in a single query are rejected

Query Validation (Beta)

The query validator performs pattern matching against dangerous keywords and SQL injection vectors:
  • SQL comments (— and /**/) are stripped
  • Semicolon-separated statements are blocked
  • Keywords are checked in uppercase and mixed-case variants

Row-Level Security

All queries respect database-level row-level security policies. Users can only access data within their workspace and portfolio permissions. Authentication is handled via JWT tokens passed through agent config.

Resource Limits

  • Default limit: 100 rows
  • Maximum limit: 1000 rows per query
  • Schema auto-detection works best with workspace context properly configured

Common Patterns

Discovery workflow: Use inspect_schema first, then query_database with discovered table names Status checks: Use get_validation_summary and get_portfolio_summary for quick metrics Resource details: Use query_resource_details when you need configuration details beyond system prompt Custom analysis: Use query_database with aggregation queries for complex analysis

See Also