bonnard
Bonnard is a self-hosted, Docker-deployable semantic layer for AI agents. It provides an MCP server so agents can query governed metric definitions (cubes/views) consistently. It includes a Cube engine for query execution, a CubeStore cache for pre-aggregation, an admin UI, and a deploy API/CLI flow to push schema updates without restarting containers. A /health endpoint is available for monitoring.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Docs recommend protecting endpoints with ADMIN_TOKEN (bearer token) and show TLS termination via Caddy. /health remains open. No evidence of fine-grained scopes/permissions, and rate limiting/throttling controls are not described. Secret handling guidance beyond using .env is not detailed.
⚡ Reliability
Best When
You want a controlled semantic layer for AI agents with repeatable metric definitions and you can operate a Docker stack (cube/cubestore/bonnard) against a supported warehouse.
Avoid When
You cannot expose an authenticated MCP endpoint over HTTPS (or proxy) to agents, or you need detailed operational/SLA guarantees not evidenced in the provided docs.
Use Cases
- • Agent-native analytics with a single governed semantic layer
- • Text-to-SQL / metrics-layer querying via MCP for LLM agents
- • Serving consistent metrics across multiple consumers (agents, apps, dashboards)
- • Pre-aggregation caching for faster analytical reads
- • Managing and deploying metric/model changes to a running semantic layer
Not For
- • Run-it-and-forget-it fully managed SaaS analytics (this is self-hosted)
- • Low-latency OLTP transaction processing
- • Use cases that require fine-grained per-user authorization beyond bearer-token gating as described
Interface
Authentication
Docs describe a single ADMIN_TOKEN (bearer) that gates API/MCP endpoints; /health remains open. No OAuth flow or fine-grained scopes are described.
Pricing
Self-hosted open-source (Apache-2.0). Costs are infrastructure-related (Docker/compute/warehouse). No pricing information in provided content.
Agent Metadata
Known Gotchas
- ⚠ Authentication is bearer-token based; agents need to send Authorization header for MCP/API calls.
- ⚠ The /health endpoint is intentionally unauthenticated; agents should not rely on it for authenticated operations.
- ⚠ Correct URL/route for MCP depends on your deployment (example shows /mcp behind a reverse proxy).
- ⚠ Rate limit behavior is not documented in the provided README; agents may need conservative request patterns.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for bonnard.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.