dbt-llm-agent
Self-hosted web app/agent for answering data questions about a dbt project using a knowledge base built from dbt models and documentation. It includes a Next.js dashboard, a Django/DRF backend, background workers, and an optional self-hosted MCP server with OAuth2 authentication for LLM clients to query dbt model/project information.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README documents OAuth2 with PKCE and organization-scoped access for MCP, plus JWT token expiry behavior. However, it provides a potentially unsafe CORS example (ALLOWED_ORIGINS='*') and does not provide details on TLS enforcement, secrets logging practices, or dependency/Vuln management. LLM provider API keys are required via environment variables.
⚡ Reliability
Best When
You run Ragstar self-hosted with Docker Compose, have a dbt project connected, and want LLM-driven analysis plus optional MCP tool access from compatible LLM clients.
Avoid When
You cannot or will not handle OAuth2 configuration, database/pgvector setup, and operational overhead of a self-hosted stack (Django/Next.js/Celery/DB).
Use Cases
- • Natural-language Q&A over dbt models and documentation
- • Assisted data analysis workflows for analytics teams using dbt as the source of truth
- • LLM clients querying dbt model metadata via MCP (self-hosted deployments)
- • Semantic search across dbt docs/models to find relevant tables and logic
- • Slack-based /ask integration for querying and exploration
Not For
- • Hosted/SaaS deployments where MCP is not available (per README limitation)
- • Use cases requiring a client-agnostic, fully documented public API contract (OpenAPI/SDKs not shown)
- • Strict environments that disallow OAuth client auto-registration or relaxed CORS settings (ALLOWED_ORIGINS='*' is mentioned as a config example)
Interface
Authentication
README indicates organization-scoped access for MCP via OAuth2 with PKCE and JWT tokens. For MCP, configuration includes an ALLOWED_ORIGINS option (example shows '*' which may be risky if used as-is).
Pricing
No SaaS pricing described; project appears MIT open source and self-hosted. Costs depend on LLM provider API keys, embedding generation, and infrastructure.
Agent Metadata
Known Gotchas
- ⚠ MCP server is described as self-hosted only and may be temporarily disabled while stabilizing streaming support (beta/experimental caveat).
- ⚠ 1:1 client-server relationship: each MCP client needs a dedicated server instance per README limitation.
- ⚠ ALLOWED_ORIGINS example is set to '*'—agents/services in security-restricted environments should override to specific origins.
- ⚠ Need dbt models loaded/connected; otherwise MCP 'No Models Found' scenario is possible.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for dbt-llm-agent.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.