{"id":"eosphoros-ai-db-gpt","name":"DB-GPT","homepage":"http://docs.dbgpt.cn","repo_url":"https://github.com/eosphoros-ai/DB-GPT","category":"ai-ml","subcategories":[],"tags":["ai-ml","agents","text2sql","rag","data-assistant","python","fastapi","sandbox","open-source"],"what_it_does":"DB-GPT is an open-source agentic AI data assistant that connects to data sources (databases, CSV/Excel, documents/knowledge bases), uses an LLM to generate SQL and Python/code for analysis, executes workflows (including reusable “skills”) and produces reports/charts, with an emphasis on sandboxed execution for code/tools.","use_cases":["Natural-language-to-SQL querying and profiling for relational databases","Agentic data analysis workflows across multiple data sources","Automated EDA/report generation from CSV/Excel datasets","RAG/knowledge-base augmented analytics and question answering","Building reusable domain “skills” and orchestrated AI data workflows","Generating dashboards/HTML reports and narrative insights"],"not_for":["Highly regulated/production environments requiring formally verified sandbox isolation","Situations where you cannot safely grant the system access to datasets and database credentials","Use as a standalone hosted SaaS without self-hosting controls (since deployment/auth details are environment-dependent)"],"best_when":"You want a self-hosted, agentic LLM + data stack that can write/run SQL and code and generate analysis artifacts, and you can manage infrastructure, credentials, and sandboxing appropriately.","avoid_when":"You cannot control or monitor tool/code execution, database write permissions, or secret handling; or you need a strictly API-first product with fully specified machine-readable interfaces (OpenAPI/SDKs) and strong guarantees about error recovery/idempotency.","alternatives":["OpenAI/Anthropic function-calling + your own SQL runner and sandbox","LangChain/LlamaIndex (RAG/agents) with custom tool orchestration","Text-to-SQL products/frameworks paired with an execution engine you control","dbt + LLM assistance (for analysis/reporting without agentic execution)"],"af_score":38.8,"security_score":46.0,"reliability_score":27.5,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T13:16:20.007882+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Interactive setup wizard for selecting LLM provider and entering API key","Environment variables for LLM provider API keys (e.g., OPENAI_API_KEY, MOONSHOT_API_KEY, MINIMAX_API_KEY)"],"oauth":false,"scopes":false,"notes":"Authentication is primarily about providing upstream LLM provider API keys and (for database connections) credentials configured in your environment. The README excerpt does not describe server-side auth (API keys/user auth) for the DB-GPT web server endpoints."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"As an open-source project, pricing is not described in the provided content; costs mainly come from infrastructure and LLM usage of selected providers."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":38.8,"security_score":46.0,"reliability_score":27.5,"mcp_server_quality":0.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":85.0,"rate_limit_clarity":0.0,"tls_enforcement":70.0,"auth_strength":40.0,"scope_granularity":30.0,"dependency_hygiene":40.0,"secret_handling":50.0,"security_notes":"The README emphasizes sandboxed code execution and “safe execution” language, which is positive. However, the provided excerpt does not document transport security requirements for the server, secret handling practices (e.g., logging redaction), permission scoping for tool actions, or database access restrictions. Therefore scores reflect limited observable evidence rather than confirmed controls.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":30.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Agentic SQL/code generation can have side effects if database permissions allow writes; ensure read-only DB accounts and restrict tool capabilities.","Sandboxed execution is mentioned, but exact isolation guarantees and limits are not specified in the provided excerpt; validate resource/time/network/file controls.","LLM provider selection implies variable reliability and rate limiting behavior depending on upstream APIs; plan retries/backoff outside the system if not documented."]}}