Data Agents
A brief overview of RDST's guard and agent commands for exposing scoped database access to other systems.
rdst agent and rdst guard are a pair of commands for exposing scoped,
read-only access to a database target — typically to a Slack bot, an HTTP client,
or an AI assistant — without handing out raw database credentials.
Most users running rdst ask or rdst analyze from their own terminal will never
touch these commands. They exist for the case where someone else (a teammate
in Slack, a service account) needs bounded access and you want a clean way to
enforce the bounds.
Guards
A guard is a reusable safety policy. Guards combine output masking, query-shape requirements, cost limits, and runtime bounds:
rdst guard create --name pii-safe \
--mask "*.email:email" \
--require-where \
--require-limit \
--no-select-star \
--max-rows 10000
rdst guard list
rdst guard show pii-safe
rdst guard check "SELECT * FROM users" --guard pii-saferdst guard check is a dry-run — it takes SQL and tells you whether the guard
would allow or reject it. Useful in CI to ensure the queries your application
generates will be accepted.
See rdst guard --help for the full flag set (masking types, required filters,
cost thresholds, natural-language --intent, and more).
Agents
An agent binds a database target to a guard:
rdst agent create --name sales-bot \
--target prod-orders \
--guard pii-safe
rdst agent list
rdst agent chat --name sales-bot # interactive terminal session
rdst agent serve --name sales-bot # HTTP API
rdst agent slack --name sales-bot # Slack bot (requires rdst slack setup first)Every agent interaction runs through the guard before SQL is generated and again before execution, so output masking and cost limits apply consistently across all serving modes.
Agent serving modes, Slack app setup, and advanced guard policies are subject to
change. Run rdst agent --help and rdst guard --help for the current flag
surface before building anything on top.
See also
rdst ask— interactive natural-language SQL for the case where you don't need a guarded interface- Slack integration — Slack app setup, separate from attaching an agent to it