FutrixData
FutrixData AI Data Gateway
Back to home
Documentation

FutrixData Enterprise Edition

A self-hosted gateway between AI agents and your data — Docker-deployed, agent identity admission, runtime risk control, masking, audit, and instant revocation, all inside your network.

Last updated: April 28, 2026
Articles
FutrixData Technical OverviewDatabase Risk Control EngineData Sensitivity ClassificationFutrixData Enterprise Edition
On this page
  1. Who It's For
  2. Capabilities at a Glance
  3. Built for Enterprise Deployment
  4. Docker Image: Standardized Delivery, Operations-Friendly
  5. One-Command Internal Deployment
  6. Agent Admission: Every Agent Has Its Own Identity
  7. Audit: Every Access Is Recorded
  8. Instant Revocation: Disable an Agent Without Losing History
  9. Working Together with Risk Control and Data Protection
  10. Enterprise Value
  11. Start a Pilot

AI agents are already inside enterprise data workflows. They help engineers triage incidents, draft queries for analysts, and assemble reports for business teams. They can also misjudge a request — read sensitive fields, run runaway queries, or execute irreversible operations — in environments where a human review never happened.

FutrixData Enterprise Edition is built for this risk surface. Instead of letting every agent hold its own database credentials, it places a single, governed entry point between agents and your data sources. Sources are managed centrally. Agents access them through a controlled channel. Every execution is risk-checked before it runs, every result is policy-protected before it returns, and every call is recorded for audit.

For teams adopting AI agents inside private networks, sovereign clouds, or regulated environments, FutrixData Enterprise Edition delivers a self-hostable, centrally managed, instantly revocable data gateway — infrastructure you can place inside your own production perimeter.

Who It's For#

FutrixData Enterprise Edition is designed for:

  • Platform and infrastructure teams that want a single, secure, observable agent-to-data layer instead of letting each developer wire up their own database connections.
  • Security and compliance teams that need admission control, least-privilege access, sensitive-data protection, and full audit trails for AI agents touching production data.
  • Data teams that want AI assistants to operate on real data across analytics, engineering, and operations — without re-evaluating risk for every new integration.
  • Regulated industries (financial services, healthcare, public sector, energy, manufacturing) where database credentials must stay inside the network and AI calls must remain traceable.

The Enterprise Edition addresses concrete pain points:

  • AI agents connecting directly to databases with no unified gate or audit path.
  • Database credentials scattered across developer machines, hard to revoke when people leave or devices change.
  • Native database IAM that is too coarse to govern agent behavior.
  • A security team that cannot answer "which agent, when, read what, and why was it allowed."

Capabilities at a Glance#

CapabilityEnterprise value
Self-hosted (Docker / Compose / Kubernetes)Database credentials never leave your network; integrates with existing ops tooling
Per-agent identity and access keysEach agent is uniquely identifiable, separately granted, separately revocable
Database risk control engineReads, writes, and destructive operations are classified, gated, or blocked before execution
Sensitivity classification and result maskingEmails, phone numbers, secrets, and tokens are masked at the egress so they never enter agent context
End-to-end audit logEvery tool call records the agent, source, target, statement, outcome, and any matched rule
Instant revocationCuts off an agent's future access immediately while preserving its full history
Persistent storage (volumes / external PostgreSQL)Container replacements keep configuration intact; integrates with backup and DR practices
Private model gateway supportAI inference can run through internal model services so the full path stays inside your network

Built for Enterprise Deployment#

FutrixData Enterprise Edition runs as a long-lived server. You deploy it inside your own network, manage it through a browser console, and let agents access governed data tools over MCP, HTTP, or CLI.

It carries forward the core capabilities of the FutrixData desktop product — multi-source connectivity, risk control, sensitivity classification, result masking, agent identity management, and audit — and packages them in a form your operations team can run:

  • A multi-stage Dockerfile produces a slim, standardized container image that fits your existing registry and release pipeline.
  • A bundled Docker Compose configuration exposes ports, data directories, and AI settings as environment variables.
  • Persistent data volumes keep data sources, AI configuration, risk rules, sensitivity policies, and history intact across container replacements.
  • An optional external PostgreSQL backend stores runtime state for centralized backup, monitoring, and high availability.
  • Containers run as a non-root user by default to reduce the runtime attack surface.

The result: you do not need to install and maintain a full environment on every developer machine, and you do not need to scatter database credentials across agent configuration files. FutrixData Enterprise Edition becomes the unified data-access entry point inside your own perimeter.

Docker Image: Standardized Delivery, Operations-Friendly#

The Enterprise Edition is delivered as a container image. The bundled Dockerfile uses a multi-stage build:

  1. Build the management UI.
  2. Compile the backend service.
  3. Produce a slim runtime image.

The container runs the FutrixData Enterprise Server, exposing an HTTP service and a browser-based admin console. The image plugs into your existing registry, release flow, vulnerability scanning, and container platform.

For your ops team this means:

  • Consistent deployments across development, staging, and production.
  • Upgrades by image replacement, with state preserved in volumes or an external database.
  • Configuration via environment variables: ports, data directories, AI service endpoint, model name, runtime database.
  • Runs on Kubernetes, Docker Compose, internal servers, or your enterprise container platform.

If you require AI inference to stay on-premises, point the AI service endpoint at an internal model gateway or private model deployment so the entire agent-to-data path remains under your control.

One-Command Internal Deployment#

A bundled Docker Compose file lets your team start the service with a single command on any internal host with Docker installed:

docker compose up -d --build

After startup, FutrixData exposes the configured HTTP port and persists state to a data volume. Administrators sign in to the console to register data sources, configure AI models, define risk rules, and onboard agents.

This deployment fits the typical enterprise rollout cadence:

  • PoC / security review. Security stands the gateway up in an isolated environment to validate agent risk control end-to-end.
  • Platform rollout. Platform teams centralize the gateway on shared infrastructure instead of having every developer self-configure.
  • Compliance posture. Database credentials remain inside the network; only governed tools are exposed to agents.
  • Scale-out. Start with single-host Compose, then move to external PostgreSQL, Kubernetes, or your container platform as adoption grows.

A simple installer is not a simplified security model. The Enterprise Edition keeps the deployment surface small while running admission control, audit, and revocation continuously at runtime.

Agent Admission: Every Agent Has Its Own Identity#

Admission rests on a single principle: no valid identity, no tool calls.

When your team installs the FutrixData connector for Claude Code, Cursor, Codex, OpenCode, or any other MCP client, the system mints a dedicated access key for that agent. In-house agents can register their own identities. Each identity carries the agent's name, type, source, install location, creation time, and status.

This lets you cleanly separate sources of access:

  • Claude Code and Cursor are distinct identities and can be audited independently.
  • Two installations of the same agent on different machines have distinct identities.
  • Internal agents, scripts, and platforms each get their own access key.
  • Disabling one agent does not affect any of the others.

Every MCP, Skill, or CLI invocation must carry the agent's access key. FutrixData verifies the key — that it exists, is valid, and has not been revoked — before executing the tool. Unknown or revoked keys are rejected.

Agent access shifts from "anyone with the connection string" to "only registered, authorized, non-revoked agents can pass through the gateway."

Audit: Every Access Is Recorded#

Once you allow agents to touch data, the question is no longer "can they access" but "what did they access, when, and why was it allowed or blocked."

FutrixData records every agent call. Each entry captures:

  • Agent identity and access key.
  • Call origin: MCP, Skill, or CLI.
  • The tool that was invoked.
  • Target data source, data source type, and target object.
  • The statement or a summary of the operation.
  • Outcome: success, failure, or pending confirmation.
  • Any risk rule that fired, the action taken, and the reason.

When something needs to be reviewed afterward, the answers are direct:

  • Which agent queried the production database?
  • Through which channel did it connect?
  • Was it a read, a write, a delete, or an admin operation?
  • Did the call trip a risk rule?
  • If it was blocked, why?

For agents operating inside real business systems, this audit trail is the foundation of compliance and incident response. You no longer rely solely on database-native logs — the access path is reconstructed from agent, tool call, and risk decision together.

Instant Revocation: Disable an Agent Without Losing History#

Administrators can revoke an agent's access at any time. After revocation the identity and its audit history are preserved, but every subsequent tool call from that agent is rejected.

This covers the common enterprise situations:

  • An agent configuration is no longer used.
  • A device is lost or an employee leaves and their local agent must be cut off immediately.
  • An internal agent starts behaving anomalously and needs to be disconnected.
  • The team is migrating to a new connector and wants to retire the old one.

Revocation does not erase history. You can still see which data sources the agent used, which operations it executed, and which rules it tripped.

FutrixData also re-checks access keys continuously at runtime. A check happens before the call starts; for long-running operations a second check happens before the result returns. If access is revoked mid-execution, the call is recorded as revoked rather than as a normal success.

Revocation is therefore not a UI status change — it is a security action that takes immediate effect on the agent's future access path.

Working Together with Risk Control and Data Protection#

Admission, audit, and revocation do not stand alone. They compose with risk control and sensitivity protection into a single access path.

  • Before execution. FutrixData interprets the operation in the context of the data source type. Routine reads pass through. High-risk operations require human confirmation. Destructive operations are blocked outright. Trust modes can be configured per data source so production, staging, and disposable sandbox environments behave differently.
  • Before the result returns. Sensitivity classification governs what the agent actually sees. Lower-sensitivity fields pass through; higher-sensitivity fields are masked at the egress. Masking preserves equality so agents can still deduplicate, group, and trend — without ever seeing the underlying email, phone, token, or secret.

The full access flow looks like this:

  1. The agent must clear identity admission.
  2. The tool call must clear risk evaluation.
  3. The result is processed by sensitivity policy before it returns.
  4. The call is recorded in the audit log.
  5. Access can be revoked at any moment, with history preserved.

Enterprise Value#

FutrixData Enterprise Edition is built for organizations already using AI agents for data work, debugging, analytics, and engineering. It lets you adopt agents in real data environments without trading speed for safety.

It delivers three concrete benefits:

Easier to deploy. Docker images and Docker Compose let teams stand up the service quickly inside the network and gradually integrate with existing container and operations practices.

Easier to manage. Data sources, AI configuration, risk rules, sensitivity classification, and agent identities all live in one service — not scattered across agents and developer machines.

Easier to trace and revoke. Each agent has its own identity, every access is logged, access can be revoked instantly, and history is preserved after revocation.

Agents are going to participate in more enterprise data work, not less. The goal of FutrixData Enterprise Edition is to make that participation happen inside an environment that is deployable, manageable, auditable, and revocable — on your terms.

Start a Pilot#

We recommend scoping a focused pilot: pick one or two data sources, one agent team, stand up the gateway inside your network, and run the full path — admission → risk control → masking → audit → revocation. Most teams complete a first round of validation in two weeks.

For deployment checklists, security review materials, or a guided product demo, reach us at futrixdata.com.