Adam Governed Querying

Adam lets users ask questions and perform work through Eve-managed resources without bypassing endpoint permissions. The goal is to make AI access useful while keeping the same access boundary that governs direct API and gateway traffic.

Querying Model

Adam should answer questions with the user's effective permissions:

text
User question
    |
    v
Adam conversation context
    |
    v
Eve endpoint and RBAC checks
    |
    +-- Query databases
    +-- Call tools
    +-- Route model requests

If the user cannot read an endpoint through Eve, Adam should not use that endpoint to answer the question.

What Adam Can Query

Adam can work with Eve-managed resources such as:

  • database endpoints,
  • HTTP endpoints,
  • model endpoints,
  • endpoint tools,
  • workflows,
  • templates,
  • and saved conversation context.

The exact actions depend on the endpoint type and the user's data-plane permission.

Query Safety Rules

Use these rules when exposing Adam to customers:

  • Start with read-only access unless the workflow needs writes.
  • Treat generated SQL, commands, or tool calls as untrusted until Eve checks permissions.
  • Keep mutation tools separate from read tools.
  • Require approval for destructive or high-impact actions.
  • Log which endpoint, tool, and subject were involved.
  • Redact or avoid storing sensitive results when policy requires it.

Common Workflows

WorkflowAdam behaviorEve responsibility
Ask a data questionGenerate or select a query/tool call.Confirm endpoint access and execute through the configured endpoint.
Compare systemsQuery multiple endpoints and summarize differences.Enforce access to every endpoint independently.
Investigate incidentPull endpoint metrics, errors, traces, and related context.Provide telemetry and audit trails.
Prepare a migrationInspect source and target readiness.Govern endpoints, migration workflow access, and telemetry.

Customer Readiness Checklist

Before enabling Adam querying:

  • endpoints are configured and healthy,
  • users have explicit data-plane grants,
  • denied endpoints are tested,
  • sensitive data handling is configured,
  • tool execution metrics are exported,
  • and operators know where Adam actions appear in logs or audit views.

Related Docs

Last updated: October 20, 2018
    Eden | Govern AI Access