How to Build an agent using coral

By Codcompass Team·2026-05-31·9 min read

Unified Data Access for AI Agents: A Local-First SQL Runtime Approach

Current Situation Analysis

Modern AI agents are fundamentally reasoning engines, not data fetchers. Yet, production workflows routinely force them to act as both. When an agent needs to correlate information across GitHub, calendar systems, issue trackers, and monitoring platforms, developers traditionally build a chain of isolated tool calls. Each call requires independent authentication, pagination handling, rate-limit management, and schema normalization. The LLM then receives fragmented JSON blobs and is expected to mentally reconstruct relationships, filter noise, and synthesize an answer.

This architectural pattern creates three compounding inefficiencies:

Context Window Bloat: Raw API responses contain metadata, pagination cursors, and nested objects that consume tokens without contributing to reasoning.
Sequential Latency: Tool orchestration frameworks execute calls one after another. A three-source query becomes three round-trips, multiplying latency and increasing the probability of timeout or drift.
Reasoning Degradation: LLMs struggle with implicit joins. When data arrives in separate turns, the model must maintain state across turns, often hallucinating relationships or missing cross-source correlations.

The industry has largely treated data plumbing as a secondary concern, prioritizing prompt engineering and model selection. However, empirical benchmarks reveal that the data access layer dictates agent performance more than prompt tuning. In a controlled evaluation across 82 real-world engineering tasks, agents using a unified SQL runtime achieved 20% higher accuracy and 2x better cost efficiency compared to direct provider MCPs. For complex multi-hop queries requiring cross-source correlation, accuracy improved by 31% while token costs dropped by 3.4x.

The root cause is architectural mismatch. LLMs excel at structured reasoning over clean, tabular datasets. They degrade when forced to parse verbose, nested API payloads. Shifting data retrieval to a deterministic, local-first translation layer resolves this bottleneck.

WOW Moment: Key Findings

The performance delta between fragmented tool orchestration and a unified query runtime is measurable across four critical dimensions. The following comparison isolates the architectural impact:

Approach	Context Window Usage	Cross-Source Join Capability	Token Cost	Implementation Overhead
Direct API/MCP Tool Calls	High (raw JSON, pagination metadata)	Manual/None (LLM must infer)	High (baseline)	High (per-source auth, retry, schema mapping)
Unified SQL Runtime	Low (trimmed, aggregated rows)	Native/Declarative	Low (3.4x reduction on complex queries)	Low (single schema interface, runtime handles I/O)

Why this matters: The runtime acts as a deterministic filter. It translates declarative SQL into optimized API calls, handles authentication and pagination locally, and returns only the rows the agent needs. This shifts the computational burden from the LLM to the host machine, where it belongs. The agent receives a clean dataset, writes focused prompts, and consumes fewer tokens while producing more accurate outputs. For engineering teams, this means agents can safely query production-adjacent data without exposing credentials to third-party inference providers.

Core Solution

Building an agent that leverages a local-first SQL runtime requires separating data retrieval from reasoning. The architecture follows a three-tier pattern:

Query Bridge: Translates TypeScript/Node.js calls into CLI invocations against the runtime. Handles JSON parsing, timeout management, and error boundaries.
Data Orchestrator: Constructs parameterized queries, executes them against connected sources, and normalizes results into a consistent shape.
Insight Engine: Formats the normalized data into a structured prompt, invokes the LLM, and returns the synthesized response.

Architecture Decisions & Rationale

Local-First Execution: Credentials and API tokens never leave the host machine. The runtime acts as a read-only proxy, making outbound calls on behalf of the agent. This eliminates credential leakage risks and complies with strict da

ta residency policies.

SQL as the Universal Interface: Every connected source exposes a schema namespace (e.g., github, calendar). Tables map to API endpoints. Columns map to flattened response fields. This standardizes cross-source queries into a single declarative language.
Asynchronous CLI Bridge: Instead of blocking the event loop, the bridge uses spawn with promise resolution. This allows concurrent query execution and prevents agent hangs during slow API responses.
Context Trimming by Design: Queries use WHERE, GROUP BY, and LIMIT clauses to minimize payload size. The LLM receives only aggregated or filtered rows, not raw API dumps.

Implementation

The following TypeScript implementation demonstrates a production-ready pattern. It replaces synchronous blocking calls with an async bridge, introduces schema discovery, and isolates LLM interaction.

1. Query Bridge (coral-bridge.ts)

import { spawn } from 'child_process';
import { promisify } from 'util';

const execAsync = promisify(require('child_process').exec);

export class QueryBridge {
  private readonly timeoutMs = 25000;

  async execute<T>(sql: string): Promise<T[]> {
    return new Promise((resolve, reject) => {
      const proc = spawn('coral', ['sql', '--format', 'json', sql.trim()], {
        stdio: ['pipe', 'pipe', 'pipe'],
        env: { ...process.env, FORCE_COLOR: '0' }
      });

      let stdout = '';
      let stderr = '';

      proc.stdout.on('data', (chunk: Buffer) => stdout += chunk.toString());
      proc.stderr.on('data', (chunk: Buffer) => stderr += chunk.toString());

      const timer = setTimeout(() => {
        proc.kill('SIGTERM');
        reject(new Error(`Query timeout after ${this.timeoutMs}ms`));
      }, this.timeoutMs);

      proc.on('close', (code) => {
        clearTimeout(timer);
        if (code !== 0) {
          reject(new Error(`Coral exited with code ${code}: ${stderr}`));
          return;
        }
        try {
          resolve(JSON.parse(stdout) as T[]);
        } catch (e) {
          reject(new Error(`Failed to parse JSON output: ${stdout}`));
        }
      });
    });
  }

  async discoverTables(schema: string): Promise<string[]> {
    const rows = await this.execute<{ table_name: string }>(
      `SELECT table_name FROM coral.tables WHERE schema_name = '${schema}'`
    );
    return rows.map(r => r.table_name);
  }

  async inspectColumns(schema: string, table: string): Promise<string[]> {
    const rows = await this.execute<{ column_name: string }>(
      `SELECT column_name FROM coral.columns WHERE schema_name = '${schema}' AND table_name = '${table}'`
    );
    return rows.map(r => r.column_name);
  }
}

2. Data Orchestrator (data-orchestrator.ts)

import { QueryBridge } from './coral-bridge';

export interface CommitMetric {
  date: string;
  repository: string;
  count: number;
}

export interface PullRequest {
  title: string;
  status: string;
  created_at: string;
}

export class DataOrchestrator {
  constructor(private bridge: QueryBridge) {}

  async fetchEngineeringMetrics(owner: string, windowDays: number) {
    const commits = await this.bridge.execute<CommitMetric>(`
      SELECT 
        CAST(commit__author__date AS DATE) AS date,
        repo AS repository,
        COUNT(*) AS count
      FROM github.commits
      WHERE owner = '${owner}'
        AND commit__author__date >= NOW() - INTERVAL '${windowDays} days'
      GROUP BY 1, 2
      ORDER BY 1 DESC, 3 DESC
      LIMIT 50
    `);

    const prs = await this.bridge.execute<PullRequest>(`
      SELECT title, state, created_at
      FROM github.pulls
      WHERE owner = '${owner}'
        AND created_at >= NOW() - INTERVAL '${windowDays} days'
      ORDER BY created_at DESC
      LIMIT 20
    `);

    return { commits, prs };
  }
}

3. Insight Engine (insight-engine.ts)

import { GoogleGenAI } from '@google/genai';

export class InsightEngine {
  private client: GoogleGenAI;

  constructor(apiKey: string) {
    this.client = new GoogleGenAI({ apiKey });
  }

  async generateReport(query: string, dataset: object): Promise<string> {
    const response = await this.client.models.generateContent({
      model: 'gemini-2.5-flash',
      config: {
        systemInstruction: `You are an engineering analytics assistant. 
          Analyze the provided dataset. Reference specific dates, repositories, and metrics. 
          Do not invent data. If the dataset lacks context, state what is missing.`,
      },
      contents: `
        User Query: "${query}"
        
        Dataset (last 7 days):
        ${JSON.stringify(dataset, null, 2)}
        
        Provide a concise, data-grounded analysis.
      `,
    });

    return response.text ?? 'No response generated.';
  }
}

4. Agent Entry Point (agent-runner.ts)

import dotenv from 'dotenv';
import { QueryBridge } from './coral-bridge';
import { DataOrchestrator } from './data-orchestrator';
import { InsightEngine } from './insight-engine';

dotenv.config();

async function main() {
  const args = process.argv.slice(2);
  if (args.length === 0) {
    console.error('Usage: npx tsx agent-runner.ts "<your question>"');
    process.exit(1);
  }

  const userQuery = args.join(' ');
  const owner = process.env.GITHUB_USERNAME;
  const apiKey = process.env.GEMINI_API_KEY;

  if (!owner || !apiKey) {
    console.error('Missing required environment variables.');
    process.exit(1);
  }

  const bridge = new QueryBridge();
  const orchestrator = new DataOrchestrator(bridge);
  const engine = new InsightEngine(apiKey);

  try {
    console.log('Fetching engineering metrics...');
    const metrics = await orchestrator.fetchEngineeringMetrics(owner, 7);
    
    console.log('Generating analysis...');
    const report = await engine.generateReport(userQuery, metrics);
    console.log('\n--- REPORT ---\n', report);
  } catch (error) {
    console.error('Agent execution failed:', error);
    process.exit(1);
  }
}

main();

Why this structure works: The bridge isolates I/O, the orchestrator enforces query boundaries, and the engine handles reasoning. Each layer has a single responsibility. The async bridge prevents event loop blocking. Schema discovery methods enable dynamic query construction without hardcoding column names. Context is explicitly trimmed before reaching the LLM.

Pitfall Guide

Production agents fail when developers treat the data layer as an afterthought. The following patterns consistently cause degradation in accuracy, latency, or security.

Pitfall	Explanation	Fix
Ignoring JSON Flattening Conventions	APIs return nested objects. The runtime flattens them using `__` as a delimiter (e.g., `commit.author.date` → `commit__author__date`). Hardcoding assumed column names breaks when APIs update.	Always query `coral.columns` before writing production SQL. Use schema discovery to validate field names dynamically.
Blocking the Event Loop	Using synchronous child process execution halts the Node.js event loop. If the runtime takes 10 seconds to paginate a large repository, the entire agent thread freezes.	Replace `execFileSync` with `spawn` + Promise resolution. Implement timeout boundaries and graceful cancellation.
Over-Fetching for Context	Pulling full API responses and injecting them into prompts wastes tokens and introduces noise. LLMs perform worse with verbose, unstructured payloads.	Use `WHERE`, `GROUP BY`, `LIMIT`, and aggregate functions in SQL. Fetch only the rows and columns required for the specific query.
Assuming Server-Side JOINs	Cross-source joins execute locally. The runtime fetches both datasets, then merges them in memory. Large tables can cause OOM errors or severe latency.	Filter aggressively on both sides before joining. Use date ranges, owner constraints, and status filters. Avoid unbounded `JOIN` operations.
Credential Leakage to LLM	Passing API tokens, PATs, or raw response headers into the prompt context exposes secrets to inference providers.	Never include authentication metadata in prompts. The runtime handles auth locally. Strip headers, tokens, and internal IDs before serialization.
Neglecting Rate Limit Awareness	While the runtime handles retries, poorly structured SQL can trigger excessive API calls. A query without pagination awareness may hit provider limits.	Structure queries to minimize call volume. Use `LIMIT` and date windows. Monitor runtime logs for retry spikes and adjust query granularity accordingly.
Prompt Drift from Raw JSON	Injecting unformatted JSON arrays causes the LLM to parse structure instead of reasoning over values. This increases hallucination rates.	Serialize data with `JSON.stringify(data, null, 2)` and wrap it in explicit markdown sections. Provide a system instruction that defines the expected schema.

Production Bundle

Action Checklist

Schema Validation: Query coral.tables and coral.columns before deploying any agent query. Never hardcode column names.
Context Trimming: Apply WHERE clauses and LIMIT to every SQL statement. Target <2KB of JSON payload per LLM call.
Async I/O Bridge: Replace synchronous child process calls with spawn + Promise resolution. Implement timeout and cancellation logic.
Credential Isolation: Verify that no API tokens, PATs, or response headers reach the prompt. Auth stays in the runtime layer.
Join Boundary Enforcement: Filter both sides of cross-source joins. Avoid unbounded merges on high-cardinality tables.
MCP Wiring: Expose the runtime via coral mcp-stdio for IDE agents. Install discovery skills to enable schema exploration.
Error Boundaries: Catch CLI exit codes and parse stderr. Return structured error objects instead of raw stack traces to the agent loop.

Decision Matrix

Scenario	Recommended Approach	Why	Cost Impact
Single-source reporting (e.g., GitHub commits only)	Direct SQL query via runtime	Minimal overhead, deterministic output, no join complexity	Low (baseline token usage)
Multi-source correlation (e.g., commits + calendar events)	Cross-source JOIN with strict date filters	Eliminates manual state management, reduces LLM round-trips	Medium (higher initial fetch, lower reasoning cost)
Real-time dashboard / high-frequency polling	Runtime + materialized view or cache	Prevents repeated API calls, reduces rate limit exposure	Low (cache hits reduce API calls by 80%+)
Secure/air-gapped environment	Local-first runtime with offline schema cache	Credentials never leave host, no external inference dependency	High (requires local compute, but zero data egress)
Rapid prototyping / notebook analysis	CLI + inline SQL + JSON export	Fast iteration, no boilerplate, direct data inspection	Low (development time optimized)

Configuration Template

Use this template to initialize sources, verify connectivity, and prepare the runtime for agent integration. Replace placeholders with your environment values.

#!/usr/bin/env bash
# init-coral-env.sh

set -euo pipefail

echo "🔍 Discovering available sources..."
coral source discover

echo "🔗 Connecting GitHub source..."
# Expects GITHUB_PAT environment variable
coral source add --interactive github <<EOF
${GITHUB_PAT}
EOF

echo "🔗 Connecting Calendar source..."
coral source add --interactive google_calendar <<EOF
${GOOGLE_CLIENT_ID}
${GOOGLE_CLIENT_SECRET}
EOF

echo "📊 Verifying schema availability..."
coral sql "SELECT schema_name, table_name FROM coral.tables ORDER BY schema_name;"

echo "✅ Runtime ready. Use 'coral mcp-stdio' to expose to agents."

Environment variables required:

GITHUB_PAT=ghp_xxxxxxxxxxxxxxxxxxxx
GOOGLE_CLIENT_ID=xxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxx
GEMINI_API_KEY=AIzaSy-xxxxxxxxxxxx
GITHUB_USERNAME=your-username

Quick Start Guide

Install the runtime: Run brew install withcoral/tap/coral (macOS) or curl -fsSL https://withcoral.com/install.sh | sh (Linux). Verify with coral --version.
Connect your first source: Execute coral source add --interactive github and paste a Personal Access Token with repo and read:user scopes.
Validate the schema: Run coral sql "SELECT table_name FROM coral.tables WHERE schema_name = 'github'" to confirm tables like commits and pulls are available.
Test a query: Execute coral sql "SELECT COUNT(*) FROM github.commits WHERE owner = 'your-username' AND commit__author__date >= NOW() - INTERVAL '7 days'" to verify data retrieval.
Wire to your agent: Replace the CLI bridge in the reference implementation with your async handler, inject your GEMINI_API_KEY, and run npx tsx agent-runner.ts "summarize my recent activity".

The runtime handles authentication, pagination, and schema translation. Your agent receives clean rows, writes focused prompts, and operates within predictable token budgets. This architecture scales from local prototyping to production-grade engineering assistants without rewriting data access logic.

🎉 Mid-Year Sale — Unlock Full Article

Base plan from just $4.99/mo or $49/yr

7-day free trial · Cancel anytime · 30-day money-back