
Mantora
β 5from josephwibowo
Mantora is a local-first MCP observer: a lightweight UI + proxy for inspecting LLM data access (sessions, tool calls, results) with protective defaults.
β labsco summary β our analysis, not the vendor's
What it is β Mantora is a local-first MCP observer: a lightweight UI plus proxy that sits between your agent and its database, logging LLM data access with protective defaults.
What you get β
- Session logs β capture the exact SQL and tool calls an agent makes for verification and reproduction
- Protective mode β basic guardrails that block or warn on destructive SQL patterns by default
- Shareable Markdown reports β one-click "Copy for GitHub" produces a collapsible
<details>block with SQL, timing, and safety checks for PRs or Slack - A Control Room UI (localhost:3030) to create, activate, and switch DB targets without restarting the agent
Requirements β env is empty. Install with pipx install "mantora[duckdb,postgres]"; targets like DuckDB/Postgres are configured in the UI or a mantora.toml.
Cost snapshot β Open source under MIT; free. Local-first, no paid service.
Setup effort β pipx install mantora, add the mantora mcp proxy to your client, then mantora up for the dashboard.
Our take β A useful accountability layer for DB-touching agents, but it's focused on SQL targets (DuckDB/Postgres), and the author calls the guardrails "basic" β it's a review/log tool, not a full policy engine.
Source: the project README β summarized 2026-07-08.
β readme from github β mirrored (latest on GitHub β)
Mantora π‘οΈ
The open-source run log for MCP agents. Get a shareable report to verify and reproduce what the agent did β plus a protective mode for common dangerous SQL.

Mantora focuses on making agent behavior reviewable and repeatable. It records the key evidence from each session and turns it into a Markdown report. Protective mode adds basic guardrails (block/warn rules) so you donβt learn about a bad query the hard way.
What you get
π Session Logs
Capture the exact SQL and tool calls an agent makes for easy verification.

π‘οΈ Protective Mode
Basic guardrails that block or warn on destructive SQL patterns by default.

π§Ύ Shareable Reports
One-click to generate a Markdown summary for Pull Requests or Slack.

Daily Workflow
π Copy a PR Report
Don't paste messy screenshots. In the Session Summary, click "Copy for GitHub".
- Result: A collapsible
<details>block containing the SQL, execution time, and safety checks. Perfect for Pull Requests.
π Review Blocked Mutations
If an agent tries to DROP TABLE users, Mantora intercepts it.
- The Agent sees: "Error: Action blocked by safety policy."
- You see: A red entry in the Mantora UI with the exact SQL that was blocked.
π€ Export Evidence
Need to archive a session?
- Export JSON: Get the raw trace data.
- Download Markdown: Get a readable log of the entire conversation.
Safety Defaults
Mantora is designed to be read-only safe out of the box.
| Action | Default Policy |
|---|---|
SELECT | β Allowed |
INSERT, UPDATE | β οΈ Requires Approval (Configurable) |
DELETE (with WHERE) | β οΈ Requires Approval |
DROP, TRUNCATE | π Blocked |
DELETE (no WHERE) | π Blocked |
Want to change this? See Configuration.
Supported Data Stores
- DuckDB (Local files, MotherDuck)
- Postgres (Direct connection, Supabase, Neon)
- BigQuery, Snowflake, Databricks (Coming Soon)
All data is stored locally. See Privacy for details.
Documentation
- Configuration Guide - Flags, ports, and policy overrides.
- Architecture - How the proxy internals work.
- Contributing - Build setup and testing.
{
"mcpServers": {
"mantora": {
"command": "mantora",
"args": ["mcp"]
}
}
}Quick Start
1. Install
pipx install "mantora[duckdb,postgres]"2. Connect Your Agent
Configure your MCP client (e.g., claude_desktop_config.json or Cursor Settings) to run the Mantora proxy. No target configuration is needed here!
{
"mcpServers": {
"mantora": {
"command": "mantora",
"args": ["mcp"]
}
}
}3. Run the Control Room (UI)
Start the dashboard to manage your connections and view logs in real-time:
mantora up4. Configure Targets
Open the Control Room (http://localhost:3030) and use the target switcher in the top navigation bar to:
- Create new targets for your databases (DuckDB, Postgres, etc.).
- Activate the target you want your agent to use.
- Switch targets instantly without restarting your agent.
Note: For advanced configuration (safety policy, storage paths), you can use a
mantora.tomlfile. See Configuration for details.
How it works
sequenceDiagram
participant Agent as Claude/Cursor
participant Mantora as Mantora π‘οΈ
participant DB as Postgres/DuckDB
Agent->>Mantora: "SELECT * FROM users"
Note over Mantora: 1. Check Safety Policy
Mantora->>DB: Execute Query
DB-->>Mantora: Return Rows
Note over Mantora: 2. Log Report (Async)
Mantora-->>Agent: Relay ResultNo common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under MITβ you can use, modify, and redistribute it under that license's terms.
License
MIT Β© Joseph Wibowo