Skip to content
Alation Agent Studio Documentation

Architecture Overview

This page shows how Agent Studio is put together: where requests enter, what the runtime is responsible for, and which systems it talks to. It is written for architects and platform teams evaluating Agent Studio for an enterprise deployment.

For the identity and permission checks applied along these paths, see the Security section.

System architecture

Section titled “System architecture”

Agent Studio sits between the channels your users already work in and the systems that hold your data. Every channel converges on the same runtime, so agents behave the same way regardless of where they are invoked from.

Agent Studio system architecture

Three properties of this layout matter for an enterprise review:

  1. One runtime, many channels. Slack, MCP clients, the web UI, plugins, and the REST API all call the same agents and tools, so access rules are defined once and enforced everywhere.
  2. The Knowledge Layer is the grounding source. Agents retrieve catalog context and data product definitions through tools, which means responses inherit the governance already applied in Alation.
  3. Warehouse access is mediated. Agents never hold raw database credentials. Queries run through stored connection credentials that Alation resolves per user and per data product.

The layers, bottom to top

Section titled “The layers, bottom to top”
LayerWhat it providesWhere it is documented
Alation Knowledge LayerTrusted catalog metadata and data products that ground every agentKey concepts
LLMsReasoning over user intent; OpenAI, Anthropic, or your own modelModels
ToolsActions an agent can take: search the catalog, run SQL, generate chartsTools
AgentsLLM + prompt + tools, composed to complete a taskAgents
Flows and schedulesMulti-step orchestration and recurring runsFlows
ChannelsSlack, plugins, MCP, REST API, SDKIntegrations

Deployment models

Section titled “Deployment models”

Agent Studio runs in two deployment models.

Alation Cloud (default)

Section titled “Alation Cloud (default)”

The Agent Studio runtime runs in Alation’s cloud alongside your Alation instance. Requests from your users reach Alation over TLS, and warehouse queries are executed through the same connections your catalog already uses.

Zero Data

Section titled “Zero Data”

In a Zero Data deployment, customer data never passes through Alation’s cloud. The runtime runs on a k3s-based agent inside your environment, next to your databases and your LLM endpoint, and reaches back to Alation’s cloud only for catalog metadata and session context over an mTLS tunnel.

Deployment models compared

Choose Zero Data when your security policy requires that query results and LLM traffic stay inside your network boundary.

Zero Data overview The Zero Data topology in detail, including the in-environment components.
Zero Data infrastructure requirements The PostgreSQL, Redis, and LLM endpoints you provision before installing.

Where identity is enforced

Section titled “Where identity is enforced”

Every hop in the diagrams above re-checks the caller’s identity. The Security section traces a single request end to end and documents the one place where identity is translated (the warehouse hop).