The companion repo to Brad Fair's TC26 talk. If you scanned the QR code from the closing slide, this is what you came for: the four docs I pointed at, plus a few related resources worth a click.
vds-cheat-sheet.md— the markdown the agent loads alongside the prompt: every API operation, filter pattern, and gotcha it needs to write competent VDS calls. Start here if you're building.architecture.md— the bird's-eye view: what queries Tableau, where results live, and why your existing data models, RLS, calcs, and metadata survive intact.proxy-pattern.md— the security model: how the proxy authenticates as the user without giving the agent a token, and why the three plausible attacks all fail.sandbox-model.md— the per-chat execution environment where data and code live across turns. Why per-chat, why per-user, what the sandbox doesn't do.
Someone has asked you to put an AI agent on your data. The obvious move — point the agent at your warehouse and let it write SQL — misses out on the data models, calculated fields, and row-level security you already have in Tableau. You don't want to do that.
This repo documents an alternative: an architecture for letting an AI agent query Tableau the same way your dashboards do, under your user's identity, without giving the agent a token or letting it negotiate who it's acting for.
It's two pieces. Boring infrastructure — a proxy that injects authentication (using a Tableau Connected App) and a per-chat execution sandbox. The authentication and authorization primitives are the ones Tableau already enforces; what's new is a proxy that mints tokens on behalf of a session-bound user, so the agent never holds one. To VDS, the agent is just another client. Plus one reference document the agent reads alongside the prompt: the cheat sheet.
A turnkey product. There's no installer, no deployable agent skeleton, no working code you can git clone and run. The cheat sheet is portable; the proxy and sandbox are patterns you implement against your own agent stack and infrastructure.
- Ana by TextQL — the agent product used in the TC26 demo. If you want to try this architecture against your own Tableau environment without building the agent and sandbox yourself, this is the easiest starting point.
Note: TextQL does not yet have the proxy pattern baked in -- my implementation was custom for the demo.
- VizQL Data Service Introduction — overview and getting started.
- Query a Data Source — the detailed query reference.
- Get Data Source Information — metadata methods.
- VDS Configuration — VDS configuration and setup requirements.
- Tableau Server VizQL Data Service — how the VDS process runs on Tableau Server (for the admin enabling it).
- Tableau Connected Apps with Direct Trust — how to configure the Connected App that the proxy uses to mint user-scoped JWTs.
- tableau/connected-apps-jwt-samples — Tableau's official JWT signing examples in Python, Java, and Node.
- REST API Authentication Concepts — Tableau's broader authentication model, useful context for understanding what the proxy is replacing.
Brad Fair
High Performance Technologies
Questions, issues, and feedback welcome — open an issue or reach out.
Licensed under the MIT License.