For agencies running agent workflows in production
The database your agent can't destroy.
Amend is an agent-first datastore. Your agents read and write through MCP and n8n — and every change is policy-checked, approvable, attributable, and reversible. Governance lives at the data layer: defined once, enforced in every workflow.
The problem
Agents are writing business data at scale. Every place they write is wrong-shaped.
Built for human authorsGoogle Sheets & Airtable
Agents fight the grid, overwrite formulas, and fail silently. And Airtable charges per seat — agents don't have seats.
Captive and cappedPlatform tables (n8n, Zapier)
50MB limits, record caps, no real programmatic access, and documented data-loss bugs. Your client's data is stuck inside someone else's workflow tool.
Developer-shapedSupabase & Postgres
SQL, migrations, row-level security. Great for product engineers — but operators never wanted a database, and agents get raw, ungoverned write access.
The common failureNone of them govern agent writes
No approval on risky changes. No per-agent attribution. No one-click undo. The gate every successful agent team builds by hand — rebuilt inside every workflow.
of organizations reported confirmed or suspected AI-agent incidents in the past year — including agents gaining unauthorized write access to databases.
is how long it took one agent to delete a company's entire production database — while “fixing” a routine issue. The fear is documented, not theoretical.
Governance belongs at the data layer — defined once, enforced everywhere. Not an approval node copy-pasted into every workflow.
How it works
Five steps. No SQL, ever.
Create a table in plain language
“Track customer refunds: customer, amount, reason, status.” Amend turns it into a real schema with types and constraints — or import an existing Sheet or CSV in one governed, undoable batch.
Agents connect natively
MCP server for Claude and custom agents, a community node for n8n, plus a plain REST API. Each agent and workflow gets its own key — so every write is attributed to exactly who made it.
Policies guard every write
Plain-English rules compiled to enforced constraints: refunds over $100 wait for my approval · the email column is read-only for agents · quantity can never go negative.
Humans review, not author
Flagged writes land in an approval queue — web, Slack, and a daily digest — as a readable before/after diff. Everything else applies instantly, with full provenance.
Everything is amendable
One-click revert of any change, any batch, or an entire agent session. Time-travel view of any table at any moment. The change log is the database.
Humans still get a familiar grid. Human edits flow through the same change pipeline as agent writes — a human is just another attributed actor. No side doors.
Why switch
Plain-language setup and MCP access are table stakes now. This is what isn't.
Time-travel undo
Every agent write is reversible — one change, one batch, or a whole agent session. View any table exactly as it was at any timestamp, and revert to it.
Plain-English policies, real constraints
Write the rule in English; Amend compiles it to a deterministic constraint and restates exactly what will be enforced. You confirm the restatement, not the prompt.
Approval queue + digest
Risky writes wait for a human — in a queue built for non-technical reviewers, with before/after diffs, Slack cards, and a daily digest. Rejections teach the agent why.
Per-write provenance
Who wrote what, when, under which policy, approved by whom. Export it as a client-ready audit report — the artifact that renews your retainer.
Usage pricing, no seats
Metered on governed writes — the thing that actually carries risk. Agents, workflows, clients, reviewers: invite as many as you want. Seats are a human-era tax.
Export anytime
Full JSONL and CSV export that works even when you're over plan limits — by design, with a test that proves it. Your client's data is never hostage.
Pricing
Metered on governed writes. Never on seats.
A governed write is one policy-checked change — the unit of risk Amend absorbs for you. Reads and exports are never blocked, even over the limit.
1,000 governed writes / month
- 1 workspace
- MCP server + n8n node + REST
- Policies, approval queue, undo
- Full export, always
10,000 governed writes / month
- Everything in Free
- Unlimited tables
- Slack approvals
- Daily digest
100,000 governed writes / month
- Everything in Pro
- Client workspaces
- White-label audit reports
- Priority support
Overage ~$0.005 per governed write · reads & exports never metered, never gated
FAQ
Questions agencies ask us.
What counts as a governed write?+
One policy-checked change to one row: an insert, update, or delete — whether it applies instantly, waits for approval, or gets blocked. Reads, queries, time-travel views, and exports are free and never gated.
How does undo actually work?+
Every change stores a full before/after image, so any change, batch, or entire agent session can be reverted as an inverse change through the same pipeline. If a row has moved since, Amend refuses to clobber it and shows you the conflict instead.
What if the policy compiler misunderstands my rule?+
You never confirm the English sentence — you confirm a restatement rendered deterministically from the compiled rule itself. If the rule is ambiguous, compilation fails closed and asks for clarification. You can also replay any draft policy against your table's real history to see exactly what it would have held or blocked.
Do human edits bypass the policies?+
No. The grid view submits through the same change pipeline as agent writes. A human is just another attributed actor — there are no side doors into the data.
Which agents and tools can connect?+
Anything that speaks MCP (Claude, Cowork, custom agents), n8n via the community node, and any runtime via the REST API. Each agent or workflow gets its own key, so attribution is automatic.
Why not just add an approval node inside each workflow?+
Because you'd rebuild it in every workflow, and it only covers the paths you remembered to gate. At the data layer the rule is defined once and enforced on every write from every agent, workflow, and human — including the ones you haven't built yet.
Can I get my data out?+
Always. Full JSONL and CSV export works even if you're over your plan limit — by design, with a test asserting it. Per-table audit reports export as CSV too.
Get started
Put your agents on a database that can say no — and undo.
We're onboarding automation agencies with production agent workflows first. Tell us your use case and we'll get you a workspace.