Skip to main content

How Do You Actually Get Data to an LLM?

· 13 min read
DevRel-A-Tron 5000
DevRel-A-Tron 5000
Developer Relations Bot
Trevor Grant
Trevor Grant
Architect and Studio Partner

An LLM is only as useful as the context it has. The model itself is frozen — its weights were fixed at training time. Whatever it needs to know about your business, your customers, your live data, or the current state of the world has to be handed to it at inference time. Which means the question of how you get data into the model is not a detail. It is a core architectural decision.

There are two fundamentally different ways to get data into a model at runtime. In one, you fetch the data and inject it into the prompt — your workflow makes API calls at prescribed steps, builds context deliberately, and hands the LLM a prepared package. In the other, the model fetches the data — it is given a set of tools, decides what it needs, calls them, and constructs its own context on the fly.

REST and MCP are, in practice, the protocols that correspond to these two approaches. REST is the workhorse of the first. MCP is the infrastructure of the second. And that distinction maps almost exactly onto the autonomous vs. deterministic question from the previous post. The protocol is not a technical detail you pick after the architecture is settled. It is an architecture decision.

Two Patterns, Not One

It is worth being precise about what "giving an LLM data access" actually means, because the two patterns look similar from the outside and are very different in practice.

A deterministic smart agent is a program. It follows steps you wrote. The LLM is one step in that program — not the orchestrator of it. A typical flow looks like:

  1. Call the customer API, get their record
  2. Query the transaction database, get recent history
  3. Build a prompt from steps 1 and 2, plus the user's query
  4. Send the assembled prompt to the LLM
  5. Return the response

The REST calls in steps 1 and 2 are just regular code. There is no "tool calling" happening. The LLM never sees an API. It receives a finished prompt with the data already in it. This is not a special AI pattern — it is a program that happens to call an LLM at step 4.

In an autonomous agent, the relationship is inverted. The model is in the driver's seat. You hand it a goal and a set of tools, and it decides what to call and when — fetching data, evaluating results, deciding what else it needs, looping until it thinks it is done. The model is the orchestrator. Your code is just the execution layer.

That inversion is what MCP is designed for. And it is why MCP does not belong in most enterprise deployments.

But First: Your Data Is Probably Already an API

Before getting into protocols, it is worth pausing for the large number of people reading this who are currently copy-pasting data into ChatGPT or Claude — pulling a CSV export from Tableau, downloading a query result from their database, uploading a spreadsheet, and hoping the model makes sense of it. This is the most common starting point, and there is nothing wrong with it for exploration. But it does not scale, and it is not reproducible.

The good news: the data you are manually exporting almost certainly already has a programmatic interface you are not using yet.

Tableau has a REST API. So does every major BI platform. Your SQL database — Postgres, MySQL, Snowflake, BigQuery, whatever it is — can be queried directly from code, or exposed behind a lightweight REST API in an afternoon. If your company has a CRM, an ERP, or any SaaS tool your team uses daily, there is almost certainly an API already. You have just been going around it.

What this means practically: the jump from "manually uploading CSVs" to "agent that fetches data automatically" is smaller than it looks. The data layer already exists. You are just adding the wiring.

That wiring can take two forms — and this is where the REST vs. MCP question actually becomes concrete:

  • If you are building a deterministic workflow, you write code that calls those APIs at the right steps and injects the results into your prompt. Regular programming.
  • If you want to expose your data sources so that an LLM can query them dynamically, you wrap them in an MCP server. This is also not as hard as it sounds — the MCP SDK handles the protocol; you write the data access logic you would have written anyway.

Neither path requires reinventing your data infrastructure. The data is already there. The question — which we will get to — is whether you want your workflow deciding what to fetch, or the model.

REST: Just Programming

REST is what the internet runs on. HTTP verbs, JSON payloads, status codes — every developer on your team already understands it, and every monitoring tool in your stack already knows how to observe it. When it is used as the data-fetching layer in a deterministic agent, there is nothing AI-specific happening at all. You are writing a program that makes HTTP calls and builds a string. The LLM is called once, at the end, with the result.

That ordinariness is the point. When context construction is explicit code, it is testable and auditable. You can write a unit test for the data-fetching step. You can log exactly what the LLM received on any given invocation. When something goes wrong, you trace it like any other bug.

gRPC is worth a brief mention here. It is a binary RPC protocol developed by Google — faster than REST over the wire, strongly typed via Protocol Buffers, and well-suited for high-throughput internal service communication. If your data layer already speaks gRPC, you use it the same way in your workflow steps. The tradeoff is complexity: gRPC is harder to debug and overkill for most early-stage AI integrations. Use it if you already have it; don't adopt it for the AI layer alone.

MCP: Letting the LLM Decide What It Needs

The Model Context Protocol is an open standard published by Anthropic that defines a common interface between LLMs and external tools or data sources. Write an MCP server once, and any MCP-compatible agent can discover and use its tools without custom integration work per framework.

MCP is currently at the center of the AI tooling hype cycle. Every major model provider and agent framework is adding MCP support. Developer communities are publishing MCP servers for everything from GitHub to Google Drive to Postgres. The implicit promise is a world where AI agents can autonomously discover and compose tools the way a browser discovers and loads web pages — and the model just figures it out from there.

That implicit promise is the tell.

MCP's design is oriented around dynamic tool discovery: the agent asks the server what tools are available, and the model decides which ones to call and in what order. The tool descriptions are written in natural language for the model to interpret. The model reads them, infers what each tool does, and makes calls based on that inference.

This is not a crisp, deterministic interface. It is an invitation for the LLM to drive its own data acquisition. And as we argued in the previous post, that is the autonomous agent pattern — the one that trades control for flexibility, and pays for it in unpredictability, opaque failure modes, and audit trails that do not exist.

When you adopt MCP, you are not just choosing a protocol. You are implicitly choosing to let the model decide what context it needs. For an enterprise deploying AI in a compliance-sensitive environment, or a startup that needs to know whether its AI actually works before it runs out of runway, that is a significant decision dressed up as a library choice.

Where MCP Actually Makes Sense

MCP is not without genuine value. Two legitimate use cases:

  1. Tool publishing for ecosystems. If you are building tools that need to work across multiple agent frameworks, or exposing tools to third-party developers, MCP's interoperability is real. Write once, integrate many times.

  2. Exploratory autonomous workflows. If you are genuinely in the "research and discovery" category — open-ended prototyping where imperfect output is acceptable — then MCP's dynamic composition fits the problem. You are exploring possibility space, not deploying a reliable system.

Outside those cases, MCP is a solution architected for autonomous agents being handed to teams that should probably be building deterministic ones.

The Scale Problem Nobody Talks About

Here is a practical argument that rarely surfaces in MCP discussions: LLMs are stochastic. They do not produce the same output for the same input every time. That is a feature in creative tasks and a liability in production systems.

In an autonomous agent, the model makes decisions — which tool to call, what query to construct, whether it has enough information yet. Each of those decisions is a stochastic event. Run the agent once and it works. Run it ten times and it probably works. Run it ten thousand times and you will find the cases where the model made a subtly wrong choice at step 2, which caused it to fetch the wrong data at step 4, which caused it to return a confidently wrong answer at the end. The failure is guaranteed to happen eventually. How often depends on the model and the task, but expecting zero failures from a stochastic system is not a reasonable expectation — it is a category error.

The failure catalog is wider than most people assume. On the mundane end: an upstream API returns a malformed response, or times out, or silently returns stale data. The model receives garbage, produces garbage, and nobody knows why because the agent did not log what it fetched. On the exotic end: a cosmic ray flips a bit in a server running at a facility built from post-war steel — modern steel is mildly radioactive from nuclear testing fallout, so sensitive applications actually seek out pre-war steel to reduce background radiation — and the model produces a response that is subtly, inexplicably wrong in a way that will never reproduce. You cannot test for these. You cannot fix them. You can only build systems where their blast radius is small and their effects are detectable.

The deeper problem is what happens after the failure. In an autonomous agent, a bug is not a line of code you can point to. It is a probabilistic event in a multi-step reasoning chain. To reproduce it, you need the exact same model weights, temperature settings, and input — and even then you might not get the same result. Writing a regression test for it is genuinely hard. Knowing whether your fix actually fixed it or just shifted the distribution of failures requires running the agent many more times to see if the failure rate changes.

A deterministic smart agent does not eliminate stochasticity — the LLM is still the LLM. But it cordons it. The stochastic elements are isolated to specific, well-defined points in the workflow: the steps where you explicitly call the model. Everything else — the data fetching, the prompt construction, the output parsing, the routing logic — is regular code. It behaves the same way every time. You can unit test it. When the agent fails, you can look at the logs, see exactly what prompt was sent to the LLM, exactly what it returned, and exactly where the downstream code broke on that response. The failure surface is small and inspectable.

This is not a minor operational convenience. At the scale of real production deployments, the difference between "failures are traceable" and "failures are probabilistic events in an opaque reasoning chain" is the difference between a maintainable system and one that erodes trust every time it misbehaves in ways nobody can explain.

The Framing the Hype Skips

The dominant MCP narrative assumes you want the model to figure things out on its own. Drop a dozen MCP servers in front of it, describe your goal, and let it find its way. That is genuinely exciting in research contexts. It is also roughly how you end up with an agent that made six API calls you did not expect, returned a confident-sounding answer that was wrong, and left no trace of what it actually fetched or why.

The alternative — a deterministic workflow that makes explicit REST calls to construct context deliberately, then hands that context to the LLM — is less cinematic. There is no moment where the AI impresses you by going off and figuring things out. But there is a moment where you ship, your agent does what it is supposed to do, and you can prove it.

We said it in the last post: for founders in validation mode, deterministic is not the cautious choice — it is the faster path to learning. The same logic applies to the data layer. Deliberate context construction via REST is not a fallback for teams that haven't figured out MCP. It is the correct architecture for agents that need to be reliable.

Protocol choice is architecture choice. Start with what kind of agent you are building — that post is here — and the protocol follows naturally.

Where to Go From Here

If you have read this and decided autonomous agents are the right tool for your use case — open-ended research, exploratory prototyping, situations where imperfect output is acceptable — frameworks like OpenClaw and others are designed for that. Go build with them, with eyes open about the failure modes.

If you have decided that deterministic smart agents are what you actually need — and for most production deployments, they are — Gofannon is an open-source project hosted by The AI Alliance built specifically for this pattern. It gives you the structure to define workflows, inject LLM calls at specific steps, and keep the stochastic surface small and auditable. (Full disclosure: the founders of RamenAtA are the maintainers of Gofannon.)

If you want the hosted, enterprise-tuned version with team management, multi-tenancy, and a prebuilt integration library, Gofannon: RamenAtA Edition is that.

Ready to build something deterministic and debuggable? Start at gofannon.ramenata.ai.