Get started
Configure a model
PXI needs a model to talk to. Set credentials for at least one provider
(
OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, AWS Bedrock
credentials, or a custom provider under Settings → Models). See
Setup for the validated model list.Open PXI and accept the consent gate
Open the assistant from any Phoenix page. The first time, you review the
session-trace settings and acknowledge to enable the chat surface for your
browser.
What it does
- Drives the product — navigates, filters, and pivots through your Phoenix data the same way you would.
- Investigates failures — walks failing traces and proposes root causes instead of leaving you to grep through spans.
- Iterates on prompts — reads, edits, and tests playground prompts, with every change shown as a diff you approve.
- Reasons over your data — a sandboxed runtime lets PXI query your Phoenix instance to answer questions evals and dashboards cannot.
- Knows the product — Phoenix’s own documentation is wired in as a first-class source, so answers are grounded rather than guessed.
Skills
A skill is a reusable, multi-step procedure for one Phoenix workflow — what to look at, in what order, and what the output should be. PXI loads the matching skill on demand rather than improvising each investigation from scratch. The library is under active development and grows each release — track progress on the Phoenix roadmap milestone.Trace debugging
Walk failing traces against a failure-mode checklist for prioritized
root-cause hypotheses. Available today.
Prompt playground
Co-author and optimize prompts, with every edit shown as a diff to approve.
Available today.
Span annotation
Annotate spans and apply labels in bulk across a trace or project.
Available today.
Evaluator authoring
Draft and refine LLM-as-a-judge evaluators against your data.
Available today.
Dataset curation
Turn the failures you find into curated datasets for experiments and evals.
Under development.
You stay in control
Agent assistance is opt-in. PXI can be turned off completely, runs under an explicit permission model, and only reaches the internet when you let it.
- Turn it fully off. Disable PXI per deployment
(
PHOENIX_DISABLE_AGENT_ASSISTANT=true), per instance (Settings → Assistant → System settings), or per browser (Settings → Assistant → Personal settings → Use assistant). - Nothing changes without your approval. Any state-changing action — editing
a prompt, saving a prompt, annotating spans — is gated by an edit-approval
mode you pick from the chat input (or cycle with
Ctrl+T). Read-only actions run freely. - Add web grounding when you want it. Toggle web access with the globe button in the chat input to let PXI consult the live internet for additional grounding. The toggle is per session and only appears when an administrator allows it; leave it off to keep the session entirely inside your Phoenix instance.
| Edit-approval mode | Behavior |
|---|---|
| Manual Approval (default) | PXI proposes the change as a reviewable diff and waits. Nothing is applied until you click Accept. |
| Bypass Approval | Edits are applied without asking. The selector shows a warning treatment while active. |
Setup
Configure credentials for at least one provider via environment variables or Phoenix secrets (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, AWS
Bedrock credentials, or a custom provider under Settings → Models). The
consent gate shown the first time you open PXI enables the chat surface for that
browser; it does not override system settings.
PXI relies heavily on tool calling — almost every action it takes is a tool
call. Models that are weak at tool use produce broken sessions even if they
handle free-form chat well. Pick one of these validated models unless you have a
specific reason not to:
- Anthropic —
claude-opus-4-8,claude-opus-4-6,claude-sonnet-4-6 - OpenAI —
gpt-5.5,gpt-5.4,gpt-5.4-mini - Google —
gemini-3.1-pro-preview,gemini-3.5-flash
How it works
PXI is split between the Phoenix server, which owns everything the model sees (tool definitions, system prompt, skills, capability guidance), and the browser, which executes tool calls that touch the page. Capabilities are gated by context — PXI only advertises a tool when the required Phoenix UI context is present, so it does not offer an action that cannot succeed on your current page.Architecture
Architecture
The browser owns the chat UI and a sandboxed bash environment. Inside it,
PXI uses the phoenix-gql CLI to query the Phoenix GraphQL API — the
same authenticated endpoint a logged-in user hits. The server hosts the agent
and its model-facing surface (tools, skills, an MCP client) and
calls your LLM provider with your API key. When external resources are
allowed, the server also reaches the Mintlify-hosted Phoenix docs MCP.
Runs entirely on your Phoenix
Runs entirely on your Phoenix
PXI runs inside the Phoenix process you are already running:
- Tool calls execute against your Phoenix server and your data — no separate Arize service is involved.
- The LLM is your model provider, called with your API key. Arize is not in the request path.
- Documentation lookups go to the Mintlify-hosted Phoenix docs MCP server when external resources are allowed — the same public docs you can read in a browser, serving docs only.
- Remote trace export happens only if every gate is enabled: a remote collector is configured, an administrator allows export in system settings, and the user enables it in personal settings.
Privacy, safety & configuration
Trace recording & observability
Trace recording & observability
PXI can capture conversations as Phoenix traces, controlled by both system
settings and per-browser preferences. From Settings → Assistant,
administrators can turn assistant access on or off for everyone, allow users to
save session traces locally, and allow export to a configured remote collector;
each user can show or hide the assistant and opt into local or remote trace
recording when allowed.By default the system settings allow neither local persistence nor remote
export. Local traces are written to the
assistant_agent project (override
with PHOENIX_AGENTS_ASSISTANT_PROJECT_NAME). When recording is enabled, tool
inputs and outputs are recorded on the corresponding spans, so you can audit
what PXI did and evaluate it like any other agent in Phoenix.Safety limits
Safety limits
- Verify before you act. PXI can apply filters, edit prompts, and run bash. Review proposed changes — especially prompt edits — before accepting.
- Don’t point it at sensitive production data without controls. PXI sees whatever the signed-in user can see.
- Treat outputs as suggestions. PXI hallucinates, especially on long traces or unfamiliar frameworks.
Configuration reference
Configuration reference
| Environment variable | Effect |
|---|---|
PHOENIX_DISABLE_AGENT_ASSISTANT=true | Disable PXI for the whole deployment (requires restart). |
PHOENIX_ALLOW_EXTERNAL_RESOURCES=false | Disable external resource access, including the Phoenix docs MCP lookups. |
PHOENIX_AGENTS_DISABLE_WEB_ACCESS=true | Disable PXI’s web search/fetch tools while leaving other external resources available. |
PHOENIX_AGENTS_COLLECTOR_ENDPOINT | Remote collector endpoint for assistant trace export. |
PHOENIX_AGENTS_COLLECTOR_API_KEY | API key for the remote collector, if required. |
PHOENIX_AGENTS_ASSISTANT_PROJECT_NAME | Project name for locally recorded assistant traces (default assistant_agent). |