Connection String

Give an AI agent a scoped Postgres connection string. Every driver, ORM, and agent framework works unchanged, with policy enforced in the wire protocol.

A scoped connection string is the second front door for an agent. It looks like an ordinary PostgreSQL URL, so every driver, ORM, and agent framework works unchanged. The difference is that the username and password belong to a PgBeam agent credential, and every statement is enforced against that credential's policy before it reaches your database.

Scoped connection string

postgresql://agent_4f2c:****@a1b2c3.proxy.pgbeam.app:5432/app

Use it like any Postgres URL

psql "postgresql://agent_4f2c:****@a1b2c3.proxy.pgbeam.app:5432/app"

import psycopg

conn = psycopg.connect(os.environ["AGENT_DATABASE_URL"])

import { Pool } from "pg";
const pool = new Pool({ connectionString: process.env.AGENT_DATABASE_URL });

pool, err := pgxpool.New(ctx, os.Getenv("AGENT_DATABASE_URL"))

The agent framework does not need a PgBeam SDK. Set the agent's DATABASE_URL to the scoped connection string and it is enforced from the first query.

What enforcement looks like to the agent

A blocked statement returns a PostgreSQL ErrorResponse with an LLM-readable reason, so an agent reading the error can correct itself:

ERROR: policy is read-only: UPDATE is not allowed
ERROR: table internal_api_keys is not in the allowlist

Masked columns come back redacted, hashed, or nulled in the result, depending on the rule. See Masking.

TLS is required

Agent connections must use TLS. The hostname (<id>.proxy.pgbeam.app) carries the SNI used for routing, so use the full connection string PgBeam issued, with sslmode=require or stronger.