PgBeam Docs

Quickstart

Connect an AI agent to your Postgres safely in two minutes. Issue a scoped credential, attach a read-only policy, and watch the audit log.

This guide gives an AI agent safe, read-only access to your database through PgBeam. The agent gets a scoped credential and a hosted MCP URL. It never sees your real database credentials, and you can revoke its access with one click.

Prerequisites

You need a PostgreSQL database reachable from the internet and its connection details (host, port, user, password, database name). Sign up at dash.pgbeam.com; new accounts start on a 14-day trial.

Add your database

Create a project and add your origin database in the dashboard, or use the CLI:

Add a database
pgbeam auth login
pgbeam projects create --name my-project
pgbeam db add --host db.example.com --port 5432 --database app --ssl-mode verify-full

PgBeam stores these credentials and uses them to reach your database upstream. The agent never receives them.

Create a read-only policy

A policy profile defines what the agent may do. Create a read-only one and note the pol_… id it prints; you'll attach the credential to it next.

Create a read-only policy
pgbeam policies create --name read-only --mode read_only
# → Policy profile created: pol_1a2b3c…

Issue a scoped agent credential

Pass the policy id from the previous step to --policy:

Create an agent credential
pgbeam agents create --name analytics-bot --policy pol_1a2b3c…

This returns two things the agent can use:

# Scoped Postgres connection string
postgresql://agent_4f2c:****@a1b2c3.proxy.pgbeam.app:5432/app

# Hosted MCP endpoint (Bearer pba_…)
https://<project>.proxy.pgbeam.app/mcp

See Agent credentials for the full surface.

Connect the agent over MCP

agents create already printed a ready-to-paste config for your client (pass --client cursor, --client vscode, or --client all to pick the host). For Claude Code it looks like this:

.mcp.json
{
  "mcpServers": {
    "pgbeam": {
      "url": "https://<project>.proxy.pgbeam.app/mcp",
      "headers": { "Authorization": "Bearer pba_..." }
    }
  }
}

Need to regenerate it later (e.g. after rotating the token), or write it straight to the client's config file?

Regenerate and write the config
pgbeam agents mcp-config \
  --url https://<project>.proxy.pgbeam.app/mcp \
  --mcp-token pba_... \
  --client cursor --write

The dashboard credential reveal renders the same blocks. The agent now has query, list_tables, describe_table, and explain tools, every call enforced against the policy. Prefer a connection string? See Connection string.

Watch the audit log

Every statement the agent runs is recorded with its decision, rows, bytes, and latency. Open the Audit tab in the dashboard, or:

List the audit log
pgbeam audit list --credential agt_xxx

A read-only policy blocks writes and DDL automatically. The blocked statement never reaches your database, and the agent receives an LLM-readable reason.

What to tighten next

The read-only policy is a safe default. Narrow it further as you go:

  • Allowlists: restrict to the exact tables and columns.
  • Masking: hash or redact PII the agent should never read.
  • Budgets: cap queries per window and rows per result.
  • Kill-switch: cut an agent off mid-session.

How It Works

How PgBeam enforces agent policy in the PostgreSQL wire protocol, between an AI agent and your database, with no code changes and any Postgres host.

Agent Credentials

Scoped, revocable Postgres credentials and MCP tokens for AI agents. The agent never sees your real database credentials.

On this page

Add your databaseCreate a read-only policyIssue a scoped agent credentialConnect the agent over MCPWatch the audit logWhat to tighten next