Do I need a LangChain plugin or SDK?

No. PgBeam is a Postgres connection string. Pass it to SQLDatabase.from_uri or any tool that takes a Postgres URI. Every driver LangChain uses works unchanged.

Can the agent still write to the database?

Only if you allow it. Credentials are read-only by default. You can permit writes to specific tables and hold writes or DDL for human approval.

Integration · PgBeam + LangChain

Safe Postgres for LangChain agents

Q: Does this work with my existing Postgres?

Yes. Enforcement is at the wire, so it works with RDS, Aurora, self-hosted, or any managed provider, with no extension to install.

Point LangChain's SQLDatabase or any Postgres tool at a scoped PgBeam connection string. Your agent reads real data; reads, writes, allowlists, and budgets are enforced in the wire protocol.

Get Started Read the docs

LangChain's SQL tools let an agent run arbitrary SQL against your database, which is the whole point and the whole risk. A system prompt asking the agent to be careful is a suggestion, not a boundary. PgBeam puts the boundary in the wire between LangChain and Postgres, where the agent cannot prompt its way around it.

Connect LangChain in one step

Point the connection string at the scoped PgBeam credential. The policy applies to every statement.

Python

from langchain_community.utilities import SQLDatabase

# A scoped PgBeam credential, not your real database URL.
db = SQLDatabase.from_uri(
    "postgresql://agent_xxx:pba_xxx@proxy.pgbeam.app:5432/mydb"
)
# Reads pass. Writes, off-limits tables, and budget overruns are
# rejected in the wire protocol with an LLM-readable error.

One connection string, one policy

Issue an agent credential in the dashboard, attach a policy, and pass the connection string to SQLDatabase.from_uri. Nothing else in your LangChain code changes.

Set the credential read-only and every INSERT, UPDATE, DELETE, and DDL the agent emits is blocked before it reaches your database. A blocked statement returns a readable reason, so the agent can correct itself and retry within the rules.

Works with your stack, not just ours

Because enforcement is in the Postgres wire protocol, it works with RDS, Aurora, self-hosted, or any managed Postgres, and with the standard drivers LangChain uses underneath.

Add table and column allowlists, PII masking, and per-window query budgets to the same credential. The policy applies to every statement the chain or agent runs.

Scoped credential

The tool gets a per-agent username and password or an MCP token, never your real database credentials. Revoke it with one click.

Enforced at the wire

Read-only, table and column allowlists, and budgets are checked in the Postgres wire protocol before a statement reaches your database.

PII masking

Redact, null, or hash sensitive columns so the model never sees the raw values.

Full audit trail

Every statement recorded with its decision, reason, rows, bytes, and latency, exportable for review.

More integrations

PgBeam + Claude Code PgBeam + Cursor PgBeam + Prisma

Questions

Give LangChain safe Postgres access

Start with a 14-day free trial. No credit card required.

Technical preview. For internal testing only.

Get Started