Do I need the Prisma driver adapter?

No. PgBeam is a standard Postgres connection string. Prisma's default query engine connects to it directly. Point the agent's datasource URL at the scoped credential and you are done.

Will this affect my application's Prisma client?

No. Only the client you point at the scoped credential is governed. Your application keeps its existing datasource and reads the real data unchanged.

Can I still run migrations?

Run migrations through your application's privileged connection, not the agent credential. Agent credentials are read-only by default and block DDL.

Integration · PgBeam + Prisma

Scoped Postgres for Prisma-based agents

Set Prisma's datasource URL to a scoped PgBeam credential. Your application keeps its own connection; the agent gets a guarded one with read-only enforcement, allowlists, and masking applied in the wire protocol.

Get Started Read the docs

Prisma talks to Postgres over a standard connection string, so giving a Prisma-based agent a guarded credential takes one environment variable. Your application keeps its existing datasource untouched; only the agent's client points at the scoped credential, and every query it runs is checked at the wire.

Connect Prisma in one step

Point the connection string at the scoped PgBeam credential. The policy applies to every statement.

schema.prisma

datasource db {
  provider = "postgresql"
  // A scoped PgBeam credential for the agent, not your app's URL.
  url      = env("PGBEAM_AGENT_URL")
}

// PGBEAM_AGENT_URL=postgresql://agent_xxx:pba_xxx@proxy.pgbeam.app:5432/mydb

One env var, two connections

Your application's Prisma client keeps reading the real database through its own URL. The agent's client uses a scoped PgBeam credential set as its datasource URL, so its access is governed independently.

Mark the agent credential read-only and Prisma's writes from that client are blocked at the wire. Add table and column allowlists so the agent only reads the models it should.

No schema or driver changes

PgBeam speaks the native Postgres wire protocol, so Prisma's query engine connects exactly as it would to any Postgres. No adapter, no driver swap, no schema annotations.

PII masking applies to the agent credential in flight, so sensitive columns come back redacted, nulled, or hashed for the agent while your application reads the real values.

Scoped credential

The tool gets a per-agent username and password or an MCP token, never your real database credentials. Revoke it with one click.

Enforced at the wire

Read-only, table and column allowlists, and budgets are checked in the Postgres wire protocol before a statement reaches your database.

PII masking

Redact, null, or hash sensitive columns so the model never sees the raw values.

Full audit trail

Every statement recorded with its decision, reason, rows, bytes, and latency, exportable for review.

More integrations

PgBeam + LangChain PgBeam + Claude Code PgBeam + Cursor

Questions

Give Prisma safe Postgres access

Start with a 14-day free trial. No credit card required.

Technical preview. For internal testing only.

Get Started