Skip to main content
Integrations · PostgreSQL

Point it at PostgreSQL.
Walk away with insights.

DecisionBox connects to your PostgreSQL database — production primary, read replica, or managed service — in a few minutes. No schema migration, no pipeline to build. The agent reads your tables in place over TLS, runs read-only queries against them, and surfaces validated insights from what is already in your database.

DecisionBoxagentPostgreSQLyour databaseRoleanalyst_roSchemapublicsslmode=requireTLS · Read-only query
Easy and low-effort to integrate

Three things to know on day one.

Read-only, scoped by Postgres role

Create a role with USAGE on the schema and SELECT on the tables you want the agent to see — nothing more. Postgres role permissions are the access boundary; the agent cannot reach anything the role does not grant.

Built for a database that's also serving your app

Small connection pool, per-query timeout, and metadata read from information_schema and pg_class so the agent never asks the planner to scan a table just to count rows. Safe to point at a primary or a read replica.

Reads your schemas in place

No tables to refactor, no data pipeline to stand up, no database-side changes. Point DecisionBox at a database and a schema, and the agent picks up your tables on its first run — and re-checks them on every run after.

Safe on a database that's also serving your app

Five things the agent does so it stays out of your way.

Postgres is most often a transactional database that something else is already depending on. Every default in the provider is set so a discovery run cannot disturb that workload — small pool, short timeouts, fast metadata reads, encrypted connection, read-only at the role level.

Connection pool is small and capped — 5 max, 2 idle. The agent will not exhaust your database's connection budget.
Per-query timeout — defaults to 5 minutes. A runaway query is cancelled before it can hold a long lock or block your app.
Row counts come from pg_class.reltuples — fast, planner-maintained estimates. No full table scan just to read a row count.
TLS is required by defaultsslmode=require out of the box. verify-ca and verify-full are both supported when you provide a CA bundle.
No writes, ever — the agent never issues DDL or DML. The Postgres role you give it is the second layer of enforcement.

Pool size and query timeout are configurable per project. The defaults are tuned for an agent that is sharing a database with a live application — increase them only if you have headroom.

Authentication

Two ways in. Both standard libpq.

Pick the one that matches how you already hand Postgres credentials to the rest of your stack. Both options end at the same Postgres role and schema you configured — what changes is whether you fill in the connection fields one at a time or paste a full DSN.

Quick start

Username / Password

Fill in host, port, database, user, dataset (your Postgres schema), and sslmode in the project config, and paste the password as the credential. The password is stored encrypted and never written to logs.

Same role and schema boundary as the connection-string path.

Recommended for managed Postgres

Connection String

Paste a full DSN — postgres://user:pass@host:5432/db?sslmode=require — as the credential. Works with the URI managed services hand you (RDS Proxy, Supabase, Neon, Railway, Fly.io, etc.) and lets you set advanced libpq options as query parameters.

Same destination as the field-by-field path.

Both options end at the same Postgres role and schema you configured — USAGE on the schema, SELECT on the tables you opted in, and nothing more. If your security team has already approved how the rest of your stack talks to this database, they have already approved DecisionBox.

Open and portable

Open source, and not Postgres-only.

Open source, AGPL v3

Every line of the Postgres integration — the role-scoped auth flow, the DSN handling, the SQL the agent writes — is in the public repo. Anyone can read and audit it before turning it on.

View the Postgres provider on GitHub

Not locked to Postgres

BigQueryRedshiftSnowflakeDatabricksPostgresMSSQL

The same agent runs against any of them. If your warehouse moves, your DecisionBox install moves with it.

Keep reading
AI Discovery Agents
The autonomous loop that writes the SQL in the first place.
How It Works
Where the Postgres integration fits in the end-to-end flow.
Setup guide (docs)
Field-by-field setup, role grants, sslmode options.

Try it on your Postgres, in two minutes.

Clone the repo, run docker compose up, and point it at a Postgres host and a read-only role. TLS is on by default; nothing else to configure.