Govern database actions through MCP.

1. Open Dashboard, Connectors, Database Connectors.
2. Add a Postgres-compatible DSN for Neon, Railway, Supabase, or generic hosted Postgres reachable from the deployed runtime.
3. Test the connection from the dashboard.
4. Assign the database target to an agent. Advanced clients may pass an assigned databaseConnectionId to db.* MCP tools.
5. Assign policies that explicitly allow postgres actions for the agent.

• db.schema.read lists bounded schema/table metadata.
• db.table.describe returns columns and indexes for one table or view.
• db.query.read runs a single bounded read-only query with row caps.
• db.query.explain returns EXPLAIN output without ANALYZE.
• db_write_propose evaluates write SQL with risk scoring, hard blocks unsafe classes, and may require approval before execution.
• db_delete_safe executes DELETE only when a safe table and mandatory WHERE clause are provided.
• db_update_safe executes UPDATE only when safe SET and WHERE fragments are provided.

Write-capable database tools run through SQL safety checks, risk scoring, protected-table matching, workspace mode, and policy evaluation. High-risk write proposals can create approval requests instead of executing immediately; the Overview and Approvals pages show those requests without exposing raw SQL in compact summaries.

z-gateway is not a transparent Postgres wire proxy. It does not intercept arbitrary Prisma traffic, psql sessions, migration tools, or local database sockets. Agents must use the governed MCP tools above, and the database must be reachable from the deployed server environment.