Use case
Let agents inspect data safely without giving them the database.
z-gateway routes Postgres MCP tools through workspace policy, connector assignment, risk assessment, approvals, and runtime sessions so database-aware agents can help without bypassing production controls.
Database-aware agent workflows
| Workflow | z-gateway control |
|---|---|
| Schema inspection | db.schema.read and db.table.describe expose bounded metadata through assigned database targets. |
| Read-only analysis | db.query.read runs single bounded read queries with policy checks and row caps. |
| Query planning | db.query.explain returns EXPLAIN output without ANALYZE. |
| Write proposals | db_write_propose applies SQL safety checks, risk scoring, and approvals when needed. |
| Safe updates/deletes | db_update_safe and db_delete_safe require constrained fragments and WHERE clauses. |
Controls
Assigned database targets
Agents use database connections assigned in the dashboard instead of arbitrary connection strings.
Policy before execution
Every Postgres MCP action is evaluated before the connector touches the database.
Risk and approvals
High-risk writes can pause for human approval, with compact dashboard summaries that avoid raw SQL.
Runtime sessions
Database actions appear beside related GitHub work in one agent execution timeline.
Current boundaries
z-gateway is not a transparent Postgres wire proxy and does not intercept arbitrary Prisma traffic, psql sessions, or migration tools. Agents must use the governed MCP database tools, and database targets must be reachable from the hosted runtime.