Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w2V2q-000LUa-1r for pgsql-hackers@arkaria.postgresql.org; Tue, 17 Mar 2026 14:05:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w2V2p-001rzg-1H for pgsql-hackers@arkaria.postgresql.org; Tue, 17 Mar 2026 14:05:15 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w2V2p-001rzY-0K for pgsql-hackers@lists.postgresql.org; Tue, 17 Mar 2026 14:05:15 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w2V2m-00000000c46-1vko for pgsql-hackers@postgresql.org; Tue, 17 Mar 2026 14:05:14 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-b932fe2e1a7so701775766b.1 for ; Tue, 17 Mar 2026 07:05:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773756310; x=1774361110; darn=postgresql.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=+Co1KeoxRUVrA0B2WRbF60WsZZ3Ws5d32NHt/gg6cUQ=; b=B3DKz8bf5js9wRS6eHL1pItVLnJottT0bqZpVQR1dAU9UJ/15aB+wzAPTk4A+/zpbb 66TwFKY8eZUtMTXGrExJWvlTBSLU5WG+wWN10PAZUhPeTUQwkSNpaj+HGjEhZdOqmHZk UMUlTv1OFfYF5TKTBMNP0kAuUnYQyvm0wol69CychZQVw0KQT5wqDwinbD/S01e3CgAi ZeTsl7N5q7lllsLnE1ulKVE4hqDvTVqjAwt2xSrbqo032C6dJENfpNJ2MRfZ/fMM+4eq hfl7L2rHEJzKo+uXWNnzphs/ugREjFLNZdgVgMv08zeUcJDF7JfeBkRorArvwFtIKPSY mJkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773756310; x=1774361110; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+Co1KeoxRUVrA0B2WRbF60WsZZ3Ws5d32NHt/gg6cUQ=; b=kfrSi+tkcI6u+4NJjynTerzsJnZdp89dRUeG7/yPTtSCjem9Yrtu6BEGZ2JLQNEtTa D2l9KAvK0jT1aNxrgNT5J8vaFA3zz1q1vXqKyy7l81XLhL3BzklniEcv/PkP/4DmiCKZ bnCmq7RG/68SHSn5dyBDOoy9w+9VqltoKdcDwCdhuhdEW/GUBhRs19VoGxeWij6Limwm kpoKjvAeBExSzRRsnwmcb6F9ynIVUlxkS4K6rVZybfOw+sHLJ7/Kr8Mva7mzust9uIyd eQhvQMr3uAFVjGlowQ350nu4V6iIFmn1qV1ziaicm84W1SN1cMUM27tN8J/7lWzxprTQ NdaQ== X-Forwarded-Encrypted: i=1; AJvYcCWljbN9gIDfdOY4BmT9inpvAOoznI6z7/pmOOSQjFJrOBzyrY9JUkYPgPgdkGj6a052UrM36v3GaC17uMvz@postgresql.org X-Gm-Message-State: AOJu0YwRXAp9llUA6gJeQKTFURUs6/Jx7jPqWcKzDo8/WG5s9GTY/qrH rMFykY4U9EhVBu1EiTYc86YZXEMvOYddcaakEk57ix5NOEoXF2cSYAwbAO/bGcun X-Gm-Gg: ATEYQzzXFkBD8t2WU0crS2zg7asWHLnY18C2YwyCmlZXYeYVF9nk+5LcATKQFN63KPL dM1VrsJlt+bo8/oFyKq1SuFQywqJYmYtk90CB058zh98Ss0B1lMJks2D9IsDfjC8NB/YEj28/xI gFKzepqyvDvYl3ZPBCF+J2tX1voRnQC/4PSYJgrITrkSnZurGrkrpS7vjCubns3ZGFt2JEOvNSM QsOF5i9mA5Lfc/CRzsOFrWo8vo5ngzFTAr/pGWfn48IlRkc42503ppqYWxT7BhMWN2ZR4LALMgp xVToFjFWwWHxuyeDcI3lAHtssl/910hottfZrNbv1C/6WrFsqJumpoSS3uhmpMQ9MbjnvQBEkfG txldUT5G78B9+sHQiY0tG7NQ2W80K9hprkHYqDKYOOmpi8ExsKHFyjSN341RJNwz6xsOU5dd/QZ cNXzWbfll60ARXLEr9BFHhT7BDlWC1qLhMaekkfQ== X-Received: by 2002:a17:907:7fa2:b0:b97:ba90:edb2 with SMTP id a640c23a62f3a-b97ba90f2f2mr450241766b.50.1773756309959; Tue, 17 Mar 2026 07:05:09 -0700 (PDT) Received: from [192.168.15.192] ([80.251.191.198]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43b3b0e9b99sm28396128f8f.18.2026.03.17.07.05.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Mar 2026 07:05:08 -0700 (PDT) Message-ID: Date: Tue, 17 Mar 2026 15:05:08 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Read-only connection mode for AI workflows. To: Bruce Momjian Cc: Jack Bonatakis , pgsql-hackers References: <64f1c69a-ceff-4b17-8298-58f255d075fc@gmail.com> Content-Language: en-US From: Andrei Lepikhov In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 17/3/26 14:52, Bruce Momjian wrote: > On Tue, Mar 17, 2026 at 11:04:25AM +0100, Andrei Lepikhov wrote: >> On 16/3/26 22:25, Bruce Momjian wrote: >>> On Mon, Mar 16, 2026 at 10:01:22PM +0100, Andrei Lepikhov wrote: >>>>> I do think the underlying problem of safely exposing databases to >>>>> automated agents is becoming increasingly common, so it seems like a >>>>> useful area to explore. >>> >>> I agree the need a read-only sessions is going to get more urgent with >>> MCP. Why doesn't the community code have a read-only session option >>> that can't be changed? >> >> The pg_readonly project aims to answer this question: if it is easy and >> cheap to implement as an extension, why do we need to touch the core? > > I think it is a fundamental feature the database should have by default. > Why wasn’t read-only mode set up like this from the start? - I haven’t seen any other DBMSs, aside from SQLite, offer this kind of guarantee. If we want to move forward, it makes sense to use a session parameter and add backend code to prevent violations. Postgres architecture looks well-suited for this feature. However, the request is to block all backend changes, not just the usual XactReadOnly limitations, but also things like vacuum, etc (temporary tables?). Should we also consider cluster-wide restrictions? -- regards, Andrei Lepikhov, pgEdge