Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w2RIu-000I2J-2v
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 17 Mar 2026 10:05:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w2RHu-0004Q0-27
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 17 Mar 2026 10:04:34 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <lepihov@gmail.com>)
	id 1w2RHu-0004Ps-1C
	for pgsql-hackers@lists.postgresql.org;
	Tue, 17 Mar 2026 10:04:34 +0000
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <lepihov@gmail.com>)
	id 1w2RHn-00000000AJK-0bVu
	for pgsql-hackers@postgresql.org;
	Tue, 17 Mar 2026 10:04:33 +0000
Received: by mail-wm1-x335.google.com with SMTP id
 5b1f17b1804b1-48557c8ad47so33630825e9.0
        for <pgsql-hackers@postgresql.org>;
 Tue, 17 Mar 2026 03:04:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1773741867; x=1774346667;
 darn=postgresql.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=8/xCZJg8lVl3j7THop08XX8jZoVPW/FzTr+f1MB5wK8=;
        b=POZKJwuZfs+djES3zF4qMu3B/iI2SXcg02hlenC3nhHLeSgle8LIpsExV01+LWLGVT
         +Lgt0KjynPQXCH/4HQbI2FRSGmnx9+Ub8MFlMvxq63kV2Q6xgA84ehZf2K4Ff6wX4ELm
         HG6m3nKowVHLtQIlKd+5tH1CJNbz9u8TjxcFoM3dCvbXyfYug9j0mTpfAaW3orZWPlrw
         WxaLI33zNw9eGF4BzXXrafwJofVp2mdyoBPOkA3bgaOLugBlbutEHhoIQKEVEl3vG2Ay
         CciuIGZFG/wGXnXAY/WnujLGCSzJYld+c9r4tAHkbPxselDi9+jUlQ6jpBP9p19PhVkE
         2WSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1773741867; x=1774346667;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=8/xCZJg8lVl3j7THop08XX8jZoVPW/FzTr+f1MB5wK8=;
        b=hfgMas/KSDfl418Ogc6qxDW2QgxuUofvy1Do0n236akL4ewfZDVM041YE/uiMMxSaE
         lP4MOWBsWTgLzrUFlk4xbI+kijNmDnSVMyIXjkPDh1jOrmPJKTqY9xsnHrNcnRWpYaMk
         CUmEidACOoMe+XkzZ0JELETj1gp9JyUUbFHGPk517eYE5kclCkXCGA9xFX4BGkiFwBgH
         Qd94Y7/dpFkPcRP1Db1ih3kaUpbCroVdv8+9010q5BMqjB+GGU7RR7yYgx68Ino+Sccp
         8aPw1K2Bn0ynb0qFEyfnyxHlhisEnHYBt3pO8iwxgLSK0bZd3HGD7bwggh/bNMrpeA0U
         o/lA==
X-Forwarded-Encrypted: i=1;
 AJvYcCWtM40KAV7cyylpkW2mgan+u/+D1fA1E4G7AmkwQNY+v00xzi3Wf50MrhRqALYGC+dkICNk4uyQSrOAuo8k@postgresql.org
X-Gm-Message-State: AOJu0YwxbmqQZcXfZ5ycTzR+6msBxx31Iyq2rYk7W5ZLJpi38bYQcGBj
	qX0oYsd/haZF5Xv4eZnV8qJYibTrNZx4ISt730gZXpNYUTB+LYSxYi7GPRHUaYtbMTc=
X-Gm-Gg: ATEYQzwheWVVZD4aYM8qr6EfqeHzOu+QGIWPuO3ztsbeXXPSZAgTmJyxIZreBtZVjw8
	uqfgGhoK5y7quuLTehFw4SIlS1kJ3IJQl0jHwVAU34p6n+m9JMoTVZl0iC1xfPcngNAcqKkgoN8
	lPv9fXP7bO8rPoji+lNZ4yCZCBjPaUOBt6GM37VLPIR3VEKB88XXMcvEKhS/MsA5ZryStnPTOdm
	799U+xgX/1U8ssHAjpPpqaXSsA2K2eU0GUYucIkknzLCGk+PPRlqh8ieFXg56/4BmKVC+RXYscp
	MeYhn0PJ0tknE3EkU0TKullCbke5fkWHytQXG4p9fWlGWj5A+9CCgR8cUHQVhBdtqaJ+MC6EcCa
	K0e9hzv6iuZet2YfwzMFZGMATQCxGgx4TSBPWrxTsgnSj8FhZyUD/Cf4+uRnVlnpBW8Pw8kKG9x
	Su7Q7tbTgXhj9Ix7CMjGzeSrtTcjfqbWkPlvnd+A==
X-Received: by 2002:a05:600c:1d0f:b0:485:3f38:3de3 with SMTP id
 5b1f17b1804b1-485566d2fc4mr268992185e9.3.1773741866798;
        Tue, 17 Mar 2026 03:04:26 -0700 (PDT)
Received: from [192.168.15.192] ([80.251.191.198])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4856ec4c9f3sm51298265e9.0.2026.03.17.03.04.26
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 17 Mar 2026 03:04:26 -0700 (PDT)
Message-ID: <cbcefd92-4f43-46ef-8c9f-0c45aa8dca77@gmail.com>
Date: Tue, 17 Mar 2026 11:04:25 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Read-only connection mode for AI workflows.
To: Bruce Momjian <bruce@momjian.us>
Cc: Jack Bonatakis <jack@bonatak.is>,
 pgsql-hackers <pgsql-hackers@postgresql.org>
References: 
 <CADsUR0B9bcJQKYHyUMnWcODGzF5+AdeToawULkkTKfrq32Z-8w@mail.gmail.com>
 <64f1c69a-ceff-4b17-8298-58f255d075fc@gmail.com>
 <dde00623-b8e0-421b-a3f7-b149768894ef@app.fastmail.com>
 <fab6a5f3-df9f-4bd7-b2ac-434a17303547@gmail.com>
 <abh1LGa98D2Bpv-n@momjian.us>
Content-Language: en-US
From: Andrei Lepikhov <lepihov@gmail.com>
In-Reply-To: <abh1LGa98D2Bpv-n@momjian.us>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/cbcefd92-4f43-46ef-8c9f-0c45aa8dca77%40gmail.com>
Precedence: bulk

On 16/3/26 22:25, Bruce Momjian wrote:
> On Mon, Mar 16, 2026 at 10:01:22PM +0100, Andrei Lepikhov wrote:
>>> I do think the underlying problem of safely exposing databases to
>>> automated agents is becoming increasingly common, so it seems like a
>>> useful area to explore.
> 
> I agree the need a read-only sessions is going to get more urgent with
> MCP.  Why doesn't the community code have a read-only session option
> that can't be changed?

The pg_readonly project aims to answer this question: if it is easy and 
cheap to implement as an extension, why do we need to touch the core?

-- 
regards, Andrei Lepikhov,
pgEdge