A data circuit breaker for AI agents
querying PostgreSQL

A query can be valid and read-only while the full agent session still becomes unsafe. ValkDB limits cumulative access by session, not just individual queries.

Run ValkDB locally against synthetic Postgres data. No production database required. No external connection string required. No hosted ValkDB required. No cloud trust required.

Download local preview Read the trust model
valkdb — session overview
agent_id analytics-agent-v2
session_id sess-7f3a9b2c
task_id daily-report-2026-05-05
status ⚠ warning (84%)
rows 420 / 500 (80 remaining)
queries 7 / 10 (3 remaining)
tables_touched users, orders
columns_touched users.email, users.name, orders.total
last_decision allowed
audit_mode hash_only — raw SQL not stored

Per-query controls were built for humans.
Agents behave like processes.

A human asks one query. An agent keeps asking. Each query may pass RLS, read-only access, and validation. The session can still consume more data than intended.

1 SELECT name, email FROM users LIMIT 100 OFFSET 0 ✓ valid
2 SELECT name, email FROM users LIMIT 100 OFFSET 100 ✓ valid
3 SELECT name, email FROM users LIMIT 100 OFFSET 200 ✓ valid
repeated valid queries can walk through large parts of a table over time

Each query is valid. The behavior is the problem.

Keep your existing controls.
Add session budgets.

ValkDB complements your existing stack. It does not replace it.

RLS
Controls what rows can be seen
Read replica
Prevents writes
Allowlist
Controls query shape
API gateway
Controls tool and API calls
Token budget
Controls LLM cost
ValkDB
Controls cumulative database consumption over time

Use RLS. Use read replicas. Then add a session budget.

Agent identity → session budget →
circuit breaker → audit evidence

The complete control loop for agent database access.

Agent and session identity

Track which agent, session, and task is querying. Budget scoped to logical identity, not database connection.

Row and query budgets

Cumulative row limits and query counts per time window. Warning at 80%. Blocked at limit. Budgets are enforced across the session, not just per request.

Tables and columns touched

AST-level tracking of every table and column accessed, including through aliases, CTEs, and subqueries.

Warning and exhausted states

Active → Warning (≥80%) → Exhausted. Clear status at every point. No ambiguity about where the session stands.

Circuit breaker

Further queries from the exhausted session are blocked until the budget window resets. No ambiguity. Hard enforcement.

Hash-only audit logs

Query hashes and decision metadata. No raw SQL stored in production. No query results stored. Traceability without exposure.

Know what the agent touched before deciding
whether it should continue

Monitoring tells you what the agent did. ValkDB lets you decide when it must stop.

agent_idanalytics-agent-v2
session_idsess-7f3a9b2c
task_iddaily-report
rows_returned420
rows_budget_used420 / 500
query_count_used7 / 10
tables_touchedusers, orders
columns_touchedusers.email, orders.total
decisionallowed (warning)
query_hashsha256:a1b2c3d4...
block_reason
log_modehash_only

Built for sensitive data workflows

ValkDB does not store query results. In production hash-only mode, raw SQL is not stored by default; audit logs store query hashes and decision metadata.

No query result storage
Hash-only audit logs
#
Query hash always present
Decision metadata recorded
Agent/session traceability
Postgres-focused

ValkDB should be used alongside scoped DB credentials, RLS, read replicas, and least-privilege access.

Valid query. Valid query. Valid query.
Blocked session.

Watch an agent consume its budget until blocked.

1 Agent runs valid query ✓ allowed — 50 rows
2–8 Budget accumulates across queries ✓ allowed — 400/500 rows
9 Warning threshold reached (≥80%) ⚠ warning — 450/500 rows
10 Budget exhausted ✗ exhausted — 500/500 rows
11 Next valid query is blocked ✗ BUDGET_EXHAUSTED

ValkDB blocked the session because the agent kept asking.

Audit log records: query_hash + decision + block_reason + budget state. No raw SQL.

Local preview

Run ValkDB locally against synthetic Postgres data. No production database required. No external connection string required. No hosted ValkDB required.

What you run, in order: 

curl -O https://valkdb.dev/downloads/valkdb-local-preview.tar.gz
tar -xzf valkdb-local-preview.tar.gz
cd valkdb-local-preview-*

cp local.env.example .env.local
docker compose -f docker-compose.local.yml up -d
bash scripts/init_local_preview.sh
SUPERSONIC_API_KEY=<printed-by-init> bash scripts/local_smoke.sh

What the local smoke prints when the breaker fires: 

[SMOKE] query accepted
[SMOKE] budget incremented
[SMOKE] budget exhausted
[SMOKE] session blocked
[SMOKE] OK

The body of the blocked query: 

{
  "ok": false,
  "error": {
    "code": "BUDGET_EXHAUSTED",
    "reason": "session_query_limit_exceeded",
    "action": "session_blocked",
    "agent_id": "demo-agent",
    "session_id": "demo-session",
    "queries": { "used": 10, "limit": 10,   "remaining": 0   },
    "rows":    { "used": 50, "limit": 1000, "remaining": 950 },
    "retryable": false
  }
}
Download local preview Read the trust model Give technical feedback

Run it locally before you trust it
with anything real

Download local preview Read the trust model Give technical feedback