pg_sage
mcp
Fail
Health Warn
- License — License: AGPL-3.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 9 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in .claude/settings.json
- rm -rf — Recursive force deletion command in .github/workflows/traffic-snapshot.yml
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This is an Agentic PostgreSQL Database Administrator that monitors, analyzes, and optimizes PostgreSQL 14+ databases. It connects directly to your database to run diagnostic checks and optionally uses an LLM to apply automated fixes and tuning recommendations.
Security Assessment
Overall risk: High. This tool is designed to connect directly to your database and execute autonomous SQL actions, which inherently involves processing highly sensitive data. While no hardcoded secrets or dangerous permissions were detected, the tool features a "trust-ramped executor" that can eventually make unsupervised changes to database configurations and indexes. Additionally, the automated scan flagged recursive force deletion commands (`rm -rf`) present in the Claude settings and a GitHub workflow file. While these deletion commands might simply be used for cleaning up local directories during testing, they constitute a potential supply chain risk and warrant manual code review before deployment.
Quality Assessment
The project is extremely new and lacks broad community validation, evidenced by a very low star count. However, it is an actively maintained project with a push committed just today. It is properly licensed under AGPL-3.0, meaning you must be cautious about copyleft obligations if you intend to modify and distribute the tool. Overall community trust is currently low due to the early stage of the repository.
Verdict
Use with caution — ensure you manually review the flagged `rm -rf` commands, strictly limit the database user permissions granted to the agent, and keep the trust ramp strictly in observation mode.
This is an Agentic PostgreSQL Database Administrator that monitors, analyzes, and optimizes PostgreSQL 14+ databases. It connects directly to your database to run diagnostic checks and optionally uses an LLM to apply automated fixes and tuning recommendations.
Security Assessment
Overall risk: High. This tool is designed to connect directly to your database and execute autonomous SQL actions, which inherently involves processing highly sensitive data. While no hardcoded secrets or dangerous permissions were detected, the tool features a "trust-ramped executor" that can eventually make unsupervised changes to database configurations and indexes. Additionally, the automated scan flagged recursive force deletion commands (`rm -rf`) present in the Claude settings and a GitHub workflow file. While these deletion commands might simply be used for cleaning up local directories during testing, they constitute a potential supply chain risk and warrant manual code review before deployment.
Quality Assessment
The project is extremely new and lacks broad community validation, evidenced by a very low star count. However, it is an actively maintained project with a push committed just today. It is properly licensed under AGPL-3.0, meaning you must be cautious about copyleft obligations if you intend to modify and distribute the tool. Overall community trust is currently low due to the early stage of the repository.
Verdict
Use with caution — ensure you manually review the flagged `rm -rf` commands, strictly limit the database user permissions granted to the agent, and keep the trust ramp strictly in observation mode.
An Agentic PostgreSQL DBA— monitors, analyzes, and optimizes any PostgreSQL 14-18 database with LLM-powered actions
README.md
pg_sage
Agentic Postgres DBA. No extension required.
What It Does
pg_sage runs as a single Go binary alongside your PostgreSQL instance. It connects over the standard wire protocol, collects performance data from catalog views and pg_stat_statements, runs 20+ diagnostic rules, and optionally uses an LLM for deeper analysis. A trust-ramped executor applies fixes automatically -- starting in observation mode and graduating to autonomous actions only after a configurable burn-in period. Works on Cloud SQL, AlloyDB, Aurora, RDS, and self-managed Postgres.
Quick Start
# Binary (Linux amd64)
curl -fsSL https://github.com/jasonmassie01/pg_sage/releases/latest/download/pg_sage_linux_amd64.tar.gz | tar xz
./pg_sage --pg-url "postgres://sage_agent:pw@localhost:5432/mydb"
# Docker
docker run -e SAGE_DATABASE_URL="postgres://sage_agent:pw@host:5432/mydb" \
-p 8080:8080 -p 9187:9187 ghcr.io/jasonmassie01/pg_sage:latest
Dashboard at http://localhost:8080 -- API and Prometheus metrics at :8080/api/v1/ and :9187/metrics.
Features
| Area | What You Get |
|---|---|
| Rules Engine | 20+ deterministic checks: duplicate/unused/missing indexes, slow queries, regressions, seq scans, vacuum & bloat, dead tuples, sequence exhaustion, replication lag, security audit, config drift |
| Index Optimizer | LLM-powered recommendations validated through 8 checks + HypoPG cost estimation, confidence scored 0.0--1.0 |
| Config Advisors | 6 LLM advisors: vacuum tuning, WAL/checkpoint, connections, memory, query rewrite, bloat remediation |
| Health Briefings | Periodic LLM-generated summaries of database state; interactive diagnose via ReAct loop |
| Trust-Ramped Executor | Observation (day 0--7) -> Advisory (day 8--30) -> Autonomous (day 31+). HIGH-risk actions always require confirmation. Full rollback SQL logged. Emergency stop endpoint. |
| Fleet Mode | Monitor N databases from one binary with per-database trust levels, token budgets, and health scores |
| Per-Query Tuner | EXPLAIN plan analysis with pg_hint_plan directives for disk sorts, hash spills, bad joins, missed index scans |
| Workload Forecaster | Predicts disk growth, connection saturation, cache pressure, sequence exhaustion, query volume spikes, checkpoint pressure |
| Alerting | Slack, PagerDuty, and webhook channels with per-severity routing, cooldown, and quiet hours |
| Dashboard & API | React SPA + 49 REST endpoints embedded in the binary -- nothing extra to deploy |
| Prometheus | Standard /metrics endpoint with findings, collector, LLM, executor, and database size gauges |
Documentation
See the docs/ directory for guides and reference:
- Installation -- database user setup, binary and Docker deployment
- Configuration -- YAML, environment variables, hot reload
- Architecture -- component design, goroutine model, data flow
- Deployment -- production hardening, resource sizing
- Security -- permissions model, network, secrets management
- SQL Reference -- schema tables and diagnostic queries
- Findings Reference -- every rule, severity, and remediation
- Walkthroughs: Linux | Windows | Fleet
Building from Source
Requires Go 1.24+ and Node.js 20+. See docs/installation.md for details.
cd sidecar
cd web && npm ci && npm run build && cd ..
go build -o pg_sage ./cmd/pg_sage_sidecar/
License
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found