Open source · Inline proxy for PostgreSQL

The Agentic
Data Firewall

Live demo · flip the switch

One switch between your agents
and a breached database.

Same agent. Same attacks. Flip FaultWall on and every rogue query dies at the wall in under 1ms, before it touches Postgres.

FaultWall: OFF
← flip me
agent · cursor-ai · mission:support
FaultWall
postgres · production
users tableintact
payments exposed0 rows exposed
unauthorized writes0
⚠ EXPOSED
Toggle replays the exact same query stream — only the verdicts change.

Your AI agents can run any query against your database. FaultWall sits inline and blocks the dangerous ones before they reach Postgres — no LLM, no guesswork, under 1ms. One Go binary.

Start in log-only mode — switch to blocking when you trust it.

Works in front of self-hosted, RDS, Aurora, or Neon. No driver changes, no schema changes.

Every
Rogue query blocked before it runs
+0.14ms
Added per query — your DB won't feel it
0
Changes to your agents or schema
5 min
From install to first blocked query

Security + reliability
in one binary

Inline proxy that blocks rogue queries before they execute. No instrumentation required.

🔑

Agent Identity

Agents identify via PostgreSQL's application_name: agent:cursor-ai:mission:summarize. FaultWall knows WHO is running WHAT.

Real-Time Enforcement

Queries are parsed and blocked BEFORE reaching PostgreSQL. DROP TABLE? Never executes. SELECT on a table outside scope? Rejected at the proxy.

🔌

Both Query Protocols

Intercepts Simple Query and Extended Query Protocol. Works with psql, psycopg2, pgx, SQLAlchemy, JDBC — every PostgreSQL client.

🧠

Anomaly Detection

Statistical learning builds per-agent baselines. Z-score analysis flags deviations. No LLM, no API keys — runs locally.

🤖

AI-Native (MCP)

10-tool MCP server lets agents check their own policies, view violations, and manage themselves autonomously.

FaultWall proxy-mode dashboard — 6 agents, query log, recent blocks, and violations per agent

Works with every
managed Postgres

Validated against the stack your team actually runs. Drop-in, wire-level, no driver changes.

🟢
Self-hosted Postgres
12+
🟢
AWS RDS
Postgres 16
🟢
AWS Aurora
Postgres 16.8
🟢
Neon
Serverless PG 17
🟢
PgBouncer
tx + session
🟡
Supabase
pooler — workaround
🟢
Cloud SQL · CrunchyBridge · DO MPG
Expected¹

Four steps to
agentic protection

1

Write your policy

Define what each agent can do in policies.yaml — allowed tables, blocked operations, row limits, query timeouts. Per agent, per mission.

2

Run FaultWall proxy

Single command to start:

./faultwall --proxy --listen :5433 --upstream localhost:5432 --policies ./policies.yaml
3

Point agents at port 5433

Set application_name in the connection string. FaultWall parses the identity automatically.

postgres://...?application_name=agent:cursor-ai:mission:summarize
4

Queries are checked in real-time

Every query is parsed and checked against the agent's policy. Allowed queries pass through. Violations are blocked — the database never sees them.

Inline proxy —
nothing gets past

FaultWall sits between your agents and PostgreSQL, parsing every query in real-time.

🤖

AI Agent

Connects to :5433

🛡️

FaultWall Proxy

Parses SQL · Checks Policy
Port 5433

🐘

PostgreSQL

Only allowed queries
Port 5432

Watch it block a
rogue query, live

Same agent, same credentials. A read it's allowed to do passes through. A DROP TABLE it should never run gets stopped at the proxy — Postgres never sees it.

faultwall — live query log
🔌 New connection agent=cursor-ai/summarize-feedback
🟢 ALLOWED agent=cursor-ai/summarize-feedback SELECT * FROM feedback LIMIT 100;
🔴 BLOCKED agent=cursor-ai/summarize-feedback   reason=blocked_operation DROP TABLE users;

Two modes for every stage

🛡️

Proxy Mode

Primary · Recommended

Inline L7 proxy between agents and PostgreSQL. Every query is parsed and checked against the agent's policy. Violations are blocked before they reach the database.

Blocks before execution
Sub-millisecond latency
Works with RDS/Aurora
📊

Monitor Mode

Visibility · Non-intrusive

For visibility without being in the data path. Polls pg_stat_activity to log agent queries and detect violations. Start here to learn your traffic patterns.

No schema changes
Zero overhead
Log-only mode

🧬 Self-Tuning Detection

Anomaly detection starts in observe-only mode and builds per-agent baselines from your real traffic before it ever flags anything. A genetic search tunes sensitivity thresholds and window sizes against your workload, so detection adapts to how your agents actually behave instead of a fixed global rule. You stay in control of when it moves from observe to enforce.

Observe
Learn baselines first
you decide
Enforce
Flag & block on deviation

Enterprise: Kernel-Level Attribution

Need deeper visibility? Our eBPF engine hooks into the Linux kernel's scheduler and block I/O subsystem. Every CPU nanosecond and disk byte attributed to the exact PostgreSQL PID — mapped back to the agent in real-time.

Available for teams running self-hosted PostgreSQL on Linux 5.8+ with PostgreSQL 14–16.

Contact Us →

shreyas@faultwall.com

Free to self-host.
$200/mo when you want it managed.

Self-host everything for free, forever — MIT licensed. Upgrade to the hosted control plane for telemetry, risk scoring, and a managed review queue.

Open Source
$0

Self-host the full firewall. MIT licensed — yours forever.

  • Inline L7 proxy & deterministic SQL parsing
  • Mission-scoped YAML policies (tables, ops, row limits)
  • Agent identity & real-time enforcement
  • Anomaly detection & MCP server
  • All open-source features — no feature gates
View on GitHub

Sign up free — upgrade to Team anytime from your dashboard.

Your AI agent has database credentials.
FaultWall shows you what it does — and stops what it shouldn't.

Sign up free, connect your Postgres, and see every agent query in minutes. Open source & MIT licensed — self-host or use the hosted control plane.

Get Started — it's free →
or use the hosted control plane →