The Agentic
Data Firewall
One switch between your agents
and a breached database.
Same agent. Same attacks. Flip FaultWall on and every rogue query dies at the wall in under 1ms, before it touches Postgres.
Your AI agents can run any query against your database. FaultWall sits inline and blocks the dangerous ones before they reach Postgres — no LLM, no guesswork, under 1ms. One Go binary.
Start in log-only mode — switch to blocking when you trust it.
Works in front of self-hosted, RDS, Aurora, or Neon. No driver changes, no schema changes.
Security + reliability
in one binary
Inline proxy that blocks rogue queries before they execute. No instrumentation required.
Agent Firewall
An inline L7 proxy that sits between your agents and PostgreSQL. Mission-scoped policies define what each agent can do in YAML — tables, operations, row limits. Everything else is blocked before it reaches the database.
mission: summarize-feedback
allow_tables: [feedback, reviews]
block_ops: [DROP, DELETE, TRUNCATE]
Agent Identity
Agents identify via PostgreSQL's application_name: agent:cursor-ai:mission:summarize. FaultWall knows WHO is running WHAT.
Real-Time Enforcement
Queries are parsed and blocked BEFORE reaching PostgreSQL. DROP TABLE? Never executes. SELECT on a table outside scope? Rejected at the proxy.
Both Query Protocols
Intercepts Simple Query and Extended Query Protocol. Works with psql, psycopg2, pgx, SQLAlchemy, JDBC — every PostgreSQL client.
Anomaly Detection
Statistical learning builds per-agent baselines. Z-score analysis flags deviations. No LLM, no API keys — runs locally.
AI-Native (MCP)
10-tool MCP server lets agents check their own policies, view violations, and manage themselves autonomously.
Works with every
managed Postgres
Validated against the stack your team actually runs. Drop-in, wire-level, no driver changes.
Four steps to
agentic protection
Write your policy
Define what each agent can do in policies.yaml — allowed tables, blocked operations, row limits, query timeouts. Per agent, per mission.
Run FaultWall proxy
Single command to start:
./faultwall --proxy --listen :5433 --upstream localhost:5432 --policies ./policies.yaml
Point agents at port 5433
Set application_name in the connection string. FaultWall parses the identity automatically.
postgres://...?application_name=agent:cursor-ai:mission:summarize
Queries are checked in real-time
Every query is parsed and checked against the agent's policy. Allowed queries pass through. Violations are blocked — the database never sees them.
Inline proxy —
nothing gets past
FaultWall sits between your agents and PostgreSQL, parsing every query in real-time.
AI Agent
Connects to :5433
FaultWall Proxy
Parses SQL · Checks Policy
Port 5433
PostgreSQL
Only allowed queries
Port 5432
Watch it block a
rogue query, live
Same agent, same credentials. A read it's allowed to do passes through. A DROP TABLE it should never run gets stopped at the proxy — Postgres never sees it.
Two modes for every stage
Proxy Mode
Inline L7 proxy between agents and PostgreSQL. Every query is parsed and checked against the agent's policy. Violations are blocked before they reach the database.
Monitor Mode
For visibility without being in the data path. Polls pg_stat_activity to log agent queries and detect violations. Start here to learn your traffic patterns.
🧬 Self-Tuning Detection
Anomaly detection starts in observe-only mode and builds per-agent baselines from your real traffic before it ever flags anything. A genetic search tunes sensitivity thresholds and window sizes against your workload, so detection adapts to how your agents actually behave instead of a fixed global rule. You stay in control of when it moves from observe to enforce.
Enterprise: Kernel-Level Attribution
Need deeper visibility? Our eBPF engine hooks into the Linux kernel's scheduler and block I/O subsystem. Every CPU nanosecond and disk byte attributed to the exact PostgreSQL PID — mapped back to the agent in real-time.
Available for teams running self-hosted PostgreSQL on Linux 5.8+ with PostgreSQL 14–16.
Contact Us →shreyas@faultwall.com
Free to self-host.
$200/mo when you want it managed.
Self-host everything for free, forever — MIT licensed. Upgrade to the hosted control plane for telemetry, risk scoring, and a managed review queue.
Self-host the full firewall. MIT licensed — yours forever.
- Inline L7 proxy & deterministic SQL parsing
- Mission-scoped YAML policies (tables, ops, row limits)
- Agent identity & real-time enforcement
- Anomaly detection & MCP server
- All open-source features — no feature gates
Everything in Open Source, plus the hosted control plane.
- Hosted control plane — nothing to operate
- Telemetry dashboard (metadata only — queries stay yours)
- QWM risk scoring across your workload
- APA review queue + auto-approve policies
- Installations dashboard
- Email support
Sign up free — upgrade to Team anytime from your dashboard.
Your AI agent has database credentials.
FaultWall shows you what it does — and stops what it shouldn't.
Sign up free, connect your Postgres, and see every agent query in minutes. Open source & MIT licensed — self-host or use the hosted control plane.
Get Started — it's free →