A Postgres MCP server is easy to demo.
The dangerous part is that demos often skip the boring questions:
- Which database role is the model using?
- Is it physically read-only?
- Which schema is exposed?
- Are tenant/workspace boundaries enforced?
- Are row limits and timeouts set?
- Can expensive queries fail closed?
- Are answers traceable back to a query and timestamp?
- Can you prove what data the model did and did not see?
The install command is not the production plan.
For database-facing MCP, the real work is the access boundary.
Longer version: MCP server for Postgres: production checklist
Useful AI database access should feel boring, scoped, and auditable.
Top comments (0)