Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.causeflow.ai/llms.txt

Use this file to discover all available pages before exploring further.

Database access allows the DB Analyst agent to query your databases during incident investigation. This is often the difference between identifying a slow query or data anomaly as the root cause versus concluding the investigation without a definitive answer.
CauseFlow never modifies your database data. All access is enforced as read-only at the driver level — READ ONLY transactions for PostgreSQL and blocked write operations for MongoDB.

Supported databases

DatabaseConnection method
PostgreSQLCauseFlow Relay (recommended)
MongoDBCauseFlow Relay (recommended)
Databases inside private networks (VPCs, private subnets, behind firewalls) are supported through the Relay — no inbound firewall rules or public database exposure required.

How it works: CauseFlow Relay

The Relay is a lightweight Docker agent you deploy inside your own private network. It is the recommended and only supported approach for connecting PostgreSQL and MongoDB. Why use the Relay:
  • Your database never needs to be exposed to the internet
  • No inbound firewall rules required — the Relay opens a single outbound WebSocket connection to CauseFlow
  • PII is masked inside your network before results are returned to CauseFlow
  • A policy engine controls exactly which tables, schemas, and operations are permitted
The Relay agent runs alongside your database, intercepts agent queries, enforces your policy rules, masks sensitive fields, and forwards only safe results to the investigation engine.

Read-only enforcement

CauseFlow enforces read-only access at multiple layers:
LayerEnforcement
PostgreSQL via RelaySET TRANSACTION READ ONLY on every connection
MongoDB via RelayOnly find and aggregation operations permitted; write operations blocked by the Relay policy engine
These restrictions are enforced by the Relay independently of CauseFlow’s application logic. Even if an agent were to generate a write query, the Relay would reject it before it reached your database.

DB Analyst agent activation

The DB Analyst agent activates automatically when a CauseFlow Relay connection is detected. No manual agent configuration is needed — as soon as the Relay connects, the DB Analyst joins investigations involving services linked to those databases.

Getting started

Relay deployment takes approximately 10 minutes and requires Docker.

Deploy CauseFlow Relay

Set up the privacy-preserving Relay for PostgreSQL and MongoDB in your private network.

Relay architecture

Understand how the Relay communicates with CauseFlow and handles PII masking.

Policy engine

Configure which tables, schemas, and operations the DB Analyst can access.

PII masking

Learn how the Relay masks sensitive fields before results leave your network.

Integrations overview

See the full catalog of available integrations.

Security overview

Learn how CauseFlow protects data in transit and at rest.