Databases Were Not Designed for This
a day ago
- #Defensive Design
- #Agentic AI
- #Database Architecture
- Traditional database architectures assumed deterministic, human-reviewed queries, but agentic AI systems violate these assumptions by generating unpredictable queries and writing autonomously.
- Key failing assumptions include: deterministic callers (agents generate varied queries), intentional writes (agents write without human review), brief connections (agents hold connections longer), loud failures (agents may not detect query errors), and schema as a developer contract (schemas must be legible to agents).
- Defensive strategies include: setting statement timeouts and idle transaction timeouts, implementing soft deletes and append-only event logs with idempotency keys, using dedicated connection pools with PgBouncer in transaction mode, tagging queries with agent context for observability, designing schemas for agent legibility via views and comments, and enforcing role-based access control to limit blast radius.
- These patterns—soft deletes, append-only logs, idempotency keys, least-privilege roles, and query tagging—transition from best practices to essential infrastructure for safe agent operations, leveraging existing database tooling.
- Overall, databases must be redesigned defensively, assuming agents may be wrong, retry, or lack oversight, to ensure reliability and auditability in AI-driven systems.