EDB Agent Governance is a standalone application that audits and governs how AI agents interact with your Postgres data — reconstructing agent sessions, inspecting every SQL statement an agent ran, and presenting the full audit trail. It works with several upstream log sources; Hybrid Manager (HM) is one of them.
This page covers the HM-specific integration only. For how to use the application itself — connecting data sources, reading the sessions list, inspecting session detail, and deploying it — see the EDB Agent Governance documentation.
What HM provides
When you point EDB Agent Governance at an HM instance, HM supplies the pieces the application needs to discover and read AI agent activity:
- Project and cluster discovery — the application auto-discovers the projects and Postgres clusters in your HM dataplane, so they appear as audit targets without manual configuration.
- Log access through HM's Loki pipeline — HM already collects Postgres logs into Loki as part of monitoring. The application queries that same pipeline to retrieve the query logs AI agents generate.
- Machine user API key authentication — the application authenticates to HM with a machine user API key, so it reads only what that key is authorized to read.
Prerequisites
For an HM-managed cluster's AI agent activity to appear in EDB Agent Governance:
- The cluster has Postgres statement logging enabled (
log_statement = 'all'orlog_min_duration_statement = 0). - AI agent workloads run through the Airman Model Context Protocol (MCP) server with tracing enabled, so each query is tagged and attributable to a session.
- You have a machine user API key for the HM instance. Create it in the HM admin portal.
Connecting to HM
In EDB Agent Governance, add an instance of type HM, supplying the HM base URL and the machine user API key. The application then discovers your projects and clusters and begins syncing session data. For the full procedure, see Connecting data sources.
Learn more
- EDB Agent Governance — full product documentation.
- Connecting data sources — registering an HM instance.
- Securing access and handling credentials — authentication and credential handling.
- Monitoring — HM's Loki logging pipeline that the application reads from.