Requirements
- PostgreSQL 12+ (the trigger syntax used for append-only enforcement works on PostgreSQL 12 and later)
- Vane connects via the
pgnpm package usingDATABASE_URL
Connection string format
DATABASE_URL in your environment:
Schema
Vane creates all tables automatically on startup viaCREATE TABLE IF NOT EXISTS. No manual migration is needed. The tables are:
companies
keys
api_keys
agents
records
records table has append-only enforcement via PostgreSQL triggers installed at startup:
revoked_passports
oauth_clients
oauth_tokens
Creating the database user
For production, create a dedicated PostgreSQL user with minimal privileges:UPDATE or DROP on the records table. Restricting these at the PostgreSQL level adds defense-in-depth.
SSL connections
For managed PostgreSQL providers, require SSL:pg package respects the sslmode query parameter.
Connection pooling
TheStore class creates one pg.Pool at startup. The pool defaults to 10 connections. For high-traffic deployments, consider PgBouncer or your provider’s connection pooler (e.g., Supabase’s Transaction mode pooler).