How to Set Up a Postgres MCP Server With OpenAI Codex
I was elbow-deep in a performance investigation when I wanted to know which queries were hitting the database hardest. Opening a psql session, running pg_stat_statements, copying the results, formatting them manually -- it was going to eat twenty minutes I didn't have. I was already in Codex. I just asked it. Thirty seconds later I had a ranked list.
This post walks through how to wire Codex up to your Postgres database through QueryBear so you can do the same thing.
Part of the Postgres MCP Server guide.
What you'll need
- A Postgres database (a read replica is strongly recommended)
- A QueryBear account (free to start)
- OpenAI Codex CLI installed (
npm install -g @openai/codexor the platform installer)
Why route through a gateway
Giving Codex your raw DATABASE_URL means the agent has the same blast radius as your database user. A gateway like QueryBear sits in between: it parses every query before it runs, checks tables against an allowlist, strips blocked columns, enforces row limits, and logs everything. The agent never sees your credentials. Read the Postgres MCP Server guide for the full breakdown.
Connect QueryBear to your Postgres database
- Open the QueryBear dashboard and click "New connection."
- Pick Postgres, paste your connection URL (point this at a read replica if you have one, with a role that has
SELECTonly). - Under "Allowed tables," pick the tables the agent should see. Under "Blocked columns," add anything sensitive:
password_hash,totp_secret, anything you don't want appearing in terminal output. - Save. QueryBear will test the connection.
Install the QueryBear MCP server in Codex
Open ~/.codex/config.toml in any editor and add:
[mcp_servers.querybear]
url = "https://mcp.querybear.com/mcp"That's the entire config. Codex picks it up on the next run -- no restart needed. You can also scope it to a single project by putting a .codex/config.toml file in your project root instead.
Ask your first question
I asked Codex: "List the slowest queries running on the database right now."
Codex called get_schema on QueryBear, saw pg_stat_statements in the allowed tables, and generated this:
SELECT query, mean_exec_time
FROM pg_stat_statements
ORDER BY mean_exec_time DESC
LIMIT 10;QueryBear ran it and returned the top 10 slowest queries by average execution time, ranked in milliseconds. I had my answer without leaving the terminal.
One thing worth knowing: pg_stat_statements is a Postgres extension that has to be enabled on your instance. If it's not, QueryBear will surface a readable error saying the table isn't on the allowlist. In that case, allowlist pg_stat_activity instead and ask the same question -- you'll get currently-running queries rather than historical averages, which is often enough.
A Codex-specific tip
Pass --resume when you start Codex to reuse the last session context:
codex --resumeThis keeps the MCP connection warm and carries forward anything Codex already learned about your schema. If you're doing a longer investigation -- following up a slow query, digging into a specific table -- --resume means you don't repeat the schema discovery step every time you open a new terminal.
Codex also runs in sandboxed mode by default, so filesystem writes are isolated. If Codex hits a MCP error (say, a table isn't on the allowlist), it surfaces the message in plain text in the terminal rather than silently failing.