Postgres Template Databases vs Task Sandboxes
Compare native Postgres template databases with task-scoped sandboxes for repeatable agent QA, seeded fixtures, migration checks, and cleanup.
A Postgres template database is a source database copied by CREATE DATABASE ... TEMPLATE .... A task sandbox is a short-lived database and role created for one unit of work. Use a native Postgres template when trusted database operators need fast local copies of a static state. Use task sandboxes when coding agents need scoped credentials, bounded proof, TTL metadata, and cleanup.
The distinction matters because “template” can mean two different things in agent workflows.
PostgreSQL has a native template mechanism. The CREATE DATABASE docs say a new database can be created by copying an existing template database, and the default template is template1 (https://www.postgresql.org/docs/current/sql-createdatabase.html). PostgreSQL also ships template0, a clean template intended for restoring dumps or creating databases with different locale and encoding settings (https://www.postgresql.org/docs/current/manage-ag-templatedbs.html).
PGSandbox has a different template layer. Its template tools create local pg_dump artifacts from PGSandbox-owned sandboxes, store JSON metadata, and restore those artifacts into fresh tracked sandboxes. The MCP tool docs describe create_template_from_sandbox, create_sandbox_from_template, list_templates, and delete_template as local artifact workflows, not native Postgres copy-on-write forks.
The information-gain point is this: for coding agents, the useful unit is not “a copyable database.” It is “a reusable starting state that still restores into a new database, new role, TTL, proof record, and cleanup path.”
Template database vs task sandbox: the short answer
Postgres template databases and task sandboxes solve adjacent but different problems.
| Need | Better fit | Why |
|---|---|---|
| Create a fast copy of a trusted static database inside one Postgres server | Native Postgres template database | CREATE DATABASE ... TEMPLATE ... copies an existing database at creation time. |
| Give a coding agent a safe place to test SQL or migrations | Task sandbox | The agent gets one database, one scoped role, bounded outputs, and cleanup metadata. |
| Reuse a seeded state across many local agent tasks | PGSandbox local template artifact | A seed sandbox can become a local dump artifact, then restore into fresh task sandboxes. |
| Copy from an external source database | Clone workflow | PGSandbox uses pg_dump and pg_restore into a newly tracked sandbox. |
| Keep production data out of prompts and PR notes | Task sandbox with data policy | The workflow can use schema-only clones, small fixtures, masked data, or approved local templates. |
Native Postgres templates are database-administration primitives. PGSandbox task sandboxes are agent-workflow primitives.
That does not make the native feature bad. It means the safety boundary is different. A native template optimizes database creation. A task sandbox optimizes who gets access, what they can run, how much output comes back, and what happens when the task ends.
What Postgres template databases are good at
A Postgres template database is good when the source state is trusted, stable, and managed by someone who understands the database server.
The official template database docs explain that template1 is copied when creating a new database by default, and that objects added to template1 appear in later databases created from it (https://www.postgresql.org/docs/current/manage-ag-templatedbs.html). That can be useful for local conventions such as extensions, helper functions, or known baseline objects that every database should start with.
PostgreSQL also exposes two important catalog controls: datistemplate and datallowconn. The docs describe datistemplate as marking whether a database may be used as a template by users with CREATEDB, and datallowconn as controlling whether new connections are allowed (https://www.postgresql.org/docs/current/manage-ag-templatedbs.html). Those controls are useful, but they are administrator controls, not agent proof controls.
The native template path fits cases like:
- A local developer wants every new database to include a trusted extension.
- A database operator maintains a golden local baseline.
- A test harness creates many databases from a known static state on one server.
- The copying role is trusted with database creation authority.
In those cases, a template database can be a clean Postgres-native answer. It is simple, close to the server, and does not require a separate artifact store.
Where native templates get awkward for agent work
Native Postgres templates become awkward when the workflow owner is a coding agent instead of a database operator.
The first issue is authority. PostgreSQL says creating a database requires superuser or CREATEDB privilege (https://www.postgresql.org/docs/current/sql-createdatabase.html). If an agent can freely create databases from arbitrary templates, it has lifecycle authority. That may be acceptable inside a tightly controlled local harness, but it should not be the same credential the agent uses for task SQL.
The second issue is source control. A template database is live server state. If someone changes it, later databases inherit the change. That can be useful for a managed baseline, but it can make agent proof harder to reproduce unless the workflow also records which template state was used.
The third issue is connection pressure. PostgreSQL’s CREATE DATABASE docs state that the source database cannot have active connections while it is being copied, unless the strategy is WAL_LOG (https://www.postgresql.org/docs/current/sql-createdatabase.html). That matters when a “template” is not a sealed baseline but a database people or agents might still be touching.
The fourth issue is cleanup. PostgreSQL DROP DATABASE removes the database, but it cannot be run while connected to the target database (https://www.postgresql.org/docs/current/sql-dropdatabase.html). Native Postgres gives you the primitive. It does not, by itself, give an agent workflow a metadata-backed cleanup policy, owner labels, TTLs, or a refusal to delete untracked resources.
For human DBAs, those are normal operational concerns. For coding agents, they are exactly where the workflow needs guardrails.
What a task sandbox adds
A task sandbox adds a workflow boundary around the database primitive.
PGSandbox creates one database and one scoped login role for a task. The architecture docs describe the resource model: database id, profile name, database name, role name, encrypted role password, owner, purpose, labels, created timestamp, expiry timestamp, and deleted timestamp.
That metadata matters because agent work gets interrupted. A human can close a terminal and remember what happened. An MCP client may crash, lose context, or open a PR before cleanup. A sandbox with TTL metadata is easier to inspect and clean up later than a manually named database.
The role boundary matters too. PGSandbox uses the admin connection for lifecycle operations, then runs task SQL through the generated sandbox role. That keeps the dangerous authority in the server workflow instead of handing it to the model as a general-purpose connection string.
For a coding agent, the useful proof record is:
- Which sandbox database was created.
- Which scoped role executed the task SQL or migration command.
- Which source state was loaded.
- What bounded command or SQL output came back.
- What schema changed.
- Whether cleanup succeeded or TTL cleanup remains.
That is the same proof loop described in the Postgres test database guide and the database migration testing workflow. The task sandbox is not just a database. It is a database plus enough metadata for a reviewer to trust the work.
How PGSandbox local templates differ from native templates
PGSandbox local templates are deliberately not native Postgres template databases.
The architecture notes define local templates as pg_dump artifacts plus JSON metadata under PGSandbox’s managed state directory. A template can only be created from a live PGSandbox-owned sandbox found in metadata. Restoring a template creates a fresh tracked sandbox with its own role, TTL, owner, and labels.
That shape is slower than a direct native template copy in some cases, but it gives the agent workflow a cleaner boundary:
- The template source has to be a tracked PGSandbox sandbox.
- The artifact has metadata: source sandbox id, owner, Postgres version, size estimate, notes, and a privacy warning.
- The restored database is still a new sandbox with its own role and expiry.
- If restore fails, PGSandbox attempts to delete the newly created sandbox.
The implementation uses the same conservative dump/restore posture as cloning. In rust-src/postgres.rs, template creation calls pg_dump with custom format plus --no-owner and --no-privileges. Template restore calls pg_restore with --no-owner, --no-privileges, --exit-on-error, and --single-transaction.
Those flags are intentionally boring. The official pg_dump docs describe custom-format archives as flexible archives that can be restored with pg_restore (https://www.postgresql.org/docs/current/app-pgdump.html). The pg_restore docs describe --single-transaction, --exit-on-error, --no-owner, and --no-privileges as restore controls (https://www.postgresql.org/docs/current/app-pgrestore.html). PGSandbox uses them to make a local template artifact easier to restore into a scoped sandbox role.
When to use a native Postgres template database
Use a native Postgres template database when the server-level copy primitive is the main thing you need.
Good cases include:
- You operate the local Postgres server directly.
- The template is static and intentionally maintained.
- The users creating databases are trusted with
CREATEDB. - You want Postgres-native behavior without a separate artifact lifecycle.
- You do not need task-level owner labels, TTLs, proof records, or scoped agent roles.
For example, a platform team might maintain a local template_app_test database that includes common extensions and baseline schemas. A trusted script can create test databases from it quickly. That is a reasonable use of native templates if the team owns the operational rules around updates and cleanup.
The important condition is trust. A native template is not a permission model for an agent. It is a source database for CREATE DATABASE.
When to use a PGSandbox task sandbox
Use a PGSandbox task sandbox when the database exists because an agent needs to prove something.
Good cases include:
- The agent generated a migration and needs a before/after schema diff.
- The agent wrote SQL that should run against realistic Postgres constraints.
- The task needs a seeded bug-reproduction state.
- The reviewer needs a compact proof record in the PR body.
- Cleanup should target only resources the workflow created.
- The agent should not receive the lifecycle admin credential.
For empty work, start with create_database. For source-shaped work, use clone_database or a schema-only clone. For repeated seeded states, create a sandbox, seed it through the repo’s normal command, create a local template artifact, and restore that artifact into a fresh sandbox for each later task.
That is the useful hybrid. You can keep a reusable state without letting the agent treat a live template database as its workspace.
A reusable seeded-state workflow for agents
Here is the practical pattern for repeatable agent QA:
- Create a fresh sandbox with
create_database. - Run migrations and seed commands through the repo’s real workflow.
- Validate the state with bounded
run_sqlchecks. - Create a local template with
create_template_from_sandbox. - For each new task, call
create_sandbox_from_template. - Run the agent’s migration, SQL, or bug reproduction against the new sandbox.
- Capture proof and delete the sandbox.
The MCP tool contract supports that loop directly. Its template-tool section documents the JSON inputs for create_template_from_sandbox and create_sandbox_from_template, including templateName, nameHint, ttlMinutes, and owner fields.
This works best for small to medium local states: a baseline schema, a few fixture accounts, a reproduced bug shape, or a post-migration known-good state. It is not a production-data import workflow. PGSandbox’s template warning is explicit: do not create templates from production or sensitive data unless you have sanitized it.
When the reusable state becomes the baseline for a migration task, pair it with a named schema checkpoint. The Postgres schema snapshots for agent migration reviews guide shows how to restore a known state into a fresh sandbox, capture the before snapshot, run the migration command, and turn the schema diff into review evidence.
Common mistakes
The first mistake is treating a native template database as safe just because it is temporary. If an agent can create databases from a sensitive template, the data boundary is already broken.
The second mistake is using the same powerful connection for lifecycle and task SQL. Use lifecycle authority to create or restore the database. Give the agent a scoped task role for the work.
The third mistake is letting a reusable state become invisible. A template should have a name, source, owner, Postgres version, and notes. Otherwise every “fresh” database may inherit a mystery fixture.
The fourth mistake is optimizing only for copy speed. Fast setup is useful, but reviewer trust comes from the proof: what ran, where it ran, what changed, and how cleanup was handled.
The fifth mistake is forgetting that restore compatibility is real. A dump artifact depends on Postgres versions, extensions, and restore flags. If a template restore fails, the workflow should surface the error and clean up the partial sandbox.
FAQ
Is a Postgres template database the same as a database sandbox?
No. A Postgres template database is a source database copied by CREATE DATABASE ... TEMPLATE. A database sandbox is an isolated working database with a lifecycle boundary. For agent work, a useful sandbox also has a scoped role, metadata, TTL, bounded output, and cleanup.
Should coding agents use native Postgres templates directly?
Usually not as their primary interface. Native templates are useful for trusted scripts and database operators. Coding agents are safer when they ask a narrow tool to create or restore a sandbox, then run task SQL through a scoped role.
Are PGSandbox templates copy-on-write branches?
No. PGSandbox local templates are pg_dump artifacts plus metadata. Restoring one creates a fresh tracked sandbox. The database branching comparison covers the difference between environment-oriented branching and task-oriented sandboxes.
Can I use both native templates and PGSandbox?
Yes, if the responsibility is clear. A database operator can maintain native server templates. PGSandbox can still create task sandboxes, scoped roles, proof records, and cleanup around agent work. For most agent QA loops, PGSandbox local templates are the cleaner reusable-state layer because they restore into tracked sandboxes.
What is the safest default for seeded agent tests?
The safest default is a small, sanitized seeded state restored into a fresh task sandbox. Keep the reusable artifact local, document what it contains, give each agent task its own role and TTL, and delete the sandbox when the proof is captured.