Postgres CDC → LLM Alerts hero
Strongly Certified · Streaming Workflow

Postgres CDC → LLM Alerts

Postgres logical-replication slot, classified by an LLM, posted to your incident webhook.

Subscribes to a Postgres logical-replication slot and routes alert-worthy row changes through a small LLM that drafts a one-sentence summary. Routine churn drops at the conditional. The LLM is never invoked on noise.

Talk to an Engineer See What It Does
≤2.5s
Commit-to-webhook (p95)
pgoutput v1
Native binary decoder
At-least-once
LSN ACK on every Commit
What it does

The voice loop, end-to-end.

No black box. Each step is a typed-frame node you can edit, monitor, and replace.

01

Postgres commits a row change. The logical-replication slot ships the pgoutput binary message to the streaming worker.

02

streaming-postgres-cdc decodes the message natively (no Debezium / Kafka layer required) and emits a TextFrame with the row JSON.

03

streaming-conditional matches an alert-worthy regex (status flips to critical / failed / breach / escalated, large amounts, severity high / critical). Routine changes drop at the default branch.

04

The LLM drafts a one-sentence summary. streaming-webhook-response POSTs to your incident receiver (Slack / PagerDuty / ServiceNow).

Capabilities

Built for production. Day Two-ready.

Streaming graph contract, observability, and cost discipline come standard. The agent ships with a full test suite that runs in CI on every node version bump.

Native pgoutput decoder

psycopg2.LogicalReplicationConnection in an executor thread; the pgoutput v1 binary protocol is decoded natively (Begin / Relation / Insert / Update / Delete / Commit / Truncate / Type / Origin). Per-relation column metadata cached from Relation messages.

Native binaryv1 protocolSchema-cached

At-least-once

Standby Status feedback ACKs the LSN on every Commit so Postgres frees WAL in real time. A pod crash mid-event redelivers un-ACKed transactions on restart. Operators idempotency-key on pg_lsn + pg_table for exactly-once.

LSN ACKWAL freeingCrash-safe

Cost-bounded

Routine row churn drops at the conditional before any LLM call. The LLM cost scales with alert rate, not commit rate. Default regex is conservative and operator-tunable.

Conditional dropAlert-rate costRegex-tunable

REPLICA IDENTITY support

Default emits PK columns on UPDATE/DELETE. REPLICA IDENTITY FULL ships the entire pre-update row. USING INDEX is also supported. TOAST handling: unchanged TOASTed columns surface as null per pgoutput spec.

Default + FULLTOAST-awarePer-table

Failure transparency

PgOutputDecodeError / ConnectionError / SlotError / StopError all flow through the same webhook fan-in as the alerts. The on-call sees source failures on the same channel as production alerts — no separate runbook.

Typed errorsSame channelADR-S7

Live span tree

Each emitted row event writes a span tagged with pg_op / pg_schema / pg_table / pg_lsn / pg_xid / pg_commit_lsn. Filter the canvas overlay by table or by xid to debug enrichment behaviour.

ADR-S14Per-eventCanvas overlay
Built on

Real services. Your stack.

Every dependency is a registered Strongly service or a model you control. Swap any one of them in the install wizard. The graph stays intact.

Postgres
wal_level=logical, REPLICATION privilege, ?replication=database
Source node
streaming-postgres-cdc 1.0.0 — native pgoutput decoder
LLM model
gpt-4o-mini default — swap any registered chat model
Sink
streaming-webhook-response — Slack / PagerDuty / ServiceNow / any HTTP+JSON receiver
Five common customisations

Tune it. Don't fork it.

The marketplace template is the graph. Every customisation below is a config change or a single-node addition - never a rewrite.

Slack-format the summary

Wire streaming-text-transformer between llm and webhook to prepend ':rotating_light: ' and bold the table name.

Severity routing

Replace the 2-port conditional with streaming-confidence-router branching critical → PagerDuty page, high → Slack warn, medium → email digest.

Per-table prompts

Fork the prompt with streaming-llm-router predicating on pg_table so orders / incidents / payments each get a domain-tuned summary prompt.

Aggregation digest

Replace per-event LLM with streaming-aggregator (max 10 events / 30s window) so a burst of changes summarises as one alert instead of ten.

Compliance archive

Fan-out the LLM response to a streaming-conversation-store writing to your Mongo audit collection, so every alert has a queryable history.

Strength in Results

Production. Not pilots.

We don't leave until it runs. Talk to a forward-deployed engineer about deploying Postgres CDC → LLM Alerts into your environment with your STT, your LLM, your TTS, your data.

Schedule a Demo