Extension vs Implementing Wire Protocol

Hi all,

We need to apply some data management policies on read. We are considering
two approaches

1. Implement a postgres extension.
2. Implement a proxy that implements the PostgreSQL wire protocol.

We're trying to decide which approach to take and are leaning towards
implementing it as an open source extension. Mostly what we need is to be
able to apply simple row level transformations after query execution before
data is returned to the client. Our hope is we can do this without messing
with cursors or execution as we don't want it to be brittle across postgres
versions. It would be super cool if it could apply to foreign data wrappers
as well.

Examples of behaviors we'd like to have:

- 'SELECT * FROM table;' should return masked versions of the columns
based on policy for that specific user.
- 'SELECT * FROM table;' should return just the columns accessible to
a specific user.

Questions:

1. Are there easily extensible (ideally open-source) proxies that
already implement the Postgres protocol that we could modify/extend to
support this?
2. Does the extension framework support post-query execution
transformations before returning the result set such that it is compatible
with postgres clients (transparently).

This seems like a useful extension and we'd be happy to build it and open
source it so that other folks could benefit. Also, please let me know if I
got the wrong mailing list and should take discussion elsewhere.

Matthew