> That's what AGPL says.

I mean no disrespect, but it doesn't say that. This is your interpretation. There is insufficient legal precedent to validate this interpretation, and thus there is inherent risk.

The risk specifically is that if I use PgDog as a component of a larger application (e.g. a SaaS app) then the entire application may be in scope.

You can fill this webpage with text stating otherwise but it doesn't matter in the slightest. If your intent is that only users connecting directly to PgDog are entitled to receive the source, then I encourage you to develop a license saying as such. But that's certainly not the AGPL, unfortunately.

(Caveats being I'm not a lawyer, and this is not legal advice. I certainly don't enjoy imagining how one would even define direct connections in a court of law.)

FWIW your heart is in the right place. I wish the world worked the way you describe.