data 1 credit · ~$0.015 <5ms

SQL Safety Gate

POST /v1/scan/sql

The gate an agent calls before it runs SQL. A comment- and string-literal-aware tokenizer scans each statement for high-risk patterns — an unbounded DELETE/UPDATE, DROP or TRUNCATE, a WHERE 1=1 tautology, stacked statements, UNION-based injection, or a privilege change — without ever connecting to a database. Keywords inside string literals never false-positive.

Capabilities

  • Unbounded DELETE/UPDATE, DROP/TRUNCATE, tautology, UNION-injection rules
  • Comment- and string-literal-aware tokenizer (no false positives)
  • Postgres / MySQL / SQLite / T-SQL / generic dialects
  • Severity-ranked findings; tunable policy (allow DDL, max statements)
  • Deterministic and offline (no DB connection), with a certificate

Use cases

  • Gate agent-generated SQL before execution
  • Text-to-SQL and analytics copilots
  • Block accidental mass deletes and drops
  • A safety net in front of any database tool
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/sql \
  -H "Content-Type: application/json" \
  -d '{"sql": "DELETE FROM users"}'
response shape
{
  "verdict": "PASS" | "FLAG" | "BLOCK",
  // tool-specific findings…
  "certificate": "sha256:..."
}