data 1 credit · ~$0.015 <5ms
SQL Safety Gate
POST /v1/scan/sql The gate an agent calls before it runs SQL. A comment- and string-literal-aware tokenizer scans each statement for high-risk patterns — an unbounded DELETE/UPDATE, DROP or TRUNCATE, a WHERE 1=1 tautology, stacked statements, UNION-based injection, or a privilege change — without ever connecting to a database. Keywords inside string literals never false-positive.
Capabilities
- ✓ Unbounded DELETE/UPDATE, DROP/TRUNCATE, tautology, UNION-injection rules
- ✓ Comment- and string-literal-aware tokenizer (no false positives)
- ✓ Postgres / MySQL / SQLite / T-SQL / generic dialects
- ✓ Severity-ranked findings; tunable policy (allow DDL, max statements)
- ✓ Deterministic and offline (no DB connection), with a certificate
Use cases
- → Gate agent-generated SQL before execution
- → Text-to-SQL and analytics copilots
- → Block accidental mass deletes and drops
- → A safety net in front of any database tool
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/sql \
-H "Content-Type: application/json" \
-d '{"sql": "DELETE FROM users"}' response shape
{
"verdict": "PASS" | "FLAG" | "BLOCK",
// tool-specific findings…
"certificate": "sha256:..."
}