QueryGuard

SQL safety gate for AI agents — catch the missing WHERE before it wrecks prod

npx -y github:Isco0819/query-guard

Ever run into this?

AI agents writing SQL have no guardrail before execution — a missing WHERE on a DELETE or an accidental TRUNCATE can nuke a prod table in seconds. sqlfluff (7k+ GitHub stars) proves developers desperately want SQL linting, but there is no MCP-native layer an agent can call before a query runs.

The fix

QueryGuard is an MCP server and npx CLI that intercepts SQL, detects destructive patterns (DELETE/UPDATE without WHERE, DROP, TRUNCATE, unbounded full-table scans), scores risk as low/medium/critical, and returns structured feedback agents can act on before touching the database.

What it does

npx -y github:Isco0819/query-guard