sqlallowlist

package
v1.1.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2026 License: MIT Imports: 2 Imported by: 0

Documentation

Overview

Package sqlallowlist enforces a DDL allowlist for SQL statements submitted through the nself_run_migration MCP tool. It prevents AI Studio sessions from executing destructive or privilege-altering SQL via confirm=true.

Purpose: Block arbitrary DDL/DML (DROP TABLE, TRUNCATE, DELETE FROM without WHERE, 

ALTER ROLE, GRANT, REVOKE, psql meta-commands) from the MCP surface.

Inputs: Raw SQL string from the MCP tool request. Outputs: nil on allowed statements; descriptive error on blocked statements. Constraints: Case-insensitive. Strips leading whitespace and single-line comments 

before matching so that comment-prefix bypasses are impossible.

SPORT: F02-COMMAND-INVENTORY.md — nself mcp / nself_run_migration DDL allowlist.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateMigrationSQL 

func ValidateMigrationSQL(sql string) error

ValidateMigrationSQL checks sql against the DDL blocklist. It returns nil when the statement is allowed, or an error with a descriptive message when the statement type is prohibited via the MCP surface.

The check is intentionally conservative: any statement whose normalised prefix matches a blocked keyword is rejected, regardless of qualifiers that follow (e.g. "DROP TABLE IF EXISTS" is still blocked).

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.