MCPcopy Index your code
hub / github.com/BuilderIO/agent-native / validateWriteSql

Function validateWriteSql

packages/core/src/scripts/db/exec.ts:178–202  ·  view source on GitHub ↗
(sql: string, index: number)

Source from the content-addressed store, hash-verified

176}
177
178function validateWriteSql(sql: string, index: number): string {
179 const normalized = normalizeUserSql(sql, index);
180 const upper = normalized.toUpperCase();
181 const allowed = ["INSERT", "UPDATE", "DELETE", "REPLACE"];
182 const blocked = ["SELECT", "WITH", "EXPLAIN", "PRAGMA"];
183
184 if (blocked.some((kw) => upper.startsWith(kw))) {
185 fail(
186 `Statement ${index}: use db-query for SELECT/read statements. db-exec is for writes only.`,
187 );
188 }
189 if (upper.startsWith("CREATE") || upper.startsWith("ALTER")) {
190 fail(
191 `Statement ${index}: schema changes are not allowed through db-exec. Additive schema changes must go through reviewed migrations/startup code, not ad-hoc agent SQL.`,
192 );
193 }
194 if (!allowed.some((kw) => upper.startsWith(kw))) {
195 fail(
196 `Statement ${index}: only ${allowed.join(", ")} statements are allowed. ` +
197 `Dangerous operations like DROP, ATTACH, VACUUM, DETACH, CREATE, and ALTER are blocked.`,
198 );
199 }
200 assertNoSensitiveFrameworkTables(normalized, "write");
201 return normalized;
202}
203
204function convertQuestionMarksToPostgresParams(sql: string): string {
205 let index = 0;

Callers 1

dbExecFunction · 0.85

Calls 3

failFunction · 0.90
normalizeUserSqlFunction · 0.85

Tested by

no test coverage detected