ractogateway.pipelines.sql_analyst._guard

Read-only SQL guard — blocks write operations before execution.

class ractogateway.pipelines.sql_analyst._guard.ReadOnlySQLGuard[source]

Bases: object

Validates that a SQL string contains only read (SELECT) operations.

Uses a keyword regex to detect any DML/DDL statement that would modify data or schema. Call check() before executing any LLM-generated SQL when force_read_only=True.

Example:

ReadOnlySQLGuard.check("SELECT * FROM users")   # passes silently
ReadOnlySQLGuard.check("DROP TABLE users")       # raises ReadOnlyViolationError

static check(sql)[source]

Raise ReadOnlyViolationError if sql contains a write operation.

Parameters:: sql (str) – The SQL string to validate.
Raises:: ReadOnlyViolationError – If the SQL contains a disallowed keyword.
Return type:: None