Show HN: Sqlsure – 针对 AI 生成 SQL 的确定性语义检查
Show HN: Sqlsure – deterministic semantic checks for AI-generated SQL

原始链接: https://github.com/sqlsure/sqlsure

**sqlsure** 是一款确定性验证工具,旨在防止人工智能生成的 SQL 语句中常见的“静默”错误,例如重复计算收入、不当的聚合或敏感个人信息(PII)泄露。与可能忽略语义逻辑缺陷的代码检查器或大语言模型不同,sqlsure 会根据现有的模式元数据(如 dbt 测试、主键/外键声明或目录内省)分析 SQL 查询,从而在执行前确保语义的正确性。 主要功能包括: * **高精度:** 它能识别常见的陷阱(如扇出错误、断层陷阱以及非加性指标的误用),在基准测试中实现了零误报。 * **自我修复:** 每次拒绝都会提供机器可操作的修复方案,使 AI 智能体能够在运行查询前自动进行自我纠正。 * **隐私与性能:** 该工具完全离线运行,不进行任何网络调用,不访问数据,也没有遥测功能,确保了绝对的安全。 * **零配置:** 它利用现有的数据结构(dbt、SQL 目录或简单的 JSON)构建语义规则库,无需学习新语言,也无需手动维护。 sqlsure 提供 Python 库、CLI 或 MCP 服务器等多种形式,它充当了“语义网关”,为文本转 SQL 工作流带来了可靠性,确保 AI 生成的查询既准确又快速。

抱歉。
相关文章

原文

CI PyPI License: Apache-2.0 Python

AI writes your SQL. sqlsure makes sure it's right.

A query can be perfectly valid, run without error, and return a number that's silently wrong — revenue double-counted by a join, an average summed, a patient identifier exposed. Databases don't catch this. Linters don't catch this. LLMs reviewing their own SQL don't catch this.

sqlsure does — deterministically, in 0.1 ms, before the query runs.

Proof, not promises: we ran sqlsure over the gold answers of the two benchmarks every text-to-SQL model is graded on. 2,568 expert-written queries, 45 flags, zero false alarms — including a BIRD dev gold answer that is provably wrong by 8× from the exact bug class sqlsure targets, and a schema defect now filed upstream.

sqlsure judges SQL against facts your team already declared — dbt unique tests become grain, relationships tests become join cardinality, one-line meta tags mark what's safe to sum. No new language to learn, no model to maintain by hand. Rules are dictionary lookups, not LLM calls: same input, same verdict, every time, offline.

Every rejection carries a machine-actionable fix, so AI agents self-repair: draft → check → fix → check → execute. In our benchmark, applying the fix verbatim produced a passing query 10/10 times.

from sqlsure import SemanticModel, check
violations = check(sql, model)   # [] means semantically safe

Or clone and run the 30-second demo:

python check.py                   # 5 wrong queries rejected, 1 approved — with fixes
python -m sqlsure.scan path/to/dbt-repo --report report.md   # audit any dbt repo

1. CI gate — blocks the merge when a PR double-counts:

python -m sqlsure.cli --model model.json query.sql   # exit 1 on violations

2. MCP server — your AI agent must pass inspection before executing:

claude mcp add sqlsure -- python -m sqlsure.mcp_server --model /abs/path/model.json

See docs/MCP.md for tool reference and agent-loop patterns.

3. Library — embed check() inside any text-to-SQL product or agent framework. A drop-in SemanticGate wraps Vanna/WrenAI-style generators; a semantic eval metric scores NL2SQL output where execution-accuracy is blind.

Rule Severity Catches
FANOUT error SUM/COUNT of additive measure after one-to-many join
CHASM error two+ fan-out joins multiplying each other
ADDITIVITY error SUM of a non-additive measure (rates, averages)
SEMI_ADDITIVE error balances/censuses summed across their snapshot dimension
JOIN_KEY error join on columns matching no declared relationship
CROSS_JOIN error join with no predicate
WEIGHTED_AVG warning AVG silently re-weighted by fan-out
UNDECLARED_JOIN warning join with no declared relationship (unverifiable ≠ safe)
SENSITIVE_COLUMN policy PHI/PII column exposed in query output

When sqlsure can't verify something, it says "can't verify" — never "looks fine." Honest uncertainty is a feature.

  • Deterministic — same SQL + same rulebook = same verdict, always; rules are dictionary lookups, auditable line by line
  • Offline — zero network calls; your SQL never leaves your machine
  • No data access — parses query text; never connects to a database
  • No telemetry — nothing collected, ever (SECURITY.md)
  • Supply chain — releases ship exclusively via PyPI Trusted Publishing (OIDC) from tagged commits with public CI runs; two runtime deps

Where the rulebook comes from

  • dbt (works today): manifest.json or schema.yml — the tests teams already wrote become enforceable semantics, zero config

  • Plain PK/FK declarations (works today — powered the benchmark audits)

  • The live database itself (works today): no semantic layer at all? sqlsure.introspect builds the rulebook from the catalog — SQLite PRAGMAs or information_schema PK/FK (postgres/mysql). Introspecting BIRD's own database files recovered 2 foreign keys missing from the benchmark's published schema (bird-bench/mini_dev#37)

    from sqlsure.introspect import model_from_sqlite
    model = model_from_sqlite("app.db")   # PK -> grain, FK -> join edges
  • Hand-written JSONmodel.example.json

  • OSI and WrenAI MDL (working loaders in integrations/): OSI demonstrated on the spec's published examples; WrenAI MDL demonstrated on WrenAI's own shipped example manifest — primaryKey → grain, relationship joinType + condition → join edges, cube measures → additivity

  • Cube, Snowflake Semantic Views — adapters on the roadmap; the engine only ever sees one SemanticModel

  • 16/16 rule tests, 100% recall / 0% false positives on the paired benchmark (docs/METRICS.md)
  • Real production repos (Mattermost's warehouse, Fivetran packages, dbt's jaffle shop) — docs/TEST-REPORTS.md
  • Spider + BIRD gold queries — the zero-noise external audit above

Apache-2.0 · sqlsure.ai

mcp-name: io.github.sqlsure/sqlsure

联系我们 contact @ memedata.com