Model Context Protocol

SQL Safety Gateway for AI Agents

Secure, validate, profile, and compress database executions. Bollard is an enterprise-grade safety gateway that stops destructive operations and fits large query results into small LLM context windows.

Get Started Star on GitHub

bash — bollard-mcp run

$ pip install bollard-mcp
Installed bollard-mcp v0.1.2 successfully.
$ bollard-mcp run --db neon
[Bollard] Initializing connection to Neon Serverless Database...
[Bollard] SSL auto-enforced (sslmode=require)
[Bollard] Dynamic risk validation engine armed.
[Bollard] Local write gates enabled on port 5567 (Awaiting PIN validations).
[Bollard] MCP Server active and listening over stdio!

The Secure Execution Pipeline

Bollard sits securely between your LLM editor client and your database, screening threat vectors in real-time.

AI Agent

Generates SQL execution request

Bollard Gateway
Parses AST, checks EXPLAIN cost, requires OS PIN if write risk high

Database

Executes verified, safe SQL code

Optimizer
Compresses tables by up to 97% to fit token budgets

Designed for Zero-Trust Autonomy

Advanced guardrails that keep your database intact, your costs predictable, and your agent context windows lightweight.

Dynamic Risk Engine

Parses queries into Abstract Syntax Trees (AST) and checks query plan complexity using EXPLAIN analysis before executing statements.

Friction Write Gates

Prompts for secondary verification pins using desktop OS hooks and browser/editor modals before allowing write, drop, or alter queries.

Context Optimizer

Token budgeting via smart rows aggregation, sampling tables, and exporting full tables as auto-downloadable workspace CSV links.

SSL Trust Negotiation

Detects cloud targets (Supabase, Neon, AWS RDS) and auto-configures SSL connection policies. Handles local self-signed CA fallbacks gracefully.