Introduction
Bollard is an enterprise-grade SQL execution safety gateway and AI context optimizer. It functions as a secure bridge between client AI agents (such as Cursor, VS Code, and Claude) and production SQL databases, guaranteeing safe execution environments while maximizing context-window efficiency.
Instead of acting as a simple, passive query gateway, Bollard actively intercepts SQL statements, evaluates their risk level statically using AST analysis, compresses large outputs into lean summaries to save context tokens, and provides human-in-the-loop validation for potentially risky write operations.
Agent
MCP Server
Policy
CompressorCSV + 10-row preview
Response
Key Features
Dynamic Risk Engine
Statically parses incoming SQL queries and combines estimates from DB explain plans to assign a risk tier (LOW, MEDIUM, HIGH, CRITICAL, EXTREME) before execution is permitted.
Human-in-the-Loop Gates
Write operations that exceed a risk threshold trigger a gated authorization flow. A native desktop notification delivers a one-time security PIN to your editor extension, requiring physical human approval.
Smart Context Compression
Large query outputs exceeding 15 rows are automatically compressed into a structured summary block containing a 10-row preview and column statistics, reducing LLM token usage by up to 97%.
Semantic Memory Loop
Developer corrections (such as deprecated column mappings or business logic rules) are persisted locally and injected into the AI agent's context window at session start.
How It Works
Bollard is designed to work as a transparent intermediary layer between the AI agent and the database. When you connect an AI client (e.g. Cursor, VS Code, or Codex) to your database via Bollard, the MCP server becomes the sole execution gateway. All database interactions are routed through the server, which applies safety validations and context optimizations before returning a response to the AI.
Before Bollard vs. With Bollard
Adding Bollard transforms how your AI development agent interacts with your database:
| Workflow Aspect | Before Bollard (Direct SQL Assistant) | With Bollard (Safe Database Gateway) |
|---|---|---|
| Schema Context | Relies on manually pasted schema blocks, leading to hallucinated queries on outdated schemas. | Inspects schemas dynamically, caching metadata and profiles to feed the LLM accurate context. |
| Execution Safety | AI directly runs generated queries. High risk of accidental data modification, deletion, or drops. | Risk levels (LOW to EXTREME) are computed statically. Destructive operations are safely blocked. |
| Human-in-the-Loop | None. Large batch updates or structural migrations execute immediately without warnings. | Write queries require double confirmation (confirming query matching phrases and typing local PINs). |
| Data Leak Prevention | AI can query any table, including sensitive tables (e.g., password hashes, user secrets, API keys). | Access control lists block sensitive tables via connection-level blocklist wildcards. |
| Token & Context Usage | Large queries return massive raw rows, flooding the context window and wasting thousands of tokens. | Large queries are compressed into structured summaries with a 10-row preview and column stats (up to 97% token savings). |
| Correction Loop | No memory of past mistakes. AI repeats the same syntax/query errors in new sessions. | Custom fixes and deprecated field overrides are persisted and auto-injected as agent instructions. |