Server data from the Official MCP Registry
Semantic SQL inspector: catches double-counting, wrong joins, PII exposure before execution.
Semantic SQL inspector: catches double-counting, wrong joins, PII exposure before execution.
Valid MCP server (1 strong, 4 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.
9 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-sqlsure-sqlsure": {
"args": [
"-m",
"sqlsure.mcp_server",
"sqlsure"
],
"command": "uvx"
}
}
}From the project's GitHub README.
AI writes your SQL. sqlsure makes sure it's right.
A query can be perfectly valid, run without error, and return a number that's silently wrong — revenue double-counted by a join, an average summed, a patient identifier exposed. Databases don't catch this. Linters don't catch this. LLMs reviewing their own SQL don't catch this.
sqlsure does — deterministically, in 0.1 ms, before the query runs.
Proof, not promises: we ran sqlsure over the gold answers of the two benchmarks every text-to-SQL model is graded on. 2,568 expert-written queries, 45 flags, zero false alarms — including a BIRD dev gold answer that is provably wrong by 8× from the exact bug class sqlsure targets, and a schema defect now filed upstream.
sqlsure judges SQL against facts your team already declared — dbt unique
tests become grain, relationships tests become join cardinality, one-line
meta tags mark what's safe to sum. No new language to learn, no model to
maintain by hand. Rules are dictionary lookups, not LLM calls: same input,
same verdict, every time, offline.
Every rejection carries a machine-actionable fix, so AI agents
self-repair: draft → check → fix → check → execute. In our benchmark,
applying the fix verbatim produced a passing query 10/10 times.
pip install sqlsure
from sqlsure import SemanticModel, check
violations = check(sql, model) # [] means semantically safe
Or clone and run the 30-second demo:
python check.py # 5 wrong queries rejected, 1 approved — with fixes
python -m sqlsure.scan path/to/dbt-repo --report report.md # audit any dbt repo
1. CI gate — blocks the merge when a PR double-counts:
python -m sqlsure.cli --model model.json query.sql # exit 1 on violations
2. MCP server — your AI agent must pass inspection before executing:
claude mcp add sqlsure -- python -m sqlsure.mcp_server --model /abs/path/model.json
See docs/MCP.md for tool reference and agent-loop patterns.
3. Library — embed check() inside any text-to-SQL product or agent
framework. A drop-in SemanticGate wraps
Vanna/WrenAI-style generators; a
semantic eval metric scores NL2SQL output
where execution-accuracy is blind.
| Rule | Severity | Catches |
|---|---|---|
| FANOUT | error | SUM/COUNT of additive measure after one-to-many join |
| CHASM | error | two+ fan-out joins multiplying each other |
| ADDITIVITY | error | SUM of a non-additive measure (rates, averages) |
| SEMI_ADDITIVE | error | balances/censuses summed across their snapshot dimension |
| JOIN_KEY | error | join on columns matching no declared relationship |
| CROSS_JOIN | error | join with no predicate |
| WEIGHTED_AVG | warning | AVG silently re-weighted by fan-out |
| UNDECLARED_JOIN | warning | join with no declared relationship (unverifiable ≠ safe) |
| SENSITIVE_COLUMN | policy | PHI/PII column exposed in query output |
When sqlsure can't verify something, it says "can't verify" — never "looks fine." Honest uncertainty is a feature.
manifest.json or schema.yml — the tests teams
already wrote become enforceable semantics, zero configSemanticModelApache-2.0 · sqlsure.ai
mcp-name: io.github.sqlsure/sqlsure
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.