TCP proxy, HTTP API or CLI. Vericto works with any driver, ORM or pipeline that uses a standard connection string — without rewriting your code.
DATABASE_URL=postgres://vericto-proxy:5433/db
curl .../evaluate -d '{"sql":"DELETE FROM users"}'
vericto check migrations/0001.sql
Pick the one that fits your architecture. The same deterministic AST evaluation across all three.
The simplest way: point your connection string at the Vericto proxy instead of your database. It intercepts every query at the protocol level (Postgres/MySQL) and blocks destructive ones before they land. Zero code changes.
Validate SQL with a REST call before running it. Ideal for Text-to-SQL pipelines, serverless functions and agents that generate queries dynamically. API-key auth, verdict in the response.
The vericto binary validates SQL against your workspace rules in pre-commit hooks and CI/CD pipelines. Exit code mirrors the verdict. Binaries for Linux, macOS and Windows published on every release.
| TCP proxy | HTTP API | CLI | |
|---|---|---|---|
| Zero code changes | ✓ | — | — |
| Inline blocking (in the query path) | ✓ | — | — |
| Validation before execution | — | ✓ | ✓ |
| Ideal for CI/CD and pre-commit | — | ✓ | ✓ |
| Requires deploying the proxy | ✓ | — | — |
| Dialects | Postgres · MySQL | All 4 | All 4 |
Full Postgres dialect support (CTEs, subqueries, extensions) using pg_query, the official parser. Available via inline TCP proxy or the HTTP evaluation API.
TCP ProtocolVia APICLIFull MySQL dialect support with dialect-specific semantic rules — DELETE with LIMIT is valid in MySQL, Vericto applies the correct rules. Available via inline TCP proxy or the HTTP API.
TCP ProtocolVia APICLIOracle dialect support via the HTTP evaluation API (no TCP wire proxy for Oracle yet). Blocks DELETE/UPDATE without WHERE, DROP TABLE, and TRUNCATE with the same deterministic AST parser.
Via APICLIMSSQL / SQL Server dialect support via the HTTP evaluation API (no TCP wire proxy yet). AST parsing with T-SQL semantic rules, including CTEs and proprietary syntax.
Via APICLIRoadmap: SQLite dialect support for agents and embedded environments. Ideal for protecting AI pipelines in edge functions and CLI tools with local database access.
COMING SOONRoadmap: protection for LLM analytics pipelines on Snowflake. Will block TRUNCATE and DROP on production data warehouses.
COMING SOONCompatible with any LangChain agent that uses SQLDatabase. Just change the connection string in your SQLAlchemy engine.
CompatibleVericto is transparent to Text-to-SQL pipelines built with the Vercel AI SDK: because the proxy intercepts at the database wire protocol, it protects generated queries no matter how they were produced. No changes to your generation code.
CompatibleProtect your Supabase database from destructive agent queries. Being Postgres, it works with the native TCP proxy: point your connection string at the proxy, no code changes.
CompatibleNative protection for MCP servers that expose databases to AI agents. The MCP ecosystem grows 3x YoY — Vericto grows with it.
NativeNative GitHub Actions integration for dry-run in CI/CD. Inline PR annotations flagging destructive queries with the rule code and fix suggestion.
CI/CDRun the Vericto CLI as a job in your GitLab CI pipeline. Validate SQL changes on every merge request and stop the pipeline if a destructive query appears.
CI/CDGet started free with the TCP proxy in minutes, or check the integration guide for the step-by-step detail.