https://github.com/jonaylor89/pg_guard
protect your db from cursor
https://github.com/jonaylor89/pg_guard
claude cursor database-proxy postgresql rust
Last synced: 13 days ago
JSON representation
protect your db from cursor
- Host: GitHub
- URL: https://github.com/jonaylor89/pg_guard
- Owner: jonaylor89
- License: mit
- Created: 2025-09-01T20:45:26.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2025-09-04T21:24:55.000Z (7 months ago)
- Last Synced: 2025-09-16T13:17:48.626Z (6 months ago)
- Topics: claude, cursor, database-proxy, postgresql, rust
- Language: Rust
- Homepage: https://blog.jonaylor.com/protect-your-database-from-cursor
- Size: 253 KB
- Stars: 24
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# pg_guard: Cursor-proof your database
**A Postgres proxy with built-in safety features and row-level damage limiting**
pg_guard is a Postgres proxy server that sits between your applications and your database, providing real-time query analysis and protection against dangerous operations. It implements transparent TCP proxying with PostgreSQL wire protocol support with human readable messages to help claude/cursor understand how to better make DB calls.
## Features
- **Query Interception**: Analyzes all SQL queries before they reach your database
- **Row-Level Damage Limiting**: Blocks DELETE/UPDATE operations that would affect too many rows
- **Dangerous Query Blocking**: Prevents DROP, TRUNCATE, and WHERE-less DELETE operations
- **Honeytoken Protection**: Detects and blocks access to canary tables
- **Mock Snapshots**: Logs backup points before destructive operations
- **Structured Logging**: Clear, parseable logs for monitoring and debugging
- **Human Readable Errors**: Tells claude/cursor how to change its query to pass the proxy
## Quick Start
```bash
cargo install pg_guard
pg_guard \
--listen 0.0.0.0:6543 \
--db-url postgres://postgres:postgres@localhost:5432/postgres \
--max-rows 500 \
--strict
```
## Safety Features
### 1. Dangerous Query Blocking
```sql
-- ❌ BLOCKED: These queries are automatically blocked
DROP TABLE users;
TRUNCATE users;
DELETE FROM users; -- No WHERE clause
```
### 2. Row-Level Damage Limiting
```sql
-- ✅ ALLOWED: Affects few rows
DELETE FROM users WHERE id = 123;
-- ❌ BLOCKED: Would affect 1000+ rows (exceeds --max-rows limit)
DELETE FROM users WHERE created_at < '2020-01-01';
```
### 3. Honeytoken Detection
```sql
-- ❌ BLOCKED: Any access to canary tables
SELECT * FROM _pg_guard_canary;
```
### 4. Snapshot Logging
Before allowing destructive operations, pg_guard logs:
```
[snapshot] Would take backup here
[ALLOW] DELETE FROM users WHERE role = 'inactive' → 12 rows
```