Heimdall FAQs

Question 1

What is Heimdall and its main purpose?

Accepted Answer

Heimdall is a high-security middleware that acts as a Model Context Protocol (MCP) Gatekeeper for PostgreSQL databases. Its main purpose is to allow Large Language Models (LLMs) to query your database for information while strictly blocking any attempt to modify, delete, or destroy data, ensuring read-only access.

Question 2

What technologies does Heimdall leverage?

Accepted Answer

Heimdall is built with Golang for performance and concurrency, utilizes `pgx/v5` for high-performance PostgreSQL interaction, `xwb1989/sqlparser` for its AST-based security, and follows a Hexagonal Architecture for maintainability and decoupling core logic.

Question 3

Why is AST-based security superior to regex for SQL validation?

Accepted Answer

AST-based security is superior because regex can be easily tricked or bypassed by clever formatting, leading to false negatives (allowing harmful queries). Heimdall's AST parser understands the *intent* and structure of the SQL command, making it virtually impossible to bypass its security checks, ensuring true read-only enforcement.

Question 4

Does Heimdall support LLM-specific protocols?

Accepted Answer

Yes, Heimdall features native integration with the Model Context Protocol (MCP). This allows it to seamlessly interact with MCP-compliant clients like Claude Desktop, exposing standardized tools such as `list_tables`, `get_schema`, and `safe_query` for LLM interaction.

Question 5

How does Heimdall ensure strict read-only access?

Accepted Answer

Heimdall uses an Abstract Syntax Tree (AST) parser to deconstruct SQL queries into their grammatical components. It inspects the AST for any mutation keywords like INSERT, UPDATE, DELETE, DROP, or ALTER. If detected, the query is rejected before it ever touches the PostgreSQL database, ensuring only SELECT statements are executed.

Heimdall

Heimdall

Key Features

Use Cases

Key Features

Use Cases