Pronounced [ˈhaΙͺm.dΙ”l.Ι™m] or HEIM-dall-em

HeimdaLLM is a robust static analysis framework for validating that LLM-generated structured output is safe. It currently supports SQL.

In simple terms, it helps makes sure that AI won’t wreck your systems.

Heimdall guarding the Bifrost Build status PyPI License: Commercial License: AGPL v3 Coverage Status GitHub Repo stars

Consider the following natural-language database query:

how much have i spent renting movies, broken down by month?

From this query (and a little bit of context), an LLM can produce the following SQL query:

   strftime('%Y-%m', payment.payment_date) AS month,
   SUM(payment.amount) AS total_amount
FROM payment
JOIN rental ON payment.rental_id=rental.rental_id
JOIN customer ON payment.customer_id=customer.customer_id
WHERE customer.customer_id=:customer_id
GROUP BY month

But how can you ensure the LLM-generated query is safe and that it only accesses authorized data?

HeimdaLLM performs static analysis on the generated SQL to ensure that only certain columns, tables, and functions are used. It also automatically edits the query to add a LIMIT and to remove forbidden columns. Lastly, it ensures that there is a column constraint that would restrict the results to only the user’s data.

It does all of this locally, without AI, using good ol’ fashioned grammars and parsers:

βœ… Ensuring SELECT statement...
βœ… Resolving column and table aliases...
βœ… Allowlisting selectable columns...
   βœ… Removing 2 forbidden columns...
βœ… Ensuring correct row LIMIT exists...
   βœ… Lowering row LIMIT to 10...
βœ… Checking JOINed tables and conditions...
βœ… Checking required WHERE conditions...
βœ… Ensuring query is constrained to requester's identity...
βœ… Allowlisting SQL functions...
   βœ… strftime
   βœ… SUM

The validated query can then be executed:











Want to get started quickly? πŸš€ Quickstart.


These docs are under active development. See an issue? Report it here. Want to make sure something is included? Please request it here.