Repository files navigation

Pronounced[ˈhaɪm.dɔl.əm] orHEIM-dall-EM

HeimdaLLM is a robust static analysis framework for validating that LLM-generatedstructured output is safe. It currently supports SQL.

In simple terms, it helps makes sure that AI won't wreck your systems.

Consider the following natural-language database query:

how much have i spent renting movies, broken down by month?

From this query (and a little bit of context), an LLM can produce the following SQLquery:

SELECT   strftime('%Y-%m',payment.payment_date)AS month,SUM(payment.amount)AS total_amountFROM paymentJOIN rentalONpayment.rental_id=rental.rental_idJOIN customerONpayment.customer_id=customer.customer_idWHEREcustomer.customer_id=:customer_idGROUP BY monthLIMIT10;

But how can you ensure the LLM-generated query is safe and that it only accessesauthorized data?

HeimdaLLM performs static analysis on the generated SQL to ensure that only certaincolumns, tables, and functions are used. It also automatically edits the query to add aLIMIT and to remove forbidden columns. Lastly, it ensures that there is a columnconstraint that would restrict the results to only the user's data.

It does all of this locally, without AI, using good ol' fashioned grammars and parsers:

✅ Ensuring SELECT statement...✅ Resolving column and table aliases...✅ Allowlisting selectable columns...   ✅ Removing 2 forbidden columns...✅ Ensuring correct row LIMIT exists...   ✅ Lowering row LIMIT to 10...✅ Checking JOINed tables and conditions...✅ Checking required WHERE conditions...✅ Ensuring query is constrained to requester's identity...✅ Allowlisting SQL functions...   ✅ strftime   ✅ SUM

The validated query can then be executed:

Want to get started quickly? Gohere.

I am in the process of organizing an independent security audit of HeimdaLLM. Until thisaudit is complete, I do not recommend using HeimdaLLM against any production systemwithout a careful risk assessment. These audits are self-funded, so if you will getvalue from the confidence that they bring, considersponsoringme orinquire about interest in a commerciallicense.

To understand some of the potential vulnerabilities, take a look at theattacksurface to see the risks andthe mitigations.

• Sqlite
• MySQL
• Postgres

There is active development for the other top relational SQL databases. To help meprioritize, please vote on which database you would like to see supported:

HeimdaLLM is dual-licensed for open-source or for commercial use.

The open-source license isAGPLv3,which permits free usage, modification, and distribution, and is appropriate forindividual or open-source usage. For commercial usage, AGPLv3 has key obligations thatyour organization may want to avoid:

• Source Code Disclosure: Any changes you make and use over a network must be madepublicly available, potentially revealing your proprietary modifications.

• Copyleft Clause: If HeimdaLLM is integrated into your application, the wholeapplication may need to adhere to AGPLv3 terms, including code disclosure of yourapplication.

• Service Providers: If you use HeimdaLLM to provide services, your clients alsoneed to abide by AGPLv3, complicating contracts.

The commercial license eliminates the above restrictions, providing flexibility andprotection for your business operations. This commercial license is recommended forcommercial use. Please inquire about a commerical license here: