> ## Documentation Index > Fetch the complete documentation index at: https://mintlify.hoop.dev/docs/llms.txt > Use this file to discover all available pages before exploring further. # Guardrails > Block dangerous queries before they execute with pattern-based rules export const GuardrailsAnimation = () => { const QUERIES = [{ sql: "UPDATE users SET status = 'inactive'", blocked: true, rule: "Missing WHERE clause", type: "UPDATE" }, { sql: "SELECT * FROM orders LIMIT 50", blocked: false, rule: null, type: "SELECT" }, { sql: "DROP TABLE customers", blocked: true, rule: "Destructive DDL blocked", type: "DROP" }, { sql: "SELECT id, email FROM users WHERE active = true", blocked: false, rule: null, type: "SELECT" }, { sql: "DELETE FROM logs", blocked: true, rule: "Missing WHERE clause", type: "DELETE" }, { sql: "SELECT * FROM events", blocked: true, rule: "Missing LIMIT on large table", type: "SELECT" }, { sql: "INSERT INTO audit_log VALUES (...)", blocked: false, rule: null, type: "INSERT" }, { sql: "SELECT * FROM salaries", blocked: true, rule: "Restricted table access", type: "SELECT" }, { sql: "ALTER TABLE users DROP COLUMN ssn", blocked: true, rule: "Destructive DDL blocked", type: "ALTER" }, { sql: "SELECT name, role FROM team WHERE dept = 'eng'", blocked: false, rule: null, type: "SELECT" }]; const FONT_URL = "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500&family=Inter:wght@400;500;600;700;800&display=swap"; const animationStyles = ` @keyframes slideIn { from { opacity: 0; transform: translateX(-40px); } to { opacity: 1; transform: translateX(0); } } @keyframes slideThrough { 0% { opacity: 0; transform: translateX(-20px); } 15% { opacity: 1; transform: translateX(0); } 85% { opacity: 1; transform: translateX(0); } 100% { opacity: 0; transform: translateX(20px); } } @keyframes pulseShield { 0%, 100% { transform: scale(1); filter: drop-shadow(0 0 0px rgba(var(--bronze-rgb),0)); } 50% { transform: scale(1.08); filter: drop-shadow(0 0 12px rgba(var(--bronze-rgb),0.4)); } } @keyframes pulseShieldBlock { 0% { transform: scale(1); filter: drop-shadow(0 0 0px rgba(180,60,60,0)); } 30% { transform: scale(1.15); filter: drop-shadow(0 0 16px rgba(180,60,60,0.5)); } 100% { transform: scale(1); filter: drop-shadow(0 0 0px rgba(180,60,60,0)); } } @keyframes resultSlide { from { opacity: 0; transform: translateY(8px); } to { opacity: 1; transform: translateY(0); } } @keyframes flowDot { 0% { offset-distance: 0%; opacity: 0; } 10% { opacity: 1; } 90% { opacity: 1; } 100% { offset-distance: 100%; opacity: 0; } } @keyframes fadeInUp { from { opacity: 0; transform: translateY(12px); } to { opacity: 1; transform: translateY(0); } } @keyframes scanLine { 0% { top: 0%; opacity: 0; } 10% { opacity: 1; } 90% { opacity: 1; } 100% { top: 100%; opacity: 0; } } `; const ShieldIcon = ({state, size = 48}) => { const color = state === "block" ? "#B43C3C" : state === "pass" ? "#4A7C59" : "var(--bronze)"; const anim = state === "block" ? "pulseShieldBlock 0.5s ease-out" : state === "pass" ? "pulseShield 0.6s ease-out" : "none"; return {state === "block" && } {state === "pass" && } {state === "idle" && } ; }; const QueryTag = ({type}) => { const colors = { SELECT: { bg: "rgba(var(--bronze-rgb),0.08)", text: "var(--bronze)" }, UPDATE: { bg: "rgba(180,120,60,0.1)", text: "var(--bronze)" }, DELETE: { bg: "rgba(180,60,60,0.08)", text: "#B43C3C" }, DROP: { bg: "rgba(180,60,60,0.08)", text: "#B43C3C" }, INSERT: { bg: "rgba(74,124,89,0.08)", text: "#4A7C59" }, ALTER: { bg: "rgba(180,60,60,0.08)", text: "#B43C3C" } }; const c = colors[type] || colors.SELECT; return {type}; }; const [activeIndex, setActiveIndex] = useState(-1); const [phase, setPhase] = useState("idle"); const [results, setResults] = useState([]); const [stats, setStats] = useState({ blocked: 0, allowed: 0 }); const timerRef = useRef(null); const indexRef = useRef(0); const processNext = useCallback(() => { const idx = indexRef.current % QUERIES.length; const q = QUERIES[idx]; indexRef.current += 1; setActiveIndex(idx); setPhase("scanning"); timerRef.current = setTimeout(() => { setPhase("result"); setResults(prev => { const next = [{ ...q, ts: Date.now() }, ...prev]; return next.slice(0, 6); }); setStats(prev => ({ blocked: prev.blocked + (q.blocked ? 1 : 0), allowed: prev.allowed + (q.blocked ? 0 : 1) })); timerRef.current = setTimeout(() => { setPhase("idle"); timerRef.current = setTimeout(() => { processNext(); }, 600); }, 1400); }, 900); }, []); useEffect(() => { timerRef.current = setTimeout(() => processNext(), 800); return () => clearTimeout(timerRef.current); }, []); const currentQuery = activeIndex >= 0 ? QUERIES[activeIndex] : null; const shieldState = phase === "result" && currentQuery ? currentQuery.blocked ? "block" : "pass" : phase === "scanning" ? "idle" : "idle"; return
{}
{}
{}
Incoming Query
{currentQuery && phase !== "idle" ?
via CLI
{currentQuery.sql} {phase === "scanning" &&
}
{phase === "scanning" &&
Evaluating rules...
} {phase === "result" &&
{currentQuery.blocked ? "Blocked" : "Allowed"} {currentQuery.rule && {currentQuery.rule} }
}
:
Waiting for next query...
}
{}
{phase === "scanning" ? "Checking..." : phase === "result" ? currentQuery?.blocked ? "Denied" : "Clear" : "Ready"}
{}
Session Log
{results.length === 0 &&
No sessions yet
} {results.map((r, i) =>
{r.sql.length > 32 ? r.sql.slice(0, 32) + "..." : r.sql} {r.blocked ? "BLOCKED" : "OK"}
)}
{}
{stats.blocked} blocked {stats.allowed} allowed <5ms latency
; };
## What You'll Accomplish Guardrails let you block dangerous queries before they execute. You can: * Prevent accidental `UPDATE` or `DELETE` without a `WHERE` clause * Block `DROP TABLE` and other destructive DDL commands * Enforce read-only access for specific user groups * Require `LIMIT` clauses on large tables * Block queries that access sensitive columns *** ## The Problem Guardrails Solve Without guardrails, one typo can destroy production data: ```sql theme={"dark"} -- Intended: Update one user's email UPDATE users SET email = 'new@email.com' WHERE id = 123; -- Accidental: Update ALL users (forgot WHERE clause) UPDATE users SET email = 'new@email.com'; -- 500,000 rows affected 💥 ``` Guardrails catch these mistakes before they execute, showing an error instead of running the dangerous query. *** ## How Guardrails Work User runs a query through Hoop (CLI, Web App, or API) Each guardrail rule is checked against the query using pattern matching If a rule matches: block, warn, or require approval based on configuration User sees either the query result or an error explaining which rule was violated ### Rule Types | Type | Description | Use Case | | ---------------- | ----------------------------------- | ------------------------------- | | **Input Rules** | Evaluate the query before execution | Block dangerous commands | | **Output Rules** | Evaluate results after execution | Redact sensitive data in output | *** ## Guardrails vs Other Features | Feature | Purpose | When to Use | | --------------------- | ------------------------------------- | -------------------------------------- | | **Guardrails** | Block queries based on patterns | Prevent dangerous operations | | **Live Data Masking** | Redact sensitive data in output | Protect PII in query results | | **Access Requests** | Require approval for access | Time-limited or command-level approval | | **Access Control** | Control who can access resource roles | Restrict resource role visibility | These features work together. For example: * Guardrails block `DROP TABLE` commands * Live Data Masking redacts SSN in `SELECT` results * Access Requests require approval before connecting * Access Control limits who sees the resource role *** Ready to set it up? The [Guardrails configuration guide](/setup/configuration/guardrails-configuration) covers prerequisites, creating rules, pattern syntax, actions, recipes, testing, and troubleshooting. ## Next Steps Detailed configuration options and rule syntax Automatically redact sensitive data in query results Require approval for access to sensitive resource roles Audit all query executions including blocked queries