How do I use QueryShield with MotherDuck / DuckDB?

Question

Accepted Answer

DuckDB and MotherDuck (DuckDB-in-the-cloud) are an increasingly popular substrate for AI analytics agents because of their fast columnar engine and SQL ergonomics. QueryShield uses sqlglot's DuckDB dialect parser. ```python import duckdb from queryshield import Client qs = Client(api_key=KEY, policy="duck-analytics", dialect="duckdb") con = duckdb.connect("md:my_database?motherduck_token=...") decision = qs.validate(sql=llm_output, context=ctx.dict()) if decision.allowed: df = con.execute(decision.sql).df() ``` DuckDB-specific considerations: 1. **`COPY ... TO 'file.parquet'`, `EXPORT DATABASE`** statements can write to the host filesystem — denylist for any LLM-driven agent. 2. **`INSTALL`, `LOAD`** of extensions — denylist; an attacker steering the agent to load `httpfs` and then `COPY` to a remote S3 bucket is a realistic exfil path. 3. **`ATTACH 'remote.db'`** — denylist; can pull in arbitrary databases. 4. **MotherDuck shares** — policy can restrict the agent to a single database namespace (`USE my_db` enforced; cross-database queries denied). 5. **DuckDB has no traditional RLS** — the AST layer is your primary control, not a defense-in-depth complement. The lack of native RLS makes QueryShield's policy DSL especially load-bearing on DuckDB; required predicates are the only enforcement layer for multi-tenant data.