Matimo provider — PostgreSQL tools (query, insert, update, delete, execute SQL)
Project description
matimo-postgres
PostgreSQL tools for Matimo — execute SQL queries safely with policy-gated approval.
Installation
pip install matimo matimo-postgres
Available Tools (1 Tool)
| Tool | Description |
|---|---|
execute-sql |
Execute a SQL query against a PostgreSQL database |
The execute-sql tool is marked requires_approval: true — destructive operations (INSERT, UPDATE, DELETE, DROP) trigger HITL approval by default.
Quick Start
import asyncio
from matimo import Matimo, InitOptions
from matimo_postgres import get_tools_path
async def main():
# Auto-approve for read-only usage (CI/CD)
matimo = await Matimo.init(
get_tools_path(),
InitOptions(on_hitl=lambda req: {'approved': True, 'reason': 'auto'}),
)
# Run a SELECT query
result = await matimo.execute('execute-sql', {
'query': 'SELECT id, name FROM users LIMIT 10',
})
print(result)
asyncio.run(main())
With Interactive Approval (Recommended for Writes)
async def ask_user(request) -> dict:
print(f"\nSQL requires approval:\n{request.params.get('query')}")
answer = input("Run this query? [y/n]: ").strip()
return {'approved': answer == 'y', 'reason': 'user reviewed'}
matimo = await Matimo.init(
get_tools_path(),
InitOptions(on_hitl=ask_user),
)
# This will prompt before executing
await matimo.execute('execute-sql', {
'query': 'DELETE FROM sessions WHERE expired_at < NOW()',
})
Authentication
export DATABASE_URL="postgresql://user:password@localhost:5432/mydb"
# or individual params
export POSTGRES_HOST="localhost"
export POSTGRES_PORT="5432"
export POSTGRES_DB="mydb"
export POSTGRES_USER="myuser"
export POSTGRES_PASSWORD="mypassword"
Security Notes
- All SQL queries go through Matimo's content validator — SSRF and injection patterns are detected
- The tool has
requires_approval: true— writes trigger approval by default - Use a read-only database user for agent workloads when possible
- Consider a policy file to restrict allowed SQL patterns
Documentation
Links
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file matimo_postgres-0.1.0.tar.gz.
File metadata
- Download URL: matimo_postgres-0.1.0.tar.gz
- Upload date:
- Size: 4.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f853ea6103642703127b71d83f386ccf74dd357026e3afbcfb949fd41474134e
|
|
| MD5 |
4846653df0f9d27e3fd7552243111104
|
|
| BLAKE2b-256 |
341cac83017c73737ea6dc2ed319d75d9c991be78b2a26ed9da3ef41a7dd400e
|
File details
Details for the file matimo_postgres-0.1.0-py3-none-any.whl.
File metadata
- Download URL: matimo_postgres-0.1.0-py3-none-any.whl
- Upload date:
- Size: 5.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b02562285fc35c1513a65a64ecd70d6cb0d09ee85550158132757a90395c917e
|
|
| MD5 |
3edafd748d782530f7644d9f4a67a56a
|
|
| BLAKE2b-256 |
0c8fdf301f61406bb91aff44bfbf51fd8c79caaa4fb5211fb67ea210605ec872
|
