A local preflight guard that detects production database credentials and blocks destructive SQL or migration commands until a human explicitly confirms the target environment.
AI coding agents (Claude Code, Copilot, Cursor, etc.) can run database commands on your behalf. When those commands target production by accident — because a .env file points to prod, or an env var is set — the damage is immediate and irreversible.
ProdGate sits between the agent and the database, running four checks before any destructive command executes. If it smells production, it blocks and asks for human confirmation.
| Check | Severity | What It Detects |
|---|---|---|
| Production Credential Detection | CRITICAL | Connection strings or env vars pointing to production hosts / databases |
| Destructive Command Detection | CRITICAL | DROP TABLE, TRUNCATE, DELETE FROM, db:drop, db:reset, migration rollbacks, raw SQL shells |
| Migration Target Check | WARNING | Migration commands with production credentials and no localhost indicators |
| Agent Shell Detection | WARNING | Parent process chain contains known AI agent executables (Claude, Copilot, Cursor, Aider, etc.) |
# From source
git clone https://github.com/your-org/prodgate.git
cd prodgate
pip install -e ".[full]"The [full] extra installs psutil for parent-process detection. Without it, ProdGate falls back to basic process checks.
# Guard a command — blocks if risky, prompts for environment name confirmation
prodgate guard -- rails db:migrate
# Check only — prints report, does not execute the command
prodgate check -- rails db:migrate
# Scan the environment for credentials only (no command needed)
prodgate scan
# Non-interactive mode — blocks without prompting (for CI or agent wrappers)
prodgate guard -n -- psql -c "DROP TABLE users"When a check fails with CRITICAL severity, ProdGate:
- Prints a Markdown-formatted report to the console
- Saves
.prodgate-report.mdto the current directory - Extracts the suspected environment name (e.g.
production) - Prompts: "To proceed, type the environment name exactly: production"
- Only executes the command if the user types the exact environment name
| Code | Meaning |
|---|---|
| 0 | Safe — command executed, or checks passed |
| 1 | Blocked — production risk detected, or confirmation failed |
| 2 | Usage error |
.envfiles — walks up to 10 parent directories, reads.env,.env.local,.env.production,.env.prod- Environment variables —
DATABASE_URL,RAILS_ENV,NODE_ENV,DB_HOST, and more - Framework configs —
config/database.yml,settings.py,knexfile.js,prisma/schema.prisma,drizzle.config.ts,ormconfig.json, and more - Parent process chain — detects known AI agent executables in the ancestry tree
- Hostnames:
prod-db.internal,production.example.com,*.rds.amazonaws.com,*.cloudsql.googleapis.com - Database names:
prod,production,live,primary - Env vars:
RAILS_ENV=production,NODE_ENV=production,APP_ENV=prod - Destructive SQL:
DROP TABLE/DB/SCHEMA/INDEX,TRUNCATE,DELETE FROM,ALTER TABLE ... DROP - Destructive migrations:
db:drop,db:reset,db:rollback,migrate:undo,prisma migrate reset,drizzle-kit drop
Add this to your agent's shell wrapper or CLAUDE.md:
# Wrap all database commands through ProdGate
alias rails='prodgate guard -- rails'
alias rake='prodgate guard -- rake'
alias psql='prodgate guard -- psql'
alias mysql='prodgate guard -- mysql'- Python 3.10+
psutil(optional, for enhanced parent-process detection)
MIT