Nice concept!
I’m concerned about that LLM might discover `faz.yaml` and directly access the databases.
Wouldn’t it be more deterministic and safer to wrap the database itself and use a safety-pipeline-enabled DB instead?
It will definitely do that. That we believe you have to make it protocol aware. For eg. if it mysql, it should be proxy that translates as is. then it can't by pass. Also, the proxy should not reveal real credentials.