v1.0.10

Schema-Validated SQL for Go. DBML In, Safe SQL Out.

Build SQL queries validated against a DBML schema. Every table and field checked at init, every value parameterized, every identifier quoted for the target dialect.

Get Started
import "github.com/zoobz-io/astql"

// Schema from DBML — single source of truth
instance, _ := astql.NewFromDBML(project)

// Typos caught immediately: instance.F("emial") panics with a clear error
query := astql.Select(instance.T("users")).
    Fields(instance.F("email"), instance.F("name")).
    Where(instance.C(instance.F("active"), astql.EQ, instance.P("is_active"))).
    OrderBy(instance.F("email"), astql.ASC).
    Limit(10)

// One AST, four databases
pg   := query.Render(postgres.New())  // "email", LIMIT 10
lite := query.Render(sqlite.New())    // "email", LIMIT 10
my   := query.Render(mariadb.New())   // `email`, LIMIT 10
ms   := query.Render(mssql.New())     // [email], FETCH NEXT 10

// SQL: SELECT "email", "name" FROM "users"
//      WHERE "active" = :is_active ORDER BY "email" ASC LIMIT 10
// Params: [is_active]
A+Go Report
MITLicense
1.24.0+Go Version
v1.0.10Latest Release

Why ASTQL?

SQL injection eliminated by construction, not by convention.

Schema-First Validation

Every table and field checked against DBML at build time. Typos become immediate panics, not runtime bugs.

Four Dialects, One AST

PostgreSQL, SQLite, MariaDB, SQL Server — proper identifier quoting, pagination syntax, and operator translation per dialect.

Defense in Depth

Schema allowlist, identifier validation, keyword blocking, quoted identifiers, and parameterized values. Five layers, zero vectors.

Composable Complexity

Nested AND/OR conditions, multi-table JOINs, subqueries with parameter namespacing, window functions, and CASE expressions.

Zero Reflection on Query Path

Schema validation at init, not per query. Building and rendering are pure struct operations.

ORM Foundation

Designed as the query layer for type-safe ORMs. Sentinel extracts metadata, ASTQL validates queries, sqlx executes.

Capabilities

From simple SELECTs to vector search — all validated against your schema, all rendered per dialect.

FeatureDescriptionLink
Schema ValidationTables and fields checked against DBML. Try variants for runtime validation of dynamic queries.Schema Validation
Multi-Dialect RenderingPostgreSQL, SQLite, MariaDB, SQL Server. Identifier quoting, pagination, and operators handled per provider.Architecture
Conditions & JoinsNested AND/OR, subqueries, all JOIN types, field comparisons, BETWEEN, EXISTS/NOT EXISTS.Conditions
Aggregates & WindowsGROUP BY, HAVING, aggregate functions with FILTER, window functions (ROW_NUMBER, RANK, LAG/LEAD).Aggregates
Vector Searchpgvector operators, distance metrics, and metadata filtering for semantic search applications.Vector Search
Upserts & PaginationON CONFLICT with RETURNING, cursor-based pagination, and LIMIT/OFFSET patterns across dialects.Upserts

Articles

Browse the full astql documentation.

OverviewType-safe SQL query builder for PostgreSQL

Learn

QuickstartGet started with astql in minutes
Core ConceptsTables, fields, params, conditions, and builders - the building blocks of astql
ArchitectureAST structure, render pipeline, and security layers

Guides

Schema ValidationDBML integration and validation patterns
ConditionsWHERE clauses, AND/OR logic, subqueries, and BETWEEN
JoinsINNER, LEFT, RIGHT, and CROSS joins
AggregatesGROUP BY, HAVING, aggregate functions, and window functions
TestingTesting patterns for query builders

Cookbook

PaginationLIMIT/OFFSET and cursor-based pagination patterns
Vector Searchpgvector similarity queries with ASTQL
UpsertsON CONFLICT patterns for insert-or-update operations
ORM FoundationBuilding type-safe ORMs with ASTQL as the query layer

Reference

API ReferenceComplete API reference for the astql package
Operators ReferenceAll comparison and special operators
© 2026 Alexander Thorwaldson