We didn't want an AI SQL reviewer. We wanted deterministic

So we built Valk Guard . Most SQL linters scan .sql files. The problem is, most SQL doesn't live in .sql files. It lives in db.Query() calls. In Goqu builder chains. In SQLAlchemy ORM methods. In migration files mixed with application logic. By the time SQL reaches production, it's been assembled, concatenated, or synthesized by code that no .sql -only tool will ever see. I built Valk Guard to solve that. It's a static analysis tool that walks your source code's AST, reconstructs the SQL your ORMs and query builders will generate, parses it through a real PostgreSQL grammar, and reports findings in CI-friendly formats. No database connection. No runtime. Just structure. go install github.com/valkdb/valk-guard/cmd/valk-guard@latest valk-guard scan . 19 rules enabled by default. Zero config. Takes seconds. What it actually catches Here's a Goqu chain in Go: goqu . From ( "orders" ) . Delete () There's no raw SQL anywhere in that line. But Valk Guard walks the Go AST, recognizes the Goqu