Response Validation

4 tests demonstrate row limits, column masking, and result validation.

Configuration

Response validation rules in policy.yaml:

# policy.yaml
response_rules:
  - query: "get_user_by_id"
    max_rows: 1
    mask_columns:
      - column: "ssn"
        mask: "XXX-XX-####"
      - column: "email"
        mask: "****@****.***"

RESP-001PASS

Column Masking Applied

Original Database Response

 id | name     | email              | ssn
----+----------+--------------------+-------------
  1 | John Doe | john@example.com   | 123-45-6789

Masked Response (returned to client)

 id | name     | email              | ssn
----+----------+--------------------+-------------
  1 | John Doe | ****@****.***      | XXX-XX-6789

Sensitive columns are automatically masked before the response reaches the application.

RESP-002BLOCKED

Row Limit Exceeded

If the database returns more rows than max_rows, the response is truncated or blocked entirely, depending on configuration.