You could do the same for your SSH user.
I’m assuming your database doesn’t have PII, if it does even that would be out of the question unless you gave the database user only access ti certain tables.
Now that I think about it, that’s not even a good idea since a badly written select statement can cause performance issues.
Any updates or writes go through a tool that sanity checks everything.
My rm tool (dangerous!) meticulously parses the input and pattern matches to prevent deleting essential files. It also prevents rm from being called outside the project directory.
You can’t trust the agents to do the right thing the first time, you steer them with error messages and gates that allow them only one path.