Data Explorer is a high-fidelity, high-performance database management and visualization IDE. It provides a unified, intelligent interface for developers and data engineers to explore, query, and visualize multi-engine databases, all supercharged by a context-aware AI.
Current documentation focus reflects the v3.6.4 workspace: configurable AI roles with custom OpenAI-compatible providers, higher-signal query safety warnings, SQL Steps plus AI Explain inside the editor, broader bilingual coverage, and a legal center with signup consent flow.
- Context-Aware SQL Generation: Describe complex data needs in natural language and the AI generates SQL based on your live schema and foreign key relationships.
- Vision Integration: Upload screenshots of DB diagrams or whiteboards for AI-assisted schema reconstruction and query help.
- Global Assistant Panel: A resizable, toggleable sidebar available across major modules with SSE-based streaming responses.
- Configure AI by Role: Choose separate models for AI Assistant, Explain, AI SQL, AI NoSQL, and Autocomplete, or let those roles inherit the main assistant model when you want a simpler setup.
- Custom OpenAI-Compatible Providers: Add your own provider from the UI with a name, Base URL, API key, default model, and on-demand model catalog loading.
- Provider-Aware Routing: Gemini remains the premium lane, Cerebras/OpenRouter/Groq can be configured as lower-cost, fast, or fallback lanes, and Beeknoee can be chosen explicitly when you want tighter model control.
- Dedicated AI Services: Prompt building, schema context assembly, provider execution, connection context, and routing are separated into focused services for easier testing and safer future changes.
- Intelligent Model Fallback: The AI layer can iterate through providers and models when a requested lane fails, helping keep generation more resilient without hanging the backend.
- Surgical Precision Autocomplete: Inline AI suggestions prioritize exact SQL syntax completion without unnecessary explanations.
- Chain Tabbing: Accept multi-line AI suggestions incrementally with the
Tabkey for fast editing flow. - Chat Persistence: Conversation history is stored in app state for continuity across sessions.
- Unified Engine Architecture: Connect to multiple engines through a strategy-based backend:
- PostgreSQL (Neon, Supabase, RDS, Local)
- MySQL (PlanetScale, Local, TiDB)
- SQL Server (Azure SQL, Local MSSQL)
- ClickHouse
- MongoDB and MongoDB Atlas (SRV)
- Redis (runtime infrastructure for caching, queues, notifications, presence, and search indexing)
- Enterprise-Grade Credential Protection: Saved connection passwords are encrypted using AES-256-GCM before persistence.
- Connection Safety Controls: Each saved connection can now be configured as read-only and can independently allow or block query execution, schema changes, and import/export flows.
- Connection Health Visibility: Saved connections track their last health-check result, latency, and last successful connection timestamp so operators can spot broken credentials or degraded endpoints faster.
- Centralized Persistence: Connections are stored in the app database so they survive client refreshes and redeployments.
- Real-time Discovery: Fast schema inspection for tables, columns, views, indexes, and metadata.
- Cross-DB Browsing: Jump between databases and schemas in a single workspace.
- Caching Layer: Redis backs repeated metadata reads and query results so the app stays responsive under load.
- Notification Bus: SSE notifications are broadcast through Redis Pub/Sub for progress updates and system messages.
- Presence and Collaboration: Team presence and shared workspace signals are coordinated through Redis-backed flows.
- Rate Limiting: Redis keeps API throttling consistent across multiple backend instances.
- Background Work: Export, sync, and other long-running tasks can be queued without blocking the UI.
- Search Indexing: Global search and metadata lookups use Redis-backed indexing for fast workspace navigation.
- Organization Safety: Redis powers the Organization Backup and Migration Preview engines to handle bulk exports without downtime.
- Team Workspace: Create teams, invite members, and manage roles from the Team page.
- Shared Resources: Teams can share connections, queries, and dashboards.
- Role-Based Membership: Invite users as viewers, members, or admins depending on how much control they need.
- Mobile Entry Point: Teams can be opened directly from the mobile avatar menu.
- Activity Visibility: Shared dashboard activity and team-level usage signals help collaborators see what changed.
- Presence Tracking: Real-time indicators show active members within shared teamspaces.
- Org Backup System: Admins can export and migrate entire organization configurations safely.
- Public Legal Center: The landing surface now links to dedicated /legal, /privacy, and /terms pages.
- Signup Consent Gate: Local signups must accept the Terms of Service and Privacy Policy before account creation succeeds.
- Workspace Consent Enforcement: Accounts without recorded legal acceptance are redirected to a dedicated consent screen before entering the SQL or NoSQL workspace.
- Intelligent Auto-Layout: Dynamic graph generation using React Flow with automatic node positioning.
- Schema Exploration: Visualize table structures and relationships in an ERD-style workspace.
- Visual Intelligence: Primary and foreign keys are highlighted for fast structural understanding.
- Heuristic Dashboard: Surface connection health, storage distribution, and table usage metrics.
- Visual Intelligence: Interactive charts powered by Recharts for operational visibility.
- Table Distribution: Heatmaps and row-count style analytics to spot bottlenecks quickly.
- Monaco Engine: VS Code-grade editing experience with advanced syntax highlighting and multi-cursor support.
- Schema-Aware IntelliSense: Deep autocompletion that understands your tables, columns, and custom types.
- Smart Safeguards and Optimization: Automatic limit injection, pagination support, and per-engine query guards help prevent accidental OOM scenarios.
- Backend-Enforced Guardrails: Read-only and restricted connections are enforced server-side, so blocked updates, deletes, DDL, and imports cannot be bypassed by skipping the UI.
- SQL Steps Sequencing: Split a multi-statement SQL script into draggable steps, reorder them, edit each block, apply the sequence back to the editor, or run it sequentially.
- AI Query Explanation Dialog: Open a dedicated explanation surface with a line-numbered SQL preview and markdown-based AI breakdown of the script.
- Keyboard Shortcuts: Use
Ctrl+Enterto run,Ctrl+Sto save, andCtrl+Hto open history. - Execution Analytics: Query plans and execution timing are surfaced in the workspace.
- Tabbed Results: Separate panes for data, messages, and explain output.
- Export Capabilities: Export result data as CSV, JSON, or SQL from the grid tooling.
- Fully Responsive Architecture: Works across mobile and desktop layouts.
- Mobile-Adaptive Interface:
- Animated menu and drawer patterns
- Touch-friendly controls
- Overlay navigation for constrained screens
- Horizontal tab management for dense workflows
- Desktop Mode on Mobile: Mobile browsers can switch into a denser desktop-style layout when users need the full database IDE surface.
- Centered Desktop Navigation: The top navbar keeps the primary workspace switcher visually balanced while preserving the right-side user, theme, AI, timer, settings, and team controls.
- High-Density Desktop Mode: Designed for productivity with compact, information-rich layouts.
- Modern UI System: Uses Radix UI, Tailwind, motion, and a componentized feature-driven structure.
- Standardized API Communication: Consistent response shapes keep frontend handling predictable.
- Uptime Monitoring Ready: Exposes
/api/healthfor monitoring and host keep-alive setups.
| Layer | Technologies |
|---|---|
| Core Framework | React 19, Vite, TypeScript |
| State Management | Zustand, TanStack Query v5 |
| UI Components | Radix UI, Shadcn UI, Tailwind CSS |
| Visualizations | React Flow, Recharts, Lucide Icons |
| Editor | Monaco Editor |
| Animations | Framer Motion, CSS Keyframes, Intersection Observer |
| Layer | Technologies |
|---|---|
| Architecture | NestJS |
| ORM / Persistence | Prisma |
| AI Engine | Gemini plus OpenAI-compatible provider routing (Cerebras, OpenRouter, Groq, Beeknoee), SSE streaming, attachment-aware orchestration |
| Engines Support | pg, mysql2, mssql, mongodb, @clickhouse/client |
| Security | JWT, Passport.js, AES-256-GCM encryption |
| Infrastructure | Redis, BullMQ, SSE notifications, presence coordination, search indexing |
- Frontend layering:
corekeeps shared app/domain state,infrastructurekeeps bootstrapping/plumbing, andpresentationowns UI composition by feature module. - Backend layering: NestJS modules separate auth, permissions, connection persistence, query execution, AI, metadata, migrations, teamspaces, notifications, and Redis-backed infrastructure.
- AI layering: Prompt building, schema context, routing, provider execution, and connection context are split so provider changes do not leak into UI or query services.
- Database strategy pattern: Engine-specific SQL/NoSQL behavior lives behind database strategy implementations, keeping query services and controllers cleaner.
- Responsive shell:
Layoutowns AppShell, NoSQL shell, navbar, profile dialog, compact mobile chrome, and desktop-mode-on-mobile behavior.
- GitNexus indexed workspace: The repository is indexed as
Data-Explorer-Workspacewith symbol, relationship, and execution-flow awareness for safer navigation and refactoring. - Impact-first changes: Before changing an important function, class, or method, run GitNexus impact analysis to understand direct callers, affected flows, and blast radius.
- Pre-commit scope check: Use GitNexus change detection before committing so the changed symbols and execution flows match the intended patch.
- AI-assisted review option: CodeRabbit can be used for an additional review pass on larger PRs, especially for regressions, maintainability, and security notes.
Data Explorer/
├── client/ # React + Vite frontend application
│ └── src/
│ ├── core/ # Client-side domain layer and shared app logic
│ ├── infrastructure/ # Infra-specific frontend plumbing and bootstrapping
│ ├── lib/ # Small shared utilities such as class merging helpers
│ ├── presentation/ # UI layer and feature composition
│ │ ├── components/ # Reusable UI pieces, docs primitives, code editor pieces
│ │ ├── hooks/ # UI/data hooks such as schema sync and media queries
│ │ ├── modules/ # Feature-driven application modules
│ │ │ ├── Connection/ # Connection dialog and connection management flows
│ │ │ ├── Dashboard/ # Insights and analytics dashboards
│ │ │ ├── DataGrid/ # Result grid, export, import, and table data tools
│ │ │ ├── Explorer/ # Sidebar tree, navigation, and database explorer UX
│ │ │ ├── LandingPage/ # Marketing/landing page sections
│ │ │ ├── Layout/ # AppShell, navbar, profile dialog, and shell composition
│ │ │ ├── Migration/ # Migration workflow UI and progress surfaces
│ │ │ ├── NoSqlExplorer/ # MongoDB-focused workspace and JSON exploration
│ │ │ ├── Query/ # SQL editor, AI assistant, history, results, explain plans
│ │ │ └── Visualization/ # ERD and visual exploration workspaces
│ │ └── pages/ # Route-level entry pages such as login, docs, admin, teams
├── server/ # NestJS backend API
│ ├── prisma/ # Prisma schema, migrations/config, and generated setup inputs
│ └── src/
│ ├── ai/ # AI routing, provider runners, prompts, chat, streaming, autocomplete
│ ├── audit/ # Audit logging and audit history APIs
│ ├── auth/ # JWT auth, OAuth, token exchange, guards, roles
│ ├── collaboration/ # Shared workspace state and team collaboration logic
│ ├── common/ # Shared backend primitives and cross-cutting helpers
│ ├── connections/ # Saved connection lifecycle and persistence
│ ├── dashboards/ # Dashboard APIs and dashboard persistence
│ ├── database-strategies/ # Per-engine query/metadata/export strategy implementations
│ ├── erd-workspaces/ # Persisted ERD workspace state and diagram APIs
│ ├── mail/ # Mail delivery and notification email helpers
│ ├── metadata/ # Metadata freshness tracking and schema analysis
│ ├── migration/ # Cross-database migration orchestration and progress streaming
│ ├── nosql/ # MongoDB/NoSQL workspace APIs and collection operations
│ ├── notifications/ # SSE notification streaming and Redis pub/sub
│ ├── organizations/ # Org-level management and enterprise backups
│ ├── otp/ # One-time passcode flows for authentication/security
│ ├── permissions/ # Permission checks and access-control helpers
│ ├── presence/ # Real-time team presence tracking (Redis-backed)
│ ├── prisma/ # Prisma service and database access integration
│ ├── query/ # Query execution, DML helpers, and result APIs
│ ├── redis/ # Redis module, clients, and shared Redis utilities
│ ├── saved-queries/ # Saved query APIs and persistence
│ ├── search/ # Redis-backed search and metadata indexing
│ ├── seed/ # Seed/dev data helpers
│ ├── teamspaces/ # Dynamic team workspace and permission management
│ ├── tests/ # Server-side strategy and service test coverage
│ ├── users/ # User profile, settings, roles, billing, onboarding
│ ├── version-history/ # Entity version control and schema change tracking
│ └── utils/ # Encryption, SQL guards, and backend utility helpers
├── docs/ # Local documentation and generated knowledge assets
├── plans/ # Implementation plans and review notes
├── docker-compose.yml # Local container orchestration for db + backend + frontend
├── package.json # Root dev scripts for running client and server together
├── .env.example # Root Docker-friendly example values
├── server/.env.example # Backend env template for local/dev/prod setup
└── README.md # Project overview and setup guide- Universal Drivers: Click the
+in the Explorer sidebar to add a new connection. The main UI currently exposes PostgreSQL, MySQL, SQL Server, ClickHouse, MongoDB, and MongoDB Atlas (SRV). - Metadata Sync: After connecting, the app crawls your schema and builds the tree view.
- Switching Context: Move between saved connections and databases from the same workspace.
- Multi-Tab Editing: Open multiple SQL tabs and execute with Ctrl/Cmd + Enter.
- Smart IntelliSense: Schema-aware suggestions are available inside the editor.
- Explain and Analyze: Use the plan/analyze tooling for engine execution plans, and use the dedicated AI explanation dialog when you want a natural-language breakdown of the current SQL script.
- SQL Steps: Break a long script into ordered steps, rearrange them visually, then apply the sequence back to the editor or run it one step at a time in order.
- Saved Queries and History: Save reusable queries and reopen recent executions quickly.
- Query Guardrails: Read-only and restricted connections are enforced at both UI and server levels.
- Balanced IDE Chrome: The desktop navbar centers the SQL/NoSQL workspace switcher while preserving enough space for teams, theme controls, AI, timer, settings, and profile actions.
- Mobile/Desktop Toggle: On mobile browsers, users can stay in compact mode or enable desktop-style mode when they need the full query/editor surface.
- Invite and Manage Members: Create teams, invite members by email, and assign roles.
- Share Work: Connections, queries, and dashboards can be shared to a team from the Team page.
- Track Team Activity: Team dashboards and activity feeds help you see what the group has been using recently.
- Open on Mobile: Teams is available from the avatar menu on mobile, even when the desktop navigation is collapsed.
- Contextual Knowledge: The assistant is aware of your active connection, schema context, and current workspace state.
- Vision Features: Drop in screenshots or reference material for AI-assisted schema and SQL help.
- Configure AI: Open
Profile > Configure AIto set separate models for Assistant, Explain, AI SQL, AI NoSQL, and Autocomplete, or let those roles inherit the Assistant model. - Custom Providers: Add your own OpenAI-compatible provider with a Base URL and API key, load the available models from that endpoint, and use them in role-based configuration.
- Routing Modes: Use premium Gemini for harder work, optional Cerebras/OpenRouter/Groq lanes for cheaper, faster, or fallback chat flows, and explicit Beeknoee picks when you want to lock the provider/model.
- Operational Safety: Provider requests include timeout and stream-idle limits so failed or slow model lanes do not block the app indefinitely.
- Prompt Engineering: Ask practical questions like:
"Summarize the relationship between orders and customers""Find the top 5 customers with high churn risk based on transaction volume"
- ERD Exploration: Open the ERD module to inspect table relationships visually.
- Insights Dashboard: Review health signals, charts, and high-level usage indicators.
- NoSQL Workspace: MongoDB-oriented flows now include Tree JSON browsing, Auto-Flatten Grid, schema analysis, aggregation building, and result-driven insights in a dedicated workspace.
- Metadata Analytics: Inspect schema version history and metadata freshness signals from the sidebar.
- Redis-backed Search: The backend keeps a fast metadata index in Redis so global search and workspace lookups stay responsive.
- Notification Streaming: Long-running operations publish progress through Redis Pub/Sub and SSE.
- Presence Coordination: Team presence and collaborative status indicators rely on Redis-backed runtime state.
- Shared Throttling: If you run multiple backend instances, Redis keeps rate limits aligned across the cluster.
- Job Processing: Export and sync flows rely on Redis-backed queues so the UI stays responsive while work happens in the background.
- Node.js 20+
- npm
- PostgreSQL for the app metadata database
- Redis for caching, notifications, presence, search, and background jobs
- At least one built-in AI provider key, or a custom OpenAI-compatible provider you will add from the Configure AI screen (optional, only needed for AI features)
- Docker and Docker Compose (optional, for the containerized path)
This is the fastest way to run Data Explorer locally with PostgreSQL, Redis, the backend API, and an Nginx-served frontend.
-
Environment Setup
- Copy
server/.env.exampletoserver/.env. - Fill in at least
JWT_SECRET,ENCRYPTION_KEY, and any optional AI or OAuth variables you want to use. - No manual Prisma sync is required before first boot. The Docker stack runs the dedicated
migrateservice and applies the committed baseline automatically. - If you are serving the frontend through Docker on port
80, set:FRONTEND_URL=http://localhost
- Copy
-
Launch
docker compose up --build -d
- Web Interface: http://localhost
- Backend API: http://localhost:3001/api/health
- Primary Database:
localhost:5435- user:
postgres - password:
postgres - database:
data_explorer
- user:
- Redis:
localhost:6379(for caching, notifications, queues, presence, and search indexing)
Note:
docker-compose.ymlreads backend env vars fromserver/.env, not from the root.env.example.- The backend container listens on port
3001. - The frontend build arg defaults to
VITE_API_URL=http://localhost:3001/api. - The Docker stack starts Redis automatically, so no separate Redis install is needed in that path.
- The
migrateservice uses Prisma Migrate with the committed0_initPostgres baseline, so you do not need a pre-rundb push.
-
Clone and Install
git clone https://github.com/KasierBach/Data-Explorer-Editor.git cd Data-Explorer-Editor npm install -
Backend Configuration
cd server npm install cp .env.example .env npx prisma generate npx prisma migrate deploy npm run start:devRecommended local values in
server/.env:DATABASE_URL=postgresql://postgres:postgres@localhost:5435/data_explorer REDIS_URL=redis://localhost:6379 FRONTEND_URL=http://localhost:5173 PORT=3001 JWT_SECRET=replace-with-a-random-secret-at-least-32-bytes-long ENCRYPTION_KEY=replace-with-exactly-32-random-characters
-
Frontend Configuration
cd ../client npm install npm run devOptional
client/.env:VITE_API_URL=http://localhost:3001/api
-
Launch Visit http://localhost:5173 to start exploring.
-
Run Both from Root
npm run dev
From the repository root:
npm run dev # Start server and client together
npm run server # Start only the NestJS backend in watch mode
npm run client # Start only the Vite client with host bindingFrom each workspace:
cd client && npm run lint && npm run build
cd server && npm run lint && npm run buildThe backend reads configuration from server/.env. The frontend reads VITE_API_URL from client/.env or from the Docker build arg.
Built-in AI lanes such as Gemini, OpenRouter, Groq, Cerebras, and Beeknoee are backend env-driven. User-added OpenAI-compatible providers, loaded model catalogs, and per-role model choices for Assistant / Explain / AI SQL / AI NoSQL / Autocomplete are configured from Profile > Configure AI and stored locally on that client machine/browser.
| Variable | Required | Description |
|---|---|---|
DATABASE_URL |
Yes | Connection string for the app's central PostgreSQL database. Docker default: postgresql://postgres:postgres@db:5432/data_explorer. |
REDIS_URL |
No | Redis connection string for caching, notifications, queues, presence, search indexing, and throttling. Docker default: redis://redis:6379. |
GEMINI_API_KEY |
No | Gemini API key used for the premium AI lane, vision-capable prompts, and current-info capable flows. |
AI_PROVIDER_TIMEOUT_MS |
No | Timeout in milliseconds for AI provider requests. Default: 15000. |
AI_STREAM_IDLE_TIMEOUT_MS |
No | Idle timeout in milliseconds for streaming AI responses. Default: 15000. |
CEREBRAS_API_KEY |
No | Optional lower-cost AI provider key used by AI routing in Auto / Fast mode. |
CEREBRAS_BASE_URL |
No | Base URL for Cerebras' OpenAI-compatible API. Default: https://api.cerebras.ai/v1. |
CEREBRAS_CHAT_MODEL |
No | Preferred Cerebras chat model for cheaper AI routing. |
OPENROUTER_API_KEY |
No | Optional fallback AI provider key used when you want more free/cheap routing options. |
OPENROUTER_BASE_URL |
No | Base URL for OpenRouter. Default: https://openrouter.ai/api/v1. |
OPENROUTER_CHAT_MODEL |
No | OpenRouter model slug to use in Auto / Fast mode. |
GROQ_API_KEY |
No | Optional Groq key for low-latency OpenAI-compatible AI routing. |
GROQ_BASE_URL |
No | Base URL for Groq. Default: https://api.groq.com/openai/v1. |
GROQ_CHAT_MODEL |
No | Groq model slug used in Auto / Fast mode. Default: meta-llama/llama-4-scout-17b-16e-instruct. |
BEEKNOEE_API_KEY |
No | Optional Beeknoee key used when a user explicitly selects a Beeknoee model in AI Assistant. |
BEEKNOEE_BASE_URL |
No | Base URL for Beeknoee's OpenAI-compatible API. Default: https://platform.beeknoee.com/api/v1. |
BEEKNOEE_CHAT_MODEL |
No | Default Beeknoee chat model slug. Current recommended value: glm-4.7-flash. |
JWT_SECRET |
Yes | Strong secret used to sign access tokens. Placeholder values are rejected. |
REFRESH_TOKEN_SECRET |
No | Recommended separate secret for refresh-token cookies. If omitted, the app falls back to JWT_SECRET. |
ENCRYPTION_KEY |
Yes | Exactly 32 characters, used to encrypt saved database connection passwords. |
LEGACY_ENCRYPTION_KEYS |
No | Comma-separated list of older keys used to decrypt connections saved before the hardening update. |
PORT |
No | Server port. Local default: 3001. |
FRONTEND_URL |
Yes | Frontend URL used for CORS and OAuth redirects. Use http://localhost:5173 for Vite local dev, or http://localhost when serving the frontend through Docker on port 80. |
ALLOW_INTERNAL_IPS |
No | Recommended default is false. Local development still allows localhost, 127.0.0.1, and ::1. |
GOOGLE_CLIENT_ID |
No | Google login client ID. |
GOOGLE_CLIENT_SECRET |
No | Google login client secret. |
GOOGLE_CALLBACK_URL |
No | Google OAuth callback URL. Local default: http://localhost:3001/api/auth/google/callback. |
GITHUB_CLIENT_ID |
No | GitHub login client ID. |
GITHUB_CLIENT_SECRET |
No | GitHub login client secret. |
GITHUB_CALLBACK_URL |
No | GitHub OAuth callback URL. Local default: http://localhost:3001/api/auth/github/callback. |
MAIL_USER |
No | Email address or sender used for system mail. |
MAIL_PASS |
No | App password or provider API key. |
VITE_API_URL |
No | Frontend backend API URL. Default: http://localhost:3001/api. |
Recent hardening introduced a few important changes:
- Safer OAuth flow: Google and GitHub login no longer return bearer tokens in the query string. The frontend now receives
/login#code=...and exchanges it for a normal token. - Stronger secret enforcement: Weak or placeholder
JWT_SECRETvalues prevent the backend from starting. - Encrypted connection credentials: Saved DB connection passwords are encrypted with AES-256-GCM, and the backend supports
LEGACY_ENCRYPTION_KEYSto preserve older saved connections. - Advanced Guardrails: Read-only connections now block
EXEC/EXECUTEbypasses and similar custom execution commands. - SSH Tunnel SSRF protection: The system blocks unsafe
dbHosttargets (localhost, 127.0.0.1, and internal IP ranges) within SSH tunnels to prevent intranet scanning. - Tightened Team Privacy: Shared resources are strictly isolated, removing insecure domain-based auto-sharing (e.g., preventing data leaks between different users on public domains like gmail.com).
- Resource Safety: Data migration processes now include mandatory safety timeouts to prevent resource exhaustion (DoS).
- Reduced XSS exposure: AI markdown no longer renders raw HTML in the client.
- Safer session handling: Refresh tokens now live in
httpOnlycookies, while access tokens stay in memory and are re-bootstrapped through/auth/refresh. - Sanitized DB Errors: Database error messages are sanitized before being sent to the client to prevent infrastructure information leakage.
- AI request guardrails: Provider calls now use request timeouts and streaming idle timeouts so a slow lane cannot hang the backend indefinitely.
- Legal access flow: New local registrations require Terms + Privacy consent, and users who have not accepted the legal flow are redirected to
/legal-consentbefore entering the main workspace.
If you configure Google or GitHub login, make sure:
FRONTEND_URLmatches the frontend origin you are actually using- callback URLs in your OAuth provider match your local or production backend
- after login, the app redirects in this format:
/login#code=...
The frontend then calls the exchange endpoint to convert the short-lived code into a normal access token.
If older saved DB connections stopped working after changing ENCRYPTION_KEY, you can add:
LEGACY_ENCRYPTION_KEYS=12345678901234567890123456789012,abcdefghijklmnopqrstuvwxyz123456Notes:
- Each key must be exactly 32 characters
- In local development, the system automatically tries the old fallback key to reduce the chance that you need to re-enter passwords
- If an old password was encrypted with a key you no longer have, it cannot be recovered from the stored data
cd client
npm run build
cd ../server
npm run buildcd client
npm test
cd ../server
npm test-
Google / GitHub login is not working
- Check
JWT_SECRET - Check the callback URLs in your OAuth provider
- Check
FRONTEND_URL
- Check
-
Older saved connections no longer work
- Check
ENCRYPTION_KEY - Add
LEGACY_ENCRYPTION_KEYSif you previously used another key - Restart the backend after updating env values
- Check
-
Localhost databases do not connect
- Local development already allows
localhost,127.0.0.1, and::1 - Only enable
ALLOW_INTERNAL_IPS=trueif you intentionally need broader private-network access
- Local development already allows
-
Prisma build fails with
EPERMon Windows- This usually happens because the backend dev server is still locking the Prisma engine file
- Stop the running backend process and build again
-
You already have data in Postgres and want Prisma tracking
- Use the committed baseline plus
prisma migrate resolveif you need to attach Prisma history to an existing database - Do not run
prisma migrate resetagainst a live database
- Use the committed baseline plus
- Bug Reports: Open an issue on the GitHub Repo.
- Custom Adapters: New database engine support can be added via the
database-strategiesmodule.
This project is licensed under the MIT License. See LICENSE.