Skip to content

KasierBach/Data-Explorer-Editor

Repository files navigation

Data Explorer

React Vite NestJS Prisma TypeScript TailwindCSS PostgreSQL MySQL MongoDB Redis Framer_Motion License Version

Data Explorer is a high-fidelity, high-performance database management and visualization IDE. It provides a unified, intelligent interface for developers and data engineers to explore, query, and visualize multi-engine databases, all supercharged by a context-aware AI.

Current documentation focus reflects the v3.6.4 workspace: configurable AI roles with custom OpenAI-compatible providers, higher-signal query safety warnings, SQL Steps plus AI Explain inside the editor, broader bilingual coverage, and a legal center with signup consent flow.


Key Features

AI Assistant and Routing

  • Context-Aware SQL Generation: Describe complex data needs in natural language and the AI generates SQL based on your live schema and foreign key relationships.
  • Vision Integration: Upload screenshots of DB diagrams or whiteboards for AI-assisted schema reconstruction and query help.
  • Global Assistant Panel: A resizable, toggleable sidebar available across major modules with SSE-based streaming responses.
  • Configure AI by Role: Choose separate models for AI Assistant, Explain, AI SQL, AI NoSQL, and Autocomplete, or let those roles inherit the main assistant model when you want a simpler setup.
  • Custom OpenAI-Compatible Providers: Add your own provider from the UI with a name, Base URL, API key, default model, and on-demand model catalog loading.
  • Provider-Aware Routing: Gemini remains the premium lane, Cerebras/OpenRouter/Groq can be configured as lower-cost, fast, or fallback lanes, and Beeknoee can be chosen explicitly when you want tighter model control.
  • Dedicated AI Services: Prompt building, schema context assembly, provider execution, connection context, and routing are separated into focused services for easier testing and safer future changes.
  • Intelligent Model Fallback: The AI layer can iterate through providers and models when a requested lane fails, helping keep generation more resilient without hanging the backend.
  • Surgical Precision Autocomplete: Inline AI suggestions prioritize exact SQL syntax completion without unnecessary explanations.
  • Chain Tabbing: Accept multi-line AI suggestions incrementally with the Tab key for fast editing flow.
  • Chat Persistence: Conversation history is stored in app state for continuity across sessions.

Multi-Database Strategy

  • Unified Engine Architecture: Connect to multiple engines through a strategy-based backend:
    • PostgreSQL (Neon, Supabase, RDS, Local)
    • MySQL (PlanetScale, Local, TiDB)
    • SQL Server (Azure SQL, Local MSSQL)
    • ClickHouse
    • MongoDB and MongoDB Atlas (SRV)
    • Redis (runtime infrastructure for caching, queues, notifications, presence, and search indexing)
  • Enterprise-Grade Credential Protection: Saved connection passwords are encrypted using AES-256-GCM before persistence.
  • Connection Safety Controls: Each saved connection can now be configured as read-only and can independently allow or block query execution, schema changes, and import/export flows.
  • Connection Health Visibility: Saved connections track their last health-check result, latency, and last successful connection timestamp so operators can spot broken credentials or degraded endpoints faster.
  • Centralized Persistence: Connections are stored in the app database so they survive client refreshes and redeployments.
  • Real-time Discovery: Fast schema inspection for tables, columns, views, indexes, and metadata.
  • Cross-DB Browsing: Jump between databases and schemas in a single workspace.

Redis Infrastructure

  • Caching Layer: Redis backs repeated metadata reads and query results so the app stays responsive under load.
  • Notification Bus: SSE notifications are broadcast through Redis Pub/Sub for progress updates and system messages.
  • Presence and Collaboration: Team presence and shared workspace signals are coordinated through Redis-backed flows.
  • Rate Limiting: Redis keeps API throttling consistent across multiple backend instances.
  • Background Work: Export, sync, and other long-running tasks can be queued without blocking the UI.
  • Search Indexing: Global search and metadata lookups use Redis-backed indexing for fast workspace navigation.
  • Organization Safety: Redis powers the Organization Backup and Migration Preview engines to handle bulk exports without downtime.

Team Collaboration

  • Team Workspace: Create teams, invite members, and manage roles from the Team page.
  • Shared Resources: Teams can share connections, queries, and dashboards.
  • Role-Based Membership: Invite users as viewers, members, or admins depending on how much control they need.
  • Mobile Entry Point: Teams can be opened directly from the mobile avatar menu.
  • Activity Visibility: Shared dashboard activity and team-level usage signals help collaborators see what changed.
  • Presence Tracking: Real-time indicators show active members within shared teamspaces.
  • Org Backup System: Admins can export and migrate entire organization configurations safely.

Access and Legal Surface

  • Public Legal Center: The landing surface now links to dedicated /legal, /privacy, and /terms pages.
  • Signup Consent Gate: Local signups must accept the Terms of Service and Privacy Policy before account creation succeeds.
  • Workspace Consent Enforcement: Accounts without recorded legal acceptance are redirected to a dedicated consent screen before entering the SQL or NoSQL workspace.

Entity Relationship Diagrams (ERD)

  • Intelligent Auto-Layout: Dynamic graph generation using React Flow with automatic node positioning.
  • Schema Exploration: Visualize table structures and relationships in an ERD-style workspace.
  • Visual Intelligence: Primary and foreign keys are highlighted for fast structural understanding.

Analytics and Insights

  • Heuristic Dashboard: Surface connection health, storage distribution, and table usage metrics.
  • Visual Intelligence: Interactive charts powered by Recharts for operational visibility.
  • Table Distribution: Heatmaps and row-count style analytics to spot bottlenecks quickly.

Pro SQL Workspace

  • Monaco Engine: VS Code-grade editing experience with advanced syntax highlighting and multi-cursor support.
  • Schema-Aware IntelliSense: Deep autocompletion that understands your tables, columns, and custom types.
  • Smart Safeguards and Optimization: Automatic limit injection, pagination support, and per-engine query guards help prevent accidental OOM scenarios.
  • Backend-Enforced Guardrails: Read-only and restricted connections are enforced server-side, so blocked updates, deletes, DDL, and imports cannot be bypassed by skipping the UI.
  • SQL Steps Sequencing: Split a multi-statement SQL script into draggable steps, reorder them, edit each block, apply the sequence back to the editor, or run it sequentially.
  • AI Query Explanation Dialog: Open a dedicated explanation surface with a line-numbered SQL preview and markdown-based AI breakdown of the script.
  • Keyboard Shortcuts: Use Ctrl+Enter to run, Ctrl+S to save, and Ctrl+H to open history.
  • Execution Analytics: Query plans and execution timing are surfaced in the workspace.
  • Tabbed Results: Separate panes for data, messages, and explain output.
  • Export Capabilities: Export result data as CSV, JSON, or SQL from the grid tooling.

Premium UI and Responsive Experience

  • Fully Responsive Architecture: Works across mobile and desktop layouts.
  • Mobile-Adaptive Interface:
    • Animated menu and drawer patterns
    • Touch-friendly controls
    • Overlay navigation for constrained screens
    • Horizontal tab management for dense workflows
  • Desktop Mode on Mobile: Mobile browsers can switch into a denser desktop-style layout when users need the full database IDE surface.
  • Centered Desktop Navigation: The top navbar keeps the primary workspace switcher visually balanced while preserving the right-side user, theme, AI, timer, settings, and team controls.
  • High-Density Desktop Mode: Designed for productivity with compact, information-rich layouts.
  • Modern UI System: Uses Radix UI, Tailwind, motion, and a componentized feature-driven structure.
  • Standardized API Communication: Consistent response shapes keep frontend handling predictable.
  • Uptime Monitoring Ready: Exposes /api/health for monitoring and host keep-alive setups.

Tech Stack and Ecosystem

Frontend (Client-Side)

Layer Technologies
Core Framework React 19, Vite, TypeScript
State Management Zustand, TanStack Query v5
UI Components Radix UI, Shadcn UI, Tailwind CSS
Visualizations React Flow, Recharts, Lucide Icons
Editor Monaco Editor
Animations Framer Motion, CSS Keyframes, Intersection Observer

Backend (Server-Side)

Layer Technologies
Architecture NestJS
ORM / Persistence Prisma
AI Engine Gemini plus OpenAI-compatible provider routing (Cerebras, OpenRouter, Groq, Beeknoee), SSE streaming, attachment-aware orchestration
Engines Support pg, mysql2, mssql, mongodb, @clickhouse/client
Security JWT, Passport.js, AES-256-GCM encryption
Infrastructure Redis, BullMQ, SSE notifications, presence coordination, search indexing

Project Architecture and Structure

Current Architecture Notes

  • Frontend layering: core keeps shared app/domain state, infrastructure keeps bootstrapping/plumbing, and presentation owns UI composition by feature module.
  • Backend layering: NestJS modules separate auth, permissions, connection persistence, query execution, AI, metadata, migrations, teamspaces, notifications, and Redis-backed infrastructure.
  • AI layering: Prompt building, schema context, routing, provider execution, and connection context are split so provider changes do not leak into UI or query services.
  • Database strategy pattern: Engine-specific SQL/NoSQL behavior lives behind database strategy implementations, keeping query services and controllers cleaner.
  • Responsive shell: Layout owns AppShell, NoSQL shell, navbar, profile dialog, compact mobile chrome, and desktop-mode-on-mobile behavior.

Code Intelligence and Review Workflow

  • GitNexus indexed workspace: The repository is indexed as Data-Explorer-Workspace with symbol, relationship, and execution-flow awareness for safer navigation and refactoring.
  • Impact-first changes: Before changing an important function, class, or method, run GitNexus impact analysis to understand direct callers, affected flows, and blast radius.
  • Pre-commit scope check: Use GitNexus change detection before committing so the changed symbols and execution flows match the intended patch.
  • AI-assisted review option: CodeRabbit can be used for an additional review pass on larger PRs, especially for regressions, maintainability, and security notes.
Data Explorer/
├── client/                                # React + Vite frontend application
│   └── src/
│       ├── core/                          # Client-side domain layer and shared app logic
│       ├── infrastructure/                # Infra-specific frontend plumbing and bootstrapping
│       ├── lib/                           # Small shared utilities such as class merging helpers
│       ├── presentation/                  # UI layer and feature composition
│       │   ├── components/                # Reusable UI pieces, docs primitives, code editor pieces
│       │   ├── hooks/                     # UI/data hooks such as schema sync and media queries
│       │   ├── modules/                   # Feature-driven application modules
│       │   │   ├── Connection/            # Connection dialog and connection management flows
│       │   │   ├── Dashboard/             # Insights and analytics dashboards
│       │   │   ├── DataGrid/              # Result grid, export, import, and table data tools
│       │   │   ├── Explorer/              # Sidebar tree, navigation, and database explorer UX
│       │   │   ├── LandingPage/           # Marketing/landing page sections
│       │   │   ├── Layout/                # AppShell, navbar, profile dialog, and shell composition
│       │   │   ├── Migration/             # Migration workflow UI and progress surfaces
│       │   │   ├── NoSqlExplorer/         # MongoDB-focused workspace and JSON exploration
│       │   │   ├── Query/                 # SQL editor, AI assistant, history, results, explain plans
│       │   │   └── Visualization/         # ERD and visual exploration workspaces
│       │   └── pages/                     # Route-level entry pages such as login, docs, admin, teams
├── server/                                # NestJS backend API
│   ├── prisma/                            # Prisma schema, migrations/config, and generated setup inputs
│   └── src/
│       ├── ai/                            # AI routing, provider runners, prompts, chat, streaming, autocomplete
│       ├── audit/                         # Audit logging and audit history APIs
│       ├── auth/                          # JWT auth, OAuth, token exchange, guards, roles
│       ├── collaboration/                 # Shared workspace state and team collaboration logic
│       ├── common/                        # Shared backend primitives and cross-cutting helpers
│       ├── connections/                   # Saved connection lifecycle and persistence
│       ├── dashboards/                    # Dashboard APIs and dashboard persistence
│       ├── database-strategies/           # Per-engine query/metadata/export strategy implementations
│       ├── erd-workspaces/                # Persisted ERD workspace state and diagram APIs
│       ├── mail/                          # Mail delivery and notification email helpers
│       ├── metadata/                      # Metadata freshness tracking and schema analysis
│       ├── migration/                     # Cross-database migration orchestration and progress streaming
│       ├── nosql/                         # MongoDB/NoSQL workspace APIs and collection operations
│       ├── notifications/                 # SSE notification streaming and Redis pub/sub
│       ├── organizations/                 # Org-level management and enterprise backups
│       ├── otp/                           # One-time passcode flows for authentication/security
│       ├── permissions/                   # Permission checks and access-control helpers
│       ├── presence/                      # Real-time team presence tracking (Redis-backed)
│       ├── prisma/                        # Prisma service and database access integration
│       ├── query/                         # Query execution, DML helpers, and result APIs
│       ├── redis/                         # Redis module, clients, and shared Redis utilities
│       ├── saved-queries/                 # Saved query APIs and persistence
│       ├── search/                        # Redis-backed search and metadata indexing
│       ├── seed/                          # Seed/dev data helpers
│       ├── teamspaces/                    # Dynamic team workspace and permission management
│       ├── tests/                         # Server-side strategy and service test coverage
│       ├── users/                         # User profile, settings, roles, billing, onboarding
│       ├── version-history/               # Entity version control and schema change tracking
│       └── utils/                         # Encryption, SQL guards, and backend utility helpers
├── docs/                                  # Local documentation and generated knowledge assets
├── plans/                                 # Implementation plans and review notes
├── docker-compose.yml                     # Local container orchestration for db + backend + frontend
├── package.json                           # Root dev scripts for running client and server together
├── .env.example                           # Root Docker-friendly example values
├── server/.env.example                    # Backend env template for local/dev/prod setup
└── README.md                              # Project overview and setup guide

Comprehensive User Guide

1. Connection Management

  • Universal Drivers: Click the + in the Explorer sidebar to add a new connection. The main UI currently exposes PostgreSQL, MySQL, SQL Server, ClickHouse, MongoDB, and MongoDB Atlas (SRV).
  • Metadata Sync: After connecting, the app crawls your schema and builds the tree view.
  • Switching Context: Move between saved connections and databases from the same workspace.

2. Pro SQL Workspace

  • Multi-Tab Editing: Open multiple SQL tabs and execute with Ctrl/Cmd + Enter.
  • Smart IntelliSense: Schema-aware suggestions are available inside the editor.
  • Explain and Analyze: Use the plan/analyze tooling for engine execution plans, and use the dedicated AI explanation dialog when you want a natural-language breakdown of the current SQL script.
  • SQL Steps: Break a long script into ordered steps, rearrange them visually, then apply the sequence back to the editor or run it one step at a time in order.
  • Saved Queries and History: Save reusable queries and reopen recent executions quickly.
  • Query Guardrails: Read-only and restricted connections are enforced at both UI and server levels.
  • Balanced IDE Chrome: The desktop navbar centers the SQL/NoSQL workspace switcher while preserving enough space for teams, theme controls, AI, timer, settings, and profile actions.
  • Mobile/Desktop Toggle: On mobile browsers, users can stay in compact mode or enable desktop-style mode when they need the full query/editor surface.

3. Team Collaboration

  • Invite and Manage Members: Create teams, invite members by email, and assign roles.
  • Share Work: Connections, queries, and dashboards can be shared to a team from the Team page.
  • Track Team Activity: Team dashboards and activity feeds help you see what the group has been using recently.
  • Open on Mobile: Teams is available from the avatar menu on mobile, even when the desktop navigation is collapsed.

4. Using the AI Assistant

  • Contextual Knowledge: The assistant is aware of your active connection, schema context, and current workspace state.
  • Vision Features: Drop in screenshots or reference material for AI-assisted schema and SQL help.
  • Configure AI: Open Profile > Configure AI to set separate models for Assistant, Explain, AI SQL, AI NoSQL, and Autocomplete, or let those roles inherit the Assistant model.
  • Custom Providers: Add your own OpenAI-compatible provider with a Base URL and API key, load the available models from that endpoint, and use them in role-based configuration.
  • Routing Modes: Use premium Gemini for harder work, optional Cerebras/OpenRouter/Groq lanes for cheaper, faster, or fallback chat flows, and explicit Beeknoee picks when you want to lock the provider/model.
  • Operational Safety: Provider requests include timeout and stream-idle limits so failed or slow model lanes do not block the app indefinitely.
  • Prompt Engineering: Ask practical questions like:
    • "Summarize the relationship between orders and customers"
    • "Find the top 5 customers with high churn risk based on transaction volume"

5. Interactive Visualizations

  • ERD Exploration: Open the ERD module to inspect table relationships visually.
  • Insights Dashboard: Review health signals, charts, and high-level usage indicators.
  • NoSQL Workspace: MongoDB-oriented flows now include Tree JSON browsing, Auto-Flatten Grid, schema analysis, aggregation building, and result-driven insights in a dedicated workspace.
  • Metadata Analytics: Inspect schema version history and metadata freshness signals from the sidebar.

6. Redis Infrastructure

  • Redis-backed Search: The backend keeps a fast metadata index in Redis so global search and workspace lookups stay responsive.
  • Notification Streaming: Long-running operations publish progress through Redis Pub/Sub and SSE.
  • Presence Coordination: Team presence and collaborative status indicators rely on Redis-backed runtime state.
  • Shared Throttling: If you run multiple backend instances, Redis keeps rate limits aligned across the cluster.
  • Job Processing: Export and sync flows rely on Redis-backed queues so the UI stays responsive while work happens in the background.

Installation and Local Development

Requirements

  • Node.js 20+
  • npm
  • PostgreSQL for the app metadata database
  • Redis for caching, notifications, presence, search, and background jobs
  • At least one built-in AI provider key, or a custom OpenAI-compatible provider you will add from the Configure AI screen (optional, only needed for AI features)
  • Docker and Docker Compose (optional, for the containerized path)

One-Click Docker Deployment (Recommended)

This is the fastest way to run Data Explorer locally with PostgreSQL, Redis, the backend API, and an Nginx-served frontend.

  1. Environment Setup

    • Copy server/.env.example to server/.env.
    • Fill in at least JWT_SECRET, ENCRYPTION_KEY, and any optional AI or OAuth variables you want to use.
    • No manual Prisma sync is required before first boot. The Docker stack runs the dedicated migrate service and applies the committed baseline automatically.
    • If you are serving the frontend through Docker on port 80, set:
      • FRONTEND_URL=http://localhost
  2. Launch

    docker compose up --build -d

Access Points

  • Web Interface: http://localhost
  • Backend API: http://localhost:3001/api/health
  • Primary Database: localhost:5435
    • user: postgres
    • password: postgres
    • database: data_explorer
  • Redis: localhost:6379 (for caching, notifications, queues, presence, and search indexing)

Note:

  • docker-compose.yml reads backend env vars from server/.env, not from the root .env.example.
  • The backend container listens on port 3001.
  • The frontend build arg defaults to VITE_API_URL=http://localhost:3001/api.
  • The Docker stack starts Redis automatically, so no separate Redis install is needed in that path.
  • The migrate service uses Prisma Migrate with the committed 0_init Postgres baseline, so you do not need a pre-run db push.

Initial Setup

  1. Clone and Install

    git clone https://github.com/KasierBach/Data-Explorer-Editor.git
    cd Data-Explorer-Editor
    npm install
  2. Backend Configuration

    cd server
    npm install
    cp .env.example .env
    npx prisma generate
    npx prisma migrate deploy
    npm run start:dev

    Recommended local values in server/.env:

    DATABASE_URL=postgresql://postgres:postgres@localhost:5435/data_explorer
    REDIS_URL=redis://localhost:6379
    FRONTEND_URL=http://localhost:5173
    PORT=3001
    JWT_SECRET=replace-with-a-random-secret-at-least-32-bytes-long
    ENCRYPTION_KEY=replace-with-exactly-32-random-characters
  3. Frontend Configuration

    cd ../client
    npm install
    npm run dev

    Optional client/.env:

    VITE_API_URL=http://localhost:3001/api
  4. Launch Visit http://localhost:5173 to start exploring.

  5. Run Both from Root

    npm run dev

Root Convenience Scripts

From the repository root:

npm run dev      # Start server and client together
npm run server   # Start only the NestJS backend in watch mode
npm run client   # Start only the Vite client with host binding

From each workspace:

cd client && npm run lint && npm run build
cd server && npm run lint && npm run build

Configuration

Environment Variables

The backend reads configuration from server/.env. The frontend reads VITE_API_URL from client/.env or from the Docker build arg.

Built-in AI lanes such as Gemini, OpenRouter, Groq, Cerebras, and Beeknoee are backend env-driven. User-added OpenAI-compatible providers, loaded model catalogs, and per-role model choices for Assistant / Explain / AI SQL / AI NoSQL / Autocomplete are configured from Profile > Configure AI and stored locally on that client machine/browser.

Variable Required Description
DATABASE_URL Yes Connection string for the app's central PostgreSQL database. Docker default: postgresql://postgres:postgres@db:5432/data_explorer.
REDIS_URL No Redis connection string for caching, notifications, queues, presence, search indexing, and throttling. Docker default: redis://redis:6379.
GEMINI_API_KEY No Gemini API key used for the premium AI lane, vision-capable prompts, and current-info capable flows.
AI_PROVIDER_TIMEOUT_MS No Timeout in milliseconds for AI provider requests. Default: 15000.
AI_STREAM_IDLE_TIMEOUT_MS No Idle timeout in milliseconds for streaming AI responses. Default: 15000.
CEREBRAS_API_KEY No Optional lower-cost AI provider key used by AI routing in Auto / Fast mode.
CEREBRAS_BASE_URL No Base URL for Cerebras' OpenAI-compatible API. Default: https://api.cerebras.ai/v1.
CEREBRAS_CHAT_MODEL No Preferred Cerebras chat model for cheaper AI routing.
OPENROUTER_API_KEY No Optional fallback AI provider key used when you want more free/cheap routing options.
OPENROUTER_BASE_URL No Base URL for OpenRouter. Default: https://openrouter.ai/api/v1.
OPENROUTER_CHAT_MODEL No OpenRouter model slug to use in Auto / Fast mode.
GROQ_API_KEY No Optional Groq key for low-latency OpenAI-compatible AI routing.
GROQ_BASE_URL No Base URL for Groq. Default: https://api.groq.com/openai/v1.
GROQ_CHAT_MODEL No Groq model slug used in Auto / Fast mode. Default: meta-llama/llama-4-scout-17b-16e-instruct.
BEEKNOEE_API_KEY No Optional Beeknoee key used when a user explicitly selects a Beeknoee model in AI Assistant.
BEEKNOEE_BASE_URL No Base URL for Beeknoee's OpenAI-compatible API. Default: https://platform.beeknoee.com/api/v1.
BEEKNOEE_CHAT_MODEL No Default Beeknoee chat model slug. Current recommended value: glm-4.7-flash.
JWT_SECRET Yes Strong secret used to sign access tokens. Placeholder values are rejected.
REFRESH_TOKEN_SECRET No Recommended separate secret for refresh-token cookies. If omitted, the app falls back to JWT_SECRET.
ENCRYPTION_KEY Yes Exactly 32 characters, used to encrypt saved database connection passwords.
LEGACY_ENCRYPTION_KEYS No Comma-separated list of older keys used to decrypt connections saved before the hardening update.
PORT No Server port. Local default: 3001.
FRONTEND_URL Yes Frontend URL used for CORS and OAuth redirects. Use http://localhost:5173 for Vite local dev, or http://localhost when serving the frontend through Docker on port 80.
ALLOW_INTERNAL_IPS No Recommended default is false. Local development still allows localhost, 127.0.0.1, and ::1.
GOOGLE_CLIENT_ID No Google login client ID.
GOOGLE_CLIENT_SECRET No Google login client secret.
GOOGLE_CALLBACK_URL No Google OAuth callback URL. Local default: http://localhost:3001/api/auth/google/callback.
GITHUB_CLIENT_ID No GitHub login client ID.
GITHUB_CLIENT_SECRET No GitHub login client secret.
GITHUB_CALLBACK_URL No GitHub OAuth callback URL. Local default: http://localhost:3001/api/auth/github/callback.
MAIL_USER No Email address or sender used for system mail.
MAIL_PASS No App password or provider API key.
VITE_API_URL No Frontend backend API URL. Default: http://localhost:3001/api.

Security and Production Notes

Recent hardening introduced a few important changes:

  • Safer OAuth flow: Google and GitHub login no longer return bearer tokens in the query string. The frontend now receives /login#code=... and exchanges it for a normal token.
  • Stronger secret enforcement: Weak or placeholder JWT_SECRET values prevent the backend from starting.
  • Encrypted connection credentials: Saved DB connection passwords are encrypted with AES-256-GCM, and the backend supports LEGACY_ENCRYPTION_KEYS to preserve older saved connections.
  • Advanced Guardrails: Read-only connections now block EXEC/EXECUTE bypasses and similar custom execution commands.
  • SSH Tunnel SSRF protection: The system blocks unsafe dbHost targets (localhost, 127.0.0.1, and internal IP ranges) within SSH tunnels to prevent intranet scanning.
  • Tightened Team Privacy: Shared resources are strictly isolated, removing insecure domain-based auto-sharing (e.g., preventing data leaks between different users on public domains like gmail.com).
  • Resource Safety: Data migration processes now include mandatory safety timeouts to prevent resource exhaustion (DoS).
  • Reduced XSS exposure: AI markdown no longer renders raw HTML in the client.
  • Safer session handling: Refresh tokens now live in httpOnly cookies, while access tokens stay in memory and are re-bootstrapped through /auth/refresh.
  • Sanitized DB Errors: Database error messages are sanitized before being sent to the client to prevent infrastructure information leakage.
  • AI request guardrails: Provider calls now use request timeouts and streaming idle timeouts so a slow lane cannot hang the backend indefinitely.
  • Legal access flow: New local registrations require Terms + Privacy consent, and users who have not accepted the legal flow are redirected to /legal-consent before entering the main workspace.

OAuth Flow Notes

If you configure Google or GitHub login, make sure:

  • FRONTEND_URL matches the frontend origin you are actually using
  • callback URLs in your OAuth provider match your local or production backend
  • after login, the app redirects in this format:
/login#code=...

The frontend then calls the exchange endpoint to convert the short-lived code into a normal access token.


Legacy Connection Compatibility

If older saved DB connections stopped working after changing ENCRYPTION_KEY, you can add:

LEGACY_ENCRYPTION_KEYS=12345678901234567890123456789012,abcdefghijklmnopqrstuvwxyz123456

Notes:

  • Each key must be exactly 32 characters
  • In local development, the system automatically tries the old fallback key to reduce the chance that you need to re-enter passwords
  • If an old password was encrypted with a key you no longer have, it cannot be recovered from the stored data

Build, Test, and Troubleshooting

Build

cd client
npm run build

cd ../server
npm run build

Test

cd client
npm test

cd ../server
npm test

Common Issues

  • Google / GitHub login is not working

    • Check JWT_SECRET
    • Check the callback URLs in your OAuth provider
    • Check FRONTEND_URL
  • Older saved connections no longer work

    • Check ENCRYPTION_KEY
    • Add LEGACY_ENCRYPTION_KEYS if you previously used another key
    • Restart the backend after updating env values
  • Localhost databases do not connect

    • Local development already allows localhost, 127.0.0.1, and ::1
    • Only enable ALLOW_INTERNAL_IPS=true if you intentionally need broader private-network access
  • Prisma build fails with EPERM on Windows

    • This usually happens because the backend dev server is still locking the Prisma engine file
    • Stop the running backend process and build again
  • You already have data in Postgres and want Prisma tracking

    • Use the committed baseline plus prisma migrate resolve if you need to attach Prisma history to an existing database
    • Do not run prisma migrate reset against a live database

Contributing and Support

  • Bug Reports: Open an issue on the GitHub Repo.
  • Custom Adapters: New database engine support can be added via the database-strategies module.

License

This project is licensed under the MIT License. See LICENSE.

About

A multi-database IDE for SQL and NoSQL workflows, with AI routing, schema-aware assistance, dashboards, and visual exploration built in.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages