Control 01
Database role
The setup guides you to a read-only login. The role itself cannot perform writes. If a bug or a compromise tried, the database would refuse it.
Security
The cloud holds the documentation. Your network holds everything else.
Compliance teams ask three questions: where do credentials live, what crosses the network boundary, and who can do what. This page answers all three.
01 · Trust boundary
Two networks. One workspace.
The agent runs on a host inside your network. It opens TLS connections outbound to the control plane. Nothing inbound. The cloud receives the catalog and the run state. It never receives the password, and it handles row results only when a user explicitly runs a query or schedule.
02 · Sealed credentials
The browser does the sealing. The agent does the opening.
When you set up a database connection, the browser fetches the agent public key, seals the connection string with X25519 sealed-box, and posts the envelope. The cloud stores the envelope. The agent opens it locally. Compromising the cloud database does not compromise your credentials.
In the browser
Seal
libsodium crypto_box_seal with the agent public key. The plaintext credentials never leave the browser process.
In the cloud
Store
Only the sealed envelope is persisted. There is no key in the cloud capable of opening it. Backups, snapshots, and exports remain useless to anyone who is not the paired agent.
In the agent
Open
The agent reads its keypair from local disk, opens the envelope, opens the database connection, and discards the plaintext.
03 · Read-oriented guardrails
Controls before the database sees the SQL.
Taavik is built for documentation, diagnostics, and operational exports. It validates statements before dispatch, enforces execution caps, and expects every connection to use a read-only database role.
Control 02
Statement validation
The classifier rejects multi-statement input and write-oriented operations before the request is dispatched to the agent.
Control 03
Timeouts and caps
Statement timeout, row cap, byte cap, and concurrency caps are enforced before or during execution so one request cannot dominate the agent or the database.
04 · What the agent reads
Information schema. Catalogs. Nothing else.
PostgreSQL and Redshift
- information_schema.tables, columns, table_constraints
- pg_catalog.pg_class, pg_attribute, pg_index, pg_trigger
- pg_views, pg_proc, pg_namespace
SQL Server
- sys.tables, columns, indexes, foreign_keys
- sys.views, sys.objects, sys.parameters
- information_schema.columns, routines
MySQL
- information_schema.tables, columns, statistics
- information_schema.views, routines, triggers
- information_schema.key_column_usage
User tables
The agent never issues SELECT against your business tables, except for queries you explicitly authored and ran from the query workspace. Every such run is recorded with the rendered SQL and the variable values.
05 · Audit and access
Every run, every alert, every login.
Audit is not a separate add-on. It is the storage model. Every snapshot, every alert delivery, every query run is a row with a timestamp and a user.
Snapshot history
Immutable. Every scan is a row. Diffs are stored, not recomputed. Retention is plan-bound.
Alert deliveries
Every dispatch attempt logged with channel, status, attempts, and last error. Retries do not lose history.
Query runs
Rendered SQL, variable values, who, when, on which connection, row count, truncation flag, duration.
Roles and seats
Company admin, member. Per-user concurrency and daily caps. Free plan limits execution to admins.
Transport
All cloud traffic is TLS 1.2 or higher. Agent connections are outbound only.
DPA
Data Processing Agreement available on request for any plan that needs one. Standard contractual clauses for cross-border transfers.
Security review
Send the document to your compliance team.
We answer security questionnaires, sign DPAs, and do not require special procurement to start. Most teams pass the first review in a week.