v2.1 generally available — Apache 2.0 licensed

Governed database & API access,
built for engineers.

AccessFlow is an open-source access proxy for SQL and NoSQL databases — and outbound REST, SOAP, GraphQL, and gRPC APIs — that sits between your team and your data. Every query and every API call is checked, sorted by type, optionally AI-reviewed, and routed through a configurable human-approval workflow before it touches production — with a tamper-evident metadata audit trail of every decision.

PostgreSQL · MySQL · MariaDB · Oracle · MSSQL · MongoDB · Couchbase · Redis · Cassandra · ScyllaDB · Elasticsearch · OpenSearch · DynamoDB · Neo4j Self-hosted · SAML · OAuth · TOTP Anthropic · OpenAI · Ollama · OpenAI-compatible · Hugging Face
~/accessflow — zsh
$ git clone github.com/bablsoft/accessflow
Cloning into 'accessflow'... done.
$ cd accessflow
$ docker compose up -d
[+] Running 4/4
postgres Healthy 12.3s
redis Started 1.4s
backend Started 6.1s
frontend Started 0.8s
Open http://localhost:5173 — the setup wizard creates the first admin
$
Architecture

One proxy. Every query and API call. Zero shared credentials.

Nobody gets the database password or the API credentials — not even your own team. AccessFlow sits in the middle and is the only thing that ever connects to the real database or upstream API, and only after a request is approved. Users sign in to AccessFlow, never to the target; behind the scenes the proxy holds the real database connection pools and the connectors' encrypted credentials, and reaches out on their behalf.

CLIENT React SPA · /ws · REST
API GATEWAY REST + WebSocket gateway · JWT · modular service
SERVICE Query & API Proxy
SERVICE Review Workflow
SERVICE AI Analyzer
SERVICE Admin & Audit
INTERNAL STATE PostgreSQL · Redis
CUSTOMER DATABASES & APIS (PROXIED) PostgreSQL · MySQL · MariaDB · Oracle · MSSQL · ClickHouse · custom drivers · MongoDB · Couchbase · Redis · Cassandra · ScyllaDB · Elasticsearch · OpenSearch · DynamoDB · Neo4j · REST · SOAP · GraphQL · gRPC APIs
Encryption AES-256-GCM for datasource credentials at rest. RSA-2048 JWT signing. SAML 2.0 keystore.
Runtime Concurrent request-per-task runtime — horizontally scalable behind any L7 load balancer.
Observability HTTP health and readiness probes. OpenTelemetry OTLP trace export of the full proxy pipeline (Tempo / Jaeger / Honeycomb), Prometheus metrics, and pre-built Grafana dashboards (query volume, approval SLAs, AI usage, rejection rates, pool stats). HMAC-SHA256 chained, append-only metadata audit log of every action. Optional one-line-JSON console logs (logstash / ECS / GELF) for ELK / OpenSearch.
Capabilities

The middle ground between blanket access and a DBA ticket queue.

Turn each capability on where you need it, tune it per database, and see everything that happens. Runs entirely inside your own infrastructure — nothing leaves the box.

Full query proxy — SQL and NoSQL

Every query is inspected before it ever reaches the database — parsed, sorted by type (read, write, or schema change), checked against the tables a user is allowed to touch, and routed through your review policy. The same governance covers NoSQL too: MongoDB, Couchbase, Redis, Cassandra, Elasticsearch, DynamoDB, and Neo4j all flow through identical checks, with dangerous or server-side commands blocked up front. Layer on row-level security so users only see the rows they're cleared for, dynamic masking that hides sensitive columns per person, and data-classification tags (PII, PCI, PHI, GDPR) that auto-apply masking and raise a query's risk score. A dry-run preview shows a query's impact before review without changing any data, and every executed query is saved as an exact snapshot you can replay in a test environment.

PostgreSQL · MySQL · MariaDB · Oracle · MSSQL · ClickHouse · MongoDB · Couchbase · Redis · Cassandra · ScyllaDB · Elasticsearch · OpenSearch · DynamoDB · Neo4j · connector catalog · custom drivers · read-replica routing · dynamic masking · row-level security · data classification

AI query analysis

An AI assistant reads each query first and flags anything risky — like a senior reviewer who never sleeps. Every query gets a 0–100 risk score, missing-index detection, and anti-pattern flags before a human sees it, plus concrete fixes you can apply as a draft. Pick your provider per organization (Anthropic, OpenAI, Ollama, any OpenAI-compatible backend, or Hugging Face) and tune the analyzer with an editable prompt and a RAG knowledge base of your house rules. Run several models at once and combine their verdicts by weighted, highest-risk, or majority voting — say a fast local model alongside a deep cloud one — with per-model cost and latency charted on the dashboard. Add guardrails that block configured prompt patterns before a model is ever called. Opt in to text-to-query — describe what you want in plain language and the AI drafts it in the database's own language, still routed through review. Beyond single queries, behavioral anomaly detection learns each user's normal pattern and escalates anything out of the ordinary, and an admin dashboard charts risk trends over time.

Anthropic · OpenAI · Ollama · OpenAI-compatible · Hugging Face · Multi-model voting · Guardrails · Per-model cost & latency · Optimization suggestions · Text-to-query · RAG · Langfuse · Anomaly detection (UBA) · History dashboard

Configurable review workflows

Decide who must sign off before a query runs, and route each request automatically. Build per-datasource approval chains with multi-stage reviewers, auto-approve reads, timeouts, and bulk decisions — and scope each queue to the right team by user or group. Add policy-as-code routing to auto-approve, escalate, or require extra approvals based on query type, AI risk, who's asking, time of day, and where the request came from. Users can request just-in-time temporary access, and for genuine emergencies break-glass runs a query immediately — still through every guard — while paging all admins and opening a mandatory follow-up review. Reviewers are notified by Email, Slack, Discord, Telegram, Teams, PagerDuty, or webhook, and can approve right from Slack or one tap on a mobile push (with a step-up check). While a query waits, reviewers and the submitter can even co-author it live — any edit re-enters review, so approvals are never skipped.

State machine · Per-datasource reviewers · Groups · Policy-as-code routing · JIT time-bound access · Break-glass emergency access · Bulk decisions · Real-time co-authoring · Inline comments · Slack approve/reject · Mobile PWA · One-tap push approvals · Email · Slack · Discord · Telegram · Teams · PagerDuty · Webhooks

Workforce-ready auth

Sign in with the accounts your company already uses — SAML 2.0 SSO and OAuth 2.0 / OIDC, with built-in templates for Google, GitHub, Microsoft, GitLab, and a generic provider for any other IdP (Keycloak, Auth0, Okta, …). Roles and group memberships sync automatically from your identity provider on every login, with optional TOTP two-factor. One deployment hosts multiple fully-isolated organizations, and a super-admin manages tenants across the cluster — with per-org quotas and a kill-switch that disables an org instantly.

JWT · SAML · OAuth · IdP group sync · TOTP · Multi-tenant orgs · Per-org quotas

Tamper-evident audit & compliance reports

Every decision is recorded in a log that can't be quietly edited after the fact — append-only, cryptographically chained, and searchable, with CSV export and no row data ever stored. Pre-built compliance reports — classified-data access (PII/PCI/PHI/GDPR) and a DDL/DELETE trail with approver names — export as digitally signed PDF/CSV that verify offline, surfaced to a dedicated read-only Auditor role.

HMAC-SHA256 chain · signed exports

Personalized dashboard

A self-scoped home that answers "what's waiting on me?" the moment you sign in: pending approvals, your recent queries with status and risk trends, an actionable AI optimization backlog you can open straight in the editor, and your own behavioral-anomaly alerts. Drag-and-drop the widgets into the layout you want — show, hide, collapse, reorder — and it sticks. Export the week as a digitally signed PDF/CSV on demand, or opt in to a weekly email digest.

Customizable widgets · weekly digest · signed export

Cloud-native deploy

Run it on a laptop with one command, or on Kubernetes for production. One docker compose up covers local and small environments; a Helm 3 chart covers Kubernetes, with HPA, PDB, and Bitnami Postgres/Redis subcharts. Redis-backed distributed locks keep scheduled jobs safe across replicas.

Docker · Helm · Kubernetes

Infrastructure as Code

Manage AccessFlow the way you manage the rest of your stack. An official Terraform / OpenTofu provider declares datasources, review plans, routing / row-level-security / masking policies, AI configs, and notification channels as code — applied idempotently with the same authoritative-upsert semantics as the env-driven GitOps bootstrap. Reusable GitHub Actions and a GitLab CI template wrap provisioning a datasource and submitting a governed query from a pipeline. Everything authenticates with a bootstrap-provisioned service-account API key.

Terraform · OpenTofu · GitHub Actions · GitLab CI · GitOps · Service-account API keys

API Access Governance

Govern outbound API calls — not just databases. Register an API connector (REST, SOAP, GraphQL, or gRPC) with a base URL, admin-defined default headers, and an auth method (API key, bearer, basic, OAuth2 with automatic token fetch/cache/refresh — client-credentials, refresh-token, or resource-owner password — custom header, or mTLS) — secrets are AES-256-GCM encrypted and never returned. Upload its schema (OpenAPI / WSDL / GraphQL SDL / gRPC proto — paste, file upload, or fetch from a URL) and AccessFlow parses a normalized operation catalog with read/write classification, then share governed connectivity with the team via per-user permissions. Compose calls like Postman — query params, custom headers, raw / form-data / x-www-form-urlencoded / binary file bodies — so every API call can flow through the same review, approval, and audit machinery as a database query: AI risk scoring, attribute-based routing, multi-stage approval, connector-level response masking (target a field by schema field, JSON path, XML/XPath, or regex — with a masking strategy and role / group / user reveal scoping) and data-classification tags (PII/PCI/PHI/GDPR/FINANCIAL/SENSITIVE that auto-derive masking and raise the AI risk), break-glass, scheduled execution, W3C trace-context propagation, full-response download, and natural-language text-to-API included.

REST · SOAP · GraphQL · gRPC · OpenAPI / WSDL / SDL / proto

Data lifecycle & right-to-erasure

Govern not just who reads data, but when it should be retired. Define retention/erasure rules per datasource — target a table, column set, or classification tag with a retention window plus arbitrary conditions (a structured, parameter-bound predicate builder and a JSqlParser-validated raw-WHERE escape hatch) and an action (hard-delete, soft-delete, or pseudonymize) — with an optional cron schedule, a clustered scan job, a dry-run preview, and automatic execution through the proxy. File a GDPR/CCPA right-to-erasure request with the same rich configuration and route it through AI-assisted scope detection plus review-plan-based peer review (REVIEWER-eligible, multi-stage, no self-approval, auto-reject on timeout). The proxy enforces it transparently: soft-deleted rows vanish from reads, DELETEs become marker updates, and aged PII resolves to an irreversible salted hash at read time — so aggregates survive while the PII does not — all with tamper-evident proof-of-deletion audit records.

Retention · conditions · cron · pseudonymization · peer-reviewed erasure

Request chaining & grouping

Bundle several steps into one grouped request reviewed and approved as a single element, then executed as an ordered sequence. Members can mix queries across different datasources and API calls against governed connectors — a builder lets you add steps, drag-reorder them, and see a per-step AI risk preview plus an aggregate risk badge. Bundling never weakens a member's policy: each member is validated against your permission for its target (break-glass groups require can_break_glass on every target), the required approvers are the union across all member plans, and the group is approved only when every member plan is satisfied — you can never approve your own group. On execute, members run in order; on the first failure the run stops and the rest are skipped (continue-on-error runs them all instead). There is no distributed rollback — an approved group is not atomic, already-applied members stay, and that's surfaced clearly. Each member records its own snapshot + audit row alongside group-level audit and live WebSocket progress.

Grouped requests · queries + API calls · ordered execution · no distributed rollback
Connectors

A growing catalog of SQL and NoSQL connectors.

A connector is simply how AccessFlow talks to one kind of database. AccessFlow ships with a built-in list — find the database your team uses, click Install, and it's ready to govern; AccessFlow fetches the right driver for you and verifies it's genuine before it's ever used. The list is grouped into SQL (table-based databases like PostgreSQL) and NoSQL (document databases like MongoDB). Using something that isn't on the list? Upload its driver and AccessFlow adds it. Under the hood this is a versioned connector catalog: every driver download is SHA-256-verified and cached, and the MongoDB, Couchbase, Redis, Cassandra, ScyllaDB, Elasticsearch, OpenSearch, Amazon DynamoDB, and Neo4j native engines are resolved on demand the same way. Read the connector docs →

SQL

PostgreSQL Built in
MySQL 1-click install
MariaDB 1-click install
Oracle 1-click install
SQL Server 1-click install
ClickHouse 1-click install
Custom driver Upload any driver

NoSQL

MongoDB 1-click install
Couchbase 1-click install
Redis 1-click install
Cassandra 1-click install
ScyllaDB 1-click install
Elasticsearch 1-click install
OpenSearch 1-click install
DynamoDB 1-click install
Neo4j 1-click install
Request flow

From keystroke to commit, observable at every step.

Every query follows the same predictable path — submitted, reviewed, run — and each step is recorded. Outbound API calls travel the same path, and grouped requests can bundle both. A single state machine drives that flow through classification, review, and execution, and every transition is auditable, cancellable, and replayable.

SQL Editor History Saved datasource: prod-orders ⌄
1-- backfill missing region codes
2UPDATE orders
3 SET region_code = UPPER(substr(country, 1, 2))
4 WHERE region_code IS NULL
5 AND created_at > '2026-01-01';
5 lines · DML detected · review required Submit for review
Use cases

Six problems that show up in every enterprise security review.

Different teams reach for AccessFlow for different reasons — but underneath it is the same governed checkpoint: one approval pipeline, one audit trail, one place where access policy actually runs.

For platform & infrastructure teams

Production access without shared credentials

Shared logins and standing admin access are how breaches — and audit findings — happen. AccessFlow holds the database credentials, encrypted, and brokers every query through one checkpoint. Engineers sign in as themselves; nobody copies a password out of a vault again.

  • Every query attributable to a person, a reason, and an approval
  • Credentials AES-256 encrypted, decrypted only inside the proxy — never shown to users
  • SQL or NoSQL, the same flow — PostgreSQL and MongoDB governed identically
Datasource · prod-orders connection brokered
useralice@co · ANALYST · SSO
databasepostgresql://prod-orders.internal:5432
password●●●●●●●●●● held by proxy — never disclosed
accessGOVERNED
0 shared logins · 0 standing superuser grants · every session attributed
For SRE & on-call teams

Just-in-time access that expires on its own

Standing privileges shrink to zero. Engineers request access for the window they need — minutes to days — and the grant revokes itself when the clock runs out. When production is down at 3 a.m., break-glass lets on-call act immediately: every admin is alerted the moment it happens, and a mandatory retro-review closes the loop.

  • Time-boxed grants, auto-revoked on expiry — no cleanup tickets
  • Break-glass skips the queue, never the guardrails — masking, row security, and row caps still apply
  • Every emergency run gets an after-the-fact review by an admin, never the submitter
Access grants auto-expiry on
g_1042orders_readonly · alice@coEXPIRES 2H 41M
g_1039payments_rw · bob@coPENDING
g_1031sessions_ro · dana@coEXPIRED · REVOKED
break-glass · INC-2114 · carol@co · admins alerted · retro-review due
For engineering managers & DBAs

Review at scale without a ticket queue

A governance process that takes days gets bypassed. AccessFlow's AI reads every query and API call first — risk score, anti-patterns, affected tables — so routing policies can auto-approve safe reads in seconds and send risky changes to the right approvers with the analysis already attached.

  • Low-risk requests auto-approve — reviewers see only what deserves attention
  • Approvers decide from Slack, email, or one-tap push, with AI findings inline
  • Multi-stage approval chains for the changes that really matter
AI triage routing policies active
SELECT … FROM events LIMIT 100risk 8AUTO-APPROVED
UPDATE orders SET region_code …risk 62→ DBA REVIEW
DROP TABLE legacy_usersrisk 97AUTO-REJECTED
reviewed by a human: only the one that needs it
For compliance & security teams

Audit evidence as a download, not a project

When the auditor asks who accessed customer data last quarter — and who approved it — the answer shouldn't be a two-week log archaeology project. Every request, decision, and execution lands in a tamper-evident, HMAC-chained audit trail, with scheduled access recertification campaigns and signed compliance exports on top.

  • Append-only, tamper-evident record of every decision — built for SOC 2, ISO 27001 & GDPR evidence
  • Recertification campaigns certify or revoke standing access on a schedule, with CSV evidence
  • Signed PDF/CSV compliance reports and a dedicated read-only auditor role
Audit log HMAC-SHA256 chained
14:02:51QUERY_SUBMITTED · alice@co#a81f→
14:04:11QUERY_APPROVED · eve@co#c290→
14:04:12QUERY_EXECUTED · system#f11d→
export → compliance-report-2026-Q2.pdf · signed ✓
For data protection & privacy teams

Privacy obligations as running processes

Classify sensitive fields once — PII, PCI, PHI, GDPR — and let policy do the rest. Masking redacts tagged columns in every result, retention policies age data out on schedule, and right-to-erasure requests run through a governed, approved, audited workflow instead of a spreadsheet.

  • Field-level masking applied to results across SQL and NoSQL engines alike
  • Retention and pseudonymization policies executed through the same governed proxy
  • Right-to-erasure with an approval trail you can show a regulator
Query result · masked 3 columns tagged
emaila•••@example.comPII
card_number•••• •••• •••• 4242PCI
diagnosis▓▓ redactedPHI
retention policy: 365d · erasure request e_2081 · EXECUTED
For integration & backend teams

The same governance for your APIs

Sensitive data doesn't only live in databases — it flows through payment processors, CRMs, and internal services. AccessFlow puts outbound REST, SOAP, GraphQL, and gRPC calls through the same submit → AI review → approve → execute pipeline, with response masking and classification-aware risk scoring.

  • One connector catalog for third-party and internal APIs, with schema ingestion
  • Response masking policies and data-classification tags on API payloads
  • Break-glass, scheduling, and audit — identical to the database flow
API requests REST · SOAP · GraphQL · gRPC
GET/v3/customers/{id} · billing-apiAPPROVED
POSTmutation refundCharge(…) · payments-gqlPENDING
RPCCrmService/ExportContacts · crm-grpcEXECUTED
response masked per connector policy · full body in audit snapshot
Quick start

Up and governing queries and API calls in under five minutes.

Pick your platform. The backend initializes its database schema on first boot; the first admin is created through the in-app setup wizard the moment you open the SPA.

docker-compose.yml
# Zero-config demo — open http://localhost:5173 and follow the setup wizard.
# Demo-only JWT / encryption keys are embedded in the file; generate your own
# for anything beyond evaluation (see docs/09-deployment.md).
services:
  postgres:
    image: postgres:18
    environment:
      POSTGRES_DB: accessflow
      POSTGRES_USER: accessflow
      POSTGRES_PASSWORD: accessflow

  redis:
    image: redis:8-alpine

  backend:
    image: ghcr.io/bablsoft/accessflow-backend:latest
    depends_on: [postgres, redis]
    environment:
      DB_URL: jdbc:postgresql://postgres:5432/accessflow
      REDIS_URL: redis://redis:6379
      ENCRYPTION_KEY: # 64-char hex, demo default embedded
      JWT_PRIVATE_KEY: # PKCS#8 PEM, demo default embedded
    ports: ["8080:8080"]

  frontend:
    image: ghcr.io/bablsoft/accessflow-frontend:latest
    depends_on: [backend]
    ports: ["5173:80"]

System requirements

Stack
Internal DB
PostgreSQL 18
Cache
Redis 8
Targets
PG · MySQL · MariaDB · Oracle · MSSQL · ClickHouse · connector catalog
AI backends
Anthropic · OpenAI · Ollama · OpenAI-compat. · Hugging Face
License
Apache 2.0
Sizing
Evaluation
2 vCPU · 4 GB RAM · 10 GB SSD
single-node Docker Compose
Production
Backend ≥ 2× (2 vCPU · 2 GB) · Postgres (2 vCPU · 4 GB · 50 GB) · Redis (1 vCPU · 1 GB)
scale backend replicas behind any L7 load balancer
Roadmap

Shipped, shipping, and where we're going next.

Public, versioned milestones — driven by community input and adapter contributions. Full milestone scope lives in docs/12-roadmap.md.

v1

Core platform

Proxy & data access
  • SQL proxy · 5 DBs + custom drivers
  • Read-replica routing · result diffing
  • Schema explorer & ER view · sample previews
  • Datasource health dashboard
AI analysis
  • Risk scoring + index hints · analytics
  • OpenAI-compatible & Hugging Face providers
  • Editable prompts · Langfuse · text-to-SQL · RAG
Review & access
  • Multi-stage approvals · auto-approve reads
  • Bulk decisions · scheduling · plan templates
  • Reviewer groups & scoping · JIT access
  • Policy-as-code routing · row-level security · masking
Auth & audit
  • JWT · SAML · OAuth/OIDC · TOTP · 4-role RBAC
  • HMAC-chained audit log + CSV export
Deploy
  • Docker Compose · Helm 3 · HPA · health probes
v2

Beyond SQL & advanced governance

Connectors & NoSQL engines
  • Declarative connector catalog
  • MongoDB · Couchbase (SQL++) · Redis
  • Cassandra & ScyllaDB (CQL)
  • Elasticsearch & OpenSearch · DynamoDB (PartiQL)
  • Neo4j (Cypher) · text-to-query for NoSQL
AI & monitoring
  • Behavioral anomaly detection (UBA)
  • AI optimization & index recommendations
  • Expanded MCP agent toolset
Review & access
  • Break-glass emergency access
  • Multi-tenant orgs & per-org quotas
  • Real-time collaborative editing
  • Mobile PWA + one-tap push
  • Version history & diff · dry-run sandbox · replay
  • Personalized dashboard & weekly digest
  • Request chaining & grouping
  • Group-based data & API access grants
API governance
  • Outbound API access governance — REST · SOAP · GraphQL · gRPC
  • Operation catalog · response masking · text-to-API
Compliance
  • Data classification tagging (PII/PCI/PHI/GDPR)
  • Compliance reports & signed exports · Auditor role
  • Data lifecycle — retention, right-to-erasure & pseudonymization
  • Access recertification campaigns
Automation & IaC
  • Terraform / OpenTofu provider
  • Reusable GitHub Actions & GitLab CI template
upcoming

Planned

Connectors & access
  • Native wire-protocol gateway
  • Column-level permissions
AI
  • Custom analyzer plugins (SPI / HTTP)
  • Automatic query suggestions
Documentation

Thirteen chapters. Read them in any order.

Every subsystem is documented — architecture diagrams, schemas, payload examples, deployment recipes, and security model. Open source in the same repo. New here? The run & configure guide walks you through installing AccessFlow and setting it up step by step.

Stop choosing between speed and safety.

Pull the images, run docker compose up, point AccessFlow at your dev database, and watch a real query run through a real review workflow.