Governed database access,
built for engineers.
AccessFlow is an open-source SQL proxy that sits between your team and your databases. Every query is parsed, classified, optionally AI-reviewed, and routed through a configurable human-approval workflow before it touches production — with a tamper-evident metadata audit trail of every decision.
One proxy. Every query. Zero shared credentials.
AccessFlow is the sole path between users and production databases. Customer-database credentials never leave the proxy — users authenticate to AccessFlow, the proxy holds the real JDBC connection pools and opens connections only after a query is approved.
The middle ground between blanket access and a DBA ticket queue.
Composable subsystems, configurable per datasource, observable end-to-end. Deployable inside your own infrastructure with no telemetry leaving the box.
Full SQL proxy
Every statement is parsed with JSqlParser, classified as SELECT / DML / DDL, validated against schema and table allow-lists at the AST level, then routed through your review policy before it touches the database.
PostgreSQL · MySQL · MariaDB · Oracle · MSSQL · custom JDBCAI query analysis
Pluggable per-organization analyzer — Anthropic, Ollama, or any OpenAI-compatible backend. Every query gets a 0–100 risk score, missing-index detection, and anti-pattern flags before a human ever sees it.
Anthropic · Ollama · OpenAI-compatibleConfigurable review workflows
Per-datasource approval chains with multi-stage reviewers, auto-approve reads, approval timeouts that auto-reject, and submitter cancellation. Reviewers are paged via Email, Slack Block Kit, or HMAC-signed webhooks.
State machine · Email · Slack · WebhooksWorkforce-ready auth
JWT RS256 with HttpOnly refresh-token rotation. SAML 2.0 SP- and IdP-initiated SSO with attribute-based role mapping. OAuth 2.0 / OIDC sign-in with built-in templates for Google, GitHub, Microsoft, and GitLab — plus optional TOTP 2FA.
JWT · SAML · OAuth · TOTPTamper-evident audit
Append-only metadata audit log chained with HMAC-SHA256. INSERT-only DB grants make after-the-fact rewrites detectable. CSV export, searchable UI, no row data ever stored.
HMAC-SHA256 chainCloud-native deploy
One docker compose up for local and small environments. Helm 3 chart for Kubernetes, with HPA, PDB, and Bitnami Postgres/Redis subcharts. Redis-backed distributed locks keep scheduled jobs safe across replicas.
Docker · Helm · Kubernetes · ModulithFrom keystroke to commit, observable at every step.
A single state machine drives every query through classification, review, and execution. Each transition is auditable, cancellable, and replayable.
Submit a query
Analyst writes SQL in the built-in CodeMirror editor. The frontend posts to /queries; the proxy parses and classifies it.
AI reviews it
Risk score, anti-pattern flags, missing indexes. The status moves PENDING_AI → PENDING_REVIEW.
Humans approve
Reviewers get paged by Email, Slack, or webhook. Multi-stage approval chains run as a state machine.
Proxy executes
AccessFlow opens a JDBC connection from the per-datasource HikariCP pool, executes, captures metadata.
Audit forever
Append-only metadata audit row. WebSocket pushes result to the submitter. Status becomes EXECUTED.
WHERE clause has no index on (region_code, created_at). Estimated 4.2M rows scanned. Suggest composite index before run.
Repeat execution will not modify already-backfilled rows (region_code IS NULL filter is self-limiting). Safe to re-run.
UPPER(substr(...)) is deterministic. Statement parses cleanly against the orders schema.
Up and governing queries in under five minutes.
Pick your platform. The backend runs Flyway migrations on first boot; the first admin is created through the in-app setup wizard the moment you open the SPA.
# Zero-config demo — open http://localhost:5173 and follow the setup wizard. # Demo-only JWT / encryption keys are embedded in the file; generate your own # for anything beyond evaluation (see docs/09-deployment.md). services: postgres: image: postgres:18 environment: POSTGRES_DB: accessflow POSTGRES_USER: accessflow POSTGRES_PASSWORD: accessflow redis: image: redis:8-alpine backend: image: ghcr.io/bablsoft/accessflow-backend:latest depends_on: [postgres, redis] environment: DB_URL: jdbc:postgresql://postgres:5432/accessflow REDIS_URL: redis://redis:6379 ENCRYPTION_KEY: # 64-char hex, demo default embedded JWT_PRIVATE_KEY: # PKCS#8 PEM, demo default embedded ports: ["8080:8080"] frontend: image: ghcr.io/bablsoft/accessflow-frontend:latest depends_on: [backend] ports: ["5173:80"]
# helm repo add accessflow https://bablsoft.github.io/accessflow # helm install accessflow accessflow/accessflow -f values.yaml backend: replicaCount: 3 autoscaling: enabled: true minReplicas: 2 maxReplicas: 10 # Postgres + Redis ship as Bitnami subcharts — disable for production postgresql: enabled: true redis: enabled: true secrets: encryptionKey: existingSecret: accessflow-encryption-key jwtPrivateKey: existingSecret: accessflow-jwt-key ingress: enabled: true className: nginx hosts: - host: accessflow.company.com
# clone git clone https://github.com/bablsoft/accessflow.git cd accessflow # 1. infrastructure — Postgres 18 + Redis 8 + Mailcrab (dev-only compose) docker compose -f backend/docker-compose-dev.yml up -d # 2. backend — Java 25 · Spring Boot 4 · Maven cd backend ./mvnw spring-boot:run # 3. frontend — Node 24 · Vite 8 · React 19 cd ../frontend npm install npm run dev # open http://localhost:5173 — the in-app setup wizard creates the first admin
Shipped, shipping, and where we're going next.
Public, versioned milestones — driven by community input and adapter contributions. Full milestone scope lives in docs/12-roadmap.md.
Core platform
- SQL proxy · 5 DBs + custom JDBC
- AI review · risk + index hints
- Multi-stage approval workflows
- JWT · SAML · OAuth · TOTP 2FA
- HMAC-chained audit log
- Docker Compose + Helm 3
Productivity
- Dynamic JDBC driver loading
- Datasource creation wizard
- Query scheduling
- Bulk approval UI
- AI analytics dashboard
- User invitation flow
Reviewer experience
- Read replica routing
- Query result diffing
- Slack bot approve / reject
- PagerDuty integration
- Query templates library
- Datasource health dashboard
Beyond SQL
- MongoDB query governance
- Redis access governance
- REST API governance
- Custom analyzer plugin SPI
- Column-level permissions
Compliance
- PII / PCI / PHI classification
- Auto query suggestions
- SOC2 / HIPAA report export
Thirteen chapters. Read them in any order.
Every subsystem is documented — architecture diagrams, schemas, payload examples, deployment recipes, and security model. Open source in the same repo.
Overview
Problem statement, goals, non-goals, value proposition.
02Architecture
Subsystems, technology stack, request flow.
03Data model
Internal entities, audit log schema, retention.
04REST API
Endpoints, payloads, WebSocket events.
05Backend
Modulith layout, proxy engine, workflow state machine.
06Frontend
React/Vite layout, SQL editor, TanStack & Zustand.
07Security
JWT, SAML, OAuth, encryption, audit integrity.
08Notifications
Email, Slack, signed webhook delivery.
09Deployment
Docker Compose, Helm, env-var reference.
11Development
Repo layout, tests, coding standards, Git workflow.
12Roadmap
Milestones, contribution path.
13MCP server
Stateless tool surface for AI agents, API keys.
★Agent rulebook
CLAUDE.md — module boundaries, conventions, gates.
Stop choosing between speed and safety.
Pull the images, run docker compose up, point AccessFlow at your dev database, and watch a real query run through a real review workflow.