SSO & role-based access
Single sign-on with domain allowlisting. Five focused roles — author, reviewer, operator, reverter, admin — mapped to fine-grained permissions and enforced on every API call.
Change governance for any database
Qodara turns raw production edits into a governed workflow: draft → review → dry-run preview → apply → revert. Snapshots before every write. An audit line for every action. And a read-only AI copilot that actually knows your schema.
Built for teams that treat the database like production code
The workflow
Click through a change request's life. Or just watch — it plays itself.
Native operation JSON, sandboxed JavaScript, versioned migration scripts, Python, or template updates. Syntax is checked on submit — broken changes never reach a reviewer.
"Filter is scoped correctly, preview counts match expectation."
Notified in Slack · 2 min ago
Reviewers are pinged automatically. Authors can't approve their own work. Environments that require approval will not execute without it — enforced server-side, not in the UI.
Previews dry-run against the actual target environment and show before/after diffs and match counts. If the numbers look wrong, you find out here — not in an incident channel.
Before a single document changes, Qodara captures the affected state. Execution runs are recorded with full before/after snapshots, so "what exactly did this change?" always has an answer.
Applied changes revert in one click using the captured snapshots. No hand-written rollback scripts at 2am, no guessing what the old values were.
The platform
Governance only works when it's the easiest path. Qodara makes the safe way the fast way.
Single sign-on with domain allowlisting. Five focused roles — author, reviewer, operator, reverter, admin — mapped to fine-grained permissions and enforced on every API call.
Staging, production, whatever you run — each environment has its own connection, its own approval policy, and its own database-access controls. Secrets stay as references, never in the UI.
Every change can be simulated against its real target before it runs. Diffs, match counts, and failures surface in review — not in production.
Before/after state is captured on every apply. Reverting is a permissioned one-click action that restores from the snapshot — auditable like everything else.
Every workflow action, every execution run, every ad-hoc query is written to an audit log with actor, timestamp, and a diff-level summary. Compliance stops being archaeology.
A read-only query workbench for humans: find, aggregate, or sandboxed scripts against any permitted environment — with its own audit trail.
Native operation JSON, sandboxed JavaScript, versioned migrations, repo-based migration scripts, Python, and template updates — one workflow governs them all.
Submitting a change pings its reviewers where they already are. Less "did you see my CR?", more shipping.
Turn a plain-English question into a validated, saved dashboard artifact over your data — planned and executed by the AI layer, governed like everything else.
EZIO — the built-in copilot
EZIO answers questions about your schema, your data, and your codebase — over read-only connections it cannot escalate. Try it:
EZIO's database access goes through connections that only permit reads — write attempts fail at the driver, not at a prompt's mercy.
Each question is routed to the sources it actually needs — schema cards, a lexical code index, live queries — so answers are fast and grounded.
Monthly spend quotas per user, encrypted per-user API credentials, and per-workload model selection keep cost and access under control.
Every EZIO conversation and every query it runs lands in its own audit log. The AI gets no special exemptions.
Security model
Qodara is self-hostable and slots in front of the databases you already run. Bring your database, your SSO, and your most skeptical reviewer.