Security
Banking-grade security architecture. Your data does not leave the box.
Five security principles
Data locality
All computation runs on your server. The LLM (Ollama) is local. No data is sent to any cloud provider. Telemetry can be fully disabled.
Hardware-bound licensing
License files are encrypted with a Fernet key derived from SHA-256 of MAC + hostname. They refuse to run on any other machine.
Read-only by default
All profiling and anomaly queries are read-only. INSERT/UPDATE/DELETE are regex-blocked. Mutations require an approval_id.
Role-based access
Admin / Analyst / Viewer / Auditor — 4 roles. PBKDF2 hashes, Fernet-encrypted user store, 8h Bearer token TTL.
Audit trail
Every action is written as structured JSONL to audit.jsonl. SOX-grade 7-year retention. Filtered handler keeps it on a separate channel.
Disaster Recovery
Disaster Recovery
Five-step automated DR test: backup → restore → verify → audit chain → cleanup. Output is stored as an HTML report.
- RPO
- 24 hours (configurable)
- RTO
- 1 hour (default)
$ python main.py maintenance dr-test --save-report
- 1Backup → tar.gz config + snapshots
- 2Restore → temp directory
- 3Verify → diff config/snapshots
- 4Audit chain → hash continuity check
- 5Cleanup → temp removal
✓ 5/5 ok · 0 fail · report saved
30-minute live demo against your own schema
Not a slideshow — a live install. We profile your SQL Server connection in minutes.