sandbox · example data only · not your workspace

Database Health Demo

Connect DB → detect slow query / backup gap → suggest fix.

Database Engineer reads → recommends → approval required for any DDL/migration.

Steps

Est. time

~5 min

Audience

client

Reviewed

2026-05-23

engineer · Database Engineerconnector · Postgresconnector · MySQLconnector · MongoDB

read first

Execution Plans— Phased plans, dependency graphs, rollback verification.

Permissions Model Scanning Model Approval Workflow

data flow

scenario architecture


   DB  ──read-only role──▶  Database Engineer
                                  │
                          slow query / backup gap detected
                                  │
                          composite index proposed (DDL)
                                  │
                                  ▼
                        two-person approval ──tip──▶ DDL runs

step 1/5·No approval needed

Connect database

Read-only role; no direct app-level access.

visionxixlabs.com

database · prod-orders-db · postgres 15

Schema

142 tables

Slow query

2.4s avg

Last backup

36h ago

Connections

48/100

slow query · /orders endpoint

SELECT id, status, total_cents, created_at
FROM orders
WHERE user_id = $1
ORDER BY created_at DESC
LIMIT 50;

-- explain (analyze, buffers):
--   Seq Scan on orders  (cost=0..198432.10 rows=49 width=46)
--     (actual time=2387.40..2392.05 rows=12 loops=1)
--     Filter: (user_id = '...'::uuid)

proposed index · DDL preview

CREATE INDEX CONCURRENTLY idx_orders_user_created
  ON orders (user_id, created_at DESC);

-- expected impact: seq scan → index scan
-- expected latency: 2.4s → ~12ms
-- rollback: DROP INDEX CONCURRENTLY idx_orders_user_created;
-- two-person approval required before this runs.

invariantDatabase Engineer has NO write tools by default. Every DDL proposal generates a sample HCL + rollback + projected impact on connected services before the approval packet is minted.

Roles, not permissions

Roles compose into Permission sets via a pure permissionResolver kernel. Every dashboard route enforces it at the IO boundary; pages don't sprinkle their own auth checks.

safety invariants in play

✓Assume-role model — No long-lived access keys stored — workspace assumes a short-lived role you own and can revoke.
✓Read-only by default — No write API is even minted until you explicitly grant write scope.
✓Closed-union types — Scope strings, event kinds, audit actions, approval rules are TypeScript closed unions — typos are compile errors, not runtime denial bugs.

expected result

Schema introspected; metric stream started.

Permissions Model

use ← / → to navigate

engineering principle

Database Engineer is the only AI engineer with NO write tools by default. Every DDL proposal generates a sample HCL + rollback + the migration's expected impact on connected services before the approval packet is minted.

Platform reference →Architecture overview →← Back to all scenarios Set up your real workspace →