Security and trust

A database control plane should be more careful than the humans it helps.

QueryRook is designed around proof, least privilege, explicit approval, and exportable evidence. Ready for paid pilots; broad self-serve production use waits on live Stripe, finalized counsel-reviewed policies, backup drills, and monitoring.

Credential posture

Encrypted DSNs, redacted refs

Encrypted DSNs, redacted secret references, key rotation path, and least-privilege target roles.

Change safety

Read-only first, gated DDL

Read-only analysis first, human approval, DDL obligation gate, target firebreak, rollback contract.

Evidence

Signed proof packets

Proof packets, action capsules, benchmark evidence, trust exports, and release evidence packets.

AI boundary

AI in a safety cage

Hosted QueryRook uses managed provider keys by default; AI never receives DSNs, executes SQL, or approves its own production change.

MCP boundary

Tenant-scoped, no token passthrough

MCP belongs as a tenant-scoped evidence and proposal interface, not as direct SQL, DSN access, or token passthrough.

Deployment

HTTPS, isolated targets

HTTPS, private service ports, container health checks, and staging demo targets isolated from customer DBs.

What is inside the buyer security packet

Enterprise buyers receive an evidence-backed review.

Not a marketing PDF. The packet contains the threat model, security posture, sample proof ledger, benchmark evidence, release evidence, billing runbook, and target firebreak design.

Threat model

Trust boundaries, assets, attacker classes, mitigations.

Proof ledger sample

Real signed-capsule chain from a staging workload.

Benchmark evidence

Burn-in reports with limitations and follow-up loops.

Release evidence packet

Per-release: what changed, what was proven, what rolled back.

Billing runbook

How meters, invoices, and refunds reconcile against evidence.

Target firebreak design

Per-DSN role isolation, per-action capsule scope.

Request

Sent within one business day to verified enterprise buyers.

We confirm domain, redact targets, and send the packet via tracked link. No fluff PDFs.

# request

-> security@queryrook.com

subject: QueryRook security packet

Request packet ->

Boundaries

What QueryRook will not do.

AI does not receive customer DSNs

ENFORCED

AI does not execute SQL directly

ENFORCED

AI cannot approve its own production change

ENFORCED

MCP cannot bypass action capsules or proof gates

ENFORCED

QueryRook does not require write access to default schemas

ENFORCED

QueryRook does not move data off your infrastructure without a signed export action

ENFORCED