Peer-reviewed SQL execution tool with GitHub integration and audit logging.
# Install dependencies
yarn install
# Run setup (creates databases, .env file, generates secrets)
yarn setup
# Start development server
yarn devVisit http://localhost:3000
- ✅ Peer review via GitHub PRs (requires 2+ approvals)
- ✅ Staging-first workflow (must run in staging before production)
- ✅ Full audit trail with user tracking
- ✅ Result capture for SELECT queries
- ✅ Auto-sync from GitHub webhooks
- ✅ GitHub OAuth for user identification
- Node.js 20+
- PostgreSQL installed and running
- GitHub account
Run yarn setup to get started. This will:
- Create PostgreSQL databases (audit, staging, production)
- Generate
.envfile template - Generate webhook and session secrets
- Show instructions for GitHub token and webhook setup
If you prefer manual setup:
- Create databases:
yarn setup:db(or create manually) - Generate .env:
yarn setup:env(then edit with your values) - Generate secrets:
yarn setup:secrets
- Go to GitHub → Settings → Developer settings → Personal access tokens
- Generate token with
reposcope - Add to
.envasGITHUB_TOKEN
For Local Development (using ngrok):
- Install ngrok: https://ngrok.com/download
- Start your app:
yarn dev - Start ngrok in another terminal:
ngrok http 3000 - Copy the HTTPS URL (e.g.,
https://abc123.ngrok.io) - Add webhook to GitHub:
- Go to your repo → Settings → Webhooks → Add webhook
- Payload URL:
https://abc123.ngrok.io/api/webhook/github - Content type:
application/json - Secret: Use value from
GITHUB_WEBHOOK_SECRETin.env - Events: Select "Let me select individual events" → Check only "Pull requests"
- Click "Add webhook"
- Keep ngrok running while testing webhooks locally
For Production:
- Go to your repo → Settings → Webhooks → Add webhook
- Payload URL:
https://your-domain.com/api/webhook/github - Content type:
application/json - Secret: Use value from
GITHUB_WEBHOOK_SECRETin.env - Events: Select "Let me select individual events" → Check only "Pull requests"
- Click "Add webhook"
- Create SQL script in your GitHub repo's
sql/folder (or folder specified inGITHUB_SQL_FOLDER) - Create PR and get 2+ approvals
- Merge PR - script appears in dashboard automatically
- Execute on Staging first
- Execute on Production after successful staging run
-- Author: user@example.com
-- Purpose: Description
-- TargetDatabase: staging
-- DirectProd (optional - bypasses staging requirement)
SELECT * FROM users;Note: The -- DirectProd flag allows a script to run directly on production without staging execution.
Edit .env file:
# Databases
AUDIT_DB_URL=postgresql://user:pass@localhost:5432/audit_db
STAGING_DB_URL=postgresql://user:pass@localhost:5432/staging_db
PROD_DB_URL=postgresql://user:pass@localhost:5432/prod_db
# GitHub
GITHUB_TOKEN=ghp_your_token
GITHUB_REPO=org/repo-name
GITHUB_SQL_FOLDER=sql/
GITHUB_WEBHOOK_SECRET=generated_secret
# Optional: GitHub OAuth
GITHUB_OAUTH_CLIENT_ID=your_client_id
GITHUB_OAUTH_CLIENT_SECRET=your_client_secret
GITHUB_OAUTH_CALLBACK_URL=http://localhost:3000/auth/github/callback
# Session
SESSION_SECRET=generated_secret
MIN_APPROVALS=2yarn dev- Start development serveryarn build- Build for productionyarn start- Start production serveryarn setup- Run full setup wizardyarn setup:db- Create databases onlyyarn setup:env- Generate .env file onlyyarn setup:secrets- Generate secrets only
Database connection fails:
- Check PostgreSQL is running:
pg_isready - Verify database URLs in
.env - Ensure databases exist
Webhook not working:
- Verify webhook secret matches
- Check webhook deliveries in GitHub
- Ensure URL is accessible (for local dev, keep ngrok running)
Scripts not appearing:
- Wait 30 seconds (auto-refresh)
- Click "Sync" button to manually sync
- Verify PR was merged (not closed)
- Check PR has required approvals
- Ensure SQL files are in
GITHUB_SQL_FOLDER
- React Router v7 (TypeScript)
- PostgreSQL
- GitHub API (Octokit)
MIT