{"id":50794184,"url":"https://github.com/singhpratech/dbopt","last_synced_at":"2026-06-12T13:30:20.244Z","repository":{"id":361522773,"uuid":"1252784610","full_name":"singhpratech/dbopt","owner":"singhpratech","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-31T03:32:02.000Z","size":706,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T04:10:23.442Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/singhpratech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/ROADMAP-TO-COMPLETE.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-28T21:42:44.000Z","updated_at":"2026-05-31T03:32:05.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/singhpratech/dbopt","commit_stats":null,"previous_names":["singhpratech/dbopt"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/singhpratech/dbopt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singhpratech%2Fdbopt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singhpratech%2Fdbopt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singhpratech%2Fdbopt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singhpratech%2Fdbopt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/singhpratech","download_url":"https://codeload.github.com/singhpratech/dbopt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singhpratech%2Fdbopt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34247459,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-12T13:30:19.501Z","updated_at":"2026-06-12T13:30:20.228Z","avatar_url":"https://github.com/singhpratech.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"web/public/logo.svg\" width=\"104\" height=\"104\" alt=\"dbopt\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003edbopt\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eFind and fix slow SQL \u003ci\u003ebefore\u003c/i\u003e it reaches production — statically, privately, prescriptively.\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/license-free%20%26%20open-d4ff4e?style=flat-square\u0026labelColor=0a0d12\" alt=\"free \u0026 open\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/SQL%20Server-2019%20%E2%86%92%202025-3c72ff?style=flat-square\u0026labelColor=0a0d12\" alt=\"SQL Server 2019 to 2025\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/rules-102-d4ff4e?style=flat-square\u0026labelColor=0a0d12\" alt=\"102 rules\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/eval%20F1-1.000-3ad29f?style=flat-square\u0026labelColor=0a0d12\" alt=\"F1 1.000\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/local--first-by%20default-3ad29f?style=flat-square\u0026labelColor=0a0d12\" alt=\"local-first\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/built%20with-Rust%20%2B%20React-7e879b?style=flat-square\u0026labelColor=0a0d12\" alt=\"Rust + React\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://dbopt.org\"\u003e\u003cb\u003edbopt.org\u003c/b\u003e\u003c/a\u003e\n  \u0026nbsp;·\u0026nbsp; \u003ca href=\"docs/USAGE.md\"\u003eUsage guide\u003c/a\u003e\n  \u0026nbsp;·\u0026nbsp; \u003ca href=\"docs/WHO-IS-DBOPT-FOR.md\"\u003eWho it's for\u003c/a\u003e\n  \u0026nbsp;·\u0026nbsp; \u003ca href=\"docs/ACCESS.md\"\u003eAccess\u003c/a\u003e\n  \u0026nbsp;·\u0026nbsp; \u003ca href=\"docs/ROADMAP-TO-COMPLETE.md\"\u003eRoadmap\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n**dbopt** is a **database performance optimizer**. Point it at a database and it reads your queries, your\nexecution plans, and your live server metrics — then tells you exactly what's going to hurt and **how to\nfix it, with the reasoning cited**. It works statically and from the *estimated* plan, so there's **no\nexecution, no locks, no load on production**. Nothing leaves your machine unless you explicitly choose a\ncloud model.\n\n\u003e **The deepest SQL Server static optimizer.** **SQL Server is the only supported engine today** (2019 → 2025) —\n\u003e 100% of the rules are SQL-Server-specific. The static analyzer and index advisor are ship-grade; on-demand\n\u003e capture (sentinel) and the health score are an early-warning telemetry layer you read yourself — not a\n\u003e 24/7 production monitor with alerting. PostgreSQL and MySQL are **exploratory directions, not committed\n\u003e releases** — the engine seam exists, but no other engine ships until the SQL Server core is where we want it.\n\u003e\n\u003e **Free and open.** No per-seat cost, no paywalled features — what the commercial tools do, without\n\u003e monetizing your pain.\n\n---\n\n## Download\n\n**Install in one line** (no toolchain needed):\n\n```bash\n# Linux \u0026 macOS (Apple Silicon)\ncurl -fsSL https://dbopt.org/install.sh | sh\n```\n```powershell\n# Windows (PowerShell)\nirm https://dbopt.org/install.ps1 | iex\n```\n\n…or grab an installer directly:\n\n| Platform | Download |\n|---|---|\n| **Windows** (x64) | **[`.msi`](https://github.com/singhpratech/dbopt/releases/latest/download/dbopt-windows-x86_64.msi)** · [portable `.zip`](https://github.com/singhpratech/dbopt/releases/latest/download/dbopt-windows-x86_64.zip) |\n| **macOS** (Apple Silicon) | **[`.dmg`](https://github.com/singhpratech/dbopt/releases/latest/download/dbopt-macos-arm64.dmg)** |\n| **Linux** (x64) | **[`.tar.gz`](https://github.com/singhpratech/dbopt/releases/latest/download/dbopt-linux-x86_64.tar.gz)** (glibc 2.34+) · [static `musl`](https://github.com/singhpratech/dbopt/releases/latest/download/dbopt-linux-x86_64-musl.tar.gz) (runs on **any** Linux — Alpine, RHEL 8, old distros) · or the one-line installer above (adds a menu entry) |\n\nEach is a **single self-contained binary** (the web UI is embedded) — run it, then open `http://127.0.0.1:3690`. New to dbopt? See the **[Usage guide](docs/USAGE.md)**. Checksums and all builds are on the [releases page](https://github.com/singhpratech/dbopt/releases).\n\n### First run (current builds aren't code-signed yet)\n\ndbopt is open-source and the builds are **not yet code-signed**, so the OS will warn you the first time. It's safe — verify the SHA256 against [`SHA256SUMS`](https://github.com/singhpratech/dbopt/releases/latest) if you like — and here's how to get past each prompt:\n\n- **Windows** — SmartScreen shows *\"Windows protected your PC.\"* Click **More info → Run anyway**.\n- **macOS** — Gatekeeper says dbopt *\"cannot be opened\"* / *\"is damaged.\"* **Right-click the app → Open → Open**, or run `xattr -dr com.apple.quarantine /Applications/dbopt.app`.\n- **Linux** — no prompt; just `./dbopt` (or use the installer, which adds it to your apps menu).\n\nSigned/notarized installers are on the roadmap.\n\n## Why it exists\n\nSlow SQL is the silent tax on every data-heavy company: the query \"that's been running since last night,\"\nthe 2 a.m. incident, the cloud bill that keeps climbing. The usual fixes disappoint —\n\n- **Expensive, SQL-Server-locked enterprise suites** that cost more than the problem.\n- **Tools that only react _after_ a query runs** — by then the damage is done.\n- **Raw DMV dumps** that tell you *what* is slow but not *why* or *what to do*.\n- **Cloud SaaS** that wants your queries and schema off-box — a non-starter for pharma, finance, healthcare.\n\ndbopt takes the opposite stance on all four.\n\n## What you get\n\n### 🔭 Three lenses, one tool\n\n|   | Lens | What it does |\n|---|------|--------------|\n| **01** | **Static** | A token-level T-SQL analyzer — **102 rules** across hygiene, sargability, deprecated syntax, modern rewrites, plan-shape, locking, tempdb, statistics, transactions, security and index design. Runs in-browser via WebAssembly or as a CLI. **No connection required.** |\n| **02** | **Plan** | Fetches the *estimated* plan (`SET SHOWPLAN_XML`, compile-only — never runs the query) and breaks down operator cost, scans vs. seeks, and spill risk. |\n| **03** | **Live** | Pulls DMVs (index usage, missing indexes, sizes) on demand, and the **sentinel** daemon polls Query Store, waits, deadlocks and index usage into a local SQLite time-series → a weekly **pain report**. |\n\n### 🛠 Prescriptive \u0026amp; cited fixes\n\nNot just \"here's a finding\" — the concrete **rewrite** *and* the engine-level **reasoning** behind it.\nEvery rule ships a recommendation, and the grounded **AI assistant** gets your SQL *and* the findings as\ncontext (fan one prompt out to several models to compare). Everything is **version-aware (2019 → 2025)** —\na 2022+ rewrite is never suggested against a 2019 target.\n\n### 🔒 Local-first \u0026amp; private\n\nA single **Rust binary** with SQLite for storage. The analyzer never phones home — **no telemetry, no\naccount, no upload, ever** — so it'll happily dissect a query you'd never dare send anywhere. Estimated\nplans are compile-only and DDL is preview-only (Safe-Apply never auto-runs a change).\n\n**AI is your call.** Run a **local** model (Ollama / web-llm) and *nothing* leaves the machine. Want a\nfrontier model instead? Pick a **cloud** provider (Anthropic, OpenAI, Azure OpenAI, OpenRouter) and only\nyour prompt — the SQL plus its findings — is sent, and only when you choose it. The one egress is yours to\nmake. *(AWS Bedrock is also supported, but only in a source build compiled with the `bedrock` feature — it\nis not included in the prebuilt downloads.)*\n\n## Quality bar — proven, not promised\n\n- **145 eval scenarios** (74 positive / 71 negative) · precision = recall = **F1 = 1.000** on the scenario\n  set (target ≥ 0.95). The harness is **self-graded** — the scenarios are hand-authored, so this proves\n  \"no regression on the cases we wrote,\" not a measured real-world false-positive rate. A held-out,\n  third-party corpus is on the roadmap.\n- **73 distinct rules** are currently covered by a scenario; the newer rule packs are still being backfilled.\n  Each covered rule has both a positive case (proves it fires) and a negative case (proves it stays silent).\n- Rust unit + HTTP integration tests and a Playwright UI suite.\n\n```bash\ncargo run -p eval -- --html   # → target/eval-report.html  (the live board)\n```\n\n## Lint in CI (offline, no connection)\n\n`dbopt lint` walks your `.sql` files, applies all 102 rules, and emits machine-readable\noutput — so a bad query fails the build *before* it ships. No database, no account, no upload.\n\n```bash\ndbopt lint ./db --format human                 # pretty, grouped by file (default)\ndbopt lint ./db --format json                   # machine-readable findings\ndbopt lint ./db --format sarif \u003e dbopt.sarif     # SARIF 2.1.0 for code-scanning tools\ndbopt lint ./db --fail-on warning                # exit 1 if any finding ≥ warning (gates a PR)\n```\n\nExit codes: **0** clean · **1** findings at/above `--fail-on` (default `error`) · **2** usage error.\n\nWire it into GitHub Actions — findings show up inline in the PR via code scanning:\n\n```yaml\n- run: dbopt lint ./db --format sarif \u003e dbopt.sarif || true\n- uses: github/codeql-action/upload-sarif@v3\n  with: { sarif_file: dbopt.sarif }\n```\n\nThe SARIF also opens in the VS Code **SARIF Viewer** extension (findings land in the Problems panel).\n\n## Build from source\n\nPrefer to build it yourself (or hacking on dbopt)? You'll need Rust, Node 18+ and `wasm-pack`:\n\n```bash\n# Build the web UI first (it is embedded into the backend binary at compile time).\n# Requires Node 18+ and wasm-pack (`cargo install wasm-pack`).\nwasm-pack build crates/analyzer-wasm --target web --out-dir ../../web/src/wasm --release\ncd web \u0026\u0026 npm install \u0026\u0026 npm run build \u0026\u0026 cd ..\n\n# Build the Rust workspace (single workspace, no external services needed).\ncargo build --release\n\n# 1) Analyze a script statically — no DB connection needed\n./target/release/dbopt path/to/query.sql\n\n# 2) Run the web observatory (UI + API on :3690)\n./target/release/dbopt-backend          # then open http://127.0.0.1:3690\n\n# 3) Continuous monitoring (SQL auth via env)\nDBOPT_SERVER=\"host,1433\" DBOPT_USER=\"...\" DBOPT_PASSWORD=\"...\" \\\n  ./target/release/dbopt-sentinel run\n```\n\nFor UI development: `cd web \u0026\u0026 npm install \u0026\u0026 npm run dev` (proxies the API to the backend on :3690).\n\n## Authentication\n\nSQL Server authentication (username + password) works out of the box. For **Windows / integrated\n(Kerberos) auth**, rebuild with the `integrated-auth` feature (links GSSAPI on Linux):\n\n```bash\ncargo build --release -p backend  --features integrated-auth\ncargo build --release -p sentinel --features integrated-auth\n```\n\nIt's off by default because those system libraries aren't on every build host (and aren't used on Windows\ntargets). With the feature on and no username/password supplied, dbopt uses the current Windows identity.\n\n## Architecture\n\nA Rust workspace plus a React / Vite / TypeScript front end:\n\n| Crate | Role |\n|---|---|\n| `analyzer-core` | the rule engine + tokenizer + plan/DMV models |\n| `analyzer-wasm` | WebAssembly bindings for in-browser analysis |\n| `analyzer-cli`  | `dbopt` — analyze a `.sql` / `.sqlplan` / bundle from the shell |\n| `backend`       | `dbopt-backend` — axum API + embedded web UI, LLM proxy, durable logs |\n| `sentinel`      | `dbopt-sentinel` — continuous DMV poller → SQLite → pain report |\n| `eval`          | the rule-quality harness (precision / recall / F1 + HTML report) |\n| `web/`          | the \"observatory\" UI (analysis, plans, charts, AI, monitoring) |\n\nStorage and config live under `~/.dbopt/` (override with `DBOPT_DATA_DIR`). No external services required.\n\n## Roadmap — one brand, every engine\n\n**SQL Server (2019 → 2025) is the product.** The **static analyzer + index advisor** are ship-grade\n(102 rules, self-graded F1 = 1.000 on 145 scenarios covering 73 of them; estimated/actual plan analysis; read-only DMV advisor). **Live\ncapture (sentinel) + the health score** are included as an early-warning telemetry layer — a real\nhead-start, not yet a full production monitor with alerting/trending. AI assistant + web UI round it out.\n\n**PostgreSQL and MySQL are a deliberate _later_.** The `Engine` seam already exists (the analyzer accepts a\ntarget engine and filters rules), so adding them never destabilizes the SQL Server core — one master brand,\na small per-engine flavor tag (`dbopt · SQL Server` → `PostgreSQL` → `MySQL`).\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003eLocal-first by design — your queries, schema, and metrics stay on your infrastructure.\u003c/sub\u003e\u003cbr\u003e\n  \u003csub\u003e\u003ca href=\"https://dbopt.org\"\u003edbopt.org\u003c/a\u003e\u003c/sub\u003e\u003cbr\u003e\n  \u003csub\u003e© 2026 \u003ca href=\"https://theaivibe.org\"\u003ePrateek Singh\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsinghpratech%2Fdbopt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsinghpratech%2Fdbopt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsinghpratech%2Fdbopt/lists"}