explaingit

starlake-ai/quack-on-demand

13ScalaAudience · ops devopsComplexity · 4/5Setup · moderate

TLDR

Scala gateway that adds multi-user, multi-tenant security and load balancing to DuckDB's Quack extension. Exposes Arrow Flight SQL interface for standard database clients (DBeaver, Spark, JDBC/ODBC). Includes authentication, per-table access control, node pooling, and a web admin console.

Mindmap

mindmap
  root((Quack on Demand))
    Security
      Database passwords
      JWT tokens
      Keycloak integration
      Google Azure AWS
    Query Routing
      Read balancing
      Write routing
      Node failover
      Auto restart
    Management
      Admin dashboard
      Tenant config
      Access grants
      Query monitoring
    Integration
      Arrow Flight SQL
      JDBC ODBC
      REST API
      DBeaver Spark
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run DuckDB as a shared multi-tenant analytical database for teams or multiple applications

USE CASE 2

Add enterprise authentication (SSO via Keycloak, Google, Azure AD) and row-level access control to DuckDB

USE CASE 3

Load balance read-heavy analytical workloads across multiple DuckDB nodes with automatic failover

USE CASE 4

Expose DuckDB via standard database protocols (JDBC/ODBC) so BI tools and Spark can query it directly

Tech stack

ScalaDuckDBArrow Flight SQLPostgreSQLDocker ComposeKeycloakJWT

Getting it running

Difficulty · moderate Time to first run · 30min

Docker Compose quickstart available, full deploy is a single JAR + PostgreSQL. Requires DuckDB/Quack understanding for production tuning. Admin console and REST API documented in lengthy README.

License not mentioned in description

In plain English

Quack on Demand is a Scala-based gateway that sits in front of DuckDB's new client-server protocol and adds the features needed to run it in a shared, production environment. DuckDB is a fast analytical database that runs inside your application, and its Quack extension lets DuckDB instances talk to each other over a network. But Quack ships with minimal security: one static token for authentication, no concept of multiple users or tenants, and no way to restrict which data different users can see. Quack on Demand fills those gaps. The gateway exposes an Arrow Flight SQL interface, which means any database client that speaks that open protocol (tools like DBeaver, Spark, or custom applications using standard JDBC or ODBC drivers) can connect without needing DuckDB-specific software. Incoming connections go through a pluggable authentication system that supports passwords stored in a database, external tokens in JWT format, or login via identity providers like Keycloak, Google, Azure AD, or AWS Cognito. After authentication, a per-statement access control layer checks whether the logged-in user has permission to read or write the specific tables referenced in their query. For workloads that need more than one database node, the gateway manages pools of Quack nodes and routes queries to the right one based on whether the query is a read or a write. If a node crashes, the gateway detects it and restarts it automatically before accepting further traffic on that node. A web-based admin console at the manager's HTTP port provides a live dashboard showing how many queries each node is handling, typical response times, and a history of recent statements. From the same UI you can add or remove tenants, configure pools, and edit access permissions per table. The whole system deploys as a single JAR file and uses Postgres to store catalog metadata, pool state, user records, and access grants. Quick start uses Docker Compose and takes a few minutes to get a working setup with sample data loaded. The README is long and covers native runs, JDBC client configuration, REST API usage, and load testing.

Copy-paste prompts

Prompt 1
How do I set up Quack on Demand to let my team query DuckDB without sharing one admin token?
Prompt 2
Can I use Quack on Demand to authenticate users via my company's Azure AD and control which tables each user can see?
Prompt 3
Show me how to configure read/write load balancing across multiple DuckDB Quack nodes in Docker Compose.
Prompt 4
How do I connect DBeaver or Apache Spark to DuckDB through the Quack on Demand gateway?
Prompt 5
What's the admin console in Quack on Demand showing, and how do I monitor query performance across nodes?
Open on GitHub → Explain another repo

← starlake-ai on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.