Roadmap | QAIL — The Provably Correct Backend

🎯 Vision

"If it compiles, the query is correct."

The Evolution

Era 1 SQL Strings "Trust me, this string is safe"

Era 2 ORMs "Safe, but locked to one language"

Era 3 Query Builders "Safe, but still generates strings"

Era 4 SQLx "Compile-time checked SQL — the breakthrough"

Era 5 QAIL "Pure AST that compiles directly to wire protocol"

Acknowledgment: SQLx pioneered compile-time SQL validation in Rust and remains the gold standard for SQL-based database access. QAIL builds on this foundation by eliminating strings entirely — a natural evolution, not a replacement.

✅ Completed

Done 1. First-Class Relations v0.16.0

Phase 1 · Runtime Registry

✓ ref: syntax in schema.qail
✓ RelationRegistry for runtime lookup
✓ Qail::join_on("table") — string-based API

Phase 2 · Fully Typed Codegen

✓ build.rs generates schema_gen.rs with typed structs
✓ TypedColumn<T> with Rust type mapping (SQL→Rust)
✓ Table structs implement Table trait

Phase 3 · Logic-Safe Relations

✓ RelatedTo<T> trait with bidirectional impls from ref:
✓ TypedQail<T> + join_related() — compile error if unrelated

Phase 4 · Compile-Time Data Governance

✓ protected keyword in schema.qail
✓ TypedColumn<T, P> with Public / Protected markers
✓ Compile-time policy enforcement via type system

Done 2. SaaS Multi-Tenant Isolation (RLS) v0.15.6

Phase 1 · Driver-Level Context

✓ RlsContext struct — operator_id, agent_id, is_super_admin
✓ PgDriver.set_rls_context(ctx) — calls set_config()

Phase 2 · Pool-Level RLS Acquisition

✓ PgPool.acquire_with_rls(ctx) — acquire + set in one call
✓ PooledConnection auto-clears RLS on Drop — no stale tenant leaks

Phase 3 · Policy Definition API

✓ RlsPolicy builder + AlterOp::ForceRowLevelSecurity
✓ SQL transpiler for ENABLE + FORCE + CREATE POLICY

Phase 4 · AST-Level Query Injection

✓ TenantRegistry auto-detects tables with operator_id
✓ Qail::with_rls(ctx) — GET→filter, ADD→payload injection
✓ Super admins + unregistered tables bypass automatically

Done 3. Schema DDL — Full PostgreSQL Coverage v0.18.5

Phase 1 · Core Objects

✓ CREATE/DROP EXTENSION, ENUM, SEQUENCE
✓ CREATE/ALTER/DROP TABLE with all column properties
✓ Multi-column foreign keys, expression indexes

Phase 2 · Programmable Objects

✓ Views + Materialized Views
✓ Functions (PL/pgSQL) + Triggers
✓ GRANT/REVOKE, COMMENT ON, enable_rls / force_rls

Phase 3 · RLS Policy Definition

✓ Policy syntax in .qail — permissive + restrictive
✓ Per-command scope: ALL, SELECT, INSERT, UPDATE, DELETE
✓ Role targeting: to app_user

Done 4. Database Introspection — Fully AST-Native v0.18.5

Phase 1 · Core Introspection

✓ qail pull --url postgres://... → schema.qail
✓ Tables, columns, types, defaults, constraints, indexes
✓ FKs with actions (CASCADE, SET NULL, RESTRICT, etc.)

Phase 2 · Programmable Objects

✓ Views, materialized views, functions, triggers
✓ Grants, sequences, enums, extensions

Phase 3 · Zero Raw SQL

✓ RLS policies via Qail::get("pg_policies")
✓ policy_parser module for SQL→Expr conversion
✓ Zero raw SQL in introspection — every query is AST-native

Done 5. Migration Engine v0.15.9

Phase 1 · Schema Diffing

✓ diff_schemas() — old vs new comparison
✓ AlterOp enum with intent-aware hints: rename, transform, drop confirm
✓ FK-ordered table creation (parent before child)

Phase 2 · CLI Commands

✓ qail migrate apply, create, status, reset, up, down
✓ qail diff --live — schema drift detection

Phase 3 · Enterprise Features

✓ Shadow migrations — COPY streaming, safe promote
✓ MigrationClass: Reversible, DataLosing, Irreversible
✓ qail migrate analyze — scans codebase for affected queries

Done 6. Multi-Driver Unified AST v0.14.13

5,000 q/s

Prepared Statements

1.3M q/s

10-conn Pool

13%

Faster than Qdrant SDK

✓ PostgreSQL — zero-copy wire protocol, SCRAM-SHA-256, TLS, COPY streaming
✓ Qdrant — zero-copy gRPC, HTTP/2 batch pipelining, connection pool
✓ Redis — native RESP3 protocol, Qail::redis_get() / redis_set()

Done 7. CLI Toolchain v0.15.7

✓ qail init — project scaffold (supports --url, --deployment)
✓ qail pull — live DB → schema.qail (fully AST-native)
✓ qail exec — type-safe execution (--json, --tx)
✓ qail diff — schema comparison + drift detection
✓ qail types — schema.qail → Rust typed schema module
✓ qail check — validate .qail syntax
✓ qail worker — hybrid outbox daemon (PG → Qdrant sync)
✓ LSP server (qail-lsp) for editor integration

🔮 Future

Next 8. Schema-as-Proof System

"The schema becomes a type parameter. The compiler becomes the theorem prover."

Phase 1 · Column Existence Proof

○ schema.qail → codegen → Schema trait with associated types
○ Qail<S: Schema> carries schema as phantom type parameter
○ Column selection proven at compile time — no proc macros, no external provers

Phase 2 · Type-Safe Filters

○ Filter comparisons proven against column types
○ TypedFilter<S> ensures operand type matches column type

Phase 3 · Join Validity Graph

○ FK relationship graph encoded at type level
○ N-way joins proven valid via RelatedTo<T> chain

Phase 4 · RLS Proof Witness

○ RLS-protected tables get marker trait
○ Queries without .with_rls() on protected tables = compile error
○ RlsProof<T> witness type provided by middleware

"Data leakage becomes a type error, not a security incident."

Planned 9. Native Versioning (Data Virtualization)

"GitHub for Databases" — branching at the application layer.

○ Gateway middleware with X-Branch-ID header
○ Row-level branching (WHERE _branch_id = ?)
○ Copy-on-Write strategy for writes
○ CLI: qail branch create, qail checkout

Planned 10. Infrastructure-Aware Compiler

Verify external resources at compile time.

○ schema.qail extensions: bucket, queue, topic
○ build.rs validates resources exist in Terraform/AWS/GCP
○ Compile error if referencing non-existent infra

📊 Current Status

Section	Status	Version
1. First-Class Relations	✅ Complete (4/4)	v0.16.0
2. SaaS RLS Isolation	✅ Complete (4/4)	v0.15.6
3. Schema DDL Coverage	✅ Complete (3/3)	v0.18.5
4. Database Introspection	✅ Complete (3/3)	v0.18.5
5. Migration Engine	✅ Complete (3/3)	v0.15.9
6. Multi-Driver AST	✅ Complete	v0.14.13
7. CLI Toolchain	✅ Complete	v0.15.7
8. Schema-as-Proof	⏳ Planned	—
9. Data Virtualization	⏳ Planned	—
10. Infra-Aware Compiler	⏳ Planned	—

💡 Philosophy

"QAIL eliminates SQL strings entirely. The builder API (Qail::get(), Qail::add()) is the ONLY way to construct queries. No parsing at runtime, no strings anywhere."