Glossary

Definitions of the key terms you'll see across the NeoSQL docs and UI, gathered in one place.

Online Mode: Collaborative execution mode that syncs ERD and SQL definitions through the cloud in real time. Local and server states stay in two-way sync so teammates' changes are reflected automatically; use the desktop app when direct database connections are required.
Offline Mode: Air-gapped execution mode that stores all project data only in the local `.neosql/` folder. No external server communication, authenticated by a license key.

ERD (Entity Relationship Diagram): A visual diagram of the database's tables, columns, and relationships. NeoSQL builds table design, forward-apply, and reverse engineering workflows around the ERD.
Forward Engineering (Apply to DB): Converts the table, column, and relationship definitions in the ERD into DDL and applies them to the real database. Covers both initial creation and incremental changes.
Reverse Engineering (Import): Reads table structures and relationships from an existing database or DDL file and turns them into an ERD automatically. The imported ERD can be edited and applied back to the database just like any other ERD.
Schema Revision: A snapshot created every time the ERD is saved. You can restore a past revision or diff two revisions to review changes.
Schema Compare: Compares two ERDs, or an ERD against an actual database, side by side to surface added, changed, and removed tables, columns, and relationships. You can apply only the differences you choose via Forward Engineering.

Roles (Owner / Manager / DBA / Member): The four roles assigned to project members. Owner is the project creator (one per project) with full permissions including member management, deletion, and ownership transfer; Manager is delegated member and settings management; DBA can be designated as a DDL approver; Member is a regular collaborator. Fine-grained permissions such as sharing, connection access, and DDL restrictions are configured per role via checkbox combinations.
Invite Status: The lifecycle state of a project invitation. Possible values are PENDING (awaiting response), ACCEPTED (joined), EXPIRED (timed out), and CANCELLED (withdrawn). Invitations can be cancelled before acceptance, and expired ones must be resent.
DDL Approver · DDL Restriction: A feature that restricts who can execute DDL (CREATE/ALTER/DROP) statements within a project and requires approval from a designated DDL approver (typically the DBA role) before changes take effect. Used to prevent accidental schema changes to production databases.

Profile (Connection Profile): A risk label applied to a database connection. Choose None / Confirm / Read-only — Confirm pops a confirmation dialog before DDL and DML without a WHERE clause, while Read-only blocks every change other than SELECT.
Gallery: A space that collects ERDs published as public. You can browse other users' ERDs and clone them into your own project to learn from or reuse.

MCP (Model Context Protocol): The standard protocol that lets AI assistants like Claude, Codex, and Gemini call NeoSQL's table definitions and SQL execution as tools. NeoSQL's MCP server exposes a tool catalog that the AI client consumes.
Template Pack: A bundle of templates used to auto-generate source code such as Java, TypeScript, or Python from table definitions. In addition to the built-in packs, you can register your own templates.

Zero-Knowledge Encryption: An additional protection layer where credentials are decrypted only with a key derived from the user's passphrase. The server never stores the plaintext key, and lost passphrases make the data unrecoverable.
Standard Encryption: AES-256-GCM credential encryption where the data key (DEK) is protected by KMS Envelope Encryption. Applied to every user by default with no extra configuration.
DEK (Data Encryption Key): The key that directly encrypts sensitive data such as database credentials. Generated separately per user and per resource, never stored in plaintext, and additionally wrapped via KMS Envelope Encryption.
KMS Envelope Encryption: A pattern that re-encrypts the DEK with a master key issued by a cloud KMS (Key Management Service). The master key never leaves KMS; the service requests an unwrap whenever the DEK is needed so the plaintext key lives in memory only briefly, keeping credentials safe even if the database is leaked.