Glossary
Definitions of the key terms you'll see across the NeoSQL docs and UI, gathered in one place.
Project Modes
- Online Mode
- Collaborative execution mode that syncs ERD and SQL definitions through the cloud in real time. Local and server states stay in two-way sync so teammates' changes are reflected automatically; use the desktop app when direct database connections are required.
- Offline Mode
- Air-gapped execution mode that stores all project data only in the local `.neosql/` folder. No external server communication, authenticated by a license key.
ERD & Schema
- ERD (Entity Relationship Diagram)
- A visual diagram of the database's tables, columns, and relationships. NeoSQL builds table design, forward-apply, and reverse engineering workflows around the ERD.
- Forward Engineering (Apply to DB)
- Converts the table, column, and relationship definitions in the ERD into DDL and applies them to the real database. Covers both initial creation and incremental changes.
- Reverse Engineering (Import)
- Reads table structures and relationships from an existing database or DDL file and turns them into an ERD automatically. The imported ERD can be edited and applied back to the database just like any other ERD.
- Schema Revision
- A snapshot created every time the ERD is saved. You can restore a past revision or diff two revisions to review changes.
- Schema Compare
- Compares two ERDs, or an ERD against an actual database, side by side to surface added, changed, and removed tables, columns, and relationships. You can apply only the differences you choose via Forward Engineering.
Connection
- Profile (Connection Profile)
- A risk label applied to a database connection. Choose None / Confirm / Read-only — Confirm pops a confirmation dialog before DDL and DML without a WHERE clause, while Read-only blocks every change other than SELECT.
- Watermark
- A translucent label drawn across the ERD canvas and SQL Editor background based on the connection's profile. When enabled, the environment identifier (such as Prod or Staging) is shown over the whole workspace so you can tell at a glance which environment you are working in and avoid mistakes on production databases.
- Schema Mapping · Prefix
- A connection setting that controls which database schemas are exposed and, optionally, prepends the schema name to each table (for example `public.users` instead of `users`). The prefix is useful for telling apart same-named tables that live in different schemas.
- Gallery
- A space that collects ERDs published as public. You can browse other users' ERDs and clone them into your own project to learn from or reuse.
SQL Editor
- Danger Guard
- A safeguard that inspects SQL before it runs and warns you about destructive statements. Schema-dropping commands such as DROP TABLE or TRUNCATE are flagged as Critical, and UPDATE/DELETE without a WHERE clause as Warning, both prompting a confirmation dialog before execution to prevent accidental data loss.
- Transaction · Auto-commit
- Controls when SQL changes are made permanent. With Auto-commit on, each statement is committed automatically right after it runs; with it off, you manage the transaction yourself by issuing COMMIT to confirm or ROLLBACK to discard the changes.
- Parameterized Query (Bind Parameters)
- A query that contains bind variables written as `:name`. NeoSQL detects them at execution time and prompts for each value in a modal; the entered values are type-converted automatically and saved for reuse on later runs.
- Execution Plan (EXPLAIN)
- A visualization of how the database will run a query, opened with the PLAN button. The execution path is drawn as a tree with color-coded steps (for example orange for a full scan, green for a key lookup) so you can spot performance bottlenecks; interpretation guides are provided per DBMS.
Collaboration & Permissions
- Roles (Owner / Manager / DBA / Member)
- The four roles assigned to project members. Owner is the project creator (one per project) with full permissions including member management, deletion, and ownership transfer; Manager is delegated member and settings management; DBA can be designated as a DDL approver; Member is a regular collaborator. Fine-grained permissions such as sharing, connection access, and DDL restrictions are configured per role via checkbox combinations.
- Personal ERD · Team ERD
- The two kinds of ERD in online mode. A Personal ERD is visible only to you and is neither synced nor exposed to teammates; a Team ERD is shared by every project member and kept in real-time two-way sync. Connection privacy determines the type — making a connection private turns its team ERD into a personal ERD.
- Invite Status
- The lifecycle state of a project invitation. Possible values are PENDING (awaiting response), ACCEPTED (joined), EXPIRED (timed out), and CANCELLED (withdrawn). Invitations can be cancelled before acceptance, and expired ones must be resent.
- DDL Approver · DDL Restriction
- A feature that restricts who can execute DDL (CREATE/ALTER/DROP) statements within a project and requires approval from a designated DDL approver (typically the DBA role) before changes take effect. Used to prevent accidental schema changes to production databases.
AI & Code Generation
- MCP (Model Context Protocol)
- The standard protocol that lets AI assistants like Claude, Codex, and Gemini call NeoSQL's table definitions and SQL execution as tools. NeoSQL's MCP server exposes a tool catalog that the AI client consumes.
- NL2SQL (Natural Language to SQL)
- Turning a natural-language question into a SQL query with AI. Because NeoSQL's MCP server feeds the database schema to the AI, you can ask for the data you want in plain language without knowing the exact table or column names.
- Template Pack
- A bundle of templates used to auto-generate source code such as Java, TypeScript, or Python from table definitions. In addition to the built-in packs, you can register your own templates.
Security
- Zero-Knowledge Encryption
- An additional protection layer where credentials are decrypted only with a key derived from the user's passphrase. The server never stores the plaintext key, and lost passphrases make the data unrecoverable.
- Standard Encryption
- AES-256-GCM credential encryption where the data key (DEK) is protected by KMS Envelope Encryption. Applied to every user by default with no extra configuration.
- DEK (Data Encryption Key)
- The key that directly encrypts sensitive data such as database credentials. Generated separately per user and per resource, never stored in plaintext, and additionally wrapped via KMS Envelope Encryption.
- KMS Envelope Encryption
- A pattern that re-encrypts the DEK with a master key issued by a cloud KMS (Key Management Service). The master key never leaves KMS; the service requests an unwrap whenever the DEK is needed so the plaintext key lives in memory only briefly, keeping credentials safe even if the database is leaked.
