Static lineage analysis · Live EXPLAIN against Aurora Postgres

Pre-Flight your data pipelines before they reach production.

ZeroGuard compiles your visual pipeline into a single SQL string, runs EXPLAIN (FORMAT JSON) against Aurora Postgres, and walks the DAG to trace PII lineage from source to sink. Catch the $5,000 typo and the GDPR breach in the same click.

Three guardrails. Zero deploy risk.

Each guardrail attributes findings to specific stage IDs so the offending node visibly glows on the React Flow canvas.

PII lineage tracing

Walks the DAG from every output sink back to its sources. Flags columns matching email, phone, ssn, credit_card that reach a sink without passing through a hashing CUSTOM stage or being dropped via SELECT. Findings carry stage attribution so the offending node lights up on the canvas.

Aurora-aware cost forecasting

Compiles your stage DAG into a CTE chain, runs EXPLAIN (FORMAT JSON) against your Postgres or Aurora cluster, then maps the costliest sub-plan back to a stage id. Falls back to a graph-shape heuristic when the DB isn't reachable, so pre-flight never fails.

Auto-Fix Compliance

One-click remediation. When a PII finding fires, the panel surfaces an Auto-Fix button that inserts a hashing CUSTOM stage upstream of the leak, rewires the edges, and re-runs pre-flight. The canvas updates in place — no page reload.

Two disasters. Same UX.

The two scenarios below are concrete examples of the broader categories ZeroGuard can detect — runaway compute cost and PII policy violations. The static-analysis + EXPLAIN framework extends to anything expressible as a property of the pipeline DAG or the planner output: unbounded ORDER BY, missing indexes, cross-region data movement, additional PII column patterns, per-stage row-explosion thresholds. The two below ship as one-click samples; the framework is in app/api/simulate/route.ts.

💥$5,000 forecast

The Cartesian join

1,000,000 customers × 50,000,000 orders with no join key. In Aurora Postgres, the planner gives up, ACUs auto-scale, hash spills hammer storage I/O, and your bill explodes over the next five hours.

Pre-Flight: 50,000,000,000 rows scanned · $5,000 forecast (I/O-dominant Aurora bill) · execution BLOCKED. The JOIN node glows red.

💥GDPR breach

The PII leak

Customers ⋈ purchases, grouped by total spent. The final SELECT pipes raw customer_email into the marketing team's staging table. Lineage check fires before deploy.

Pre-Flight: Security score drops to 60. Auto-Fix Compliance inserts a SHA256 stage upstream. One click. Score back to 100.

Ready to break a pipeline on purpose?

The workspace ships with two disaster samples and two clean ones. Drop one onto the canvas, hit Run Pre-Flight Check, and the offending node lights up. Or read the docs first — they explain the cost model, the AWS connection, and the limits of every guardrail.