/ about
A backend that fails the build before AI ships an auth leak.
StealthQL is a backend runtime for the era when most application code is written by an agent. We make the kinds of mistakes agents reliably make — cross-tenant reads, unsafe service-token writes, quiet over-shares, missing policy tests — into build failures, not runtime incidents.
What we ship
- The runtime — an open-source npm package (
stealthql, Apache-2.0). Local Postgres, auth, row policies, field-level shares, policy-bound row handles, confused-deputy security tests, one-command deployment. - StealthQL Managed — the hosted dashboard + Studio you’re looking at the marketing for. Same runtime, plus the operational surface: logs, deploys, replay, member invites, share links, automatic certificates, automatic backups.
- OpenClaw — our agent-tool spec. The protocol Cursor / Claude Code / Codex use to talk to a StealthQL backend without inventing a credential plane that leaks.
Why we built it
By the time a junior engineer reviews a PR, the bug is in the diff. By the time the agent finishes the task, the bug is in production. We watched our own teams ship the same five mistakes over and over — every one of them was a missing policy test, a missing tenant scope, a service token used where a session should have been. Catching that at the build step costs cents. Catching it after launch costs trust.
StealthQL is the answer we wanted. The runtime is free because the security gates only work if every project uses them; the managed product exists because most teams don’t want to operate yet another piece of infrastructure.
Get in touch
- Press, partnerships, or general questions — [email protected]
- Source — https://github.com/stealthql/stealthql
- npm — stealthql