Governance & quality

Governance your platform team will actually sign off on.

Quality gates enforced inside the Spark run, contracts that block bad schema before it burns compute, and an audit trail behind every action. Compliance as a property of the pipeline, not a spreadsheet.

quality unique(order_id) passed 0 duplicates / 312,404
quality not_null(customer_id) passed
quality freshness(ts) < 60m passed max lag 4m
quality accepted_values(status) passed
SPOOQW_QUALITY_JSON={"failed":0,"rules":9}

Quality gates, in-engine

Nine rule types — uniqueness, not-null, accepted values, regex, freshness and more — enforced inside the Spark run itself, with a structured per-rule report on every run, pass or fail.

Data contracts & drift radar

The schema-drift radar continuously diffs pipeline expectations against the live source. Contract gates block a run before it spends compute when the upstream schema breaks.

SSO & role-based access

OIDC with PKCE, JWKS validation and group-to-role mapping. Admin, operator and viewer roles with project-scoped memberships — one identity provider, least-privilege by default.

Encrypted secrets

Connection credentials are encrypted at rest with AES-256-GCM and masked in every API response, log line and audit record. Nothing is stored or shown in the clear.

Complete audit trail

Every operational and admin action is recorded — who ran what, who changed which config, who merged which branch. Per-tenant, exportable, ready for your next audit.

GitOps promotion

Pipelines promote through Git artifacts with contract gates and rollback metadata. Pull requests — not dashboards — are the source of truth for what runs in production.