Quack On Demand - production-grade DuckDB behind a FlightSQL gateway.
DuckDB Quack is a fast, local-first SQL endpoint - but it ships without TLS, multi-tenancy, or external auth. Quack On Demand is the missing layer: an Arrow FlightSQL edge in front of pools of Quack nodes, with pluggable identity, table-level ACLs, role-aware routing, and a live admin console.
Zero-copy results over the wire. TLS on by default, cert auto-generated.
READ / WRITE / DDL classification routes each query to a compatible node.
REST + UI + FlightSQL edge in one uber-jar. State lives next to your DuckLake catalog.
What you get
Everything DuckDB Quack is missing in production.
DuckDB ships Quack as a minimal HTTP endpoint on localhost with a random token, and explicitly recommends a reverse proxy in front of it. Quack On Demand is that proxy - with the multi-tenancy, identity, and observability you need to actually expose it.
Arrow FlightSQL edge
Zero-copy result streaming over Apache Arrow Flight SQL - orders of magnitude faster than JDBC for analytical workloads. TLS is on by default and a self-signed cert is generated on first boot.
Multi-tenant pools
Spin up tenants and pools of DuckDB Quack nodes on demand. Each node is READONLY, WRITEONLY, or DUAL - the router classifies every statement and picks a compatible target.
Pluggable authentication
Database (bcrypt-hashed JDBC), external JWT (HS256/RS256/PEM), and OIDC providers - Keycloak (with ROPC), Google, Azure AD, AWS Cognito. Mix and match per deployment.
Postgres-relational ACL
Grants live in slkstate_acl_grant alongside DuckLake metadata. Principals expand to user / group / role at validation time so grants match whichever level of identity is stable.
Live admin console
React dashboard at /ui/ - tenant + pool CRUD, per-tenant ACL editor, live node metrics (inFlight, totalServed, EWMA latency), admin-role gated.
Self-healing on restart
Dead Quack child processes are detected (PID + port probe) and respawned automatically before the edge accepts traffic. Manager restarts no longer strand the fleet.
Deployment
Single uber-jar
REST + React UI + FlightSQL edge in one process. State lives in Postgres next to DuckLake - no extra moving parts.
Configuration
Every key is overridable
Every scalar in application.conf accepts a matching SL_QUACK_* env-var. Build the image once, flip behavior per environment.
Runtime
Local or Kubernetes
Local mode spawns Quack child processes on a port range. Kubernetes mode runs them as pods. Same control plane, same admin UI.
Put DuckDB Quack in production without writing the auth, ACL, and routing layers yourself.
Boot the manager from a single uber-jar, point it at your Postgres metastore, and start serving FlightSQL queries to BI tools, ADBC clients, or Spark - with tenant isolation, table-level ACLs, and a live admin console out of the box.