Every one of those extra boxes is a subscription, a deployment, a backup story, a monitoring dashboard, an upgrade window, and a 2 a.m. incident waiting to happen. And in maybe 80% of the cases I see, every single one of them could just be Postgres.

This isn’t a “Postgres is magic” post. Postgres has limits, and I’ll get to them. But before you reach for another piece of infrastructure, it’s worth knowing how much the boring old elephant can actually do.

The thing people forget about Postgres

Postgres is not just a relational database. It’s an extensible object-relational database, and that word — extensible — is the part that matters. You get the standard ACID-compliant core, but you also get a healthy ecosystem of extensions that bolt on entire new capabilities without leaving the database.

In other words: it’s the kind of system you can keep adding to instead of replacing. That’s a rare property in this industry.

Here’s what I’ve actually replaced with it, in real projects.

NoSQL: JSONB and GIN

The classic argument for MongoDB is “I have unstructured data.” Fine. You can store unstructured data in Postgres, too, using the JSONB type. The B is the important part — it’s a decomposed binary representation, not a string you have to re-parse on every query.

CREATE TABLE events (
    id        bigserial PRIMARY KEY,
    payload   jsonb NOT NULL,
    received  timestamptz NOT NULL DEFAULT now()
);

CREATE INDEX events_payload_gin ON events USING GIN (payload jsonb_path_ops);

A GIN (Generalized Inverted Index) on a JSONB column behaves like the index at the back of a textbook — keys point directly to the rows that contain them. So you can do this:

SELECT id, payload->>'customer_id'
FROM events
WHERE payload @> '{"type": "checkout_completed"}'
  AND received > now() - interval '7 days';

…and join it against your normal relational tables in the same query, in the same transaction. You get the schema flexibility of a document store without giving up referential integrity. Most “we need MongoDB” projects I’ve seen would have been perfectly happy with this.

Background jobs: FOR UPDATE SKIP LOCKED

This one’s a little hidden gem. People reach for Redis or RabbitMQ for a job queue because “a SQL queue will deadlock.” That was true 15 years ago. It hasn’t been for a long time.

WITH next_job AS (
    SELECT id
    FROM jobs
    WHERE status = 'pending'
    ORDER BY created_at
    LIMIT 1
    FOR UPDATE SKIP LOCKED
)
UPDATE jobs
SET status = 'running', started_at = now()
FROM next_job
WHERE jobs.id = next_job.id
RETURNING jobs.*;

SKIP LOCKED tells Postgres: grab the first available row, lock it, and if you hit a row another worker already has — don’t wait, just skip it. The result is a wait-free worker pool sitting on top of a plain table. I’ve run systems doing thousands of jobs per second this way. Operationally it’s lovely: jobs are just rows you can SELECT, retry, audit, and back up like anything else.

If you need a queue and you already have Postgres, you probably don’t need another piece of infrastructure.

Full-text search

You don’t need Elasticsearch to power a search bar. You might if you’re indexing the New York Times archive, but for the search field on your SaaS dashboard? tsvector and tsquery are right there.

ALTER TABLE articles
ADD COLUMN search_doc tsvector
GENERATED ALWAYS AS (
    to_tsvector('english', coalesce(title, '') || ' ' || coalesce(body, ''))
) STORED;

CREATE INDEX articles_search_idx ON articles USING GIN (search_doc);

SELECT id, title
FROM articles
WHERE search_doc @@ plainto_tsquery('english', 'postgres performance');

Postgres handles stemming (so “running” matches “run”), stop words, and ranking. Add the pg_trgm extension and you get fuzzy matching that survives typos — useful when a user searches for “postgresss” instead of “postgres.” For 90% of in-app search use cases, this is more than enough, and it lives next to your data, in the same transaction, with the same backup story.

Vector search for AI features

If you’re shipping an AI feature, the temptation is to drop in a hosted vector database. Fine for prototypes — painful in production, because now you have a “hybrid search problem”: you want documents that are semantically similar to a query, but only the ones owned by the current user, only from the last 30 days, only in this project. Doing that across two systems over the network is slow, expensive, and ugly.

pgvector gives you vectors as a native column type, plus HNSW indexes for approximate nearest neighbor search:

CREATE EXTENSION vector;

ALTER TABLE documents ADD COLUMN embedding vector(1536);

CREATE INDEX documents_embedding_hnsw
ON documents USING hnsw (embedding vector_cosine_ops);

SELECT id, title
FROM documents
WHERE owner_id = $1
  AND created_at > now() - interval '30 days'
ORDER BY embedding <=> $2
LIMIT 10;

That’s the whole hybrid search problem solved with a single query. Your vector data sits next to your relational data, and your row-level security policies apply to both at once.

Geospatial: PostGIS

If you do anything with maps or routing, this isn’t even a “Postgres can do it too” situation. PostGIS is the industry standard. It has been for years.

The GiST index is the trick: it draws bounding boxes around your geometries and rejects the obvious non-matches before doing any expensive geometric math. “All coffee shops within this polygon” goes from a server-melting query to milliseconds.

I’ve seen teams adopt commercial GIS systems that, under the hood, were running PostGIS the whole time.

Time-series with BRIN and partitioning

Telemetry, logs, IoT events — the usual reflex is “we need a time-series database.” Often you don’t. Postgres has declarative partitioning, and for time-ordered data the BRIN (Block Range Index) is a serious power tool.

A B-tree index stores an entry for every row. A BRIN index stores the min and max value for each block of data on disk. For sequentially-inserted time-series data, that’s all you need — when you query a range, Postgres skips entire physical chunks of the table that can’t possibly contain matching rows.

CREATE INDEX events_received_brin
ON events USING BRIN (received)
WITH (pages_per_range = 128);

Tiny index, huge table, very fast range scans. Pair it with monthly or daily partitions and you have something that comfortably handles billions of rows for most “I need a TSDB” workloads. If you cross into TimescaleDB territory, that’s also just an extension on top of Postgres — same engine, same tools.

Dashboards: materialized views, not Snowflake

A standard view re-runs its query every time. A materialized view runs the heavy query once and stores the result on disk. For dashboards that aggregate over a lot of data, this is the difference between “snappy” and “the database is on fire.”

CREATE MATERIALIZED VIEW daily_sales AS
SELECT date_trunc('day', occurred_at) AS day,
       region,
       sum(amount) AS total
FROM sales
GROUP BY 1, 2;

CREATE UNIQUE INDEX daily_sales_day_region ON daily_sales (day, region);

REFRESH MATERIALIZED VIEW CONCURRENTLY daily_sales;

CONCURRENTLY is the magic word — it refreshes in the background without locking out readers. Most “we need a data warehouse” stories I’ve heard could have started with this and grown into something heavier only if it actually became necessary.

The API layer: PostgREST, PG_GraphQL

This one’s more controversial, but worth a mention. Tools like PostgREST and the pg_graphql extension can generate a fully working REST or GraphQL API directly from your schema. Combine that with row-level security policies and a JWT-based auth layer, and your “backend” can shrink to a handful of SQL files.

I wouldn’t build a full product this way, but for internal tools, admin panels, and prototypes, it removes an absurd amount of boilerplate.

When not to do this

Here’s the honest part. Postgres scales beautifully vertically — bigger box, faster disks, you’ll get a long way. It scales much less gracefully horizontally. If you genuinely need:

• millions of writes per second across a sharded cluster,
• sub-millisecond in-memory caches for huge concurrent loads,
• globally distributed multi-region active-active writes,

…then you need the specialized tools. That’s fine. But “fine” applies to a much smaller number of teams than the architecture-Twitter discourse would have you believe. Most products live and die long before they hit those limits.

The other place to be careful: don’t pile every workload onto a single Postgres instance and then act surprised when your OLTP traffic slows down because someone is also running a 12-hour analytical query on it. Split workloads by replica or by database when it matters.

The actual takeaway

The interesting question isn’t “can Postgres replace everything?” It can’t, and it shouldn’t try.

The interesting question is: for the next piece of infrastructure I’m about to add to my stack, do I actually need it, or am I just out of practice with Postgres? In my experience, the answer is “I’m out of practice” about half the time. The other half, you reach for the specialized tool with a clear conscience and a much simpler core.

Fewer moving parts means fewer incidents, fewer cloud bills, and fewer phone calls at 2 a.m. That’s worth a lot.

I work with databases for a living — mostly SQL Server in operations work, Postgres in product work. If you’ve got a stack you’re trying to simplify (or a Postgres performance problem that’s haunting you), I’m easy to find on LinkedIn.

The standard approach has been to keep those objects in sync manually: scripts, scheduled jobs, documentation that someone eventually stops updating. It works until it doesn’t.

Contained Availability Groups in SQL Server 2022 address this directly. Here’s how they work, what they solve, and where the boundaries are.

How It Works

A Contained AG maintains AG-local versions of the system databases. When the AG is created with the CONTAINED option, SQL Server creates two additional databases that replicate as part of the AG:

• [AG_Name]_master — AG-local master context
• [AG_Name]_msdb — AG-local msdb context

For example, an AG named ContainedAG would have ContainedAG_master and ContainedAG_msdb.

Logins, Agent jobs, DB Mail profiles, and linked servers that you create through the AG listener are stored in these AG-local databases — not in the instance-level system databases. They replicate to all replicas and fail over with the AG.

CREATE AVAILABILITY GROUP [ContainedAG]
WITH (
    CLUSTER_TYPE = WSFC,
    CONTAINED
)
FOR DATABASE [YourDatabase]
REPLICA ON
    N'Node1' WITH (
        ENDPOINT_URL      = N'TCP://node1.domain.local:5022',
        AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
        FAILOVER_MODE     = AUTOMATIC,
        SEEDING_MODE      = AUTOMATIC
    ),
    N'Node2' WITH (
        ENDPOINT_URL      = N'TCP://node2.domain.local:5022',
        AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
        FAILOVER_MODE     = AUTOMATIC,
        SEEDING_MODE      = AUTOMATIC
    );

To create objects in the contained context, connect through the AG listener — not directly to the instance. Objects created via the listener land in the AG-local system databases:

-- Creates the login in ContainedAG_master, not instance-level master
CREATE LOGIN [app_svc]
    WITH PASSWORD    = N'...',
    DEFAULT_DATABASE = [YourDatabase];

What Changes Operationally

Login and job consistency after failover. This is the core benefit. Logins and Agent jobs created through the listener exist on all replicas from the start. There’s no post-failover sync step. In environments where failovers have historically required follow-up work on instance-level objects, this removes a significant chunk of that manual overhead.

DR site setup is simpler. When a new replica joins the AG, AG-local objects come along with replication. You don’t need a separate synchronization process for logins and jobs that belong to the AG’s scope.

Cleaner object isolation in multi-AG environments. On instances running several AGs — common in shared infrastructure or consulting setups — each Contained AG carries its own login and job context. Objects for one AG don’t need to exist at the instance level, which reduces configuration drift across AGs over time.

Limitations

SQL Agent jobs run on the primary only. Agent jobs replicate to all replicas in the contained context, but they execute only on the current primary. If your jobs have any node-specific assumptions, review them before migrating.

Contained AGs are not a security boundary. Microsoft is explicit about this. The AG-local system databases are a configuration consistency mechanism — not an isolation layer. Instance-level sysadmin access still reaches the AG databases. Building a multi-tenant security model around Contained AGs is not supported and not safe.

No in-place conversion from a traditional AG. There is no ALTER AVAILABILITY GROUP ... ADD CONTAINED. Converting an existing AG means creating a new Contained AG and migrating databases into it. This is worth planning carefully if you have many databases or complex Agent job configurations.

Instance-level objects remain separate. The AG-local [AG_Name]_master and [AG_Name]_msdb exist alongside the instance-level system databases — they don’t replace them. Startup procedures, server-scoped configuration (sp_configure), instance-wide linked servers, and certificates not scoped to the AG still need to be managed independently on each replica.

Not all msdb objects are covered. SSIS packages stored in msdb, certain maintenance plan metadata, and some system-managed jobs do not replicate. Audit your msdb contents before assuming everything will be included.

Object Replication: What’s Covered

When to Use It

Contained AGs make the most sense for new deployments on SQL Server 2022 where you want login and job consistency handled at the infrastructure level rather than through scripts. The benefit is most visible in environments with frequent failovers, regular DR testing, or teams where multiple people manage the secondary replicas.

For existing environments: if your current sync process is reliable and tested, rebuilding the AG as a contained one carries real disruption. It’s not necessarily worth doing mid-cycle. For greenfield setups, there’s little reason not to use it.

I work as a database architect and consultant across logistics, banking, and healthcare environments — AlwaysOn clusters are a recurring topic. Feedback or questions: LinkedIn.

That’s NemoClaw. And I kind of love it.

What Even Is NemoClaw?

Let me back up — and sort out three terms that get conflated a lot.

OpenShell is NVIDIA’s secure container runtime for AI workloads. It’s the actual sandbox layer: Landlock-based filesystem isolation, network proxy with policy enforcement, process restrictions. The thing that actually makes sure the agent can’t read your SSH keys or phone home to a random server.

OpenClaw is the agent framework — the layer that connects a language model to tools, memory, and channels like Slack or Discord.

NemoClaw is the reference stack that ties both together. It’s the CLI, the onboarding flow, the policy presets, the deployment tooling, and all the hardening decisions that turn “here’s a container with an agent” into something you can actually run in production without lying awake at night.

Think of it less as “Docker, but for AI” and more as the opinionated security wrapper that reduces the blast radius when an agent goes off-script — because they will, eventually.

The core insight: when you give an AI agent access to your terminal, your files, and your APIs, you need guardrails. Not because AI is inherently malicious, but because AI is confidently wrong in ways that can be catastrophic. NemoClaw defines exactly what the agent is allowed to touch — and enforces it at the runtime level, not just by convention.

In concrete terms, NemoClaw lets you:

• Run AI coding agents (Claude, GPT-4, local Ollama/vLLM models) inside an OpenShell sandbox — the agent can write code, run tests, make API calls, and open PRs, but stays within explicitly defined boundaries
• Define network policies — exactly which endpoints the agent can reach, with which HTTP methods, on which paths. Want the agent to use Slack but not be able to delete channels? One YAML stanza.
• Use local or cloud inference — NVIDIA NIM, vLLM, Ollama on your own hardware, or cloud providers. nemoclaw onboard walks you through the whole setup in minutes.
• Isolate filesystem access — Landlock enforcement means the agent can only read/write what you explicitly allow. Your SSH keys, your production configs, your secrets — not accessible.
• Integrate with messaging — Telegram, Slack, Discord. The agent can send updates or accept instructions through these channels, with the same policy enforcement in place.
• Automate enterprise workflows — Jira, Outlook, GitHub. You configure the preset, the agent handles the repetitive work, and the policy layer makes sure it stays in its lane.

The CLI is TypeScript, the orchestration is Python, the policy files are YAML, and the hardening is… a lot of bash. A lot of bash.

Why Do I Contribute in My Free Time?

Honest answer: because the problem is genuinely interesting.

Security for AI agents is not a solved problem. It’s not even a well-framed problem yet. Most people are either in the “just let it rip and hope for the best” camp or the “don’t give it any tools at all” camp. NemoClaw is trying to chart a path down the middle — maximum capability, minimum attack surface. That’s hard engineering.

The second reason is more practical: I use this stuff. I run OpenClaw (the agent framework) on my own infrastructure, and NemoClaw is directly relevant to how those agents operate. When I fix a bug here, I’m also fixing it for myself.

The third reason, and I’ll be honest here, is that contributing to a project with active NVIDIA engineers reviewing your code is a pretty good way to learn. cv (one of the maintainers) writes review comments that are worth more than most blog posts. When he approves something with “Security design is sound — three independent defense layers verified,” that means something.

What We’ve Actually Shipped

Over the past few weeks, my AI assistant Rainer and I (yes, I use an AI agent to help contribute to an AI agent sandbox project, the irony is not lost on me) have gotten a non-trivial list of PRs merged:

Sandbox hardening:

• #830 — Removed gcc, g++, cpp, make, and netcat from the sandbox image. These tools have no business being in an agent’s runtime environment. ulimit hard+soft limits added.
• #654 — Multi-layer config protection: openclaw.json moved to /etc/openclaw/ (outside the agent-writable tree), root:root 555 permissions, TOCTOU guard with rmtree before the runtime copy. Three independent layers. Took several rounds of review to get right — including discovering that tool_policy is not a valid OpenShell schema field (more on that below).

CLI fixes:

• #1245 — registry.clearAll() was called unconditionally on gateway destroy, which wiped your sandbox list even if the destroy failed. Now it only runs on success.
• #1246 — Secret patterns (API keys, tokens) are now redacted from CLI log output and error messages before they hit disk or stdout. Simple but important.
• #1526 — The nemoclaw destroy confirmation prompt now explicitly tells you that workspace files will be permanently deleted. Previously it just said “This cannot be undone.” Technically true, but not helpful.
• #1884 — Model and provider were never persisted to the sandbox registry after onboarding. registry.updateSandbox() was called before registerSandbox(), so it silently no-oped. One line fix, annoying to track down.

Policy and network:

• #1540 — Two policy preset fixes: the HuggingFace inference endpoint had migrated from api-inference.huggingface.co to router.huggingface.co (the old one returns HTTP 410), and the Discord preset allowed DELETE on all paths including channels and roles. Scoped it down to message/reaction paths only.
• #1700 — The baseline sandbox policy included /usr/local/bin/npm and /usr/local/bin/node in the npm_registry binaries list, which meant npm install worked even with the “none” policy preset selected. The entry exists for openclaw plugins install only. Fixed.
• #1885 — Removed the deprecated tls: terminate field from every policy YAML in the repo — 40 lines gone across presets, the baseline policy, and the Hermes agent additions. Was generating WARN logs on every sandbox start.

Runtime improvements:

• #980 — vLLM and NVIDIA NIM backends were broken with the standard chat completions API. Added forced routing to the right API type during onboard.
• #1359 — Podman support alongside Docker. Socket detection, CoreDNS patching, the works.
• #433 — Kubelet conflict detection before gateway start. If you’re running k3s, MicroK8s, or kubeadm on the same host, the cgroup namespace clash will silently break things. Now you get a warning.

The tool_policy Lesson

I want to tell this story because it’s a good one.

PR #654 — the config hardening one — looked clean. cv approved it. The security design was solid. And then ericksoa dug into the OpenShell Rust source code and found that PolicyFile uses #[serde(deny_unknown_fields)]. Which means if you add a field OpenShell doesn’t know about — like, say, a tool_policy block — it doesn’t ignore it. It rejects the entire policy file at deserialization time. Sandboxes fail to start.

We had been so focused on the security logic that nobody had checked the schema constraints. The fix was straightforward (remove the block, add a comment explaining why it’s absent and what the actual enforcement is), but it was a good reminder that “looks good in YAML” and “parses correctly at runtime” are two different things.

This is the kind of thing you only learn by actually submitting code to a project with people who read the source.

The Rebase Loop

One thing nobody tells you about open-source contribution is the rebasing. You open a PR, it looks good, someone reviews it, you address the feedback, you push — and then three days later there’s a merge conflict because 40 other commits landed on main.

I have a small script at this point that fetches upstream, rebases, force-pushes, and leaves a comment so the maintainer knows it’s been updated. I’ve used it approximately forty-seven times across these PRs. The fix/kubelet-cgroup-conflict branch has been rebased so many times it knows the codebase better than I do.

What’s Next

A few PRs are still in review — the tamper-evident audit logging (#916), the kubelet detection (#433), the K8s resource limits (#1448). There are also some newer issues I’m tracking: sandbox image missing gnupg, the Slack SLACK_APP_TOKEN not being forwarded, the nemoclaw list resurrection bug.

The project is moving fast. Between PRs, there was a full TypeScript migration of the CLI (which required rebasing everything again, obviously), new preset infrastructure, and a handful of security audit issues opened in bulk. It’s an active codebase.

If you’re interested in AI agent security, sandboxing, or just want to contribute to something that actually runs NVIDIA inference workloads in production — take a look at github.com/NVIDIA/NemoClaw. The maintainers are responsive, the reviews are thorough, and there are always open issues that need someone to pick them up.

Just don’t put tool_policy in your YAML.

This post covers what you need to know: supported upgrade paths, the three main methods, Always On rolling upgrades, and what to check before you touch anything in production.

Supported Source Versions

Not every version can upgrade directly to SQL Server 2022. According to Microsoft’s official documentation, in-place upgrades are supported from:

If you’re on SQL Server 2008 or 2008 R2, you cannot upgrade directly — you’ll need to go via an intermediate version (e.g., 2014 or 2016) first. Same if you’re on SQL Server 2012 SP3 or lower: get to SP4 before you attempt anything.

Also worth noting: SQL Server 2022 is 64-bit only. If you’re still running a 32-bit SQL Server instance (unlikely in 2026, but it happens in legacy environments), you can’t do an in-place upgrade. You’ll need to restore databases to a fresh 64-bit installation and recreate all logins manually.

Before You Touch Anything: The Checklist

Every DBA has a story about an upgrade that went sideways because someone skipped the prep work. Here’s what actually matters:

1. Get sign-off from the application vendor. This is the step most people skip and then regret. Before you upgrade the SQL Server, confirm that your application supports SQL Server 2022. Some ISVs are slow to certify new versions, and you don’t want to find out post-upgrade that your ERP system throws errors.

2. Check OS compatibility. SQL Server 2022 requires Windows Server 2019 or later. If you’re running Windows Server 2016, you’re still fine. Windows Server 2012 R2? You’ll need to upgrade the OS first — or migrate to new hardware.

3. No pending restarts. SQL Server Setup will block the upgrade if Windows has a pending restart. Check with Get-PendingReboot (from the PendingReboot module) or just reboot before you start.

4. Full backups — and verify them. This sounds obvious, but verify that your backups actually restore. A backup you haven’t tested is not a backup.

-- Check last backup dates for all user databases
SELECT 
    d.name,
    MAX(b.backup_finish_date) AS last_full_backup,
    DATEDIFF(HOUR, MAX(b.backup_finish_date), GETDATE()) AS hours_since_backup
FROM sys.databases d
LEFT JOIN msdb.dbo.backupset b 
    ON d.name = b.database_name AND b.type = 'D'
WHERE d.database_id > 4
GROUP BY d.name
ORDER BY last_full_backup ASC;

5. Check database compatibility levels. Post-upgrade, your databases will keep their existing compatibility level. You should plan to raise them — but not on upgrade day. Raise them in a maintenance window after you’ve confirmed everything works.

-- Current compatibility levels
SELECT name, compatibility_level FROM sys.databases ORDER BY name;

-- SQL Server 2022 native level is 160
-- SQL Server 2019 = 150, 2017 = 140, 2016 = 130

6. Run the Database Experimentation Assistant (DEA) or Query Store. If you’re going from 2016 or later, enable Query Store before the upgrade, let it collect a workload baseline, then compare after the compatibility level change. DEA does this comparison automatically and flags query regressions.

7. Disable Auto-Failover (if Always On). More on this below.

The Three Upgrade Methods

Method 1: In-Place Upgrade

The simplest path. You run SQL Server 2022 Setup on the existing server, it replaces the binaries, upgrades the system databases, and you’re done. IP address, instance name, and port don’t change — applications don’t need to be reconfigured.

Pros:

• Fast (downtime is typically 15–45 minutes, independent of database size)
• No application reconfiguration
• Logins, jobs, and linked servers are preserved automatically

Cons:

• If something goes wrong, rollback means restoring from backup (time-consuming)
• You can’t add new features during the upgrade; you have to run Setup again afterward
• Not supported for 32-bit instances or cross-platform upgrades

When to use it: When you have a maintenance window, a solid backup, and a relatively straightforward environment without custom components that might conflict.

Method 2: Side-by-Side Migration (New Server)

You set up a fresh SQL Server 2022 instance on new hardware (or a new VM), then migrate databases using backup/restore or detach/attach, recreate logins, and reconfigure your application to point at the new server.

# dbatools makes this significantly easier
# Copy all user databases from old to new server
Copy-DbaDatabase -Source OLDSQLSERVER -Destination NEWSQLSERVER2022 `
    -Database (Get-DbaDatabase -SqlInstance OLDSQLSERVER -ExcludeSystem).Name `
    -BackupRestore -SharedPath \\fileserver\backup -WithReplace

# Sync logins (including passwords and SIDs)
Copy-DbaLogin -Source OLDSQLSERVER -Destination NEWSQLSERVER2022

# Copy SQL Agent jobs
Copy-DbaAgentJob -Source OLDSQLSERVER -Destination NEWSQLSERVER2022

Pros:

• Clean installation on new hardware
• Easy rollback (old server still exists)
• Opportunity to consolidate or change hardware specs

Cons:

• Application connection strings must be updated (or DNS aliasing used)
• Takes longer, especially for large databases
• More operational complexity

When to use it: When you’re also replacing hardware, when rollback safety is paramount, or when your environment has grown significantly since the last SQL Server install.

Method 3: Rolling Upgrade with Always On Availability Groups

If you’re running Always On AGs, you can upgrade with near-zero downtime. The approach works because SQL Server supports mixed-version AGs during the upgrade window.

The sequence:

1. Disable automatic failover on all AG groups before you start.

2. Upgrade secondary replicas first — start with async secondaries, then sync secondaries. During this period, replication from primary to upgraded secondary still works (newer versions can receive from older primaries).

3. Failover to an upgraded secondary. Your primary is now on SQL Server 2022. The old primary becomes a secondary.

4. Upgrade the remaining replicas (including what was the original primary).

5. Re-enable automatic failover.

Important caveat: while the primary is still on the old version and a secondary has been upgraded to 2022, you temporarily lose the ability to failover back to the old-version secondary. Plan your maintenance window accordingly.

-- Check AG synchronization state before and during upgrade
SELECT 
    ag.name AS ag_name,
    ar.replica_server_name,
    ars.role_desc,
    ars.synchronization_health_desc,
    ars.last_redone_time
FROM sys.availability_groups ag
JOIN sys.availability_replicas ar ON ag.group_id = ar.group_id
JOIN sys.dm_hadr_availability_replica_states ars ON ar.replica_id = ars.replica_id;

After the Upgrade: Don’t Forget the Compatibility Level

This is the most commonly skipped step post-upgrade. Your databases are now running on SQL Server 2022 but still operating at their old compatibility level — which means they don’t benefit from new query optimizer improvements, better cardinality estimator behavior, or features like Parameter Sensitive Plan optimization (new in 2022).

Do this in a separate maintenance window, after you’ve confirmed stability:

-- Step 1: Enable Query Store to capture baseline before changing compat level
ALTER DATABASE YourDatabase SET QUERY_STORE = ON;
ALTER DATABASE YourDatabase SET QUERY_STORE (OPERATION_MODE = READ_WRITE);

-- Step 2: Change compatibility level
ALTER DATABASE YourDatabase SET COMPATIBILITY_LEVEL = 160;

-- Step 3: Monitor for regressions
-- If a query regresses, you can force the old plan via Query Store
-- or temporarily revert compat level while you investigate

Wait at least a week of production load at the new compatibility level before declaring the upgrade complete. Query Store will show you if any plan regressions happened.

A Note on SQL Server 2022 Features Worth Using After Upgrade

Once you’re fully on 2022 with compatibility level 160:

• Parameter Sensitive Plan (PSP) optimization — automatically creates multiple query plans for parameterized queries where a single plan performed poorly. This is a significant improvement for workloads with data skew.
• Improved Query Store defaults — enabled by default in new databases; includes read replica support.
• Ledger tables — tamper-evident tables backed by cryptographic hashes. Useful for compliance scenarios.
• Azure Synapse Link — if you have hybrid or Azure-connected scenarios.
• S3-compatible object storage for backup** — backup directly to any S3-compatible endpoint (MinIO, Cloudflare R2, etc.), not just Azure Blob.

Why SQL Server Upgrades Really Fail (It’s Not the Technology)

Here’s something most upgrade guides won’t tell you: the technical part is rarely where upgrades fall apart. The blockers are almost always organizational.

Third-party software is the #1 real-world killer. You’ve done everything right — backups, testing, maintenance window booked — and then you discover your ERP vendor hasn’t certified SQL Server 2022 yet. Or your hospital information system (HIS) has a hardcoded SQL Server version check that throws an error on anything newer than 2016. These things exist in production, and they will surprise you if you don’t check upfront.

Microsoft explicitly calls this out in their upgrade guidance: verify third-party compatibility before you start. This means contacting vendors, checking their compatibility matrices, and getting written confirmation. Don’t rely on “it should work.”

Other common reasons upgrades fail in practice:

• Missing vendor sign-off — upgrade happens, application breaks, vendor says “unsupported configuration, fix it yourself”
• No staging environment — first test of the upgraded stack is production
• Incorrect expectations about downtime — stakeholders weren’t told there would be a maintenance window, causing last-minute cancellations
• Forgotten dependencies — linked servers, SSIS packages, Reporting Services, custom CLR assemblies that need recompilation
• Skipped compatibility level raise — databases upgraded but running with “handbrake on” at old compat level for months

The pattern is always the same: the SQL Server upgrade itself takes 20 minutes. The surrounding project work takes weeks.

My Recommendation from the Field

If you ask me directly: default to Side-by-Side migration over In-Place Upgrade, especially in production environments.

Yes, in-place is faster and simpler on paper. But side-by-side gives you something that in-place doesn’t: your old server still exists and still works. If something goes wrong post-migration — an application compatibility issue surfaces 48 hours later, a stored procedure behaves differently at the new compatibility level — you can fail back immediately without a restore.

The extra effort of a side-by-side migration (DNS alias switchover, migrating logins with dbatools) pays off the first time something unexpected happens. And in my experience, something unexpected happens on roughly one in three upgrades.

The one exception: if you’re running Always On AGs, use the rolling upgrade method. It’s the only approach that lets you maintain HA throughout the process.

Quick-Reference Checklist

Print this out or put it in your runbook:

Pre-Upgrade

• Vendor compatibility confirmed (written, not verbal)
• OS version supported (Windows Server 2019+ for SQL 2022)
• No pending Windows restarts
• All databases in FULL recovery model
• Full backup taken and restore-tested
• Query Store enabled for baseline collection
• Maintenance window scheduled and communicated
• Rollback plan documented
• Auto-failover disabled (if Always On)

During Upgrade

• AG sync state verified before each replica upgrade (if rolling)
• System databases checked post-upgrade
• SQL Agent running
• Application smoke test completed

Post-Upgrade

• Compatibility level raised (in separate maintenance window)
• Query Store monitored for plan regressions (min. 1 week)
• Auto-failover re-enabled (if Always On)
• Documentation updated
• Old server decommissioned (not immediately — keep it for 2–4 weeks)

Summary

The upgrade itself is usually not the hard part. The preparation — vendor sign-off, OS compatibility, backup verification, baseline collection — is what determines whether the upgrade is a non-event or a weekend of fire-fighting.

If you’re running SQL Server 2014 or older, the support lifecycle argument alone makes the upgrade mandatory: SQL Server 2014 exited Extended Support in July 2024. At this point you’re running unsupported software in production.

Do the upgrade. Do it properly. And raise the compatibility level afterward.

Questions or something to add? Open an issue or drop a comment below.

I was knee-deep in NemoClaw pull request reviews — fixing CodeRabbit feedback, guarding registry.clearAll() on successful gateway destroys, adding JSDoc coverage — when my AI assistant (Rainer, running on OpenClaw) suddenly stopped being able to run any shell commands.

Not some commands. All commands.

exec denied: allowlist miss

Every. Single. Time.

What OpenClaw Is

OpenClaw is a self-hosted AI assistant runtime. You run it on your own server, connect it to Discord (or Signal, Telegram, etc.), and your AI assistant lives there — with access to your workspace, your repos, your tools. It’s powerful precisely because it can actually do things, not just talk about doing things.

Which makes it particularly frustrating when it can’t do things.

The Symptom

Rainer (my OpenClaw assistant) was responding to messages just fine. Memory, reasoning, GitHub API calls via web_fetch — all working. But anything requiring exec — git commands, prettier, gh CLI, grep — was blocked:

exec denied: allowlist miss

I tried restarting the gateway. I tried openclaw gateway restart. I tried stop + start. Nothing helped. The error persisted across session restarts, across new sub-agents, across everything.

The Hunt

After about two hours of back-and-forth (yes, two hours — the irony of an AI assistant that can’t help you fix its own broken shell access is not lost on me), we found it.

OpenClaw v2026.3.31 introduced a breaking change:

“honor per-agent tools.exec defaults when no inline directive or session override is present”

Before this update, the tools.exec.security config key was silently ignored if missing. After the update, it’s actually enforced. And since it was never explicitly set in my config, it fell back to the built-in default: allowlist — a restrictive mode that blocks most exec calls.

The problem is documented in the v2026.3.31 release notes, but it’s easy to miss if you’re not actively reading changelogs on every update.

The Fix

One line in ~/.openclaw/openclaw.json:

"tools": {
  "exec": {
    "security": "full"
  }
}

That’s it. Add that block, do a full gateway stop + start (not just restart — restart wasn’t enough to pick up the change), and exec works again.

The full sequence that fixed it:

openclaw gateway stop
sleep 2
openclaw gateway start

Why It Took So Long

A few things made this harder to debug than it should have been:

1. The error message doesn’t tell you what to do.
exec denied: allowlist miss accurately describes what happened, but gives you no hint about why the allowlist is in effect or how to change it. A message like “exec blocked by tools.exec.security=allowlist — set to ‘full’ to allow” would have cut debug time by 90%.

2. The breaking change was behavioral, not syntactic.
The config file didn’t break. OpenClaw still started fine. Everything looked normal. The change was that a previously-ignored config key now had real consequences — which is the hardest class of breaking change to notice.

3. Sub-agents couldn’t help.
When the main session can’t exec, spawning sub-agents doesn’t help — they inherit the same restriction. So you can’t use your AI to debug the problem that’s preventing your AI from working. Classic.

What I Learned

If you’re running OpenClaw and update to v2026.3.31 or later, explicitly set tools.exec.security in your config. Don’t rely on the default. The recommended setting depends on your threat model:

• "full" — No restrictions. The assistant can run any shell command. Fine if you trust your setup and channel security.
• "allowlist" — Restricts to a pre-approved command list. More secure, but requires maintaining the list.
• "deny" — Blocks all exec. Useful for read-only or untrusted environments.

The relevant docs are at docs.openclaw.ai.

The Silver Lining

Once exec was restored, we knocked out three NemoClaw PR reviews in about 20 minutes:

• #1245 — guarded registry.clearAll() on successful gateway destroy (CodeRabbit: Major)
• #1246 — added JSDoc coverage to all runner.js functions, pushing docstring coverage from 22% to 100%
• #1247 — fixed a sneaky "x" * 5000 → NaN bug in a regression test (JS string multiplication returns NaN, not a long string)

Not a bad morning’s work — once the tools actually worked.

Running OpenClaw on a local server and contributing to open source through Discord. If you hit similar issues, check the release notes before assuming it’s a config problem on your end.

Yeah. That was my Monday morning.

The Problem Nobody Noticed

PAMlab has been running for a while now — six mock APIs simulating Active Directory, Fudo PAM, Matrix42 ESM, ServiceNow, JSM, and BMC Remedy. The whole point is to build and test access management workflows without touching production. And it worked. Technically.

But there was a catch. When I sat down to do a proper integration test — not just “does the endpoint return 200” but “does the security behavior make sense” — things fell apart fast.

The Active Directory mock? You could bind with any password:

# This should fail. It didn't.
curl -X POST http://localhost:8445/api/ad/auth/bind \
  -H "Content-Type: application/json" \
  -d '{"dn": "CN=Administrator,OU=Users,DC=corp,DC=local", "password": "totallyWrong"}'

# → 200 OK, here's your token. Come on in.

Same story with the Remedy mock. POST /api/jwt/login with garbage credentials? Here’s a valid JWT, no questions asked.

For a PAM sandbox — a project specifically about access management — that’s embarrassing. If your mock doesn’t reject bad passwords, every downstream integration test that depends on auth behavior is lying to you.

The Auth Fix

The fix itself was straightforward. AD bind now validates against a credential allowlist:

# Wrong password → 401
curl -s -w " [HTTP %{http_code}]" -X POST http://localhost:8445/api/ad/auth/bind \
  -H "Content-Type: application/json" \
  -d '{"dn": "CN=Administrator,OU=Users,DC=corp,DC=local", "password": "totallyWrong"}'
# → {"error":"Invalid credentials","message":"LDAP bind failed: wrong password"} [HTTP 401]

# Correct password → 200
curl -s -w " [HTTP %{http_code}]" -X POST http://localhost:8445/api/ad/auth/bind \
  -H "Content-Type: application/json" \
  -d '{"dn": "CN=Administrator,OU=Users,DC=corp,DC=local", "password": "admin"}'
# → {"token":"...","bind_dn":"CN=Administrator,...","message":"Bind successful"} [HTTP 200]

Basic Auth got the same treatment — both on the AD mock and the Remedy mock. The Remedy JWT endpoint now returns a proper 401 "Authentication failed: invalid password" instead of handing out tokens like candy.

It’s a mock, sure. But mocks that don’t enforce auth boundaries train you to write integrations that don’t handle auth failures. And that’s exactly the kind of bug that shows up at 3 AM in production.

The Missing Webhooks

While I was at it, I noticed two more gaps. Matrix42 and JSM both claim to support event-driven workflows in the README — but neither had webhook endpoints.

Matrix42 webhook registration:

curl -s -X POST http://localhost:8444/m42Services/api/webhooks \
  -H "Authorization: Bearer pamlab-dev-token" \
  -H "Content-Type: application/json" \
  -d '{"url": "http://example.com/hook", "events": ["ticket.created"]}'
# → 201, returns webhook ID + event subscription

JSM got a similar treatment with /rest/webhooks/1.0/webhook — the standard Atlassian webhook path. Now you can actually test event-driven approval flows without pretending the webhook exists.

Fudo Account Sync: The Silent Breaker

This one was subtle. The Fudo PAM mock required a server_id when creating accounts. Makes sense in production — you need to know which server the account lives on. But in an onboarding pipeline, the first thing you do is create the account. You don’t necessarily have the server mapping yet.

The fix: auto-assign the first available server when server_id is omitted. The pipeline keeps flowing, and the mapping can be refined later. Small change, big difference for anyone trying the onboarding demo.

# No server_id → auto-assigns to first available server
curl -s -X POST http://localhost:8443/api/v2/accounts \
  -H "Authorization: Bearer pamlab-dev-token" \
  -H "Content-Type: application/json" \
  -d '{"name": "new-account", "login": "testuser"}'
# → 201, server_id: "20000000-0000-0000-0000-000000000001"

The Code Quality Pass

Fixing bugs is satisfying. But the codebase had accumulated some debt that was bugging me.

The double exports. Every single server.js — all seven of them — ended with:

module.exports = app;

module.exports = app;

Harmless, but it screams “nobody reviewed this.” Gone now.

Compressed server files. The Express app setup was crammed into as few lines as possible. Health endpoints were one-liners. No section comments. Reading a server.js felt like decoding morse code. I reformatted all of them with consistent sections:

// --- Middleware ---
app.use(cors());
app.use(express.json());

// --- Public Routes ---
app.use('/api/ad/auth', require('./routes/auth'));

// --- Protected Routes ---
app.use('/api/ad/users', authMiddleware, require('./routes/users'));

// --- Health & Admin ---
app.get('/health', (req, res) => {
  res.json({ status: 'ok', service: 'ad-mock-api', domain: 'corp.local' });
});

The pipeline engine. This one was worse. Synchronous file reads everywhere — fs.readFileSync in async handlers, fs.existsSync before every read, fs.readdirSync for listing pipelines. In a web server. Serving API requests.

Converted everything to fs.promises.* with proper async/await. Added input validation (the pipeline runner would happily try to execute undefined). Added structured JSON logging instead of bare console.log.

Prettier + ESLint. Added .prettierrc.json and .eslintrc.json to the repo root. Ran Prettier across all 115 source files. Now npm run format and npm run lint work from the project root.

The Matrix42 Fragment API

This was a documentation problem that became a code problem. The Matrix42 mock had fragments — data objects organized by data definition name. You could create them, read them by ID, update them. But:

• GET /api/data/fragments/:ddName (without an ID) → 404. No way to list fragments.
• DELETE /api/data/fragments/:ddName/:fragmentId → didn’t exist.

So CRUD was missing the L and the D. Added both:

# List all fragments for a data definition
curl -s http://localhost:8444/m42Services/api/data/fragments/SPSUserClassBase \
  -H "Authorization: Bearer pamlab-dev-token" | jq '.items | length'
# → 10

# Delete a specific fragment
curl -s -X DELETE http://localhost:8444/m42Services/api/data/fragments/SPSUserClassBase/some-id \
  -H "Authorization: Bearer pamlab-dev-token"
# → 204 No Content

The Smoke Test

I wrote scripts/smoke-test.sh — one script that tests the complete onboarding path:

1. Health checks on all 6 services
2. AD auth (valid + invalid credentials)
3. Remedy auth (valid + invalid)
4. Matrix42 ticket creation
5. AD user creation + group assignment
6. Fudo account creation (without server_id)
7. Matrix42 webhook registration
8. JSM webhook registration
9. Pipeline dry-run

Each step prints [PASS] or [FAIL]. Exit code 0 means everything works. CI-ready.

The README Restructure

The README got feedback that it was too dense up front. Fair point — the first thing you saw was a 9-row system table, a “Problem” section, and a “Solution” section, before you even got to docker-compose up.

Restructured it: TL;DR → Getting Started → Minimal Quickstart → Architecture. The system table moved below the quick start. Added a “Minimal Quickstart” section that goes from zero to working in three curl commands (Matrix42 ticket → AD user → group assignment). CyberArk is now clearly marked as optional.

Also added a “Mock API Realism” section. Because this is a sandbox, not a production clone, and that should be obvious to anyone evaluating it.

The Numbers

Before today:

• 82 tests passing, 8 failing, 8 warnings
• Auth validation: non-existent
• Webhooks: missing
• Code style: inconsistent

After today:

• 124 tests passing, 0 failing, 0 warnings
• Auth rejects invalid credentials across all services
• Webhooks work for Matrix42 and JSM
• Prettier + ESLint across the entire codebase
• One-command smoke test for the full onboarding path

What I Learned

Mock APIs are deceptively easy to get wrong. The happy path works from day one — but the error paths, the auth validation, the edge cases in CRUD operations? Those are what make a sandbox actually useful for development.

If your mock accepts any password, your integration code will never handle auth failures. If your mock doesn’t have webhooks, your event-driven workflows are built on assumptions. If your test report has warnings that you’ve been ignoring, your quality story has holes.

Today was about closing those holes. Not glamorous, but the kind of work that separates a demo from a tool.

PAMlab is open source under Apache 2.0: github.com/BenediktSchackenberg/PAMlab

Previous posts: Introducing PAMlab · PAMlab Studio V2

Today it’s a completely different beast. And the story of how it got there is worth telling, because it touches on something I think most tooling projects get wrong: the gap between “technically works” and “someone would actually use this.”

The Problem With V1

PAMlab v1 had working mock APIs and a code editor. You could write PowerShell, hit Run, and see results. Mission accomplished, right?

Not really. Here’s what happened when I sat down to actually use it:

1. I loaded the Onboarding template. It created a user called “Sarah Connor” in the AD mock.
2. I tweaked some params. Ran it again. 409 Conflict — user already exists.
3. I opened the Emergency Revoke template. It tried to block a Fudo user by ID. The ID was FROM_STEP_5. 422 — “Valid user_id required.”
4. I clicked the Debug button. Nothing happened. Export? Nothing. Save? You guessed it.

The buttons were decorative. The templates had placeholder values that couldn’t resolve. And running the same workflow twice was a guaranteed crash because the first run’s test data polluted the second run.

This is the kind of thing that separates a proof of concept from a tool. And I had a proof of concept.

The Fix: Everything

Instead of patching individual bugs, I decided to rebuild the entire user experience in one session. Here’s what that looked like.

Cross-Step References (The Non-Obvious Problem)

This was the most interesting engineering challenge. In a real provisioning workflow, steps depend on each other:

Step 1: Create Matrix42 Ticket     → returns ticket_id
Step 5: Create Fudo PAM User       → returns user_id
Step 6: Add User to Fudo Group     → needs Step 5's user_id
Step 8: Close Ticket               → needs Step 1's ticket_id

In production PowerShell, you’d write $step5Result.id. But in the PAMlab runner, the script is parsed into API calls and executed sequentially. There’s no PowerShell runtime — just a JavaScript loop calling fetch().

The solution was a step resolver that sits between the parser and the executor:

// After each step, extract IDs from the response
stepResults[i + 1] = extractIds(res.data);

// Before executing the next step, resolve references
const resolvedCall = resolveStepReferences(calls[i], stepResults);

The resolver understands different response formats: Fudo returns { id: "..." }, Matrix42 returns { ID: "..." }, ServiceNow wraps everything in { result: { sys_id: "..." } }, and Jira uses { key: "ITSM-12" }. One function, five different ID extraction patterns.

It’s the kind of plumbing that nobody notices when it works, but breaks everything when it doesn’t.

The Test Sandbox

The second big problem: running templates more than once. The Onboarding template creates “Sarah Connor” — run it twice and the AD mock returns 409 because Sarah already exists.

The fix was a test runner that generates random identities:

Template says: s.connor / Sarah Connor
Test run uses: test-a3f8b / Test User A3F8B

It replaces every known demo username in the generated script with a random identifier, runs it, and then offers a “Cleanup” button that deletes everything the test created. AD users, Fudo users, group memberships, tickets — all tracked during execution and reversible after.

Combined with a “Reset Mock Data” button that reloads all seed data across all 7 APIs, you can now iterate on workflows indefinitely without accumulating garbage state.

Stable UUIDs (The Subtle Fix)

Here’s a fun one. The Fudo mock used uuidv4() to generate IDs for all seed data — users, groups, safes, servers. Every time the API restarted, every ID changed.

This meant the workflow templates couldn’t reference Fudo groups or safes by ID, because the IDs were different every time. I replaced all seed IDs with deterministic UUIDs:

// Before: random every restart
{ id: uuidv4(), name: 'RDP-Server-Admins' }

// After: stable forever
{ id: '70000000-0000-0000-0000-000000000001', name: 'RDP-Server-Admins' }

Simple change, huge impact. Now templates can hard-reference 70000000-0000-0000-0000-000000000001 and it’ll always be the RDP-Server-Admins group.

Five Real Templates

With stable IDs and cross-step resolution, I could finally build templates that actually work:

All five templates verified end-to-end: 26 API calls, 26 successful responses. You can load any of them, hit Run, and watch the entire flow execute with live status updates in the inline results panel.

The Access Policy Model

While building templates, I realized the Fudo mock was missing a critical concept: Access Policies. In real Fudo, the access chain is:

AD Group (GRP-RDP-Admins)
  → linked via ad_group_dn to
Fudo Group (RDP-Server-Admins)
  → Access Policy binds to
Fudo Safe (IT-Administration)
  → contains
Servers (DC01, DB-PROD, FileServer01) + Accounts
  → accessed via
Listener (RDP / SSH)

A user in the group can access all servers in the safe through the listener. I implemented the full model:

• POST /api/v2/access-policies — create policies with group, safe, listener, time restrictions, and approval requirements
• GET /api/v2/access-policies/check/:user_id/:safe_id — check if a user has access to a specific safe
• Seed data with three pre-configured policies

This is the kind of domain modeling that makes mock APIs actually useful for testing — not just “does the API respond” but “does the business logic flow make sense.”

Fudo Mock Expansion

While at it, I expanded the infrastructure:

• 6 servers (was 3): DC01, DB-PROD, APP-ERP, FileServer01, Web-PROD, Citrix01
• 4 safes (was 2): IT-Administration, Application-Access, File-Server-Access, Web-Server-Deployment
• 6 accounts: One per server with realistic names
• All servers in the Production pool

Flow Visualization

The workflow builder now shows your steps as a visual flow diagram:

[Matrix42 🎫]──→──[AD 🏢]──→──[AD 🏢]──→──[Fudo 🔐]──→──[Fudo 🔐]──→──[Matrix42 🎫]
 Create Ticket    Create User   Add Group   Create User   Create Policy   Close Ticket
     ✅              ✅            ✅           ⏳            ⏸              ⏸

Each node is colored by system (blue=AD, green=Fudo, purple=Matrix42, orange=ServiceNow), shows the step label, and has a live status indicator. When you run the workflow, nodes light up one by one.

Production Export

Mock scripts are useless if you can’t deploy them. PAMlab Studio now has a production config system where you configure real system URLs and auth methods:

Hit “🏭 Export for Production” and the script is regenerated with proper auth blocks. Same workflow logic, different endpoints and credentials. The config can be exported/imported as JSON (with passwords masked).

The Welcome Screen

New users no longer land on a dashboard with green dots and no context. There’s now a welcome screen with:

• Feature overview (Build → Test → Ship)
• “Start with a Demo” button that loads the Onboarding template
• “Build from Scratch” option

It’s skippable and only shows once (localStorage flag). Small thing, but it’s the difference between “what am I looking at” and “oh, I should click this.”

Everything Else

• Run History: All executions saved in localStorage, viewable as a table with expandable details
• Live Dashboard Stats: Users, servers, groups, sessions, pending requests — fetched from Fudo API in real time
• Quick Actions: One-click cards for common demos (Onboarding, Emergency Revoke)
• Keyboard Shortcuts: Ctrl+Enter (Run), Ctrl+S (Save), Ctrl+E (Export)
• Settings Redesign: Three tabs — Mock APIs, Production Config, Preferences
• Mock Data Reset: POST /reset on all APIs to reload seed data

Interactive Demo

Want to see it in action without cloning the repo? Here’s an interactive walkthrough:

Use arrow keys or click the navigation dots. Open fullscreen ↗

The Numbers

Over the course of one (long) day:

• 1,400+ lines of new TypeScript/React code
• 19 files changed across frontend and all 7 mock APIs
• 6 new components: Welcome, FlowDiagram, RunHistory, testRunner, stepResolver, productionConfig
• 5 workflow templates verified end-to-end (26 API calls each)
• 0 production systems were harmed in the making of this update

What I Learned

Building developer tools is different from building user-facing products. The audience is smaller but way more demanding. They’ll find every edge case in the first five minutes because that’s literally what they do for a living.

The biggest lesson: demo data matters more than features. The test sandbox and mock data reset took maybe 20% of the development time but solved 80% of the usability problems. Nobody cares about your flow visualization if they can’t run the same template twice.

The second lesson: cross-system reference resolution is the hard part of workflow automation. Not the individual API calls — those are straightforward. It’s the $step5Result.id problem. Every orchestration tool eventually has to solve this, and most do it poorly.

Try It

git clone https://github.com/BenediktSchackenberg/PAMlab.git
cd PAMlab
docker-compose up
# Open http://localhost:3000

Load a template. Hit Run. Watch 8 API calls cascade across three different systems. Then hit “🧪 Test Run” and do it again with random data. Then export the script, change the URLs, and run it against your real environment.

That’s the whole point: build once, test safely, deploy anywhere.

GitHub — Apache 2.0, contributions welcome.

You know that feeling when you leave a comment on a GitHub issue and suddenly you’re in the middle of a security drama? Yeah, that happened.

It Started With a Simple Question

NemoClaw is NVIDIA’s open-source AI agent orchestration framework. Cool project. But while poking around the Dockerfile, something caught my eye: the container wasn’t dropping any Linux capabilities.

The container after startup. Look at all those juicy capabilities. CAP_NET_RAW? Don’t mind if I do!

For the uninitiated: Linux capabilities are like fine-grained root permissions. Docker containers get a bunch by default — including fun ones like:

• CAP_NET_RAW — craft raw packets, ARP spoofing, the works
• CAP_DAC_OVERRIDE — who needs file permissions anyway?
• CAP_SYS_CHROOT — chroot calls for everyone!

This is basically CIS Docker Benchmark 5.3: “Restrict Linux kernel capabilities within containers.” One of those things that everyone agrees on but nobody actually does.

The Docs-Only “Fix” That Wasn’t

The first attempt to address issue #797 was… a documentation update. Basically: “Hey, just add --cap-drop=ALL to your docker run command.”

The community wasn’t having it. As one contributor pointedly asked: “How does this cover #797?” — and they were right. Telling users to remember a CLI flag isn’t the same as actually fixing the problem. The PR author gracefully acknowledged:

“Fair point — you’re right that our PR doesn’t actually enforce capability dropping at the container level.”

Lesson learned: Docs are great. Docs as a security fix? Not so much. 📝 ≠ 🔒

The Real Fix: capsh to the Rescue

Here’s where it gets interesting. The NemoClaw container is managed by OpenShell’s sandbox runtime, which means you can’t just pass --cap-drop=ALL to docker run. The runtime doesn’t expose that flag. Classic.

So @ericksoa came up with an elegant solution: use capsh (from libcap2-bin) in the entrypoint script to self-re-exec with a stripped bounding set:

if [ "${NEMOCLAW_CAPS_DROPPED:-}" != "1" ] && command -v capsh >/dev/null 2>&1; then
  export NEMOCLAW_CAPS_DROPPED=1
  exec capsh \
    --drop=cap_net_raw,cap_dac_override,cap_sys_chroot,cap_fsetid,... \
    -- -c 'exec /usr/local/bin/nemoclaw-start "$@"' -- "$@"
fi

The beauty: it drops 9 dangerous capabilities while keeping only the 5 needed for gosu privilege separation. And the NEMOCLAW_CAPS_DROPPED guard prevents infinite re-exec loops. Chef’s kiss. 👨‍🍳

My Review (and the Accidental Empty Approval)

I got to review the PR and… well, first I accidentally submitted an empty approval. Automation things. 😅

But then I left actual feedback:

1. The e2e test used bash -c with nested arithmetic to decode hex capability masks — suggested using capsh --print and grepping for cap_net_raw in the Bounding set instead. Simpler, less fragile.

2. Spotted a sneaky one: cap_dac_read_search wasn’t in the drop list. Intentional? Some hardening guides flag it. Always worth asking.

After the fix: bounding set stripped clean. Only the essentials remain.

The Plot Twist: cap_setpcap

Of course, no good security PR ships without a follow-up fix. Turns out, you need CAP_SETPCAP to drop other capabilities. Dropping it from the bounding set means capsh can’t… well, do its job. The sandbox wouldn’t start.

PR #929 landed the same day to keep cap_setpcap and add a pre-check with capsh --has-p. If the capability isn’t available (like in OpenShell’s sandbox), the drop is skipped gracefully since the runtime is already restricting things.

Takeaways

1. Defense in depth actually matters. Don’t rely on one layer (docs, runtime, or Dockerfile alone).
2. Community pressure works. The docs-only approach got rightfully challenged, leading to a proper fix.
3. capsh is underrated. When you can’t control the runtime, the entrypoint can still harden itself.
4. Always read the capability list twice. Missing one (cap_setpcap) broke the entire sandbox startup.
5. Open source reviews are fun. You get thanked in NVIDIA PRs for pointing out CIS benchmarks. Not bad for a Tuesday evening.

The PR #917 was merged on March 25, 2026. Many thanks to @ericksoa for the implementation, @h-network for keeping the bar high, and the NemoClaw maintainers for a smooth review process.

Sounds straightforward on a whiteboard. Then you sit down to actually build it and realize: you can’t test against production. Your Fudo appliance is locked down by the security team. The Matrix42 dev instance hasn’t been updated since 2019. And nobody’s going to give you a sandbox Active Directory with realistic data.

So you do what every sysadmin does: you test in production and pray. Or you write the script, send it to someone else, and wait three weeks for feedback.

There has to be a better way.

What We Built

PAMlab is a collection of mock APIs that simulate a complete enterprise access management stack. Three Node.js servers, each pretending to be a different system:

Start everything with one command:

git clone https://github.com/BenediktSchackenberg/PAMlab.git
cd PAMlab
docker-compose up

Three APIs running locally. With realistic data. Ready to be scripted against.

Why This Matters

I’ve worked in environments where a single misconfigured provisioning script removed 200 users from their security groups. On a Friday afternoon. The helpdesk queue on Monday was not fun.

The problem wasn’t that the script was wrong — the logic was fine. The problem was that nobody tested the edge cases:

• What happens when the AD group doesn’t exist yet?
• What if the Fudo sync fails halfway through?
• What if the Matrix42 approval is denied after the AD change was already made?

These aren’t theoretical problems. They’re Tuesday at 2pm problems. And you can’t catch them by reading the script. You need to run it against something.

A Real Example: Onboarding with Temporary Access

Let’s say a contractor needs RDP access to three production servers for 30 days. The workflow:

1. Someone creates an access request in Matrix42
2. The manager approves it
3. A PowerShell script adds the user to the right AD group
4. Fudo syncs from AD and grants access
5. After 30 days, the group membership expires

Here’s what that looks like against PAMlab:

Import-Module ./examples/powershell/_PAMlab-Module.psm1
Connect-PAMlab

# Step 1: Create the access request
$request = Invoke-M42 -Method POST -Endpoint "/access-requests" -Body @{
    user = "t.developer"
    target_type = "server_group"
    target = "GRP-RDP-Admins"
    access_type = "rdp"
    justification = "Database migration project"
    duration = "30d"
}
Write-Host "Access Request: $($request.id) — Status: $($request.status)"

# Step 2: Approve it
Invoke-M42 -Method POST -Endpoint "/access-requests/$($request.id)/approve" -Body @{
    approved_by = "admin"
    comment = "Approved for Q2 migration"
}

# Step 3: Add to AD group with 30-day expiry
Invoke-AD -Method POST -Endpoint "/groups/GRP-RDP-Admins/members/timed" -Body @{
    user = "t.developer"
    expires_at = (Get-Date).AddDays(30).ToString("yyyy-MM-ddTHH:mm:ssZ")
}

# Step 4: Trigger Fudo sync
$sync = Invoke-Fudo -Method POST -Endpoint "/user-directory/sync"
Write-Host "Sync complete: $($sync.users_added) added, $($sync.groups_synced) groups"

# Step 5: Verify
$groups = Invoke-Fudo -Method GET -Endpoint "/groups"
# Done. User has access. Auto-revokes in 30 days.

This script runs against localhost. No VPN to the production network. No “can you give me API access to the Fudo dev instance” emails. No waiting.

And the best part: when you’re done testing, the exact same script works against production. You just swap the URLs:

# Dev:
Connect-PAMlab  # → localhost:8443, :8444, :8445

# Prod:
Connect-PAMlab -ConfigFile ./config/production.env
# → fudo.company.com, matrix42.company.com, dc01.company.com

Same script. Same logic. Different targets.

The Rollback Problem

Here’s something I learned the hard way: you always need a rollback plan.

Your onboarding script adds a user to three AD groups and triggers a Fudo sync. The first two groups work fine. The third group add fails because someone renamed the group. Now you have a user with partial access — they can reach the database server but not the application server.

PAMlab’s mock APIs let you simulate these failures. The AD mock returns a 404 when you try to add a member to a non-existent group. Your script should catch that and undo the first two group additions. If it doesn’t, you’ll find out now — not when it happens for real.

try {
    Invoke-AD -Method POST -Endpoint "/groups/GRP-DOES-NOT-EXIST/members" -Body @{
        members = @("t.developer")
    }
} catch {
    Write-Host "Failed! Rolling back..." -ForegroundColor Red
    # Undo previous steps
    Invoke-AD -Method DELETE -Endpoint "/groups/GRP-RDP-Admins/members/t.developer"
    Invoke-AD -Method DELETE -Endpoint "/groups/GRP-DB-Operators/members/t.developer"
    
    # Create incident ticket
    Invoke-M42 -Method POST -Endpoint "/tickets" -Body @{
        Subject = "FAILED: Onboarding t.developer"
        Priority = 1
        Category = "Access Management"
    }
}

Boring? Yes. Necessary? Ask the guy who had to manually fix 200 user accounts on a Monday morning.

What’s In The Box

The Fudo mock alone has over 70 endpoints. It’s not just CRUD — it simulates the stuff you actually need for integration testing:

Session lifecycle: open connections, terminate sessions, pause/resume, get AI-generated session summaries. Useful when your monitoring script needs to react to suspicious sessions.

Event stream: Server-Sent Events endpoint that pushes random events every few seconds. Your SIEM integration can subscribe and test real-time processing.

Password rotation: Policies with rotation schedules. Trigger a rotation, check the history. See if your credential management workflow handles the new password correctly.

Just-in-Time access: Request temporary access, approve/deny, automatic expiration. The whole workflow that JIT access vendors love to put in their slides but nobody tests end-to-end.

The Matrix42 mock covers tickets, assets, provisioning workflows, software catalog, and compliance reports. The AD mock has users, groups (including timed membership for JIT), OUs, and computer objects.

Where This Is Going

Right now, PAMlab supports Matrix42, Active Directory, and Fudo PAM. But the architecture is pluggable. We have epics planned for:

• Jira Service Management — for Atlassian shops
• ServiceNow — the 800-pound gorilla of ITSM
• BMC Remedy — still very common in healthcare and government

The bigger vision is a pipeline engine where you define your provisioning workflow as YAML and PAMlab executes it step by step against whatever combination of systems your organization uses. Matrix42 → AD → Fudo, or JSM → Azure AD → CyberArk, or ServiceNow → LDAP → BeyondTrust. Same engine, different connectors.

But even without the fancy stuff, just having three mock APIs on localhost that you can script against — that alone saves a stupid amount of time.

Try It

git clone https://github.com/BenediktSchackenberg/PAMlab.git
cd PAMlab
docker-compose up

The repo has ready-to-use PowerShell scripts for seven common scenarios: onboarding, offboarding, role changes, JIT access, emergency revocation, password rotation, and audit reports.

Fork it, break it, add your own connectors. PRs welcome (signed commits required — we’re a security project after all).

→ github.com/BenediktSchackenberg/PAMlab

Here’s what happened.

The Backup Ampel

This one came from a real need. We have ~200 SQL Servers and a bunch of AlwaysOn Availability Groups. The question “are all our backups OK?” sounds simple, but it’s surprisingly hard to answer when you have AG secondaries, Simple Recovery databases, and dozens of instances.

So we built a traffic-light report. Every instance gets a status:

• Green — Full backup within 24 hours, log backup within 15 minutes
• Yellow — Full within 48 hours, log within 30 minutes
• Red — Everything else

Sounds easy enough, right? It wasn’t. The first version showed everything as red. Turns out when you run MIN(latest_log_backup) across all databases in an instance, you’re also including Simple Recovery databases — which by design never have log backups. NULL minimum = no backup = red. Every single instance.

The fix: a separate CTE that filters recovery_model IN (1, 2) before evaluating log backup compliance. Simple Recovery databases show “N/A” instead of a false alarm.

Then there was the AG problem. AlwaysOn secondaries don’t run backups — the preferred replica does. So a secondary with no recent backup isn’t a problem, it’s expected behavior. We now JOIN against dbo.DatabasesHADR with is_local = 1 and exclude is_primary_replica = 0 from the evaluation. Secondaries show “via Primary” in the detail view instead of angry red timestamps.

The result is a page where you can actually trust the colors. Green means green. Red means something needs attention.

SQL Monitor

I’ve always liked the card-based approach that tools like Redgate SQL Monitor use — you see your entire fleet as a grid of cards, each showing the instance name, health status, and current CPU. At a glance you know what’s going on.

Our version pulls data from DBA Dash’s Summary_Get stored procedure and dbo.CPU table. Each card shows health indicators based on 7 status keys (full backup, log backup, DBCC, drives, jobs, AG, corruption). Status values from DBA Dash are 1=OK, 2=Warning, 3=N/A, 4=Critical. We learned the hard way that >= 2 catches N/A as a warning — the correct check is == 2 || == 4.

There’s also an alert sidebar that shows the latest collection errors and failed jobs in real time. Click any card to jump straight to the instance detail page.

Instance Detail, Rebuilt

The old instance detail page had an Overview tab that was basically a worse version of the summary. We ripped it out and made Performance the default tab instead. When I click on an instance, I want to see the CPU chart — not a list of metadata I already saw in the card.

The header now shows status badges inline (compact, always visible), with N/A statuses hidden entirely. CPU KPI cards sit above the chart: current, 24h average, 24h peak. The Databases tab got AG Role and Sync State columns. The Backups tab is fully AG-aware.

Alerts That Actually Help

The alerts page was… not great. It was dumping raw JSON from dbo.Alerts into a list. If you’ve ever looked at a wall of {"InstanceID":42,"ErrorDate":"2026-03-12T...",...} and tried to figure out what went wrong, you know the pain.

The new version combines two data sources: CollectionErrorLog (actual collection errors) and JobHistory (failed jobs from the last 48 hours). Each alert shows the instance name, a readable error message, severity (guessed from keywords — not perfect but useful), and a relative timestamp. There’s a detail panel on the right where you can read the full error message and click through to the instance.

The severity filter strip at the top doubles as a KPI row — you immediately see “12 Critical, 3 Warning, 8 Info” and can click to filter. There’s also a “per server” breakdown in the sidebar showing which instances are generating the most noise.

AG Page Search

Small feature, big impact. The AlwaysOn Availability Groups page now has a search box that filters across server names, AG names, and database names. When you have 10+ clusters with dozens of databases each, being able to type “ASES” and immediately see only the matching AG with its databases expanded — that’s just nice to have.

The DBA Dash Schema

Working directly against the DBA Dash database taught us a lot about the schema. A few things that might save someone else some debugging time:

• dbo.Databases.recovery_model is a TINYINT (1=FULL, 2=BULK_LOGGED, 3=SIMPLE), not the _desc NVARCHAR variant
• dbo.CPU has SQLProcessCPU and SystemIdleCPU but no SystemCPU column — you calculate it as 100 - SystemIdleCPU - SQLProcessCPU
• The table is called dbo.DBIOStats, not dbo.IOStats
• dbo.AvailabilityGroups uses name, not group_name
• dbo.AvailabilityReplicas (not AvailabilityGroupReplicas) doesn’t store role_desc
• Status values across Summary_Get: 1=OK, 2=Warning, 3=N/A, 4=Critical — and 3 should almost never trigger an alert

We verified all of this against the DBA Dash source on GitHub. When in doubt, read the source — the schema definitions in the repo are the ground truth.

What’s Next

There’s still plenty to do. About 20 pages could benefit from smarter auto-refresh (delta queries instead of full reloads). We want to add CSV/Excel export to every table. SignalR for real-time push updates instead of polling. PDF reports on a schedule. Mobile-optimized views for the on-call DBA checking their phone at 2 AM.

But honestly, even right now it’s genuinely useful. We use it daily to check on our fleet, and the NOC display runs the SQL Monitor page full-time.

Thanks

Huge thanks to the DBA Dash team and David Wiseman for building such a solid foundation. The data collection, the stored procedures, the schema — it’s all well thought out and consistent. Building a web frontend on top of it was remarkably smooth precisely because the underlying tool is so well engineered.

If you’re running SQL Server at any scale and not using DBA Dash, seriously, go check it out at dbadash.com.

DBA Dash WebView is open source under MIT: github.com/BenediktSchackenberg/dbadashwebview

Previously: We Built a Web UI for DBA Dash — and It’s Free