Pirates of the Coral-bean · Track 1

Your federatedSaaS auditor.

One SQL query across HRIS, Okta, GitHub, Slack & Stripe — find zombie accounts, ghost seats, and shadow IT. No warehouse. PII never leaves.

Federates in one query
Doktagithubslackstripelinear
0Zombie AccountsInactive employees still holding active seats
$0/moMonthly WasteGhost-seat spend surfaced in a single query
0.0sQuery ExecutionFederated JOIN across five live sources
0Sources FederatedDeel · Okta · GitHub · Slack · Stripe
Built for the audit

Five sources. One federated query.

01Federated SQL

One query joins HRIS, Okta, GitHub, Slack & Stripe — no warehouse, no ETL.

02QM Copilot

Ask in plain English. Claude compiles it to validated federated SQL.

03Continuous Mode

Polls every source on a tick and streams new drift the moment it appears.

04Blast Radius

Maps every system, repo, channel and secret one account can still touch.

Five Named Audits

Every audit ships with SQL you can read.

No black-box ML. No vendor lock-in. Pure federated SQL joining your live sources — open in the playground, fork them freely.

QM-01

Zombie Account Hunter

P0 Critical7 findings

Inactive employees still holding active accounts or admin roles across Deel, Okta, GitHub, and Slack.

DeelOktaGitHubSlack
coral.sql
QM-02

Permission Drift

P1 High12 findings

Active employees holding elevated admin permissions unused for 90+ days.

OktaGitHub
coral.sql
QM-03

Ghost-Seat Spend

P1 High4 findings

Paid SaaS seats with zero activity in 30 days — quantified in $/mo.

StripeGitHub
coral.sql
QM-04

Shadow-IT Detector

P2 Medium3 findings

Off-list Stripe charges plus Slack mentions of unapproved SaaS tools.

StripeSlack
coral.sql
QM-05

Compliance Ledger

P2 Medium2 findings

SOC2 evidence pack per terminated employee — cross-checked across all five sources.

DeelOktaGitHubSlackStripe
coral.sql
Coral Federation

One query. Five sources. Zero ETL.

Coral's federated engine joins HRIS, IdP, code, chat, and billing in a single SELECT statement. No warehouse. No data movement. Everything local.

D
Deel
Okta
Okta
GitHub
GitHub
Slack
Slack
Stripe
Stripe
coralSQL engine7 findings1.4s$4,820 waste

Powered by Coral · Federates over MCP · No warehouse required

Five Killer Features

Built different. Audits at the REPL.

01

QM Copilot

Natural language → federated SQL

Ask in plain English. Copilot compiles it to Coral SQL using the live schema catalog as grounding, streams the results, and narrates what it found.

02

Continuous Mode

Audits that never stop watching

A polling tick re-runs every named audit on a configurable interval and surfaces new findings in a live feed — no manual triggers needed.

Continuous mode · live
QM-01 · zombie@corp.com flaggedjust now
QM-03 · $240/mo ghost seat · Figma2m ago
QM-02 · admin drift · alice@corp.com14m ago
03

Blast Radius

Every system one account touches

Interactive force-directed graph showing every resource linked to a flagged identity — from Okta groups to GitHub repos to Stripe subscriptions.

04

Quartermaster as MCP Server

Callable from Claude Code

Our audits are themselves an MCP server. Claude Code can call run_audit, get_findings, and draft_remediation as first-class tools.

quartermaster mcp
$ claude code
> run_audit({ id: 'QM-01' })
✓ 7 zombies found
> draft_remediation({ finding: ... })
✓ Slack message drafted
05

Schema Graph

Visual swimlanes of all source tables

Auto-detected join keys between sources, rendered as an interactive swimlane diagram. See exactly how Coral connects your data before you query.

Deel
directory
payroll
Okta
users
apps
GitHub
commits
members
Slack
users
channels
Stripe
charges
subs

The audit is waiting.

Everything runs on your machine. PII never leaves. One command.

bash
$QM_FIXTURES=on pnpm demo
Enter the Cockpit

Or explore the Schema Graph / Copilot / Ledger

Local-firstRead-only by designPII never leavesOpen SQL