Kikimora watches the database layer too: schema changes, access control, and branch workflow on PlanetScale.
Review your database layer from one conversation
The integration covers the database-side risks that rarely make it into a security review: schema changes that quietly add sensitive columns, access control that drifts as people and services come and go, and the branch and deploy-request workflow where a change first appears. Because PlanetScale moves fast on schema, catching a sensitive new field the week it ships beats finding it during an audit a year later. The database layer is easy to forget in a posture review precisely because it sits behind the application, but it is where the most sensitive data lives. A new column called something like ssn or card_last_four deserves the same scrutiny as a public S3 bucket, and the branch-and-deploy workflow gives the agent a natural place to catch it: right when the schema diff appears, before it reaches production.
What you can do
- Review recent schema changes for fields that look sensitive.
- Audit access control across databases.
- Track branch and deploy-request activity.
Things you might ask
- “Which schema changes this month added columns that look like they store personal or payment data?”
- “List every service token and what databases it can reach.”
- “Show open deploy requests and the schema diff each one would apply.”
PlanetScale is one part of your backend. Pair it with the Supabase integration so your Postgres advisors and auth configuration get reviewed in the same conversation, giving the whole data layer a single conversational security pass.