Self-contained offline manual

D.S.T. - Databases Searching Tool

A local Windows tool for controlled read-only SQL Server search, Search Profiles, Search Memory, scheduled lookups, tray runtime, Start with Windows, scheduled shutdown, and scoped Agent API access.

Vendor: Viken Data Studio | Version: 1.3.0-desktop-scheduler | License: Freeware | Platform: Windows desktop | Runtime: local web UI with optional Agent API.

offline single-file documentation embedded screenshots no external CSS, JS, fonts, or image files operator, admin, and integration guide

1. Overview

D.S.T. is designed for a common operational problem: the value is known, but the database table is not. A support operator, developer, administrator, reviewer, or local AI agent may need to find where an email address, phone number, reference number, customer code, ticket number, event key, or other value appears across approved SQL Server scopes.

Core rule: routine use should go through Search Profiles. A profile defines the approved SQL Server host, read-only account, credential source, allowed databases, allowed tables, allowed columns, row limits, export limits, history behavior, and agent visibility.

What D.S.T. is

A local Windows-oriented SQL Server lookup utility.
A controlled read-only search workflow for approved databases, tables, and columns.
A profile-backed search layer for repeatable support, review, audit, and reconciliation work.
A Search Memory system that records human, agent, and scheduler runs.
An optional Agent API gateway that exposes structured search, history, and scheduled run access without handing out SQL credentials.
A desktop runtime that can run minimized in the Windows tray, start with Windows, and shut down on schedule.

What D.S.T. is not

It is not a SQL Server permission system. SQL Server accounts must still be restricted at the database layer.
It is not a general SQL execution API. Agent API and scheduled search endpoints reject raw SQL.
It is not a BI platform, data catalog, or full database administration suite.
It is not intended for direct public internet exposure.
Cancellation is cooperative; immediate SQL query interruption depends on the ODBC driver and SQL Server behavior.

2. Quick Start

Extract Databases Searching Tool.zip.
Run Databases Searching Tool.exe.
Open http://127.0.0.1:8765 if the browser does not open automatically.
Open Search Profiles and create or review a read-only profile.
Set the SQL server, SQL user, credential source, allowed databases, allowed tables, allowed columns, limits, and history settings.
Use Check readiness, then Test connection.
Open Search, choose Connection mode: Search Profile, select the profile and workspace.
Enter the value to find, choose a match mode, optionally narrow databases/tables/columns, and run Preflight.
If the scope is reasonable, run Search.
Review results in the UI and later in Search Memory.

For AI agent use: enable Agent API only when needed, create a scoped bearer token, assign only required profiles, copy the raw token immediately, and give the agent only the local gateway URL plus that token. Do not give the agent SQL credentials.

3. Installation and Startup

Release files

Databases Searching Tool/
  Databases Searching Tool.exe
  _internal/
DST_FINAL_DOCUMENTATION.html
Databases Searching Tool.zip

Default local URL

http://127.0.0.1:8765

CLI flags

Flag	Meaning	Typical use
`--default`	Start without prompts using safe defaults.	Release smoke tests and autostart.
`--host 127.0.0.1`	Bind address.	Recommended default.
`--port 8765`	Web UI/API port.	Change if the port is already used.
`--open-browser` / `--no-open-browser`	Controls browser launch.	Autostart normally uses `--no-open-browser`.
`--tray` / `--no-tray`	Enable or disable Windows tray integration.	Background desktop runtime.
`--minimized`	Start without opening the UI when tray mode is enabled.	Start with Windows.
`--config PATH`	Use an alternate config JSON.	Separate environments or tests.
`--enable-agent-api`	Runtime override to enable Agent API.	Only when deliberately configured.
`--disable-agent-api`	Runtime override to disable Agent API.	Emergency or restricted startup.
`--version`	Print application version.	Release verification.

Startup examples

# Standard local startup
& ".\Databases Searching Tool.exe" --default

# Background tray runtime
& ".\Databases Searching Tool.exe" --default --tray --minimized --no-open-browser

# Alternate local port
& ".\Databases Searching Tool.exe" --default --port 8790

Avoid casual --host 0.0.0.0 use. Prefer localhost with an SSH tunnel or a controlled reverse proxy. If LAN access is required, add network controls, TLS/reverse proxy, scoped Agent tokens, and audit review.

4. UI Map and Screenshots

The UI is a local browser application. Closing the browser tab does not necessarily stop the D.S.T. process, especially when tray mode is enabled.

View	Purpose	Common actions
Search	One-time and profile-backed searches.	Preflight, Search, Cancel, Export Page/Stored/Full.
Search Profiles	Approved SQL scopes and credential references.	Save profile, Save credential, Check readiness, Test connection.
Search Memory	History, workspaces, saved searches, rerun/refine.	Filter, Details, Save, Rerun, Run saved search.
Scheduler	Recurring searches, runtime status, startup controls, shutdown schedules.	Create schedule, Run now, Enable/Disable, Start with Windows.
Agent Access	Agent API status, tokens, profile access, audit review.	Create token, revoke token, disable Agent API.

D.S.T. dark-mode search screen — Search view in dark mode: profile-backed connection mode, workspace, query, scope fields, preflight, search, cancellation, and export actions.

D.S.T. dark-mode scheduler screen — Scheduler view in dark mode: recurring search setup, run history, Start with Windows, runtime status, and controlled shutdown.

D.S.T. dark-mode Search Memory screen — Search Memory in dark mode: history filters, workspaces, saved searches, and rerun actions.

D.S.T. dark-mode Agent Access screen — Agent Access in dark mode: Agent API status, scoped tokens, audit review, and emergency disable.

5. Search Profiles

A Search Profile is the main control boundary. It stores the approved search policy and a reference to the credential source. Scheduled searches and Agent API searches must use profiles.

Example profile

{
  "profile_id": "main_lookup_readonly",
  "name": "Main Lookup - Read Only",
  "server": "sql-host.internal,1433",
  "user": "readonly_user",
  "auth_mode": "password_env",
  "password_env": "DST_SQL_LOOKUP_PASSWORD",
  "allowed_databases": ["PrimaryDB", "ArchiveDB"],
  "allowed_tables": ["dbo.Contacts", "dbo.Orders"],
  "allowed_columns": ["Email", "Phone", "ReferenceNo"],
  "searchable_types": ["char", "varchar", "nchar", "nvarchar", "text", "int"],
  "default_match_mode": "contains",
  "max_preview_rows": 500,
  "max_export_rows": 50000,
  "default_page_size": 50,
  "max_page_size": 200,
  "max_databases_per_search": 20,
  "max_tables_per_search": 100,
  "max_columns_per_search": 500,
  "max_concurrent_searches": 2,
  "agent_enabled": true,
  "history_enabled": true,
  "history_detail_mode": "summary_only",
  "history_retention_days": 30,
  "allow_agent_export": false,
  "masking_mode": "preview",
  "audit_query_mode": "hash",
  "timeout_seconds": 60,
  "connection_timeout_seconds": 10,
  "read_only": true
}

Credential modes

`password_env`

The profile stores the environment variable name, not the credential value.

$env:DST_SQL_LOOKUP_PASSWORD = "..."

`windows_credential`

The credential secret is read from Windows Credential Manager through win32cred.

cmdkey /generic:DST/SQL/main_lookup /user:readonly_user /pass:...

`local_vault`

The secret is stored in D.S.T.'s local encrypted vault and referenced through vault://....

POST /settings/credentials/vault

Direct credentials

Legacy one-time fallback only. Do not use for scheduled searches or Agent API workflows.

Readiness and connection checks

Check readiness verifies missing config, credential readiness, allowlist counts, and limits.
Test connection resolves the credential server-side and runs a lightweight connection test such as SELECT 1.
Readiness and test responses must not expose passwords, token hashes, or connection strings.

6. Searching

Match modes

Mode	Meaning	Good for
`exact`	Exact value match.	IDs, invoice numbers, reference numbers.
`contains`	Value contains the text.	Email fragments, names, free text.
`starts_with`	Value starts with text.	Prefixes and series codes.
`ends_with`	Value ends with text.	Email domains or suffix-based IDs.

Recommended search flow

Select Connection mode: Search Profile.
Select the profile and workspace.
Enter the query value and match mode.
Optionally narrow databases, tables, and columns. Blank scope means the profile allowlist, not the entire SQL Server.
Run Preflight to estimate databases/tables/columns to scan.
Run Search.
Cancel if the scope was wrong or the run is no longer needed.
Export page, stored results, or full profile-backed results when appropriate.

Export scopes

Scope	Meaning	Notes
`page`	Current page only.	Fastest and narrowest export.
`stored_results`	All result rows currently stored in the search job.	May be truncated by preview limits.
`full_results`	Profile-backed re-query up to export limit.	Not available for truncated legacy direct-credential jobs because D.S.T. does not persist one-time passwords.

7. Search Memory

Search Memory stores search metadata, summaries, workspaces, saved searches, search plans, scheduled searches, and scheduled runs.

runtime/memory/dst.memory.sqlite3

History detail modes

Mode	Visible data	When to use
`metadata_only`	Run metadata only.	Sensitive profiles.
`summary_only`	Metadata plus aggregate summary.	Safe default.
`preview_rows`	Metadata, summary, and sample result rows.	Trusted operator profiles.
`full_rows`	Reserved for highly trusted cases.	Avoid unless explicitly approved.

Saved searches and rerun

Save stores an approved search configuration without credentials.
Rerun executes through the current Search Profile rules and limits.
Refine can change query text, match mode, or narrow scope.
Agent access to history depends on both token permissions and profile history settings.

8. Scheduled Searches

Scheduled searches run in the background through approved Search Profiles. They never accept direct SQL credentials. Results are written into Search Memory as actor_type=scheduler.

Requirements

The profile must exist.
The profile must have history_enabled=true.
The profile credential source must be ready.
The scheduled scope may only narrow profile allowlists.
The request must not contain server, user, password, connection_string, or sql.

Recurrence types

Type	Fields	Meaning
`manual_only`	none	Only runs when triggered manually.
`once_at`	`run_at`	One scheduled run.
`interval`	`every`, `unit`, `start_at`, optional `end_at`	Repeated interval. Default minimum interval is 300 seconds.
`daily_at`	`at` as HH:MM	Daily run.
`weekly_at`	`weekdays` 0-6 and `at`	Weekly run. 0 = Monday.

Example scheduled search

POST /scheduled-searches
X-CSRF-Token: <csrf>
Content-Type: application/json

{
  "name": "Monitor reference REF-2026-001",
  "profile_id": "main_lookup_readonly",
  "workspace_id": "wks_...",
  "query": "REF-2026-001",
  "match_mode": "exact",
  "scope": {
    "databases": ["PrimaryDB"],
    "tables": ["dbo.Orders"],
    "columns": ["ReferenceNo"]
  },
  "page_size": 50,
  "recurrence": { "type": "interval", "every": 15, "unit": "minutes" },
  "overlap_policy": "skip",
  "enabled": true
}

Concurrency

Global scheduler worker limit: defaults.max_scheduler_workers, default 2.
Per-profile limit: profile.max_concurrent_searches.
skipped_concurrency means a run did not start because an overlap or worker limit was reached.

9. Tray, Startup, Shutdown

Runtime status

GET /runtime/status

The response includes server status, tray status, host, port, URL, shutdown flags, and scheduler status.

Windows tray

& ".\Databases Searching Tool.exe" --default --tray --minimized --no-open-browser

The final packaged EXE uses the Windows GUI subsystem, so it does not open a console window. Tray mode lets the application remain available in the background.

Start with Windows

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value: Viken Data Studio D.S.T.

The startup command points at the packaged EXE and includes:

--default --tray --minimized --no-open-browser

Scheduled shutdown modes

Mode	Fields	Meaning
`once_at`	`run_at`	One controlled shutdown.
`daily_at`	`at`	Daily shutdown at HH:MM.
`weekly_at`	`weekdays`, `at`	Shutdown on selected weekdays.
`after_runtime_minutes`	`after_runtime_minutes`	Shutdown after a configured runtime duration.

10. Agent API

Agent API is a controlled search gateway. It is not a SQL execution API. Agents never receive SQL credentials, connection strings, or raw SQL access.

Token permissions

Permission	Meaning
`profile_ids`	Profiles visible to the token.
`can_search`	May run structured searches.
`can_export`	May export if the profile also allows export.
`can_view_history`	May read history, scheduled searches, and scheduled runs.
`can_create_saved_searches`	May save searches from accessible history.
`result_visibility`	Restricts returned value visibility.
`rate_limit_per_minute`	Token rate limit.
`max_page_size`	Maximum result page size.

Forbidden request fields

server
user
password
connection_string
sql

Example agent search

POST /api/v1/agent/search
Authorization: Bearer <token>
Content-Type: application/json

{
  "profile_id": "main_lookup_readonly",
  "query": "abc@example.com",
  "match_mode": "contains",
  "scope": {
    "databases": ["PrimaryDB"],
    "tables": ["dbo.Contacts"],
    "columns": ["Email"]
  },
  "page_size": 100,
  "async": true
}

Example search plan

POST /api/v1/agent/search-plan
Authorization: Bearer <token>
Content-Type: application/json

{
  "profile_id": "main_lookup_readonly",
  "workspace_id": "wks_...",
  "user_goal": "Find customer by email abc@example.com",
  "max_searches": 3
}

The planner accepts a user goal, not SQL. SQL-like goals are rejected with raw_sql_not_allowed.

11. Files and Runtime Data

Path	Contents	Notes
`config/dst.profiles.json`	Profiles, defaults, Agent API enabled flag.	Do not store raw passwords.
`config/dst.tokens.json`	Agent token metadata and token hashes.	Raw tokens are shown only once.
`runtime/memory/dst.memory.sqlite3`	History, workspaces, saved searches, schedules.	Back up before upgrades.
`runtime/search_jobs/`	Search job JSON files.	Controlled by job TTL.
`runtime/exports/`	CSV/JSONL exports and metadata.	Controlled by TTL and storage quota.
`runtime/audit/audit.jsonl`	Audit events.	Should not include credentials or token hashes.
`runtime/vault/`	Local encrypted vault data, if used.	Protect as secret-bearing data.

12. Security Model

Use SQL Server permissions first. D.S.T. does not replace database-layer access control.
Use read-only SQL accounts wherever possible.
Bind to 127.0.0.1 unless a deliberate network access model exists.
Keep Agent API disabled until needed.
Use short, scoped agent tokens and revoke them when no longer needed.
Prefer metadata_only or summary_only history for sensitive profiles.
Review exports before sharing them.
Audit and diagnostics should not expose passwords, raw tokens, token hashes, or connection strings.

13. Operations

Health checks

GET /health
GET /ready
GET /diagnostics
GET /runtime/status

Backup before upgrades

config/
runtime/memory/
runtime/audit/
runtime/vault/    # if local vault is used

Upgrade checklist

Back up config/ and the required runtime/ directories.
Stop the running D.S.T. process from the tray menu or by closing the runtime explicitly.
Replace the application folder with the contents of the new release ZIP.
Start Databases Searching Tool.exe and verify /health, /ready, Search Profiles, Search Memory, Scheduler, and Agent Access.
Confirm startup and shutdown schedules still match the intended local Windows user account.

14. Troubleshooting

Problem	Symptom	Check
UI does not open	Browser did not launch or page does not respond.	Open `http://127.0.0.1:8765`, check `/health`, or change port.
Port in use	Runtime fails to bind.	Start with another port, for example `--port 8790`.
Tray unavailable	`tray_status` is not `running`.	Check `/runtime/status` and confirm startup used `--tray`.
Start with Windows does not enable	`/settings/startup` returns `enabled=false`.	Use the packaged EXE; check whether HKCU Run is blocked by policy.
Credential backend unavailable	Windows Credential profile cannot test.	Confirm `pywin32/win32cred` support or use `password_env`/`local_vault`.
Profile missing credential	Readiness reports missing secret.	Check environment variable name, Credential Manager entry, or vault entry.
SQL login failed	Connection test fails.	Check SQL server, user, credential, ODBC driver, firewall, and SQL permissions.
Search too broad	Preflight reports too many tables/columns or backend rejects scope.	Narrow databases/tables/columns or reduce profile allowlists.
Scheduled run missing	Schedule exists but no run appears.	Check `enabled`, `next_run_at`, recurrence, runtime status, and profile history settings.
`skipped_concurrency`	Scheduled run skipped.	Previous run is still active or worker/profile concurrency limit was reached.
Agent 401	Unauthorized.	Missing/wrong token, revoked/expired token, or Agent API disabled.
Agent 403	Forbidden.	Token lacks profile permission, history permission, or export permission.
Export blocked	Quota or truncation error.	Clean exports, raise quota, or use profile-backed full export when allowed.

15. Endpoint Reference

Runtime and human endpoints

Method	Endpoint	Purpose
GET	`/health`	Health probe.
GET	`/ready`	Readiness probe.
GET	`/diagnostics`	Scrubbed diagnostics.
GET	`/runtime/status`	Runtime, tray, scheduler status.
POST	`/runtime/shutdown`	Controlled shutdown, CSRF required.
GET/POST	`/settings/profiles`	List/create/update Search Profiles.
POST	`/settings/profiles/<profile_id>/delete`	Delete profile if not in active token/schedule use.
GET	`/settings/profiles/<profile_id>/status`	Profile readiness.
POST	`/settings/profiles/<profile_id>/test`	Connection test.
POST	`/search/start`	Start async human search.
POST	`/search/preflight`	Estimate scope.
GET	`/history`	Search Memory list.
GET/POST	`/scheduled-searches`	List/create scheduled searches.
GET/POST	`/runtime/shutdown-schedules`	List/create shutdown schedules.

Agent endpoints

Method	Endpoint	Purpose
GET	`/api/v1/agent/capabilities`	Tool/version/profiles visible to token.
GET	`/api/v1/agent/profiles`	Public profile list.
GET	`/api/v1/agent/history`	History within token/profile scope.
POST	`/api/v1/agent/search-plan`	Create structured search plan from a user goal.
POST	`/api/v1/agent/search-plan/<plan_id>/execute`	Execute a plan through Search Profiles.
POST	`/api/v1/agent/search`	Run structured search.
GET	`/api/v1/agent/search/<search_id>/page`	Read a result page.
POST	`/api/v1/agent/search/<search_id>/cancel`	Cancel own agent search.
POST	`/api/v1/agent/search/<search_id>/export`	Create export if allowed.
GET	`/api/v1/agent/scheduled-searches`	Scheduled searches visible to token.
GET	`/api/v1/agent/scheduled-searches/<schedule_id>/runs`	Scheduled runs visible to token.

16. Release Verification

OK Python compile check.
OK Full automated test suite: 106 tests passing.
OK Packaged EXE uses the Windows GUI subsystem and does not open a console window.
OK EXE health/runtime smoke.
OK Tray smoke: tray_status=running.
OK Start with Windows create/read/delete smoke; final state disabled.
OK Release ZIP contains the application folder and this offline documentation file.
OK This documentation is self-contained: CSS and screenshots are embedded in the HTML.

Release artifacts

dist/Databases Searching Tool/Databases Searching Tool.exe
dist/Databases Searching Tool.zip
dist/DST_FINAL_DOCUMENTATION.html