HomeProduct › HeliosProxy
Enterprise Connection Router

HeliosProxy

Open-source connection router, rate limiter, and intelligent query cache.
PgBouncer++ on steroids — 24 feature modules in a single component.

24 Feature Modules
3-Tier Cache System
100:1 Connection Multiplexing
GraphQL Auto-Generated API

Why HeliosProxy?

HeliosProxy transforms HeliosDB into a production-ready platform with connection pooling, intelligent caching, rate limiting, and enterprise resilience — all in one component.

Challenge Without Proxy With HeliosProxy
Connection limits App manages pools Automatic pooling
Query caching Manual Redis / Memcached Built-in 3-tier cache
Rate limiting External service Native support
Multi-tenancy routing App logic Automatic routing
Circuit breaking Manual implementation Built-in resilience
GraphQL API Separate gateway Auto-generated
Authentication Custom middleware JWT, OAuth, LDAP, API Keys
Connection Management

Connection Pooling

Three modes to match your workload. Achieve up to 100:1 connection multiplexing, turning 5,000 client connections into just 50 server connections. Eliminate connection storms, reduce database load, and scale your application layer independently.

  • Session Mode — Connections assigned for entire client session. Best for long-running connections and connection-level state.
  • Transaction Mode — Connections returned to pool after each transaction. Best for web applications and microservices. Achieves 10:1 multiplexing.
  • Statement Mode — Connections returned after each statement. Best for simple queries and serverless functions. Achieves 100:1 multiplexing.
heliosproxy.toml 
# Session mode: 1:1 mapping
[pool]
mode = "session"
max_connections = 500

# Transaction mode: 10:1 multiplexing
[pool]
mode = "transaction"
max_connections = 1000
server_connections = 100

# Statement mode: 100:1 multiplexing
[pool]
mode = "statement"
max_connections = 5000
server_connections = 50
Helios-DistribCache

Multi-Tier Caching

Intelligent 3-tier distributed caching system that automatically promotes hot data and evicts cold entries. Reduce database load by up to 95% with sub-millisecond cache hits.

  • L1: Hot Cache — Per-connection local memory. Sub-millisecond latency for the hottest queries. LRU eviction with configurable TTL.
  • L2: Warm Cache — Shared across all proxy nodes via Redis cluster. 1-5ms latency. Consistent hashing for even distribution.
  • L3: Semantic Cache — AI-powered cache that matches semantically similar queries. Uses embedding similarity (threshold 0.95) to return cached results for paraphrased queries.

Automatic cache invalidation on writes. Configurable exclusion patterns for INSERT, UPDATE, and DELETE statements.

SQL + Config 
-- This query hits L1 cache (sub-ms)
SELECT * FROM users
WHERE id = 42;

-- Similar query hits L3 semantic cache
SELECT * FROM users
WHERE user_id = 42;

# Cache configuration
[cache]
enabled = true

[cache.l1]
size = "1GB"
ttl = "60s"
eviction = "lru"

[cache.l2]
type = "redis"
hosts = ["redis-1:6379", "redis-2:6379"]
ttl = "5m"

[cache.semantic]
enabled = true
similarity_threshold = 0.95
API Layer

GraphQL Gateway

Automatic GraphQL schema generation from your database tables. No code generation step, no manual schema definitions — HeliosProxy introspects your database and generates a full GraphQL API in real time.

  • Auto-generated queries, mutations, and subscriptions from SQL schema
  • Relationship resolution from foreign keys
  • Filtering, sorting, pagination built-in
  • Configurable max query depth to prevent abuse
  • Introspection toggle for production safety
  • Real-time subscriptions via WebSocket
GraphQL 
# Auto-generated from SQL schema
query {
  users(where: { active: true }, limit: 10) {
    id
    email
    orders(orderBy: { createdAt: DESC }) {
      id
      total
      items {
        product_name
        quantity
      }
    }
  }
}

# Enable in config:
# [graphql]
# enabled = true
# endpoint = "/graphql"
# introspection = true
# max_depth = 10
Extensibility

WASM Plugins

Extend HeliosProxy with custom WebAssembly plugins. Write your logic in Rust, Go, or any language that compiles to WASM, and inject it into the query pipeline at any hook point.

  • Query rewriting — transform queries before execution
  • Result filtering — redact or transform results
  • Custom authentication — integrate with any identity provider
  • Audit logging — capture events to external systems
  • Sandboxed execution — plugins cannot crash the proxy
  • Hot-reload — deploy plugins without proxy restart
Rust (WASM Plugin) 
use wasm_bindgen::prelude::*;

// Custom query rewriting plugin
#[wasm_bindgen]
pub fn rewrite_query(
    query: &str,
    context: &Context
) -> String {
    // Add tenant filter to all queries
    if !query.contains("tenant_id") {
        query.replace(
            "WHERE",
            &format!(
                "WHERE tenant_id = {} AND",
                context.tenant_id
            )
        )
    } else {
        query.to_string()
    }
}

# Plugin configuration
# [plugins.wasm]
# name = "tenant-filter"
# path = "/plugins/tenant_filter.wasm"
# hook = "query_rewrite"
Smart Routing

Intelligent Query Routing

HeliosProxy automatically classifies and routes queries to the optimal backend. Lag-aware read replicas, circuit breaker protection, and workload-based routing ensure every query hits the best target.

  • Lag-aware routing — Monitors replica lag and only routes reads to replicas within acceptable thresholds
  • Circuit breaker — Automatically detects failing backends and reroutes traffic. CLOSED to OPEN after 5 failures, automatic recovery after 30s
  • Workload classification — OLTP queries go to primary (optimized for latency), OLAP queries go to analytics replicas, vector queries to vector-optimized nodes
  • Data temperature — Route hot data (last 7 days) to primary, warm data to replicas, cold data to archive storage
heliosproxy.toml 
# Workload-based routing
[routing]
schema_aware = true

[routing.workload]
enabled = true

# OLTP queries -> primary
oltp_patterns = [
    "SELECT * FROM users WHERE id",
    "INSERT INTO orders"
]
oltp_target = "primary"

# OLAP queries -> analytics replica
olap_patterns = [
    "SELECT.*GROUP BY",
    "SELECT.*ORDER BY.*LIMIT"
]
olap_target = "analytics"

# Vector queries -> vector node
vector_patterns = [
    "ORDER BY.*<=>",
    "embedding.*<->"
]
vector_target = "vector-node"

# Circuit breaker
[circuit_breaker]
enabled = true
failure_threshold = 5
reset_timeout = "30s"
half_open_requests = 3
Query Intelligence

Query Rewriting & Optimization

HeliosProxy inspects and optimizes queries before they reach the database. Automatic rewriting improves performance without any application code changes.

  • Automatic tenant injection — Transparently adds tenant filters to every query for multi-tenant applications
  • Query normalization — Canonicalizes queries for better cache hit rates
  • Parameter binding — Converts inline values to parameterized queries for plan reuse
  • Read/write splitting — Automatically routes SELECT queries to read replicas
  • Query cost estimation — Pre-estimates query cost and rejects expensive queries before execution
  • AI workload detection — Automatically detects RAG, conversation context, and embedding queries for optimized handling
heliosproxy.toml 
# AI workload optimization
[ai_cache]
enabled = true

# Conversation context cache
conversation_context_ttl = "30m"
conversation_context_size = "512MB"

# RAG chunk cache
rag_chunk_cache_size = "2GB"
rag_chunk_ttl = "1h"

# Semantic query cache
semantic_cache_enabled = true
similarity_threshold = 0.95

# Query cache control
[cache.query]
enabled = true
max_result_size = "10MB"
exclude_patterns = [
    "INSERT",
    "UPDATE",
    "DELETE"
]
Security

Authentication Proxy

Centralized authentication before database access. Support for JWT, OAuth 2.0, LDAP, and API keys — all validated at the proxy layer before any query reaches the database.

  • JWT validation — Verify tokens against JWKS endpoints. Extract tenant ID, roles, and permissions from claims.
  • OAuth 2.0 — Full OAuth flow support with token refresh and scope validation
  • LDAP integration — Authenticate against Active Directory or OpenLDAP
  • API key management — Issue, rotate, and revoke API keys with per-key rate limits
  • Role mapping — Map external identity claims to database roles automatically
heliosproxy.toml 
[auth]
enabled = true

# JWT validation
[auth.jwt]
enabled = true
issuer = "https://auth.example.com"
audience = "heliosdb"
jwks_url = "https://auth.example.com/.well-known/jwks.json"

# Extract tenant from JWT claims
tenant_claim = "org_id"
role_claim = "db_role"

# API key validation
[auth.api_key]
enabled = true
header = "X-API-Key"

# LDAP integration
[auth.ldap]
enabled = true
server = "ldap://ldap.example.com:389"
base_dn = "dc=example,dc=com"
Isolation

Multi-Tenancy

Flexible tenant isolation strategies to match your architecture. From shared-database with Row-Level Security to dedicated databases per tenant — HeliosProxy handles routing, resource limits, and isolation transparently.

  • Schema-based isolation — Each tenant gets a dedicated schema within a shared database
  • RLS-based isolation — Shared tables with automatic Row-Level Security tenant filters
  • Database-based isolation — Dedicated database per tenant with independent connection pools
  • Per-tenant resource limits — Configurable pool size, cache allocation, and rate limits per tenant
  • Tenant routing — Automatically route by HTTP header (X-Tenant-ID) or JWT claim
heliosproxy.toml 
[tenancy]
enabled = true
tenant_header = "X-Tenant-ID"
default_tenant = "public"

# Enterprise tenant: dedicated DB
[[tenancy.tenant]]
id = "enterprise-1"
database = "enterprise_1"
pool_size = 100
cache_size = "2GB"

# Startup tenant: shared DB
[[tenancy.tenant]]
id = "startup-tier"
database = "shared"
pool_size = 10
cache_size = "256MB"
rate_limit_qps = 100
Observability

Query Analytics

Track and analyze every query pattern flowing through HeliosProxy. Identify slow queries, monitor cache efficiency, and understand your workload — all with built-in analytics.

  • Slow query logging — Automatically capture queries exceeding configurable thresholds (default: 100ms)
  • Query pattern analysis — Group normalized queries to identify the most frequent and expensive patterns
  • Cache efficiency metrics — Real-time cache hit/miss rates across all three tiers
  • Configurable sampling — Sample 10% of queries in production for minimal overhead
  • Real-time dashboard — Query built-in analytics tables via SQL for integration with any monitoring tool
SQL 
-- Top 20 slowest queries
SELECT query_pattern,
       avg_duration,
       call_count
FROM heliosproxy_query_stats
ORDER BY avg_duration DESC
LIMIT 20;

-- Most frequent queries + cache hits
SELECT query_pattern,
       call_count,
       cache_hit_rate
FROM heliosproxy_query_stats
ORDER BY call_count DESC
LIMIT 20;

-- Overall cache efficiency
SELECT
    SUM(cache_hits) AS hits,
    SUM(cache_misses) AS misses,
    ROUND(
        SUM(cache_hits)::float /
        (SUM(cache_hits) + SUM(cache_misses)),
        3
    ) AS hit_rate
FROM heliosproxy_cache_stats;
Protection

Rate Limiting

Protect your database from overload with granular rate limiting at every level. Global limits, per-tenant quotas, per-user throttling, and per-query cost limits — all enforced at the proxy layer.

  • Global limits — Cap total queries per second and concurrent connections across all tenants
  • Per-tenant limits — Different QPS and connection quotas for each pricing tier
  • Burst allowance — Allow short traffic bursts above the sustained rate limit
  • Graceful degradation — Returns retry-after headers for clients to implement exponential backoff
  • Real-time counters — Monitor rate limit consumption via analytics tables
heliosproxy.toml + Python 
[rate_limit]
enabled = true

# Global limits
global_qps = 10000
global_connections = 5000

# Enterprise customer
[[rate_limit.tenant]]
id = "enterprise-customer"
qps = 2000
connections = 500

# Free tier
[[rate_limit.tenant]]
id = "free-tier"
qps = 100
connections = 10
burst = 20

# Client-side handling
try:
    cursor.execute("SELECT * FROM users")
except HeliosError as e:
    if e.code == "RATE_LIMIT_EXCEEDED":
        time.sleep(e.retry_after)
High Availability

Transaction Replay (TR)

Oracle-grade TAF+TAC merged functionality for PostgreSQL. HeliosProxy journals all statements within a transaction and automatically replays them on a new node after failover, with full result verification to guarantee consistency.

  • Statement journaling — Logs every statement with bound parameters, result checksums, row counts, and execution timing
  • Savepoint support — Tracks savepoints and supports rollback-to-savepoint within the journal for accurate replay
  • Result verification — Verifies replayed results match originals via checksums and row counts, detecting any divergence
  • Configurable retry — Failed statements are retried up to a configurable maximum (default: 3 retries) with automatic backoff
  • WAL synchronization — Waits for the standby to catch up to the transaction's start LSN before replaying, ensuring data consistency
  • Replay statistics — Tracks active replays, completion counts, statement totals, and per-statement success/failure metrics
heliosproxy.toml + SQL 
# Transaction Replay configuration
[transaction_replay]
enabled = true
verify_results = true
statement_timeout_ms = 30000
retry_on_error = true
max_retries = 3
wait_for_wal_sync = true
max_wal_lag_bytes = 0

[transaction_replay.journal]
max_entries = 10000
max_size = "64MB"

-- Transaction replayed after failover
BEGIN;
INSERT INTO orders (user_id, total)
  VALUES (42, 99.99);
SAVEPOINT sp1;
UPDATE inventory SET qty = qty - 1
  WHERE product_id = 7;
COMMIT;
-- checksum verified: OK
-- rows matched: OK
High Availability

Cursor Restore

Saves and restores cursor state after failover, allowing seamless resumption of result set iteration without losing position. Applications iterating through large result sets survive node failures transparently.

  • Position tracking — Tracks cursor name, original query, bound parameters, and current row position for every open cursor
  • Scrollable cursors — Supports forward-only, backward, and bidirectional scrollable cursors with direction preservation
  • WITH HOLD support — Preserves WITH HOLD cursor semantics across failover, maintaining cross-transaction cursor state
  • Automatic recreation — Re-executes the original query on the new node, then skips to the saved position using MOVE
  • Per-session limits — Configurable maximum cursors per session (default: 100) to prevent resource exhaustion
  • Session-level restore — Batch-restores all open cursors for a session during failover in a single operation
SQL 
-- Declare a cursor over a large table
DECLARE user_cursor CURSOR FOR
  SELECT * FROM users
  ORDER BY created_at;

-- Fetch first 500 rows
FETCH 500 FROM user_cursor;
-- position: 500

-- Node fails! HeliosProxy restores:
-- 1. Re-declare cursor on new node
DECLARE user_cursor CURSOR FOR
  SELECT * FROM users
  ORDER BY created_at;

-- 2. Skip to saved position
MOVE 500 IN user_cursor;

-- 3. App continues seamlessly
FETCH 100 FROM user_cursor;
-- returns rows 501-600
High Availability

Session State Migration

Preserves and restores complete session state during failover, including SET parameters, prepared statements, and optionally temporary tables. Applications maintain their full session context when transparently moved to a new node.

  • SET parameter tracking — Captures timezone, search_path, client_encoding, datestyle, intervalstyle, application_name, and any custom variables
  • Prepared statement restore — Saves and re-creates all prepared statements with their parameter types on the new node
  • Temporary table migration — Optional migration of session-local temp tables including schema and data (disabled by default for performance)
  • SET statement generation — Automatically generates the minimal sequence of SET and PREPARE statements to restore the complete session
  • Custom variable support — Tracks arbitrary SET variables beyond PostgreSQL built-ins for application-specific session state
  • Scalable tracking — Supports up to 10,000 concurrent sessions with per-session state snapshots
heliosproxy.toml 
# Session State Migration
[session_migration]
enabled = true
max_sessions = 10000
migrate_temp_tables = false

# Tracked session parameters
# (automatically captured on SET)
# - timezone
# - search_path
# - client_encoding
# - datestyle
# - intervalstyle
# - application_name
# - any custom SET variables

# Example: after failover, proxy runs:
# SET timezone TO 'America/New_York'
# SET search_path TO myapp, public
# SET client_encoding TO 'UTF8'
# SET datestyle TO 'ISO, MDY'
# SET app.tenant_id TO '42'
# PREPARE my_query (integer)
#   AS SELECT * FROM users
#   WHERE id = $1
Application Continuity

Transparent Write Routing (TWR)

Connect to any node — primary or standby — and HeliosProxy automatically routes write operations to the current primary. Applications never need to track topology changes, enabling true connect-anywhere simplicity with zero client-side routing logic.

  • Automatic write detection — Intercepts INSERT, UPDATE, DELETE, CREATE, ALTER, DROP, and COPY statements, forwarding them to the primary node transparently
  • Three sync modesSync (wait for standby confirmation), SemiSync (wait for WAL flush), or Async (fire-and-forget) per-connection tuning
  • Connection pooling — Maintains a dedicated forwarding pool to the primary with configurable size, timeouts, and health checks
  • Read-after-write consistency — Sync mode guarantees subsequent reads on the standby reflect the forwarded write, eliminating stale reads
  • Topology-aware failover — Automatically detects primary changes during failover and re-routes writes to the new primary without client reconnection
  • Full PostgreSQL protocol — Supports extended query protocol, prepared statements, and parameterized queries through the forwarding path
heliosproxy.toml + SQL 
# Transparent Write Routing
[transparent_write_routing]
enabled = true
sync_mode = "sync"
forward_timeout_ms = 5000

[transparent_write_routing.pool]
max_connections = 50
idle_timeout_ms = 60000
health_check_interval_ms = 5000

-- App connects to ANY node (standby)
-- Reads stay local, writes auto-route
SELECT * FROM orders
  WHERE user_id = 42;
-- → executes on standby (local)

INSERT INTO orders (user_id, total)
  VALUES (42, 149.99);
-- → auto-forwarded to primary
-- → sync: confirmed on standby
Complete Platform

24 Feature Modules
In One Component

Each module is independently activated via a compile-time feature flag. Enable only what your deployment requires — no unused code ships in your binary.

1. Connection Pooling

Session, Transaction, Statement modes with up to 100:1 multiplexing and prepared statement forwarding.

2. Load Balancer

Round-robin, least-connections, or latency-based distribution. Automatic read/write splitting.

3. Health Checker

Configurable health-check queries, failure thresholds, and automatic node removal/recovery.

4. Request Pipeline

PostgreSQL extended query protocol pipelining. Batches Parse, Bind, Execute to reduce round trips.

5. Batch Operations

Auto-coalesces individual INSERTs into multi-row batches for higher write throughput.

6. Failover Controller

Automatic failover with promotion policies. Prefers sync standbys, ranks by replication lag.

7. Transaction Replay

Oracle-grade TAF+TAC. Journals and replays in-flight transactions on the new primary after failover.

8. Session Migration

Preserves SET parameters, prepared statements, search paths, and advisory locks across failover.

9. Cursor Restore

Saves cursor state and position, recreates on new nodes. FETCH NEXT continues seamlessly.

10. Switchover Buffer

Buffers incoming queries during failover and drains to the new primary. Increased latency, not errors.

11. Primary Tracker

Pluggable topology discovery: PostgreSQL polling, HeliosDB native events, or manual via Admin API.

12. Transaction Journal

Write-ahead journal for in-flight transactions with statement-level granularity and parameter capture.

13. Query Cache

Three-tier result cache: L1 hot (sub-μs), L2 warm (TTL-based), L3 semantic (normalized matching).

14. Query Routing Hints

Embed routing directives in SQL comments: /*+ route=primary */, /*+ route=nearest */.

15. Lag-Aware Routing

Routes reads to replicas within a configurable lag threshold. Includes read-your-writes consistency.

16. Query Rewriter

Rule-based SQL transformations: add hints, inject filters, redirect tables, enforce naming conventions.

17. Query Analytics

Fingerprinting, slow query log, intent classification (OLTP/analytics/vector), N+1 detection.

18. Schema-Aware Routing

Data temperature classification (hot/warm/cold), workload-type detection, automatic schema discovery.

19. Authentication Proxy

JWT, OAuth 2.0, LDAP, API key validation, and external identity claim-to-role mapping.

20. Rate Limiter

Token bucket, sliding window, and concurrency limiting. Per-tenant, per-user, per-IP, per-query cost.

21. Circuit Breaker

Adaptive failure detection with closed/open/half-open states and automatic recovery probes.

22. Multi-Tenancy

Tenant identification, pool isolation, schema routing, and per-tenant resource quotas.

23. WASM Plugin System

Extend with sandboxed WebAssembly plugins. Hot-reloadable, memory-limited, controlled host API.

24. GraphQL Gateway

Auto-generated GraphQL API from schema with DataLoader batching and query validation.

Performance

Measured Performance

HeliosProxy adds minimal latency while dramatically improving throughput, caching, and availability.

42K

Queries/sec (pooled)

vs. 8.2K direct connection. 5x throughput improvement from connection pooling alone.

0.05ms

Cached Query Latency

L1 hot cache serves frequently accessed results in sub-microsecond time.

0.3ms

Connection Time

vs. 12ms direct connection establishment. 40x faster via connection pooling.

1.2s

Auto-Failover

Automatic failover with Transaction Replay. Clients experience a brief pause, not an error.

Backend-Agnostic

Works With Any PostgreSQL Backend

HeliosProxy operates at the wire protocol level. All features work transparently with any PostgreSQL-wire-compatible database.

Backend Compatibility Notes
PostgreSQL 12+FullIncluding Amazon RDS, Aurora, Cloud SQL, Azure Database
HeliosDB Lite/FullFullNative topology integration for instant failover
CockroachDBFullPostgreSQL wire protocol compatible
YugabyteDBFullPostgreSQL wire protocol compatible
TimescaleDBFullRuns as PostgreSQL extension
CitusFullRuns as PostgreSQL extension
AlloyDBFullGoogle Cloud PostgreSQL-compatible
How We Compare

HeliosProxy vs The Competition

HeliosProxy isn’t just a connection pooler — it’s an AI-native database platform layer. Here’s how it compares to every alternative in the market.

Capability PgBouncer pgpool-II PgCat Odyssey AWS RDS Proxy HeliosProxy
Connection Pooling3 modesYesYesYesYes3 modes + AI-aware
Multi-threaded✓ (Rust)✓ (C99)N/A✓ (Rust)
Query CachingBasic3-tier distributed
Load Balancing✓ + schema-aware
Auto Failover✓ + circuit breaker
Rate LimitingPer-tenant, per-query
Multi-TenancyFull isolation (4 modes)
Auth ProxyBasicBasicBasicBasicIAM onlyJWT/OAuth/LDAP/SAML
Query AnalyticsCloudWatchP50/P90/P99 + cost attr.
GraphQL GatewayAuto-generated
WASM Plugins✓ (sandboxed)
Branch-AwareGit-like branching
AI/RAG CachingSemantic + conversation
Query RewritingTenant injection + optimization
Transaction ReplayOracle-grade TAF+TAC
Cursor RestoreState + position preserved
Session MigrationSET, prepared stmts, temp tables
Write RoutingTWR (any-node connect)
ShardingSchema-aware routing
Vendor Lock-inNoneNoneNoneNoneAWS onlyNone

10–100× Read Performance

3-tier distributed cache (L1 local <100μs, L2 Redis <5ms, L3 DB) with 85% hit rate in production. No competitor offers multi-tier caching.

100:1 Connection Multiplexing

10,000 concurrent tenant connections served by 100 database connections. 73% infrastructure cost reduction vs. PgBouncer’s 10:1 ratio.

Zero Vendor Lock-in

Deploy anywhere — Docker, Kubernetes, bare metal. Unlike AWS RDS Proxy, HeliosProxy works with any PostgreSQL-compatible database.

AI-Native Workload Optimization

Semantic query cache, RAG chunk caching, conversation context, and tool result cache. Purpose-built for AI/Agent database workloads.

14 Features No Competitor Has

WASM plugins, GraphQL gateway, branch-aware caching, AI workload optimization, transaction replay, cursor restore, session migration, write routing, semantic caching, per-tenant analytics, query routing hints, batch coalescing, switchover buffer, transaction journal.

Single Component

Replaces PgBouncer + Redis + rate limiter + auth proxy + GraphQL server + analytics. One binary, one config file, one deployment.

Open Source & Backend-Agnostic

HeliosProxy is open source and works with all three HeliosDB editions — Nano, Lite, and Full — plus any PostgreSQL-compatible database.

View on GitHub Read the Docs →