Enterprise adoption evaluation¶
This page summarizes what a documentation-only evaluator can conclude about OntoSQL 0.5.x for large-organization adoption. It is honest about beta status and known documentation limits.
0.5.x beta
OntoSQL is not GA. Semver guarantees begin at 1.0. Pin versions and complete the evaluation checklist before production use.
Overall verdict¶
OntoSQL is documented honestly as pre-1.0 beta software with strong architecture and security transparency. It is suitable for controlled PoC (Postgres, pinned version, SQL-first team). Enterprise platform standardization should wait for 1.0, a support policy, and performance evidence.
What does OntoSQL do?¶
OntoSQL is a Python semantic data access layer for SQL-first applications:
| Layer | Tool | Role |
|---|---|---|
| Physical | SQLModel (table=True) |
Mirrors real DB tables |
| Semantic | OntoModel |
Application entities, validation, ontology metadata |
| Mapping | OntoMapper / Map |
Explicit field → column/join bindings |
| Runtime | OntoSession / AsyncOntoSession |
Compiles get, find, save, delete to SQL |
Optional extras: JSON-LD/RDF export, RDF import, post-commit graph sync, SHACL, FastAPI OntoRouter.
Not: SPARQL database, OBDA engine, OWL reasoner, or automatic table→ontology inference. See When to use OntoSQL.
Why would I use it?¶
| Need | OntoSQL value |
|---|---|
| Legacy/normalized SQL + ontology-shaped Python APIs | Explicit maps over joins, bridges, computed fields |
| Optional JSON-LD/RDF/FastAPI negotiation | Export from mapper metadata |
| Hybrid SQL system-of-record + RDF mirror | Post-commit graph_sync — HYBRID.md |
| Multiple semantic views of one table | Multi-map views |
Cost: maintain row models, semantic models, and mappers (three artifacts).
Is it production ready?¶
No — and the docs say so.
| Signal | Source |
|---|---|
| PyPI Development Status :: 4 - Beta | COMPATIBILITY.md |
| Semver from 1.0 only; pre-1.0 may rename without deprecation | SPECS.md |
OntoRouter is a scaffold — auth/authz required |
SECURITY.md |
| Graph sync is eventually consistent after SQL commit | HYBRID.md |
| Bulk write, read replicas, OTel | Planned 0.7 |
| GA / Production/Stable classifier | Planned 1.0 |
Enterprise interpretation: PoC with pinned versions — yes. Platform standard — wait for 1.0 + support policy.
Is it actively maintained?¶
Partially documented.
| Known | Unknown from docs |
|---|---|
| Release cadence in changelog (0.2.0 → 0.5.x) | Maintainer team size, bus factor |
| CI badge, contributing workflow | Issue/commit response SLAs |
| Public roadmap through 1.0 | Calendar date for 1.0 |
| Read the Docs hosting | Commercial backing or LTS windows (until 1.0) |
See SUPPORT.md for current community support model.
How difficult is migration?¶
| Scenario | Difficulty | Documentation |
|---|---|---|
| Greenfield app | Moderate | Quick start |
| Existing SQLAlchemy/SQLModel app | Moderate–high | Manual maps; Alembic guide |
| 0.4.x → 0.5.x | Low (additive) | Changelog migration section |
| 0.2.x → current / pre-1.0 → 1.0 | High | Upgrading guide (partial; full notes at 0.9) |
Migration is mapper authoring + Alembic coordination, not a drop-in ORM swap.
How difficult is onboarding?¶
| Persona | Difficulty | Doc support |
|---|---|---|
| Python dev, SQLModel familiarity | Low–moderate | Quick start, semantic queries |
| Async / FastAPI | Moderate | async, FastAPI quick start |
| Hybrid SQL + RDF | High | HYBRID.md, graph sync operations |
| Enterprise platform / security | High | This page + compliance guide |
Time-to-first-success (typical): Tier 1 CRUD 5–15 minutes; production FastAPI hours–days; hybrid graph sync days–weeks.
What are the risks?¶
Documented technical risks¶
| Risk | Severity | Read |
|---|---|---|
| Pre-1.0 API instability | High | SPECS, COMPATIBILITY |
CascadePolicy.REPLACE data loss |
High | cascade policies, SECURITY |
| Graph/SQL split-brain | High | HYBRID, graph sync ops |
OntoRouter without auth |
High | production-router |
| RDF import DoS / PyLD SSRF | Medium | SECURITY |
| TripleModel core dependency (SQL-only apps) | Medium | COMPATIBILITY |
Enterprise / procurement risks¶
No vendor SLA, performance benchmarks, compliance certifications, or production case studies today. See compliance guide and SUPPORT.md.
Adoption recommendation¶
| Scenario | Recommendation |
|---|---|
| Enterprise platform standard | Do not adopt until 1.0 + support policy + benchmarks |
| Team PoC (Postgres, pinned 0.5.x) | Proceed with spike — budget mapper work and security review |
| Hybrid SQL + RDF production | High caution — custom reconciliation; see graph sync ops |
Public OntoRouter |
Reject default scaffold — custom auth/authz only |
Evaluation checklist¶
Use this before approving OntoSQL beyond a time-boxed PoC.
Fit and scope¶
- [ ] Read When to use OntoSQL — confirm you need semantic layer, not raw SQLModel or SparqlModel
- [ ] Confirm Postgres or SQLite (only CI-tested DBs) — COMPATIBILITY
- [ ] Accept 0.5.x beta and pin
ontosql==…in requirements - [ ] Budget mapper authoring for every entity (no auto-inference)
Security and API¶
- [ ] If exposing HTTP: do not mount
OntoRouterwithoutdependencies=[Depends(auth)]— SECURITY - [ ] Object-level authorization designed for
{entity_id}and nested POST/PATCH bodies - [ ] Rate limits at proxy or middleware
- [ ] RDF import endpoints authenticated;
untrusted=Trueand byte/triple caps - [ ] Review compliance guide for questionnaire gaps
Data and operations¶
- [ ] Alembic owns physical schema; mappers updated with column changes — Alembic guide
- [ ] Cascade policy per nested field reviewed (
linkdefault; avoidREPLACEon shared rows) - [ ] If
graph_sync: split-brain runbook, monitoring,retry_graph_sync— graph sync ops - [ ] SQLite production:
PRAGMA foreign_keys=ONif using REPLACE cascade
Quality and upgrades¶
- [ ] Adopter test plan — testing guide
- [ ] Upgrade path documented for your version jump — upgrading
- [ ] API review: Session, Mapping, Query, I/O, SPECS
Still open (documented gaps)¶
These cannot be signed off from documentation alone today:
| Gap | Status |
|---|---|
| Support / LTS policy | Pre-1.0 — SUPPORT.md |
| Performance benchmarks | Planned 0.9 — ROADMAP |
| Production case study | Planned 1.0 |
| MySQL / Oracle / SQL Server certification | Not CI-tested |
| SOC2 / HIPAA / FedRAMP mapping | Not certified — compliance |
Summary¶
| Question | Answer from docs |
|---|---|
| What does it do? | SQL-first semantic CRUD + optional RDF/FastAPI |
| Why use it? | Legacy SQL + ontology APIs, hybrid graph, content negotiation |
| Production ready? | No — 0.5.x beta |
| Actively maintained? | Yes (OSS); no commercial SLA |
| Migration difficulty? | Moderate–high; 0.4→0.5 documented |
| Onboarding difficulty? | Moderate |
| Risks? | Technical risks documented; enterprise/compliance gaps remain |
Read next: SUPPORT.md · Compliance · Security · Compatibility