Skip to main content
Private Preview· Early access by invitation. Request access →
Kirimana.
Sign in Early access
← All editions
Private Preview

Kirimana Enterprise OSS

Trino + Iceberg + Polaris + Ranger (or your choice)

The platform-agnostic, fully open-source enterprise edition. Bring your own lakehouse — Trino, Iceberg, Polaris, DuckDB, Postgres. Apache-2.0, no vendor in the path, audit-clean by default. Currently in Private Preview — invite only.

For organisations who want full sovereignty and zero vendor lock-in — from a small team prototyping on DuckDB to a regulated enterprise running Trino + Iceberg + Polaris + Ranger across the estate. Currently in Private Preview with active design partners.

The same enterprise architecture as the Databricks and Fabric editions — federated contract library, hub-and-spoke domains, AI policy gate, audit redaction, multi-env CI/CD, OIDC RBAC, DORA + EU AI Act + GDPR generators. Just configured against the runtime you brought, not the one a vendor sold you.

Recommended for public sector, regulated industries, OSS-first technical cultures, and any enterprise architect who wants the same contracts to travel across Databricks domain A, Fabric domain B, and a Trino-Iceberg domain C without re-writing the governance layer for each.

What’s included

  • Platform-agnostic core — canonical contract model (ODCS v3 extended), state machine, dispatch engine
  • Reference adapter set — DuckDB (local-first), Trino, Postgres, MSSQL; each ~400-line adapter, fully MIT-compatible
  • Iceberg-direct adapter — write contracts directly to Iceberg tables on S3 / ABFSS / GCS, no warehouse required
  • Apache Polaris pass-through — Polaris (incubating) for Iceberg metadata; bidirectional sync of owner, classification, lineage, contract version
  • Apache Ranger integration — pushes contract classification into Ranger row/column policies
  • Self-hosted AI gateway — Anthropic / OpenAI / Bedrock / Ollama (air-gapped) — all gated by classification + audit-logged
  • MCP server — Claude.ai, Cursor, Continue, Cline read your contracts from outside the workspace
  • dbt-core integration — wraps dbt-core, doesn’t replace it; runs the same dbt build you already run
  • Helm chart — deploys to any compliant K8s 1.28+
  • CLI + Streamlit governance UI — full feature parity with the Databricks and Fabric editions

What Kirimana adds that Trino + Polaris + Ranger alone don’t

The OSS catalog ecosystem is strong — Polaris for Iceberg metadata, Ranger for fine-grained policy, Trino for query, dbt for transform. None of them is a contract platform. Kirimana adds the contract layer that makes the rest operational.

Contracts are an artefact, not a config file

Polaris stores metadata about tables that exist. Ranger stores policies that authorize queries. Neither holds the contract — the agreement between producer and consumer that says “this dataset will be classified restricted, owned by data-platform-engineer @example.org, refreshed daily, with the AI policy drafting: allowed, audit: required”. Kirimana adds that artefact and treats it as the source of truth feeding both Polaris and Ranger.

AI policy enforcement at the gate

Ranger doesn’t gate AI calls — it never imagined them. Kirimana runs every LLM call (Anthropic, Bedrock, Azure OpenAI, Ollama) through a classification-aware gate. Restricted data never reaches the model. Every call is logged.

Contract state machine + PR-time approval

Vanilla Trino + Polaris + Ranger have no concept of a contract moving through draft → reviewed → approved → deprecated. Kirimana ships the state machine, the PR-time linter, and the two-approver gate for redaction events.

dbt-core wrapping with contract context

Vanilla dbt-core doesn’t read contracts. Kirimana enriches the dbt manifest with classifications, AI policy, lineage, ownership, SLA windows. Your existing models keep working; the governance comes along for free.

Goal-to-data lineage

OpenLineage tracks edges. Kirimana tracks ReportingGoal → Contract → Table — the business-question backstop OpenLineage doesn’t model.

Compliance generators that ship in the box

DORA, EU AI Act, GDPR Art. 17 redaction reports generate from contract metadata + audit log. The OSS stack alone doesn’t synthesize compliance reports; Kirimana does.

Federated cross-stack library

Patterns published in the Kirimana Library install on any edition — Databricks domain A, Fabric domain B, Trino domain C all share.

Pass-through to Apache Polaris (and any catalog)

The Enterprise OSS edition treats catalogs the same way the Databricks edition treats Unity Catalog and the Fabric edition treats Purview — as a metadata surface fed by Kirimana, not replaced by it.

CatalogModeNotes
Apache Polaris (incubating)push + pullPrimary Iceberg metadata catalog; bidirectional sync of contract metadata
AWS Glue Data CatalogpushFor AWS-native Iceberg + Parquet tables
Apache RangerpushClassification → row/column policies
Open Metadata / DataHubadapterAvailable; not enabled by default
Snowflake HorizonpushIf a Trino federation queries Snowflake
Atlan / Collibra / AlationPro Services adapter shelfNot in OSS

Integrations available out of the box

  • AI providers: Anthropic Claude, Azure OpenAI, AWS Bedrock, Ollama (air-gapped — full feature parity)
  • AI assistants: Claude.ai, Cursor, Continue.dev, Cline (via MCP); Databricks AI Assistants if you federate to a Databricks domain
  • Catalogs: Apache Polaris (primary), AWS Glue, Apache Ranger, Unity Catalog push, Purview push, Snowflake Horizon push
  • Ingest: Airbyte (default), Kafka, Debezium CDC, dlt, REST, SOAP, database direct, landing zone (S3/ABFSS/GCS)
  • Vault: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, env-based (dev only)
  • ITSM: Jira (REST v3), ServiceNow (Table API), Zendesk (REST v2)
  • Comms: Slack governance bot, Microsoft Teams
  • Auth: OIDC — generic, GitHub, Entra ID, Okta, Auth0
  • BI: dbt Semantic Layer / MetricFlow / Cube exports; Power BI / Tableau / Qlik connection guides

How to deploy

PatternStackBest for
Local-firstDuckDB + StreamlitPrototype on a laptop; full feature surface
Single-node PostgresPostgres + dbt-coreA small data team’s first production deployment
Trino + Iceberg + PolarisTrino + Iceberg + Polaris + RangerCost-effective enterprise stack
Air-gapped sovereigntyOllama + DuckDB / PostgresPublic sector / regulated industries needing zero outbound network
DIYAnything you write an adapter forUse the adapter ABC; ~400 lines per platform

Pricing posture

  • OSS (free) — Apache-2.0. The full thing. No “community edition” gimping. We don’t believe in feature-paywalling open source.
  • Professional Services — install on your stack, design your domain layout, train your operators. Day rates, no minimum.
  • Enterprise Support — SLA-backed support, named on-call, regulator-audit assistance. From $20k/yr.

Linked resources

Request early access Ask Kiri about this edition
What Kirimana adds

Kirimana Enterprise OSS — native vs. with Kirimana.

Trino + Iceberg + Polaris + Ranger ships strong primitives. Kirimana sits above and adds the contract layer that operationalises governance, AI policy, and compliance.

Capability Trino + Iceberg + Polaris + Ranger + Kirimana
AI policy enforcement Ranger doesn't gate AI Per-contract classification gate on every LLM call
Contract artefact Iceberg metadata + Polaris tags ODCS v3 canonical, fed to Polaris + Ranger
Compliance generators None — assemble yourself DORA + EU AI Act + GDPR built in
Cross-platform portability Trino federates queries; metadata is Polaris-only Same contract runs on Databricks / Fabric domains
Federated contract library None GitHub-backed, cross-stack pattern sharing
Contract state machine None Draft → Reviewed → Approved → Deprecated, PR-time

Six of 18 capabilities shown · see full comparison vs all alternatives