@cyanheads/mcp-ts-core 0.8.11 → 0.8.13

package/dist/services/canvas/core/sqlGate.js

@@ -1,26 +1,25 @@
 /**
  * @fileoverview Read-only SQL gate for the DataCanvas primitive. Engine-agnostic
- * pure validators that the provider invokes after pulling DuckDB-specific
- * metadata (statement extraction, prepared-statement type, EXPLAIN plan JSON).
+ * pure validators the provider invokes after pulling DuckDB-specific metadata.
  *
- * Three layers of enforcement, each authoritative on its own:
+ * Four layers of enforcement, each authoritative:
  *
- * 1. **Single-statement check.** The provider parses the input via DuckDB's
- *    `extractStatements` and passes the count here. Anything other than 1 is
- *    rejected — comment-hidden second statements, multi-statement smuggling,
- *    and Unicode tricks all collapse here because DuckDB's parser is the
- *    arbiter, not a regex.
- * 2. **Statement-type check.** The provider prepares the single statement and
- *    passes the resulting `statementType`. We require `SELECT`. Any DDL, DML,
- *    or utility (PRAGMA/ATTACH/COPY/INSTALL/LOAD/SET/EXECUTE) fails to type as
- *    SELECT and is rejected here.
- * 3. **Plan-walk allowlist.** The provider runs `EXPLAIN (FORMAT JSON)` and
- *    passes the plan JSON. We walk every node and reject if any operator
- *    name is outside the curated allowlist — defense-in-depth against future
- *    DuckDB additions that might smuggle work into a SELECT envelope.
+ * 1. **Function deny-list (text scan).** Pre-EXPLAIN regex against the SQL
+ *    (string literals stripped) for file/HTTP-reading table functions like
+ *    `read_json`, `read_parquet`. These can lower into generic SEQ_SCAN
+ *    operators that pass the operator allowlist; catching them by name closes
+ *    that bypass.
+ * 2. **Single-statement check.** Reject anything other than exactly one
+ *    statement parsed by DuckDB. Comment-hidden second statements, Unicode
+ *    tricks, and multi-statement smuggling collapse here.
+ * 3. **Statement-type check.** Require `SELECT`. DDL, DML, and utility
+ *    statements (PRAGMA/ATTACH/COPY/INSTALL/LOAD/SET/EXECUTE) fail to type as
+ *    SELECT.
+ * 4. **Plan-walk allowlist + denied-function rescan.** Walk the
+ *    `EXPLAIN (FORMAT JSON)` tree; reject any operator outside the allowlist
+ *    or any string field referencing a deny-listed function.
  *
- * Rejection paths throw `ValidationError` with a structured `data.reason`
- * suitable for surfacing to the agent.
+ * Rejection paths throw `ValidationError` with a structured `data.reason`.
  *
  * @module src/services/canvas/core/sqlGate
  */
@@ -28,27 +27,47 @@ import { validationError } from '../../../types-global/errors.js';
 /** Subset of statement types the gate permits. */
 export const ALLOWED_STATEMENT_TYPES = new Set(['SELECT']);
 /**
- * Curated allowlist of operator names that can appear in an EXPLAIN plan.
- * Sourced from DuckDB's logical/physical-plan node families (1.5.x). Not
- * every member is reachable from a SELECT — but every member is read-only.
- *
- * Pinned by `tests/canvas/sqlGate.fixtures.test.ts` against live DuckDB
- * EXPLAIN output so version bumps that add operators are caught in CI rather
- * than silently widening the gate.
- *
- * Operators **not** in this list cause rejection. Notable exclusions:
+ * Reason codes set on `validationError.data.reason` by gate assertions.
+ * Consumers can import the {@link SqlGateReason} union to translate gate
+ * denials into typed contract reasons without duplicating the strings.
+ */
+export const SQL_GATE_REASONS = {
+    multiStatement: 'multi_statement',
+    nonSelectStatement: 'non_select_statement',
+    planOperatorNotAllowed: 'plan_operator_not_allowed',
+    deniedFunction: 'denied_function',
+    deniedFunctionInPlan: 'denied_function_in_plan',
+    identifierEmpty: 'identifier_empty',
+    identifierShape: 'identifier_shape',
+    identifierReserved: 'identifier_reserved',
+};
+/**
+ * Allowlist of read-only operator names that can appear in an EXPLAIN plan.
+ * Anything outside this set causes rejection. Notable exclusions:
  *
  * - `READ_CSV`, `READ_PARQUET`, `READ_JSON` — bypass canvas, read external files.
- * - `INSERT`, `UPDATE`, `DELETE`, `MERGE`, `CREATE_*`, `DROP_*`, `ALTER_*` — writes.
- * - `COPY_TO_FILE`, `BATCH_COPY_TO_FILE` — exports a SELECT to a file.
- * - `ATTACH`, `DETACH`, `LOAD`, `INSTALL`, `PRAGMA`, `SET`, `RESET` — utility.
+ * - `INSERT`, `UPDATE`, `DELETE`, `MERGE_INTO`, `CREATE_*`, `DROP`, `ALTER` — writes.
+ * - `COPY_TO_FILE`, `BATCH_COPY_TO_FILE`, `COPY_DATABASE` — write a SELECT to a file/db.
+ * - `ATTACH`, `DETACH`, `LOAD`, `PRAGMA`, `SET`, `SET_VARIABLE`, `RESET`, `TRANSACTION`,
+ *   `EXECUTE`, `PREPARE`, `VACUUM`, `EXPORT`, `EXPLAIN_ANALYZE`, `CREATE_SECRET` — utility/system.
+ * - `INOUT_FUNCTION` — table-valued function lowering (read_json/read_parquet/...);
+ *   gated by the function deny-list rather than the operator allowlist.
+ *
+ * Source pinned against `PhysicalOperatorToString` in DuckDB v1.5.2:
+ * https://github.com/duckdb/duckdb/blob/v1.5.2/src/common/enums/physical_operator_type.cpp
  */
 export const ALLOWED_PLAN_OPERATORS = new Set([
-    // Scans (registered tables only — file scans like READ_CSV are excluded)
+    // Scans (registered tables only)
+    'TABLE_SCAN',
     'SEQ_SCAN',
     'COLUMN_DATA_SCAN',
     'CHUNK_SCAN',
+    'CTE_SCAN',
+    'REC_CTE_SCAN',
+    'REC_REC_CTE_SCAN',
+    'DELIM_SCAN',
     'EXPRESSION_SCAN',
+    'POSITIONAL_SCAN',
     'DUMMY_SCAN',
     'EMPTY_RESULT',
     'IN_MEMORY_TABLE_SCAN',
@@ -64,6 +83,8 @@ export const ALLOWED_PLAN_OPERATORS = new Set([
     'CROSS_PRODUCT',
     'POSITIONAL_JOIN',
     'ASOF_JOIN',
+    'LEFT_DELIM_JOIN',
+    'RIGHT_DELIM_JOIN',
     'DELIM_JOIN',
     // Aggregates
     'HASH_GROUP_BY',
@@ -74,6 +95,7 @@ export const ALLOWED_PLAN_OPERATORS = new Set([
     // Distinct / set ops
     'HASH_DISTINCT',
     'DISTINCT',
+    'LIMITED_DISTINCT',
     'UNION',
     // Sorting / limits
     'ORDER_BY',
@@ -83,11 +105,14 @@ export const ALLOWED_PLAN_OPERATORS = new Set([
     'STREAMING_LIMIT',
     // Window
     'WINDOW',
+    'STREAMING_WINDOW',
     // Nested
     'UNNEST',
-    // CTEs
+    // CTEs (DuckDB stringifies RECURSIVE_* as REC_*; long names kept for older versions)
     'CTE',
     'CTE_REF',
+    'REC_CTE',
+    'REC_KEY_CTE',
     'RECURSIVE_CTE',
     'MATERIALIZED_CTE',
     // Sampling
@@ -99,68 +124,176 @@ export const ALLOWED_PLAN_OPERATORS = new Set([
     'EXPLAIN',
     // Pivot/unpivot collapsed planner forms
     'PIVOT',
+    // Spatial — pre-staged, dormant until the `spatial` extension loads.
+    // See https://github.com/cyanheads/mcp-ts-core/issues/106.
+    'RTREE_INDEX_SCAN',
 ]);
 /**
- * Public entry point — validates the trio of `(statementCount, statementType,
- * planJson)`. Throws on the first violation, leaving the provider to pass
- * results back to the caller untouched on success.
+ * External-data table functions (files, HTTP, S3, lakehouse formats). These
+ * lower into generic scan operators that pass the operator allowlist, so the
+ * text-scan and plan-rescan defenses in this module catch them by name
+ * regardless of how DuckDB lowers them.
+ */
+export const DENIED_TABLE_FUNCTIONS = new Set([
+    // CSV
+    'read_csv',
+    'read_csv_auto',
+    'sniff_csv',
+    // JSON
+    'read_json',
+    'read_json_auto',
+    'read_json_objects',
+    'read_json_objects_auto',
+    'read_ndjson',
+    'read_ndjson_auto',
+    'read_ndjson_objects',
+    // Parquet
+    'read_parquet',
+    'parquet_scan',
+    'parquet_metadata',
+    'parquet_schema',
+    'parquet_file_metadata',
+    'parquet_kv_metadata',
+    // Text / blob / glob
+    'read_text',
+    'read_blob',
+    'glob',
+    // Iceberg / Delta
+    'iceberg_scan',
+    'iceberg_metadata',
+    'iceberg_snapshots',
+    'delta_scan',
+    // Postgres / MySQL / SQLite scanners (extension-loaded; defense-in-depth)
+    'postgres_scan',
+    'postgres_query',
+    'mysql_scan',
+    'mysql_query',
+    'sqlite_scan',
+    'sqlite_query',
+    // Spatial — pre-staged, dormant until the `spatial` extension loads.
+    // ST_Read is a GDAL-backed reader for ~50 vector formats; ST_Drivers exposes
+    // the bundled GDAL driver surface; rtree_index_dump leaks index internals.
+    // See https://github.com/cyanheads/mcp-ts-core/issues/106.
+    'st_read',
+    'st_drivers',
+    'rtree_index_dump',
+]);
+/**
+ * Call-shape regex (`name(`). Caller strips comments and string literals first
+ * so quoted text and comment-injected separators between a name and its `(`
+ * can't false-positive or bypass.
+ */
+const DENIED_FUNCTION_CALL_REGEX = new RegExp(String.raw `\b(${[...DENIED_TABLE_FUNCTIONS].join('|')})\s*\(`, 'gi');
+/**
+ * Bare-name regex for the plan-walk rescan only. DuckDB EXPLAIN metadata can
+ * spell out a function as `Function: read_json` without parens. Restricted to
+ * known function-name fields to avoid scanning user-projected string literals.
+ */
+const DENIED_FUNCTION_BARE_REGEX = new RegExp(String.raw `\b(${[...DENIED_TABLE_FUNCTIONS].join('|')})\b`, 'gi');
+/** Plan-node string fields where DuckDB stores lowered table-function names. */
+const FUNCTION_METADATA_KEYS = new Set([
+    'extra_info',
+    'function',
+    'function_name',
+    'table_function',
+    'source',
+]);
+/** Strip SQL block and line comments. */
+function stripSqlComments(sql) {
+    return sql.replace(/\/\*[\s\S]*?\*\//g, ' ').replace(/--[^\n]*/g, '');
+}
+/**
+ * Strip standard SQL string literals. Doesn't handle E-strings or DuckDB
+ * dollar-quoting; the plan-walk rescan catches anything that survives.
+ */
+function stripSqlStringLiterals(sql) {
+    return sql.replace(/'(?:[^']|'')*'/g, "''");
+}
+/**
+ * Layer 1: pre-EXPLAIN function deny-list. Scans the SQL (string literals
+ * stripped) for calls to any function in {@link DENIED_TABLE_FUNCTIONS} so a
+ * malicious `read_json('/etc/passwd')` is rejected before reaching the planner.
+ */
+export function assertNoDeniedFunctions(sql) {
+    if (typeof sql !== 'string' || sql.length === 0)
+        return;
+    const stripped = stripSqlStringLiterals(stripSqlComments(sql));
+    DENIED_FUNCTION_CALL_REGEX.lastIndex = 0;
+    const match = DENIED_FUNCTION_CALL_REGEX.exec(stripped);
+    if (match?.[1]) {
+        const fn = match[1].toLowerCase();
+        throw validationError(`Canvas query references disallowed table function: ${fn}. File-reading and external-data functions are not permitted.`, { reason: SQL_GATE_REASONS.deniedFunction, function: fn });
+    }
+}
+/**
+ * Layers 2-4. Throws on the first violation. Layer 1
+ * ({@link assertNoDeniedFunctions}) runs separately before `extractStatements`.
  */
 export function assertReadOnlyQuery(input) {
     assertSelectOnly(input);
     assertPlanReadOnly(input.planJson);
 }
 /**
- * Pre-EXPLAIN gate: validate statement count and type. Run before the EXPLAIN
- * call so non-SELECT statements (which DuckDB's EXPLAIN can't always wrap —
- * e.g. ATTACH/PRAGMA/COPY/INSTALL) fail with a structured ValidationError
- * here rather than a confusing parser error from EXPLAIN itself.
+ * Layers 2-3: validate statement count and type before EXPLAIN. Non-SELECT
+ * statements (ATTACH/PRAGMA/COPY/INSTALL/...) fail here with a structured
+ * ValidationError rather than a confusing parser error from EXPLAIN itself.
  */
 export function assertSelectOnly(input) {
     if (input.statementCount !== 1) {
         throw validationError('Canvas query must contain exactly one SQL statement.', {
-            reason: 'multi_statement',
+            reason: SQL_GATE_REASONS.multiStatement,
             statementCount: input.statementCount,
         });
     }
     if (!ALLOWED_STATEMENT_TYPES.has(input.statementType)) {
-        throw validationError(`Canvas query must be SELECT; got ${input.statementType}. Mutations must use registerTable, drop, or clear.`, { reason: 'non_select_statement', statementType: input.statementType });
+        throw validationError(`Canvas query must be SELECT; got ${input.statementType}. Mutations must use registerTable, drop, or clear.`, { reason: SQL_GATE_REASONS.nonSelectStatement, statementType: input.statementType });
     }
 }
 /**
- * Post-EXPLAIN gate: walk the plan tree and reject any operator outside the
- * curated allowlist. Defense-in-depth against future DuckDB additions that
- * smuggle work into a SELECT envelope.
+ * Layer 4: walk the plan tree and reject any operator outside the allowlist
+ * or any deny-listed table function smuggled into a generic scan operator.
  */
 export function assertPlanReadOnly(planJson) {
-    const offending = collectDisallowedOperators(planJson);
+    const { offending, deniedFunctions } = collectPlanViolations(planJson);
+    if (deniedFunctions.size > 0) {
+        throw validationError(`Canvas query references disallowed table function in plan: ${[...deniedFunctions].sort().join(', ')}.`, {
+            reason: SQL_GATE_REASONS.deniedFunctionInPlan,
+            functions: [...deniedFunctions].sort(),
+        });
+    }
     if (offending.size > 0) {
         throw validationError(`Canvas query contains disallowed operators: ${[...offending].sort().join(', ')}.`, {
-            reason: 'plan_operator_not_allowed',
+            reason: SQL_GATE_REASONS.planOperatorNotAllowed,
             operators: [...offending].sort(),
         });
     }
 }
 /**
- * Walks the EXPLAIN plan and returns the set of operator names not in
- * `ALLOWED_PLAN_OPERATORS`. Exported for fixture-driven tests that want
- * to inspect the gate's view of a plan without throwing.
- *
- * Tolerant of structural variation — DuckDB emits operator identity under
- * either `name` (logical plan) or `operator_type` (physical/profile plan)
- * depending on the EXPLAIN flavor. We honor both. Children traversal
- * supports `children`, `child`, and `inputs` arrays.
+ * Returns operator names not in `ALLOWED_PLAN_OPERATORS`. Exported for
+ * fixture-driven tests that want to inspect the gate's view without throwing.
+ * Use {@link collectPlanViolations} to also surface deny-listed function
+ * references in scan-operator metadata.
  */
 export function collectDisallowedOperators(planJson) {
+    return collectPlanViolations(planJson).offending;
+}
+/**
+ * Combined plan-walk: disallowed operators and deny-listed table-function
+ * references in string-valued fields, returned separately so callers can word
+ * errors appropriately.
+ */
+export function collectPlanViolations(planJson) {
     const offending = new Set();
-    walk(planJson, offending);
-    return offending;
+    const deniedFunctions = new Set();
+    walk(planJson, offending, deniedFunctions);
+    return { offending, deniedFunctions };
 }
-function walk(node, offending) {
+function walk(node, offending, deniedFunctions) {
     if (node === null || typeof node !== 'object')
         return;
     if (Array.isArray(node)) {
         for (const child of node)
-            walk(child, offending);
+            walk(child, offending, deniedFunctions);
         return;
     }
     const obj = node;
@@ -168,19 +301,38 @@ function walk(node, offending) {
     if (operator !== undefined && !ALLOWED_PLAN_OPERATORS.has(operator)) {
         offending.add(operator);
     }
-    // Traverse known child slots; ignore string/number leaves.
+    // read_json/read_parquet lower into generic scan operators whose source
+    // function appears in plan metadata, not the operator name. Use the bare
+    // regex on known function-name fields, the call-shape regex elsewhere.
+    for (const [key, value] of Object.entries(obj)) {
+        if (typeof value !== 'string')
+            continue;
+        const regex = FUNCTION_METADATA_KEYS.has(key)
+            ? DENIED_FUNCTION_BARE_REGEX
+            : DENIED_FUNCTION_CALL_REGEX;
+        collectDeniedFunctionMatches(value, regex, deniedFunctions);
+    }
     for (const key of ['children', 'child', 'inputs', 'plan', 'root']) {
         if (key in obj)
-            walk(obj[key], offending);
+            walk(obj[key], offending, deniedFunctions);
+    }
+}
+function collectDeniedFunctionMatches(value, regex, sink) {
+    regex.lastIndex = 0;
+    let match = regex.exec(value);
+    while (match !== null) {
+        if (match[1])
+            sink.add(match[1].toLowerCase());
+        match = regex.exec(value);
     }
 }
 function readOperatorName(obj) {
-    const candidates = ['name', 'operator_type', 'operator', 'type'];
-    for (const key of candidates) {
+    // DuckDB emits operator identity under different keys depending on the
+    // EXPLAIN flavor (logical/physical/profile).
+    for (const key of ['name', 'operator_type', 'operator', 'type']) {
         const value = obj[key];
-        if (typeof value === 'string' && value !== '') {
+        if (typeof value === 'string' && value !== '')
             return value.toUpperCase();
-        }
     }
     return;
 }
@@ -188,16 +340,15 @@ function readOperatorName(obj) {
 // Identifier validation and quoting
 // ---------------------------------------------------------------------------
 /**
- * Allowed shape for canvas-local table and column names. Matches the
- * conservative SQL identifier convention: starts with letter/underscore,
- * followed by letters/digits/underscores, max 63 chars (PostgreSQL/DuckDB cap).
+ * Allowed shape for canvas table/column names. SQL identifier convention:
+ * letter/underscore start, letters/digits/underscores after, max 63 chars
+ * (PostgreSQL/DuckDB cap). Exported so consumers can reuse it in Zod schemas
+ * (`z.string().regex(CANVAS_IDENTIFIER_REGEX)`).
  */
-const IDENTIFIER_REGEX = /^[A-Za-z_][A-Za-z0-9_]{0,62}$/;
+export const CANVAS_IDENTIFIER_REGEX = /^[A-Za-z_][A-Za-z0-9_]{0,62}$/;
 /**
- * DuckDB reserved words that must not be used as bare identifiers. Not
- * exhaustive — this is a courtesy guard so misnamed tables fail at register
- * time rather than confusing-error time. The `IDENTIFIER_REGEX` is the
- * authoritative shape gate.
+ * Courtesy guard against bare reserved words. Not exhaustive — the shape gate
+ * is authoritative; this just produces a friendlier error at register time.
  */
 const RESERVED_IDENTIFIERS = new Set([
     'select',
@@ -237,29 +388,25 @@ const RESERVED_IDENTIFIERS = new Set([
     'with',
     'recursive',
 ]);
-/**
- * Validate an identifier for use as a canvas-local table or column name.
- * Throws `ValidationError` on rejection.
- */
+/** Validate a canvas table or column name. Throws `ValidationError` on rejection. */
 export function assertValidIdentifier(value, kind) {
     if (typeof value !== 'string' || value.length === 0) {
         throw validationError(`Canvas ${kind} name must be a non-empty string.`, {
-            reason: 'identifier_empty',
+            reason: SQL_GATE_REASONS.identifierEmpty,
             kind,
         });
     }
-    if (!IDENTIFIER_REGEX.test(value)) {
-        throw validationError(`Canvas ${kind} name "${value}" is invalid. Use letters, digits, and underscores; must start with a letter or underscore; max 63 chars.`, { reason: 'identifier_shape', kind, value });
+    if (!CANVAS_IDENTIFIER_REGEX.test(value)) {
+        throw validationError(`Canvas ${kind} name "${value}" is invalid. Use letters, digits, and underscores; must start with a letter or underscore; max 63 chars.`, { reason: SQL_GATE_REASONS.identifierShape, kind, value });
     }
     if (RESERVED_IDENTIFIERS.has(value.toLowerCase())) {
-        throw validationError(`Canvas ${kind} name "${value}" is a reserved SQL keyword. Choose another name.`, { reason: 'identifier_reserved', kind, value });
+        throw validationError(`Canvas ${kind} name "${value}" is a reserved SQL keyword. Choose another name.`, { reason: SQL_GATE_REASONS.identifierReserved, kind, value });
     }
 }
 /**
- * Wrap an identifier in double quotes for safe inclusion in SQL. Internal
- * double quotes are doubled per the SQL standard. Callers should still
- * validate via {@link assertValidIdentifier} before quoting — this helper
- * only escapes; it does not validate shape.
+ * Double-quote-escape an identifier for SQL embedding. Validate via
+ * {@link assertValidIdentifier} first — this helper only escapes, it does not
+ * check shape.
  */
 export function quoteIdentifier(value) {
     return `"${value.replace(/"/g, '""')}"`;

package/dist/services/canvas/core/sqlGate.js.map

@@ -1 +1 @@
-{"version":3,"file":"sqlGate.js","sourceRoot":"","sources":["../../../../src/services/canvas/core/sqlGate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAY3D,kDAAkD;AAClD,MAAM,CAAC,MAAM,uBAAuB,GAAqC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE7F;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IACjE,yEAAyE;IACzE,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,iBAAiB;IACjB,YAAY;IACZ,cAAc;IACd,sBAAsB;IACtB,sBAAsB;IACtB,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,kBAAkB;IAClB,mBAAmB;IACnB,SAAS;IACT,sBAAsB;IACtB,eAAe;IACf,iBAAiB;IACjB,WAAW;IACX,YAAY;IACZ,aAAa;IACb,eAAe;IACf,uBAAuB;IACvB,qBAAqB;IACrB,kBAAkB;IAClB,uBAAuB;IACvB,qBAAqB;IACrB,eAAe;IACf,UAAU;IACV,OAAO;IACP,mBAAmB;IACnB,UAAU;IACV,OAAO;IACP,OAAO;IACP,eAAe;IACf,iBAAiB;IACjB,SAAS;IACT,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,OAAO;IACP,KAAK;IACL,SAAS;IACT,eAAe;IACf,kBAAkB;IAClB,WAAW;IACX,kBAAkB;IAClB,QAAQ;IACR,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,SAAS;IACT,wCAAwC;IACxC,OAAO;CACR,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAOnC;IACC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxB,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAGhC;IACC,IAAI,KAAK,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,eAAe,CAAC,sDAAsD,EAAE;YAC5E,MAAM,EAAE,iBAAiB;YACzB,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QACtD,MAAM,eAAe,CACnB,oCAAoC,KAAK,CAAC,aAAa,qDAAqD,EAC5G,EAAE,MAAM,EAAE,sBAAsB,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CACvE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAiB;IAClD,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IACvD,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,eAAe,CACnB,+CAA+C,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAClF;YACE,MAAM,EAAE,2BAA2B;YACnC,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE;SACjC,CACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CAAC,QAAiB;IAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,IAAI,CAAC,IAAa,EAAE,SAAsB;IACjD,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO;IACtD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,KAAK,IAAI,IAAI;YAAE,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,IAA+B,CAAC;IAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IACD,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,IAAI,GAAG;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,OAAO;AACT,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,gBAAgB,GAAG,+BAA+B,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,oBAAoB,GAAwB,IAAI,GAAG,CAAC;IACxD,QAAQ;IACR,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,OAAO;IACP,WAAW;IACX,QAAQ;IACR,KAAK;IACL,UAAU;IACV,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,MAAM;IACN,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,IAAI;IACJ,OAAO;IACP,MAAM;IACN,WAAW;CACZ,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,IAAwB;IAC3E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,eAAe,CAAC,UAAU,IAAI,mCAAmC,EAAE;YACvE,MAAM,EAAE,kBAAkB;YAC1B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,eAAe,CACnB,UAAU,IAAI,UAAU,KAAK,2GAA2G,EACxI,EAAE,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,KAAK,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAClD,MAAM,eAAe,CACnB,UAAU,IAAI,UAAU,KAAK,mDAAmD,EAChF,EAAE,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,KAAK,EAAE,CAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;AAC1C,CAAC"}
+{"version":3,"file":"sqlGate.js","sourceRoot":"","sources":["../../../../src/services/canvas/core/sqlGate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAS3D,kDAAkD;AAClD,MAAM,CAAC,MAAM,uBAAuB,GAAqC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE7F;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,cAAc,EAAE,iBAAiB;IACjC,kBAAkB,EAAE,sBAAsB;IAC1C,sBAAsB,EAAE,2BAA2B;IACnD,cAAc,EAAE,iBAAiB;IACjC,oBAAoB,EAAE,yBAAyB;IAC/C,eAAe,EAAE,kBAAkB;IACnC,eAAe,EAAE,kBAAkB;IACnC,kBAAkB,EAAE,qBAAqB;CACjC,CAAC;AAKX;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IACjE,iCAAiC;IACjC,YAAY;IACZ,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,UAAU;IACV,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,cAAc;IACd,sBAAsB;IACtB,sBAAsB;IACtB,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,kBAAkB;IAClB,mBAAmB;IACnB,SAAS;IACT,sBAAsB;IACtB,eAAe;IACf,iBAAiB;IACjB,WAAW;IACX,iBAAiB;IACjB,kBAAkB;IAClB,YAAY;IACZ,aAAa;IACb,eAAe;IACf,uBAAuB;IACvB,qBAAqB;IACrB,kBAAkB;IAClB,uBAAuB;IACvB,qBAAqB;IACrB,eAAe;IACf,UAAU;IACV,kBAAkB;IAClB,OAAO;IACP,mBAAmB;IACnB,UAAU;IACV,OAAO;IACP,OAAO;IACP,eAAe;IACf,iBAAiB;IACjB,SAAS;IACT,QAAQ;IACR,kBAAkB;IAClB,SAAS;IACT,QAAQ;IACR,qFAAqF;IACrF,KAAK;IACL,SAAS;IACT,SAAS;IACT,aAAa;IACb,eAAe;IACf,kBAAkB;IAClB,WAAW;IACX,kBAAkB;IAClB,QAAQ;IACR,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,SAAS;IACT,wCAAwC;IACxC,OAAO;IACP,qEAAqE;IACrE,2DAA2D;IAC3D,kBAAkB;CACnB,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IACjE,MAAM;IACN,UAAU;IACV,eAAe;IACf,WAAW;IACX,OAAO;IACP,WAAW;IACX,gBAAgB;IAChB,mBAAmB;IACnB,wBAAwB;IACxB,aAAa;IACb,kBAAkB;IAClB,qBAAqB;IACrB,UAAU;IACV,cAAc;IACd,cAAc;IACd,kBAAkB;IAClB,gBAAgB;IAChB,uBAAuB;IACvB,qBAAqB;IACrB,qBAAqB;IACrB,WAAW;IACX,WAAW;IACX,MAAM;IACN,kBAAkB;IAClB,cAAc;IACd,kBAAkB;IAClB,mBAAmB;IACnB,YAAY;IACZ,0EAA0E;IAC1E,eAAe;IACf,gBAAgB;IAChB,YAAY;IACZ,aAAa;IACb,aAAa;IACb,cAAc;IACd,qEAAqE;IACrE,6EAA6E;IAC7E,2EAA2E;IAC3E,2DAA2D;IAC3D,SAAS;IACT,YAAY;IACZ,kBAAkB;CACnB,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,0BAA0B,GAAG,IAAI,MAAM,CAC3C,MAAM,CAAC,GAAG,CAAA,MAAM,CAAC,GAAG,sBAAsB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAC7D,IAAI,CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,0BAA0B,GAAG,IAAI,MAAM,CAC3C,MAAM,CAAC,GAAG,CAAA,MAAM,CAAC,GAAG,sBAAsB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAC1D,IAAI,CACL,CAAC;AAEF,gFAAgF;AAChF,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IAC1D,YAAY;IACZ,UAAU;IACV,eAAe;IACf,gBAAgB;IAChB,QAAQ;CACT,CAAC,CAAC;AAEH,yCAAyC;AACzC,SAAS,gBAAgB,CAAC,GAAW;IACnC,OAAO,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,GAAW;IACzC,OAAO,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAW;IACjD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IACxD,MAAM,QAAQ,GAAG,sBAAsB,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,0BAA0B,CAAC,SAAS,GAAG,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,0BAA0B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACf,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,eAAe,CACnB,sDAAsD,EAAE,+DAA+D,EACvH,EAAE,MAAM,EAAE,gBAAgB,CAAC,cAAc,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC1D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAOnC;IACC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxB,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAGhC;IACC,IAAI,KAAK,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,eAAe,CAAC,sDAAsD,EAAE;YAC5E,MAAM,EAAE,gBAAgB,CAAC,cAAc;YACvC,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QACtD,MAAM,eAAe,CACnB,oCAAoC,KAAK,CAAC,aAAa,qDAAqD,EAC5G,EAAE,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CACpF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAiB;IAClD,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IACvE,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,eAAe,CACnB,8DAA8D,CAAC,GAAG,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EACvG;YACE,MAAM,EAAE,gBAAgB,CAAC,oBAAoB;YAC7C,SAAS,EAAE,CAAC,GAAG,eAAe,CAAC,CAAC,IAAI,EAAE;SACvC,CACF,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,eAAe,CACnB,+CAA+C,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAClF;YACE,MAAM,EAAE,gBAAgB,CAAC,sBAAsB;YAC/C,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE;SACjC,CACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,QAAiB;IAC1D,OAAO,qBAAqB,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC;AACnD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAiB;IAIrD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAC3C,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,IAAI,CAAC,IAAa,EAAE,SAAsB,EAAE,eAA4B;IAC/E,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO;IACtD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,KAAK,IAAI,IAAI;YAAE,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;QAClE,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,IAA+B,CAAC;IAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IACD,wEAAwE;IACxE,yEAAyE;IACzE,uEAAuE;IACvE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QACxC,MAAM,KAAK,GAAG,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC;YAC3C,CAAC,CAAC,0BAA0B;YAC5B,CAAC,CAAC,0BAA0B,CAAC;QAC/B,4BAA4B,CAAC,KAAK,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAC9D,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,IAAI,GAAG;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa,EAAE,KAAa,EAAE,IAAiB;IACnF,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;IACpB,IAAI,KAAK,GAA2B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,OAAO,KAAK,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/C,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,uEAAuE;IACvE,6CAA6C;IAC7C,KAAK,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,EAAE;YAAE,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;IAC5E,CAAC;IACD,OAAO;AACT,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,+BAA+B,CAAC;AAEvE;;;GAGG;AACH,MAAM,oBAAoB,GAAwB,IAAI,GAAG,CAAC;IACxD,QAAQ;IACR,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,OAAO;IACP,WAAW;IACX,QAAQ;IACR,KAAK;IACL,UAAU;IACV,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,MAAM;IACN,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,IAAI;IACJ,OAAO;IACP,MAAM;IACN,WAAW;CACZ,CAAC,CAAC;AAEH,qFAAqF;AACrF,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,IAAwB;IAC3E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,eAAe,CAAC,UAAU,IAAI,mCAAmC,EAAE;YACvE,MAAM,EAAE,gBAAgB,CAAC,eAAe;YACxC,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,eAAe,CACnB,UAAU,IAAI,UAAU,KAAK,2GAA2G,EACxI,EAAE,MAAM,EAAE,gBAAgB,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,CAC1D,CAAC;IACJ,CAAC;IACD,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAClD,MAAM,eAAe,CACnB,UAAU,IAAI,UAAU,KAAK,mDAAmD,EAChF,EAAE,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,EAAE,KAAK,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;AAC1C,CAAC"}

package/dist/services/canvas/index.d.ts

@@ -15,7 +15,7 @@ export { type AcquireResult, CanvasRegistry, type CanvasRegistryOptions, DEFAULT
 export { createCanvasService } from './core/canvasFactory.js';
 export { DataCanvas } from './core/DataCanvas.js';
 export type { IDataCanvasProvider } from './core/IDataCanvasProvider.js';
-export { ALLOWED_PLAN_OPERATORS, ALLOWED_STATEMENT_TYPES, assertReadOnlyQuery, assertValidIdentifier, collectDisallowedOperators, type DuckdbStatementType, quoteIdentifier, } from './core/sqlGate.js';
+export { ALLOWED_PLAN_OPERATORS, ALLOWED_STATEMENT_TYPES, assertNoDeniedFunctions, assertReadOnlyQuery, assertValidIdentifier, CANVAS_IDENTIFIER_REGEX, collectDisallowedOperators, collectPlanViolations, DENIED_TABLE_FUNCTIONS, type DuckdbStatementType, quoteIdentifier, SQL_GATE_REASONS, type SqlGateReason, } from './core/sqlGate.js';
 export { DuckdbProvider, type DuckdbProviderOptions, } from './providers/duckdb/DuckdbProvider.js';
-export type { AcquireOptions, ColumnSchema, ColumnType, DescribeOptions, ExportFormat, ExportOptions, ExportResult, ExportTarget, QueryOptions, QueryResult, RegisterRows, RegisterTableOptions, RegisterTableResult, TableInfo, } from './types.js';
+export type { AcquireOptions, CanvasObjectKind, ColumnSchema, ColumnType, DescribeOptions, ExportFormat, ExportOptions, ExportResult, ExportTarget, ImportFromOptions, QueryOptions, QueryResult, RegisterRows, RegisterTableOptions, RegisterTableResult, RegisterViewOptions, RegisterViewResult, TableInfo, } from './types.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/services/canvas/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/canvas/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EACL,KAAK,aAAa,EAClB,cAAc,EACd,KAAK,qBAAqB,EAC1B,+BAA+B,GAChC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,YAAY,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,0BAA0B,EAC1B,KAAK,mBAAmB,EACxB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,cAAc,EACd,KAAK,qBAAqB,GAC3B,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACV,cAAc,EACd,YAAY,EACZ,UAAU,EACV,eAAe,EACf,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,GACV,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/canvas/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EACL,KAAK,aAAa,EAClB,cAAc,EACd,KAAK,qBAAqB,EAC1B,+BAA+B,GAChC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,YAAY,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,eAAe,EACf,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,cAAc,EACd,KAAK,qBAAqB,GAC3B,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,SAAS,GACV,MAAM,YAAY,CAAC"}

package/dist/services/canvas/index.js

@@ -14,6 +14,6 @@ export { CanvasInstance } from './core/CanvasInstance.js';
 export { CanvasRegistry, DEFAULT_CANVAS_REGISTRY_OPTIONS, } from './core/CanvasRegistry.js';
 export { createCanvasService } from './core/canvasFactory.js';
 export { DataCanvas } from './core/DataCanvas.js';
-export { ALLOWED_PLAN_OPERATORS, ALLOWED_STATEMENT_TYPES, assertReadOnlyQuery, assertValidIdentifier, collectDisallowedOperators, quoteIdentifier, } from './core/sqlGate.js';
+export { ALLOWED_PLAN_OPERATORS, ALLOWED_STATEMENT_TYPES, assertNoDeniedFunctions, assertReadOnlyQuery, assertValidIdentifier, CANVAS_IDENTIFIER_REGEX, collectDisallowedOperators, collectPlanViolations, DENIED_TABLE_FUNCTIONS, quoteIdentifier, SQL_GATE_REASONS, } from './core/sqlGate.js';
 export { DuckdbProvider, } from './providers/duckdb/DuckdbProvider.js';
 //# sourceMappingURL=index.js.map

package/dist/services/canvas/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/canvas/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAEL,cAAc,EAEd,+BAA+B,GAChC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAElD,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,0BAA0B,EAE1B,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,cAAc,GAEf,MAAM,sCAAsC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/canvas/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAEL,cAAc,EAEd,+BAA+B,GAChC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAElD,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,EACrB,sBAAsB,EAEtB,eAAe,EACf,gBAAgB,GAEjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,cAAc,GAEf,MAAM,sCAAsC,CAAC"}

package/dist/services/canvas/providers/duckdb/DuckdbProvider.d.ts

@@ -1,18 +1,14 @@
 /**
- * @fileoverview DuckDB-backed implementation of {@link IDataCanvasProvider}.
- * One DuckDB instance per canvasId for memory isolation; a shared connection
- * for control-plane work (DDL, describe, drop) and per-query connections for
- * data-plane work so that {@link DuckDBConnection.interrupt} cancels exactly
- * the in-flight query without disturbing concurrent ops on the same canvas.
- *
- * Lazy-loaded via {@link lazyImport} so `@duckdb/node-api` stays a true peer
- * dependency — servers that don't enable canvas pay no install cost.
- *
+ * @fileoverview DuckDB-backed {@link IDataCanvasProvider}. One in-memory
+ * DuckDB instance per canvasId; a long-lived control connection for DDL and
+ * describe operations, plus a per-query connection so cancellation interrupts
+ * exactly the in-flight query. `@duckdb/node-api` is lazy-loaded so it stays
+ * a true peer dependency.
  * @module src/services/canvas/providers/duckdb/DuckdbProvider
  */
 import { type RequestContext } from '../../../../utils/internal/requestContext.js';
 import type { IDataCanvasProvider } from '../../core/IDataCanvasProvider.js';
-import type { DescribeOptions, ExportOptions, ExportResult, ExportTarget, QueryOptions, QueryResult, RegisterRows, RegisterTableOptions, RegisterTableResult, TableInfo } from '../../types.js';
+import type { DescribeOptions, ExportOptions, ExportResult, ExportTarget, ImportFromOptions, QueryOptions, QueryResult, RegisterRows, RegisterTableOptions, RegisterTableResult, RegisterViewOptions, RegisterViewResult, TableInfo } from '../../types.js';
 /** Configuration for {@link DuckdbProvider}. Mirrors the AppConfig.canvas block. */
 export interface DuckdbProviderOptions {
     /** Default row cap for `query()` results. */
@@ -24,12 +20,9 @@ export interface DuckdbProviderOptions {
     /** Number of rows to sniff for schema inference. */
     schemaSniffRows: number;
 }
-/** DuckDB SELECT statement-type id (matches `StatementType.SELECT === 1`). */
-declare const STATEMENT_TYPE_SELECT_ID = 1;
 export declare class DuckdbProvider implements IDataCanvasProvider {
     private readonly options;
     readonly name = "duckdb";
-    private duck;
     private readonly canvases;
     constructor(options: DuckdbProviderOptions);
     initCanvas(canvasId: string, _context: RequestContext): Promise<void>;
@@ -39,18 +32,67 @@ export declare class DuckdbProvider implements IDataCanvasProvider {
     registerTable(canvasId: string, name: string, rows: RegisterRows, _context: RequestContext, options?: RegisterTableOptions): Promise<RegisterTableResult>;
     query(canvasId: string, sql: string, _context: RequestContext, options?: QueryOptions): Promise<QueryResult>;
     export(canvasId: string, tableName: string, target: ExportTarget, _context: RequestContext, options?: ExportOptions): Promise<ExportResult>;
+    registerView(canvasId: string, name: string, selectSql: string, _context: RequestContext, options?: RegisterViewOptions): Promise<RegisterViewResult>;
+    importFrom(targetCanvasId: string, sourceCanvasId: string, sourceTableName: string, asName: string, _context: RequestContext, options?: ImportFromOptions): Promise<RegisterTableResult>;
     describe(canvasId: string, _context: RequestContext, options?: DescribeOptions): Promise<TableInfo[]>;
+    private describeOne;
     drop(canvasId: string, name: string, _context: RequestContext): Promise<boolean>;
     clear(canvasId: string, _context: RequestContext): Promise<number>;
     private requireCanvas;
-    private getModule;
+    /**
+     * Run the same four-layer read-only gate `query()` enforces, against an
+     * arbitrary SELECT string. Used by `query()` and `registerView()` so view
+     * definitions inherit query-level safety.
+     */
+    private assertReadOnlySql;
+    /**
+     * Resolve whether a name on the canvas refers to a base table, a view, or
+     * nothing. Returns `undefined` when absent; used by drop/registerView/
+     * importFrom to dispatch the right DDL.
+     */
+    private lookupKind;
+    /**
+     * Materialize `COUNT(*)` against a (validated) table or view name. DuckDB
+     * returns BIGINT as a JSON string; this helper centralizes the `Number(...)`
+     * coercion so callers see a plain `number`.
+     */
+    private countRows;
     private runExplain;
 }
-/** Re-export for tests and consumer-side parsing. */
-export { STATEMENT_TYPE_SELECT_ID };
+/**
+ * Coerce a value to BigInt without precision loss. `BigInt(Number(value))`
+ * round-trips through JS Number and truncates outside the 53-bit safe range,
+ * silently corrupting BIGINT IDs returned as numeric strings.
+ *
+ * @internal Exported for unit testing.
+ */
+export declare function toBigInt(value: unknown): bigint;
+/**
+ * Coerce to DuckDB's TIMESTAMP unit (micros since 1970-01-01 UTC, as `bigint`).
+ * Accepts `Date`, `bigint` (already-micros), `number` (ms-since-epoch matching
+ * `Date.getTime()`), and ISO 8601 strings. Throws `validationError` otherwise.
+ *
+ * @internal Exported for unit testing.
+ */
+export declare function toTimestampMicros(value: unknown, columnName: string): bigint;
+/**
+ * Coerce to DuckDB's DATE unit (days since 1970-01-01 UTC, as `number`).
+ * Accepts the same shapes as {@link toTimestampMicros}; throws otherwise.
+ *
+ * @internal Exported for unit testing.
+ */
+export declare function toDateDays(value: unknown, columnName: string): number;
+/**
+ * Coerce to `Uint8Array` for BLOB appends. Accepts `Uint8Array` (Node's
+ * `Buffer` passes through as a subclass), `ArrayBuffer`, and any other
+ * `ArrayBufferView`. Throws `validationError` for non-binary inputs.
+ *
+ * @internal Exported for unit testing.
+ */
+export declare function toUint8Array(value: unknown, columnName: string): Uint8Array;
 /**
  * Map a DuckDB-thrown error to a framework error class.
- * @internal Exported for unit testing — not re-exported from the canvas barrel.
+ * @internal Exported for unit testing.
  */
 export declare function classifyDuckdbError(err: unknown): Error;
 //# sourceMappingURL=DuckdbProvider.d.ts.map