@dbx-app/node-core 0.4.5 → 0.4.7

package/dist/backend.d.ts

@@ -8,5 +8,6 @@ export interface Backend {
     listTables(config: ConnectionConfig, schema?: string): Promise<TableInfo[]>;
     describeTable(config: ConnectionConfig, table: string, schema?: string): Promise<ColumnInfo[]>;
     executeQuery(config: ConnectionConfig, sql: string, options?: QueryOptions): Promise<QueryResult>;
+    close?(): Promise<void>;
 }
 export declare function createBackend(env?: NodeJS.ProcessEnv): Promise<Backend>;

package/dist/backend.js

@@ -1,5 +1,5 @@
 import { addConnection as desktopAddConnection, findConnection as desktopFindConnection, loadConnections as desktopLoadConnections, removeConnection as desktopRemoveConnection, } from "./connections.js";
-import { describeTable as desktopDescribeTable, executeQuery as desktopExecuteQuery, listTables as desktopListTables, } from "./database.js";
+import { closeDatabaseResources as desktopCloseDatabaseResources, describeTable as desktopDescribeTable, executeQuery as desktopExecuteQuery, listTables as desktopListTables, } from "./database.js";
 export async function createBackend(env = process.env) {
     if (env.DBX_WEB_URL) {
         return await import("./web-backend.js");
@@ -12,5 +12,6 @@ export async function createBackend(env = process.env) {
         listTables: desktopListTables,
         describeTable: desktopDescribeTable,
         executeQuery: desktopExecuteQuery,
+        close: desktopCloseDatabaseResources,
     };
 }

package/dist/connections.d.ts

@@ -9,13 +9,7 @@ export interface ConnectionConfig {
     password: string;
     database?: string;
     url_params?: string;
-    ssh_enabled: boolean;
-    proxy_enabled?: boolean;
-    proxy_type?: "socks5" | "http";
-    proxy_host?: string;
-    proxy_port?: number;
-    proxy_username?: string;
-    proxy_password?: string;
+    transport_layers?: TransportLayerConfig[];
     ssl: boolean;
     ca_cert_path?: string;
     oracle_connection_type?: "service_name" | "sid";
@@ -26,6 +20,34 @@ export interface ConnectionConfig {
     redis_sentinel_password?: string;
     redis_sentinel_tls?: boolean;
 }
+export type TransportLayerConfig = ({
+    type: "ssh";
+} & SshTunnelConfig) | ({
+    type: "proxy";
+} & ProxyTunnelConfig);
+export interface SshTunnelConfig {
+    id: string;
+    name?: string;
+    enabled?: boolean;
+    host: string;
+    port: number;
+    user: string;
+    password?: string;
+    key_path?: string;
+    key_passphrase?: string;
+    connect_timeout_secs?: number;
+    expose_lan?: boolean;
+}
+export interface ProxyTunnelConfig {
+    id: string;
+    name?: string;
+    enabled?: boolean;
+    proxy_type?: "socks5" | "http";
+    host: string;
+    port: number;
+    username?: string;
+    password?: string;
+}
 export interface ConnectionStoreOptions {
     path?: string;
 }

package/dist/connections.js

@@ -37,6 +37,74 @@ function getSecret(db, connectionId, key) {
         .get(connectionId, key);
     return row?.secret ?? "";
 }
+function transportLayerSecretSegment(index, layer) {
+    return layer.id?.trim() || String(index);
+}
+function transportLayerSshPasswordKey(index, layer) {
+    return `transport_layers.${transportLayerSecretSegment(index, layer)}.ssh_password`;
+}
+function transportLayerSshKeyPassphraseKey(index, layer) {
+    return `transport_layers.${transportLayerSecretSegment(index, layer)}.ssh_key_passphrase`;
+}
+function transportLayerProxyPasswordKey(index, layer) {
+    return `transport_layers.${transportLayerSecretSegment(index, layer)}.proxy_password`;
+}
+function normalizeTransportLayers(config) {
+    if (Array.isArray(config.transport_layers) && config.transport_layers.length > 0)
+        return config.transport_layers;
+    const layers = [];
+    if (config.ssh_enabled && Array.isArray(config.ssh_tunnels) && config.ssh_tunnels.length > 0) {
+        layers.push(...config.ssh_tunnels.map((hop) => ({ type: "ssh", ...hop })));
+    }
+    else if (config.ssh_enabled && config.ssh_host) {
+        layers.push({
+            type: "ssh",
+            id: "legacy",
+            enabled: true,
+            host: config.ssh_host,
+            port: config.ssh_port || 22,
+            user: config.ssh_user || "",
+            password: config.ssh_password || "",
+            key_path: config.ssh_key_path || "",
+            key_passphrase: config.ssh_key_passphrase || "",
+            connect_timeout_secs: config.ssh_connect_timeout_secs || 5,
+            expose_lan: !!config.ssh_expose_lan,
+        });
+    }
+    if (config.proxy_enabled && config.proxy_host) {
+        layers.push({
+            type: "proxy",
+            id: "legacy-proxy",
+            enabled: true,
+            proxy_type: config.proxy_type || "socks5",
+            host: config.proxy_host,
+            port: config.proxy_port || 1080,
+            username: config.proxy_username || "",
+            password: config.proxy_password || "",
+        });
+    }
+    return layers;
+}
+function hydrateTransportLayerSecrets(db, config, connectionId) {
+    config.transport_layers = normalizeTransportLayers(config);
+    config.transport_layers.forEach((layer, index) => {
+        if (layer.type === "ssh") {
+            layer.password ||=
+                getSecret(db, connectionId, transportLayerSshPasswordKey(index, layer)) ||
+                    (layer.id === "legacy" ? getSecret(db, connectionId, "ssh_password") : getSecret(db, connectionId, `ssh_tunnels.${layer.id || index}.password`));
+            layer.key_passphrase ||=
+                getSecret(db, connectionId, transportLayerSshKeyPassphraseKey(index, layer)) ||
+                    (layer.id === "legacy"
+                        ? getSecret(db, connectionId, "ssh_key_passphrase")
+                        : getSecret(db, connectionId, `ssh_tunnels.${layer.id || index}.key_passphrase`));
+        }
+        else {
+            layer.password ||=
+                getSecret(db, connectionId, transportLayerProxyPasswordKey(index, layer)) ||
+                    (layer.id === "legacy-proxy" ? getSecret(db, connectionId, "proxy_password") : "");
+        }
+    });
+}
 export async function loadConnections(options = {}) {
     const path = options.path ?? defaultDbPath();
     if (!existsSync(path))
@@ -51,8 +119,7 @@ export async function loadConnections(options = {}) {
             config.id = row.id;
             if (!config.password)
                 config.password = getSecret(db, row.id, "password");
-            if (!config.proxy_password)
-                config.proxy_password = getSecret(db, row.id, "proxy_password");
+            hydrateTransportLayerSecrets(db, config, row.id);
             if (!config.redis_sentinel_password) {
                 config.redis_sentinel_password = getSecret(db, row.id, "redis_sentinel_password");
             }
@@ -135,20 +202,11 @@ export async function addConnection(config) {
         password: "",
         database: normalized.database ?? null,
         color: null,
-        ssh_enabled: normalized.ssh_enabled ?? false,
-        ssh_host: "",
-        ssh_port: 22,
-        ssh_user: "",
-        ssh_password: "",
-        ssh_key_path: "",
-        ssh_key_passphrase: "",
-        ssh_expose_lan: false,
-        proxy_enabled: normalized.proxy_enabled ?? false,
-        proxy_type: normalized.proxy_type ?? "socks5",
-        proxy_host: normalized.proxy_host ?? "",
-        proxy_port: normalized.proxy_port ?? 1080,
-        proxy_username: normalized.proxy_username ?? "",
-        proxy_password: "",
+        transport_layers: normalizeTransportLayers(normalized).map((layer) => {
+            if (layer.type === "ssh")
+                return { ...layer, password: "", key_passphrase: "" };
+            return { ...layer, password: "" };
+        }),
         ssl: normalized.ssl ?? false,
         sysdba: false,
         oracle_connection_type: normalized.oracle_connection_type ?? null,
@@ -166,9 +224,19 @@ export async function addConnection(config) {
         if (normalized.password) {
             db.prepare("INSERT INTO connection_secrets (connection_id, key, secret) VALUES (?, ?, ?)").run(id, "password", normalized.password);
         }
-        if (normalized.proxy_password) {
-            db.prepare("INSERT INTO connection_secrets (connection_id, key, secret) VALUES (?, ?, ?)").run(id, "proxy_password", normalized.proxy_password);
-        }
+        normalizeTransportLayers(normalized).forEach((layer, index) => {
+            if (layer.type === "ssh") {
+                if (layer.password) {
+                    db.prepare("INSERT INTO connection_secrets (connection_id, key, secret) VALUES (?, ?, ?)").run(id, transportLayerSshPasswordKey(index, layer), layer.password);
+                }
+                if (layer.key_passphrase) {
+                    db.prepare("INSERT INTO connection_secrets (connection_id, key, secret) VALUES (?, ?, ?)").run(id, transportLayerSshKeyPassphraseKey(index, layer), layer.key_passphrase);
+                }
+            }
+            else if (layer.password) {
+                db.prepare("INSERT INTO connection_secrets (connection_id, key, secret) VALUES (?, ?, ?)").run(id, transportLayerProxyPasswordKey(index, layer), layer.password);
+            }
+        });
         if (normalized.redis_sentinel_password) {
             db.prepare("INSERT INTO connection_secrets (connection_id, key, secret) VALUES (?, ?, ?)").run(id, "redis_sentinel_password", normalized.redis_sentinel_password);
         }

package/dist/database.d.ts

@@ -20,6 +20,7 @@ export interface QueryOptions {
     maxRows?: number;
     timeoutMs?: number;
 }
+export declare function closeDatabaseResources(): Promise<void>;
 export declare function executeQuery(config: ConnectionConfig, sql: string, options?: QueryOptions): Promise<QueryResult>;
 export declare function listTables(config: ConnectionConfig, schema?: string): Promise<TableInfo[]>;
 export declare function describeTable(config: ConnectionConfig, table: string, schema?: string): Promise<ColumnInfo[]>;
@@ -40,6 +41,9 @@ interface MongoAggregateCommand {
     collection: string;
     pipeline: string;
 }
+interface MongoGetIndexesCommand {
+    collection: string;
+}
 export type MongoWriteCommand = {
     kind: "insert";
     collection: string;
@@ -59,6 +63,7 @@ export type MongoWriteCommand = {
 export declare function parseMongoFindCommand(input: string): MongoFindCommand | null;
 export declare function parseMongoCountDocumentsCommand(input: string): MongoCountDocumentsCommand | null;
 export declare function parseMongoAggregateCommand(input: string): MongoAggregateCommand | null;
+export declare function parseMongoGetIndexesCommand(input: string): MongoGetIndexesCommand | null;
 export declare function mongoAggregateWriteStage(pipelineJson: string): "$out" | "$merge" | null;
 export declare function parseMongoWriteCommand(input: string): MongoWriteCommand | null;
 export declare function evaluateMongoWriteSafety(command: MongoWriteCommand, options: {

package/dist/database.js

@@ -15,6 +15,7 @@ function poolKey(config) {
 }
 function evictPool(key, entry) {
     pools.delete(key);
+    clearTimeout(entry.timer);
     if (entry.type === "pg") {
         entry.pool.end().catch(() => { });
     }
@@ -26,6 +27,26 @@ function resetIdleTimer(key, entry) {
     clearTimeout(entry.timer);
     entry.timer = setTimeout(() => evictPool(key, entry), IDLE_TIMEOUT_MS);
 }
+export async function closeDatabaseResources() {
+    const poolEntries = [...pools.entries()];
+    pools.clear();
+    await Promise.all(poolEntries.map(async ([, entry]) => {
+        clearTimeout(entry.timer);
+        if (entry.type === "pg") {
+            await entry.pool.end().catch(() => { });
+        }
+        else {
+            await entry.pool.end().catch(() => { });
+        }
+    }));
+    const tunnels = [...proxyTunnels.values()];
+    proxyTunnels.clear();
+    await Promise.all(tunnels.map(({ server, sockets }) => new Promise((resolve) => {
+        for (const socket of sockets)
+            socket.destroy();
+        server.close(() => resolve());
+    })));
+}
 async function getPgPool(config) {
     const key = poolKey(config);
     const existing = pools.get(key);
@@ -67,15 +88,24 @@ async function getMysqlPool(config) {
     resetIdleTimer(key, entry);
     return pool;
 }
+function firstProxyLayer(config) {
+    return config.transport_layers?.find((layer) => layer.type === "proxy" && layer.enabled !== false && !!layer.host);
+}
 async function connectionEndpoint(config) {
-    if (!config.proxy_enabled || !config.proxy_host)
+    const proxy = firstProxyLayer(config);
+    if (!proxy)
         return { host: config.host, port: config.port };
     const existing = proxyTunnels.get(config.id);
     if (existing)
         return { host: "127.0.0.1", port: existing.port };
+    const sockets = new Set();
     const server = createServer((inbound) => {
-        connectViaProxy(config)
+        sockets.add(inbound);
+        inbound.once("close", () => sockets.delete(inbound));
+        connectViaProxy(config, proxy)
             .then((outbound) => {
+            sockets.add(outbound);
+            outbound.once("close", () => sockets.delete(outbound));
             inbound.pipe(outbound);
             outbound.pipe(inbound);
         })
@@ -91,7 +121,7 @@ async function connectionEndpoint(config) {
                 reject(new Error("Failed to bind proxy tunnel"));
         });
     });
-    proxyTunnels.set(config.id, { server, port });
+    proxyTunnels.set(config.id, { server, port, sockets });
     return { host: "127.0.0.1", port };
 }
 function buildConnectionUrl(config, endpoint) {
@@ -103,25 +133,25 @@ function buildConnectionUrl(config, endpoint) {
     }
     return `postgres://${encodeURIComponent(config.username)}:${encodeURIComponent(config.password)}@${endpoint.host}:${endpoint.port}/${db}${suffix}`;
 }
-function connectViaProxy(config) {
+function connectViaProxy(config, proxy) {
     return new Promise((resolve, reject) => {
-        const socket = netConnect(config.proxy_port || 1080, config.proxy_host || "127.0.0.1");
+        const socket = netConnect(proxy.port || 1080, proxy.host || "127.0.0.1");
         socket.once("error", reject);
         socket.once("connect", () => {
-            if ((config.proxy_type || "socks5") === "http") {
-                httpConnect(socket, config, resolve, reject);
+            if ((proxy.proxy_type || "socks5") === "http") {
+                httpConnect(socket, config, proxy, resolve, reject);
             }
             else {
-                socks5Connect(socket, config, resolve, reject);
+                socks5Connect(socket, config, proxy, resolve, reject);
             }
         });
     });
 }
-function httpConnect(socket, config, resolve, reject) {
+function httpConnect(socket, config, proxy, resolve, reject) {
     const target = `${config.host}:${config.port}`;
     const lines = [`CONNECT ${target} HTTP/1.1`, `Host: ${target}`];
-    if (config.proxy_username || config.proxy_password) {
-        const token = Buffer.from(`${config.proxy_username || ""}:${config.proxy_password || ""}`).toString("base64");
+    if (proxy.username || proxy.password) {
+        const token = Buffer.from(`${proxy.username || ""}:${proxy.password || ""}`).toString("base64");
         lines.push(`Proxy-Authorization: Basic ${token}`);
     }
     socket.write(`${lines.join("\r\n")}\r\n\r\n`);
@@ -144,8 +174,8 @@ function httpConnect(socket, config, resolve, reject) {
         resolve(socket);
     });
 }
-function socks5Connect(socket, config, resolve, reject) {
-    const wantsAuth = !!(config.proxy_username || config.proxy_password);
+function socks5Connect(socket, config, proxy, resolve, reject) {
+    const wantsAuth = !!(proxy.username || proxy.password);
     socket.write(Buffer.from(wantsAuth ? [0x05, 0x02, 0x00, 0x02] : [0x05, 0x01, 0x00]));
     socket.once("data", (method) => {
         if (method.length < 2 || method[0] !== 0x05) {
@@ -154,8 +184,8 @@ function socks5Connect(socket, config, resolve, reject) {
             return;
         }
         if (method[1] === 0x02) {
-            const user = Buffer.from(config.proxy_username || "");
-            const pass = Buffer.from(config.proxy_password || "");
+            const user = Buffer.from(proxy.username || "");
+            const pass = Buffer.from(proxy.password || "");
             socket.write(Buffer.concat([Buffer.from([0x01, user.length]), user, Buffer.from([pass.length]), pass]));
             socket.once("data", (auth) => {
                 if (auth.length < 2 || auth[1] !== 0x00) {
@@ -292,6 +322,8 @@ async function mysqlQuery(config, sql, params, options) {
 async function query(config, sql, params, options) {
     if (config.db_type === "sqlite")
         return sqliteQuery(config, sql, options);
+    if (config.db_type === "rqlite")
+        return rqliteQuery(config, sql, options);
     if (isMysqlType(config.db_type))
         return mysqlQuery(config, sql, params, options);
     return pgQuery(config, sql, params, options);
@@ -324,6 +356,48 @@ function sqliteQuery(config, sql, options) {
         db.close();
     }
 }
+async function rqliteQuery(config, sql, options) {
+    const isReader = /^\s*(?:--[^\n]*\n|\s|\/\*[\s\S]*?\*\/)*(select|pragma|explain|with)\b/i.test(sql);
+    const endpoint = isReader ? "/db/query" : "/db/execute";
+    const result = await rqliteRequest(config, endpoint, sql);
+    if (isReader) {
+        const columns = result.columns ?? [];
+        const rows = (result.values ?? []).slice(0, resolveMaxRows(options)).map((row) => {
+            const record = {};
+            columns.forEach((column, index) => {
+                record[column] = row[index];
+            });
+            return record;
+        });
+        return { columns, rows, row_count: rows.length };
+    }
+    return { columns: [], rows: [], row_count: result.rows_affected ?? 0 };
+}
+async function rqliteRequest(config, endpoint, sql) {
+    const { host, port } = await connectionEndpoint(config);
+    const scheme = config.ssl ? "https" : "http";
+    const params = (config.url_params || "").trim().replace(/^\?/, "");
+    const url = `${scheme}://${host}:${port}${endpoint}${params ? `?${params}` : ""}`;
+    const headers = { "content-type": "application/json" };
+    if (config.username) {
+        headers.authorization = `Basic ${Buffer.from(`${config.username}:${config.password || ""}`).toString("base64")}`;
+    }
+    const response = await fetch(url, {
+        method: "POST",
+        headers,
+        body: JSON.stringify([sql]),
+    });
+    const text = await response.text();
+    if (!response.ok)
+        throw new Error(`rqlite error (${response.status}): ${text}`);
+    const payload = JSON.parse(text);
+    const result = payload.results?.[0];
+    if (!result)
+        throw new Error("rqlite returned no result");
+    if (result.error)
+        throw new Error(`rqlite error: ${result.error}`);
+    return result;
+}
 export async function executeQuery(config, sql, options) {
     if (config.db_type === "mongodb") {
         const find = parseMongoFindCommand(sql);
@@ -344,6 +418,11 @@ export async function executeQuery(config, sql, options) {
             const result = await withTimeout(mongoAggregateDocuments(config, aggregate.collection, aggregate.pipeline, resolveMaxRows(options)), resolveTimeoutMs(options));
             return mongoDocumentsToQueryResult(result.documents.slice(0, resolveMaxRows(options)), result.total);
         }
+        const getIndexes = parseMongoGetIndexesCommand(sql);
+        if (getIndexes) {
+            const result = await withTimeout(mongoAggregateDocuments(config, getIndexes.collection, '[{"$indexStats":{}}]', resolveMaxRows(options)), resolveTimeoutMs(options));
+            return mongoDocumentsToQueryResult(result.documents.slice(0, resolveMaxRows(options)), result.total);
+        }
         const write = parseMongoWriteCommand(sql);
         if (write) {
             const safety = evaluateMongoWriteSafety(write, sqlSafetyFromEnv());
@@ -352,7 +431,7 @@ export async function executeQuery(config, sql, options) {
             const affected = await withTimeout(executeMongoWrite(config, write), resolveTimeoutMs(options));
             return { columns: [], rows: [], row_count: affected };
         }
-        throw new Error("Use MongoDB shell-style commands, for example: db.projects.find({}).limit(100), db.projects.countDocuments({}), db.projects.insertOne({...}), db.projects.updateOne({...}, {$set: {...}}), or db.projects.deleteOne({...})");
+        throw new Error("Use MongoDB shell-style commands, for example: db.projects.find({}).limit(100), db.projects.countDocuments({}), db.projects.getIndexes(), db.projects.insertOne({...}), db.projects.updateOne({...}, {$set: {...}}), or db.projects.deleteOne({...})");
     }
     if (isDirectQueryType(config.db_type)) {
         return query(config, sql, undefined, options);
@@ -373,7 +452,7 @@ export async function listTables(config, schema) {
         });
         return collections.map((name) => ({ name, type: "COLLECTION" }));
     }
-    if (config.db_type === "sqlite") {
+    if (config.db_type === "sqlite" || config.db_type === "rqlite") {
         const result = await query(config, `SELECT name, type FROM sqlite_master WHERE type IN ('table', 'view') AND name NOT LIKE 'sqlite_%' ORDER BY name`);
         return result.rows.map((r) => ({ name: String(r.name || ""), type: String(r.type || "table") }));
     }
@@ -399,7 +478,7 @@ export async function describeTable(config, table, schema) {
         const result = await mongoFindDocuments(config, table, 0, 20, "{}");
         return inferMongoColumns(result.documents);
     }
-    if (config.db_type === "sqlite") {
+    if (config.db_type === "sqlite" || config.db_type === "rqlite") {
         const result = await query(config, `PRAGMA table_info(${quoteSqliteIdentifier(table)})`);
         return result.rows.map((r) => ({
             name: String(r.name || ""),
@@ -598,6 +677,16 @@ export function parseMongoAggregateCommand(input) {
         return null;
     return Array.isArray(JSON.parse(pipeline)) ? { collection: target.collection, pipeline } : null;
 }
+export function parseMongoGetIndexesCommand(input) {
+    const source = input.trim().replace(/;$/, "").trim();
+    const target = parseCollectionMethodTarget(source, "getIndexes");
+    if (!target)
+        return null;
+    const args = parseMethodArgs(source, target.methodCallIndex);
+    if (!args || args.some((arg) => arg.trim()))
+        return null;
+    return { collection: target.collection };
+}
 export function mongoAggregateWriteStage(pipelineJson) {
     try {
         const pipeline = JSON.parse(pipelineJson);
@@ -731,7 +820,7 @@ function readChainedIntegerArgument(chain, method, fallback) {
     return Number(arg.trim());
 }
 function normalizeJsonArgument(arg) {
-    const value = (arg.trim() || "{}").replace(/ObjectId\s*\(\s*["']([^"']+)["']\s*\)/g, '{"$oid":"$1"}');
+    const value = quoteUnquotedObjectKeys(convertSingleQuotedStrings((arg.trim() || "{}").replace(/ObjectId\s*\(\s*["']([^"']+)["']\s*\)/g, '{"$oid":"$1"}')));
     try {
         JSON.parse(value);
         return value;
@@ -740,6 +829,100 @@ function normalizeJsonArgument(arg) {
         return null;
     }
 }
+function convertSingleQuotedStrings(source) {
+    let result = "";
+    let copiedUntil = 0;
+    let quote = null;
+    let start = 0;
+    let value = "";
+    let escaped = false;
+    for (let i = 0; i < source.length; i += 1) {
+        const char = source[i];
+        if (!quote) {
+            if (char === "'") {
+                quote = char;
+                start = i;
+                value = "";
+                escaped = false;
+            }
+            else if (char === '"') {
+                quote = char;
+            }
+            continue;
+        }
+        if (quote === '"') {
+            if (escaped)
+                escaped = false;
+            else if (char === "\\")
+                escaped = true;
+            else if (char === '"')
+                quote = null;
+            continue;
+        }
+        if (escaped) {
+            value += char;
+            escaped = false;
+        }
+        else if (char === "\\") {
+            escaped = true;
+        }
+        else if (char === "'") {
+            result += source.slice(copiedUntil, start) + JSON.stringify(value);
+            copiedUntil = i + 1;
+            quote = null;
+        }
+        else {
+            value += char;
+        }
+    }
+    return quote === "'" ? source : result + source.slice(copiedUntil);
+}
+function quoteUnquotedObjectKeys(source) {
+    let result = "";
+    let quote = null;
+    let escaped = false;
+    for (let i = 0; i < source.length; i += 1) {
+        const char = source[i];
+        if (quote) {
+            result += char;
+            if (escaped)
+                escaped = false;
+            else if (char === "\\")
+                escaped = true;
+            else if (char === quote)
+                quote = null;
+            continue;
+        }
+        if (char === '"' || char === "'") {
+            quote = char;
+            result += char;
+            continue;
+        }
+        if (/[A-Za-z_$]/.test(char) && shouldQuoteObjectKey(source, i)) {
+            let end = i + 1;
+            while (/[\w$]/.test(source[end] || ""))
+                end += 1;
+            result += `"${source.slice(i, end)}"`;
+            i = end - 1;
+            continue;
+        }
+        result += char;
+    }
+    return result;
+}
+function shouldQuoteObjectKey(source, index) {
+    let before = index - 1;
+    while (/\s/.test(source[before] || ""))
+        before -= 1;
+    if (source[before] !== "{" && source[before] !== ",")
+        return false;
+    let after = index + 1;
+    while (/[\w$]/.test(source[after] || ""))
+        after += 1;
+    while (/\s/.test(source[after] || ""))
+        after += 1;
+    return source[after] === ":";
+}
 function isEmptyJsonObject(json) {
     try {
         const parsed = JSON.parse(json);

package/dist/diagnostics.d.ts

@@ -1,7 +1,7 @@
-export declare const DIRECT_QUERY_TYPES: readonly ["postgres", "redshift", "mysql", "doris", "starrocks", "sqlite", "gaussdb", "opengauss"];
+export declare const DIRECT_QUERY_TYPES: readonly ["postgres", "redshift", "mysql", "doris", "starrocks", "sqlite", "rqlite", "gaussdb", "kwdb", "opengauss"];
 export type DirectQueryType = (typeof DIRECT_QUERY_TYPES)[number];
 export declare function isDirectQueryType(dbType: string): dbType is DirectQueryType;
-export declare const BRIDGE_REQUIRED_TYPES: readonly ["redis", "mongodb", "duckdb", "clickhouse", "sqlserver", "oracle", "elasticsearch", "dameng", "kingbase", "highgo", "vastbase", "goldendb", "yashandb", "databricks", "saphana", "teradata", "vertica", "firebird", "exasol", "oceanbase-oracle", "gbase", "tdengine", "h2", "snowflake", "trino", "hive", "db2", "informix", "neo4j", "cassandra", "bigquery", "kylin", "sundb", "xugu", "jdbc", "access"];
+export declare const BRIDGE_REQUIRED_TYPES: readonly ["redis", "mongodb", "duckdb", "clickhouse", "sqlserver", "oracle", "elasticsearch", "dameng", "kingbase", "highgo", "vastbase", "goldendb", "databend", "yashandb", "databricks", "saphana", "teradata", "vertica", "firebird", "exasol", "oceanbase-oracle", "gbase", "tdengine", "iotdb", "h2", "snowflake", "trino", "hive", "db2", "informix", "iris", "neo4j", "cassandra", "bigquery", "kylin", "sundb", "xugu", "jdbc", "access"];
 export interface DbxDiagnostics {
     appDataDir: string;
     dbPath: string;

package/dist/diagnostics.js

@@ -1,7 +1,18 @@
 import { access, readFile } from "node:fs/promises";
 import { bridgePortFilePath, dbPath, appDataDir } from "./paths.js";
 import { inspectConnectionStore } from "./connections.js";
-export const DIRECT_QUERY_TYPES = ["postgres", "redshift", "mysql", "doris", "starrocks", "sqlite", "gaussdb", "opengauss"];
+export const DIRECT_QUERY_TYPES = [
+    "postgres",
+    "redshift",
+    "mysql",
+    "doris",
+    "starrocks",
+    "sqlite",
+    "rqlite",
+    "gaussdb",
+    "kwdb",
+    "opengauss",
+];
 const DIRECT_QUERY_TYPE_SET = new Set(DIRECT_QUERY_TYPES);
 export function isDirectQueryType(dbType) {
     return DIRECT_QUERY_TYPE_SET.has(dbType);
@@ -19,6 +30,7 @@ export const BRIDGE_REQUIRED_TYPES = [
     "highgo",
     "vastbase",
     "goldendb",
+    "databend",
     "yashandb",
     "databricks",
     "saphana",
@@ -29,12 +41,14 @@ export const BRIDGE_REQUIRED_TYPES = [
     "oceanbase-oracle",
     "gbase",
     "tdengine",
+    "iotdb",
     "h2",
     "snowflake",
     "trino",
     "hive",
     "db2",
     "informix",
+    "iris",
     "neo4j",
     "cassandra",
     "bigquery",

package/dist/sql-safety.js

@@ -1,5 +1,15 @@
 const READ_KEYWORDS = new Set(["select", "with", "show", "describe", "desc", "explain"]);
 const DANGEROUS_KEYWORDS = new Set(["drop", "truncate", "alter"]);
+function parseBooleanEnv(value) {
+    if (value === undefined)
+        return undefined;
+    const normalized = value.trim().toLowerCase();
+    if (normalized === "1" || normalized === "true")
+        return true;
+    if (normalized === "0" || normalized === "false")
+        return false;
+    return undefined;
+}
 export function evaluateSqlSafety(sql, options = {}) {
     const statements = splitSqlStatements(sql);
     if (statements.length === 0)
@@ -33,7 +43,7 @@ function evaluateSingleSqlStatementSafety(sql, options = {}) {
     if (!options.allowWrites && !READ_KEYWORDS.has(firstKeyword)) {
         return {
             allowed: false,
-            reason: "MCP SQL execution is read-only by default. Set DBX_MCP_ALLOW_WRITES=1 to allow write statements.",
+            reason: "MCP SQL execution is read-only for this session. Set DBX_MCP_ALLOW_WRITES=1 to allow write statements.",
         };
     }
     if (options.allowWrites && !options.allowDangerous) {
@@ -47,9 +57,11 @@ function evaluateSingleSqlStatementSafety(sql, options = {}) {
     return { allowed: true };
 }
 export function sqlSafetyFromEnv(env = process.env) {
+    const allowWrites = parseBooleanEnv(env.DBX_MCP_ALLOW_WRITES);
+    const allowDangerous = parseBooleanEnv(env.DBX_MCP_ALLOW_DANGEROUS_SQL);
     return {
-        allowWrites: env.DBX_MCP_ALLOW_WRITES === "1" || env.DBX_MCP_ALLOW_WRITES === "true",
-        allowDangerous: env.DBX_MCP_ALLOW_DANGEROUS_SQL === "1" || env.DBX_MCP_ALLOW_DANGEROUS_SQL === "true",
+        allowWrites: allowWrites ?? true,
+        allowDangerous: allowDangerous ?? false,
     };
 }
 export function splitSqlStatements(sql) {