npm - @malloy-publisher/server - Versions diffs - 0.0.171 → 0.0.173 - Mend

@malloy-publisher/server 0.0.171 → 0.0.173

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/build.ts +2 -0
package/dist/app/api-doc.yaml +48 -4
package/dist/app/assets/HomePage-Q4kzZesl.js +1 -0
package/dist/app/assets/{MainPage-rmI25cDG.js → MainPage-BRd1ffqx.js} +1 -1
package/dist/app/assets/ModelPage-_cFj4QLf.js +1 -0
package/dist/app/assets/{PackagePage-C3oW8KXe.js → PackagePage-DI3p7cpq.js} +1 -1
package/dist/app/assets/ProjectPage-4K_Nlx3j.js +1 -0
package/dist/app/assets/{RouteError-BKfQ9y-k.js → RouteError-A5gz--Jr.js} +1 -1
package/dist/app/assets/WorkbookPage-BF625z3S.js +1 -0
package/dist/app/assets/{index-DUmIwFQ_.js → index-CGKwxuak.js} +110 -110
package/dist/app/assets/{index-LGQlLlFF.js → index-DHOyIUsr.js} +1 -1
package/dist/app/assets/{index-DJ4KYt-l.js → index-DHvz0hCo.js} +1 -1
package/dist/app/assets/{index.umd-BCEVvpz1.js → index.umd-Dc3ElUSE.js} +1 -1
package/dist/app/index.html +1 -1
package/dist/server.js +437 -28
package/package.json +3 -1
package/src/controller/connection.controller.ts +129 -1
package/src/controller/watch-mode.controller.ts +2 -2
package/src/service/connection.ts +230 -13
package/src/service/db_utils.ts +288 -0
package/src/service/project.ts +10 -4
package/src/service/project_store.ts +59 -0
package/dist/app/assets/HomePage-oXJcPThQ.js +0 -1
package/dist/app/assets/ModelPage-DtywEBbr.js +0 -1
package/dist/app/assets/ProjectPage-CvmjaWsE.js +0 -1
package/dist/app/assets/WorkbookPage-NNNUEWM5.js +0 -1

package/dist/server.js CHANGED Viewed

@@ -220870,6 +220870,47 @@ async function attachCloudStorage(connection, attachedDb) {
   logger.info(`Created ${storageType} secret: ${secretName}`);
   logger.info(`${storageType} connection configured for: ${attachedDb.name}`);
 }
+async function attachAzureStorage(connection, attachedDb) {
+  if (!attachedDb.azureConnection) {
+    throw new Error(`Azure connection configuration missing for: ${attachedDb.name}`);
+  }
+  const config = attachedDb.azureConnection;
+  const secretName = sanitizeSecretName(`azure_${attachedDb.name}`);
+  let createSecretCommand;
+  if (config.authType === "service_principal") {
+    if (!config.tenantId || !config.clientId || !config.clientSecret || !config.accountName) {
+      throw new Error(`Azure SPN auth requires tenantId, clientId, clientSecret, and accountName for: ${attachedDb.name}`);
+    }
+    const escapedTenantId = escapeSQL(config.tenantId);
+    const escapedClientId = escapeSQL(config.clientId);
+    const escapedClientSecret = escapeSQL(config.clientSecret);
+    const escapedAccountName = escapeSQL(config.accountName);
+    createSecretCommand = `
+         CREATE OR REPLACE SECRET ${secretName} (
+            TYPE azure,
+            PROVIDER service_principal,
+            TENANT_ID '${escapedTenantId}',
+            CLIENT_ID '${escapedClientId}',
+            CLIENT_SECRET '${escapedClientSecret}',
+            ACCOUNT_NAME '${escapedAccountName}'
+         );
+      `;
+  } else if (config.authType === "sas_token") {
+    if (!config.sasUrl) {
+      throw new Error(`Azure SAS token auth requires sasUrl for: ${attachedDb.name}`);
+    }
+    logger.info(`Azure SAS token configured for: ${attachedDb.name} (no secret needed, using direct URL)`);
+    return;
+  } else {
+    throw new Error(`Unsupported Azure auth type: ${config.authType} for: ${attachedDb.name}`);
+  }
+  if (await doesSecretExistInDuckDB(connection, secretName)) {
+    await connection.runSQL(`DETACH ${attachedDb.name};`).catch(() => {});
+  }
+  await connection.runSQL(createSecretCommand);
+  logger.info(`Created Azure secret: ${secretName}`);
+  logger.info(`Azure ADLS connection configured for: ${attachedDb.name}`);
+}
 async function doesSecretExistInDuckDB(connection, secretName) {
   const escapedSecretName = escapeSQL(secretName);
   const result = await connection.runSQL(`
@@ -220886,8 +220927,14 @@ async function attachDatabasesToDuckDB(duckdbConnection, attachedDatabases) {
     snowflake: attachSnowflake,
     postgres: attachPostgres,
     gcs: attachCloudStorage,
-    s3: attachCloudStorage
+    s3: attachCloudStorage,
+    azure: attachAzureStorage
   };
+  const hasAzure = attachedDatabases.some((db) => db.type === "azure");
+  if (hasAzure) {
+    await installAndLoadExtension(duckdbConnection, "azure");
+    await installAndLoadExtension(duckdbConnection, "httpfs");
+  }
   for (const attachedDb of attachedDatabases) {
     try {
       if (await isDatabaseAttached(duckdbConnection, attachedDb.name || "")) {
@@ -220909,6 +220956,60 @@ async function attachDatabasesToDuckDB(duckdbConnection, attachedDatabases) {
     }
   }
 }
+function buildAzureFileUrl(azureConn, blobName) {
+  if (azureConn.authType === "sas_token" && azureConn.sasUrl) {
+    const qIdx = azureConn.sasUrl.indexOf("?");
+    const baseUrl = qIdx >= 0 ? azureConn.sasUrl.substring(0, qIdx) : azureConn.sasUrl;
+    const token = qIdx >= 0 ? azureConn.sasUrl.substring(qIdx) : "";
+    if (/\.(parquet|csv|json|jsonl|ndjson)$/i.test(baseUrl)) {
+      const dir = baseUrl.replace(/\/[^/]+$/, "");
+      return `${dir}/${blobName}${token}`;
+    }
+    const cleanBase = baseUrl.replace(/\/\*[^/]*$/, "").replace(/\/+$/, "");
+    return `${cleanBase}/${blobName}${token}`;
+  } else if (azureConn.authType === "service_principal" && azureConn.fileUrl) {
+    const url2 = azureConn.fileUrl;
+    if (/\.(parquet|csv|json|jsonl|ndjson)$/i.test(url2)) {
+      return url2.replace(/\/[^/]+$/, `/${blobName}`);
+    }
+    const base = url2.replace(/\*[^/]*$/, "").replace(/\/+$/, "");
+    return `${base}/${blobName}`;
+  }
+  throw new Error(`Cannot build Azure file URL: missing sasUrl or fileUrl in config`);
+}
+class AzureDuckDBConnection extends import_db_duckdb.DuckDBConnection {
+  azureDatabases;
+  constructor(connectionName, databasePath, workingDirectory, azureDatabases) {
+    super(connectionName, databasePath, workingDirectory);
+    this.azureDatabases = azureDatabases;
+  }
+  async fetchTableSchema(tableKey, tablePath) {
+    const dotIdx = tablePath.indexOf(".");
+    if (dotIdx > 0) {
+      const schemaName = tablePath.substring(0, dotIdx);
+      const blobName = tablePath.substring(dotIdx + 1);
+      const azureDb = this.azureDatabases.find((db) => db.type === "azure" && db.name === schemaName && db.azureConnection);
+      if (azureDb) {
+        const azureUrl = buildAzureFileUrl(azureDb.azureConnection, blobName);
+        logger.debug("Resolved Azure table path", {
+          original: tablePath,
+          resolved: azureUrl
+        });
+        const result2 = await super.fetchTableSchema(tableKey, azureUrl);
+        if (!result2) {
+          throw new Error(`Azure file not found: ${azureUrl}`);
+        }
+        return result2;
+      }
+    }
+    const result = await super.fetchTableSchema(tableKey, tablePath);
+    if (!result) {
+      throw new Error(`Table ${tablePath} not found`);
+    }
+    return result;
+  }
+}
 class DuckLakeConnection extends import_db_duckdb.DuckDBConnection {
   connectionName;
@@ -221096,9 +221197,11 @@ async function createProjectConnections(connections = [], projectPath = "", isUp
         if (connection.duckdbConnection?.attachedDatabases?.length == 0) {
           throw new Error("DuckDB connection must have at least one attached database");
         }
-        const duckdbConnection = new import_db_duckdb.DuckDBConnection(connection.name, import_path.default.join(projectPath, `${connection.name}.duckdb`), projectPath);
-        if (connection.duckdbConnection.attachedDatabases && Array.isArray(connection.duckdbConnection.attachedDatabases) && connection.duckdbConnection.attachedDatabases.length > 0) {
-          await attachDatabasesToDuckDB(duckdbConnection, connection.duckdbConnection.attachedDatabases);
+        const attachedDatabases = connection.duckdbConnection.attachedDatabases ?? [];
+        const hasAzureAttached = attachedDatabases.some((db) => db.type === "azure");
+        const duckdbConnection = hasAzureAttached ? new AzureDuckDBConnection(connection.name, import_path.default.join(projectPath, `${connection.name}.duckdb`), projectPath, attachedDatabases) : new import_db_duckdb.DuckDBConnection(connection.name, import_path.default.join(projectPath, `${connection.name}.duckdb`), projectPath);
+        if (attachedDatabases.length > 0) {
+          await attachDatabasesToDuckDB(duckdbConnection, attachedDatabases);
         }
         connectionMap.set(connection.name, duckdbConnection);
         connection.attributes = getConnectionAttributes(duckdbConnection);
@@ -221193,12 +221296,29 @@ async function testDuckDBConnection(duckdbConnection, connectionConfig) {
           logger.info(`Attached Snowflake database test passed: ${attachedDb.name}`);
           break;
         }
-        case "gcs":
+        case "gcs": {
+          await duckdbConnection.runSQL(`SELECT name FROM duckdb_secrets() WHERE name LIKE '%${attachedDb.name}%' LIMIT 1`);
+          logger.info(`Cloud storage credentials test passed: ${attachedDb.name}`);
+          break;
+        }
         case "s3": {
           await duckdbConnection.runSQL(`SELECT name FROM duckdb_secrets() WHERE name LIKE '%${attachedDb.name}%' LIMIT 1`);
           logger.info(`Cloud storage credentials test passed: ${attachedDb.name}`);
           break;
         }
+        case "azure": {
+          const azureConfig = attachedDb.azureConnection;
+          if (azureConfig?.authType === "sas_token") {
+            if (!azureConfig.sasUrl) {
+              throw new Error(`Azure SAS token URL is missing for: ${attachedDb.name}`);
+            }
+            logger.info(`Azure SAS token URL present for: ${attachedDb.name}`);
+          } else {
+            await duckdbConnection.runSQL(`SELECT name FROM duckdb_secrets() WHERE name LIKE '%${attachedDb.name}%' LIMIT 1`);
+            logger.info(`Azure SPN credentials test passed: ${attachedDb.name}`);
+          }
+          break;
+        }
         default: {
           logger.warn(`Unknown attached database type: ${attachedDb.type}`);
         }
@@ -221349,6 +221469,8 @@ class ConnectionService {
 }
 // src/service/db_utils.ts
+var import_identity = require("@azure/identity");
+var import_storage_blob = require("@azure/storage-blob");
 var import_bigquery = __toESM(require_src121());
 // src/service/gcs_s3_utils.ts
@@ -221803,6 +221925,16 @@ async function getSchemasForConnection(connection, malloyConnection) {
       for (const cloudSchemas of cloudSchemaArrays) {
         schemas.push(...cloudSchemas);
       }
+      const azureDatabases = attachedDatabases.filter((attachedDb) => attachedDb.type === "azure" && attachedDb.azureConnection);
+      for (const attachedDb of azureDatabases) {
+        if (attachedDb.name) {
+          schemas.push({
+            name: attachedDb.name,
+            isHidden: false,
+            isDefault: false
+          });
+        }
+      }
       return schemas;
     } catch (error) {
       console.error(`Error getting schemas for DuckDB connection ${connection.name}:`, error);
@@ -221855,7 +221987,181 @@ async function getSchemasForConnection(connection, malloyConnection) {
     throw new Error(`Unsupported connection type: ${connection.type}`);
   }
 }
+function getFileType2(key) {
+  const lowerKey = key.toLowerCase();
+  if (lowerKey.endsWith(".csv"))
+    return "csv";
+  if (lowerKey.endsWith(".parquet"))
+    return "parquet";
+  if (lowerKey.endsWith(".json"))
+    return "json";
+  if (lowerKey.endsWith(".jsonl") || lowerKey.endsWith(".ndjson"))
+    return "jsonl";
+  return "unknown";
+}
+async function listAzureBlobs(fileUrl, azureConnection) {
+  const queryStart = fileUrl.indexOf("?");
+  const baseUrl = queryStart >= 0 ? fileUrl.substring(0, queryStart) : fileUrl;
+  const sasToken = queryStart >= 0 ? fileUrl.substring(queryStart) : "";
+  let accountUrl;
+  let container;
+  let blobPath;
+  if (baseUrl.startsWith("abfss://")) {
+    const withoutScheme = baseUrl.substring("abfss://".length);
+    const parts = withoutScheme.split("/").filter(Boolean);
+    if (parts[0].includes(".")) {
+      const accountName = parts[0].split(".")[0];
+      accountUrl = `https://${accountName}.blob.core.windows.net`;
+      container = parts[1];
+      blobPath = parts.slice(2).join("/");
+    } else {
+      if (!azureConnection?.accountName) {
+        throw new Error("accountName is required to list blobs with abfss:// URLs");
+      }
+      accountUrl = `https://${azureConnection.accountName}.blob.core.windows.net`;
+      container = parts[0];
+      blobPath = parts.slice(1).join("/");
+    }
+  } else {
+    const url2 = new URL(baseUrl);
+    const pathParts = url2.pathname.split("/").filter(Boolean);
+    container = pathParts[0];
+    blobPath = pathParts.slice(1).join("/");
+    accountUrl = `${url2.protocol}//${url2.host}`;
+  }
+  let prefix;
+  let extensionFilter = "";
+  let recursive = true;
+  if (blobPath.endsWith("**")) {
+    prefix = blobPath.slice(0, -2);
+    recursive = true;
+  } else if (blobPath.includes("*")) {
+    const starIndex = blobPath.indexOf("*");
+    prefix = blobPath.substring(0, starIndex);
+    extensionFilter = blobPath.substring(starIndex + 1);
+    recursive = false;
+  } else {
+    prefix = blobPath;
+    recursive = true;
+  }
+  let containerClient;
+  if (azureConnection?.authType === "service_principal" && azureConnection.tenantId && azureConnection.clientId && azureConnection.clientSecret) {
+    const credential = new import_identity.ClientSecretCredential(azureConnection.tenantId, azureConnection.clientId, azureConnection.clientSecret);
+    containerClient = new import_storage_blob.ContainerClient(`${accountUrl}/${container}`, credential);
+  } else {
+    const containerUrl = `${accountUrl}/${container}${sasToken}`;
+    containerClient = new import_storage_blob.ContainerClient(containerUrl);
+  }
+  const matchingFiles = [];
+  for await (const blob of containerClient.listBlobsFlat({
+    prefix: prefix || undefined
+  })) {
+    if (extensionFilter && !blob.name.endsWith(extensionFilter))
+      continue;
+    if (!recursive) {
+      const nameAfterPrefix = blob.name.substring(prefix.length);
+      if (nameAfterPrefix.includes("/"))
+        continue;
+    }
+    if (!isDataFile2(blob.name))
+      continue;
+    let url2;
+    if (azureConnection?.authType === "service_principal") {
+      const account = azureConnection.accountName || accountUrl.split("//")[1]?.split(".")[0];
+      url2 = `abfss://${account}.dfs.core.windows.net/${container}/${blob.name}`;
+    } else {
+      url2 = `${accountUrl}/${container}/${blob.name}${sasToken}`;
+    }
+    matchingFiles.push({ url: url2, blobName: blob.name });
+  }
+  logger.info(`Listed ${matchingFiles.length} matching blobs in Azure container ${container} with prefix "${prefix}"`);
+  return matchingFiles;
+}
+function isDataFile2(key) {
+  const lowerKey = key.toLowerCase();
+  return lowerKey.endsWith(".csv") || lowerKey.endsWith(".parquet") || lowerKey.endsWith(".json") || lowerKey.endsWith(".jsonl") || lowerKey.endsWith(".ndjson");
+}
+async function describeRemoteFile(malloyConnection, fileUri) {
+  const pathWithoutQuery = fileUri.split("?")[0];
+  const fileType = getFileType2(pathWithoutQuery);
+  let describeQuery;
+  switch (fileType) {
+    case "csv":
+      describeQuery = `DESCRIBE SELECT * FROM read_csv('${fileUri}', auto_detect=true) LIMIT 1`;
+      break;
+    case "parquet":
+      describeQuery = `DESCRIBE SELECT * FROM read_parquet('${fileUri}') LIMIT 1`;
+      break;
+    case "json":
+      describeQuery = `DESCRIBE SELECT * FROM read_json('${fileUri}', auto_detect=true) LIMIT 1`;
+      break;
+    case "jsonl":
+      describeQuery = `DESCRIBE SELECT * FROM read_json('${fileUri}', format='newline_delimited', auto_detect=true) LIMIT 1`;
+      break;
+    default:
+      logger.warn(`Unsupported file type for file: ${fileUri}`);
+      return { resource: fileUri, columns: [] };
+  }
+  const result = await malloyConnection.runSQL(describeQuery);
+  const rows = standardizeRunSQLResult2(result);
+  const columns = rows.map((row) => {
+    const typedRow = row;
+    return {
+      name: typedRow.column_name || typedRow.name,
+      type: typedRow.column_type || typedRow.type
+    };
+  });
+  const fileName = pathWithoutQuery.split("/").pop() || fileUri;
+  return { resource: fileName, columns };
+}
+function isAzureSingleFileUrl(fileUri) {
+  const pathWithoutQuery = fileUri.split("?")[0];
+  if (pathWithoutQuery.includes("*"))
+    return false;
+  if (pathWithoutQuery.endsWith("/"))
+    return false;
+  const lastSegment = pathWithoutQuery.split("/").pop() || "";
+  return isDataFile2(lastSegment);
+}
+async function describeAzureFile(malloyConnection, fileUri, azureConnection) {
+  try {
+    if (isAzureSingleFileUrl(fileUri)) {
+      return [await describeRemoteFile(malloyConnection, fileUri)];
+    }
+    const blobs = await listAzureBlobs(fileUri, azureConnection);
+    if (blobs.length === 0) {
+      return [{ resource: fileUri, columns: [] }];
+    }
+    const results = await Promise.all(blobs.map(async ({ url: url2, blobName }) => {
+      try {
+        const table = await describeRemoteFile(malloyConnection, url2);
+        return { ...table, resource: blobName };
+      } catch (error) {
+        logger.warn(`Failed to describe Azure blob: ${url2}`, { error });
+        return { resource: blobName, columns: [] };
+      }
+    }));
+    return results;
+  } catch (error) {
+    logger.error(`Failed to describe Azure file: ${fileUri}`, { error });
+    throw new Error(`Failed to describe Azure file: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
 async function getTablesForSchema(connection, schemaName, malloyConnection) {
+  if (connection.type === "duckdb") {
+    const attachedDbs = connection.duckdbConnection?.attachedDatabases || [];
+    const azureDb = attachedDbs.find((db) => db.type === "azure" && db.name === schemaName && db.azureConnection);
+    if (azureDb) {
+      const azureConn = azureDb.azureConnection;
+      const fileUrl = azureConn.authType === "sas_token" ? azureConn.sasUrl : azureConn.fileUrl;
+      if (fileUrl) {
+        return await describeAzureFile(malloyConnection, fileUrl, azureConn);
+      }
+    }
+  }
+  if (connection.type === "duckdb" && (schemaName.startsWith("abfss://") || schemaName.startsWith("https://") || schemaName.startsWith("az://"))) {
+    return await describeAzureFile(malloyConnection, schemaName);
+  }
   const parsedUri = parseCloudUri(schemaName);
   if (parsedUri && connection.type === "duckdb") {
     const {
@@ -222124,6 +222430,52 @@ function extractErrorDataFromError(error) {
 }
 // src/controller/connection.controller.ts
+var AZURE_SUPPORTED_SCHEMES = ["https://", "http://", "abfss://", "az://"];
+var AZURE_DATA_EXTENSIONS = [
+  ".parquet",
+  ".csv",
+  ".json",
+  ".jsonl",
+  ".ndjson"
+];
+function validateAzureUrl(url2, fieldName) {
+  if (!AZURE_SUPPORTED_SCHEMES.some((s) => url2.startsWith(s))) {
+    throw new BadRequestError(`Azure ${fieldName} must use one of: ${AZURE_SUPPORTED_SCHEMES.join(", ")}`);
+  }
+  const pathWithoutQuery = url2.split("?")[0];
+  const stars = (pathWithoutQuery.match(/\*/g) || []).length;
+  if (stars === 0) {
+    const lower = pathWithoutQuery.toLowerCase();
+    if (!AZURE_DATA_EXTENSIONS.some((ext) => lower.endsWith(ext))) {
+      throw new BadRequestError(`Azure ${fieldName}: a single-file URL must end with a data file extension (${AZURE_DATA_EXTENSIONS.join(", ")})`);
+    }
+  } else if (pathWithoutQuery.endsWith("**")) {} else {
+    const lastSegment = pathWithoutQuery.split("/").pop() || "";
+    if (stars !== 1 || !lastSegment.startsWith("*")) {
+      throw new BadRequestError(`Azure ${fieldName}: only three URL patterns are supported:
+` + `  • Single file:      path/file.parquet
+` + `  • Directory glob:   path/*.ext  (direct children only)
+` + `  • Recursive:        path/**     (all data files in subtree)
+` + `Multi-level globs such as "sub_dir/*/*.parquet" are not supported.`);
+    }
+  }
+}
+function validateAzureAttachedDatabases(connectionConfig) {
+  if (connectionConfig.type !== "duckdb")
+    return;
+  const attachedDbs = connectionConfig.duckdbConnection?.attachedDatabases || [];
+  for (const db of attachedDbs) {
+    if (db.type !== "azure" || !db.azureConnection)
+      continue;
+    const { authType, sasUrl, fileUrl } = db.azureConnection;
+    if (authType === "sas_token" && sasUrl) {
+      validateAzureUrl(sasUrl, `"${db.name}" sasUrl`);
+    } else if (authType === "service_principal" && fileUrl) {
+      validateAzureUrl(fileUrl, `"${db.name}" fileUrl`);
+    }
+  }
+}
 class ConnectionController {
   projectStore;
   connectionService;
@@ -222191,7 +222543,8 @@ class ConnectionController {
   }
   async getTable(projectName, connectionName, schemaName, tablePath) {
     const malloyConnection = await this.getMalloyConnection(projectName, connectionName);
-    const connection = await this.getConnection(projectName, connectionName);
+    const project = await this.projectStore.getProject(projectName, false);
+    const connection = project.getApiConnection(connectionName);
     if (connection.type === "ducklake") {
       if (tablePath.split(".").length === 1) {
         tablePath = `${connectionName}.${schemaName}.${tablePath}`;
@@ -222199,6 +222552,28 @@ class ConnectionController {
         tablePath = `${connectionName}.${tablePath}`;
       }
     }
+    if (connection.type === "duckdb") {
+      const attachedDbs = connection.duckdbConnection?.attachedDatabases || [];
+      const azureDb = attachedDbs.find((db) => db.type === "azure" && db.name === schemaName && db.azureConnection);
+      if (azureDb && azureDb.azureConnection) {
+        const azureConn = azureDb.azureConnection;
+        const baseUrl = azureConn.authType === "sas_token" ? azureConn.sasUrl : azureConn.fileUrl;
+        if (baseUrl) {
+          const fileName = tablePath.includes(".") ? tablePath.split(".").slice(1).join(".") : tablePath;
+          const urlParts = baseUrl.split("?");
+          const basePath = urlParts[0];
+          const queryString = urlParts[1] ? `?${urlParts[1]}` : "";
+          const dirPath = basePath.substring(0, basePath.lastIndexOf("/") + 1);
+          const fullFileUrl = `${dirPath}${fileName}${queryString}`;
+          const tableSource2 = await getConnectionTableSource(malloyConnection, fileName, fullFileUrl);
+          return {
+            resource: tablePath,
+            columns: tableSource2.columns,
+            source: tableSource2.source
+          };
+        }
+      }
+    }
     const tableKey = tablePath.split(".").pop();
     if (!tableKey) {
       throw new Error(`Invalid tablePath: ${tablePath}`);
@@ -222239,6 +222614,9 @@ class ConnectionController {
     }
   }
   async testConnectionConfiguration(connectionConfig) {
+    if (connectionConfig && "config" in connectionConfig && typeof connectionConfig.config === "object") {
+      connectionConfig = connectionConfig.config;
+    }
     if (!connectionConfig || typeof connectionConfig !== "object" || Object.keys(connectionConfig).length === 0) {
       throw new BadRequestError("Connection configuration is required and cannot be empty");
     }
@@ -222264,6 +222642,7 @@ class ConnectionController {
     if (!connectionConfig.type) {
       throw new BadRequestError("Connection type is required");
     }
+    validateAzureAttachedDatabases(connectionConfig);
     logger.info(`Creating connection "${connectionName}" in project "${projectName}"`);
     await this.connectionService.addConnection(projectName, connectionName, connectionConfig);
     return {
@@ -222274,6 +222653,7 @@ class ConnectionController {
     if (!connection || typeof connection !== "object") {
       throw new BadRequestError("Connection payload is required");
     }
+    validateAzureAttachedDatabases(connection);
     logger.info(`Updating connection "${connectionName}" in project "${projectName}"`);
     await this.connectionService.updateConnection(projectName, connectionName, connection);
     return {
@@ -230039,8 +230419,11 @@ class Project {
     const virtualUri = `file://${path7.join(modelDir, "__compile_check.malloy")}`;
     const virtualUrl = new URL(virtualUri);
     const modelPath = path7.join(this.projectPath, packageName, modelName);
-    const preamble = await extractPreamble(modelPath);
-    const fullSource = preamble ? `${preamble}
+    let modelContent = "";
+    try {
+      modelContent = await fs6.promises.readFile(modelPath, "utf8");
+    } catch {}
+    const fullSource = modelContent ? `${modelContent}
 ${source}` : source;
     const interceptingReader = {
       readURL: async (url2) => {
@@ -230319,30 +230702,55 @@ ${source}` : source;
     logger.info(`Removed DuckLake connection ${connectionName} from project ${this.projectName}`);
   }
 }
-async function extractPreamble(modelPath) {
-  try {
-    const content = await fs6.promises.readFile(modelPath, "utf8");
-    return extractPreambleFromSource(content);
-  } catch {
-    return "";
+// src/service/project_store.ts
+var AZURE_SUPPORTED_SCHEMES2 = ["https://", "http://", "abfss://", "az://"];
+var AZURE_DATA_EXTENSIONS2 = [
+  ".parquet",
+  ".csv",
+  ".json",
+  ".jsonl",
+  ".ndjson"
+];
+function validateAzureUrl2(url2, fieldName) {
+  if (!AZURE_SUPPORTED_SCHEMES2.some((s) => url2.startsWith(s))) {
+    throw new BadRequestError(`Azure ${fieldName} must use one of: ${AZURE_SUPPORTED_SCHEMES2.join(", ")}`);
+  }
+  const pathWithoutQuery = url2.split("?")[0];
+  const stars = (pathWithoutQuery.match(/\*/g) || []).length;
+  if (stars === 0) {
+    const lower = pathWithoutQuery.toLowerCase();
+    if (!AZURE_DATA_EXTENSIONS2.some((ext) => lower.endsWith(ext))) {
+      throw new BadRequestError(`Azure ${fieldName}: a single-file URL must end with a data file extension (${AZURE_DATA_EXTENSIONS2.join(", ")})`);
+    }
+  } else if (pathWithoutQuery.endsWith("**")) {} else {
+    const lastSegment = pathWithoutQuery.split("/").pop() || "";
+    if (stars !== 1 || !lastSegment.startsWith("*")) {
+      throw new BadRequestError(`Azure ${fieldName}: only three URL patterns are supported:
+` + `  • Single file:    path/file.parquet
+` + `  • Directory glob: path/*.ext  (direct children only)
+` + `  • Recursive:      path/**     (includes all data files in the container and all subdirectories)
+` + `Multi-level globs such as "sub_dir/*/*.parquet" are not supported.`);
+    }
   }
 }
-function extractPreambleFromSource(content) {
-  const lines = content.split(`
-`);
-  const preambleLines = [];
-  for (const line of lines) {
-    const trimmed2 = line.trim();
-    if (trimmed2.startsWith("source:") || trimmed2.startsWith("query:") || trimmed2.startsWith("run:")) {
-      break;
+function validateProjectAzureUrls(project) {
+  for (const conn of project.connections || []) {
+    if (conn.type !== "duckdb")
+      continue;
+    for (const db of conn.duckdbConnection?.attachedDatabases || []) {
+      if (db.type !== "azure" || !db.azureConnection)
+        continue;
+      const { authType, sasUrl, fileUrl } = db.azureConnection;
+      if (authType === "sas_token" && sasUrl) {
+        validateAzureUrl2(sasUrl, `"${db.name}" sasUrl`);
+      } else if (authType === "service_principal" && fileUrl) {
+        validateAzureUrl2(fileUrl, `"${db.name}" fileUrl`);
+      }
     }
-    preambleLines.push(line);
   }
-  return preambleLines.join(`
-`).trimEnd();
 }
-// src/service/project_store.ts
 class ProjectStore {
   serverRootPath;
   projects = new Map;
@@ -230800,6 +231208,7 @@ class ProjectStore {
     if (this.publisherConfigIsFrozen) {
       throw new FrozenConfigError;
     }
+    validateProjectAzureUrls(project);
     const projectName = project.name;
     if (!projectName) {
       throw new Error("Project name is required");
@@ -231254,8 +231663,8 @@ class WatchModeController {
   getWatchStatus = async (_req, res) => {
     return res.json({
       enabled: !!this.watchingPath,
-      watchingPath: this.watchingPath,
-      projectName: this.watchingProjectName ?? undefined
+      watchingPath: this.watchingPath ?? "",
+      projectName: this.watchingProjectName ?? ""
     });
   };
   startWatching = async (req, res) => {

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
    "name": "@malloy-publisher/server",
    "description": "Malloy Publisher Server",
-   "version": "0.0.171",
+   "version": "0.0.173",
    "main": "dist/server.js",
    "bin": {
       "malloy-publisher": "dist/server.js"
@@ -29,6 +29,8 @@
    },
    "dependencies": {
       "@aws-sdk/client-s3": "^3.958.0",
+      "@azure/identity": "^4.13.0",
+      "@azure/storage-blob": "^12.26.0",
       "@google-cloud/storage": "^7.16.0",
       "@malloydata/db-bigquery": "^0.0.358",
       "@malloydata/db-duckdb": "^0.0.358",