@malloydata/db-duckdb 0.0.379 → 0.0.380

package/MAINTENANCE_NOTES.md

@@ -10,20 +10,29 @@ must not depend on them for essential context.
 
 ## Mental Model
 
-Malloy exposes two user-facing policy axes for native DuckDB:
+Malloy exposes one user-facing policy property for native DuckDB:
 
-- `filesystemPolicy: "open" | "sandboxed"`
-- `networkPolicy: "open" | "closed"`
+- `securityPolicy: "none" | "local" | "sandboxed"`
 
-Those fields are Malloy policy controls. They are not raw DuckDB option names
-and they are not a general policy language.
+This field is a Malloy policy control. It is not a raw DuckDB option name
+and it is not a general policy language.
 
-The reviewed strict recipe for untrusted Malloy is:
+The three levels form a strict escalation:
 
-- `filesystemPolicy: "sandboxed"`
-- `networkPolicy: "closed"`
+- `"none"` — no security policy applied. Ordinary DuckDB behavior.
+- `"local"` — no network access. DuckDB cannot reach the network, but local
+  filesystem access is not sandboxed to specific directories.
+- `"sandboxed"` — no network access AND filesystem confined to
+  `allowedDirectories`. The reviewed strict recipe.
 
-The implementation compiles those public policy values into an internal
+DuckDB's `enable_external_access` is a single toggle that gates both filesystem
+reach beyond the working directory and network reach. Setting
+`allowed_directories` without disabling `enable_external_access` has no effect.
+This is why the policy is a single axis rather than two independent axes — the
+underlying DuckDB mechanism does not support independent filesystem and network
+control.
+
+The implementation compiles the public policy value into an internal
 `NormalizedDuckDBSafetyPolicy`. That internal object records the derived
 enforcement requirements, such as locked configuration, no setup SQL,
 temp-file encryption, extension restrictions, and secret neutralization. Keep
@@ -41,9 +50,9 @@ process isolation, query cancellation, and host-level quotas separately.
 
 - Native connection schema: `src/native.ts`
   - Registers native DuckDB properties.
-  - `filesystemPolicy` and `networkPolicy` are `requireLiteralString` so
-    invalid reference-shaped or non-string values reach registry validation
-    instead of being silently dropped by generic config compilation.
+  - `securityPolicy` is `requireLiteralString` so invalid reference-shaped or
+    non-string values reach registry validation instead of being silently
+    dropped by generic config compilation.
 - Config compiler literal guard: `../malloy/src/api/foundation/config_compile.ts`
   - Preserves invalid literal-required values as values after warning, allowing
     registry lookup to fail closed before the DuckDB factory runs.
@@ -72,7 +81,7 @@ process isolation, query cancellation, and host-level quotas separately.
   baseline must fail connection creation.
 - Policy validation must run early enough that invalid raw values such as
   `true`, `42`, or `{env: "POLICY"}` cannot be silently dropped and interpreted
-  as the default `"open"` policy.
+  as the default `"none"` policy.
 - A restricted DuckDB connection must never share a live instance with a less
   restrictive or otherwise semantically different connection.
 - The fixed baseline must be established before any Malloy-derived SQL runs.
@@ -85,22 +94,11 @@ process isolation, query cancellation, and host-level quotas separately.
 
 ## User-Facing Policy Behavior
 
-`filesystemPolicy: "open"` means Malloy does not derive a filesystem sandbox.
+`securityPolicy: "none"` means no security policy is applied. Ordinary DuckDB
+behavior.
 
-`filesystemPolicy: "sandboxed"` means Malloy derives and enforces a native
-DuckDB filesystem boundary:
-
-- `allowedDirectories` is required or derived.
-- `tempDirectory` is required or derived.
-- `workingDirectory`, when present, must be inside `allowedDirectories`.
-- `tempDirectory` must be inside `allowedDirectories`.
-- Non-POSIX hosts are rejected. Do not approximate Windows path behavior for
-  the current policy.
-
-`networkPolicy: "open"` means network-capable DuckDB behavior may remain
-available.
-
-`networkPolicy: "closed"` means Malloy disables network-capable DuckDB behavior:
+`securityPolicy: "local"` means Malloy disables network-capable DuckDB
+behavior:
 
 - `enableExternalAccess` is forced to `false`.
 - `httpfs` must not load.
@@ -108,14 +106,20 @@ available.
 - network-requiring `databasePath` values, including MotherDuck paths, are
   rejected.
 - `motherDuckToken` is rejected.
+- configuration is locked after baseline setup.
+- `setupSQL` is not allowed.
+- temp-file encryption is required.
+- secrets are neutralized.
 
-The two axes can be used independently:
+`securityPolicy: "sandboxed"` means everything in `"local"`, plus Malloy
+derives and enforces a native DuckDB filesystem boundary:
 
-- sandboxed filesystem plus open network is allowed, but it is not the reviewed
-  strict recipe.
-- open filesystem plus closed network is allowed, for hosts that trust an
-  external filesystem/container boundary but want Malloy to close DuckDB's
-  network-capable surface.
+- `allowedDirectories` is required or derived.
+- `tempDirectory` is required or derived.
+- `workingDirectory`, when present, must be inside `allowedDirectories`.
+- `tempDirectory` must be inside `allowedDirectories`.
+- Non-POSIX hosts are rejected. Do not approximate Windows path behavior for
+  the current policy.
 
 ## Registered Config Surface
 
@@ -128,10 +132,9 @@ Native DuckDB supports the existing Malloy-facing properties:
 - `readOnly`
 - `setupSQL`
 
-The config extension adds policy properties:
+The config extension adds the policy property:
 
-- `filesystemPolicy`
-- `networkPolicy`
+- `securityPolicy`
 
 It also adds curated DuckDB-level properties:
 
@@ -153,7 +156,7 @@ connection property model does not yet have a first-class string-array type.
 Even though the registry metadata says `json`, DuckDB normalization must require
 the value to be a JSON array of strings. Do not add a registry default for
 `allowedDirectories`; its only defaulting behavior belongs to
-`filesystemPolicy: "sandboxed"` normalization.
+`securityPolicy: "sandboxed"` normalization.
 
 `workingDirectory` defaults to `{config: "rootDirectory"}` in the native DuckDB
 registry. Hosts that know the project root should populate `config.rootDirectory`
@@ -171,28 +174,28 @@ All policy reasoning belongs in `normalizeDuckDBConfig()`.
 
 Policy parsing:
 
-- Missing `filesystemPolicy` defaults to `"open"`.
-- Missing `networkPolicy` defaults to `"open"`.
-- Accepted policy values are exact documented strings only.
+- Missing `securityPolicy` defaults to `"none"`.
+- Accepted policy values are exact documented strings only: `"none"`, `"local"`,
+  `"sandboxed"`.
 - Unknown strings, strings with whitespace or different casing, non-strings,
   and reference-shaped values must fail closed.
 
 Derived safety policy:
 
-- If either policy is restricted, derive:
+- If `securityPolicy` is `"local"` or `"sandboxed"` (i.e., restricted), derive:
   - `requiresLockedConfiguration: true`
   - `requiresNoSetupSQL: true`
   - `requiresTempFileEncryption: true`
   - `requiresSecretNeutralization: true`
   - `forbidAdditionalExtensions: true`
+  - `allowHttpfs: false`
+  - `enableExternalAccess: false`
   - required baseline extensions `icu` and `json`
-- If `filesystemPolicy === "sandboxed"`, also derive:
+  - no extension install or auto-install/autoload expansion
+- If `securityPolicy === "sandboxed"`, also derive:
   - POSIX host required
   - sandboxed path validation required
   - derived temp directory name `.tmp`
-- If `networkPolicy === "closed"`, also derive:
-  - `allowHttpfs: false`
-  - no extension install or auto-install/autoload expansion
 
 Conflict checks:
 
@@ -201,7 +204,7 @@ Conflict checks:
   extension broadening.
 - Reject `lockConfiguration: false` under any restricted policy.
 - Reject `tempFileEncryption: false` under any restricted policy.
-- Under `networkPolicy: "closed"`, reject:
+- Under any restricted policy, reject:
   - `enableExternalAccess: true`
   - `autoloadKnownExtensions: true`
   - `autoinstallKnownExtensions: true`
@@ -210,26 +213,25 @@ Conflict checks:
   - `motherDuckToken`
   - remote or network-requiring `databasePath`
 - Redundant matching values are allowed. For example,
-  `networkPolicy: "closed"` plus `enableExternalAccess: false` is valid.
+  `securityPolicy: "local"` plus `enableExternalAccess: false` is valid.
 
 Derived defaults:
 
-- Under `networkPolicy: "closed"`, force:
+- Under any restricted policy, force:
   - `enableExternalAccess = false`
+  - `lockConfiguration = true`
+  - `tempFileEncryption = true`
   - `autoloadKnownExtensions = false`
   - `autoinstallKnownExtensions = false`
   - `allowCommunityExtensions = false`
   - `allowUnsignedExtensions = false`
-- Under any restricted policy, force:
-  - `lockConfiguration = true`
-  - `tempFileEncryption = true`
-- Under `filesystemPolicy: "sandboxed"`:
+- Under `securityPolicy: "sandboxed"`:
   - If `allowedDirectories` is omitted, derive it to exactly the canonical
     `workingDirectory`, and nothing broader.
   - If `tempDirectory` is omitted, derive it to `workingDirectory/.tmp`.
   - If Malloy cannot derive the required paths safely, fail closed with a
     field-specific error.
-- Outside `filesystemPolicy: "sandboxed"`, do not invent an
+- Outside `securityPolicy: "sandboxed"`, do not invent an
   `allowedDirectories` default.
 - With `databasePath: ":memory:"`, normalize `readOnly` to `false`.
   This intentionally preserves existing behavior. A user-facing warning for
@@ -278,8 +280,7 @@ effective setting that can affect runtime behavior, safety, or semantics:
 
 - `databasePath`
 - `readOnly`
-- `filesystemPolicy`
-- `networkPolicy`
+- `securityPolicy`
 - `setupSQL`
 - canonicalized `allowedDirectories`
 - `enableExternalAccess`
@@ -346,7 +347,7 @@ Current baseline mapping:
   - must be established before lock
 - built-in extension loading
   - preserve ordinary compatibility outside restricted modes
-  - under `networkPolicy: "closed"`, do not `INSTALL`, do not load `httpfs`,
+  - under any restricted policy, do not `INSTALL`, do not load `httpfs`,
     and load only the fixed Malloy baseline extensions
 - `setupSQL`
   - preserve outside restricted modes
@@ -361,9 +362,9 @@ configuration after `lock_configuration=true`.
 `icu` and `json` are part of the fixed Malloy DuckDB baseline.
 
 `httpfs` is not part of that baseline. It broadens remote/network-capable
-behavior and is controlled by `networkPolicy`.
+behavior and is controlled by `securityPolicy`.
 
-Under `networkPolicy: "closed"`:
+Under any restricted policy (`"local"` or `"sandboxed"`):
 
 - do not load `httpfs`
 - do not `INSTALL` extensions
@@ -371,7 +372,7 @@ Under `networkPolicy: "closed"`:
 - load only fixed baseline extensions `icu` and `json`
 - fail closed if a required baseline extension is unavailable locally
 
-Outside `networkPolicy: "closed"`, preserve ordinary compatibility unless a
+Outside restricted policies, preserve ordinary compatibility unless a
 separate product decision changes it.
 
 ## Secrets
@@ -400,11 +401,10 @@ restricted-mode tests.
 
 The policy system described here targets native DuckDB.
 
-Do not register native-only policy fields in the `duckdb_wasm` connection
+Do not register the native-only policy field in the `duckdb_wasm` connection
 schema in this pass:
 
-- `filesystemPolicy`
-- `networkPolicy`
+- `securityPolicy`
 - native-only hardening properties
 
 Do not add native restricted-policy behavior to `DuckDBWASMConnection` as a
@@ -422,7 +422,7 @@ When adding a new native DuckDB config property, update all relevant layers:
 
 - Register the property in `src/native.ts` with the correct config metadata.
 - Parse and validate it in `normalizeDuckDBConfig()`.
-- Decide whether it conflicts with `filesystemPolicy` or `networkPolicy`.
+- Decide whether it conflicts with `securityPolicy`.
 - Decide whether any restricted policy must derive or force a value.
 - If it is path-like, canonicalize it before validation and identity
   comparison.
@@ -440,8 +440,8 @@ forced to a safe value under restricted policies.
 
 ## Changing Policy Behavior
 
-When changing `filesystemPolicy`, `networkPolicy`, or
-`NormalizedDuckDBSafetyPolicy`, review these together:
+When changing `securityPolicy` or `NormalizedDuckDBSafetyPolicy`, review these
+together:
 
 - user-facing policy contract
 - normalizer parsing and conflict checks
@@ -468,8 +468,7 @@ Keep focused tests for:
 - `allowedDirectories` accepted as a JSON array of strings
 - `allowedDirectories` rejected for non-array or non-string JSON values
 - exact policy value parsing
-- policy fields rejected when provided as non-literal or reference-shaped
-  values
+- policy field rejected when provided as non-literal or reference-shaped value
 - missing policy-required values failing closed
 - conflict checks
 - redundant matching explicit values accepted
@@ -478,10 +477,11 @@ Keep focused tests for:
 - network-requiring `databasePath` rejection
 - `readOnly: true` with `:memory:` normalizing to `false`
 - share keys differing when safety-relevant settings differ
+- different `securityPolicy` values producing different share keys
 - semantically identical allowlists sharing
 - restricted baseline order
-- `networkPolicy: "closed"` not loading `httpfs`
-- `networkPolicy: "closed"` not running `INSTALL`
+- restricted policies not loading `httpfs`
+- restricted policies not running `INSTALL`
 - required baseline extensions loaded or failing closed
 - later config-changing `SET` statements failing after lock
 - `closeAllInstances()` clearing all share-keyed native instances

package/dist/duckdb_config.d.ts

@@ -1,6 +1,5 @@
 import type { ConnectionConfig } from '@malloydata/malloy';
-export type DuckDBFilesystemPolicy = 'open' | 'sandboxed';
-export type DuckDBNetworkPolicy = 'open' | 'closed';
+export type DuckDBSecurityPolicy = 'none' | 'local' | 'sandboxed';
 export interface NormalizedDuckDBSafetyPolicy {
     requiresPosixHost: boolean;
     requiresLockedConfiguration: boolean;
@@ -9,7 +8,6 @@ export interface NormalizedDuckDBSafetyPolicy {
     requiresTempFileEncryption: boolean;
     requiresSecretNeutralization: boolean;
     requiredBaselineExtensions: readonly ['icu', 'json'];
-    allowHttpfs: boolean;
     forbidAdditionalExtensions: boolean;
     derivedTempDirectoryName: '.tmp';
 }
@@ -18,8 +16,7 @@ export interface NormalizedDuckDBConfig {
     databasePath: string;
     readOnly: boolean;
     workingDirectory?: string;
-    filesystemPolicy: DuckDBFilesystemPolicy;
-    networkPolicy: DuckDBNetworkPolicy;
+    securityPolicy: DuckDBSecurityPolicy;
     safetyPolicy?: NormalizedDuckDBSafetyPolicy;
     allowedDirectories?: string[];
     enableExternalAccess?: boolean;

package/dist/duckdb_config.js

@@ -61,10 +61,9 @@ const DERIVED_TEMP_DIRECTORY_NAME = '.tmp';
 const DERIVED_SECRET_DIRECTORY_NAME = '.duckdb-secrets';
 function normalizeDuckDBConfig(config) {
     var _a, _b, _c, _d;
-    const filesystemPolicy = parsePolicyValue(config['filesystemPolicy'], 'filesystemPolicy', ['open', 'sandboxed']);
-    const networkPolicy = parsePolicyValue(config['networkPolicy'], 'networkPolicy', ['open', 'closed']);
-    if (filesystemPolicy === 'sandboxed' && !pathSecurity.isPosixHost()) {
-        throw new DuckDBConfigValidationError('filesystemPolicy "sandboxed" is only supported on POSIX hosts');
+    const securityPolicy = parseSecurityPolicy(config['securityPolicy']);
+    if (securityPolicy === 'sandboxed' && !pathSecurity.isPosixHost()) {
+        throw new DuckDBConfigValidationError('securityPolicy "sandboxed" is only supported on POSIX hosts');
     }
     const rawDatabasePath = (_b = (_a = readOptionalString(config, 'databasePath')) !== null && _a !== void 0 ? _a : readOptionalString(config, 'path')) !== null && _b !== void 0 ? _b : ':memory:';
     const rawWorkingDirectory = readOptionalString(config, 'workingDirectory');
@@ -84,94 +83,92 @@ function normalizeDuckDBConfig(config) {
     const rawTempDirectory = readOptionalString(config, 'tempDirectory');
     const rawExtensionDirectory = readOptionalString(config, 'extensionDirectory');
     const rawAllowedDirectories = readOptionalStringArray(config['allowedDirectories'], 'allowedDirectories');
-    const restricted = filesystemPolicy === 'sandboxed' || networkPolicy === 'closed';
+    const restricted = securityPolicy !== 'none';
     const safetyPolicy = restricted
         ? {
-            requiresPosixHost: filesystemPolicy === 'sandboxed',
+            requiresPosixHost: securityPolicy === 'sandboxed',
             requiresLockedConfiguration: true,
             requiresNoSetupSQL: true,
-            requiresSandboxedPaths: filesystemPolicy === 'sandboxed',
+            requiresSandboxedPaths: securityPolicy === 'sandboxed',
             requiresTempFileEncryption: true,
             requiresSecretNeutralization: true,
             requiredBaselineExtensions: REQUIRED_BASELINE_EXTENSIONS,
-            allowHttpfs: networkPolicy === 'open',
             forbidAdditionalExtensions: true,
             derivedTempDirectoryName: DERIVED_TEMP_DIRECTORY_NAME,
         }
         : undefined;
     if ((safetyPolicy === null || safetyPolicy === void 0 ? void 0 : safetyPolicy.requiresNoSetupSQL) && rawSetupSQL !== undefined) {
-        throw new DuckDBConfigValidationError('setupSQL is not allowed when filesystemPolicy or networkPolicy requires a locked DuckDB baseline');
+        throw new DuckDBConfigValidationError(`setupSQL is not allowed when securityPolicy is "${securityPolicy}"`);
     }
     if ((safetyPolicy === null || safetyPolicy === void 0 ? void 0 : safetyPolicy.forbidAdditionalExtensions) &&
         additionalExtensions.length > 0) {
-        throw new DuckDBConfigValidationError('additionalExtensions is not allowed when filesystemPolicy or networkPolicy requires a locked DuckDB baseline');
+        throw new DuckDBConfigValidationError(`additionalExtensions is not allowed when securityPolicy is "${securityPolicy}"`);
     }
     if (restricted && lockConfiguration === false) {
-        throw new DuckDBConfigValidationError('lockConfiguration cannot be false when filesystemPolicy or networkPolicy requires a locked DuckDB baseline');
+        throw new DuckDBConfigValidationError(`lockConfiguration cannot be false when securityPolicy is "${securityPolicy}"`);
     }
     if (restricted && tempFileEncryption === false) {
-        throw new DuckDBConfigValidationError('tempFileEncryption cannot be false when filesystemPolicy or networkPolicy requires a locked DuckDB baseline');
-    }
-    if (networkPolicy === 'closed') {
-        rejectConflictingBoolean(enableExternalAccess, 'enableExternalAccess', true, 'networkPolicy "closed"');
-        rejectConflictingBoolean(autoloadKnownExtensions, 'autoloadKnownExtensions', true, 'networkPolicy "closed"');
-        rejectConflictingBoolean(autoinstallKnownExtensions, 'autoinstallKnownExtensions', true, 'networkPolicy "closed"');
-        rejectConflictingBoolean(allowCommunityExtensions, 'allowCommunityExtensions', true, 'networkPolicy "closed"');
-        rejectConflictingBoolean(allowUnsignedExtensions, 'allowUnsignedExtensions', true, 'networkPolicy "closed"');
+        throw new DuckDBConfigValidationError(`tempFileEncryption cannot be false when securityPolicy is "${securityPolicy}"`);
+    }
+    if (restricted) {
+        rejectConflictingBoolean(enableExternalAccess, 'enableExternalAccess', true, `securityPolicy "${securityPolicy}"`);
+        rejectConflictingBoolean(autoloadKnownExtensions, 'autoloadKnownExtensions', true, `securityPolicy "${securityPolicy}"`);
+        rejectConflictingBoolean(autoinstallKnownExtensions, 'autoinstallKnownExtensions', true, `securityPolicy "${securityPolicy}"`);
+        rejectConflictingBoolean(allowCommunityExtensions, 'allowCommunityExtensions', true, `securityPolicy "${securityPolicy}"`);
+        rejectConflictingBoolean(allowUnsignedExtensions, 'allowUnsignedExtensions', true, `securityPolicy "${securityPolicy}"`);
         if (rawMotherDuckToken !== undefined) {
-            throw new DuckDBConfigValidationError('motherDuckToken is not allowed when networkPolicy is "closed"');
+            throw new DuckDBConfigValidationError(`motherDuckToken is not allowed when securityPolicy is "${securityPolicy}"`);
         }
     }
     let workingDirectory;
     if (rawWorkingDirectory !== undefined) {
         workingDirectory = canonicalizeConfigPath(rawWorkingDirectory, 'workingDirectory', {
-            mustExist: filesystemPolicy === 'sandboxed',
+            mustExist: securityPolicy === 'sandboxed',
         });
     }
     const databasePath = canonicalizeDatabasePath(rawDatabasePath);
     const isMotherDuck = isMotherDuckPath(databasePath);
-    if (networkPolicy === 'closed' &&
-        !isAllowedClosedNetworkDatabasePath(databasePath)) {
-        throw new DuckDBConfigValidationError(`databasePath "${rawDatabasePath}" is not allowed when networkPolicy is "closed"`);
+    if (restricted && !isAllowedClosedNetworkDatabasePath(databasePath)) {
+        throw new DuckDBConfigValidationError(`databasePath "${rawDatabasePath}" is not allowed when securityPolicy is "${securityPolicy}"`);
     }
-    if (networkPolicy === 'closed' && isMotherDuck) {
-        throw new DuckDBConfigValidationError('MotherDuck database paths are not allowed when networkPolicy is "closed"');
+    if (restricted && isMotherDuck) {
+        throw new DuckDBConfigValidationError(`MotherDuck database paths are not allowed when securityPolicy is "${securityPolicy}"`);
     }
     const normalizedAllowedDirectories = rawAllowedDirectories === undefined
         ? undefined
         : canonicalizeConfigPathList(rawAllowedDirectories, 'allowedDirectories');
     let allowedDirectories = normalizedAllowedDirectories;
-    if (filesystemPolicy === 'sandboxed') {
+    if (securityPolicy === 'sandboxed') {
         if (allowedDirectories === undefined) {
             if (workingDirectory === undefined) {
-                throw new DuckDBConfigValidationError('filesystemPolicy "sandboxed" requires either allowedDirectories or workingDirectory. If you expected workingDirectory to come from config.rootDirectory, verify that overlay is available.');
+                throw new DuckDBConfigValidationError('securityPolicy "sandboxed" requires either allowedDirectories or workingDirectory. If you expected workingDirectory to come from config.rootDirectory, verify that overlay is available.');
             }
             allowedDirectories = [workingDirectory];
         }
         if (workingDirectory !== undefined &&
             !allowedDirectories.some(allowed => pathSecurity.isContainedPath(allowed, workingDirectory))) {
-            throw new DuckDBConfigValidationError('workingDirectory must be contained within allowedDirectories when filesystemPolicy is "sandboxed"');
+            throw new DuckDBConfigValidationError('workingDirectory must be contained within allowedDirectories when securityPolicy is "sandboxed"');
         }
     }
     let tempDirectory;
     if (rawTempDirectory !== undefined) {
         tempDirectory = canonicalizeConfigPath(rawTempDirectory, 'tempDirectory');
     }
-    else if (filesystemPolicy === 'sandboxed') {
+    else if (securityPolicy === 'sandboxed') {
         if (workingDirectory === undefined) {
-            throw new DuckDBConfigValidationError('filesystemPolicy "sandboxed" requires tempDirectory or workingDirectory so Malloy can derive a safe temp directory');
+            throw new DuckDBConfigValidationError('securityPolicy "sandboxed" requires tempDirectory or workingDirectory so Malloy can derive a safe temp directory');
         }
         tempDirectory = path_1.default.join(workingDirectory, DERIVED_TEMP_DIRECTORY_NAME);
     }
-    if (filesystemPolicy === 'sandboxed') {
+    if (securityPolicy === 'sandboxed') {
         if (allowedDirectories === undefined) {
-            throw new DuckDBConfigValidationError('filesystemPolicy "sandboxed" requires allowedDirectories');
+            throw new DuckDBConfigValidationError('securityPolicy "sandboxed" requires allowedDirectories');
         }
         if (tempDirectory === undefined) {
-            throw new DuckDBConfigValidationError('filesystemPolicy "sandboxed" requires tempDirectory');
+            throw new DuckDBConfigValidationError('securityPolicy "sandboxed" requires tempDirectory');
         }
         if (!allowedDirectories.some(allowed => pathSecurity.isContainedPath(allowed, tempDirectory))) {
-            throw new DuckDBConfigValidationError('tempDirectory must be contained within allowedDirectories when filesystemPolicy is "sandboxed"');
+            throw new DuckDBConfigValidationError('tempDirectory must be contained within allowedDirectories when securityPolicy is "sandboxed"');
         }
     }
     const extensionDirectory = rawExtensionDirectory === undefined
@@ -187,18 +184,17 @@ function normalizeDuckDBConfig(config) {
         databasePath,
         readOnly: databasePath === ':memory:' ? false : readOnly,
         workingDirectory,
-        filesystemPolicy,
-        networkPolicy,
+        securityPolicy,
         safetyPolicy,
         allowedDirectories,
-        enableExternalAccess: networkPolicy === 'closed' ? false : enableExternalAccess,
+        enableExternalAccess: restricted ? false : enableExternalAccess,
         lockConfiguration: (safetyPolicy === null || safetyPolicy === void 0 ? void 0 : safetyPolicy.requiresLockedConfiguration)
             ? true
             : lockConfiguration,
-        autoloadKnownExtensions: networkPolicy === 'closed' ? false : autoloadKnownExtensions,
-        autoinstallKnownExtensions: networkPolicy === 'closed' ? false : autoinstallKnownExtensions,
-        allowCommunityExtensions: networkPolicy === 'closed' ? false : allowCommunityExtensions,
-        allowUnsignedExtensions: networkPolicy === 'closed' ? false : allowUnsignedExtensions,
+        autoloadKnownExtensions: restricted ? false : autoloadKnownExtensions,
+        autoinstallKnownExtensions: restricted ? false : autoinstallKnownExtensions,
+        allowCommunityExtensions: restricted ? false : allowCommunityExtensions,
+        allowUnsignedExtensions: restricted ? false : allowUnsignedExtensions,
         tempFileEncryption: (safetyPolicy === null || safetyPolicy === void 0 ? void 0 : safetyPolicy.requiresTempFileEncryption)
             ? true
             : tempFileEncryption,
@@ -216,7 +212,7 @@ function buildDuckDBShareKey(config) {
     var _a, _b, _c, _d, _e, _f, _g;
     // secretDirectory is derived from policy + workingDirectory/tempDirectory,
     // which already participate in the share key.
-    return (0, malloy_1.makeDigest)('duckdb-share-key-v1', config.databasePath, String(config.readOnly), config.filesystemPolicy, config.networkPolicy, (_a = config.setupSQL) !== null && _a !== void 0 ? _a : '', ...((_b = config.allowedDirectories) !== null && _b !== void 0 ? _b : []), config.enableExternalAccess === undefined
+    return (0, malloy_1.makeDigest)('duckdb-share-key-v2', config.databasePath, String(config.readOnly), config.securityPolicy, (_a = config.setupSQL) !== null && _a !== void 0 ? _a : '', ...((_b = config.allowedDirectories) !== null && _b !== void 0 ? _b : []), config.enableExternalAccess === undefined
         ? ''
         : String(config.enableExternalAccess), config.lockConfiguration === undefined
         ? ''
@@ -241,21 +237,25 @@ function sqlStringListLiteral(values) {
 function stringifyDuckDBOption(value) {
     return String(value);
 }
-function parsePolicyValue(rawValue, fieldName, allowedValues) {
+const SECURITY_POLICY_VALUES = [
+    'none',
+    'local',
+    'sandboxed',
+];
+function isSecurityPolicy(value) {
+    return SECURITY_POLICY_VALUES.includes(value);
+}
+function parseSecurityPolicy(rawValue) {
     if (rawValue === undefined) {
-        return 'open';
+        return 'none';
     }
     if (typeof rawValue !== 'string') {
-        throw new DuckDBConfigValidationError(`${fieldName} must be one of ${allowedValues
-            .map(v => `"${v}"`)
-            .join(' or ')}, got ${typeof rawValue}`);
+        throw new DuckDBConfigValidationError(`securityPolicy must be one of ${SECURITY_POLICY_VALUES.map(v => `"${v}"`).join(', ')}, got ${typeof rawValue}`);
     }
-    if (allowedValues.includes(rawValue)) {
+    if (isSecurityPolicy(rawValue)) {
         return rawValue;
     }
-    throw new DuckDBConfigValidationError(`${fieldName} must be one of ${allowedValues
-        .map(v => `"${v}"`)
-        .join(' or ')}, got "${rawValue}"`);
+    throw new DuckDBConfigValidationError(`securityPolicy must be one of ${SECURITY_POLICY_VALUES.map(v => `"${v}"`).join(', ')}, got "${rawValue}"`);
 }
 function readOptionalString(config, fieldName) {
     const rawValue = config[fieldName];

package/dist/duckdb_connection.d.ts

@@ -9,8 +9,7 @@ export interface DuckDBConnectionOptions extends ConnectionConfig {
     workingDirectory?: string;
     readOnly?: boolean;
     setupSQL?: string;
-    filesystemPolicy?: 'open' | 'sandboxed';
-    networkPolicy?: 'open' | 'closed';
+    securityPolicy?: 'none' | 'local' | 'sandboxed';
     allowedDirectories?: string[];
     enableExternalAccess?: boolean;
     lockConfiguration?: boolean;
@@ -50,7 +49,6 @@ export declare class DuckDBConnection extends DuckDBCommon {
     private shouldApplyEnableExternalAccessAtOpenTime;
     private applyFinalBaseline;
     private loadBaselineExtensions;
-    private shouldLoadHttpfs;
     private loadExtension;
     protected runDuckDBQuery(sql: string): Promise<{
         rows: QueryRecord[];

package/dist/duckdb_connection.js

@@ -175,7 +175,7 @@ class DuckDBConnection extends duckdb_common_1.DuckDBCommon {
         await this.loadBaselineExtensions();
     }
     async loadBaselineExtensions() {
-        if (this.normalized.networkPolicy === 'closed') {
+        if (this.normalized.securityPolicy !== 'none') {
             await this.loadExtension('json', { allowInstall: false, required: true });
             await this.loadExtension('icu', { allowInstall: false, required: true });
             return;
@@ -183,7 +183,7 @@ class DuckDBConnection extends duckdb_common_1.DuckDBCommon {
         const allowInstall = this.normalized.enableExternalAccess !== false;
         await this.loadExtension('json', { allowInstall, required: false });
         await this.loadExtension('icu', { allowInstall, required: false });
-        if (this.shouldLoadHttpfs()) {
+        if (this.normalized.enableExternalAccess !== false) {
             await this.loadExtension('httpfs', { allowInstall, required: false });
         }
         for (const extension of this.normalized.additionalExtensions) {
@@ -193,12 +193,6 @@ class DuckDBConnection extends duckdb_common_1.DuckDBCommon {
             await this.loadExtension('motherduck', { allowInstall, required: false });
         }
     }
-    shouldLoadHttpfs() {
-        if (this.normalized.networkPolicy === 'closed') {
-            return false;
-        }
-        return this.normalized.enableExternalAccess !== false;
-    }
     async loadExtension(extension, options) {
         try {
             await this.runDuckDBQuery(`LOAD ${(0, duckdb_config_1.sqlStringLiteral)(extension)}`);

package/dist/native.js

@@ -38,15 +38,8 @@ const duckdb_connection_1 = require("./duckdb_connection");
             default: { config: 'rootDirectory' },
         },
         {
-            name: 'filesystemPolicy',
-            displayName: 'Filesystem Policy',
-            type: 'string',
-            optional: true,
-            requireLiteralString: true,
-        },
-        {
-            name: 'networkPolicy',
-            displayName: 'Network Policy',
+            name: 'securityPolicy',
+            displayName: 'Security Policy',
             type: 'string',
             optional: true,
             requireLiteralString: true,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@malloydata/db-duckdb",
-  "version": "0.0.379",
+  "version": "0.0.380",
   "license": "MIT",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -60,7 +60,7 @@
   "dependencies": {
     "@duckdb/duckdb-wasm": "1.33.1-dev13.0",
     "@duckdb/node-api": "1.4.4-r.1",
-    "@malloydata/malloy": "0.0.379",
+    "@malloydata/malloy": "0.0.380",
     "@motherduck/wasm-client": "^0.6.6",
     "apache-arrow": "^17.0.0",
     "web-worker": "^1.3.0"