@malloydata/db-duckdb 0.0.406 → 0.0.408

package/dist/duckdb_config.js

@@ -47,6 +47,7 @@ exports.sqlStringLiteral = sqlStringLiteral;
 exports.sqlStringListLiteral = sqlStringListLiteral;
 exports.stringifyDuckDBOption = stringifyDuckDBOption;
 const path_1 = __importDefault(require("path"));
+const url_1 = require("url");
 const malloy_1 = require("@malloydata/malloy");
 const pathSecurity = __importStar(require("./path_security"));
 class DuckDBConfigValidationError extends Error {
@@ -127,7 +128,7 @@ function normalizeDuckDBConfig(config) {
             mustExist: securityPolicy === 'sandboxed',
         });
     }
-    const databasePath = canonicalizeDatabasePath(rawDatabasePath);
+    const databasePath = canonicalizeDatabasePath(rawDatabasePath, workingDirectory);
     const isMotherDuck = isMotherDuckPath(databasePath);
     if (restricted && !isAllowedClosedNetworkDatabasePath(databasePath)) {
         throw new DuckDBConfigValidationError(`databasePath "${rawDatabasePath}" is not allowed when securityPolicy is "${securityPolicy}"`);
@@ -342,15 +343,46 @@ function deriveRestrictedSecretDirectory({ requiresSecretNeutralization, tempDir
     }
     throw new DuckDBConfigValidationError('restricted DuckDB policies require workingDirectory or tempDirectory so Malloy can isolate persistent DuckDB secrets');
 }
-function canonicalizeDatabasePath(databasePath) {
+// A relative `databasePath` resolves against `workingDirectory` (which itself
+// defaults to the project root via `{config: 'rootDirectory'}`), keeping a
+// config file portable — `databasePath: "analytics.duckdb"` names the database
+// alongside the project regardless of where the host process is launched.
+// `:memory:` and remote schemes are taken as-is; absolute paths ignore the
+// base; with no `workingDirectory` set, a relative path falls back to the cwd.
+function canonicalizeDatabasePath(databasePath, workingDirectory) {
     if (databasePath === ':memory:' || isLikelyRemoteDatabasePath(databasePath)) {
         return databasePath;
     }
-    return canonicalizeConfigPath(databasePath, 'databasePath');
+    return canonicalizeConfigPath(databasePath, 'databasePath', {
+        baseDirectory: workingDirectory,
+    });
+}
+// A config path can arrive as a `file://` URL rather than a plain path —
+// notably `workingDirectory`, which defaults to `config.rootDirectory` (the
+// config stack carries it as a URL string). Left as a URL, `path.resolve`
+// treats `file:` as a relative segment and joins it to the process cwd,
+// silently breaking relative `read_parquet`/glob resolution. Decode file URLs
+// to a real path so every downstream consumer (FILE_SEARCH_PATH,
+// allowed_directories, …) sees one. Plain paths and non-file schemes pass
+// through untouched; a malformed file URL throws and surfaces as the caller's
+// field-specific validation error.
+function maybeFileURLToPath(input) {
+    // Cheap guard so plain paths (the common case) skip URL parsing entirely.
+    if (!/^[a-z][a-z0-9+.-]*:/i.test(input)) {
+        return input;
+    }
+    let url;
+    try {
+        url = new URL(input);
+    }
+    catch {
+        return input; // not a URL — treat as a plain path
+    }
+    return url.protocol === 'file:' ? (0, url_1.fileURLToPath)(url) : input;
 }
 function canonicalizeConfigPath(input, fieldName, options = {}) {
     try {
-        return pathSecurity.canonicalizePath(input, options);
+        return pathSecurity.canonicalizePath(maybeFileURLToPath(input), options);
     }
     catch (error) {
         throw new DuckDBConfigValidationError(`${fieldName} is invalid: ${errorMessage(error)}`);

package/dist/duckdb_wasm_connection.js

@@ -214,6 +214,22 @@ function unwrapTable(table) {
     return table.toArray().map(row => unwrapRow(row, table.schema));
 }
 const isNode = () => { var _a; return typeof process !== 'undefined' && typeof ((_a = process.versions) === null || _a === void 0 ? void 0 : _a.node) === 'string'; };
+// `workingDirectory` defaults to `config.rootDirectory`, which the config
+// stack carries as a URL string. DuckDB-Wasm's virtual filesystem wants a plain
+// POSIX path; a `file://` URL left intact becomes a bogus FILE_SEARCH_PATH and
+// breaks relative reads. Decode file URLs to their path. Browser-safe — uses
+// the WHATWG `URL` (the native connection's Node `fileURLToPath` is unavailable
+// here). Plain paths and non-file schemes pass through untouched.
+function fileURLToVirtualPath(input) {
+    if (!/^file:\/\//i.test(input)) {
+        return input;
+    }
+    const decoded = decodeURIComponent(new URL(input).pathname);
+    // Drop a trailing separator but keep the filesystem root '/'.
+    return decoded.length > 1 && decoded.endsWith('/')
+        ? decoded.slice(0, -1)
+        : decoded;
+}
 class DuckDBWASMConnection extends duckdb_common_1.DuckDBCommon {
     constructor(arg, arg2, workingDirectory, queryOptions) {
         var _a, _b;
@@ -233,7 +249,7 @@ class DuckDBWASMConnection extends duckdb_common_1.DuckDBCommon {
                 this.databasePath = arg2;
             }
             if (typeof workingDirectory === 'string') {
-                this.workingDirectory = workingDirectory;
+                this.workingDirectory = fileURLToVirtualPath(workingDirectory);
             }
             if (queryOptions) {
                 this.queryOptions = queryOptions;
@@ -248,7 +264,7 @@ class DuckDBWASMConnection extends duckdb_common_1.DuckDBCommon {
                 this.databasePath = arg.databasePath;
             }
             if (typeof arg.workingDirectory === 'string') {
-                this.workingDirectory = arg.workingDirectory;
+                this.workingDirectory = fileURLToVirtualPath(arg.workingDirectory);
             }
             if (typeof arg.motherDuckToken === 'string') {
                 this.motherDuckToken = arg.motherDuckToken;

package/dist/path_security.d.ts

@@ -1,7 +1,8 @@
 export interface CanonicalPathOptions {
     mustExist?: boolean;
+    baseDirectory?: string;
 }
 export declare function isPosixHost(): boolean;
-export declare function canonicalizePath(input: string, { mustExist }?: CanonicalPathOptions): string;
+export declare function canonicalizePath(input: string, { mustExist, baseDirectory }?: CanonicalPathOptions): string;
 export declare function canonicalizePathList(paths: string[]): string[];
 export declare function isContainedPath(parent: string, child: string): boolean;

package/dist/path_security.js

@@ -16,11 +16,13 @@ const path_1 = __importDefault(require("path"));
 function isPosixHost() {
     return path_1.default.sep === '/';
 }
-function canonicalizePath(input, { mustExist = false } = {}) {
+function canonicalizePath(input, { mustExist = false, baseDirectory } = {}) {
     if (input.trim() === '') {
         throw new Error('path must not be empty');
     }
-    const resolved = path_1.default.resolve(input);
+    const resolved = baseDirectory !== undefined
+        ? path_1.default.resolve(baseDirectory, input)
+        : path_1.default.resolve(input);
     const canonical = (() => {
         try {
             return fs_1.default.realpathSync.native(resolved);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@malloydata/db-duckdb",
-  "version": "0.0.406",
+  "version": "0.0.408",
   "license": "MIT",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -61,7 +61,7 @@
   "dependencies": {
     "@duckdb/duckdb-wasm": "1.33.1-dev45.0",
     "@duckdb/node-api": "1.5.3-r.2",
-    "@malloydata/malloy": "0.0.406",
+    "@malloydata/malloy": "0.0.408",
     "@motherduck/wasm-client": "^0.6.6",
     "apache-arrow": "^17.0.0",
     "web-worker": "^1.5.0"