@malloydata/db-duckdb 0.0.407 → 0.0.408

package/dist/duckdb_config.js

@@ -128,7 +128,7 @@ function normalizeDuckDBConfig(config) {
             mustExist: securityPolicy === 'sandboxed',
         });
     }
-    const databasePath = canonicalizeDatabasePath(rawDatabasePath);
+    const databasePath = canonicalizeDatabasePath(rawDatabasePath, workingDirectory);
     const isMotherDuck = isMotherDuckPath(databasePath);
     if (restricted && !isAllowedClosedNetworkDatabasePath(databasePath)) {
         throw new DuckDBConfigValidationError(`databasePath "${rawDatabasePath}" is not allowed when securityPolicy is "${securityPolicy}"`);
@@ -343,11 +343,19 @@ function deriveRestrictedSecretDirectory({ requiresSecretNeutralization, tempDir
     }
     throw new DuckDBConfigValidationError('restricted DuckDB policies require workingDirectory or tempDirectory so Malloy can isolate persistent DuckDB secrets');
 }
-function canonicalizeDatabasePath(databasePath) {
+// A relative `databasePath` resolves against `workingDirectory` (which itself
+// defaults to the project root via `{config: 'rootDirectory'}`), keeping a
+// config file portable — `databasePath: "analytics.duckdb"` names the database
+// alongside the project regardless of where the host process is launched.
+// `:memory:` and remote schemes are taken as-is; absolute paths ignore the
+// base; with no `workingDirectory` set, a relative path falls back to the cwd.
+function canonicalizeDatabasePath(databasePath, workingDirectory) {
     if (databasePath === ':memory:' || isLikelyRemoteDatabasePath(databasePath)) {
         return databasePath;
     }
-    return canonicalizeConfigPath(databasePath, 'databasePath');
+    return canonicalizeConfigPath(databasePath, 'databasePath', {
+        baseDirectory: workingDirectory,
+    });
 }
 // A config path can arrive as a `file://` URL rather than a plain path —
 // notably `workingDirectory`, which defaults to `config.rootDirectory` (the

package/dist/path_security.d.ts

@@ -1,7 +1,8 @@
 export interface CanonicalPathOptions {
     mustExist?: boolean;
+    baseDirectory?: string;
 }
 export declare function isPosixHost(): boolean;
-export declare function canonicalizePath(input: string, { mustExist }?: CanonicalPathOptions): string;
+export declare function canonicalizePath(input: string, { mustExist, baseDirectory }?: CanonicalPathOptions): string;
 export declare function canonicalizePathList(paths: string[]): string[];
 export declare function isContainedPath(parent: string, child: string): boolean;

package/dist/path_security.js

@@ -16,11 +16,13 @@ const path_1 = __importDefault(require("path"));
 function isPosixHost() {
     return path_1.default.sep === '/';
 }
-function canonicalizePath(input, { mustExist = false } = {}) {
+function canonicalizePath(input, { mustExist = false, baseDirectory } = {}) {
     if (input.trim() === '') {
         throw new Error('path must not be empty');
     }
-    const resolved = path_1.default.resolve(input);
+    const resolved = baseDirectory !== undefined
+        ? path_1.default.resolve(baseDirectory, input)
+        : path_1.default.resolve(input);
     const canonical = (() => {
         try {
             return fs_1.default.realpathSync.native(resolved);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@malloydata/db-duckdb",
-  "version": "0.0.407",
+  "version": "0.0.408",
   "license": "MIT",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -61,7 +61,7 @@
   "dependencies": {
     "@duckdb/duckdb-wasm": "1.33.1-dev45.0",
     "@duckdb/node-api": "1.5.3-r.2",
-    "@malloydata/malloy": "0.0.407",
+    "@malloydata/malloy": "0.0.408",
     "@motherduck/wasm-client": "^0.6.6",
     "apache-arrow": "^17.0.0",
     "web-worker": "^1.5.0"