@malloydata/malloy 0.0.394 → 0.0.396

package/dist/api/foundation/compile.d.ts

@@ -54,6 +54,12 @@ export declare class MalloyError extends Error {
      */
     constructor(message: string, problems?: LogMessage[]);
 }
+type CompileRequest = Compilable & CompileOptions & CompileQueryOptions & ParseOptions & {
+    urlReader: URLReader;
+    connections: LookupConnection<InfoConnection>;
+    model?: Model;
+    cacheManager?: CacheManager;
+};
 export declare class Malloy {
     static get version(): string;
     /**
@@ -109,12 +115,7 @@ export declare class Malloy {
      * @param model A compiled model to build upon (optional).
      * @return A (promise of a) compiled `Model`.
      */
-    static compile({ url, source, parse, urlReader, connections, model, refreshSchemaCache, noThrowOnError, eventStream, importBaseURL, cacheManager, }: {
-        urlReader: URLReader;
-        connections: LookupConnection<InfoConnection>;
-        model?: Model;
-        cacheManager?: CacheManager;
-    } & Compilable & CompileOptions & CompileQueryOptions & ParseOptions): Promise<Model>;
+    static compile(req: CompileRequest): Promise<Model>;
     /**
      * A dialect must provide a response for every table, or the translator loop
      * will never exit. Because there was a time when this happened, we throw

package/dist/api/foundation/compile.js

@@ -37,9 +37,6 @@ class MalloyError extends Error {
     }
 }
 exports.MalloyError = MalloyError;
-// =============================================================================
-// Malloy Static Class
-// =============================================================================
 class Malloy {
     static get version() {
         return version_1.MALLOY_VERSION;
@@ -70,6 +67,7 @@ class Malloy {
         return (0, registry_1.getRegisteredConnectionTypes)();
     }
     static _parse(source, url, eventStream, options, invalidationKey) {
+        var _a;
         if (url === undefined) {
             url = new URL(MALLOY_INTERNAL_URL);
         }
@@ -79,7 +77,7 @@ class Malloy {
         }
         const translator = new lang_1.MalloyTranslator(url.toString(), importBaseURL.toString(), {
             urls: { [url.toString()]: source },
-        }, eventStream);
+        }, eventStream, (_a = options === null || options === void 0 ? void 0 : options.restrictedMode) !== null && _a !== void 0 ? _a : false);
         if (options === null || options === void 0 ? void 0 : options.testEnvironment) {
             translator.allDialectsEnabled = true;
         }
@@ -110,8 +108,19 @@ class Malloy {
      * @param model A compiled model to build upon (optional).
      * @return A (promise of a) compiled `Model`.
      */
-    static async compile({ url, source, parse, urlReader, connections, model, refreshSchemaCache, noThrowOnError, eventStream, importBaseURL, cacheManager, }) {
+    static async compile(req) {
         var _a, _b, _c, _d, _e;
+        let { url, source, importBaseURL, cacheManager } = req;
+        const { parse, urlReader, connections, model, refreshSchemaCache, noThrowOnError, eventStream, restrictedMode, } = req;
+        if (restrictedMode) {
+            // Restricted-mode compiles do not participate in the model-def
+            // cache. The cache key is the URL, but restricted vs. unrestricted
+            // produces different validation outcomes, so allowing a restricted
+            // compile to serve from (or write to) the same cache as
+            // unrestricted compiles would let restricted mode be bypassed by a
+            // prior unrestricted compile of the same URL.
+            cacheManager = undefined;
+        }
         let refreshTimestamp;
         if (refreshSchemaCache) {
             refreshTimestamp =
@@ -145,6 +154,13 @@ class Malloy {
         // It's not cached, so we may need to get the actual source
         const _url = url.toString();
         if (parse !== undefined) {
+            // A pre-parsed translator's restrictedMode was fixed at parse
+            // time and cannot be changed here. Loudly reject mismatched
+            // requests rather than silently inheriting the parse-time value.
+            if (restrictedMode !== undefined &&
+                parse._translator.restrictedMode !== restrictedMode) {
+                throw new Error(`Malloy.compile: restrictedMode (${restrictedMode}) does not match the pre-parsed translator's restrictedMode (${parse._translator.restrictedMode}). Set restrictedMode at parse time.`);
+            }
             translator = parse._translator;
             const invalidationKey = (_a = parse._invalidationKey) !== null && _a !== void 0 ? _a : (await (0, readers_1.getInvalidationKey)(urlReader, url));
             invalidationKeys[_url] = invalidationKey;
@@ -161,7 +177,7 @@ class Malloy {
             }
             translator = new lang_1.MalloyTranslator(_url, importBaseURL.toString(), {
                 urls: { [_url]: source },
-            }, eventStream);
+            }, eventStream, restrictedMode !== null && restrictedMode !== void 0 ? restrictedMode : false);
         }
         for (;;) {
             const result = translator.translate(model === null || model === void 0 ? void 0 : model._modelDef);

package/dist/api/foundation/config.d.ts

@@ -40,9 +40,7 @@ export declare class Manifest {
      */
     get strict(): boolean;
     set strict(value: boolean);
-    /**
-     * Add or replace a manifest entry. Also marks it as touched.
-     */
+    /** Add or replace a manifest entry. Also marks it as touched. */
     update(buildId: BuildID, entry: BuildManifestEntry): void;
     /**
      * Mark an existing entry as active without changing it.
@@ -257,3 +255,4 @@ export declare class MalloyConfig {
      */
     readOverlay(overlayName: string, ...path: string[]): Promise<unknown>;
 }
+export declare function isBuildManifestEntry(value: unknown): value is BuildManifestEntry;

package/dist/api/foundation/config.js

@@ -5,10 +5,12 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MalloyConfig = exports.Manifest = void 0;
+exports.isBuildManifestEntry = isBuildManifestEntry;
 const config_compile_1 = require("./config_compile");
 const config_resolve_1 = require("./config_resolve");
 const config_lookup_1 = require("./config_lookup");
 const config_overlays_1 = require("./config_overlays");
+const validate_table_path_1 = require("../../connection/validate_table_path");
 /**
  * In-memory manifest store. Reads, updates, and serializes manifest data.
  *
@@ -61,10 +63,9 @@ class Manifest {
     set strict(value) {
         this._manifest.strict = value;
     }
-    /**
-     * Add or replace a manifest entry. Also marks it as touched.
-     */
+    /** Add or replace a manifest entry. Also marks it as touched. */
     update(buildId, entry) {
+        (0, validate_table_path_1.requireCanonicalTablePathAnyDialect)(entry.tableName, `Manifest entry '${buildId}'`);
         this._manifest.entries[buildId] = entry;
         this._touched.add(buildId);
     }
@@ -102,9 +103,10 @@ class Manifest {
         // Old format: {buildId: {tableName}, ...} (flat record, no "entries" key)
         const rawEntries = isRecord(parsed['entries']) ? parsed['entries'] : parsed;
         for (const [key, val] of Object.entries(rawEntries)) {
-            if (key !== 'strict' && isBuildManifestEntry(val)) {
-                this._manifest.entries[key] = val;
-            }
+            if (key === 'strict' || !isBuildManifestEntry(val))
+                continue;
+            (0, validate_table_path_1.requireCanonicalTablePathAnyDialect)(val.tableName, `Manifest entry '${key}'`);
+            this._manifest.entries[key] = val;
         }
     }
 }
@@ -166,7 +168,7 @@ class MalloyConfig {
         this._managedLookup = (0, config_lookup_1.buildManagedLookup)(prepared.compiledConnections, mergedOverlays, log);
         this._connections = this._managedLookup;
         this._overlays = mergedOverlays;
-        this.virtualMap = toVirtualMap(prepared.virtualMap);
+        this.virtualMap = toVirtualMap(prepared.virtualMap, log);
         this.configURL = configURL;
         this.rootDirectory = rootDirectory;
         this.manifestPath = prepared.manifestPath;
@@ -441,9 +443,10 @@ function validateURLString(value, fieldName, log) {
 }
 /**
  * Convert the raw virtualMap POJO shape (a dict of dicts of strings) into
- * the runtime Map-of-Maps representation that Runtime consumes.
+ * the runtime Map-of-Maps representation. Invalid entries are dropped and
+ * logged — they'd be pasted into FROM clauses downstream otherwise.
  */
-function toVirtualMap(raw) {
+function toVirtualMap(raw, log) {
     if (!isRecord(raw))
         return undefined;
     const outer = new Map();
@@ -452,9 +455,18 @@ function toVirtualMap(raw) {
             continue;
         const innerMap = new Map();
         for (const [virtualName, tablePath] of Object.entries(inner)) {
-            if (typeof tablePath === 'string') {
-                innerMap.set(virtualName, tablePath);
+            if (typeof tablePath !== 'string')
+                continue;
+            const invalid = (0, validate_table_path_1.validateCanonicalTablePathAnyDialect)(tablePath);
+            if (invalid !== undefined) {
+                log.push({
+                    message: `virtualMap entry '${connName}.${virtualName}': ${invalid}`,
+                    severity: 'error',
+                    code: 'config-validation',
+                });
+                continue;
             }
+            innerMap.set(virtualName, tablePath);
         }
         if (innerMap.size > 0)
             outer.set(connName, innerMap);

package/dist/api/foundation/core.js

@@ -1101,7 +1101,7 @@ class PersistSource {
         const sd = this.persistableDef;
         const queryModel = this.model.queryModel;
         if (sd.type === 'sql_select') {
-            return (0, model_1.getCompiledSQL)(sd, options !== null && options !== void 0 ? options : {}, path => this.dialect.quoteTablePath(path), (query, opts) => queryModel.compileQuery(query, opts).sql);
+            return (0, model_1.getCompiledSQL)(sd, options !== null && options !== void 0 ? options : {}, (query, opts) => queryModel.compileQuery(query, opts).sql);
         }
         else {
             const compiled = queryModel.compileQuery(sd.query, options);

package/dist/api/foundation/runtime.d.ts

@@ -1,6 +1,7 @@
 import type { Connection, LookupConnection } from '../../connection/types';
 import type { URLReader, EventStream } from '../../runtime_types';
 import type { ModelDef, Query as InternalQuery, SearchIndexResult, SearchValueMapResult, QueryRunStats, BuildManifest, GivenValue, VirtualMap } from '../../model';
+import type { LogMessage } from '../../lang';
 import type { Dialect } from '../../dialect';
 import type { RunSQLOptions } from '../../run_sql_options';
 import type { CacheManager } from './cache';
@@ -345,6 +346,50 @@ export declare class ModelMaterializer extends FluentState<Model> {
      * or loading further related objects.
      */
     loadQuery(query: QueryString | QueryURL, options?: ParseOptions & CompileOptions & CompileQueryOptions): QueryMaterializer;
+    /**
+     * Load a Malloy query whose text comes from an untrusted source — an
+     * MCP client, an LLM-authored query, a UI field, an HTTP request body
+     * — and should compile against this already-loaded trusted model.
+     * Use this in preference to `loadQuery` when the caller of your
+     * service is not the author of the model and may write Malloy that
+     * reaches past the model's curated surface.
+     *
+     * Restricted-mode compilation rejects these constructs:
+     *
+     * - `import` statements
+     * - `given:` declarations (restricted queries may still reference
+     *   givens the model declared, via `$NAME`)
+     * - `##!` compiler-flag annotations
+     * - `connection.table(...)` and `connection.sql(...)` source forms
+     * - `name!type(args)` raw-SQL function calls
+     * - The `sql_*` family of built-in functions (`sql_number`,
+     *   `sql_string`, `sql_date`, `sql_timestamp`, `sql_boolean`)
+     *
+     * The model's existing surface — sources, queries, dimensions,
+     * measures, functions, givens declared by the model author — is
+     * fully available regardless of whether the model's own definitions
+     * use any of the forbidden constructs.
+     *
+     * Errors reach the caller in the same way as any other Malloy
+     * compile: `.validate()` returns a `LogMessage[]`, and `.run()` /
+     * `.getPreparedResult()` / `.getSQL()` throw `MalloyError` whose
+     * `.problems` is the same array. The list holds every compile
+     * problem — ordinary translator and SQL-compile errors as well as
+     * restricted-mode rejections. The restricted-mode subset is
+     * identifiable by `code: 'restricted-construct-forbidden'` and
+     * `errorTag: 'restricted-mode'`; restricted-mode rejection messages
+     * quote the offending source text and state the rule. Multiple
+     * violations are reported in one compile.
+     *
+     * The input is required to be a string. Restricted text arrives from
+     * an untrusted caller as bytes the host already has in hand; there
+     * is no host-side trust mechanism for fetching it via a URL.
+     *
+     * @param text The Malloy text to compile as a restricted query.
+     * @return A `QueryMaterializer` capable of materializing or running
+     *   the query.
+     */
+    loadRestrictedQuery(text: string): QueryMaterializer;
     /**
      * Extend a Malloy model by URL or contents.
      *
@@ -404,16 +449,47 @@ export declare class ModelMaterializer extends FluentState<Model> {
      * @return A promise to the compiled model that is loaded.
      */
     getModel(): Promise<Model>;
+    /**
+     * Compile this model and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Only translator-time problems surface here; SQL-compile problems
+     * are per-query and live on `QueryMaterializer.validate()`.
+     *
+     * A subsequent `getModel()` reuses the cached materialize.
+     */
+    validate(): Promise<LogMessage[]>;
 }
-/**
- * An object representing the task of loading a `Query`, capable of
- * materializing the query (via `getPreparedQuery()`) or extending the task to load
- * prepared results or run the query (via e.g. `loadPreparedResult()` or `run()`).
- */
 export declare class QueryMaterializer extends FluentState<PreparedQuery> {
     protected runtime: Runtime;
     private readonly compileQueryOptions;
+    /**
+     * Memoizes the no-options compile so `validate()` + a follow-up
+     * `getPreparedResult()` / `run()` shares one compilation. Calls with
+     * explicit options bypass — options aren't hashed.
+     */
+    private _compileAttempt;
     constructor(runtime: Runtime, materialize: () => Promise<PreparedQuery>, options?: CompileQueryOptions);
+    /**
+     * `MalloyError` (translator) is unwrapped into its `problems` array.
+     * `MalloyCompileError` (SQL compiler) becomes one structured problem.
+     * Any other `Error` is treated as an invariant violation and surfaces
+     * as one `code: 'compiler-bug'` problem.
+     */
+    private _compileAndCollect;
+    private compileAttempt;
+    /**
+     * Compile this query and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Surfaces translator-time errors (may be several) and compile-time
+     * errors (at most one — the compiler is fail-fast). LogMessages carry
+     * `code` and, where the IR has it, `at: DocumentLocation`.
+     *
+     * A subsequent no-options `getPreparedResult()` / `getSQL()` / `run()`
+     * reuses the cached compile.
+     */
+    validate(options?: CompileQueryOptions): Promise<LogMessage[]>;
     /**
      * Run this loaded `Query`.
      *
@@ -431,6 +507,10 @@ export declare class QueryMaterializer extends FluentState<PreparedQuery> {
     /**
      * Materialize the prepared result of this loaded query.
      *
+     * Throws `MalloyError` on failure, with `.problems` populated for both
+     * translator and compiler errors. For non-throwing access to the same
+     * problem list, use `validate()`.
+     *
      * @return A promise of the prepared result of this loaded query.
      */
     getPreparedResult(options?: CompileQueryOptions): Promise<PreparedResult>;

package/dist/api/foundation/runtime.js

@@ -7,6 +7,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExploreMaterializer = exports.PreparedResultMaterializer = exports.QueryMaterializer = exports.ModelMaterializer = exports.SingleConnectionRuntime = exports.ConnectionRuntime = exports.Runtime = void 0;
 const model_1 = require("../../model");
 const dialect_1 = require("../../dialect");
+const validate_table_path_1 = require("../../connection/validate_table_path");
+const config_1 = require("./config");
 const row_data_utils_1 = require("../../api/row_data_utils");
 const readers_1 = require("./readers");
 const core_1 = require("./core");
@@ -221,6 +223,12 @@ class Runtime {
                     if (!isBuildManifestShape(parsed)) {
                         throw new Error('manifest is not an object with an "entries" map');
                     }
+                    for (const [buildId, entry] of Object.entries(parsed.entries)) {
+                        if (!(0, config_1.isBuildManifestEntry)(entry)) {
+                            throw new Error(`Manifest entry '${buildId}' is missing a string tableName`);
+                        }
+                        (0, validate_table_path_1.requireCanonicalTablePathAnyDialect)(entry.tableName, `Manifest entry '${buildId}'`);
+                    }
                     return parsed;
                 }
                 catch (e) {
@@ -502,7 +510,7 @@ class SingleConnectionRuntime extends Runtime {
     }
     // quote a column name
     quote(column) {
-        return (0, dialect_1.getDialect)(this.connection.dialectName).sqlMaybeQuoteIdentifier(column);
+        return (0, dialect_1.getDialect)(this.connection.dialectName).sqlQuoteIdentifier(column);
     }
     get dialect() {
         return (0, dialect_1.getDialect)(this.connection.dialectName);
@@ -606,6 +614,67 @@ class ModelMaterializer extends FluentState {
             return queryModel.preparedQuery;
         });
     }
+    /**
+     * Load a Malloy query whose text comes from an untrusted source — an
+     * MCP client, an LLM-authored query, a UI field, an HTTP request body
+     * — and should compile against this already-loaded trusted model.
+     * Use this in preference to `loadQuery` when the caller of your
+     * service is not the author of the model and may write Malloy that
+     * reaches past the model's curated surface.
+     *
+     * Restricted-mode compilation rejects these constructs:
+     *
+     * - `import` statements
+     * - `given:` declarations (restricted queries may still reference
+     *   givens the model declared, via `$NAME`)
+     * - `##!` compiler-flag annotations
+     * - `connection.table(...)` and `connection.sql(...)` source forms
+     * - `name!type(args)` raw-SQL function calls
+     * - The `sql_*` family of built-in functions (`sql_number`,
+     *   `sql_string`, `sql_date`, `sql_timestamp`, `sql_boolean`)
+     *
+     * The model's existing surface — sources, queries, dimensions,
+     * measures, functions, givens declared by the model author — is
+     * fully available regardless of whether the model's own definitions
+     * use any of the forbidden constructs.
+     *
+     * Errors reach the caller in the same way as any other Malloy
+     * compile: `.validate()` returns a `LogMessage[]`, and `.run()` /
+     * `.getPreparedResult()` / `.getSQL()` throw `MalloyError` whose
+     * `.problems` is the same array. The list holds every compile
+     * problem — ordinary translator and SQL-compile errors as well as
+     * restricted-mode rejections. The restricted-mode subset is
+     * identifiable by `code: 'restricted-construct-forbidden'` and
+     * `errorTag: 'restricted-mode'`; restricted-mode rejection messages
+     * quote the offending source text and state the rule. Multiple
+     * violations are reported in one compile.
+     *
+     * The input is required to be a string. Restricted text arrives from
+     * an untrusted caller as bytes the host already has in hand; there
+     * is no host-side trust mechanism for fetching it via a URL.
+     *
+     * @param text The Malloy text to compile as a restricted query.
+     * @return A `QueryMaterializer` capable of materializing or running
+     *   the query.
+     */
+    loadRestrictedQuery(text) {
+        return this.makeQueryMaterializer(async () => {
+            const urlReader = this.runtime.urlReader;
+            const connections = this.runtime.connections;
+            const testEnvironment = this.runtime.isTestRuntime ? true : undefined;
+            const model = await this.getModel();
+            const queryModel = await compile_1.Malloy.compile({
+                source: text,
+                restrictedMode: true,
+                urlReader,
+                connections,
+                model,
+                testEnvironment,
+                ...this.compileQueryOptions,
+            });
+            return queryModel.preparedQuery;
+        });
+    }
     /**
      * Extend a Malloy model by URL or contents.
      *
@@ -767,6 +836,36 @@ class ModelMaterializer extends FluentState {
     getModel() {
         return this.materialize();
     }
+    /**
+     * Compile this model and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Only translator-time problems surface here; SQL-compile problems
+     * are per-query and live on `QueryMaterializer.validate()`.
+     *
+     * A subsequent `getModel()` reuses the cached materialize.
+     */
+    async validate() {
+        try {
+            await this.materialize();
+            return [];
+        }
+        catch (e) {
+            if (e instanceof compile_1.MalloyError)
+                return e.problems;
+            if (e instanceof Error) {
+                return [
+                    {
+                        message: 'Internal compiler error (likely a Malloy bug — please file ' +
+                            `an issue): ${e.message}`,
+                        severity: 'error',
+                        code: 'compiler-bug',
+                    },
+                ];
+            }
+            throw e;
+        }
+    }
 }
 exports.ModelMaterializer = ModelMaterializer;
 // =============================================================================
@@ -779,17 +878,78 @@ function runSQLOptionsWithAnnotations(preparedResult, givenOptions) {
         ...givenOptions,
     };
 }
-/**
- * An object representing the task of loading a `Query`, capable of
- * materializing the query (via `getPreparedQuery()`) or extending the task to load
- * prepared results or run the query (via e.g. `loadPreparedResult()` or `run()`).
- */
 class QueryMaterializer extends FluentState {
     constructor(runtime, materialize, options) {
         super(runtime, materialize);
         this.runtime = runtime;
         this.compileQueryOptions = options;
     }
+    /**
+     * `MalloyError` (translator) is unwrapped into its `problems` array.
+     * `MalloyCompileError` (SQL compiler) becomes one structured problem.
+     * Any other `Error` is treated as an invariant violation and surfaces
+     * as one `code: 'compiler-bug'` problem.
+     */
+    async _compileAndCollect(options) {
+        try {
+            const preparedResult = await this.loadPreparedResult(options).getPreparedResult();
+            return { preparedResult, problems: [] };
+        }
+        catch (e) {
+            if (e instanceof compile_1.MalloyError) {
+                return { problems: e.problems };
+            }
+            if (e instanceof model_1.MalloyCompileError) {
+                return {
+                    problems: [
+                        {
+                            message: e.message,
+                            severity: 'error',
+                            code: e.code,
+                            at: e.at,
+                        },
+                    ],
+                };
+            }
+            if (e instanceof Error) {
+                return {
+                    problems: [
+                        {
+                            message: 'Internal compiler error (likely a Malloy bug — please file ' +
+                                `an issue): ${e.message}`,
+                            severity: 'error',
+                            code: 'compiler-bug',
+                        },
+                    ],
+                };
+            }
+            throw e;
+        }
+    }
+    compileAttempt(options) {
+        if (options === undefined && this._compileAttempt) {
+            return this._compileAttempt;
+        }
+        const p = this._compileAndCollect(options);
+        if (options === undefined) {
+            this._compileAttempt = p;
+        }
+        return p;
+    }
+    /**
+     * Compile this query and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Surfaces translator-time errors (may be several) and compile-time
+     * errors (at most one — the compiler is fail-fast). LogMessages carry
+     * `code` and, where the IR has it, `at: DocumentLocation`.
+     *
+     * A subsequent no-options `getPreparedResult()` / `getSQL()` / `run()`
+     * reuses the cached compile.
+     */
+    async validate(options) {
+        return (await this.compileAttempt(options)).problems;
+    }
     /**
      * Run this loaded `Query`.
      *
@@ -834,6 +994,11 @@ class QueryMaterializer extends FluentState {
             // Pass EMPTY_BUILD_MANIFEST in options to explicitly suppress manifest substitution.
             const explicitManifest = mergedOptions.buildManifest !== undefined;
             let buildManifest = (_a = mergedOptions.buildManifest) !== null && _a !== void 0 ? _a : (await this.runtime._resolveBuildManifest());
+            if (buildManifest) {
+                for (const [buildId, entry] of Object.entries(buildManifest.entries)) {
+                    (0, validate_table_path_1.requireCanonicalTablePathAnyDialect)(entry.tableName, `Manifest entry '${buildId}'`);
+                }
+            }
             // If we have a manifest with entries, compute connectionDigests for lookups.
             // TODO: This is inefficient - we call getBuildPlan just to find connection names.
             // Consider adding a listConnections() method to LookupConnection, or caching this.
@@ -849,7 +1014,9 @@ class QueryMaterializer extends FluentState {
                 if (!modelTag.has('experimental', 'persistence')) {
                     if (explicitManifest) {
                         // Explicitly passed non-empty manifest requires persistence support
-                        throw new Error('Model must have ##! experimental.persistence to use buildManifest');
+                        throw new model_1.MalloyCompileError('A non-empty `buildManifest` was supplied, but the model is ' +
+                            'missing `##! experimental.persistence`. Add the flag to the ' +
+                            'model or pass `EMPTY_BUILD_MANIFEST` to suppress substitution.', 'runtime-manifest-needs-persistence-flag', undefined);
                     }
                     // Runtime-level manifest (e.g. from config): silently ignore
                     buildManifest = undefined;
@@ -866,6 +1033,13 @@ class QueryMaterializer extends FluentState {
             }
             // Use virtualMap from options if provided, otherwise fall back to Runtime's.
             const virtualMap = (_b = mergedOptions.virtualMap) !== null && _b !== void 0 ? _b : this.runtime.virtualMap;
+            if (virtualMap) {
+                for (const [connName, inner] of virtualMap) {
+                    for (const [virtualName, tablePath] of inner) {
+                        (0, validate_table_path_1.requireCanonicalTablePathAnyDialect)(tablePath, `virtualMap entry '${connName}.${virtualName}'`);
+                    }
+                }
+            }
             // Per-query supply for a finalized given is rejected at API entry
             // — the finalized-givens set is the runtime's "this can't be
             // overridden by the caller" guarantee. Fail before any IO so misuse
@@ -874,7 +1048,8 @@ class QueryMaterializer extends FluentState {
             if (finalizedSet.size > 0 && mergedOptions.givens) {
                 for (const name of Object.keys(mergedOptions.givens)) {
                     if (finalizedSet.has(name)) {
-                        throw new Error(`Cannot supply '${name}' per-query: it is finalized at the runtime layer (config.finalizeGivens).`);
+                        throw new model_1.MalloyCompileError(`Cannot supply given '${name}' per-query: it is finalized at ` +
+                            'the runtime layer via `config.finalizeGivens`.', 'runtime-given-finalized', undefined);
                     }
                 }
             }
@@ -901,7 +1076,7 @@ class QueryMaterializer extends FluentState {
             const queryGivenUsage = (_c = preparedQuery._query.givenUsage) !== null && _c !== void 0 ? _c : [];
             if (finalizedSet.size > 0 && queryGivenUsage.length > 0) {
                 const referencedIds = new Set(queryGivenUsage.map(g => g.id));
-                const missing = [];
+                const missingProblems = [];
                 for (const [surfaceName, entry] of Object.entries(preparedQuery._modelDef.contents)) {
                     if (entry.type !== 'given')
                         continue;
@@ -911,10 +1086,18 @@ class QueryMaterializer extends FluentState {
                         continue;
                     if (mergedGivens && surfaceName in mergedGivens)
                         continue;
-                    missing.push(surfaceName);
+                    const firstUse = queryGivenUsage.find(u => u.id === entry.id);
+                    missingProblems.push({
+                        message: `Finalized given '${surfaceName}' has no resolved value. ` +
+                            'It must be supplied in `givensPath` or in the Runtime ' +
+                            "constructor's `givens`.",
+                        severity: 'error',
+                        code: 'runtime-given-finalized-missing',
+                        at: firstUse === null || firstUse === void 0 ? void 0 : firstUse.at,
+                    });
                 }
-                if (missing.length > 0) {
-                    throw new Error(`Query references finalized given(s) with no resolved value: ${missing.join(', ')}. Each finalized given the query needs must have a value in givensPath or in the Runtime constructor's \`givens\`.`);
+                if (missingProblems.length > 0) {
+                    throw new compile_1.MalloyError(missingProblems.map(p => p.message).join('\n'), missingProblems);
                 }
             }
             // Build PrepareResultOptions from CompileQueryOptions + connectionDigests.
@@ -934,10 +1117,17 @@ class QueryMaterializer extends FluentState {
     /**
      * Materialize the prepared result of this loaded query.
      *
+     * Throws `MalloyError` on failure, with `.problems` populated for both
+     * translator and compiler errors. For non-throwing access to the same
+     * problem list, use `validate()`.
+     *
      * @return A promise of the prepared result of this loaded query.
      */
-    getPreparedResult(options) {
-        return this.loadPreparedResult(options).getPreparedResult();
+    async getPreparedResult(options) {
+        const attempt = await this.compileAttempt(options);
+        if (attempt.preparedResult)
+            return attempt.preparedResult;
+        throw new compile_1.MalloyError(attempt.problems.map(p => p.message).join('\n') || 'Compilation failed.', attempt.problems);
     }
     /**
      * Materialize the SQL of this loaded query.

package/dist/api/foundation/types.d.ts

@@ -19,6 +19,8 @@ export interface Loggable {
 export interface ParseOptions {
     importBaseURL?: URL;
     testEnvironment?: boolean;
+    /** Reject language constructs that reach outside the trusted model. */
+    restrictedMode?: boolean;
 }
 /** Options for how to run the Malloy semantic checker/translator */
 export interface CompileOptions {

package/dist/api/util.js

@@ -13,6 +13,7 @@ exports.mapData = mapData;
 exports.wrapResult = wrapResult;
 exports.nodeToLiteralValue = nodeToLiteralValue;
 exports.mapLogs = mapLogs;
+const validate_table_path_1 = require("../connection/validate_table_path");
 const to_stable_1 = require("../to_stable");
 const row_data_utils_1 = require("./row_data_utils");
 function wrapLegacyInfoConnection(connection) {
@@ -31,6 +32,9 @@ function wrapLegacyInfoConnection(connection) {
             };
         },
         async fetchSchemaForTable(tableName) {
+            const invalid = (0, validate_table_path_1.validateCanonicalTablePath)(connection.dialectName, tableName);
+            if (invalid !== undefined)
+                throw new Error(invalid);
             const key = `${connection.name}:${tableName}`;
             const result = await connection.fetchSchemaForTables({ [key]: tableName }, {});
             const table = result.schemas[key];