@malloydata/malloy 0.0.395 → 0.0.396

package/dist/api/foundation/compile.d.ts

@@ -54,6 +54,12 @@ export declare class MalloyError extends Error {
      */
     constructor(message: string, problems?: LogMessage[]);
 }
+type CompileRequest = Compilable & CompileOptions & CompileQueryOptions & ParseOptions & {
+    urlReader: URLReader;
+    connections: LookupConnection<InfoConnection>;
+    model?: Model;
+    cacheManager?: CacheManager;
+};
 export declare class Malloy {
     static get version(): string;
     /**
@@ -109,12 +115,7 @@ export declare class Malloy {
      * @param model A compiled model to build upon (optional).
      * @return A (promise of a) compiled `Model`.
      */
-    static compile({ url, source, parse, urlReader, connections, model, refreshSchemaCache, noThrowOnError, eventStream, importBaseURL, cacheManager, }: {
-        urlReader: URLReader;
-        connections: LookupConnection<InfoConnection>;
-        model?: Model;
-        cacheManager?: CacheManager;
-    } & Compilable & CompileOptions & CompileQueryOptions & ParseOptions): Promise<Model>;
+    static compile(req: CompileRequest): Promise<Model>;
     /**
      * A dialect must provide a response for every table, or the translator loop
      * will never exit. Because there was a time when this happened, we throw

package/dist/api/foundation/compile.js

@@ -37,9 +37,6 @@ class MalloyError extends Error {
     }
 }
 exports.MalloyError = MalloyError;
-// =============================================================================
-// Malloy Static Class
-// =============================================================================
 class Malloy {
     static get version() {
         return version_1.MALLOY_VERSION;
@@ -70,6 +67,7 @@ class Malloy {
         return (0, registry_1.getRegisteredConnectionTypes)();
     }
     static _parse(source, url, eventStream, options, invalidationKey) {
+        var _a;
         if (url === undefined) {
             url = new URL(MALLOY_INTERNAL_URL);
         }
@@ -79,7 +77,7 @@ class Malloy {
         }
         const translator = new lang_1.MalloyTranslator(url.toString(), importBaseURL.toString(), {
             urls: { [url.toString()]: source },
-        }, eventStream);
+        }, eventStream, (_a = options === null || options === void 0 ? void 0 : options.restrictedMode) !== null && _a !== void 0 ? _a : false);
         if (options === null || options === void 0 ? void 0 : options.testEnvironment) {
             translator.allDialectsEnabled = true;
         }
@@ -110,8 +108,19 @@ class Malloy {
      * @param model A compiled model to build upon (optional).
      * @return A (promise of a) compiled `Model`.
      */
-    static async compile({ url, source, parse, urlReader, connections, model, refreshSchemaCache, noThrowOnError, eventStream, importBaseURL, cacheManager, }) {
+    static async compile(req) {
         var _a, _b, _c, _d, _e;
+        let { url, source, importBaseURL, cacheManager } = req;
+        const { parse, urlReader, connections, model, refreshSchemaCache, noThrowOnError, eventStream, restrictedMode, } = req;
+        if (restrictedMode) {
+            // Restricted-mode compiles do not participate in the model-def
+            // cache. The cache key is the URL, but restricted vs. unrestricted
+            // produces different validation outcomes, so allowing a restricted
+            // compile to serve from (or write to) the same cache as
+            // unrestricted compiles would let restricted mode be bypassed by a
+            // prior unrestricted compile of the same URL.
+            cacheManager = undefined;
+        }
         let refreshTimestamp;
         if (refreshSchemaCache) {
             refreshTimestamp =
@@ -145,6 +154,13 @@ class Malloy {
         // It's not cached, so we may need to get the actual source
         const _url = url.toString();
         if (parse !== undefined) {
+            // A pre-parsed translator's restrictedMode was fixed at parse
+            // time and cannot be changed here. Loudly reject mismatched
+            // requests rather than silently inheriting the parse-time value.
+            if (restrictedMode !== undefined &&
+                parse._translator.restrictedMode !== restrictedMode) {
+                throw new Error(`Malloy.compile: restrictedMode (${restrictedMode}) does not match the pre-parsed translator's restrictedMode (${parse._translator.restrictedMode}). Set restrictedMode at parse time.`);
+            }
             translator = parse._translator;
             const invalidationKey = (_a = parse._invalidationKey) !== null && _a !== void 0 ? _a : (await (0, readers_1.getInvalidationKey)(urlReader, url));
             invalidationKeys[_url] = invalidationKey;
@@ -161,7 +177,7 @@ class Malloy {
             }
             translator = new lang_1.MalloyTranslator(_url, importBaseURL.toString(), {
                 urls: { [_url]: source },
-            }, eventStream);
+            }, eventStream, restrictedMode !== null && restrictedMode !== void 0 ? restrictedMode : false);
         }
         for (;;) {
             const result = translator.translate(model === null || model === void 0 ? void 0 : model._modelDef);

package/dist/api/foundation/runtime.d.ts

@@ -1,6 +1,7 @@
 import type { Connection, LookupConnection } from '../../connection/types';
 import type { URLReader, EventStream } from '../../runtime_types';
 import type { ModelDef, Query as InternalQuery, SearchIndexResult, SearchValueMapResult, QueryRunStats, BuildManifest, GivenValue, VirtualMap } from '../../model';
+import type { LogMessage } from '../../lang';
 import type { Dialect } from '../../dialect';
 import type { RunSQLOptions } from '../../run_sql_options';
 import type { CacheManager } from './cache';
@@ -345,6 +346,50 @@ export declare class ModelMaterializer extends FluentState<Model> {
      * or loading further related objects.
      */
     loadQuery(query: QueryString | QueryURL, options?: ParseOptions & CompileOptions & CompileQueryOptions): QueryMaterializer;
+    /**
+     * Load a Malloy query whose text comes from an untrusted source — an
+     * MCP client, an LLM-authored query, a UI field, an HTTP request body
+     * — and should compile against this already-loaded trusted model.
+     * Use this in preference to `loadQuery` when the caller of your
+     * service is not the author of the model and may write Malloy that
+     * reaches past the model's curated surface.
+     *
+     * Restricted-mode compilation rejects these constructs:
+     *
+     * - `import` statements
+     * - `given:` declarations (restricted queries may still reference
+     *   givens the model declared, via `$NAME`)
+     * - `##!` compiler-flag annotations
+     * - `connection.table(...)` and `connection.sql(...)` source forms
+     * - `name!type(args)` raw-SQL function calls
+     * - The `sql_*` family of built-in functions (`sql_number`,
+     *   `sql_string`, `sql_date`, `sql_timestamp`, `sql_boolean`)
+     *
+     * The model's existing surface — sources, queries, dimensions,
+     * measures, functions, givens declared by the model author — is
+     * fully available regardless of whether the model's own definitions
+     * use any of the forbidden constructs.
+     *
+     * Errors reach the caller in the same way as any other Malloy
+     * compile: `.validate()` returns a `LogMessage[]`, and `.run()` /
+     * `.getPreparedResult()` / `.getSQL()` throw `MalloyError` whose
+     * `.problems` is the same array. The list holds every compile
+     * problem — ordinary translator and SQL-compile errors as well as
+     * restricted-mode rejections. The restricted-mode subset is
+     * identifiable by `code: 'restricted-construct-forbidden'` and
+     * `errorTag: 'restricted-mode'`; restricted-mode rejection messages
+     * quote the offending source text and state the rule. Multiple
+     * violations are reported in one compile.
+     *
+     * The input is required to be a string. Restricted text arrives from
+     * an untrusted caller as bytes the host already has in hand; there
+     * is no host-side trust mechanism for fetching it via a URL.
+     *
+     * @param text The Malloy text to compile as a restricted query.
+     * @return A `QueryMaterializer` capable of materializing or running
+     *   the query.
+     */
+    loadRestrictedQuery(text: string): QueryMaterializer;
     /**
      * Extend a Malloy model by URL or contents.
      *
@@ -404,16 +449,47 @@ export declare class ModelMaterializer extends FluentState<Model> {
      * @return A promise to the compiled model that is loaded.
      */
     getModel(): Promise<Model>;
+    /**
+     * Compile this model and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Only translator-time problems surface here; SQL-compile problems
+     * are per-query and live on `QueryMaterializer.validate()`.
+     *
+     * A subsequent `getModel()` reuses the cached materialize.
+     */
+    validate(): Promise<LogMessage[]>;
 }
-/**
- * An object representing the task of loading a `Query`, capable of
- * materializing the query (via `getPreparedQuery()`) or extending the task to load
- * prepared results or run the query (via e.g. `loadPreparedResult()` or `run()`).
- */
 export declare class QueryMaterializer extends FluentState<PreparedQuery> {
     protected runtime: Runtime;
     private readonly compileQueryOptions;
+    /**
+     * Memoizes the no-options compile so `validate()` + a follow-up
+     * `getPreparedResult()` / `run()` shares one compilation. Calls with
+     * explicit options bypass — options aren't hashed.
+     */
+    private _compileAttempt;
     constructor(runtime: Runtime, materialize: () => Promise<PreparedQuery>, options?: CompileQueryOptions);
+    /**
+     * `MalloyError` (translator) is unwrapped into its `problems` array.
+     * `MalloyCompileError` (SQL compiler) becomes one structured problem.
+     * Any other `Error` is treated as an invariant violation and surfaces
+     * as one `code: 'compiler-bug'` problem.
+     */
+    private _compileAndCollect;
+    private compileAttempt;
+    /**
+     * Compile this query and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Surfaces translator-time errors (may be several) and compile-time
+     * errors (at most one — the compiler is fail-fast). LogMessages carry
+     * `code` and, where the IR has it, `at: DocumentLocation`.
+     *
+     * A subsequent no-options `getPreparedResult()` / `getSQL()` / `run()`
+     * reuses the cached compile.
+     */
+    validate(options?: CompileQueryOptions): Promise<LogMessage[]>;
     /**
      * Run this loaded `Query`.
      *
@@ -431,6 +507,10 @@ export declare class QueryMaterializer extends FluentState<PreparedQuery> {
     /**
      * Materialize the prepared result of this loaded query.
      *
+     * Throws `MalloyError` on failure, with `.problems` populated for both
+     * translator and compiler errors. For non-throwing access to the same
+     * problem list, use `validate()`.
+     *
      * @return A promise of the prepared result of this loaded query.
      */
     getPreparedResult(options?: CompileQueryOptions): Promise<PreparedResult>;

package/dist/api/foundation/runtime.js

@@ -614,6 +614,67 @@ class ModelMaterializer extends FluentState {
             return queryModel.preparedQuery;
         });
     }
+    /**
+     * Load a Malloy query whose text comes from an untrusted source — an
+     * MCP client, an LLM-authored query, a UI field, an HTTP request body
+     * — and should compile against this already-loaded trusted model.
+     * Use this in preference to `loadQuery` when the caller of your
+     * service is not the author of the model and may write Malloy that
+     * reaches past the model's curated surface.
+     *
+     * Restricted-mode compilation rejects these constructs:
+     *
+     * - `import` statements
+     * - `given:` declarations (restricted queries may still reference
+     *   givens the model declared, via `$NAME`)
+     * - `##!` compiler-flag annotations
+     * - `connection.table(...)` and `connection.sql(...)` source forms
+     * - `name!type(args)` raw-SQL function calls
+     * - The `sql_*` family of built-in functions (`sql_number`,
+     *   `sql_string`, `sql_date`, `sql_timestamp`, `sql_boolean`)
+     *
+     * The model's existing surface — sources, queries, dimensions,
+     * measures, functions, givens declared by the model author — is
+     * fully available regardless of whether the model's own definitions
+     * use any of the forbidden constructs.
+     *
+     * Errors reach the caller in the same way as any other Malloy
+     * compile: `.validate()` returns a `LogMessage[]`, and `.run()` /
+     * `.getPreparedResult()` / `.getSQL()` throw `MalloyError` whose
+     * `.problems` is the same array. The list holds every compile
+     * problem — ordinary translator and SQL-compile errors as well as
+     * restricted-mode rejections. The restricted-mode subset is
+     * identifiable by `code: 'restricted-construct-forbidden'` and
+     * `errorTag: 'restricted-mode'`; restricted-mode rejection messages
+     * quote the offending source text and state the rule. Multiple
+     * violations are reported in one compile.
+     *
+     * The input is required to be a string. Restricted text arrives from
+     * an untrusted caller as bytes the host already has in hand; there
+     * is no host-side trust mechanism for fetching it via a URL.
+     *
+     * @param text The Malloy text to compile as a restricted query.
+     * @return A `QueryMaterializer` capable of materializing or running
+     *   the query.
+     */
+    loadRestrictedQuery(text) {
+        return this.makeQueryMaterializer(async () => {
+            const urlReader = this.runtime.urlReader;
+            const connections = this.runtime.connections;
+            const testEnvironment = this.runtime.isTestRuntime ? true : undefined;
+            const model = await this.getModel();
+            const queryModel = await compile_1.Malloy.compile({
+                source: text,
+                restrictedMode: true,
+                urlReader,
+                connections,
+                model,
+                testEnvironment,
+                ...this.compileQueryOptions,
+            });
+            return queryModel.preparedQuery;
+        });
+    }
     /**
      * Extend a Malloy model by URL or contents.
      *
@@ -775,6 +836,36 @@ class ModelMaterializer extends FluentState {
     getModel() {
         return this.materialize();
     }
+    /**
+     * Compile this model and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Only translator-time problems surface here; SQL-compile problems
+     * are per-query and live on `QueryMaterializer.validate()`.
+     *
+     * A subsequent `getModel()` reuses the cached materialize.
+     */
+    async validate() {
+        try {
+            await this.materialize();
+            return [];
+        }
+        catch (e) {
+            if (e instanceof compile_1.MalloyError)
+                return e.problems;
+            if (e instanceof Error) {
+                return [
+                    {
+                        message: 'Internal compiler error (likely a Malloy bug — please file ' +
+                            `an issue): ${e.message}`,
+                        severity: 'error',
+                        code: 'compiler-bug',
+                    },
+                ];
+            }
+            throw e;
+        }
+    }
 }
 exports.ModelMaterializer = ModelMaterializer;
 // =============================================================================
@@ -787,17 +878,78 @@ function runSQLOptionsWithAnnotations(preparedResult, givenOptions) {
         ...givenOptions,
     };
 }
-/**
- * An object representing the task of loading a `Query`, capable of
- * materializing the query (via `getPreparedQuery()`) or extending the task to load
- * prepared results or run the query (via e.g. `loadPreparedResult()` or `run()`).
- */
 class QueryMaterializer extends FluentState {
     constructor(runtime, materialize, options) {
         super(runtime, materialize);
         this.runtime = runtime;
         this.compileQueryOptions = options;
     }
+    /**
+     * `MalloyError` (translator) is unwrapped into its `problems` array.
+     * `MalloyCompileError` (SQL compiler) becomes one structured problem.
+     * Any other `Error` is treated as an invariant violation and surfaces
+     * as one `code: 'compiler-bug'` problem.
+     */
+    async _compileAndCollect(options) {
+        try {
+            const preparedResult = await this.loadPreparedResult(options).getPreparedResult();
+            return { preparedResult, problems: [] };
+        }
+        catch (e) {
+            if (e instanceof compile_1.MalloyError) {
+                return { problems: e.problems };
+            }
+            if (e instanceof model_1.MalloyCompileError) {
+                return {
+                    problems: [
+                        {
+                            message: e.message,
+                            severity: 'error',
+                            code: e.code,
+                            at: e.at,
+                        },
+                    ],
+                };
+            }
+            if (e instanceof Error) {
+                return {
+                    problems: [
+                        {
+                            message: 'Internal compiler error (likely a Malloy bug — please file ' +
+                                `an issue): ${e.message}`,
+                            severity: 'error',
+                            code: 'compiler-bug',
+                        },
+                    ],
+                };
+            }
+            throw e;
+        }
+    }
+    compileAttempt(options) {
+        if (options === undefined && this._compileAttempt) {
+            return this._compileAttempt;
+        }
+        const p = this._compileAndCollect(options);
+        if (options === undefined) {
+            this._compileAttempt = p;
+        }
+        return p;
+    }
+    /**
+     * Compile this query and return any problems as structured
+     * `LogMessage`s; empty array means clean. Non-throwing.
+     *
+     * Surfaces translator-time errors (may be several) and compile-time
+     * errors (at most one — the compiler is fail-fast). LogMessages carry
+     * `code` and, where the IR has it, `at: DocumentLocation`.
+     *
+     * A subsequent no-options `getPreparedResult()` / `getSQL()` / `run()`
+     * reuses the cached compile.
+     */
+    async validate(options) {
+        return (await this.compileAttempt(options)).problems;
+    }
     /**
      * Run this loaded `Query`.
      *
@@ -862,7 +1014,9 @@ class QueryMaterializer extends FluentState {
                 if (!modelTag.has('experimental', 'persistence')) {
                     if (explicitManifest) {
                         // Explicitly passed non-empty manifest requires persistence support
-                        throw new Error('Model must have ##! experimental.persistence to use buildManifest');
+                        throw new model_1.MalloyCompileError('A non-empty `buildManifest` was supplied, but the model is ' +
+                            'missing `##! experimental.persistence`. Add the flag to the ' +
+                            'model or pass `EMPTY_BUILD_MANIFEST` to suppress substitution.', 'runtime-manifest-needs-persistence-flag', undefined);
                     }
                     // Runtime-level manifest (e.g. from config): silently ignore
                     buildManifest = undefined;
@@ -894,7 +1048,8 @@ class QueryMaterializer extends FluentState {
             if (finalizedSet.size > 0 && mergedOptions.givens) {
                 for (const name of Object.keys(mergedOptions.givens)) {
                     if (finalizedSet.has(name)) {
-                        throw new Error(`Cannot supply '${name}' per-query: it is finalized at the runtime layer (config.finalizeGivens).`);
+                        throw new model_1.MalloyCompileError(`Cannot supply given '${name}' per-query: it is finalized at ` +
+                            'the runtime layer via `config.finalizeGivens`.', 'runtime-given-finalized', undefined);
                     }
                 }
             }
@@ -921,7 +1076,7 @@ class QueryMaterializer extends FluentState {
             const queryGivenUsage = (_c = preparedQuery._query.givenUsage) !== null && _c !== void 0 ? _c : [];
             if (finalizedSet.size > 0 && queryGivenUsage.length > 0) {
                 const referencedIds = new Set(queryGivenUsage.map(g => g.id));
-                const missing = [];
+                const missingProblems = [];
                 for (const [surfaceName, entry] of Object.entries(preparedQuery._modelDef.contents)) {
                     if (entry.type !== 'given')
                         continue;
@@ -931,10 +1086,18 @@ class QueryMaterializer extends FluentState {
                         continue;
                     if (mergedGivens && surfaceName in mergedGivens)
                         continue;
-                    missing.push(surfaceName);
+                    const firstUse = queryGivenUsage.find(u => u.id === entry.id);
+                    missingProblems.push({
+                        message: `Finalized given '${surfaceName}' has no resolved value. ` +
+                            'It must be supplied in `givensPath` or in the Runtime ' +
+                            "constructor's `givens`.",
+                        severity: 'error',
+                        code: 'runtime-given-finalized-missing',
+                        at: firstUse === null || firstUse === void 0 ? void 0 : firstUse.at,
+                    });
                 }
-                if (missing.length > 0) {
-                    throw new Error(`Query references finalized given(s) with no resolved value: ${missing.join(', ')}. Each finalized given the query needs must have a value in givensPath or in the Runtime constructor's \`givens\`.`);
+                if (missingProblems.length > 0) {
+                    throw new compile_1.MalloyError(missingProblems.map(p => p.message).join('\n'), missingProblems);
                 }
             }
             // Build PrepareResultOptions from CompileQueryOptions + connectionDigests.
@@ -954,10 +1117,17 @@ class QueryMaterializer extends FluentState {
     /**
      * Materialize the prepared result of this loaded query.
      *
+     * Throws `MalloyError` on failure, with `.problems` populated for both
+     * translator and compiler errors. For non-throwing access to the same
+     * problem list, use `validate()`.
+     *
      * @return A promise of the prepared result of this loaded query.
      */
-    getPreparedResult(options) {
-        return this.loadPreparedResult(options).getPreparedResult();
+    async getPreparedResult(options) {
+        const attempt = await this.compileAttempt(options);
+        if (attempt.preparedResult)
+            return attempt.preparedResult;
+        throw new compile_1.MalloyError(attempt.problems.map(p => p.message).join('\n') || 'Compilation failed.', attempt.problems);
     }
     /**
      * Materialize the SQL of this loaded query.

package/dist/api/foundation/types.d.ts

@@ -19,6 +19,8 @@ export interface Loggable {
 export interface ParseOptions {
     importBaseURL?: URL;
     testEnvironment?: boolean;
+    /** Reject language constructs that reach outside the trusted model. */
+    restrictedMode?: boolean;
 }
 /** Options for how to run the Malloy semantic checker/translator */
 export interface CompileOptions {

package/dist/lang/ast/expressions/expr-func.js

@@ -58,13 +58,25 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExprFunc = void 0;
 const malloy_types_1 = require("../../../model/malloy_types");
 const ast_utils_1 = require("../ast-utils");
+const utils_1 = require("../../../model/utils");
 const struct_space_field_base_1 = require("../field-space/struct-space-field-base");
 const expr_value_1 = require("../types/expr-value");
 const expression_def_1 = require("../types/expression-def");
 const field_space_1 = require("../types/field-space");
-const utils_1 = require("../../../model/utils");
+const utils_2 = require("../../../model/utils");
 const TDU = __importStar(require("../typedesc-utils"));
 const composite_source_utils_1 = require("../../composite-source-utils");
+// Built-in functions that take a string literal of user-supplied SQL
+// and emit it directly. Gated by experimental.sql_functions in plain
+// Malloy; rejected unconditionally in restricted queries because they
+// are a raw-SQL escape hatch by definition.
+const SQL_FUNCTION_NAMES = [
+    'sql_number',
+    'sql_string',
+    'sql_date',
+    'sql_timestamp',
+    'sql_boolean',
+];
 class ExprFunc extends expression_def_1.ExpressionDef {
     constructor(name, args, isRaw, explicitType, source) {
         super({ args: args });
@@ -86,6 +98,12 @@ class ExprFunc extends expression_def_1.ExpressionDef {
         return true;
     }
     getExpression(fs) {
+        if (this.isRaw && this.isRestricted()) {
+            const typeStr = this.explicitType
+                ? (0, utils_1.typeDefToString)(this.explicitType)
+                : '';
+            return this.loggedErrorExpr('restricted-construct-forbidden', `\`${this.name}!${typeStr}(...)\` cannot be used in a restricted query — direct SQL function calls (\`!type(...)\`) are not permitted.`);
+        }
         return this.getPropsExpression(fs);
     }
     findFunctionDef(dialect) {
@@ -126,7 +144,7 @@ class ExprFunc extends expression_def_1.ExpressionDef {
             const dataType = (_b = this.explicitType) !== null && _b !== void 0 ? _b : inferredType;
             return (0, expr_value_1.computedExprValue)({
                 dataType,
-                value: (0, utils_1.composeSQLExpr)(funcCall),
+                value: (0, utils_2.composeSQLExpr)(funcCall),
                 from: argExprsWithoutImplicit,
             });
         }
@@ -290,13 +308,10 @@ class ExprFunc extends expression_def_1.ExpressionDef {
             frag.partitionBy = partitionByFields;
         }
         const sqlFunctionFieldUsage = [];
-        if ([
-            'sql_number',
-            'sql_string',
-            'sql_date',
-            'sql_timestamp',
-            'sql_boolean',
-        ].includes(func.name)) {
+        if (SQL_FUNCTION_NAMES.includes(func.name)) {
+            if (this.isRestricted()) {
+                return this.loggedErrorExpr('restricted-construct-forbidden', `\`${this.name}(...)\` cannot be used in a restricted query — the \`sql_*\` function family emits user-supplied SQL directly, which is not permitted.`);
+            }
             if (!this.inExperiment('sql_functions', true)) {
                 return this.loggedErrorExpr('sql-functions-experiment-not-enabled', `Cannot use sql_function \`${func.name}\`; use \`sql_functions\` experiment to enable this behavior`);
             }
@@ -327,7 +342,11 @@ class ExprFunc extends expression_def_1.ExpressionDef {
                             return this.loggedErrorExpr('filter-expression-error', 'Filter expressions cannot be used in sql_ functions');
                         }
                         if (result.found.refType === 'parameter') {
-                            expr.push({ node: 'parameter', path: part.path });
+                            expr.push({
+                                node: 'parameter',
+                                path: part.path,
+                                at: this.args[0].location,
+                            });
                         }
                         else {
                             sqlFunctionFieldUsage.push({
@@ -343,7 +362,7 @@ class ExprFunc extends expression_def_1.ExpressionDef {
                         }
                     }
                 }
-                funcCall = (0, utils_1.composeSQLExpr)(expr);
+                funcCall = (0, utils_2.composeSQLExpr)(expr);
             }
         }
         const maxEvalSpace = (0, malloy_types_1.mergeEvalSpaces)(...argExprs.map(e => e.evalSpace));

package/dist/lang/ast/expressions/expr-given.js

@@ -55,6 +55,7 @@ class GivenReference extends expression_def_1.ExpressionDef {
             node: 'given',
             id: entry.id,
             refName: this.name,
+            at: this.location,
         };
         return {
             ...(0, expr_value_1.literalExprValue)({ value: refNode, dataType: given.type }),

package/dist/lang/ast/field-space/reference-field.js

@@ -88,7 +88,7 @@ class ReferenceField extends space_field_1.SpaceField {
                 if (malloy_types_1.TD.isAtomic(foundType)) {
                     this.queryFieldDef = {
                         ...(0, malloy_types_1.mkFieldDef)(TDU.atomicDef(foundType), path[0]),
-                        e: { node: 'parameter', path },
+                        e: { node: 'parameter', path, at: this.fieldRef.location },
                     };
                 }
                 else {

package/dist/lang/ast/source-elements/sql-source.js

@@ -100,6 +100,10 @@ class SQLSource extends source_1.Source {
     }
     getSourceDef() {
         var _a;
+        if (this.isRestricted()) {
+            this.logError('restricted-construct-forbidden', `\`${this.connectionName.refString}.sql(...)\` cannot be used in a restricted query — raw SQL is not permitted.`);
+            return error_factory_1.ErrorFactory.structDef;
+        }
         if (!this.validateConnectionName()) {
             return error_factory_1.ErrorFactory.structDef;
         }

package/dist/lang/ast/source-elements/table-source.js

@@ -94,6 +94,10 @@ class TableMethodSource extends TableSource {
     }
     getTableInfo() {
         var _a;
+        if (this.isRestricted()) {
+            this.logError('restricted-construct-forbidden', `\`${this.connectionName.refString}.table(...)\` cannot be used in a restricted query — direct table access is not permitted.`);
+            return undefined;
+        }
         const connection = this.modelEntry(this.connectionName);
         const name = this.connectionName.refString;
         if (connection === undefined) {

package/dist/lang/ast/statements/define-given.d.ts

@@ -21,4 +21,5 @@ export declare class DefineGivens extends DocStatementList {
     elementType: string;
     readonly givens: GivenDeclaration[];
     constructor(givens: GivenDeclaration[]);
+    executeList(doc: Document): import("../../translate-response").ModelDataRequest;
 }

package/dist/lang/ast/statements/define-given.js

@@ -209,6 +209,13 @@ class DefineGivens extends malloy_element_1.DocStatementList {
         this.elementType = 'defineGivens';
         this.givens = givens;
     }
+    executeList(doc) {
+        if (this.isRestricted()) {
+            this.logError('restricted-construct-forbidden', '`given:` cannot declare new givens in a restricted query — only `$NAME` references to existing givens are allowed.');
+            return undefined;
+        }
+        return super.executeList(doc);
+    }
 }
 exports.DefineGivens = DefineGivens;
 //# sourceMappingURL=define-given.js.map

package/dist/lang/ast/statements/import-statement.js

@@ -89,6 +89,10 @@ class ImportStatement extends malloy_element_1.ListOf {
     }
     execute(doc) {
         var _a;
+        if (this.isRestricted()) {
+            this.logError('restricted-construct-forbidden', `\`import "${this.url}"\` cannot be used in a restricted query — file imports are not permitted.`);
+            return;
+        }
         const trans = this.translator();
         if (!trans) {
             this.logError('no-translator-for-import', 'Cannot import without translation context');

package/dist/lang/ast/types/annotation-elements.d.ts

@@ -12,6 +12,7 @@ export declare class ObjectAnnotation extends MalloyElement implements QueryProp
 }
 export declare class ModelAnnotation extends ObjectAnnotation implements DocStatement {
     elementType: string;
+    getCompilerFlagNotes(): Note[];
     getCompilerFlagLines(): string[];
     execute(doc: Document): void;
 }