@mcpher/gas-fakes 2.3.4 → 2.3.5

package/README.md

@@ -196,6 +196,7 @@ As I mentioned earlier, to take this further, I'm going to need a lot of help to
 - [running gas-fakes on Amazon AWS lambda](https://github.com/brucemcpherson/gas-fakes-containers)
 - [running gas-fakes on Azure ACA](https://github.com/brucemcpherson/gas-fakes-containers)
 - [running gas-fakes on Github actions](https://github.com/brucemcpherson/gas-fakes-containers)
+- [jdbc notes](jdbc-notes.md)
 - [Yes – you can run native apps script code on Azure ACA as well!](https://ramblings.mcpher.com/yes-you-can-run-native-apps-script-code-on-azure-aca-as-well/)
 - [Yes – you can run native apps script code on AWS Lambda!](https://ramblings.mcpher.com/apps-script-on-aws-lambda/)
 - [initial idea and thoughts](https://ramblings.mcpher.com/a-proof-of-concept-implementation-of-apps-script-environment-on-node/)

package/appsscript.json

@@ -5,6 +5,7 @@
   "oauthScopes": [
     "https://www.googleapis.com/auth/cloud-platform",
     "https://www.googleapis.com/auth/drive",
+    "https://www.googleapis.com/auth/sqlservice",
     "https://www.googleapis.com/auth/script.external_request",
     "https://www.googleapis.com/auth/spreadsheets",
     "https://www.googleapis.com/auth/userinfo.email",

package/package.json

@@ -11,6 +11,7 @@
     "@sindresorhus/is": "^7.2.0",
     "acorn": "^8.16.0",
     "adm-zip": "^0.5.16",
+    "child_process": "^1.0.2",
     "commander": "^14.0.3",
     "dotenv": "^17.3.1",
     "fast-xml-parser": "^5.5.9",
@@ -22,6 +23,8 @@
     "keyv": "^5.6.0",
     "keyv-file": "^5.3.3",
     "mime": "^4.1.0",
+    "mysql2": "^3.20.0",
+    "pg": "^8.20.0",
     "prompts": "^2.4.2",
     "sleep-synchronously": "^2.0.0",
     "zod": "^4.3.6"
@@ -35,7 +38,7 @@
   },
   "name": "@mcpher/gas-fakes",
   "author": "bruce mcpherson",
-  "version": "2.3.4",
+  "version": "2.3.5",
   "license": "MIT",
   "main": "main.js",
   "description": "An implementation of the Google Workspace Apps Script runtime: Run native App Script Code on Node and Cloud Run",

package/skills-lock.json

@@ -0,0 +1,10 @@
+{
+  "version": 1,
+  "skills": {
+    "neon-postgres": {
+      "source": "neondatabase/agent-skills",
+      "sourceType": "github",
+      "computedHash": "391693eee67001639ab65474df185da3ea5cf9ee4b99badecfd64561113edbb4"
+    }
+  }
+}

package/src/cli/app.js

@@ -175,6 +175,24 @@ export async function main() {
     .option("-t, --tools <string>", "Path to custom tools file.")
     .action(startMcpServer);
 
+  // --- JDBC Command ---
+  program
+    .command("jdbc")
+    .description("Parse a JDBC connection string and output configurations for App Script and Local environments.")
+    .requiredOption("-c, --connection-string <string>", "The JDBC connection string to parse.")
+    .action(async (options) => {
+      try {
+        const { newFakeJdbcService } = await import("../services/jdbc/fakejdbcservice.js");
+        const service = newFakeJdbcService();
+        const config = service.__normalConnection(options.connectionString);
+        process.stdout.write(JSON.stringify(config, null, 2) + "\n");
+        process.exit(0);
+      } catch (err) {
+        process.stderr.write(`Error parsing connection string: ${err.message}\n`);
+        process.exit(1);
+      }
+    });
+
   program.showHelpAfterError("(add --help for additional information)");
 
   await program.parseAsync(process.argv);

package/src/cli/setup.js

@@ -242,16 +242,60 @@ export async function initializeConfiguration(options = {}) {
   // Discover Scopes from appsscript.json (Shared across backends)
   const manifestPath = path.resolve(process.cwd(), responses.GF_MANIFEST_PATH);
   let manifestScopes = [];
+  let manifestHasCloudSql = false;
   if (fs.existsSync(manifestPath)) {
     try {
       const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
       manifestScopes = manifest.oauthScopes || [];
       console.log(`...discovered ${manifestScopes.length} scopes in ${responses.GF_MANIFEST_PATH}`);
+      
+      // Check for JDBC or Cloud SQL usage (simplified check)
+      const manifestContent = fs.readFileSync(manifestPath, "utf8");
+      if (manifestContent.includes("jdbc:google:") || manifestContent.includes("Jdbc.")) {
+        manifestHasCloudSql = true;
+      }
     } catch (err) {
       console.warn(`...warning: failed to parse ${responses.GF_MANIFEST_PATH}.`);
     }
   }
 
+  // --- Step 2.5: Database & Cloud SQL Proxy Configuration ---
+  const hasJdbc = manifestHasCloudSql || Object.keys(existingConfig).some(k => k.includes("DATABASE_URL"));
+  if (hasJdbc) {
+    console.log("\n--- Configuring Database & Cloud SQL Auth Proxy ---");
+    
+    // Check if proxy is installed
+    let proxyInstalled = false;
+    try {
+      execSync("cloud-sql-proxy --version", { stdio: "ignore" });
+      proxyInstalled = true;
+    } catch (e) {
+      // not installed or not in path
+    }
+
+    if (!proxyInstalled) {
+      console.log("\x1b[1;33mNotice: Cloud SQL Auth Proxy is not installed or not in your PATH.\x1b[0m");
+      console.log("If you plan to test Google Cloud SQL locally, please install it:");
+      console.log("  - macOS (Homebrew): brew install google-cloud-sdk");
+      console.log("    then: gcloud components install cloud-sql-proxy");
+      console.log("  - Other: https://cloud.google.com/sql/docs/postgres/sql-proxy#install\n");
+    }
+
+    const dbQuestions = [
+      {
+        type: "toggle",
+        name: "GF_USE_CLOUD_PG_SQL_PROXY",
+        message: "Use Cloud SQL Auth Proxy for local database connections?",
+        initial: existingConfig.GF_USE_CLOUD_PG_SQL_PROXY === "true",
+        active: "yes",
+        inactive: "no"
+      }
+    ];
+
+    const dbResponses = await prompts(dbQuestions);
+    Object.assign(responses, dbResponses);
+  }
+
   // --- Step 3: Google Workspace Configuration ---
   if (platforms.includes("google")) {
     console.log("\n--- Configuring Google Workspace backend ---");
@@ -756,8 +800,8 @@ export async function authenticateUser(options = {}) {
         runCommandSync(`gcloud iam service-accounts add-iam-policy-binding "${sa_email}" --member="user:${current_user}" --role="roles/iam.serviceAccountTokenCreator" --quiet`, true);
 
         const saUniqueId = execSync(`gcloud iam service-accounts describe "${sa_email}" --format="value(uniqueId)"`, { shell: true }).toString().trim();
-        console.log(`\n\x1b[1;33m************************************************************************`);
-        console.log(`IMPORTANT: Add this to Admin Console (Domain-Wide Delegation):`);
+        console.log(`\n\x1b[1;33m*************************************************************************************************`);
+        console.log(`IMPORTANT: If you haven't already done it, add this to Admin Console (Domain-Wide Delegation):`);
         console.log(`************************************************************************\x1b[0m`);
         console.log(`URL: https://admin.google.com/ac/owl/domainwidedelegation`);
         console.log(`Client ID: ${saUniqueId}\nScopes: ${scopes}`);

package/src/index.js

@@ -28,3 +28,5 @@ import './services/slidesapp/app.js'
 import './services/mimetype/app.js'
 import './services/lock/app.js'
 import './services/libhandlerapp/app.js'
+import './services/jdbc/app.js'
+

package/src/services/jdbc/app.js

@@ -0,0 +1,9 @@
+/**
+ * the idea here is to create an empty global entry for the singleton
+ * but only load it when it is actually used.
+ */
+import { newFakeJdbcService as maker } from './fakejdbcservice.js';
+import { lazyLoaderApp } from '../common/lazyloader.js'
+
+let _app = null;
+_app = lazyLoaderApp(_app, 'Jdbc', maker);

package/src/services/jdbc/fakejdbcconnection.js

@@ -0,0 +1,45 @@
+import { Proxies } from '../../support/proxies.js';
+import { Syncit } from '../../support/syncit.js';
+import { newFakeJdbcStatement } from './fakejdbcstatement.js';
+
+class FakeJdbcConnection {
+  constructor(url, user, password) {
+    this.__fakeObjectType = 'JdbcConnection';
+    this._url = url;
+    
+    // Connect synchronously using the worker
+    // Only pass arguments that are provided to avoid passing null/undefined to Syncit
+    const args = [url];
+    if (user !== null && typeof user !== 'undefined') args.push(user);
+    if (password !== null && typeof password !== 'undefined') args.push(password);
+    
+    const result = Syncit.fxJdbcConnect(...args);
+    this._connectionId = result.id;
+  }
+
+  createStatement() {
+    return newFakeJdbcStatement(this._connectionId);
+  }
+
+  getMetaData() {
+    // Return an object that mimics DatabaseMetaData
+    return Proxies.guard({
+      __fakeObjectType: 'JdbcDatabaseMetaData',
+      getURL: () => this._url
+    });
+  }
+
+  // To match GAS JdbcConnection basic capabilities
+  close() {
+    if (this._connectionId) {
+      Syncit.fxJdbcClose(this._connectionId);
+      this._connectionId = null;
+    }
+  }
+
+  isClosed() {
+    return !this._connectionId;
+  }
+}
+
+export const newFakeJdbcConnection = (...args) => Proxies.guard(new FakeJdbcConnection(...args));

package/src/services/jdbc/fakejdbcresultset.js

@@ -0,0 +1,70 @@
+import { Proxies } from '../../support/proxies.js';
+import { newFakeJdbcResultSetMetaData } from './fakejdbcresultsetmetadata.js';
+
+class FakeJdbcResultSet {
+  constructor(result) {
+    this.__fakeObjectType = 'JdbcResultSet';
+    this._rows = result.rows || [];
+    this._fields = result.fields || [];
+    this._currentIndex = -1;
+    this._isClosed = false;
+  }
+
+  next() {
+    if (this._isClosed) throw new Error('ResultSet is closed.');
+    this._currentIndex++;
+    return this._currentIndex < this._rows.length;
+  }
+
+  _getValue(columnIndex) {
+    if (this._isClosed) throw new Error('ResultSet is closed.');
+    if (this._currentIndex < 0 || this._currentIndex >= this._rows.length) {
+      throw new Error('No current row.');
+    }
+    // JDBC columns are 1-indexed
+    const field = this._fields[columnIndex - 1];
+    if (!field) throw new Error(`Invalid column index: ${columnIndex}`);
+    return this._rows[this._currentIndex][field.name];
+  }
+
+  getString(columnIndex) {
+    const val = this._getValue(columnIndex);
+    return val !== null && val !== undefined ? String(val) : null;
+  }
+
+  getInt(columnIndex) {
+    const val = this._getValue(columnIndex);
+    return val !== null && val !== undefined ? parseInt(val, 10) : 0;
+  }
+
+  getFloat(columnIndex) {
+    const val = this._getValue(columnIndex);
+    return val !== null && val !== undefined ? parseFloat(val) : 0.0;
+  }
+  
+  getDate(columnIndex) {
+    const val = this._getValue(columnIndex);
+    return val ? new Date(val) : null;
+  }
+
+  getObject(columnIndex) {
+    return this._getValue(columnIndex);
+  }
+
+  getMetaData() {
+    if (this._isClosed) throw new Error('ResultSet is closed.');
+    return newFakeJdbcResultSetMetaData(this._fields);
+  }
+
+  close() {
+    this._isClosed = true;
+    this._rows = [];
+    this._fields = [];
+  }
+
+  isClosed() {
+    return this._isClosed;
+  }
+}
+
+export const newFakeJdbcResultSet = (...args) => Proxies.guard(new FakeJdbcResultSet(...args));

package/src/services/jdbc/fakejdbcresultsetmetadata.js

@@ -0,0 +1,39 @@
+import { Proxies } from '../../support/proxies.js';
+
+class FakeJdbcResultSetMetaData {
+  constructor(fields) {
+    this.__fakeObjectType = 'JdbcResultSetMetaData';
+    this._fields = fields || [];
+  }
+
+  getColumnCount() {
+    return this._fields.length;
+  }
+
+  getColumnName(column) {
+    const field = this._fields[column - 1];
+    if (!field) throw new Error(`Invalid column index: ${column}`);
+    return field.name;
+  }
+
+  getColumnLabel(column) {
+    return this.getColumnName(column);
+  }
+
+  getColumnType(column) {
+    // Return approximate JDBC type from pg dataTypeID
+    const field = this._fields[column - 1];
+    if (!field) throw new Error(`Invalid column index: ${column}`);
+    // node-postgres gives type ids (OIDs) like 23 for INT4, 25 for TEXT
+    // Usually JDBC maps them to java.sql.Types integers. For a fake, returning the OID or a mock type integer is adequate for basic use cases.
+    return field.dataTypeID;
+  }
+
+  getColumnTypeName(column) {
+    const field = this._fields[column - 1];
+    if (!field) throw new Error(`Invalid column index: ${column}`);
+    return `TYPE_${field.dataTypeID}`; // basic fallback
+  }
+}
+
+export const newFakeJdbcResultSetMetaData = (...args) => Proxies.guard(new FakeJdbcResultSetMetaData(...args));

package/src/services/jdbc/fakejdbcservice.js

@@ -0,0 +1,245 @@
+import { Proxies } from '../../support/proxies.js';
+import { newFakeJdbcConnection } from './fakejdbcconnection.js';
+import { execSync } from 'child_process';
+
+class FakeJdbcService {
+  constructor() {
+    this.__fakeObjectType = 'Jdbc';
+  }
+
+  /**
+   * Connects to a JDBC database.
+   * In gas-fakes, we primarily support postgres via pg module, mapping jdbc:postgresql to it.
+   * 
+   * @param {string} url The URL of the database to connect to.
+   * @param {string} user (optional) The user name to connect as.
+   * @param {string} password (optional) The password for the user.
+   * @returns {JdbcConnection} A JDBC connection object.
+   */
+  getConnection(url, user, password) {
+    let finalUrl = url;
+
+    if (!finalUrl) {
+      throw new Error('Jdbc.getConnection: URL is required or DATABASE_URL must be set in environment');
+    }
+
+    // Explicitly merge user/password into the URL structure for gas-fakes processing
+    if (user !== undefined && user !== null && password !== undefined && password !== null) {
+      try {
+        const cleanUrl = finalUrl.replace(/^jdbc:google:/, '').replace(/^jdbc:/, '');
+        const urlObj = new URL(cleanUrl);
+        urlObj.username = encodeURIComponent(String(user));
+        urlObj.password = encodeURIComponent(String(password));
+        
+        // Restore the prefix
+        let prefix = "jdbc:";
+        if (finalUrl.startsWith("jdbc:google:")) prefix = "jdbc:google:";
+        finalUrl = prefix + urlObj.toString();
+      } catch (e) {
+        // Fallback for malformed URLs
+      }
+    }
+    
+    // We intentionally pass undefined for user and password so the worker only sees finalUrl
+    return newFakeJdbcConnection(finalUrl, undefined, undefined);
+  }
+
+  /**
+   * Connects to a Google Cloud SQL instance - but on gas-fakes its the same thing
+   * @param {string} url The URL of the database to connect to.
+   * @param {string} user (optional) The user name to connect as.
+   * @param {string} password (optional) The password for the user.
+   * @returns {JdbcConnection} A JDBC connection object.
+   */
+  getCloudSqlConnection(url, user, password) {
+    return this.getConnection (url, user, password)
+  }
+
+  parseCsv(csv) {
+    throw new Error('Not implemented: parseCsv');
+  }
+
+  __useProxy  (val) {
+    if (!val) return false;
+    const normal = this.__normalConnection (val)
+    return normal.local.useProxy;
+  };
+
+  /**
+   * Converts Database URLs to JDBC-compatible formats for testing and local proxy usage.
+   * @param {string} url - Format: protocol://user:pass@host/db OR protocol://host/db?user=X&password=Y
+   * @return {object} - Connection metadata.
+   */
+  __normalConnection(url) {
+    const isProxyRunning = (instanceName) => {
+      try {
+        execSync(`pgrep -f "cloud.*sql.*proxy.*${instanceName}"`, {
+          stdio: "ignore",
+        });
+        return true;
+      } catch (e) {
+        return false;
+      }
+    };
+
+    const aggressiveEncode = (str) => {
+      return encodeURIComponent(str).replace(/[!'()*]/g, (c) => {
+        return "%" + c.charCodeAt(0).toString(16).toUpperCase();
+      });
+    };
+
+    const cleanUrl = url.replace(/^jdbc:google:/, "").replace(/^jdbc:/, "");
+
+    let scheme, user, pass, host, db;
+
+    try {
+      const parsed = new URL(cleanUrl);
+      scheme = parsed.protocol.replace(':', '');
+      user = parsed.username || "";
+      pass = parsed.password || "";
+      host = parsed.hostname;
+      const portFromUrl = parsed.port;
+      if (portFromUrl) {
+        host = `${host}:${portFromUrl}`;
+      }
+      db = parsed.pathname.replace(/^\//, ''); 
+      
+      const remainingParams = new URLSearchParams(parsed.search);
+      if (!user && remainingParams.has('user')) user = remainingParams.get('user');
+      if (!pass && remainingParams.has('password')) pass = remainingParams.get('password');
+      remainingParams.delete('user');
+      remainingParams.delete('password');
+      
+      const searchString = remainingParams.toString();
+      if (searchString) {
+        db = `${db}?${searchString}`;
+      }
+    } catch (e) {
+      const regex = /^([^:]+):\/\/(.+):([^@]+)@([^/]+)(?:\/(.*))?/;
+      const match = cleanUrl.match(regex);
+      if (!match) throw new Error(`Format not recognized for ${cleanUrl}`);
+      scheme = match[1].trim();
+      user = match[2].trim();
+      pass = match[3].trim();
+      host = match[4].trim();
+      db = match[5] ? match[5].trim() : "postgres";
+    }
+
+    user = decodeURIComponent(user.trim());
+    pass = decodeURIComponent(pass.trim());
+    host = host.trim();
+    
+    let pureDb = db ? db.trim() : "postgres";
+    if (pureDb.includes('?')) pureDb = pureDb.split('?')[0];
+
+    const isPostgres = scheme.toLowerCase().includes("post");
+    const type = isPostgres ? "pg" : "mysql";
+    const protocol = isPostgres ? "jdbc:postgresql://" : "jdbc:mysql://";
+    const defaultPort = isPostgres ? ":5432" : ":3306";
+
+    let hostWithoutPort = host.replace(/:\d+$/, "");
+    let isCloudSql = hostWithoutPort.includes(":");
+    let isGoogle = isCloudSql || url.startsWith('jdbc:google:');
+    let useProxy = false;
+    let remoteHost = host;
+    
+    const cloudSqlInstanceName = hostWithoutPort;
+
+    if (isCloudSql) {
+      try {
+        const instanceParts = hostWithoutPort.split(":");
+        const instanceName = instanceParts[instanceParts.length - 1];
+        useProxy = isProxyRunning(instanceName);
+
+        const instanceInfoStr = execSync(`gcloud sql instances describe ${instanceName} --format=json`, { encoding: "utf-8", stdio: "pipe" });
+        const instanceInfo = JSON.parse(instanceInfoStr);
+        const primaryIpObj = instanceInfo.ipAddresses?.find((ip) => ip.type === "PRIMARY");
+        const ip = primaryIpObj ? primaryIpObj.ipAddress : null;
+
+        if (ip && ip.match(/^[0-9.]+$/)) {
+          remoteHost = ip;
+        }
+
+        if (!useProxy) {
+          const localIp = execSync("curl -s https://ifconfig.me", { encoding: "utf-8", stdio: "pipe" }).trim();
+          if (localIp && localIp.match(/^[0-9.]+$/)) {
+            const authorizedNetworks = instanceInfo.settings?.ipConfiguration?.authorizedNetworks || [];
+            if (!authorizedNetworks.some((net) => net.value === localIp || net.value === `${localIp}/32`)) {
+              const newNetworks = authorizedNetworks.map((n) => n.value).concat(`${localIp}/32`).join(",");
+              execSync(`gcloud sql instances patch ${instanceName} --authorized-networks="${newNetworks}" --quiet`, { encoding: "utf-8", stdio: "pipe" });
+            }
+          }
+        }
+      } catch (e) {}
+    }
+
+    if (!remoteHost.includes(":")) remoteHost += defaultPort;
+
+    const encodedUser = aggressiveEncode(user);
+    const encodedPass = aggressiveEncode(pass);
+    
+    // Live Apps Script Java JDBC requires properly encoded URI components to prevent "Connection URL is malformed"
+    const gasAuthQuery = (encodedUser || encodedPass) ? `?user=${encodedUser}&password=${encodedPass}` : '';
+    
+    // --- GAS ---
+    let gasUrl, gasConnectionString, gasFullConnectionString;
+    let isCloudSqlConnection = false;
+
+    if (isGoogle && !isPostgres) {
+      gasUrl = `jdbc:google:mysql://${cloudSqlInstanceName}/${pureDb}`;
+      gasConnectionString = gasUrl;
+      gasFullConnectionString = gasUrl;
+      isCloudSqlConnection = true;
+    } else {
+      gasUrl = `${protocol}${remoteHost}/${pureDb}`;
+      gasConnectionString = `${protocol}${remoteHost}/${pureDb}`;
+      // Drop all original query parameters, only append explicit unencoded user, password, and ssl
+      gasFullConnectionString = `${protocol}${remoteHost}/${pureDb}${gasAuthQuery}`;
+    }
+
+    // --- LOCAL ---
+    let localHostAddr = useProxy ? `127.0.0.1${defaultPort}` : remoteHost;
+    let localSslParam = useProxy ? "ssl=false" : "";
+    let localAuthParams = (encodedUser || encodedPass) ? `user=${encodedUser}&password=${encodedPass}` : '';
+    
+    // Add an ampersand if both auth params and ssl param exist
+    if (localAuthParams && localSslParam) {
+       localAuthParams += "&";
+    }
+
+    let localUrl = `${protocol}${localHostAddr}/${pureDb}`;
+    let localQuery = `${localAuthParams}${localSslParam}`;
+    let localConnectionString = `${protocol}${localHostAddr}/${pureDb}${localQuery ? '?' + localQuery : ''}`;
+    let localFullConnectionString = localConnectionString;
+
+    const proxyCommand = (isCloudSql || isGoogle) && cloudSqlInstanceName.includes(":") ? `cloud-sql-proxy ${cloudSqlInstanceName}` : "";
+
+    const gasObj = {
+      url: gasUrl,
+      connectionString: gasConnectionString,
+      user, password: pass,
+      fullConnectionString: gasFullConnectionString,
+      isCloudSqlConnection,
+      proxyCommand
+    };
+
+    const localObj = {
+      url: localUrl,
+      connectionString: localConnectionString,
+      user, password: pass,
+      fullConnectionString: localFullConnectionString,
+      useProxy, proxyCommand
+    };
+
+    return {
+      current: (typeof ScriptApp !== 'undefined' && ScriptApp.isFake) ? 'local' : 'gas',
+      gas: gasObj,
+      local: localObj,
+      host: remoteHost,
+      proxyCommand,
+      isGoogle, type
+    };
+  }
+}
+
+export const newFakeJdbcService = (...args) => Proxies.guard(new FakeJdbcService(...args));

package/src/services/jdbc/fakejdbcstatement.js

@@ -0,0 +1,39 @@
+import { Proxies } from '../../support/proxies.js';
+import { Syncit } from '../../support/syncit.js';
+import { newFakeJdbcResultSet } from './fakejdbcresultset.js';
+
+class FakeJdbcStatement {
+  constructor(connectionId) {
+    this.__fakeObjectType = 'JdbcStatement';
+    this._connectionId = connectionId;
+    this._isClosed = false;
+  }
+
+  executeQuery(sql) {
+    if (this._isClosed) throw new Error('Statement is closed.');
+    
+    // Fetch result synchronously from worker
+    const result = Syncit.fxJdbcQuery(this._connectionId, sql);
+    
+    return newFakeJdbcResultSet(result);
+  }
+
+  execute(sql) {
+    if (this._isClosed) throw new Error('Statement is closed.');
+    
+    // In actual JDBC, execute returns true if the first result is a ResultSet
+    // node-postgres gives us an array of rows or a rowCount.
+    const result = Syncit.fxJdbcQuery(this._connectionId, sql);
+    return result.fields && result.fields.length > 0;
+  }
+
+  close() {
+    this._isClosed = true;
+  }
+
+  isClosed() {
+    return this._isClosed;
+  }
+}
+
+export const newFakeJdbcStatement = (...args) => Proxies.guard(new FakeJdbcStatement(...args));

package/src/support/sxauth.js

@@ -128,6 +128,32 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
 
     } catch (err) {
       syncWarn(`Google authentication failed: ${err.message}`);
+
+      // Provide guidance for Domain Wide Delegation issues
+      if (err.message.includes('unauthorized_client')) {
+        const clientId = Auth.getClientId();
+        const msg = [
+          "",
+          "=".repeat(80),
+          "GOOGLE AUTHENTICATION ERROR: unauthorized_client",
+          "This usually means Domain-Wide Delegation (DWD) is missing for one or more scopes.",
+          "",
+          `Your Service Account Client ID is: ${clientId || 'unknown (check your service account JSON file)'}`,
+          "",
+          "The following scopes should be authorized in the Google Admin Console:",
+          finalScopes.join(","),
+          "",
+          "To fix this:",
+          "1. Go to https://admin.google.com",
+          "2. Security -> Access and data control -> API controls",
+          "3. Manage Domain Wide Delegation",
+          "4. Find/Add your Client ID and ensure the list of scopes above matches exactly.",
+          "=".repeat(80),
+          ""
+        ].join("\n");
+        console.error(msg);
+      }
+
       if (!platforms.includes('ksuite') && !platforms.includes('msgraph')) throw err;
     }
   }

package/src/support/sxjdbc.js

@@ -0,0 +1,166 @@
+import pg from 'pg';
+import mysql from 'mysql2/promise';
+
+const connections = new Map();
+
+/**
+ * Creates and stores a connection to the database.
+ * @param {import('./auth.js').Auth} Auth
+ * @param {object} params
+ * @param {string} params.url JDBC connection URL
+ * @param {string} params.user Optional username
+ * @param {string} params.password Optional password
+ * @returns {object} Connection details/ID
+ */
+export const sxJdbcConnect = async (Auth, { url, user, password }) => {
+  let connectionString = url;
+  let type = 'pg';
+
+  if (url.startsWith('jdbc:postgresql:')) {
+    connectionString = url.replace('jdbc:postgresql:', 'postgresql:');
+    type = 'pg';
+  } else if (url.startsWith('jdbc:mysql:')) {
+    connectionString = url.replace('jdbc:mysql:', 'mysql:');
+    type = 'mysql';
+  } else if (url.startsWith('jdbc:google:mysql:')) {
+    connectionString = url.replace('jdbc:google:mysql:', 'mysql:');
+    type = 'mysql';
+  } else if (url.startsWith('mysql:')) {
+    type = 'mysql';
+  }
+
+  // Parse custom flags
+  const disableSsl = connectionString.includes('ssl=false') || connectionString.includes('127.0.0.1');
+
+  let client;
+  const id = `conn_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+
+  if (type === 'pg') {
+    // Strip ssl parameters to avoid conflict with explicit ssl object
+    let pgConnectionString = connectionString.replace(/([?&])ssl=[^&]*(&|$)/g, '$1').replace(/[?&]$/, '');
+
+    // Neon postgres usually requires ssl
+    if (pgConnectionString.includes('sslmode=require') && !pgConnectionString.includes('uselibpqcompat')) {
+      const separator = pgConnectionString.includes('?') ? '&' : '?';
+      pgConnectionString += `${separator}uselibpqcompat=true`;
+    }
+
+    const clientConfig = {
+      connectionString: pgConnectionString,
+      ssl: disableSsl ? false : { rejectUnauthorized: false }
+    };
+
+    if (user !== null && typeof user !== 'undefined' && password !== null && typeof password !== 'undefined') {
+      client = new pg.Client({
+        ...clientConfig,
+        user: String(user),
+        password: String(password)
+      });
+    } else {
+      client = new pg.Client(clientConfig);
+    }
+    await client.connect();
+  } else if (type === 'mysql') {
+    let cleanUrl = connectionString.replace(/^jdbc:/, '');
+    if (!cleanUrl.startsWith('mysql://')) {
+      cleanUrl = 'mysql://' + cleanUrl;
+    }
+    
+    let host = '127.0.0.1';
+    let port = 3306;
+    let database = '';
+    let urlUser;
+    let urlPassword;
+    
+    try {
+      const parsedUrl = new URL(cleanUrl);
+      host = parsedUrl.hostname;
+      port = parsedUrl.port ? parseInt(parsedUrl.port, 10) : 3306;
+      database = parsedUrl.pathname.replace(/^\//, '');
+      urlUser = parsedUrl.username ? decodeURIComponent(parsedUrl.username) : parsedUrl.searchParams.get('user');
+      urlPassword = parsedUrl.password ? decodeURIComponent(parsedUrl.password) : parsedUrl.searchParams.get('password');
+    } catch (e) {
+      // Fallback for weird formats (like Cloud SQL instance names without resolved IPs)
+      const match = cleanUrl.match(/^mysql:\/\/(?:([^:]+):([^@]+)@)?([^/]+?)(?::(\d+))?(?:\/([^?]+))?(?:\?(.*))?$/);
+      if (match) {
+        urlUser = match[1] ? decodeURIComponent(match[1]) : undefined;
+        urlPassword = match[2] ? decodeURIComponent(match[2]) : undefined;
+        host = match[3];
+        port = match[4] ? parseInt(match[4], 10) : 3306;
+        database = match[5] || '';
+      } else {
+        host = cleanUrl.replace(/^mysql:\/\//, '');
+      }
+    }
+
+    const finalUser = (user !== null && typeof user !== 'undefined') ? String(user) : urlUser;
+    const finalPassword = (password !== null && typeof password !== 'undefined') ? String(password) : urlPassword;
+
+    const mysqlConfig = {
+      host: host,
+      port: port,
+      database: database,
+      user: finalUser,
+      password: finalPassword,
+      ssl: disableSsl ? undefined : { rejectUnauthorized: false }
+    };
+
+    client = await mysql.createConnection(mysqlConfig);
+  }
+
+  connections.set(id, { client, type });
+  return { id };
+};
+
+/**
+ * Executes a query on a given connection.
+ * @param {import('./auth.js').Auth} Auth
+ * @param {object} params
+ * @param {string} params.connectionId The stored connection ID
+ * @param {string} params.sql The SQL query to execute
+ * @returns {object} The query result (rows, fields, etc.)
+ */
+export const sxJdbcQuery = async (Auth, { connectionId, sql }) => {
+  const entry = connections.get(connectionId);
+  if (!entry) throw new Error('Invalid or closed JDBC connection.');
+  
+  const { client, type } = entry;
+  
+  if (type === 'pg') {
+    const result = await client.query(sql);
+    return {
+      rows: result.rows,
+      fields: result.fields,
+      rowCount: result.rowCount,
+    };
+  } else if (type === 'mysql') {
+    // mysql2 returns [rows, fields]
+    const [rows, fields] = await client.query(sql);
+    return {
+      rows: rows,
+      fields: fields, // mysql2 fields are objects with name, columnType, etc.
+      rowCount: rows.length || 0,
+    };
+  }
+};
+
+/**
+ * Closes a given connection.
+ * @param {import('./auth.js').Auth} Auth
+ * @param {object} params
+ * @param {string} params.connectionId The stored connection ID
+ * @returns {boolean} True if closed successfully
+ */
+export const sxJdbcClose = async (Auth, { connectionId }) => {
+  const entry = connections.get(connectionId);
+  if (entry) {
+    const { client, type } = entry;
+    if (type === 'pg') {
+      await client.end();
+    } else if (type === 'mysql') {
+      await client.end();
+    }
+    connections.delete(connectionId);
+  }
+  return true;
+};

package/src/support/syncit.js

@@ -412,6 +412,21 @@ const fxTestRetry = (errorMessage) => {
   return safeCallSync("sxTestRetry", { errorMessage });
 };
 
+const fxJdbcConnect = (url, user, password) => {
+  const args = { url };
+  if (user !== null && typeof user !== 'undefined') args.user = user;
+  if (password !== null && typeof password !== 'undefined') args.password = password;
+  return safeCallSync("sxJdbcConnect", args);
+};
+
+const fxJdbcQuery = (connectionId, sql) => {
+  return safeCallSync("sxJdbcQuery", { connectionId, sql });
+};
+
+const fxJdbcClose = (connectionId) => {
+  return safeCallSync("sxJdbcClose", { connectionId });
+};
+
 const fxSheets = (args) =>
   fxGeneric({
     ...args,
@@ -479,5 +494,8 @@ export const Syncit = {
   fxGetAccessToken,
   fxGetAccessTokenInfo,
   fxGetSourceAccessTokenInfo,
-  fxTestRetry
+  fxTestRetry,
+  fxJdbcConnect,
+  fxJdbcQuery,
+  fxJdbcClose
 }

package/src/support/workersync/sxfunctions.js

@@ -14,3 +14,4 @@ export * from "../sxtoken.js";
 
 
 
+export * from "../sxjdbc.js";