npm - @querypanel/node-sdk - Versions diffs - 1.0.25 → 1.0.26 - Mend

@querypanel/node-sdk 1.0.25 → 1.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

package/README.md +23 -0
package/dist/cjs/__tests__/ingest.test.d.ts +5 -0
package/dist/cjs/__tests__/ingest.test.d.ts.map +1 -0
package/dist/cjs/__tests__/ingest.test.js +95 -0
package/dist/cjs/__tests__/ingest.test.js.map +1 -0
package/dist/cjs/adapters/clickhouse.d.ts +48 -0
package/dist/cjs/adapters/clickhouse.d.ts.map +1 -0
package/dist/cjs/adapters/clickhouse.js +284 -0
package/dist/cjs/adapters/clickhouse.js.map +1 -0
package/dist/cjs/adapters/introspection.spec.d.ts +2 -0
package/dist/cjs/adapters/introspection.spec.d.ts.map +1 -0
package/dist/cjs/adapters/introspection.spec.js +192 -0
package/dist/cjs/adapters/introspection.spec.js.map +1 -0
package/dist/cjs/adapters/postgres.d.ts +46 -0
package/dist/cjs/adapters/postgres.d.ts.map +1 -0
package/dist/cjs/adapters/postgres.js +457 -0
package/dist/cjs/adapters/postgres.js.map +1 -0
package/dist/cjs/adapters/postgres.spec.d.ts +2 -0
package/dist/cjs/adapters/postgres.spec.d.ts.map +1 -0
package/dist/cjs/adapters/postgres.spec.js +37 -0
package/dist/cjs/adapters/postgres.spec.js.map +1 -0
package/dist/cjs/adapters/types.d.ts +38 -0
package/dist/cjs/adapters/types.d.ts.map +1 -0
package/dist/cjs/adapters/types.js +3 -0
package/dist/cjs/adapters/types.js.map +1 -0
package/dist/cjs/anonymize.spec.d.ts +2 -0
package/dist/cjs/anonymize.spec.d.ts.map +1 -0
package/dist/cjs/anonymize.spec.js +78 -0
package/dist/cjs/anonymize.spec.js.map +1 -0
package/dist/cjs/clickhouseClient.spec.d.ts +2 -0
package/dist/cjs/clickhouseClient.spec.d.ts.map +1 -0
package/dist/cjs/clickhouseClient.spec.js +286 -0
package/dist/cjs/clickhouseClient.spec.js.map +1 -0
package/dist/cjs/connectors/__tests__/clickhouse.introspect.test.d.ts +2 -0
package/dist/cjs/connectors/__tests__/clickhouse.introspect.test.d.ts.map +1 -0
package/dist/cjs/connectors/__tests__/clickhouse.introspect.test.js +119 -0
package/dist/cjs/connectors/__tests__/clickhouse.introspect.test.js.map +1 -0
package/dist/cjs/connectors/base.d.ts +13 -0
package/dist/cjs/connectors/base.d.ts.map +1 -0
package/dist/cjs/connectors/base.js +3 -0
package/dist/cjs/connectors/base.js.map +1 -0
package/dist/cjs/connectors/clickhouse.d.ts +53 -0
package/dist/cjs/connectors/clickhouse.d.ts.map +1 -0
package/dist/cjs/connectors/clickhouse.js +270 -0
package/dist/cjs/connectors/clickhouse.js.map +1 -0
package/dist/cjs/index.d.ts +490 -0
package/dist/cjs/index.d.ts.map +1 -0
package/dist/cjs/index.js +843 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/index.test.d.ts +2 -0
package/dist/cjs/index.test.d.ts.map +1 -0
package/dist/cjs/index.test.js +185 -0
package/dist/cjs/index.test.js.map +1 -0
package/dist/cjs/introspectV3.d.ts +45 -0
package/dist/cjs/introspectV3.d.ts.map +1 -0
package/dist/cjs/introspectV3.js +99 -0
package/dist/cjs/introspectV3.js.map +1 -0
package/dist/cjs/multidb.spec.d.ts +2 -0
package/dist/cjs/multidb.spec.d.ts.map +1 -0
package/dist/cjs/multidb.spec.js +76 -0
package/dist/cjs/multidb.spec.js.map +1 -0
package/dist/cjs/package.json +1 -0
package/dist/cjs/schema/types.d.ts +73 -0
package/dist/cjs/schema/types.d.ts.map +1 -0
package/dist/cjs/schema/types.js +3 -0
package/dist/cjs/schema/types.js.map +1 -0
package/dist/cjs/tenant-isolation.spec.d.ts +2 -0
package/dist/cjs/tenant-isolation.spec.d.ts.map +1 -0
package/dist/cjs/tenant-isolation.spec.js +420 -0
package/dist/cjs/tenant-isolation.spec.js.map +1 -0
package/dist/cjs/utils/clickhouse.d.ts +9 -0
package/dist/cjs/utils/clickhouse.d.ts.map +1 -0
package/dist/cjs/utils/clickhouse.js +99 -0
package/dist/cjs/utils/clickhouse.js.map +1 -0
package/dist/esm/adapters/clickhouse.d.ts +48 -0
package/dist/esm/adapters/clickhouse.d.ts.map +1 -0
package/dist/esm/adapters/clickhouse.js +280 -0
package/dist/esm/adapters/clickhouse.js.map +1 -0
package/dist/esm/adapters/introspection.spec.d.ts +2 -0
package/dist/esm/adapters/introspection.spec.d.ts.map +1 -0
package/dist/esm/adapters/introspection.spec.js +190 -0
package/dist/esm/adapters/introspection.spec.js.map +1 -0
package/dist/esm/adapters/postgres.d.ts +46 -0
package/dist/esm/adapters/postgres.d.ts.map +1 -0
package/dist/esm/adapters/postgres.js +453 -0
package/dist/esm/adapters/postgres.js.map +1 -0
package/dist/esm/adapters/postgres.spec.d.ts +2 -0
package/dist/esm/adapters/postgres.spec.d.ts.map +1 -0
package/dist/esm/adapters/postgres.spec.js +35 -0
package/dist/esm/adapters/postgres.spec.js.map +1 -0
package/dist/esm/adapters/types.d.ts +38 -0
package/dist/esm/adapters/types.d.ts.map +1 -0
package/dist/esm/adapters/types.js +2 -0
package/dist/esm/adapters/types.js.map +1 -0
package/dist/esm/anonymize.spec.d.ts +2 -0
package/dist/esm/anonymize.spec.d.ts.map +1 -0
package/dist/esm/anonymize.spec.js +76 -0
package/dist/esm/anonymize.spec.js.map +1 -0
package/dist/esm/clickhouseClient.spec.d.ts +2 -0
package/dist/esm/clickhouseClient.spec.d.ts.map +1 -0
package/dist/esm/clickhouseClient.spec.js +281 -0
package/dist/esm/clickhouseClient.spec.js.map +1 -0
package/dist/esm/connectors/base.d.ts +14 -0
package/dist/esm/connectors/base.d.ts.map +1 -0
package/dist/esm/connectors/base.js +2 -0
package/dist/esm/connectors/base.js.map +1 -0
package/dist/esm/connectors/clickhouse.d.ts +35 -0
package/dist/esm/connectors/clickhouse.d.ts.map +1 -0
package/dist/esm/connectors/clickhouse.js +281 -0
package/dist/esm/connectors/clickhouse.js.map +1 -0
package/dist/esm/index.d.ts +490 -0
package/dist/esm/index.d.ts.map +1 -0
package/dist/esm/index.js +838 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/index.test.d.ts +2 -0
package/dist/esm/index.test.d.ts.map +1 -0
package/dist/esm/index.test.js +183 -0
package/dist/esm/index.test.js.map +1 -0
package/dist/esm/introspectV3.d.ts +45 -0
package/dist/esm/introspectV3.d.ts.map +1 -0
package/dist/esm/introspectV3.js +96 -0
package/dist/esm/introspectV3.js.map +1 -0
package/dist/esm/multidb.spec.d.ts +2 -0
package/dist/esm/multidb.spec.d.ts.map +1 -0
package/dist/esm/multidb.spec.js +74 -0
package/dist/esm/multidb.spec.js.map +1 -0
package/dist/esm/schema/types.d.ts +73 -0
package/dist/esm/schema/types.d.ts.map +1 -0
package/dist/esm/schema/types.js +2 -0
package/dist/esm/schema/types.js.map +1 -0
package/dist/esm/tenant-isolation.spec.d.ts +2 -0
package/dist/esm/tenant-isolation.spec.d.ts.map +1 -0
package/dist/esm/tenant-isolation.spec.js +418 -0
package/dist/esm/tenant-isolation.spec.js.map +1 -0
package/dist/esm/utils/clickhouse.d.ts +9 -0
package/dist/esm/utils/clickhouse.d.ts.map +1 -0
package/dist/esm/utils/clickhouse.js +92 -0
package/dist/esm/utils/clickhouse.js.map +1 -0
package/package.json +73 -53
package/dist/index.cjs +0 -1471
package/dist/index.cjs.map +0 -1
package/dist/index.d.cts +0 -468
package/dist/index.d.ts +0 -468
package/dist/index.js +0 -1443
package/dist/index.js.map +0 -1

package/dist/esm/index.js ADDED Viewed

@@ -0,0 +1,838 @@
+import { createHash, randomUUID } from "node:crypto";
+import { importPKCS8, SignJWT } from "jose";
+import { ClickHouseAdapter, } from "./adapters/clickhouse.js";
+import { PostgresAdapter, } from "./adapters/postgres.js";
+import { transformToV3Export } from "./introspectV3.js";
+// Re-export adapters for external use
+export { ClickHouseAdapter, PostgresAdapter };
+/**
+ * Anonymizes query results by replacing actual values with their type names.
+ * Useful for sharing result structure without exposing sensitive data.
+ *
+ * @param rows - Array of result rows to anonymize
+ * @returns Array of rows with values replaced by type strings
+ *
+ * @example
+ * anonymizeResults([{ year: 2025, transactionSum: 1000 }])
+ * // Returns: [{ year: 'number', transactionSum: 'number' }]
+ */
+export function anonymizeResults(rows) {
+    if (!rows || rows.length === 0) {
+        return [];
+    }
+    return rows.map((row) => {
+        const anonymized = {};
+        for (const [key, value] of Object.entries(row)) {
+            if (value === null) {
+                anonymized[key] = "null";
+            }
+            else if (Array.isArray(value)) {
+                anonymized[key] = "array";
+            }
+            else {
+                anonymized[key] = typeof value;
+            }
+        }
+        return anonymized;
+    });
+}
+export class QueryPanelSdkAPI {
+    constructor(baseUrl, jwtTokenOrPrivateKey, organizationId) {
+        // Database registry
+        this.databases = new Map();
+        this.databaseMetadata = new Map();
+        // Schema sync tracking
+        this.lastSyncHashes = new Map();
+        this.syncedDatabases = new Set();
+        this.baseUrl = baseUrl.replace(/\/$/, "");
+        if (organizationId) {
+            // New mode: generate JWTs
+            this.privateKey = jwtTokenOrPrivateKey;
+            this.organizationId = organizationId;
+        }
+        else {
+            // Legacy mode: use provided JWT
+            this.token = jwtTokenOrPrivateKey;
+        }
+    }
+    /**
+     * Attach a database adapter with a specific name
+     */
+    attachDatabase(name, adapter) {
+        this.databases.set(name, adapter);
+        if (!this.defaultDatabase) {
+            this.defaultDatabase = name;
+        }
+    }
+    /**
+     * Attach a ClickHouse database
+     */
+    attachClickhouse(name, clientFn, options) {
+        const adapterOptions = {
+            database: options?.database ?? name,
+            ...(options?.defaultFormat
+                ? { defaultFormat: options.defaultFormat }
+                : {}),
+            ...(options?.kind ? { kind: options.kind } : {}),
+            ...(options?.allowedTables
+                ? { allowedTables: options.allowedTables }
+                : {}),
+        };
+        this.attachDatabase(name, new ClickHouseAdapter(clientFn, adapterOptions));
+        // Store metadata
+        const metadata = {
+            name,
+            dialect: "clickhouse",
+        };
+        if (options?.description)
+            metadata.description = options.description;
+        if (options?.tags)
+            metadata.tags = options.tags;
+        if (options?.tenantFieldName) {
+            metadata.tenantFieldName = options.tenantFieldName;
+            metadata.tenantFieldType = options.tenantFieldType ?? "String";
+            // Default to enforcing tenant isolation if tenantFieldName is provided
+            metadata.enforceTenantIsolation = options.enforceTenantIsolation ?? true;
+        }
+        this.databaseMetadata.set(name, metadata);
+    }
+    /**
+     * Attach a Postgres database
+     */
+    attachPostgres(name, clientFn, options) {
+        const adapterOptions = {
+            database: options?.database ?? name,
+            ...(options?.defaultSchema
+                ? { defaultSchema: options.defaultSchema }
+                : {}),
+            ...(options?.kind ? { kind: options.kind } : {}),
+        };
+        this.attachDatabase(name, new PostgresAdapter(clientFn, adapterOptions));
+        // Store metadata
+        const metadata = {
+            name,
+            dialect: "postgres",
+        };
+        if (options?.description)
+            metadata.description = options.description;
+        if (options?.tags)
+            metadata.tags = options.tags;
+        if (options?.tenantFieldName) {
+            metadata.tenantFieldName = options.tenantFieldName;
+            // Default to enforcing tenant isolation if tenantFieldName is provided
+            metadata.enforceTenantIsolation = options.enforceTenantIsolation ?? true;
+        }
+        this.databaseMetadata.set(name, metadata);
+    }
+    /**
+     * Legacy method for backward compatibility
+     * Attaches a ClickHouse client as the default database
+     */
+    attachClickhouseClient(fn) {
+        this.attachClickhouse("default", fn);
+    }
+    /**
+     * Get a database adapter by name, or return the default
+     */
+    getDatabase(name) {
+        const dbName = name || this.defaultDatabase;
+        if (!dbName) {
+            throw new Error("No database attached. Use attachClickhouse() or attachPostgres() first.");
+        }
+        const adapter = this.databases.get(dbName);
+        if (!adapter) {
+            throw new Error(`Database '${dbName}' not found. Available: ${Array.from(this.databases.keys()).join(", ")}`);
+        }
+        return adapter;
+    }
+    /**
+     * Synchronize database schema to the API for vector search.
+     * Call this after schema migrations or when you want to update the schema context.
+     * Uses hash-based change detection to avoid unnecessary syncs.
+     */
+    async syncSchema(databaseName, options, signal) {
+        const adapter = this.getDatabase(databaseName);
+        // Introspect schema
+        const introspection = await adapter.introspect(options.tables ? { tables: options.tables } : undefined);
+        // Generate hash of introspection for change detection
+        const hash = this.hashIntrospection(introspection);
+        const lastHash = this.lastSyncHashes.get(databaseName);
+        // Skip if schema unchanged (unless force is true)
+        if (!options.force && lastHash === hash) {
+            console.log(`Schema unchanged for ${databaseName}, skipping sync`);
+            return;
+        }
+        // Send introspection to API
+        const response = await this.post("/v2/vectorize-schema", {
+            database: databaseName,
+            dialect: adapter.getDialect(),
+            introspection,
+            schemaHash: hash,
+            force: options.force ?? false,
+        }, options.tenantId, options.userId, options.scopes, signal);
+        const effectiveHash = response?.schemaHash ?? hash;
+        if (response?.status === "skipped") {
+            console.log(`Schema hash unchanged on server for ${databaseName}, skipping upload`);
+        }
+        this.lastSyncHashes.set(databaseName, effectiveHash);
+        this.syncedDatabases.add(databaseName);
+    }
+    /**
+     * Introspect database schema and return V3 export format
+     * This format is compatible with Bedrock knowledge base ingestion
+     *
+     * @param databaseName - Name of the attached database to introspect
+     * @param options - Optional tenant ID and table filter
+     * @returns Schema export in V3 format (schema_export.json)
+     *
+     * @example
+     * ```typescript
+     * const schema = await sdk.introspectV3("my_database", {
+     *   tenantId: "tenant-123",
+     *   tables: ["users", "orders"]
+     * });
+     *
+     * // Upload to Bedrock
+     * await fetch("/v3/ingest", {
+     *   method: "POST",
+     *   body: JSON.stringify(schema)
+     * });
+     * ```
+     */
+    async introspectV3(databaseName, options) {
+        const adapter = this.getDatabase(databaseName);
+        // Perform introspection
+        const introspection = await adapter.introspect(options?.tables ? { tables: options.tables } : undefined);
+        // Transform to V3 format
+        return transformToV3Export(introspection, options?.tenantId);
+    }
+    /**
+     * Introspect and ingest schema to Bedrock knowledge base (v3)
+     * Combines introspectV3 + API call to /v3/ingest
+     *
+     * @param databaseName - Name of the attached database to introspect
+     * @param options - Required tenant ID and optional table filter
+     * @returns Ingestion summary from Bedrock
+     *
+     * @example
+     * ```typescript
+     * const result = await sdk.ingestSchemaV3("my_database", {
+     *   tenantId: "tenant-123",
+     *   tables: ["users", "orders"]
+     * });
+     *
+     * console.log(`Ingested ${result.total_documents} documents`);
+     * ```
+     */
+    async ingestSchemaV3(databaseName, options, signal) {
+        // Introspect schema in V3 format
+        const schema = await this.introspectV3(databaseName, {
+            tenantId: options.tenantId,
+            ...(options.tables && { tables: options.tables }),
+        });
+        // Post to v3/ingest endpoint
+        const result = await this.post("/v3/ingest", schema, options.tenantId, options.userId, options.scopes, signal);
+        // Mark database as synced
+        this.syncedDatabases.add(databaseName);
+        return result;
+    }
+    /**
+     * Introspect and ingest schema to LangChain vector store (v4)
+     * Combines introspectV3 + API call to /v4/ingest
+     *
+     * @param databaseName - Name of the attached database to introspect
+     * @param options - Required tenant ID and optional table filter
+     * @returns Ingestion summary from the LangChain module
+     *
+     * @example
+     * ```typescript
+     * const result = await sdk.ingestSchemaV4("my_database", {
+     *   tenantId: "tenant-123",
+     *   tables: ["users", "orders"]
+     * });
+     *
+     * console.log(`Ingested ${result.chunksCreated} chunks`);
+     * ```
+     */
+    async ingestSchemaV4(databaseName, options, signal) {
+        // Introspect schema in V3 format (v4 uses the same schema format)
+        const schemaExport = await this.introspectV3(databaseName, {
+            tenantId: options.tenantId,
+            ...(options.tables && { tables: options.tables }),
+        });
+        // Post to v4/ingest endpoint
+        const result = await this.post("/v4/ingest", { schema: schemaExport }, options.tenantId, options.userId, options.scopes, signal);
+        // Mark database as synced
+        this.syncedDatabases.add(databaseName);
+        return result;
+    }
+    /**
+     * Ensure all attached databases have been synced at least once.
+     * Called automatically on first ask() if needed (unless disabled).
+     */
+    async ensureDatabasesSynced(tenantId, userId, scopes, useV3, useV4, disableAutoSync) {
+        if (disableAutoSync) {
+            return; // Auto-sync disabled, user must call syncSchema/ingestSchemaV3/ingestSchemaV4 manually
+        }
+        const dbNames = Array.from(this.databases.keys());
+        if (dbNames.length === 0)
+            return;
+        let unsyncedDbs = dbNames.filter((name) => !this.syncedDatabases.has(name));
+        if (unsyncedDbs.length === 0)
+            return;
+        if (this.organizationId) {
+            await Promise.all(unsyncedDbs.map((dbName) => this.reconcileSchemaStatus(dbName, tenantId, userId, scopes)));
+            unsyncedDbs = dbNames.filter((name) => !this.syncedDatabases.has(name));
+            if (unsyncedDbs.length === 0)
+                return;
+        }
+        const version = useV4 ? "v4" : useV3 ? "v3" : "v2";
+        console.log(`Auto-syncing databases (${version}): ${unsyncedDbs.join(", ")}`);
+        // Sync all unsynced databases in parallel
+        await Promise.all(unsyncedDbs.map((dbName) => useV4
+            ? this.ingestSchemaV4(dbName, {
+                tenantId,
+                ...(userId ? { userId } : {}),
+                ...(scopes ? { scopes } : {}),
+            }).catch((err) => console.warn(`Failed to sync ${dbName}:`, err))
+            : useV3
+                ? this.ingestSchemaV3(dbName, {
+                    tenantId,
+                    ...(userId ? { userId } : {}),
+                    ...(scopes ? { scopes } : {}),
+                }).catch((err) => console.warn(`Failed to sync ${dbName}:`, err))
+                : this.syncSchema(dbName, {
+                    tenantId,
+                    ...(userId ? { userId } : {}),
+                    ...(scopes ? { scopes } : {}),
+                }).catch((err) => console.warn(`Failed to sync ${dbName}:`, err))));
+    }
+    /**
+     * Generate a hash of the introspection for change detection
+     */
+    hashIntrospection(introspection) {
+        const tables = Array.isArray(introspection?.tables)
+            ? introspection.tables
+            : [];
+        const normalized = tables.map((t) => {
+            return {
+                name: t?.name ?? "",
+                schema: t?.schema ?? "",
+                columns: Array.isArray(t?.columns)
+                    ? t.columns
+                        .map((c) => `${c?.name ?? ""}:${c?.type ?? ""}`)
+                        .sort()
+                    : [],
+            };
+        });
+        normalized.sort((a, b) => {
+            const schemaCompare = a.schema.localeCompare(b.schema);
+            if (schemaCompare !== 0)
+                return schemaCompare;
+            return a.name.localeCompare(b.name);
+        });
+        const content = JSON.stringify(normalized);
+        return createHash("sha256").update(content).digest("hex");
+    }
+    async reconcileSchemaStatus(databaseName, tenantId, userId, scopes) {
+        const cachedHash = this.lastSyncHashes.get(databaseName);
+        const params = new URLSearchParams({ database: databaseName });
+        if (cachedHash)
+            params.set("hash", cachedHash);
+        try {
+            const response = await this.get(`/v2/schema-sync-status?${params.toString()}`, tenantId, userId, scopes);
+            if (response.status === "up_to_date" && response.schemaHash) {
+                this.lastSyncHashes.set(databaseName, response.schemaHash);
+                this.syncedDatabases.add(databaseName);
+                return;
+            }
+            if (response.status === "stale" &&
+                response.schemaHash &&
+                response.introspectedAt) {
+                this.lastSyncHashes.set(databaseName, response.schemaHash);
+            }
+            if (response.status === "not_found") {
+                this.lastSyncHashes.delete(databaseName);
+            }
+        }
+        catch (error) {
+            if (error?.status === 404 ||
+                error?.status === 400 ||
+                error?.status === 501) {
+                // Older server or missing org context – fall back to client-side sync
+                return;
+            }
+            console.warn(`Failed to check schema sync status for '${databaseName}': ${error}`);
+        }
+    }
+    /**
+     * Ensures tenant isolation by adding tenant filter to SQL if not present.
+     * Modifies SQL and params in-place to include tenant field.
+     */
+    ensureTenantIsolation(sql, params, metadata, tenantId) {
+        if (!metadata.tenantFieldName || !metadata.enforceTenantIsolation) {
+            return sql; // Enforcement disabled or no tenant field configured
+        }
+        const tenantFieldName = metadata.tenantFieldName;
+        const tenantFieldType = metadata.tenantFieldType || "String";
+        // Check if tenant field is already being filtered in SQL
+        let parameterFound = false;
+        let placeholderName;
+        if (metadata.dialect === "clickhouse") {
+            // ClickHouse: Check if the field name appears in a WHERE/AND clause with comparison
+            // This catches patterns like: "customer_id = {tenantId:Int32}" or "customer_id = {customer_id:String}"
+            const fieldFilterPattern = new RegExp(`\\b${tenantFieldName}\\s*=\\s*\\{([^}:]+)(?::[^}]+)?\\}`, "i");
+            const match = sql.match(fieldFilterPattern);
+            if (match) {
+                parameterFound = true;
+                placeholderName = match[1]; // Extract placeholder name (e.g., "tenantId" from "{tenantId:Int32}")
+            }
+        }
+        else if (metadata.dialect === "postgres") {
+            // Check if field name appears in SQL (basic check for tenant field)
+            parameterFound = sql
+                .toLowerCase()
+                .includes(tenantFieldName.toLowerCase());
+        }
+        else {
+            // Generic check: ensure the field name appears in SQL
+            parameterFound = sql
+                .toLowerCase()
+                .includes(tenantFieldName.toLowerCase());
+        }
+        // Always enforce tenant parameter with correct tenantId
+        // This ensures the parameter is set even if the API returns 0 or any other placeholder
+        if (placeholderName) {
+            // Use the actual placeholder name found in SQL (e.g., "tenantId")
+            params[placeholderName] = tenantId;
+        }
+        else {
+            // Fallback to field name
+            params[tenantFieldName] = tenantId;
+        }
+        // If parameter not found in SQL, add tenant filter
+        if (!parameterFound) {
+            console.warn(`[Tenant Isolation] Adding missing tenant filter to SQL for field '${tenantFieldName}' on database '${metadata.name}'`);
+            // Determine how to add the filter based on dialect
+            let tenantFilter = "";
+            if (metadata.dialect === "clickhouse") {
+                // ClickHouse parameterized syntax
+                tenantFilter = `${tenantFieldName} = {${tenantFieldName}:${tenantFieldType}}`;
+            }
+            else if (metadata.dialect === "postgres") {
+                // Postgres would need $N syntax, but since we don't know the param index,
+                // we'll use a simple comparison (the adapter should handle parameterization)
+                tenantFilter = `${tenantFieldName} = '${tenantId}'`;
+            }
+            else {
+                tenantFilter = `${tenantFieldName} = '${tenantId}'`;
+            }
+            // Determine if SQL already has a WHERE clause
+            const hasWhere = /\bWHERE\b/i.test(sql);
+            if (hasWhere) {
+                // Find the WHERE clause and add AND condition
+                // Look for WHERE and insert after it, or at the end before GROUP BY/ORDER BY/LIMIT
+                const whereMatch = sql.match(/\bWHERE\b/i);
+                if (whereMatch) {
+                    const whereIndex = whereMatch.index + whereMatch[0].length;
+                    // Find the end of WHERE clause (before GROUP BY, ORDER BY, LIMIT, or end)
+                    const afterWhere = sql.substring(whereIndex);
+                    const endMatch = afterWhere.match(/\b(GROUP\s+BY|ORDER\s+BY|LIMIT|HAVING)\b/i);
+                    if (endMatch && endMatch.index === 0) {
+                        // WHERE is immediately followed by GROUP BY/ORDER BY/LIMIT - insert before it
+                        sql =
+                            sql.substring(0, whereIndex) + ` ${tenantFilter} ` + afterWhere;
+                    }
+                    else {
+                        // Add as AND condition
+                        sql =
+                            sql.substring(0, whereIndex) +
+                                ` (${tenantFilter}) AND (` +
+                                afterWhere.trimStart() +
+                                ")";
+                    }
+                }
+            }
+            else {
+                // Add new WHERE clause before GROUP BY/ORDER BY/LIMIT or at the end
+                const clauseMatch = sql.match(/\b(GROUP\s+BY|ORDER\s+BY|LIMIT|HAVING)\b/i);
+                if (clauseMatch) {
+                    const insertIndex = clauseMatch.index;
+                    sql =
+                        sql.substring(0, insertIndex) +
+                            `WHERE ${tenantFilter} ` +
+                            sql.substring(insertIndex);
+                }
+                else {
+                    // Add at the end
+                    sql = sql.trim();
+                    if (!sql.endsWith(";")) {
+                        sql += ` WHERE ${tenantFilter}`;
+                    }
+                    else {
+                        sql = sql.substring(0, sql.length - 1) + ` WHERE ${tenantFilter};`;
+                    }
+                }
+            }
+            console.log(`[Tenant Isolation] Modified SQL to include tenant filter: ${tenantFilter}`);
+        }
+        return sql;
+    }
+    async ask(question, options, signal) {
+        const { tenantId, database, userId, scopes, sqlMaxAttempts = 3, chartMaxRetries = 3, useV3 = false, useV4 = false, disableAutoSync = false, } = options;
+        // Auto-sync databases on first use (unless disabled)
+        await this.ensureDatabasesSynced(tenantId, userId, scopes, useV3, useV4, disableAutoSync);
+        let attempt = 0;
+        const sessionId = randomUUID();
+        let lastError;
+        let failedSql;
+        while (attempt < sqlMaxAttempts) {
+            // Build available databases list with metadata (includes tenantFieldName per database)
+            const availableDatabases = Array.from(this.databaseMetadata.values());
+            // Determine endpoint based on version flag
+            const endpoint = useV4
+                ? "/v4/generate-sql"
+                : useV3
+                    ? "/v3/generate-sql"
+                    : "/v2/generate-sql";
+            const sqlResponse = await this.post(endpoint, {
+                question,
+                max_retries: Math.max(1, sqlMaxAttempts - attempt),
+                attempt_count: attempt,
+                ...(lastError ? { last_error: lastError } : {}),
+                ...(failedSql ? { failed_sql: failedSql } : {}),
+                ...(database ? { database } : {}), // Optional hint
+                available_databases: availableDatabases,
+                ...(options.additionalPrompts && options.additionalPrompts.length > 0
+                    ? { additional_prompts: options.additionalPrompts }
+                    : {}),
+            }, tenantId, userId, scopes, signal, sessionId);
+            try {
+                // Get the database adapter (use API's selected database or hint)
+                const dbName = database || sqlResponse.database || this.defaultDatabase;
+                if (!dbName) {
+                    throw new Error("No database selected");
+                }
+                const adapter = this.getDatabase(dbName);
+                // Validate dialect matches (if API provided it)
+                if (sqlResponse.dialect &&
+                    adapter.getDialect() !== sqlResponse.dialect) {
+                    throw new Error(`Dialect mismatch: API selected ${sqlResponse.dialect} but client has ${adapter.getDialect()} for database '${dbName}'`);
+                }
+                // Ensure tenant isolation: add tenant filter to SQL and params if not present
+                const dbMetadata = this.databaseMetadata.get(dbName);
+                if (dbMetadata) {
+                    sqlResponse.sql = this.ensureTenantIsolation(sqlResponse.sql, sqlResponse.params, dbMetadata, tenantId);
+                }
+                // Validate SQL with EXPLAIN before executing (with merged params)
+                await adapter.validate(sqlResponse.sql, sqlResponse.params);
+                // Execute the query with parameters
+                const execution = await adapter.execute(sqlResponse.sql, sqlResponse.params);
+                const rows = Array.isArray(execution.rows) ? execution.rows : [];
+                let chart;
+                if (rows.length === 0) {
+                    chart = {
+                        vegaLiteSpec: null,
+                        notes: "Query returned no rows; chart generation skipped.",
+                    };
+                }
+                else {
+                    const chartResponse = await this.post("/v2/generate-chart", {
+                        question,
+                        sql: sqlResponse.sql,
+                        rationale: sqlResponse.rationale,
+                        fields: execution.fields,
+                        rows: anonymizeResults(rows),
+                        max_retries: chartMaxRetries,
+                    }, tenantId, userId, scopes, signal, sessionId);
+                    chart = {
+                        vegaLiteSpec: {
+                            ...chartResponse.vegaLiteSpec,
+                            data: {
+                                values: rows,
+                            },
+                        },
+                        notes: chartResponse.notes,
+                    };
+                }
+                return {
+                    sql: sqlResponse.sql,
+                    params: sqlResponse.params,
+                    rationale: sqlResponse.rationale,
+                    context: sqlResponse.context,
+                    chart,
+                    fields: execution.fields,
+                    rows,
+                };
+            }
+            catch (error) {
+                lastError = error instanceof Error ? error.message : String(error);
+                failedSql = sqlResponse.sql;
+                attempt += 1;
+                if (attempt >= sqlMaxAttempts) {
+                    throw error;
+                }
+            }
+        }
+        throw new Error("Failed to generate chart after maximum attempts");
+    }
+    async train(body, options, signal) {
+        return await this.post("/v2/train", body, options?.tenantId, options?.userId, options?.scopes, signal);
+    }
+    async stats(options, signal) {
+        return await this.get("/stats", options.tenantId, options.userId, options.scopes, signal);
+    }
+    // Charts CRUD
+    async createChart(body, options, signal) {
+        return await this.post("/v2/charts", body, options.tenantId, options.userId, options.scopes, signal);
+    }
+    async listCharts(options, signal) {
+        const queryParams = new URLSearchParams();
+        if (options.pagination?.page) {
+            queryParams.set("page", options.pagination.page.toString());
+        }
+        if (options.pagination?.limit) {
+            queryParams.set("limit", options.pagination.limit.toString());
+        }
+        if (options.sortBy) {
+            queryParams.set("sort_by", options.sortBy);
+        }
+        if (options.sortDir) {
+            queryParams.set("sort_dir", options.sortDir);
+        }
+        if (options.name) {
+            queryParams.set("name", options.name);
+        }
+        if (options.filterUserId) {
+            queryParams.set("user_id", options.filterUserId);
+        }
+        if (options.createdFrom) {
+            queryParams.set("created_from", options.createdFrom);
+        }
+        if (options.createdTo) {
+            queryParams.set("created_to", options.createdTo);
+        }
+        if (options.updatedFrom) {
+            queryParams.set("updated_from", options.updatedFrom);
+        }
+        if (options.updatedTo) {
+            queryParams.set("updated_to", options.updatedTo);
+        }
+        const query = queryParams.toString() ? `?${queryParams.toString()}` : "";
+        const charts = await this.get(`/v2/charts${query}`, options.tenantId, options.userId, options.scopes, signal);
+        const chartsWithData = await Promise.all(charts.data.map(async (chart) => {
+            return {
+                ...chart,
+                vega_lite_spec: {
+                    ...chart.vega_lite_spec,
+                    data: {
+                        values: (await this.runSafeQueryOnClient(chart.sql, chart.database, chart.sql_params || undefined)) ?? [],
+                    },
+                },
+            };
+        }));
+        return {
+            ...charts,
+            data: chartsWithData,
+        };
+    }
+    async getChart(id, options, signal) {
+        const chart = await this.get(`/v2/charts/${encodeURIComponent(id)}`, options.tenantId, options.userId, options.scopes, signal);
+        return {
+            ...chart,
+            vega_lite_spec: {
+                ...chart.vega_lite_spec,
+                data: {
+                    values: await this.runSafeQueryOnClient(chart.sql, chart.database, chart.sql_params || undefined),
+                },
+            },
+        };
+    }
+    async updateChart(id, body, options, signal) {
+        return await this.put(`/v2/charts/${encodeURIComponent(id)}`, body, options.tenantId, options.userId, options.scopes, signal);
+    }
+    async deleteChart(id, options, signal) {
+        await this.delete(`/v2/charts/${encodeURIComponent(id)}`, options.tenantId, options.userId, options.scopes, signal);
+    }
+    // Active Charts CRUD
+    async createActiveChart(body, options, signal) {
+        return await this.post("/v2/active-charts", body, options.tenantId, options.userId, options.scopes, signal);
+    }
+    async listActiveCharts(options, signal) {
+        const queryParams = new URLSearchParams();
+        if (options.pagination?.page) {
+            queryParams.set("page", options.pagination.page.toString());
+        }
+        if (options.pagination?.limit) {
+            queryParams.set("limit", options.pagination.limit.toString());
+        }
+        if (options.sortBy)
+            queryParams.set("sort_by", options.sortBy);
+        if (options.sortDir)
+            queryParams.set("sort_dir", options.sortDir);
+        if (options.name)
+            queryParams.set("name", options.name);
+        if (options.filterUserId)
+            queryParams.set("user_id", options.filterUserId);
+        if (options.createdFrom)
+            queryParams.set("created_from", options.createdFrom);
+        if (options.createdTo)
+            queryParams.set("created_to", options.createdTo);
+        if (options.updatedFrom)
+            queryParams.set("updated_from", options.updatedFrom);
+        if (options.updatedTo)
+            queryParams.set("updated_to", options.updatedTo);
+        const query = queryParams.toString() ? `?${queryParams.toString()}` : "";
+        const charts = await this.get(`/v2/active-charts${query}`, options.tenantId, options.userId, options.scopes, signal);
+        if (options.withdata) {
+            charts.data = await Promise.all(charts.data.map(async (chart) => {
+                return {
+                    ...chart,
+                    chart: await this.getChart(chart.chart_id, options),
+                };
+            }));
+        }
+        return charts;
+    }
+    async getActiveChart(id, options, signal) {
+        const activeChart = await this.get(`/v2/active-charts/${encodeURIComponent(id)}`, options.tenantId, options.userId, options.scopes, signal);
+        return {
+            ...activeChart,
+            ...(!!activeChart.chart && {
+                chart: {
+                    ...activeChart.chart,
+                    vega_lite_spec: {
+                        ...activeChart.chart.vega_lite_spec,
+                        data: {
+                            values: await this.runSafeQueryOnClient(activeChart.chart.sql, activeChart.chart.database, activeChart.chart.sql_params || undefined),
+                        },
+                    },
+                },
+            }),
+        };
+    }
+    async updateActiveChart(id, body, options, signal) {
+        return await this.put(`/v2/active-charts/${encodeURIComponent(id)}`, body, options.tenantId, options.userId, options.scopes, signal);
+    }
+    async deleteActiveChart(id, options, signal) {
+        await this.delete(`/v2/active-charts/${encodeURIComponent(id)}`, options.tenantId, options.userId, options.scopes, signal);
+    }
+    async get(path, tenantId, userId, scopes, signal, sessionId) {
+        const res = await fetch(this.baseUrl + path, {
+            method: "GET",
+            headers: await this.headers(tenantId, userId, scopes, false, sessionId),
+            signal,
+        });
+        return await this.parseResponse(res);
+    }
+    async post(path, body, tenantId, userId, scopes, signal, sessionId) {
+        const res = await fetch(this.baseUrl + path, {
+            method: "POST",
+            headers: await this.headers(tenantId, userId, scopes, true, sessionId),
+            body: JSON.stringify(body ?? {}),
+            signal,
+        });
+        return await this.parseResponse(res);
+    }
+    async put(path, body, tenantId, userId, scopes, signal, sessionId) {
+        const res = await fetch(this.baseUrl + path, {
+            method: "PUT",
+            headers: await this.headers(tenantId, userId, scopes, true, sessionId),
+            body: JSON.stringify(body ?? {}),
+            signal,
+        });
+        return await this.parseResponse(res);
+    }
+    async delete(path, tenantId, userId, scopes, signal, sessionId) {
+        const res = await fetch(this.baseUrl + path, {
+            method: "DELETE",
+            headers: await this.headers(tenantId, userId, scopes, false, sessionId),
+            signal,
+        });
+        return await this.parseResponse(res);
+    }
+    async generateJWT(tenantId, userId, scopes) {
+        if (!this.privateKey || !this.organizationId) {
+            throw new Error("Private key and organization ID are required for JWT generation");
+        }
+        // Cache the imported private key to avoid re-importing on every request
+        if (!this.cachedPrivateKey) {
+            this.cachedPrivateKey = await importPKCS8(this.privateKey, "RS256");
+        }
+        const payload = {
+            organizationId: this.organizationId,
+        };
+        if (tenantId) {
+            payload.tenantId = tenantId;
+        }
+        if (userId) {
+            payload.userId = userId;
+        }
+        if (scopes && scopes.length > 0) {
+            payload.scopes = scopes;
+        }
+        return await new SignJWT(payload)
+            .setProtectedHeader({ alg: "RS256" })
+            .setIssuedAt()
+            .setExpirationTime("1h")
+            .sign(this.cachedPrivateKey);
+    }
+    async headers(tenantId, userId, scopes, includeJsonContentType = true, sessionId) {
+        let authToken;
+        if (this.token) {
+            // Legacy mode: use provided JWT
+            authToken = this.token;
+        }
+        else {
+            // New mode: generate JWT
+            authToken = await this.generateJWT(tenantId, userId, scopes);
+        }
+        const headers = {
+            Authorization: `Bearer ${authToken}`,
+            Accept: "application/json",
+        };
+        if (includeJsonContentType) {
+            headers["Content-Type"] = "application/json";
+        }
+        if (sessionId) {
+            headers["x-session-id"] = sessionId;
+        }
+        return headers;
+    }
+    async parseResponse(res) {
+        const text = await res.text();
+        let json;
+        try {
+            json = text ? JSON.parse(text) : undefined;
+        }
+        catch { }
+        if (!res.ok) {
+            const message = json?.error || res.statusText || "Request failed";
+            const err = new Error(message);
+            err.status = res.status;
+            if (json?.details)
+                err.details = json.details;
+            // Special handling for 429 (MaxRetriesError from v4 API)
+            if (res.status === 429 && json?.attemptCount && json?.maxRetries) {
+                err.details = {
+                    ...json,
+                    message: `Maximum retry attempts (${json.maxRetries}) exceeded after ${json.attemptCount} attempts`,
+                };
+            }
+            throw err;
+        }
+        return json;
+    }
+    async runSafeQueryOnClient(sql, database, params) {
+        try {
+            const adapter = this.getDatabase(database);
+            const result = await adapter.execute(sql, params || {});
+            return result.rows;
+        }
+        catch (error) {
+            console.error(`Error running query on database '${database}': ${error}`);
+            return [];
+        }
+    }
+}
+//# sourceMappingURL=index.js.map