@squadbase/vite-server 0.1.12-dev.a9ac647 → 0.1.17-dev.24af54e

package/dist/connectors/outlook-oauth.js

@@ -185,6 +185,28 @@ var ConnectorPlugin = class _ConnectorPlugin {
   tools;
   query;
   checkConnection;
+  /**
+   * SQPD-1212: Logic-based, rule-driven connection setup. Connectors that
+   * implement this expose a step-by-step exploration flow (database/schema/
+   * table/etc. discovery) that the dashboard backend drives via the
+   * `/connections/:connectionId/setup` endpoint. Implement by delegating to
+   * `runSetupFlow` from `setup-flow.ts`.
+   */
+  setup;
+  /**
+   * Opt-out of the default "verify before save" behavior on connection
+   * creation. The backend invokes `checkConnection` synchronously while
+   * creating the connection and aborts (no row inserted) if it fails — this
+   * flag disables that for connectors where the check cannot succeed pre-save:
+   *
+   *   - `squadbase-db` populates `connection-url` only after Neon provisioning
+   *   - OAuth connectors require an OAuth-aware proxyFetch keyed by the
+   *     connectionId, which doesn't exist until the row is saved
+   *
+   * Exceptions are the explicit position; new credential-input connectors get
+   * the default verify-on-create behavior without opt-in.
+   */
+  skipConnectionCheckOnCreate;
   constructor(config) {
     this.slug = config.slug;
     this.authType = config.authType;
@@ -201,6 +223,8 @@ var ConnectorPlugin = class _ConnectorPlugin {
     this.tools = config.tools;
     this.query = config.query;
     this.checkConnection = config.checkConnection;
+    this.setup = config.setup;
+    this.skipConnectionCheckOnCreate = config.skipConnectionCheckOnCreate;
   }
   get connectorKey() {
     return _ConnectorPlugin.deriveKey(this.slug, this.authType);
@@ -265,6 +289,51 @@ var ConnectorPlugin = class _ConnectorPlugin {
   }
 };
 
+// ../connectors/src/setup-flow.ts
+async function runSetupFlow(flow, params, ctx, config) {
+  const runtime = {
+    params,
+    language: ctx.language,
+    config
+  };
+  let state = flow.initialState();
+  let answerIdx = 0;
+  for (const step of flow.steps) {
+    const ans = ctx.answers[answerIdx];
+    if (ans && ans.questionSlug === step.slug) {
+      state = step.applyAnswer(state, ans.answer);
+      answerIdx += 1;
+      continue;
+    }
+    if (step.type === "text") {
+      return {
+        type: "nextQuestion",
+        questionSlug: step.slug,
+        question: step.question[ctx.language],
+        questionType: "text"
+      };
+    }
+    const options = step.fetchOptions ? await step.fetchOptions(state, runtime) : [];
+    if (options.length === 0) {
+      continue;
+    }
+    return {
+      type: "nextQuestion",
+      questionSlug: step.slug,
+      question: step.question[ctx.language],
+      questionType: step.type,
+      options
+    };
+  }
+  const dataInvestigationResult = await flow.finalize(state, runtime);
+  return { type: "fulfilled", dataInvestigationResult };
+}
+async function resolveSetupSelection(params) {
+  const { selected, allSentinel, fetchAll, limit } = params;
+  const resolved = selected.includes(allSentinel) ? await fetchAll() : selected.filter((v) => v !== allSentinel);
+  return resolved.slice(0, limit);
+}
+
 // ../connectors/src/auth-types.ts
 var AUTH_TYPES = {
   OAUTH: "oauth",
@@ -463,6 +532,89 @@ Calendar
   }
 });
 
+// ../connectors/src/connectors/outlook-oauth/utils.ts
+async function graphApiFetch(config, url) {
+  const res = await config.proxyFetch(url, { method: "GET" });
+  if (!res.ok) {
+    const text = await res.text().catch(() => res.statusText);
+    throw new Error(`Microsoft Graph ${url} failed: HTTP ${res.status} ${text}`);
+  }
+  return await res.json();
+}
+
+// ../connectors/src/connectors/outlook-oauth/setup-flow.ts
+var ALL_FOLDERS = "__ALL_FOLDERS__";
+var OUTLOOK_SETUP_MAX_FOLDERS = 20;
+async function listMailFolders(config) {
+  const url = "https://graph.microsoft.com/v1.0/me/mailFolders?$top=100&$select=id,displayName,parentFolderId,childFolderCount,unreadItemCount,totalItemCount";
+  const data = await graphApiFetch(config, url);
+  return data.value ?? [];
+}
+var outlookOauthSetupFlow = {
+  initialState: () => ({}),
+  steps: [
+    {
+      slug: "folders",
+      type: "multiSelect",
+      question: {
+        ja: "\u5BFE\u8C61\u306E\u30E1\u30FC\u30EB\u30D5\u30A9\u30EB\u30C0\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u9078\u629E\u53EF\uFF09",
+        en: "Select target mail folders (multi-select allowed)"
+      },
+      async fetchOptions(_state, rt) {
+        const folders = await listMailFolders(rt.config);
+        return [
+          {
+            value: ALL_FOLDERS,
+            label: rt.language === "ja" ? "\u3059\u3079\u3066\u306E\u30D5\u30A9\u30EB\u30C0" : "All folders"
+          },
+          ...folders.map((f) => ({
+            value: f.id,
+            label: f.displayName ?? f.id
+          }))
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, folders: answer })
+    }
+  ],
+  async finalize(state, rt) {
+    if (!state.folders) {
+      throw new Error("Outlook setup: incomplete state on finalize");
+    }
+    const folders = await listMailFolders(rt.config);
+    const byId = new Map(folders.map((f) => [f.id, f]));
+    const targetIds = await resolveSetupSelection({
+      selected: state.folders,
+      allSentinel: ALL_FOLDERS,
+      fetchAll: async () => folders.map((f) => f.id),
+      limit: OUTLOOK_SETUP_MAX_FOLDERS
+    });
+    const sections = ["## Outlook", ""];
+    if (targetIds.length === 0) {
+      sections.push(
+        rt.language === "ja" ? "\u5BFE\u8C61\u306E\u30D5\u30A9\u30EB\u30C0\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002" : "No folders selected."
+      );
+      return sections.join("\n");
+    }
+    sections.push("| Folder | Total | Unread | Sub-folders |");
+    sections.push("|--------|-------|--------|-------------|");
+    for (const id of targetIds) {
+      const f = byId.get(id);
+      if (!f) {
+        sections.push(`| ${id} | - | - | - |`);
+        continue;
+      }
+      const total = f.totalItemCount ?? "-";
+      const unread = f.unreadItemCount ?? "-";
+      const subs = f.childFolderCount ?? 0;
+      sections.push(
+        `| ${f.displayName ?? id} | ${total} | ${unread} | ${subs} |`
+      );
+    }
+    sections.push("");
+    return sections.join("\n");
+  }
+};
+
 // ../connectors/src/connectors/outlook-oauth/parameters.ts
 var parameters = {};
 
@@ -471,6 +623,7 @@ var tools = { request: requestTool };
 var outlookOauthConnector = new ConnectorPlugin({
   slug: "outlook",
   authType: AUTH_TYPES.OAUTH,
+  skipConnectionCheckOnCreate: true,
   name: "Outlook",
   description: "Connect to Microsoft Outlook (Mail + Calendar) via Microsoft Graph using OAuth. Read-only access to the user's mailbox, mail folders, messages, attachments, calendars, and events.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/1J1FrRTYJjOh3CcSIqsz3I/6a467b4d926075ff99dc60820e0ae4b1/Microsoft_Outlook_Icon__2025%C3%A2__present_.svg",
@@ -755,6 +908,7 @@ events.value.forEach(e => console.log(e.start.dateTime, e.subject));
 \`\`\``
   },
   tools,
+  setup: (params, ctx, config) => runSetupFlow(outlookOauthSetupFlow, params, ctx, config),
   async checkConnection(_params, config) {
     const { proxyFetch } = config;
     const url = "https://graph.microsoft.com/v1.0/me";
@@ -803,6 +957,7 @@ function resolveEnvVarOptional(entry, key) {
 import { getContext } from "hono/context-storage";
 import { getCookie } from "hono/cookie";
 var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+var TABLEAU_SESSION_SENTINEL_URL = "squadbase://tableau-session/";
 function normalizeHeaders(input) {
   const out = {};
   if (!input) return out;
@@ -811,6 +966,11 @@ function normalizeHeaders(input) {
   });
   return out;
 }
+function extractInputUrl(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.href;
+  return input.url;
+}
 function createSandboxProxyFetch(connectionId) {
   return async (input, init) => {
     const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
@@ -820,10 +980,17 @@ function createSandboxProxyFetch(connectionId) {
         "Connection proxy is not configured. Please check your deployment settings."
       );
     }
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalUrl = extractInputUrl(input);
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      const sessionUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${token}` }
+      });
+    }
     const originalMethod = init?.method ?? "GET";
     const originalBody = init?.body ? JSON.parse(init.body) : void 0;
-    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
     const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
     return fetch(proxyUrl, {
       method: "POST",
@@ -849,10 +1016,9 @@ function createDeployedAppProxyFetch(connectionId) {
   }
   const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
   const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  const sessionUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
   return async (input, init) => {
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
-    const originalMethod = init?.method ?? "GET";
-    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const originalUrl = extractInputUrl(input);
     const c = getContext();
     const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
     if (!appSession) {
@@ -860,6 +1026,14 @@ function createDeployedAppProxyFetch(connectionId) {
         "No authentication method available for connection proxy."
       );
     }
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${appSession}` }
+      });
+    }
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
     return fetch(proxyUrl, {
       method: "POST",
       headers: {

package/dist/connectors/powerbi-oauth.js

@@ -143,6 +143,28 @@ var ConnectorPlugin = class _ConnectorPlugin {
   tools;
   query;
   checkConnection;
+  /**
+   * SQPD-1212: Logic-based, rule-driven connection setup. Connectors that
+   * implement this expose a step-by-step exploration flow (database/schema/
+   * table/etc. discovery) that the dashboard backend drives via the
+   * `/connections/:connectionId/setup` endpoint. Implement by delegating to
+   * `runSetupFlow` from `setup-flow.ts`.
+   */
+  setup;
+  /**
+   * Opt-out of the default "verify before save" behavior on connection
+   * creation. The backend invokes `checkConnection` synchronously while
+   * creating the connection and aborts (no row inserted) if it fails — this
+   * flag disables that for connectors where the check cannot succeed pre-save:
+   *
+   *   - `squadbase-db` populates `connection-url` only after Neon provisioning
+   *   - OAuth connectors require an OAuth-aware proxyFetch keyed by the
+   *     connectionId, which doesn't exist until the row is saved
+   *
+   * Exceptions are the explicit position; new credential-input connectors get
+   * the default verify-on-create behavior without opt-in.
+   */
+  skipConnectionCheckOnCreate;
   constructor(config) {
     this.slug = config.slug;
     this.authType = config.authType;
@@ -159,6 +181,8 @@ var ConnectorPlugin = class _ConnectorPlugin {
     this.tools = config.tools;
     this.query = config.query;
     this.checkConnection = config.checkConnection;
+    this.setup = config.setup;
+    this.skipConnectionCheckOnCreate = config.skipConnectionCheckOnCreate;
   }
   get connectorKey() {
     return _ConnectorPlugin.deriveKey(this.slug, this.authType);
@@ -223,6 +247,51 @@ var ConnectorPlugin = class _ConnectorPlugin {
   }
 };
 
+// ../connectors/src/setup-flow.ts
+async function runSetupFlow(flow, params, ctx, config) {
+  const runtime = {
+    params,
+    language: ctx.language,
+    config
+  };
+  let state = flow.initialState();
+  let answerIdx = 0;
+  for (const step of flow.steps) {
+    const ans = ctx.answers[answerIdx];
+    if (ans && ans.questionSlug === step.slug) {
+      state = step.applyAnswer(state, ans.answer);
+      answerIdx += 1;
+      continue;
+    }
+    if (step.type === "text") {
+      return {
+        type: "nextQuestion",
+        questionSlug: step.slug,
+        question: step.question[ctx.language],
+        questionType: "text"
+      };
+    }
+    const options = step.fetchOptions ? await step.fetchOptions(state, runtime) : [];
+    if (options.length === 0) {
+      continue;
+    }
+    return {
+      type: "nextQuestion",
+      questionSlug: step.slug,
+      question: step.question[ctx.language],
+      questionType: step.type,
+      options
+    };
+  }
+  const dataInvestigationResult = await flow.finalize(state, runtime);
+  return { type: "fulfilled", dataInvestigationResult };
+}
+async function resolveSetupSelection(params) {
+  const { selected, allSentinel, fetchAll, limit } = params;
+  const resolved = selected.includes(allSentinel) ? await fetchAll() : selected.filter((v) => v !== allSentinel);
+  return resolved.slice(0, limit);
+}
+
 // ../connectors/src/auth-types.ts
 var AUTH_TYPES = {
   OAUTH: "oauth",
@@ -411,11 +480,142 @@ var powerbiOauthOnboarding = new ConnectorOnboarding({
 // ../connectors/src/connectors/powerbi-oauth/parameters.ts
 var parameters = {};
 
+// ../connectors/src/connectors/powerbi-oauth/utils.ts
+var BASE_URL3 = "https://api.powerbi.com/v1.0/myorg";
+function apiFetch(proxyFetch, path2, init) {
+  const url = `${BASE_URL3}${path2.startsWith("/") ? "" : "/"}${path2}`;
+  return proxyFetch(url, init);
+}
+
+// ../connectors/src/connectors/powerbi-oauth/setup-flow.ts
+var ALL_WORKSPACES = "__ALL_WORKSPACES__";
+var POWERBI_SETUP_MAX_WORKSPACES = 10;
+var RESOURCE_DISPLAY_LIMIT = 25;
+var RESOURCE_DATASETS = "datasets";
+var RESOURCE_REPORTS = "reports";
+var RESOURCE_DASHBOARDS = "dashboards";
+async function listGroups(proxyFetch) {
+  const res = await apiFetch(proxyFetch, "/groups");
+  if (!res.ok) {
+    const body = await res.text().catch(() => res.statusText);
+    throw new Error(`powerbi: listGroups failed (${res.status}): ${body}`);
+  }
+  const data = await res.json();
+  return data.value ?? [];
+}
+async function listResource(proxyFetch, groupId, resource) {
+  const res = await apiFetch(
+    proxyFetch,
+    `/groups/${encodeURIComponent(groupId)}/${resource}`
+  );
+  if (!res.ok) {
+    const body = await res.text().catch(() => res.statusText);
+    throw new Error(
+      `powerbi: list ${resource} for group ${groupId} failed (${res.status}): ${body}`
+    );
+  }
+  const data = await res.json();
+  return data.value ?? [];
+}
+function resourceLabel(r) {
+  return r.name ?? r.displayName ?? r.id ?? "(unknown)";
+}
+var powerbiOauthSetupFlow = {
+  initialState: () => ({}),
+  steps: [
+    {
+      slug: "workspaces",
+      type: "multiSelect",
+      question: {
+        ja: "\u5BFE\u8C61\u306E\u30EF\u30FC\u30AF\u30B9\u30DA\u30FC\u30B9\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u9078\u629E\u53EF\uFF09",
+        en: "Select target workspaces (multi-select allowed)"
+      },
+      async fetchOptions(_state, rt) {
+        const groups = await listGroups(rt.config.proxyFetch);
+        const options = groups.filter((g) => g.id && g.name).map((g) => ({ value: g.id, label: g.name }));
+        return [
+          {
+            value: ALL_WORKSPACES,
+            label: rt.language === "ja" ? "\u3059\u3079\u3066\u306E\u30EF\u30FC\u30AF\u30B9\u30DA\u30FC\u30B9" : "All workspaces"
+          },
+          ...options
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, workspaces: answer })
+    },
+    {
+      slug: "resources",
+      type: "multiSelect",
+      question: {
+        ja: "\u8981\u7D04\u306B\u542B\u3081\u308B\u30EA\u30BD\u30FC\u30B9\u7A2E\u5225\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u9078\u629E\u53EF\uFF09",
+        en: "Select which resource types to include in the summary"
+      },
+      async fetchOptions(state, rt) {
+        if (!state.workspaces?.length) return [];
+        const datasetsLabel = rt.language === "ja" ? "\u30C7\u30FC\u30BF\u30BB\u30C3\u30C8" : "Datasets";
+        const reportsLabel = rt.language === "ja" ? "\u30EC\u30DD\u30FC\u30C8" : "Reports";
+        const dashboardsLabel = rt.language === "ja" ? "\u30C0\u30C3\u30B7\u30E5\u30DC\u30FC\u30C9" : "Dashboards";
+        return [
+          { value: RESOURCE_DATASETS, label: datasetsLabel },
+          { value: RESOURCE_REPORTS, label: reportsLabel },
+          { value: RESOURCE_DASHBOARDS, label: dashboardsLabel }
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, resources: answer })
+    }
+  ],
+  async finalize(state, rt) {
+    if (!state.workspaces || !state.resources) {
+      throw new Error("Power BI setup: incomplete state on finalize");
+    }
+    const allGroups = await listGroups(rt.config.proxyFetch);
+    const groupById = new Map(allGroups.map((g) => [g.id, g]));
+    const targetIds = await resolveSetupSelection({
+      selected: state.workspaces,
+      allSentinel: ALL_WORKSPACES,
+      fetchAll: async () => allGroups.map((g) => g.id).filter((id) => id),
+      limit: POWERBI_SETUP_MAX_WORKSPACES
+    });
+    const selectedResources = new Set(state.resources);
+    const sections = ["## Power BI", ""];
+    if (!targetIds.length) {
+      sections.push("_No workspaces selected._", "");
+      return sections.join("\n");
+    }
+    for (const id of targetIds) {
+      const group = groupById.get(id);
+      const name = group?.name ?? id;
+      sections.push(`### Workspace: ${name}`, "", `- id: \`${id}\``);
+      for (const resource of [
+        RESOURCE_DATASETS,
+        RESOURCE_REPORTS,
+        RESOURCE_DASHBOARDS
+      ]) {
+        if (!selectedResources.has(resource)) continue;
+        const items = await listResource(rt.config.proxyFetch, id, resource);
+        const heading = resource === RESOURCE_DATASETS ? "Datasets" : resource === RESOURCE_REPORTS ? "Reports" : "Dashboards";
+        sections.push(`- ${heading} (${items.length}):`);
+        for (const item of items.slice(0, RESOURCE_DISPLAY_LIMIT)) {
+          sections.push(`  - ${resourceLabel(item)}`);
+        }
+        if (items.length > RESOURCE_DISPLAY_LIMIT) {
+          sections.push(
+            `  - \u2026and ${items.length - RESOURCE_DISPLAY_LIMIT} more`
+          );
+        }
+      }
+      sections.push("");
+    }
+    return sections.join("\n");
+  }
+};
+
 // ../connectors/src/connectors/powerbi-oauth/index.ts
 var tools = { request: requestTool };
 var powerbiOauthConnector = new ConnectorPlugin({
   slug: "powerbi",
   authType: AUTH_TYPES.OAUTH,
+  skipConnectionCheckOnCreate: true,
   name: "Power BI",
   description: "Connect to Microsoft Power BI using OAuth (Microsoft Entra ID). Use it to enumerate workspaces, datasets, and reports the signed-in user has access to, and to run DAX queries.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/2vXQCKGpMJ9kGSaqkZl9IS/cc5669c267fc5d11e7b1f8c01723e461/power-bi-icon.png",
@@ -546,6 +746,7 @@ export default async function handler(c: Context) {
 - \`executeQueries\` \u306F\u73FE\u72B6 1 \u30EA\u30AF\u30A8\u30B9\u30C8\u306B\u3064\u304D 1 \u30AF\u30A8\u30EA\u306E\u307F`
   },
   tools,
+  setup: (params, ctx, config) => runSetupFlow(powerbiOauthSetupFlow, params, ctx, config),
   async checkConnection(_params, config) {
     const { proxyFetch } = config;
     const url = "https://api.powerbi.com/v1.0/myorg/groups?$top=1";
@@ -594,6 +795,7 @@ function resolveEnvVarOptional(entry, key) {
 import { getContext } from "hono/context-storage";
 import { getCookie } from "hono/cookie";
 var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+var TABLEAU_SESSION_SENTINEL_URL = "squadbase://tableau-session/";
 function normalizeHeaders(input) {
   const out = {};
   if (!input) return out;
@@ -602,6 +804,11 @@ function normalizeHeaders(input) {
   });
   return out;
 }
+function extractInputUrl(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.href;
+  return input.url;
+}
 function createSandboxProxyFetch(connectionId) {
   return async (input, init) => {
     const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
@@ -611,10 +818,17 @@ function createSandboxProxyFetch(connectionId) {
         "Connection proxy is not configured. Please check your deployment settings."
       );
     }
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalUrl = extractInputUrl(input);
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      const sessionUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${token}` }
+      });
+    }
     const originalMethod = init?.method ?? "GET";
     const originalBody = init?.body ? JSON.parse(init.body) : void 0;
-    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
     const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
     return fetch(proxyUrl, {
       method: "POST",
@@ -640,10 +854,9 @@ function createDeployedAppProxyFetch(connectionId) {
   }
   const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
   const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  const sessionUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
   return async (input, init) => {
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
-    const originalMethod = init?.method ?? "GET";
-    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const originalUrl = extractInputUrl(input);
     const c = getContext();
     const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
     if (!appSession) {
@@ -651,6 +864,14 @@ function createDeployedAppProxyFetch(connectionId) {
         "No authentication method available for connection proxy."
       );
     }
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${appSession}` }
+      });
+    }
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
     return fetch(proxyUrl, {
       method: "POST",
       headers: {