@squadbase/vite-server 0.1.12-dev.a9ac647 → 0.1.17-dev.3b633bb

package/dist/connectors/google-docs.js

@@ -113,6 +113,28 @@ var ConnectorPlugin = class _ConnectorPlugin {
   tools;
   query;
   checkConnection;
+  /**
+   * SQPD-1212: Logic-based, rule-driven connection setup. Connectors that
+   * implement this expose a step-by-step exploration flow (database/schema/
+   * table/etc. discovery) that the dashboard backend drives via the
+   * `/connections/:connectionId/setup` endpoint. Implement by delegating to
+   * `runSetupFlow` from `setup-flow.ts`.
+   */
+  setup;
+  /**
+   * Opt-out of the default "verify before save" behavior on connection
+   * creation. The backend invokes `checkConnection` synchronously while
+   * creating the connection and aborts (no row inserted) if it fails — this
+   * flag disables that for connectors where the check cannot succeed pre-save:
+   *
+   *   - `squadbase-db` populates `connection-url` only after Neon provisioning
+   *   - OAuth connectors require an OAuth-aware proxyFetch keyed by the
+   *     connectionId, which doesn't exist until the row is saved
+   *
+   * Exceptions are the explicit position; new credential-input connectors get
+   * the default verify-on-create behavior without opt-in.
+   */
+  skipConnectionCheckOnCreate;
   constructor(config) {
     this.slug = config.slug;
     this.authType = config.authType;
@@ -129,6 +151,8 @@ var ConnectorPlugin = class _ConnectorPlugin {
     this.tools = config.tools;
     this.query = config.query;
     this.checkConnection = config.checkConnection;
+    this.setup = config.setup;
+    this.skipConnectionCheckOnCreate = config.skipConnectionCheckOnCreate;
   }
   get connectorKey() {
     return _ConnectorPlugin.deriveKey(this.slug, this.authType);
@@ -193,6 +217,76 @@ var ConnectorPlugin = class _ConnectorPlugin {
   }
 };
 
+// ../connectors/src/setup-flow.ts
+async function runSetupFlow(flow, params, ctx, config) {
+  const runtime = {
+    params,
+    language: ctx.language,
+    config
+  };
+  let state = flow.initialState();
+  let answerIdx = 0;
+  const pendingParameterUpdates = [];
+  for (const step of flow.steps) {
+    const ans = ctx.answers[answerIdx];
+    if (ans && ans.questionSlug === step.slug) {
+      state = step.applyAnswer(state, ans.answer);
+      if (step.toParameterUpdates) {
+        pendingParameterUpdates.push(...step.toParameterUpdates(state));
+      }
+      answerIdx += 1;
+      continue;
+    }
+    const resolvedAllowFreeText = step.allowFreeText !== void 0 ? step.allowFreeText : true;
+    if (step.type === "text") {
+      if (step.fetchOptions) {
+        const options2 = await step.fetchOptions(state, runtime);
+        if (options2.length === 0) {
+          continue;
+        }
+      }
+      return {
+        type: "nextQuestion",
+        questionSlug: step.slug,
+        question: step.question[ctx.language],
+        questionType: "text",
+        allowFreeText: resolvedAllowFreeText,
+        ...pendingParameterUpdates.length > 0 && {
+          parameterUpdates: pendingParameterUpdates
+        }
+      };
+    }
+    const options = step.fetchOptions ? await step.fetchOptions(state, runtime) : [];
+    if (options.length === 0) {
+      continue;
+    }
+    return {
+      type: "nextQuestion",
+      questionSlug: step.slug,
+      question: step.question[ctx.language],
+      questionType: step.type,
+      options,
+      allowFreeText: resolvedAllowFreeText,
+      ...pendingParameterUpdates.length > 0 && {
+        parameterUpdates: pendingParameterUpdates
+      }
+    };
+  }
+  const dataInvestigationResult = await flow.finalize(state, runtime);
+  return {
+    type: "fulfilled",
+    dataInvestigationResult,
+    ...pendingParameterUpdates.length > 0 && {
+      parameterUpdates: pendingParameterUpdates
+    }
+  };
+}
+async function resolveSetupSelection(params) {
+  const { selected, allSentinel, fetchAll, limit } = params;
+  const resolved = selected.includes(allSentinel) ? await fetchAll() : selected.filter((v) => v !== allSentinel);
+  return resolved.slice(0, limit);
+}
+
 // ../connectors/src/auth-types.ts
 var AUTH_TYPES = {
   OAUTH: "oauth",
@@ -223,6 +317,104 @@ var googleDocsOnboarding = new ConnectorOnboarding({
   }
 });
 
+// ../connectors/src/connectors/google-docs/utils.ts
+async function googleApiFetch(config, url) {
+  const res = await config.proxyFetch(url, { method: "GET" });
+  if (!res.ok) {
+    const text = await res.text().catch(() => res.statusText);
+    throw new Error(`Google Docs ${url} failed: HTTP ${res.status} ${text}`);
+  }
+  return await res.json();
+}
+
+// ../connectors/src/connectors/google-docs/setup-flow.ts
+var ALL_DOCUMENTS = "__ALL_DOCUMENTS__";
+var GOOGLE_DOCS_SETUP_MAX_DOCUMENTS = 10;
+var DRIVE_LIST_PAGE_SIZE = 50;
+async function listDocuments(config) {
+  const q = encodeURIComponent(
+    "mimeType='application/vnd.google-apps.document' and trashed=false"
+  );
+  const url = `https://www.googleapis.com/drive/v3/files?q=${q}&pageSize=${DRIVE_LIST_PAGE_SIZE}&orderBy=modifiedTime%20desc&fields=files(id,name,modifiedTime)`;
+  const data = await googleApiFetch(config, url);
+  return data.files ?? [];
+}
+function extractHeadings(meta, max) {
+  const out = [];
+  for (const c of meta.body?.content ?? []) {
+    const p = c.paragraph;
+    if (!p) continue;
+    const style = p.paragraphStyle?.namedStyleType ?? "";
+    if (!style.startsWith("HEADING_")) continue;
+    const text = (p.elements ?? []).map((el) => el.textRun?.content ?? "").join("").trim();
+    if (text) out.push(`${style}: ${text}`);
+    if (out.length >= max) break;
+  }
+  return out;
+}
+var googleDocsSetupFlow = {
+  initialState: () => ({}),
+  steps: [
+    {
+      slug: "documents",
+      type: "multiSelect",
+      question: {
+        ja: "\u5BFE\u8C61\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u9078\u629E\u53EF\uFF09",
+        en: "Select target documents (multi-select allowed)"
+      },
+      async fetchOptions(_state, rt) {
+        const files = await listDocuments(rt.config);
+        return [
+          {
+            value: ALL_DOCUMENTS,
+            label: rt.language === "ja" ? "\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u3059\u3079\u3066\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8" : "All accessible documents"
+          },
+          ...files.map((f) => ({ value: f.id, label: f.name }))
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, documents: answer })
+    }
+  ],
+  async finalize(state, rt) {
+    if (!state.documents) {
+      throw new Error("Google Docs setup: incomplete state on finalize");
+    }
+    const targetIds = await resolveSetupSelection({
+      selected: state.documents,
+      allSentinel: ALL_DOCUMENTS,
+      fetchAll: async () => {
+        const files = await listDocuments(rt.config);
+        return files.map((f) => f.id);
+      },
+      limit: GOOGLE_DOCS_SETUP_MAX_DOCUMENTS
+    });
+    const sections = ["## Google Docs", ""];
+    if (targetIds.length === 0) {
+      sections.push(
+        rt.language === "ja" ? "\u5BFE\u8C61\u306E\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u304C\u9078\u629E\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002" : "No documents selected."
+      );
+      return sections.join("\n");
+    }
+    for (const id of targetIds) {
+      const url = `https://docs.googleapis.com/v1/documents/${encodeURIComponent(
+        id
+      )}`;
+      const meta = await googleApiFetch(rt.config, url);
+      const title = meta.title ?? id;
+      sections.push(`### Document: ${title}`, "");
+      sections.push(`- ID: ${id}`);
+      if (meta.revisionId) sections.push(`- Revision: ${meta.revisionId}`);
+      const headings = extractHeadings(meta, 5);
+      if (headings.length > 0) {
+        sections.push("- Outline:");
+        for (const h of headings) sections.push(`  - ${h}`);
+      }
+      sections.push("");
+    }
+    return sections.join("\n");
+  }
+};
+
 // ../connectors/src/connectors/google-docs/parameters.ts
 var parameters = {};
 
@@ -355,6 +547,7 @@ var tools = { request: requestTool };
 var googleDocsConnector = new ConnectorPlugin({
   slug: "google-docs",
   authType: AUTH_TYPES.OAUTH,
+  skipConnectionCheckOnCreate: true,
   name: "Google Docs",
   description: "Connect to Google Docs for document data access and creation using OAuth.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/6vvcGJisvXjOumeTvswjzf/e9bb39e453cc0b71a20f26019b23b0d2/google_docs.png",
@@ -510,7 +703,8 @@ await docs.batchUpdate(documentId, [
 ]);
 \`\`\``
   },
-  tools
+  tools,
+  setup: (params, ctx, config) => runSetupFlow(googleDocsSetupFlow, params, ctx, config)
 });
 
 // src/connectors/create-connector-sdk.ts
@@ -539,6 +733,7 @@ function resolveEnvVarOptional(entry, key) {
 import { getContext } from "hono/context-storage";
 import { getCookie } from "hono/cookie";
 var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+var TABLEAU_SESSION_SENTINEL_URL = "squadbase://tableau-session/";
 function normalizeHeaders(input) {
   const out = {};
   if (!input) return out;
@@ -547,6 +742,11 @@ function normalizeHeaders(input) {
   });
   return out;
 }
+function extractInputUrl(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.href;
+  return input.url;
+}
 function createSandboxProxyFetch(connectionId) {
   return async (input, init) => {
     const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
@@ -556,10 +756,17 @@ function createSandboxProxyFetch(connectionId) {
         "Connection proxy is not configured. Please check your deployment settings."
       );
     }
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalUrl = extractInputUrl(input);
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      const sessionUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${token}` }
+      });
+    }
     const originalMethod = init?.method ?? "GET";
     const originalBody = init?.body ? JSON.parse(init.body) : void 0;
-    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
     const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
     return fetch(proxyUrl, {
       method: "POST",
@@ -585,10 +792,9 @@ function createDeployedAppProxyFetch(connectionId) {
   }
   const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
   const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  const sessionUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
   return async (input, init) => {
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
-    const originalMethod = init?.method ?? "GET";
-    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const originalUrl = extractInputUrl(input);
     const c = getContext();
     const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
     if (!appSession) {
@@ -596,6 +802,14 @@ function createDeployedAppProxyFetch(connectionId) {
         "No authentication method available for connection proxy."
       );
     }
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${appSession}` }
+      });
+    }
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
     return fetch(proxyUrl, {
       method: "POST",
       headers: {

package/dist/connectors/google-drive.js

@@ -202,6 +202,28 @@ var ConnectorPlugin = class _ConnectorPlugin {
   tools;
   query;
   checkConnection;
+  /**
+   * SQPD-1212: Logic-based, rule-driven connection setup. Connectors that
+   * implement this expose a step-by-step exploration flow (database/schema/
+   * table/etc. discovery) that the dashboard backend drives via the
+   * `/connections/:connectionId/setup` endpoint. Implement by delegating to
+   * `runSetupFlow` from `setup-flow.ts`.
+   */
+  setup;
+  /**
+   * Opt-out of the default "verify before save" behavior on connection
+   * creation. The backend invokes `checkConnection` synchronously while
+   * creating the connection and aborts (no row inserted) if it fails — this
+   * flag disables that for connectors where the check cannot succeed pre-save:
+   *
+   *   - `squadbase-db` populates `connection-url` only after Neon provisioning
+   *   - OAuth connectors require an OAuth-aware proxyFetch keyed by the
+   *     connectionId, which doesn't exist until the row is saved
+   *
+   * Exceptions are the explicit position; new credential-input connectors get
+   * the default verify-on-create behavior without opt-in.
+   */
+  skipConnectionCheckOnCreate;
   constructor(config) {
     this.slug = config.slug;
     this.authType = config.authType;
@@ -218,6 +240,8 @@ var ConnectorPlugin = class _ConnectorPlugin {
     this.tools = config.tools;
     this.query = config.query;
     this.checkConnection = config.checkConnection;
+    this.setup = config.setup;
+    this.skipConnectionCheckOnCreate = config.skipConnectionCheckOnCreate;
   }
   get connectorKey() {
     return _ConnectorPlugin.deriveKey(this.slug, this.authType);
@@ -282,6 +306,76 @@ var ConnectorPlugin = class _ConnectorPlugin {
   }
 };
 
+// ../connectors/src/setup-flow.ts
+async function runSetupFlow(flow, params, ctx, config) {
+  const runtime = {
+    params,
+    language: ctx.language,
+    config
+  };
+  let state = flow.initialState();
+  let answerIdx = 0;
+  const pendingParameterUpdates = [];
+  for (const step of flow.steps) {
+    const ans = ctx.answers[answerIdx];
+    if (ans && ans.questionSlug === step.slug) {
+      state = step.applyAnswer(state, ans.answer);
+      if (step.toParameterUpdates) {
+        pendingParameterUpdates.push(...step.toParameterUpdates(state));
+      }
+      answerIdx += 1;
+      continue;
+    }
+    const resolvedAllowFreeText = step.allowFreeText !== void 0 ? step.allowFreeText : true;
+    if (step.type === "text") {
+      if (step.fetchOptions) {
+        const options2 = await step.fetchOptions(state, runtime);
+        if (options2.length === 0) {
+          continue;
+        }
+      }
+      return {
+        type: "nextQuestion",
+        questionSlug: step.slug,
+        question: step.question[ctx.language],
+        questionType: "text",
+        allowFreeText: resolvedAllowFreeText,
+        ...pendingParameterUpdates.length > 0 && {
+          parameterUpdates: pendingParameterUpdates
+        }
+      };
+    }
+    const options = step.fetchOptions ? await step.fetchOptions(state, runtime) : [];
+    if (options.length === 0) {
+      continue;
+    }
+    return {
+      type: "nextQuestion",
+      questionSlug: step.slug,
+      question: step.question[ctx.language],
+      questionType: step.type,
+      options,
+      allowFreeText: resolvedAllowFreeText,
+      ...pendingParameterUpdates.length > 0 && {
+        parameterUpdates: pendingParameterUpdates
+      }
+    };
+  }
+  const dataInvestigationResult = await flow.finalize(state, runtime);
+  return {
+    type: "fulfilled",
+    dataInvestigationResult,
+    ...pendingParameterUpdates.length > 0 && {
+      parameterUpdates: pendingParameterUpdates
+    }
+  };
+}
+async function resolveSetupSelection(params) {
+  const { selected, allSentinel, fetchAll, limit } = params;
+  const resolved = selected.includes(allSentinel) ? await fetchAll() : selected.filter((v) => v !== allSentinel);
+  return resolved.slice(0, limit);
+}
+
 // ../connectors/src/auth-types.ts
 var AUTH_TYPES = {
   OAUTH: "oauth",
@@ -312,6 +406,147 @@ var googleDriveOnboarding = new ConnectorOnboarding({
   }
 });
 
+// ../connectors/src/connectors/google-drive/utils.ts
+async function googleApiFetch(config, url) {
+  const res = await config.proxyFetch(url, { method: "GET" });
+  if (!res.ok) {
+    const text = await res.text().catch(() => res.statusText);
+    throw new Error(`Google Drive ${url} failed: HTTP ${res.status} ${text}`);
+  }
+  return await res.json();
+}
+
+// ../connectors/src/connectors/google-drive/setup-flow.ts
+var MY_DRIVE = "__MY_DRIVE__";
+var ALL_ITEMS = "__ALL_ITEMS__";
+var GOOGLE_DRIVE_SETUP_MAX_ITEMS = 25;
+var PAGE_SIZE = 50;
+var FOLDER_MIME = "application/vnd.google-apps.folder";
+async function listSharedDrives(config) {
+  const url = `https://www.googleapis.com/drive/v3/drives?pageSize=100&fields=drives(id,name)`;
+  try {
+    const data = await googleApiFetch(config, url);
+    return data.drives ?? [];
+  } catch {
+    return [];
+  }
+}
+function listItemsUrl(driveId) {
+  const params = new URLSearchParams({
+    pageSize: String(PAGE_SIZE),
+    fields: "files(id,name,mimeType,modifiedTime)",
+    orderBy: "modifiedTime desc"
+  });
+  if (driveId) {
+    params.set("corpora", "drive");
+    params.set("driveId", driveId);
+    params.set("includeItemsFromAllDrives", "true");
+    params.set("supportsAllDrives", "true");
+    params.set("q", `'${driveId}' in parents and trashed=false`);
+  } else {
+    params.set("q", `'root' in parents and trashed=false`);
+  }
+  return `https://www.googleapis.com/drive/v3/files?${params.toString()}`;
+}
+async function listItems(config, driveId) {
+  const data = await googleApiFetch(
+    config,
+    listItemsUrl(driveId)
+  );
+  return data.files ?? [];
+}
+var googleDriveSetupFlow = {
+  initialState: () => ({}),
+  steps: [
+    {
+      slug: "drive",
+      type: "select",
+      question: {
+        ja: "\u5BFE\u8C61\u306E\u30C9\u30E9\u30A4\u30D6\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044",
+        en: "Select the drive to use"
+      },
+      async fetchOptions(_state, rt) {
+        const shared = await listSharedDrives(rt.config);
+        const myDriveLabel = rt.language === "ja" ? "\u30DE\u30A4\u30C9\u30E9\u30A4\u30D6" : "My Drive";
+        return [
+          { value: MY_DRIVE, label: myDriveLabel },
+          ...shared.filter((d) => d.id).map((d) => ({ value: d.id, label: d.name ?? d.id }))
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, drive: answer[0] })
+    },
+    {
+      slug: "items",
+      type: "multiSelect",
+      question: {
+        ja: "\u5BFE\u8C61\u306E\u30D5\u30A9\u30EB\u30C0\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u9078\u629E\u53EF\uFF09",
+        en: "Select target folders or files (multi-select allowed)"
+      },
+      async fetchOptions(state, rt) {
+        if (!state.drive) return [];
+        const driveId = state.drive === MY_DRIVE ? null : state.drive;
+        const files = await listItems(rt.config, driveId);
+        const fileOptions = files.map((f) => {
+          const isFolder = f.mimeType === FOLDER_MIME;
+          const prefix = isFolder ? "[folder] " : "";
+          return { value: f.id, label: `${prefix}${f.name}` };
+        });
+        return [
+          {
+            value: ALL_ITEMS,
+            label: rt.language === "ja" ? "\u3053\u306E\u30C9\u30E9\u30A4\u30D6\u306E\u3059\u3079\u3066\u306E\u30A2\u30A4\u30C6\u30E0" : "All items in this drive"
+          },
+          ...fileOptions
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, items: answer })
+    }
+  ],
+  async finalize(state, rt) {
+    if (!state.drive || !state.items) {
+      throw new Error("Google Drive setup: incomplete state on finalize");
+    }
+    const driveId = state.drive === MY_DRIVE ? null : state.drive;
+    const allFiles = await listItems(rt.config, driveId);
+    const filesById = new Map(allFiles.map((f) => [f.id, f]));
+    const targetIds = await resolveSetupSelection({
+      selected: state.items,
+      allSentinel: ALL_ITEMS,
+      fetchAll: async () => allFiles.map((f) => f.id),
+      limit: GOOGLE_DRIVE_SETUP_MAX_ITEMS
+    });
+    const driveLabel = state.drive === MY_DRIVE ? rt.language === "ja" ? "\u30DE\u30A4\u30C9\u30E9\u30A4\u30D6" : "My Drive" : state.drive;
+    const sections = [
+      "## Google Drive",
+      "",
+      `### Drive: ${driveLabel}`,
+      ""
+    ];
+    if (targetIds.length === 0) {
+      sections.push(
+        rt.language === "ja" ? "- \u9078\u629E\u3055\u308C\u305F\u30A2\u30A4\u30C6\u30E0\u306F\u3042\u308A\u307E\u305B\u3093\u3002" : "- No items selected."
+      );
+      return sections.join("\n");
+    }
+    sections.push("| Name | Type | Modified |");
+    sections.push("|------|------|----------|");
+    for (const id of targetIds) {
+      const f = filesById.get(id);
+      if (!f) {
+        sections.push(`| ${id} | (unknown) | - |`);
+        continue;
+      }
+      const isFolder = f.mimeType === FOLDER_MIME;
+      const typeLabel = isFolder ? "folder" : f.mimeType ?? "file";
+      sections.push(
+        `| ${f.name} | ${typeLabel} | ${f.modifiedTime ?? "-"} |`
+      );
+    }
+    sections.push("");
+    return sections.join("\n");
+  }
+};
+
 // ../connectors/src/connectors/google-drive/parameters.ts
 var parameters = {};
 
@@ -439,6 +674,7 @@ var tools = { request: requestTool };
 var googleDriveConnector = new ConnectorPlugin({
   slug: "google-drive",
   authType: AUTH_TYPES.OAUTH,
+  skipConnectionCheckOnCreate: true,
   name: "Google Drive",
   description: "Connect to Google Drive for file management, sharing, and collaboration using OAuth.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/4GJX5yQTogUgar1buWxXbv/4b43a65353319c508111489f834d22c4/google_drive.png",
@@ -730,6 +966,7 @@ await drive.updateFile("fileId123", {}, "newFolderId", "oldFolderId");
 \`\`\``
   },
   tools,
+  setup: (params, ctx, config) => runSetupFlow(googleDriveSetupFlow, params, ctx, config),
   async checkConnection(_params, config) {
     const { proxyFetch } = config;
     const url = "https://www.googleapis.com/drive/v3/about?fields=user";
@@ -778,6 +1015,7 @@ function resolveEnvVarOptional(entry, key) {
 import { getContext } from "hono/context-storage";
 import { getCookie } from "hono/cookie";
 var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+var TABLEAU_SESSION_SENTINEL_URL = "squadbase://tableau-session/";
 function normalizeHeaders(input) {
   const out = {};
   if (!input) return out;
@@ -786,6 +1024,11 @@ function normalizeHeaders(input) {
   });
   return out;
 }
+function extractInputUrl(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.href;
+  return input.url;
+}
 function createSandboxProxyFetch(connectionId) {
   return async (input, init) => {
     const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
@@ -795,10 +1038,17 @@ function createSandboxProxyFetch(connectionId) {
         "Connection proxy is not configured. Please check your deployment settings."
       );
     }
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalUrl = extractInputUrl(input);
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      const sessionUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${token}` }
+      });
+    }
     const originalMethod = init?.method ?? "GET";
     const originalBody = init?.body ? JSON.parse(init.body) : void 0;
-    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
     const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
     return fetch(proxyUrl, {
       method: "POST",
@@ -824,10 +1074,9 @@ function createDeployedAppProxyFetch(connectionId) {
   }
   const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
   const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  const sessionUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
   return async (input, init) => {
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
-    const originalMethod = init?.method ?? "GET";
-    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const originalUrl = extractInputUrl(input);
     const c = getContext();
     const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
     if (!appSession) {
@@ -835,6 +1084,14 @@ function createDeployedAppProxyFetch(connectionId) {
         "No authentication method available for connection proxy."
       );
     }
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${appSession}` }
+      });
+    }
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
     return fetch(proxyUrl, {
       method: "POST",
       headers: {