@squadbase/vite-server 0.1.9-dev.f236b23 → 0.1.10-dev.cec85c2

package/dist/connectors/google-ads.js

@@ -52,15 +52,6 @@ var parameters = {
     type: "text",
     secret: false,
     required: false
-  }),
-  developerToken: new ParameterDefinition({
-    slug: "developer-token",
-    name: "Google Ads Developer Token",
-    description: "The developer token for accessing the Google Ads API. Required for all API requests.",
-    envVarBaseKey: "GOOGLE_ADS_DEVELOPER_TOKEN",
-    type: "text",
-    secret: true,
-    required: true
   })
 };
 
@@ -69,12 +60,6 @@ var BASE_URL = "https://googleads.googleapis.com/v18/";
 function createClient(params, fetchFn = fetch) {
   const rawCustomerId = params[parameters.customerId.slug];
   const defaultCustomerId = rawCustomerId?.replace(/-/g, "") ?? "";
-  const developerToken = params[parameters.developerToken.slug];
-  if (!developerToken) {
-    throw new Error(
-      `google-ads: missing required parameter: ${parameters.developerToken.slug}`
-    );
-  }
   function resolveCustomerId(override) {
     const id = override?.replace(/-/g, "") ?? defaultCustomerId;
     if (!id) {
@@ -88,7 +73,6 @@ function createClient(params, fetchFn = fetch) {
     const resolvedPath = defaultCustomerId ? path2.replace(/\{customerId\}/g, defaultCustomerId) : path2;
     const url = `${BASE_URL}${resolvedPath}`;
     const headers = new Headers(init?.headers);
-    headers.set("developer-token", developerToken);
     if (defaultCustomerId) {
       headers.set("login-customer-id", defaultCustomerId);
     }
@@ -99,7 +83,6 @@ function createClient(params, fetchFn = fetch) {
     const url = `${BASE_URL}customers/${cid}/googleAds:searchStream`;
     const headers = new Headers();
     headers.set("Content-Type", "application/json");
-    headers.set("developer-token", developerToken);
     headers.set("login-customer-id", cid);
     const response = await fetchFn(url, {
       method: "POST",
@@ -117,9 +100,7 @@ function createClient(params, fetchFn = fetch) {
   }
   async function listAccessibleCustomers() {
     const url = `${BASE_URL}customers:listAccessibleCustomers`;
-    const headers = new Headers();
-    headers.set("developer-token", developerToken);
-    const response = await fetchFn(url, { method: "GET", headers });
+    const response = await fetchFn(url, { method: "GET" });
     if (!response.ok) {
       const body = await response.text();
       throw new Error(
@@ -360,7 +341,6 @@ var listCustomersTool = new ConnectorTool({
       `[connector-request] google-ads/${connection2.name}: listCustomers`
     );
     try {
-      const developerToken = parameters.developerToken.getValue(connection2);
       const token = await getProxyToken(config.oauthProxy);
       const proxyUrl = `https://${config.oauthProxy.sandboxId}.${config.oauthProxy.previewBaseDomain}/_sqcore/connections/${connectionId}/request`;
       const controller = new AbortController();
@@ -374,10 +354,7 @@ var listCustomersTool = new ConnectorTool({
           },
           body: JSON.stringify({
             url: `${BASE_URL2}customers:listAccessibleCustomers`,
-            method: "GET",
-            headers: {
-              "developer-token": developerToken
-            }
+            method: "GET"
           }),
           signal: controller.signal
         });
@@ -403,7 +380,6 @@ var listCustomersTool = new ConnectorTool({
                 method: "POST",
                 headers: {
                   "Content-Type": "application/json",
-                  "developer-token": developerToken,
                   "login-customer-id": cid
                 },
                 body: JSON.stringify({
@@ -449,30 +425,24 @@ var googleAdsOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Ads (OAuth) \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \u30E6\u30FC\u30B6\u30FC\u306B\u300CGoogle Ads API \u306E Developer Token \u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08Google Ads \u7BA1\u7406\u753B\u9762 > \u30C4\u30FC\u30EB\u3068\u8A2D\u5B9A > API \u30BB\u30F3\u30BF\u30FC\u3067\u53D6\u5F97\u3067\u304D\u307E\u3059\uFF09\u300D\u3068\u4F1D\u3048\u308B
+1. \`${listCustomersToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001OAuth\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306AGoogle Ads\u30AB\u30B9\u30BF\u30DE\u30FC\u30A2\u30AB\u30A6\u30F3\u30C8\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B
 2. \`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
-   - \`parameterSlug\`: \`"developer-token"\`
-   - \`value\`: \u30E6\u30FC\u30B6\u30FC\u304C\u63D0\u4F9B\u3057\u305F Developer Token
-3. \`${listCustomersToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001OAuth\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306AGoogle Ads\u30AB\u30B9\u30BF\u30DE\u30FC\u30A2\u30AB\u30A6\u30F3\u30C8\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B
-4. \`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
    - \`parameterSlug\`: \`"customer-id"\`
    - \`options\`: \u30AB\u30B9\u30BF\u30DE\u30FC\u4E00\u89A7\u3002\u5404 option \u306E \`label\` \u306F \`\u30A2\u30AB\u30A6\u30F3\u30C8\u540D (id: \u30AB\u30B9\u30BF\u30DE\u30FCID)\` \u306E\u5F62\u5F0F\u3001\`value\` \u306F\u30AB\u30B9\u30BF\u30DE\u30FCID
-5. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F\u30AB\u30B9\u30BF\u30DE\u30FC\u306E \`label\` \u304C\u30E1\u30C3\u30BB\u30FC\u30B8\u3068\u3057\u3066\u5C4A\u304F\u306E\u3067\u3001\u6B21\u306E\u30B9\u30C6\u30C3\u30D7\u306B\u9032\u3080
+   - \u30AB\u30B9\u30BF\u30DE\u30FC\u304C **0\u4EF6** \u306E\u5834\u5408\u306F\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u4E2D\u65AD\u3057\u3001\u30E6\u30FC\u30B6\u30FC\u306B\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30A2\u30AB\u30A6\u30F3\u30C8\u304C\u306A\u3044\u65E8\u3092\u4F1D\u3048\u308B
+3. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F\u30AB\u30B9\u30BF\u30DE\u30FC\u306E \`label\` \u304C\u30E1\u30C3\u30BB\u30FC\u30B8\u3068\u3057\u3066\u5C4A\u304F\u306E\u3067\u3001\u6B21\u306E\u30B9\u30C6\u30C3\u30D7\u306B\u9032\u3080
 
 #### \u5236\u7D04
 - **\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u30EC\u30DD\u30FC\u30C8\u30C7\u30FC\u30BF\u3092\u53D6\u5F97\u3057\u306A\u3044\u3053\u3068**\u3002\u5B9F\u884C\u3057\u3066\u3088\u3044\u306E\u306F\u4E0A\u8A18\u624B\u9806\u3067\u6307\u5B9A\u3055\u308C\u305F\u30E1\u30BF\u30C7\u30FC\u30BF\u53D6\u5F97\u306E\u307F
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Google Ads (OAuth) connection.
 
-1. Ask the user to provide their Google Ads API Developer Token (available in Google Ads UI > Tools & Settings > API Center)
+1. Call \`${listCustomersToolName}\` to get the list of Google Ads customer accounts accessible with the OAuth credentials
 2. Call \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"developer-token"\`
-   - \`value\`: The Developer Token provided by the user
-3. Call \`${listCustomersToolName}\` to get the list of Google Ads customer accounts accessible with the OAuth credentials
-4. Call \`updateConnectionParameters\`:
    - \`parameterSlug\`: \`"customer-id"\`
    - \`options\`: The customer list. Each option's \`label\` should be \`Account Name (id: customerId)\`, \`value\` should be the customer ID
-5. The \`label\` of the user's selected customer will arrive as a message. Proceed to the next step
+   - If **0 customers** are returned, abort setup and inform the user that no accessible accounts are available
+3. The \`label\` of the user's selected customer will arrive as a message. Proceed to the next step
 
 #### Constraints
 - **Do NOT fetch report data during setup**. Only the metadata requests specified in the steps above are allowed
@@ -571,7 +541,6 @@ Authentication is handled automatically via OAuth proxy.
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS2);
       try {
-        const developerToken = parameters.developerToken.getValue(connection2);
         const response = await fetch(proxyUrl, {
           method: "POST",
           headers: {
@@ -583,7 +552,6 @@ Authentication is handled automatically via OAuth proxy.
             method,
             headers: {
               "Content-Type": "application/json",
-              "developer-token": developerToken,
               ...customerId ? { "login-customer-id": customerId } : {}
             },
             ...method === "POST" && body ? { body: JSON.stringify(body) } : {}
@@ -764,20 +732,12 @@ const customerIds = await ads.listAccessibleCustomers();
     if (!customerId) {
       return { success: true };
     }
-    const developerToken = params[parameters.developerToken.slug];
-    if (!developerToken) {
-      return {
-        success: false,
-        error: "Developer token is required"
-      };
-    }
     const url = `https://googleads.googleapis.com/v18/customers/${customerId}/googleAds:searchStream`;
     try {
       const res = await proxyFetch(url, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          "developer-token": developerToken,
           "login-customer-id": customerId
         },
         body: JSON.stringify({

package/dist/connectors/jdbc.js

@@ -20254,6 +20254,150 @@ var ParameterDefinition = class {
   }
 };
 
+// ../connectors/src/lib/ssh-tunnel.ts
+var sshTunnelParameters = {
+  sshHost: new ParameterDefinition({
+    slug: "ssh-host",
+    name: "SSH Tunnel Host",
+    description: "Optional. Hostname of the SSH bastion to tunnel through. Leave empty to connect directly.",
+    envVarBaseKey: "SSH_TUNNEL_HOST",
+    type: "text",
+    secret: false,
+    required: false
+  }),
+  sshPort: new ParameterDefinition({
+    slug: "ssh-port",
+    name: "SSH Tunnel Port",
+    description: "Optional. SSH port of the bastion host (default: 22).",
+    envVarBaseKey: "SSH_TUNNEL_PORT",
+    type: "text",
+    secret: false,
+    required: false
+  }),
+  sshUsername: new ParameterDefinition({
+    slug: "ssh-username",
+    name: "SSH Tunnel Username",
+    description: "Optional. Username for SSH authentication. Required when SSH Tunnel Host is set.",
+    envVarBaseKey: "SSH_TUNNEL_USERNAME",
+    type: "text",
+    secret: false,
+    required: false
+  }),
+  sshPrivateKeyBase64: new ParameterDefinition({
+    slug: "ssh-private-key-base64",
+    name: "SSH Private Key",
+    description: "Optional. Private key (PEM, base64-encoded) used for SSH authentication. Required when SSH Tunnel Host is set.",
+    envVarBaseKey: "SSH_TUNNEL_PRIVATE_KEY_BASE64",
+    type: "base64EncodedText",
+    secret: true,
+    required: false
+  }),
+  sshPassphrase: new ParameterDefinition({
+    slug: "ssh-passphrase",
+    name: "SSH Private Key Passphrase",
+    description: "Optional. Passphrase for the SSH private key, if it is encrypted.",
+    envVarBaseKey: "SSH_TUNNEL_PASSPHRASE",
+    type: "text",
+    secret: true,
+    required: false
+  })
+};
+var NOOP_TUNNEL = (connectionUrl) => ({
+  connectionUrl,
+  close: async () => {
+  }
+});
+var NOOP_TUNNEL_HOSTPORT = (host, port) => ({
+  host,
+  port,
+  close: async () => {
+  }
+});
+function connectionParamsToRecord(connection2) {
+  const out = {};
+  for (const p of connection2.parameters) {
+    if (p.value != null) out[p.parameterSlug] = p.value;
+  }
+  return out;
+}
+async function maybeOpenSshTunnelHostPort(params, dbHost, dbPort) {
+  const sshHost = params[sshTunnelParameters.sshHost.slug];
+  if (!sshHost) return NOOP_TUNNEL_HOSTPORT(dbHost, dbPort);
+  const sshUsername = params[sshTunnelParameters.sshUsername.slug];
+  const sshPrivateKeyBase64 = params[sshTunnelParameters.sshPrivateKeyBase64.slug];
+  if (!sshUsername || !sshPrivateKeyBase64) {
+    throw new Error(
+      "SSH tunnel requires `ssh-username` and `ssh-private-key-base64` when `ssh-host` is set."
+    );
+  }
+  const sshPort = Number(params[sshTunnelParameters.sshPort.slug] || "22") || 22;
+  const sshPassphrase = params[sshTunnelParameters.sshPassphrase.slug];
+  const [{ Client }, net] = await Promise.all([
+    Promise.resolve().then(() => __toESM(require_lib3(), 1)),
+    import("net")
+  ]);
+  const sshClient = new Client();
+  await new Promise((resolve, reject) => {
+    sshClient.once("ready", () => resolve());
+    sshClient.once("error", reject);
+    sshClient.connect({
+      host: sshHost,
+      port: sshPort,
+      username: sshUsername,
+      privateKey: Buffer.from(sshPrivateKeyBase64, "base64"),
+      passphrase: sshPassphrase || void 0,
+      readyTimeout: 1e4
+    });
+  });
+  const server = net.createServer((socket) => {
+    sshClient.forwardOut(
+      socket.remoteAddress ?? "127.0.0.1",
+      socket.remotePort ?? 0,
+      dbHost,
+      dbPort,
+      (err, stream) => {
+        if (err) {
+          socket.destroy(err);
+          return;
+        }
+        socket.pipe(stream).pipe(socket);
+      }
+    );
+  });
+  await new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(0, "127.0.0.1", () => resolve());
+  });
+  const address = server.address();
+  if (!address || typeof address === "string") {
+    server.close();
+    sshClient.end();
+    throw new Error("Failed to allocate local port for SSH tunnel.");
+  }
+  return {
+    host: "127.0.0.1",
+    port: address.port,
+    close: async () => {
+      await new Promise((resolve) => server.close(() => resolve()));
+      sshClient.end();
+    }
+  };
+}
+async function maybeOpenSshTunnel(params, connectionUrl, defaultDbPort) {
+  const sshHost = params[sshTunnelParameters.sshHost.slug];
+  if (!sshHost) return NOOP_TUNNEL(connectionUrl);
+  const url = new URL(connectionUrl);
+  const dbHost = url.hostname;
+  const dbPort = url.port ? Number(url.port) : defaultDbPort;
+  const tunnel = await maybeOpenSshTunnelHostPort(params, dbHost, dbPort);
+  url.hostname = tunnel.host;
+  url.port = String(tunnel.port);
+  return {
+    connectionUrl: url.toString(),
+    close: tunnel.close
+  };
+}
+
 // ../connectors/src/connectors/sqlserver/utils.ts
 var SQLSERVER_PREFIX_RE = /^(?:jdbc:)?sqlserver:\/\//i;
 var TRUE_VALUES = /* @__PURE__ */ new Set(["true", "1", "yes"]);
@@ -20332,17 +20476,27 @@ async function importMssql() {
 }
 async function runMssqlQuery(parsed, sql, options = {}) {
   const sqlMod = await importMssql();
-  const config = toMssqlConfig(parsed, {
-    encrypt: options.forceEncrypt
-  });
-  const pool = new sqlMod.ConnectionPool(config);
-  await pool.connect();
+  const tunnel = options.tunnelParams ? await maybeOpenSshTunnelHostPort(
+    options.tunnelParams,
+    parsed.server,
+    parsed.port
+  ) : null;
   try {
-    const result = await pool.request().query(sql);
-    const recordset = result.recordset ?? [];
-    return { rows: recordset };
+    const tunneled = tunnel ? { ...parsed, server: tunnel.host, port: tunnel.port } : parsed;
+    const config = toMssqlConfig(tunneled, {
+      encrypt: options.forceEncrypt
+    });
+    const pool = new sqlMod.ConnectionPool(config);
+    await pool.connect();
+    try {
+      const result = await pool.request().query(sql);
+      const recordset = result.recordset ?? [];
+      return { rows: recordset };
+    } finally {
+      await pool.close();
+    }
   } finally {
-    await pool.close();
+    await tunnel?.close();
   }
 }
 async function checkMssqlConnection(url, credentials, options = {}) {
@@ -20430,35 +20584,69 @@ function parseOracleJdbcUrl(jdbcUrl, options = {}) {
 function redactOracleUrl(jdbcUrl) {
   return jdbcUrl.replace(/(:\/\/)([^@/]+)@/, "$1***@").replace(/(thin:)([^@]+)@/i, "$1***@");
 }
+function parseOracleConnectStringHostPort(connectString) {
+  const m = /^([^:/]+):(\d+)(.*)$/.exec(connectString);
+  if (!m) return null;
+  return { host: m[1], port: Number(m[2]), trailing: m[3] };
+}
+function rewriteOracleConnectStringHostPort(connectString, host, port) {
+  const parts = parseOracleConnectStringHostPort(connectString);
+  if (!parts) return connectString;
+  return `${host}:${port}${parts.trailing}`;
+}
 
 // ../connectors/src/lib/oracle-runner.ts
 async function importOracleDb() {
   const mod = await import("oracledb");
   return mod.default ?? mod;
 }
-async function runOracleQuery(parsed, sql) {
+async function runOracleQuery(parsed, sql, options = {}) {
   const oracledb = await importOracleDb();
-  const connection2 = await oracledb.getConnection({
-    user: parsed.user,
-    password: parsed.password,
-    connectString: parsed.connectString
-  });
+  let tunnel = null;
+  if (options.tunnelParams) {
+    const hostPort = parseOracleConnectStringHostPort(parsed.connectString);
+    if (hostPort) {
+      tunnel = await maybeOpenSshTunnelHostPort(
+        options.tunnelParams,
+        hostPort.host,
+        hostPort.port
+      );
+    }
+  }
   try {
-    const result = await connection2.execute(sql, [], {
-      outFormat: oracledb.OUT_FORMAT_OBJECT,
-      // Bound by the connector's own row cap, but keep the driver from
-      // streaming arbitrarily large result sets.
-      maxRows: 5e3
+    const connectString = tunnel ? rewriteOracleConnectStringHostPort(
+      parsed.connectString,
+      tunnel.host,
+      tunnel.port
+    ) : parsed.connectString;
+    const connection2 = await oracledb.getConnection({
+      user: parsed.user,
+      password: parsed.password,
+      connectString
     });
-    return { rows: result.rows ?? [] };
-  } finally {
     try {
-      await connection2.close();
-    } catch {
+      const result = await connection2.execute(
+        sql,
+        [],
+        {
+          outFormat: oracledb.OUT_FORMAT_OBJECT,
+          // Bound by the connector's own row cap, but keep the driver from
+          // streaming arbitrarily large result sets.
+          maxRows: 5e3
+        }
+      );
+      return { rows: result.rows ?? [] };
+    } finally {
+      try {
+        await connection2.close();
+      } catch {
+      }
     }
+  } finally {
+    await tunnel?.close();
   }
 }
-async function checkOracleConnection(url, credentials) {
+async function checkOracleConnection(url, credentials, options = {}) {
   let parsed;
   try {
     parsed = parseOracleJdbcUrl(url, credentials);
@@ -20469,7 +20657,7 @@ async function checkOracleConnection(url, credentials) {
     };
   }
   try {
-    await runOracleQuery(parsed, "SELECT 1 FROM DUAL");
+    await runOracleQuery(parsed, "SELECT 1 FROM DUAL", options);
     return { success: true };
   } catch (err) {
     let msg = err instanceof Error ? err.message : String(err);
@@ -20478,134 +20666,6 @@ async function checkOracleConnection(url, credentials) {
   }
 }
 
-// ../connectors/src/lib/ssh-tunnel.ts
-var sshTunnelParameters = {
-  sshHost: new ParameterDefinition({
-    slug: "ssh-host",
-    name: "SSH Tunnel Host",
-    description: "Optional. Hostname of the SSH bastion to tunnel through. Leave empty to connect directly.",
-    envVarBaseKey: "SSH_TUNNEL_HOST",
-    type: "text",
-    secret: false,
-    required: false
-  }),
-  sshPort: new ParameterDefinition({
-    slug: "ssh-port",
-    name: "SSH Tunnel Port",
-    description: "Optional. SSH port of the bastion host (default: 22).",
-    envVarBaseKey: "SSH_TUNNEL_PORT",
-    type: "text",
-    secret: false,
-    required: false
-  }),
-  sshUsername: new ParameterDefinition({
-    slug: "ssh-username",
-    name: "SSH Tunnel Username",
-    description: "Optional. Username for SSH authentication. Required when SSH Tunnel Host is set.",
-    envVarBaseKey: "SSH_TUNNEL_USERNAME",
-    type: "text",
-    secret: false,
-    required: false
-  }),
-  sshPrivateKeyBase64: new ParameterDefinition({
-    slug: "ssh-private-key-base64",
-    name: "SSH Private Key",
-    description: "Optional. Private key (PEM, base64-encoded) used for SSH authentication. Required when SSH Tunnel Host is set.",
-    envVarBaseKey: "SSH_TUNNEL_PRIVATE_KEY_BASE64",
-    type: "base64EncodedText",
-    secret: true,
-    required: false
-  }),
-  sshPassphrase: new ParameterDefinition({
-    slug: "ssh-passphrase",
-    name: "SSH Private Key Passphrase",
-    description: "Optional. Passphrase for the SSH private key, if it is encrypted.",
-    envVarBaseKey: "SSH_TUNNEL_PASSPHRASE",
-    type: "text",
-    secret: true,
-    required: false
-  })
-};
-var NOOP_TUNNEL = (connectionUrl) => ({
-  connectionUrl,
-  close: async () => {
-  }
-});
-function connectionParamsToRecord(connection2) {
-  const out = {};
-  for (const p of connection2.parameters) {
-    if (p.value != null) out[p.parameterSlug] = p.value;
-  }
-  return out;
-}
-async function maybeOpenSshTunnel(params, connectionUrl, defaultDbPort) {
-  const sshHost = params[sshTunnelParameters.sshHost.slug];
-  if (!sshHost) return NOOP_TUNNEL(connectionUrl);
-  const sshUsername = params[sshTunnelParameters.sshUsername.slug];
-  const sshPrivateKeyBase64 = params[sshTunnelParameters.sshPrivateKeyBase64.slug];
-  if (!sshUsername || !sshPrivateKeyBase64) {
-    throw new Error(
-      "SSH tunnel requires `ssh-username` and `ssh-private-key-base64` when `ssh-host` is set."
-    );
-  }
-  const sshPort = Number(params[sshTunnelParameters.sshPort.slug] || "22") || 22;
-  const sshPassphrase = params[sshTunnelParameters.sshPassphrase.slug];
-  const url = new URL(connectionUrl);
-  const dbHost = url.hostname;
-  const dbPort = url.port ? Number(url.port) : defaultDbPort;
-  const [{ Client }, net] = await Promise.all([
-    Promise.resolve().then(() => __toESM(require_lib3(), 1)),
-    import("net")
-  ]);
-  const sshClient = new Client();
-  await new Promise((resolve, reject) => {
-    sshClient.once("ready", () => resolve());
-    sshClient.once("error", reject);
-    sshClient.connect({
-      host: sshHost,
-      port: sshPort,
-      username: sshUsername,
-      privateKey: Buffer.from(sshPrivateKeyBase64, "base64"),
-      passphrase: sshPassphrase || void 0,
-      readyTimeout: 1e4
-    });
-  });
-  const server = net.createServer((socket) => {
-    sshClient.forwardOut(
-      socket.remoteAddress ?? "127.0.0.1",
-      socket.remotePort ?? 0,
-      dbHost,
-      dbPort,
-      (err, stream) => {
-        if (err) {
-          socket.destroy(err);
-          return;
-        }
-        socket.pipe(stream).pipe(socket);
-      }
-    );
-  });
-  await new Promise((resolve, reject) => {
-    server.once("error", reject);
-    server.listen(0, "127.0.0.1", () => resolve());
-  });
-  const address = server.address();
-  if (!address || typeof address === "string") {
-    server.close();
-    sshClient.end();
-    throw new Error("Failed to allocate local port for SSH tunnel.");
-  }
-  url.hostname = "127.0.0.1";
-  url.port = String(address.port);
-  return {
-    connectionUrl: url.toString(),
-    close: async () => {
-      await new Promise((resolve) => server.close(() => resolve()));
-      sshClient.end();
-    }
-  };
-}
-
 // ../connectors/src/connectors/jdbc/parameters.ts
 var parameters = {
   jdbcUrl: new ParameterDefinition({
@@ -20749,7 +20809,9 @@ function createClient(params) {
           username,
           password
         });
-        const result = await runMssqlQuery(mssqlParsed, sql);
+        const result = await runMssqlQuery(mssqlParsed, sql, {
+          tunnelParams: params
+        });
         return result.rows;
       }
       if (parsed.driver === "oracle") {
@@ -20763,7 +20825,9 @@ function createClient(params) {
           password
         });
         const cleanSql = sql.replace(/;\s*$/, "");
-        const result = await runOracleQuery(oracleParsed, cleanSql);
+        const result = await runOracleQuery(oracleParsed, cleanSql, {
+          tunnelParams: params
+        });
         return result.rows;
       }
       const tunnel = await maybeOpenSshTunnel(
@@ -21042,12 +21106,13 @@ Always bound results: LIMIT for PG/MySQL/Redshift, TOP for SQL Server, FETCH FIR
       };
     }
     try {
+      const tunnelParams = connectionParamsToRecord(connection2);
       if (parsed.driver === "sqlserver") {
         const mssqlParsed = parseSqlServerJdbcUrl(parsed.originalUrl, {
           username,
           password
         });
-        const result = await runMssqlQuery(mssqlParsed, sql);
+        const result = await runMssqlQuery(mssqlParsed, sql, { tunnelParams });
         const rows = result.rows;
         return {
           success: true,
@@ -21062,7 +21127,9 @@ Always bound results: LIMIT for PG/MySQL/Redshift, TOP for SQL Server, FETCH FIR
           password
         });
         const cleanSql = sql.replace(/;\s*$/, "");
-        const result = await runOracleQuery(oracleParsed, cleanSql);
+        const result = await runOracleQuery(oracleParsed, cleanSql, {
+          tunnelParams
+        });
         const rows = result.rows;
         return {
           success: true,
@@ -21074,7 +21141,7 @@ Always bound results: LIMIT for PG/MySQL/Redshift, TOP for SQL Server, FETCH FIR
       let tunnel;
       try {
         tunnel = await maybeOpenSshTunnel(
-          connectionParamsToRecord(connection2),
+          tunnelParams,
           parsed.nativeUrl,
           parsed.defaultPort
         );
@@ -21248,10 +21315,18 @@ JDBC URL \u306E\u30D7\u30EC\u30D5\u30A3\u30C3\u30AF\u30B9\u306B\u3088\u308A\u65B
       };
     }
     if (parsed.driver === "sqlserver") {
-      return checkMssqlConnection(parsed.originalUrl, { username, password });
+      return checkMssqlConnection(
+        parsed.originalUrl,
+        { username, password },
+        { tunnelParams: params }
+      );
     }
     if (parsed.driver === "oracle") {
-      return checkOracleConnection(parsed.originalUrl, { username, password });
+      return checkOracleConnection(
+        parsed.originalUrl,
+        { username, password },
+        { tunnelParams: params }
+      );
     }
     const tunnel = await maybeOpenSshTunnel(
       params,
@@ -21308,10 +21383,12 @@ JDBC URL \u306E\u30D7\u30EC\u30D5\u30A3\u30C3\u30AF\u30B9\u306B\u3088\u308A\u65B
       });
       const sample = unwrapSampleLimit(sql);
       if (sample) {
-        const result = await runMssqlQuery(mssqlParsed, sample.inner);
+        const result = await runMssqlQuery(mssqlParsed, sample.inner, {
+          tunnelParams: params
+        });
         return { rows: result.rows.slice(0, sample.limit) };
       }
-      return runMssqlQuery(mssqlParsed, sql);
+      return runMssqlQuery(mssqlParsed, sql, { tunnelParams: params });
     }
     if (parsed.driver === "oracle") {
       const oracleParsed = parseOracleJdbcUrl(parsed.originalUrl, {
@@ -21321,11 +21398,13 @@ JDBC URL \u306E\u30D7\u30EC\u30D5\u30A3\u30C3\u30AF\u30B9\u306B\u3088\u308A\u65B
       const sample = unwrapSampleLimit(sql);
       if (sample) {
         const inner = sample.inner.replace(/;\s*$/, "");
-        const result = await runOracleQuery(oracleParsed, inner);
+        const result = await runOracleQuery(oracleParsed, inner, {
+          tunnelParams: params
+        });
         return { rows: result.rows.slice(0, sample.limit) };
       }
       const cleanSql = sql.replace(/;\s*$/, "");
-      return runOracleQuery(oracleParsed, cleanSql);
+      return runOracleQuery(oracleParsed, cleanSql, { tunnelParams: params });
     }
     const tunnel = await maybeOpenSshTunnel(
       params,