@tetrascience-npm/tetrascience-react-ui 0.5.0-beta.20.1 → 0.5.0-beta.21.1

package/dist/server/auth/JwtTokenManager.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtTokenManager.cjs","sources":["../../../src/server/auth/JwtTokenManager.ts"],"sourcesContent":["/**\n * JWT Token Manager for TetraScience Data Apps\n *\n * Handles authentication token retrieval from Express request cookies,\n * supporting both direct JWT tokens (ts-auth-token) and token references\n * (ts-token-ref) that are resolved via the connector K/V store.\n *\n * Note: This manager does not perform cryptographic verification of JWT signatures.\n * Signature verification is the responsibility of the consuming application or\n * the upstream authentication layer. The JWT payload is decoded only to read\n * expiration times for cache invalidation.\n */\n\nimport { TDPClient } from \"@tetrascience-npm/ts-connectors-sdk\";\n\n/** Configuration options for JwtTokenManager */\nexport interface JwtTokenManagerConfig {\n  baseUrl?: string;\n  tokenRefreshThresholdMs?: number;\n}\n\n/** Cookie dictionary type - matches Express req.cookies */\nexport interface CookieDict {\n  [key: string]: string;\n}\n\n/** Express-like request interface (works with Express, Koa, etc.) */\nexport interface ExpressRequestLike {\n  cookies?: CookieDict;\n}\n\n/** JWT payload structure */\ninterface JwtPayload {\n  exp?: number;\n  iat?: number;\n  [key: string]: unknown;\n}\n\n/** Cached token entry storing both raw token and parsed payload */\ninterface CachedTokenEntry {\n  token: string;\n  payload: JwtPayload;\n}\n\n/** Number of seconds in a minute */\nconst SECONDS_PER_MINUTE = 60;\n/** Milliseconds per second */\nconst MS_PER_SECOND = 1000;\nconst DEFAULT_TOKEN_REFRESH_THRESHOLD_MS = 5 * SECONDS_PER_MINUTE * MS_PER_SECOND; // 5 minutes\n\n/**\n * Manages JWT token retrieval from request cookies.\n * Supports both ts-auth-token (direct JWT) and ts-token-ref (resolved via connector store).\n */\nexport class JwtTokenManager {\n  private baseUrlOverride: string | undefined;\n  private connectorId: string | undefined;\n  private orgSlug: string | undefined;\n  private tokenCache: Map<string, CachedTokenEntry>;\n  private tokenRefreshThresholdMs: number;\n  private tdpClient: TDPClient | null;\n\n  constructor(config: JwtTokenManagerConfig = {}) {\n    this.baseUrlOverride = config.baseUrl;\n    this.connectorId = process.env.CONNECTOR_ID;\n    this.orgSlug = process.env.ORG_SLUG;\n    this.tokenCache = new Map();\n    this.tokenRefreshThresholdMs = config.tokenRefreshThresholdMs || DEFAULT_TOKEN_REFRESH_THRESHOLD_MS;\n    this.tdpClient = null;\n  }\n\n  /**\n   * Get the base URL for TDP API calls.\n   * Throws an error if not configured (either via config.baseUrl or TDP_ENDPOINT env var).\n   */\n  private getBaseUrl(): string {\n    const baseUrl = this.baseUrlOverride || process.env.TDP_ENDPOINT;\n    if (!baseUrl) {\n      throw new Error(\"TDP base URL not configured. Set TDP_ENDPOINT environment variable or pass baseUrl in config.\");\n    }\n    return baseUrl;\n  }\n\n  /**\n   * Decode JWT payload without verifying signature.\n   * Used only for reading expiration times for cache invalidation.\n   * Signature verification is NOT performed here.\n   */\n  private decodeJwtPayload(token: string): JwtPayload | null {\n    try {\n      const parts = token.split(\".\");\n      if (parts.length !== 3) {\n        console.warn(\"Invalid JWT token format\");\n        return null;\n      }\n\n      const payload = parts[1];\n      const base64 = payload.replace(/-/g, \"+\").replace(/_/g, \"/\");\n      const paddedBase64 = base64.padEnd(base64.length + ((4 - (base64.length % 4)) % 4), \"=\");\n\n      // Use Buffer.from for Node.js compatibility (atob not available in all runtimes)\n      return JSON.parse(Buffer.from(paddedBase64, \"base64\").toString(\"utf-8\"));\n    } catch (error) {\n      console.warn(\"Error decoding JWT token:\", error);\n      return null;\n    }\n  }\n\n  /** Check if payload is expiring within the refresh threshold */\n  private isPayloadExpiringSoon(payload: JwtPayload): boolean {\n    if (!payload.exp) {\n      console.warn(\"JWT token has no expiration claim\");\n      return true;\n    }\n\n    const expiryTimeMs = payload.exp * MS_PER_SECOND;\n    const refreshTimeMs = Date.now() + this.tokenRefreshThresholdMs;\n    return expiryTimeMs <= refreshTimeMs;\n  }\n\n  /** Get valid cached token if not expiring */\n  private getValidUserJwt(tokenRef: string): string | null {\n    const cached = this.tokenCache.get(tokenRef);\n    if (cached && !this.isPayloadExpiringSoon(cached.payload)) {\n      return cached.token;\n    }\n    // Clean up expired entry to prevent unbounded cache growth\n    if (cached) {\n      // TODO: If data apps become high-traffic, consider enhancing with\n      // an LRU cache (e.g., lru-cache package) to purge stale entries automatically\n      this.tokenCache.delete(tokenRef);\n    }\n    return null;\n  }\n\n  /** Initialize or get TDP client */\n  private async getTdpClient(): Promise<TDPClient> {\n    if (this.tdpClient !== null) {\n      return this.tdpClient;\n    }\n\n    if (!this.connectorId || !this.orgSlug) {\n      throw new Error(\"Missing required configuration: CONNECTOR_ID or ORG_SLUG\");\n    }\n\n    // getBaseUrl() throws if TDP_ENDPOINT not configured - let it propagate\n    const baseUrl = this.getBaseUrl();\n\n    try {\n      const client = new TDPClient({\n        tdpEndpoint: baseUrl,\n        connectorId: this.connectorId,\n        orgSlug: this.orgSlug,\n        artifactType: \"data-app\",\n      });\n\n      await client.init();\n      // Only assign after successful initialization to allow retry on failure\n      this.tdpClient = client;\n      return this.tdpClient;\n    } catch (error) {\n      // Log init errors but rethrow so callers know something went wrong\n      console.error(\"Failed to initialize TDP client:\", error);\n      throw error;\n    }\n  }\n\n  /** Retrieve JWT from connector K/V store using getValues (calls getConnectorData internally) */\n  private async getJwtFromTokenRefInternal(tokenRef: string): Promise<string | null> {\n    // getTdpClient() throws on config errors - let those propagate\n    const tdpClient = await this.getTdpClient();\n\n    try {\n      // getValues returns array of values for the given keys\n      // Each value is expected to have a jwt property: { jwt: \"...\" }\n      const values = await tdpClient.getValues([tokenRef]);\n\n      if (values && values.length > 0 && values[0]?.jwt) {\n        const jwtToken = values[0].jwt;\n        // Parse and cache both the raw token and its payload to avoid repeated decoding\n        const payload = this.decodeJwtPayload(jwtToken);\n        if (payload) {\n          this.tokenCache.set(tokenRef, { token: jwtToken, payload });\n        }\n        return jwtToken;\n      }\n\n      console.error(`No JWT found for key '${tokenRef}' in connector store`);\n    } catch (error) {\n      console.error(\"Error retrieving JWT token:\", error);\n    }\n\n    return null;\n  }\n\n  /** Resolve ts-token-ref to full JWT token (with caching) */\n  async getJwtFromTokenRef(tokenRef: string): Promise<string | null> {\n    if (!tokenRef || !this.orgSlug) {\n      console.warn(\"Missing required parameters for JWT token retrieval\");\n      return null;\n    }\n\n    const cachedUserToken = this.getValidUserJwt(tokenRef);\n    if (cachedUserToken) {\n      return cachedUserToken;\n    }\n\n    return this.getJwtFromTokenRefInternal(tokenRef);\n  }\n\n  /** Get token from cookies (ts-auth-token or resolved ts-token-ref) */\n  async getUserToken(cookies: CookieDict): Promise<string | null> {\n    // Prefer ts-auth-token or TS_AUTH_TOKEN env var (latter is for local dev testing)\n    const authToken = cookies[\"ts-auth-token\"] || process.env.TS_AUTH_TOKEN;\n    if (authToken) {\n      return authToken;\n    }\n\n    // Try to resolve ts-token-ref\n    const tokenRef = cookies[\"ts-token-ref\"];\n    if (tokenRef && this.connectorId) {\n      const jwtToken = await this.getJwtFromTokenRef(tokenRef);\n      if (jwtToken) {\n        return jwtToken;\n      }\n      console.warn(\"Failed to resolve ts-token-ref to JWT token\");\n    } else if (tokenRef) {\n      console.error(\"Connector ID not configured\");\n    }\n\n    console.warn(\"No valid authentication token found\");\n    return null;\n  }\n\n  /**\n   * Get user token from an Express request object.\n   * This is the primary method for Express middleware integration.\n   *\n   * @example\n   * ```typescript\n   * import { jwtManager } from '@tetrascience-npm/tetrascience-react-ui/server';\n   *\n   * app.use(async (req, res, next) => {\n   *   const token = await jwtManager.getTokenFromExpressRequest(req);\n   *   req.tdpAuth = { token, orgSlug: process.env.ORG_SLUG };\n   *   next();\n   * });\n   * ```\n   */\n  async getTokenFromExpressRequest(req: ExpressRequestLike): Promise<string | null> {\n    // Handle missing cookies gracefully (e.g., if cookie-parser middleware not installed)\n    return this.getUserToken(req.cookies || {});\n  }\n\n  /** Clear the token cache */\n  clearCache(): void {\n    this.tokenCache.clear();\n  }\n}\n\n/**\n * Global singleton instance.\n *\n * Note: This instance is created when the module is imported. Configuration\n * that depends on environment variables (CONNECTOR_ID, ORG_SLUG, TDP_ENDPOINT)\n * is read at module load time. Ensure these environment\n * variables are set before importing this module.\n *\n * If you need different configuration at runtime, create a new JwtTokenManager\n * instance instead of using this singleton.\n */\nexport const jwtManager = new JwtTokenManager();\n"],"names":["SECONDS_PER_MINUTE","MS_PER_SECOND","DEFAULT_TOKEN_REFRESH_THRESHOLD_MS","JwtTokenManager","config","baseUrl","token","parts","base64","paddedBase64","error","payload","expiryTimeMs","refreshTimeMs","tokenRef","cached","client","TDPClient","tdpClient","values","jwtToken","cachedUserToken","cookies","authToken","req","jwtManager"],"mappings":"uIA6CMA,EAAqB,GAErBC,EAAgB,IAChBC,EAAqC,EAAIF,EAAqBC,EAM7D,MAAME,CAAgB,CACnB,gBACA,YACA,QACA,WACA,wBACA,UAER,YAAYC,EAAgC,GAAI,CAC9C,KAAK,gBAAkBA,EAAO,QAC9B,KAAK,YAAc,QAAQ,IAAI,aAC/B,KAAK,QAAU,QAAQ,IAAI,SAC3B,KAAK,eAAiB,IACtB,KAAK,wBAA0BA,EAAO,yBAA2BF,EACjE,KAAK,UAAY,IACnB,CAMQ,YAAqB,CAC3B,MAAMG,EAAU,KAAK,iBAAmB,QAAQ,IAAI,aACpD,GAAI,CAACA,EACH,MAAM,IAAI,MAAM,+FAA+F,EAEjH,OAAOA,CACT,CAOQ,iBAAiBC,EAAkC,CACzD,GAAI,CACF,MAAMC,EAAQD,EAAM,MAAM,GAAG,EAC7B,GAAIC,EAAM,SAAW,EACnB,eAAQ,KAAK,0BAA0B,EAChC,KAIT,MAAMC,EADUD,EAAM,CAAC,EACA,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACrDE,EAAeD,EAAO,OAAOA,EAAO,QAAW,EAAKA,EAAO,OAAS,GAAM,EAAI,GAAG,EAGvF,OAAO,KAAK,MAAM,OAAO,KAAKC,EAAc,QAAQ,EAAE,SAAS,OAAO,CAAC,CACzE,OAASC,EAAO,CACd,eAAQ,KAAK,4BAA6BA,CAAK,EACxC,IACT,CACF,CAGQ,sBAAsBC,EAA8B,CAC1D,GAAI,CAACA,EAAQ,IACX,eAAQ,KAAK,mCAAmC,EACzC,GAGT,MAAMC,EAAeD,EAAQ,IAAMV,EAC7BY,EAAgB,KAAK,IAAA,EAAQ,KAAK,wBACxC,OAAOD,GAAgBC,CACzB,CAGQ,gBAAgBC,EAAiC,CACvD,MAAMC,EAAS,KAAK,WAAW,IAAID,CAAQ,EAC3C,OAAIC,GAAU,CAAC,KAAK,sBAAsBA,EAAO,OAAO,EAC/CA,EAAO,OAGZA,GAGF,KAAK,WAAW,OAAOD,CAAQ,EAE1B,KACT,CAGA,MAAc,cAAmC,CAC/C,GAAI,KAAK,YAAc,KACrB,OAAO,KAAK,UAGd,GAAI,CAAC,KAAK,aAAe,CAAC,KAAK,QAC7B,MAAM,IAAI,MAAM,0DAA0D,EAI5E,MAAMT,EAAU,KAAK,WAAA,EAErB,GAAI,CACF,MAAMW,EAAS,IAAIC,YAAU,CAC3B,YAAaZ,EACb,YAAa,KAAK,YAClB,QAAS,KAAK,QACd,aAAc,UAAA,CACf,EAED,aAAMW,EAAO,KAAA,EAEb,KAAK,UAAYA,EACV,KAAK,SACd,OAASN,EAAO,CAEd,cAAQ,MAAM,mCAAoCA,CAAK,EACjDA,CACR,CACF,CAGA,MAAc,2BAA2BI,EAA0C,CAEjF,MAAMI,EAAY,MAAM,KAAK,aAAA,EAE7B,GAAI,CAGF,MAAMC,EAAS,MAAMD,EAAU,UAAU,CAACJ,CAAQ,CAAC,EAEnD,GAAIK,GAAUA,EAAO,OAAS,GAAKA,EAAO,CAAC,GAAG,IAAK,CACjD,MAAMC,EAAWD,EAAO,CAAC,EAAE,IAErBR,EAAU,KAAK,iBAAiBS,CAAQ,EAC9C,OAAIT,GACF,KAAK,WAAW,IAAIG,EAAU,CAAE,MAAOM,EAAU,QAAAT,EAAS,EAErDS,CACT,CAEA,QAAQ,MAAM,yBAAyBN,CAAQ,sBAAsB,CACvE,OAASJ,EAAO,CACd,QAAQ,MAAM,8BAA+BA,CAAK,CACpD,CAEA,OAAO,IACT,CAGA,MAAM,mBAAmBI,EAA0C,CACjE,GAAI,CAACA,GAAY,CAAC,KAAK,QACrB,eAAQ,KAAK,qDAAqD,EAC3D,KAGT,MAAMO,EAAkB,KAAK,gBAAgBP,CAAQ,EACrD,OAAIO,GAIG,KAAK,2BAA2BP,CAAQ,CACjD,CAGA,MAAM,aAAaQ,EAA6C,CAE9D,MAAMC,EAAYD,EAAQ,eAAe,GAAK,QAAQ,IAAI,cAC1D,GAAIC,EACF,OAAOA,EAIT,MAAMT,EAAWQ,EAAQ,cAAc,EACvC,GAAIR,GAAY,KAAK,YAAa,CAChC,MAAMM,EAAW,MAAM,KAAK,mBAAmBN,CAAQ,EACvD,GAAIM,EACF,OAAOA,EAET,QAAQ,KAAK,6CAA6C,CAC5D,MAAWN,GACT,QAAQ,MAAM,6BAA6B,EAG7C,eAAQ,KAAK,qCAAqC,EAC3C,IACT,CAiBA,MAAM,2BAA2BU,EAAiD,CAEhF,OAAO,KAAK,aAAaA,EAAI,SAAW,CAAA,CAAE,CAC5C,CAGA,YAAmB,CACjB,KAAK,WAAW,MAAA,CAClB,CACF,CAaO,MAAMC,EAAa,IAAItB"}

package/dist/server/auth/JwtTokenManager.js

@@ -0,0 +1,134 @@
+import { TDPClient as i } from "@tetrascience-npm/ts-connectors-sdk";
+const a = 60, s = 1e3, c = 5 * a * s;
+class l {
+  baseUrlOverride;
+  connectorId;
+  orgSlug;
+  tokenCache;
+  tokenRefreshThresholdMs;
+  tdpClient;
+  constructor(e = {}) {
+    this.baseUrlOverride = e.baseUrl, this.connectorId = process.env.CONNECTOR_ID, this.orgSlug = process.env.ORG_SLUG, this.tokenCache = /* @__PURE__ */ new Map(), this.tokenRefreshThresholdMs = e.tokenRefreshThresholdMs || c, this.tdpClient = null;
+  }
+  /**
+   * Get the base URL for TDP API calls.
+   * Throws an error if not configured (either via config.baseUrl or TDP_ENDPOINT env var).
+   */
+  getBaseUrl() {
+    const e = this.baseUrlOverride || process.env.TDP_ENDPOINT;
+    if (!e)
+      throw new Error("TDP base URL not configured. Set TDP_ENDPOINT environment variable or pass baseUrl in config.");
+    return e;
+  }
+  /**
+   * Decode JWT payload without verifying signature.
+   * Used only for reading expiration times for cache invalidation.
+   * Signature verification is NOT performed here.
+   */
+  decodeJwtPayload(e) {
+    try {
+      const t = e.split(".");
+      if (t.length !== 3)
+        return console.warn("Invalid JWT token format"), null;
+      const n = t[1].replace(/-/g, "+").replace(/_/g, "/"), o = n.padEnd(n.length + (4 - n.length % 4) % 4, "=");
+      return JSON.parse(Buffer.from(o, "base64").toString("utf-8"));
+    } catch (t) {
+      return console.warn("Error decoding JWT token:", t), null;
+    }
+  }
+  /** Check if payload is expiring within the refresh threshold */
+  isPayloadExpiringSoon(e) {
+    if (!e.exp)
+      return console.warn("JWT token has no expiration claim"), !0;
+    const t = e.exp * s, r = Date.now() + this.tokenRefreshThresholdMs;
+    return t <= r;
+  }
+  /** Get valid cached token if not expiring */
+  getValidUserJwt(e) {
+    const t = this.tokenCache.get(e);
+    return t && !this.isPayloadExpiringSoon(t.payload) ? t.token : (t && this.tokenCache.delete(e), null);
+  }
+  /** Initialize or get TDP client */
+  async getTdpClient() {
+    if (this.tdpClient !== null)
+      return this.tdpClient;
+    if (!this.connectorId || !this.orgSlug)
+      throw new Error("Missing required configuration: CONNECTOR_ID or ORG_SLUG");
+    const e = this.getBaseUrl();
+    try {
+      const t = new i({
+        tdpEndpoint: e,
+        connectorId: this.connectorId,
+        orgSlug: this.orgSlug,
+        artifactType: "data-app"
+      });
+      return await t.init(), this.tdpClient = t, this.tdpClient;
+    } catch (t) {
+      throw console.error("Failed to initialize TDP client:", t), t;
+    }
+  }
+  /** Retrieve JWT from connector K/V store using getValues (calls getConnectorData internally) */
+  async getJwtFromTokenRefInternal(e) {
+    const t = await this.getTdpClient();
+    try {
+      const r = await t.getValues([e]);
+      if (r && r.length > 0 && r[0]?.jwt) {
+        const n = r[0].jwt, o = this.decodeJwtPayload(n);
+        return o && this.tokenCache.set(e, { token: n, payload: o }), n;
+      }
+      console.error(`No JWT found for key '${e}' in connector store`);
+    } catch (r) {
+      console.error("Error retrieving JWT token:", r);
+    }
+    return null;
+  }
+  /** Resolve ts-token-ref to full JWT token (with caching) */
+  async getJwtFromTokenRef(e) {
+    if (!e || !this.orgSlug)
+      return console.warn("Missing required parameters for JWT token retrieval"), null;
+    const t = this.getValidUserJwt(e);
+    return t || this.getJwtFromTokenRefInternal(e);
+  }
+  /** Get token from cookies (ts-auth-token or resolved ts-token-ref) */
+  async getUserToken(e) {
+    const t = e["ts-auth-token"] || process.env.TS_AUTH_TOKEN;
+    if (t)
+      return t;
+    const r = e["ts-token-ref"];
+    if (r && this.connectorId) {
+      const n = await this.getJwtFromTokenRef(r);
+      if (n)
+        return n;
+      console.warn("Failed to resolve ts-token-ref to JWT token");
+    } else r && console.error("Connector ID not configured");
+    return console.warn("No valid authentication token found"), null;
+  }
+  /**
+   * Get user token from an Express request object.
+   * This is the primary method for Express middleware integration.
+   *
+   * @example
+   * ```typescript
+   * import { jwtManager } from '@tetrascience-npm/tetrascience-react-ui/server';
+   *
+   * app.use(async (req, res, next) => {
+   *   const token = await jwtManager.getTokenFromExpressRequest(req);
+   *   req.tdpAuth = { token, orgSlug: process.env.ORG_SLUG };
+   *   next();
+   * });
+   * ```
+   */
+  async getTokenFromExpressRequest(e) {
+    return this.getUserToken(e.cookies || {});
+  }
+  /** Clear the token cache */
+  clearCache() {
+    this.tokenCache.clear();
+  }
+}
+const u = new l();
+export {
+  l as JwtTokenManager,
+  u as jwtManager
+};
+//# sourceMappingURL=JwtTokenManager.js.map

package/dist/server/auth/JwtTokenManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtTokenManager.js","sources":["../../../src/server/auth/JwtTokenManager.ts"],"sourcesContent":["/**\n * JWT Token Manager for TetraScience Data Apps\n *\n * Handles authentication token retrieval from Express request cookies,\n * supporting both direct JWT tokens (ts-auth-token) and token references\n * (ts-token-ref) that are resolved via the connector K/V store.\n *\n * Note: This manager does not perform cryptographic verification of JWT signatures.\n * Signature verification is the responsibility of the consuming application or\n * the upstream authentication layer. The JWT payload is decoded only to read\n * expiration times for cache invalidation.\n */\n\nimport { TDPClient } from \"@tetrascience-npm/ts-connectors-sdk\";\n\n/** Configuration options for JwtTokenManager */\nexport interface JwtTokenManagerConfig {\n  baseUrl?: string;\n  tokenRefreshThresholdMs?: number;\n}\n\n/** Cookie dictionary type - matches Express req.cookies */\nexport interface CookieDict {\n  [key: string]: string;\n}\n\n/** Express-like request interface (works with Express, Koa, etc.) */\nexport interface ExpressRequestLike {\n  cookies?: CookieDict;\n}\n\n/** JWT payload structure */\ninterface JwtPayload {\n  exp?: number;\n  iat?: number;\n  [key: string]: unknown;\n}\n\n/** Cached token entry storing both raw token and parsed payload */\ninterface CachedTokenEntry {\n  token: string;\n  payload: JwtPayload;\n}\n\n/** Number of seconds in a minute */\nconst SECONDS_PER_MINUTE = 60;\n/** Milliseconds per second */\nconst MS_PER_SECOND = 1000;\nconst DEFAULT_TOKEN_REFRESH_THRESHOLD_MS = 5 * SECONDS_PER_MINUTE * MS_PER_SECOND; // 5 minutes\n\n/**\n * Manages JWT token retrieval from request cookies.\n * Supports both ts-auth-token (direct JWT) and ts-token-ref (resolved via connector store).\n */\nexport class JwtTokenManager {\n  private baseUrlOverride: string | undefined;\n  private connectorId: string | undefined;\n  private orgSlug: string | undefined;\n  private tokenCache: Map<string, CachedTokenEntry>;\n  private tokenRefreshThresholdMs: number;\n  private tdpClient: TDPClient | null;\n\n  constructor(config: JwtTokenManagerConfig = {}) {\n    this.baseUrlOverride = config.baseUrl;\n    this.connectorId = process.env.CONNECTOR_ID;\n    this.orgSlug = process.env.ORG_SLUG;\n    this.tokenCache = new Map();\n    this.tokenRefreshThresholdMs = config.tokenRefreshThresholdMs || DEFAULT_TOKEN_REFRESH_THRESHOLD_MS;\n    this.tdpClient = null;\n  }\n\n  /**\n   * Get the base URL for TDP API calls.\n   * Throws an error if not configured (either via config.baseUrl or TDP_ENDPOINT env var).\n   */\n  private getBaseUrl(): string {\n    const baseUrl = this.baseUrlOverride || process.env.TDP_ENDPOINT;\n    if (!baseUrl) {\n      throw new Error(\"TDP base URL not configured. Set TDP_ENDPOINT environment variable or pass baseUrl in config.\");\n    }\n    return baseUrl;\n  }\n\n  /**\n   * Decode JWT payload without verifying signature.\n   * Used only for reading expiration times for cache invalidation.\n   * Signature verification is NOT performed here.\n   */\n  private decodeJwtPayload(token: string): JwtPayload | null {\n    try {\n      const parts = token.split(\".\");\n      if (parts.length !== 3) {\n        console.warn(\"Invalid JWT token format\");\n        return null;\n      }\n\n      const payload = parts[1];\n      const base64 = payload.replace(/-/g, \"+\").replace(/_/g, \"/\");\n      const paddedBase64 = base64.padEnd(base64.length + ((4 - (base64.length % 4)) % 4), \"=\");\n\n      // Use Buffer.from for Node.js compatibility (atob not available in all runtimes)\n      return JSON.parse(Buffer.from(paddedBase64, \"base64\").toString(\"utf-8\"));\n    } catch (error) {\n      console.warn(\"Error decoding JWT token:\", error);\n      return null;\n    }\n  }\n\n  /** Check if payload is expiring within the refresh threshold */\n  private isPayloadExpiringSoon(payload: JwtPayload): boolean {\n    if (!payload.exp) {\n      console.warn(\"JWT token has no expiration claim\");\n      return true;\n    }\n\n    const expiryTimeMs = payload.exp * MS_PER_SECOND;\n    const refreshTimeMs = Date.now() + this.tokenRefreshThresholdMs;\n    return expiryTimeMs <= refreshTimeMs;\n  }\n\n  /** Get valid cached token if not expiring */\n  private getValidUserJwt(tokenRef: string): string | null {\n    const cached = this.tokenCache.get(tokenRef);\n    if (cached && !this.isPayloadExpiringSoon(cached.payload)) {\n      return cached.token;\n    }\n    // Clean up expired entry to prevent unbounded cache growth\n    if (cached) {\n      // TODO: If data apps become high-traffic, consider enhancing with\n      // an LRU cache (e.g., lru-cache package) to purge stale entries automatically\n      this.tokenCache.delete(tokenRef);\n    }\n    return null;\n  }\n\n  /** Initialize or get TDP client */\n  private async getTdpClient(): Promise<TDPClient> {\n    if (this.tdpClient !== null) {\n      return this.tdpClient;\n    }\n\n    if (!this.connectorId || !this.orgSlug) {\n      throw new Error(\"Missing required configuration: CONNECTOR_ID or ORG_SLUG\");\n    }\n\n    // getBaseUrl() throws if TDP_ENDPOINT not configured - let it propagate\n    const baseUrl = this.getBaseUrl();\n\n    try {\n      const client = new TDPClient({\n        tdpEndpoint: baseUrl,\n        connectorId: this.connectorId,\n        orgSlug: this.orgSlug,\n        artifactType: \"data-app\",\n      });\n\n      await client.init();\n      // Only assign after successful initialization to allow retry on failure\n      this.tdpClient = client;\n      return this.tdpClient;\n    } catch (error) {\n      // Log init errors but rethrow so callers know something went wrong\n      console.error(\"Failed to initialize TDP client:\", error);\n      throw error;\n    }\n  }\n\n  /** Retrieve JWT from connector K/V store using getValues (calls getConnectorData internally) */\n  private async getJwtFromTokenRefInternal(tokenRef: string): Promise<string | null> {\n    // getTdpClient() throws on config errors - let those propagate\n    const tdpClient = await this.getTdpClient();\n\n    try {\n      // getValues returns array of values for the given keys\n      // Each value is expected to have a jwt property: { jwt: \"...\" }\n      const values = await tdpClient.getValues([tokenRef]);\n\n      if (values && values.length > 0 && values[0]?.jwt) {\n        const jwtToken = values[0].jwt;\n        // Parse and cache both the raw token and its payload to avoid repeated decoding\n        const payload = this.decodeJwtPayload(jwtToken);\n        if (payload) {\n          this.tokenCache.set(tokenRef, { token: jwtToken, payload });\n        }\n        return jwtToken;\n      }\n\n      console.error(`No JWT found for key '${tokenRef}' in connector store`);\n    } catch (error) {\n      console.error(\"Error retrieving JWT token:\", error);\n    }\n\n    return null;\n  }\n\n  /** Resolve ts-token-ref to full JWT token (with caching) */\n  async getJwtFromTokenRef(tokenRef: string): Promise<string | null> {\n    if (!tokenRef || !this.orgSlug) {\n      console.warn(\"Missing required parameters for JWT token retrieval\");\n      return null;\n    }\n\n    const cachedUserToken = this.getValidUserJwt(tokenRef);\n    if (cachedUserToken) {\n      return cachedUserToken;\n    }\n\n    return this.getJwtFromTokenRefInternal(tokenRef);\n  }\n\n  /** Get token from cookies (ts-auth-token or resolved ts-token-ref) */\n  async getUserToken(cookies: CookieDict): Promise<string | null> {\n    // Prefer ts-auth-token or TS_AUTH_TOKEN env var (latter is for local dev testing)\n    const authToken = cookies[\"ts-auth-token\"] || process.env.TS_AUTH_TOKEN;\n    if (authToken) {\n      return authToken;\n    }\n\n    // Try to resolve ts-token-ref\n    const tokenRef = cookies[\"ts-token-ref\"];\n    if (tokenRef && this.connectorId) {\n      const jwtToken = await this.getJwtFromTokenRef(tokenRef);\n      if (jwtToken) {\n        return jwtToken;\n      }\n      console.warn(\"Failed to resolve ts-token-ref to JWT token\");\n    } else if (tokenRef) {\n      console.error(\"Connector ID not configured\");\n    }\n\n    console.warn(\"No valid authentication token found\");\n    return null;\n  }\n\n  /**\n   * Get user token from an Express request object.\n   * This is the primary method for Express middleware integration.\n   *\n   * @example\n   * ```typescript\n   * import { jwtManager } from '@tetrascience-npm/tetrascience-react-ui/server';\n   *\n   * app.use(async (req, res, next) => {\n   *   const token = await jwtManager.getTokenFromExpressRequest(req);\n   *   req.tdpAuth = { token, orgSlug: process.env.ORG_SLUG };\n   *   next();\n   * });\n   * ```\n   */\n  async getTokenFromExpressRequest(req: ExpressRequestLike): Promise<string | null> {\n    // Handle missing cookies gracefully (e.g., if cookie-parser middleware not installed)\n    return this.getUserToken(req.cookies || {});\n  }\n\n  /** Clear the token cache */\n  clearCache(): void {\n    this.tokenCache.clear();\n  }\n}\n\n/**\n * Global singleton instance.\n *\n * Note: This instance is created when the module is imported. Configuration\n * that depends on environment variables (CONNECTOR_ID, ORG_SLUG, TDP_ENDPOINT)\n * is read at module load time. Ensure these environment\n * variables are set before importing this module.\n *\n * If you need different configuration at runtime, create a new JwtTokenManager\n * instance instead of using this singleton.\n */\nexport const jwtManager = new JwtTokenManager();\n"],"names":["SECONDS_PER_MINUTE","MS_PER_SECOND","DEFAULT_TOKEN_REFRESH_THRESHOLD_MS","JwtTokenManager","config","baseUrl","token","parts","base64","paddedBase64","error","payload","expiryTimeMs","refreshTimeMs","tokenRef","cached","client","TDPClient","tdpClient","values","jwtToken","cachedUserToken","cookies","authToken","req","jwtManager"],"mappings":";AA6CA,MAAMA,IAAqB,IAErBC,IAAgB,KAChBC,IAAqC,IAAIF,IAAqBC;AAM7D,MAAME,EAAgB;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAYC,IAAgC,IAAI;AAC9C,SAAK,kBAAkBA,EAAO,SAC9B,KAAK,cAAc,QAAQ,IAAI,cAC/B,KAAK,UAAU,QAAQ,IAAI,UAC3B,KAAK,iCAAiB,IAAA,GACtB,KAAK,0BAA0BA,EAAO,2BAA2BF,GACjE,KAAK,YAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,aAAqB;AAC3B,UAAMG,IAAU,KAAK,mBAAmB,QAAQ,IAAI;AACpD,QAAI,CAACA;AACH,YAAM,IAAI,MAAM,+FAA+F;AAEjH,WAAOA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,iBAAiBC,GAAkC;AACzD,QAAI;AACF,YAAMC,IAAQD,EAAM,MAAM,GAAG;AAC7B,UAAIC,EAAM,WAAW;AACnB,uBAAQ,KAAK,0BAA0B,GAChC;AAIT,YAAMC,IADUD,EAAM,CAAC,EACA,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,GACrDE,IAAeD,EAAO,OAAOA,EAAO,UAAW,IAAKA,EAAO,SAAS,KAAM,GAAI,GAAG;AAGvF,aAAO,KAAK,MAAM,OAAO,KAAKC,GAAc,QAAQ,EAAE,SAAS,OAAO,CAAC;AAAA,IACzE,SAASC,GAAO;AACd,qBAAQ,KAAK,6BAA6BA,CAAK,GACxC;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGQ,sBAAsBC,GAA8B;AAC1D,QAAI,CAACA,EAAQ;AACX,qBAAQ,KAAK,mCAAmC,GACzC;AAGT,UAAMC,IAAeD,EAAQ,MAAMV,GAC7BY,IAAgB,KAAK,IAAA,IAAQ,KAAK;AACxC,WAAOD,KAAgBC;AAAA,EACzB;AAAA;AAAA,EAGQ,gBAAgBC,GAAiC;AACvD,UAAMC,IAAS,KAAK,WAAW,IAAID,CAAQ;AAC3C,WAAIC,KAAU,CAAC,KAAK,sBAAsBA,EAAO,OAAO,IAC/CA,EAAO,SAGZA,KAGF,KAAK,WAAW,OAAOD,CAAQ,GAE1B;AAAA,EACT;AAAA;AAAA,EAGA,MAAc,eAAmC;AAC/C,QAAI,KAAK,cAAc;AACrB,aAAO,KAAK;AAGd,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK;AAC7B,YAAM,IAAI,MAAM,0DAA0D;AAI5E,UAAMT,IAAU,KAAK,WAAA;AAErB,QAAI;AACF,YAAMW,IAAS,IAAIC,EAAU;AAAA,QAC3B,aAAaZ;AAAA,QACb,aAAa,KAAK;AAAA,QAClB,SAAS,KAAK;AAAA,QACd,cAAc;AAAA,MAAA,CACf;AAED,mBAAMW,EAAO,KAAA,GAEb,KAAK,YAAYA,GACV,KAAK;AAAA,IACd,SAASN,GAAO;AAEd,oBAAQ,MAAM,oCAAoCA,CAAK,GACjDA;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAc,2BAA2BI,GAA0C;AAEjF,UAAMI,IAAY,MAAM,KAAK,aAAA;AAE7B,QAAI;AAGF,YAAMC,IAAS,MAAMD,EAAU,UAAU,CAACJ,CAAQ,CAAC;AAEnD,UAAIK,KAAUA,EAAO,SAAS,KAAKA,EAAO,CAAC,GAAG,KAAK;AACjD,cAAMC,IAAWD,EAAO,CAAC,EAAE,KAErBR,IAAU,KAAK,iBAAiBS,CAAQ;AAC9C,eAAIT,KACF,KAAK,WAAW,IAAIG,GAAU,EAAE,OAAOM,GAAU,SAAAT,GAAS,GAErDS;AAAA,MACT;AAEA,cAAQ,MAAM,yBAAyBN,CAAQ,sBAAsB;AAAA,IACvE,SAASJ,GAAO;AACd,cAAQ,MAAM,+BAA+BA,CAAK;AAAA,IACpD;AAEA,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,mBAAmBI,GAA0C;AACjE,QAAI,CAACA,KAAY,CAAC,KAAK;AACrB,qBAAQ,KAAK,qDAAqD,GAC3D;AAGT,UAAMO,IAAkB,KAAK,gBAAgBP,CAAQ;AACrD,WAAIO,KAIG,KAAK,2BAA2BP,CAAQ;AAAA,EACjD;AAAA;AAAA,EAGA,MAAM,aAAaQ,GAA6C;AAE9D,UAAMC,IAAYD,EAAQ,eAAe,KAAK,QAAQ,IAAI;AAC1D,QAAIC;AACF,aAAOA;AAIT,UAAMT,IAAWQ,EAAQ,cAAc;AACvC,QAAIR,KAAY,KAAK,aAAa;AAChC,YAAMM,IAAW,MAAM,KAAK,mBAAmBN,CAAQ;AACvD,UAAIM;AACF,eAAOA;AAET,cAAQ,KAAK,6CAA6C;AAAA,IAC5D,OAAWN,KACT,QAAQ,MAAM,6BAA6B;AAG7C,mBAAQ,KAAK,qCAAqC,GAC3C;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,2BAA2BU,GAAiD;AAEhF,WAAO,KAAK,aAAaA,EAAI,WAAW,CAAA,CAAE;AAAA,EAC5C;AAAA;AAAA,EAGA,aAAmB;AACjB,SAAK,WAAW,MAAA;AAAA,EAClB;AACF;AAaO,MAAMC,IAAa,IAAItB,EAAA;"}

package/dist/server/providers/AthenaProvider.cjs

@@ -0,0 +1,2 @@
+"use strict";var f=Object.create;var y=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var S=Object.getOwnPropertyNames;var k=Object.getPrototypeOf,T=Object.prototype.hasOwnProperty;var x=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of S(t))!T.call(e,r)&&r!==o&&y(e,r,{get:()=>t[r],enumerable:!(n=g(t,r))||n.enumerable});return e};var C=(e,t,o)=>(o=e!=null?f(k(e)):{},x(t||!e||!e.__esModule?y(o,"default",{value:e,enumerable:!0}):o,e));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const d=require("./exceptions.cjs"),_=1e3;async function A(){try{return await import("@aws-sdk/client-athena")}catch{throw new d.InvalidProviderConfigurationError("The '@aws-sdk/client-athena' package is required to use the Athena provider. Please install it: npm install @aws-sdk/client-athena")}}const Q=262144;class m{client;sdk;workgroup;database;outputLocation;constructor(t,o,n,r,a){this.client=t,this.sdk=o,this.workgroup=n,this.database=r,this.outputLocation=a}async query(t,o={}){if(t.length>Q)throw new Error("Query length exceeds the maximum allowed limit.");const n=new this.sdk.StartQueryExecutionCommand({QueryString:t,WorkGroup:this.workgroup,QueryExecutionContext:{Database:this.database},ResultConfiguration:this.outputLocation?{OutputLocation:this.outputLocation}:void 0}),a=(await this.client.send(n)).QueryExecutionId;if(!a)throw new d.QueryError("Failed to start query execution");return await this.waitForQueryCompletion(a,t),this.fetchAllResults(a)}async waitForQueryCompletion(t,o){const a=Date.now();for(;Date.now()-a<3e5;){const c=new this.sdk.GetQueryExecutionCommand({QueryExecutionId:t}),s=await this.client.send(c),i=s.QueryExecution?.Status?.State;if(i===this.sdk.QueryExecutionState.SUCCEEDED)return;if(i===this.sdk.QueryExecutionState.FAILED||i===this.sdk.QueryExecutionState.CANCELLED){const u=s.QueryExecution?.Status?.StateChangeReason??"Unknown error";if(u.includes("TABLE_NOT_FOUND")){const l=u.split(":").pop()?.trim()??"";throw new d.MissingTableError("Athena is unable to find the table. If the table is created by a tetraflow, make sure that the tetraflow has run successfully. "+l+".")}throw new d.QueryError(`Query failed: ${o}. Reason: ${u}`)}await new Promise(u=>setTimeout(u,1e3))}throw new d.QueryError(`Query timed out after ${3e5/_} seconds`)}async fetchAllResults(t){const o=[];let n,r=[],a=!0;do{const c=new this.sdk.GetQueryResultsCommand({QueryExecutionId:t,NextToken:n}),s=await this.client.send(c);a&&s.ResultSet?.ResultSetMetadata?.ColumnInfo&&(r=s.ResultSet.ResultSetMetadata.ColumnInfo.map((l,w)=>{const h=l.Name;return h&&h.trim()!==""?h:`column_${w}`}));const i=s.ResultSet?.Rows??[],u=a?i.slice(1):i;for(const l of u){const w={};l.Data?.forEach((h,p)=>{const E=r[p]??`column_${p}`;w[E]=h.VarCharValue??null}),o.push(w)}n=s.NextToken,a=!1}while(n);return o}async close(){this.client.destroy()}}async function R(){const e=await A(),t=process.env.ORG_SLUG??"",o=t.replace(/-/g,"_"),n=process.env.ATHENA_S3_OUTPUT_LOCATION,r=process.env.AWS_REGION,a=`${o}__tss__default`,c=t,s=new e.AthenaClient({region:r});try{return await s.send(new e.GetWorkGroupCommand({WorkGroup:c})),new m(s,e,c,a)}catch{if(!n)throw new Error("ATHENA_S3_OUTPUT_LOCATION environment variable is required when using the 'primary' workgroup. Either set this variable or ensure the org-specific workgroup exists.");const i=`s3://${n}/${o}/`;return new m(s,e,"primary",a,i)}}exports.AthenaProvider=m;exports.getTdpAthenaProvider=R;
+//# sourceMappingURL=AthenaProvider.cjs.map

package/dist/server/providers/AthenaProvider.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"AthenaProvider.cjs","sources":["../../../src/server/providers/AthenaProvider.ts"],"sourcesContent":["/**\n * Athena Data Provider\n *\n * TypeScript equivalent of AthenaProvider from\n * ts-lib-ui-kit-streamlit/tetrascience/data_app_providers/provider.py\n *\n * @remarks\n * This provider requires the `@aws-sdk/client-athena` package to be installed.\n * It is an optional peer dependency - install it only if you need Athena support:\n * ```bash\n * npm install @aws-sdk/client-athena\n * # or\n * yarn add @aws-sdk/client-athena\n * ```\n */\n\nimport {\n  QueryError,\n  MissingTableError,\n  InvalidProviderConfigurationError,\n} from \"./exceptions\";\n\n/** Milliseconds per second */\nconst MILLISECONDS_PER_SECOND = 1000;\n\n// Type imports for @aws-sdk/client-athena (these don't require the package at runtime)\ntype AthenaClient = import(\"@aws-sdk/client-athena\").AthenaClient;\ntype AthenaSDK = typeof import(\"@aws-sdk/client-athena\");\n\n/**\n * Dynamically import @aws-sdk/client-athena\n * @throws {InvalidProviderConfigurationError} If @aws-sdk/client-athena is not installed\n */\nasync function getAthenaSDK(): Promise<AthenaSDK> {\n  try {\n    return await import(\"@aws-sdk/client-athena\");\n  } catch {\n    throw new InvalidProviderConfigurationError(\n      \"The '@aws-sdk/client-athena' package is required to use the Athena provider. \" +\n        \"Please install it: npm install @aws-sdk/client-athena\",\n    );\n  }\n}\n\n/** Maximum query length allowed by Athena */\nconst MAX_QUERY_LENGTH = 262144;\n\n/**\n * Athena data provider\n */\nexport class AthenaProvider {\n  private client: AthenaClient;\n  private sdk: AthenaSDK;\n  private workgroup: string;\n  private database: string;\n  private outputLocation?: string;\n\n  /**\n   * Initialize the Athena data provider\n   *\n   * @param client - AWS Athena client\n   * @param sdk - AWS Athena SDK module (for accessing command classes)\n   * @param workgroup - Athena workgroup to use\n   * @param database - Default database/schema\n   * @param outputLocation - Optional S3 output location\n   */\n  constructor(\n    client: AthenaClient,\n    sdk: AthenaSDK,\n    workgroup: string,\n    database: string,\n    outputLocation?: string,\n  ) {\n    this.client = client;\n    this.sdk = sdk;\n    this.workgroup = workgroup;\n    this.database = database;\n    this.outputLocation = outputLocation;\n  }\n\n  /**\n   * Query the Athena database\n   *\n   * @param sqlQuery - SQL query to execute\n   * @param _params - Parameters to pass to the query (currently not used - Athena doesn't support parameterized queries)\n   * @returns Promise resolving to array of row objects\n   *\n   * @remarks\n   * **Security Note:** AWS Athena does not support parameterized queries.\n   * Unlike traditional databases, there is no native way to use bind parameters\n   * with Athena. Callers are responsible for properly sanitizing any user input\n   * before constructing the SQL query string. This is a known limitation of the\n   * Athena service, not a design flaw in this implementation.\n   */\n  async query(\n    sqlQuery: string,\n    _params: Record<string, unknown> = {},\n  ): Promise<Array<Record<string, unknown>>> {\n    if (sqlQuery.length > MAX_QUERY_LENGTH) {\n      throw new Error(\"Query length exceeds the maximum allowed limit.\");\n    }\n\n    // Start query execution\n    // Note: Athena does not support parameterized queries. The sqlQuery is passed\n    // directly to Athena. Callers must sanitize user input before constructing queries.\n    const startCommand = new this.sdk.StartQueryExecutionCommand({\n      QueryString: sqlQuery,\n      WorkGroup: this.workgroup,\n      QueryExecutionContext: {\n        Database: this.database,\n      },\n      ResultConfiguration: this.outputLocation\n        ? { OutputLocation: this.outputLocation }\n        : undefined,\n    });\n\n    const startResponse = await this.client.send(startCommand);\n    const queryExecutionId = startResponse.QueryExecutionId;\n\n    if (!queryExecutionId) {\n      throw new QueryError(\"Failed to start query execution\");\n    }\n\n    // Wait for query to complete\n    await this.waitForQueryCompletion(queryExecutionId, sqlQuery);\n\n    // Fetch results\n    return this.fetchAllResults(queryExecutionId);\n  }\n\n  /**\n   * Wait for query to complete\n   */\n  private async waitForQueryCompletion(\n    queryExecutionId: string,\n    originalQuery: string,\n  ): Promise<void> {\n    const maxWaitTime = 300000; // 5 minutes\n    const pollInterval = 1000; // 1 second\n    const startTime = Date.now();\n\n    while (Date.now() - startTime < maxWaitTime) {\n      const command = new this.sdk.GetQueryExecutionCommand({\n        QueryExecutionId: queryExecutionId,\n      });\n      const response = await this.client.send(command);\n      const state = response.QueryExecution?.Status?.State;\n\n      if (state === this.sdk.QueryExecutionState.SUCCEEDED) {\n        return;\n      }\n\n      if (\n        state === this.sdk.QueryExecutionState.FAILED ||\n        state === this.sdk.QueryExecutionState.CANCELLED\n      ) {\n        const reason =\n          response.QueryExecution?.Status?.StateChangeReason ?? \"Unknown error\";\n\n        if (reason.includes(\"TABLE_NOT_FOUND\")) {\n          const errorTail = reason.split(\":\").pop()?.trim() ?? \"\";\n          throw new MissingTableError(\n            \"Athena is unable to find the table. If the table is created by a \" +\n              \"tetraflow, make sure that the tetraflow has run successfully. \" +\n              errorTail +\n              \".\",\n          );\n        }\n\n        throw new QueryError(\n          `Query failed: ${originalQuery}. Reason: ${reason}`,\n        );\n      }\n\n      await new Promise((resolve) => setTimeout(resolve, pollInterval));\n    }\n\n    throw new QueryError(\n      `Query timed out after ${maxWaitTime / MILLISECONDS_PER_SECOND} seconds`,\n    );\n  }\n\n  /**\n   * Fetch all results from a completed query\n   */\n  private async fetchAllResults(\n    queryExecutionId: string,\n  ): Promise<Array<Record<string, unknown>>> {\n    const results: Array<Record<string, unknown>> = [];\n    let nextToken: string | undefined;\n    let columnNames: string[] = [];\n    let isFirstPage = true;\n\n    do {\n      const command = new this.sdk.GetQueryResultsCommand({\n        QueryExecutionId: queryExecutionId,\n        NextToken: nextToken,\n      });\n\n      const response = await this.client.send(command);\n\n      if (isFirstPage && response.ResultSet?.ResultSetMetadata?.ColumnInfo) {\n        columnNames = response.ResultSet.ResultSetMetadata.ColumnInfo.map(\n          (col, idx) => {\n            // Handle empty or missing column names by using a fallback\n            const name = col.Name;\n            return name && name.trim() !== \"\" ? name : `column_${idx}`;\n          },\n        );\n      }\n\n      const rows = response.ResultSet?.Rows ?? [];\n      // Skip header row on first page\n      const dataRows = isFirstPage ? rows.slice(1) : rows;\n\n      for (const row of dataRows) {\n        const rowData: Record<string, unknown> = {};\n        row.Data?.forEach((cell, index) => {\n          // columnNames already has fallback values, so we can use them directly\n          const columnName = columnNames[index] ?? `column_${index}`;\n          rowData[columnName] = cell.VarCharValue ?? null;\n        });\n        results.push(rowData);\n      }\n\n      nextToken = response.NextToken;\n      isFirstPage = false;\n    } while (nextToken);\n\n    return results;\n  }\n\n  /**\n   * Close the Athena client (no-op for AWS SDK clients)\n   */\n  async close(): Promise<void> {\n    this.client.destroy();\n  }\n}\n\n/**\n * Get the TDP Athena provider\n *\n * Creates an Athena provider using TDP environment configuration\n *\n * @returns Promise resolving to Athena data provider\n * @throws {InvalidProviderConfigurationError} If @aws-sdk/client-athena is not installed\n * @throws {Error} If ATHENA_S3_OUTPUT_LOCATION is not set when using the 'primary' workgroup\n */\nexport async function getTdpAthenaProvider(): Promise<AthenaProvider> {\n  // Dynamically import @aws-sdk/client-athena\n  const athenaSDK = await getAthenaSDK();\n\n  const orgSlug = process.env.ORG_SLUG ?? \"\";\n  const orgSlugDbFriendly = orgSlug.replace(/-/g, \"_\");\n  const athenaQueryBucket = process.env.ATHENA_S3_OUTPUT_LOCATION;\n  const athenaRegion = process.env.AWS_REGION;\n  const athenaSchema = `${orgSlugDbFriendly}__tss__default`;\n  const athenaWorkgroup = orgSlug;\n\n  const client = new athenaSDK.AthenaClient({\n    region: athenaRegion,\n  });\n\n  // Check if the org-specific workgroup exists\n  try {\n    await client.send(\n      new athenaSDK.GetWorkGroupCommand({\n        WorkGroup: athenaWorkgroup,\n      }),\n    );\n\n    // Workgroup exists, use it\n    return new AthenaProvider(client, athenaSDK, athenaWorkgroup, athenaSchema);\n  } catch {\n    // Workgroup doesn't exist or access denied, use 'primary' workgroup\n    // The 'primary' workgroup requires an explicit output location\n    if (!athenaQueryBucket) {\n      throw new Error(\n        \"ATHENA_S3_OUTPUT_LOCATION environment variable is required when using the 'primary' workgroup. \" +\n          \"Either set this variable or ensure the org-specific workgroup exists.\",\n      );\n    }\n\n    const athenaOutputLocation = `s3://${athenaQueryBucket}/${orgSlugDbFriendly}/`;\n    return new AthenaProvider(\n      client,\n      athenaSDK,\n      \"primary\",\n      athenaSchema,\n      athenaOutputLocation,\n    );\n  }\n}\n\n"],"names":["MILLISECONDS_PER_SECOND","getAthenaSDK","InvalidProviderConfigurationError","MAX_QUERY_LENGTH","AthenaProvider","client","sdk","workgroup","database","outputLocation","sqlQuery","_params","startCommand","queryExecutionId","QueryError","originalQuery","startTime","command","response","state","reason","errorTail","MissingTableError","resolve","results","nextToken","columnNames","isFirstPage","col","idx","name","rows","dataRows","row","rowData","cell","index","columnName","getTdpAthenaProvider","athenaSDK","orgSlug","orgSlugDbFriendly","athenaQueryBucket","athenaRegion","athenaSchema","athenaWorkgroup","athenaOutputLocation"],"mappings":"+jBAuBMA,EAA0B,IAUhC,eAAeC,GAAmC,CAChD,GAAI,CACF,OAAO,KAAM,QAAO,wBAAwB,CAC9C,MAAQ,CACN,MAAM,IAAIC,EAAAA,kCACR,oIAAA,CAGJ,CACF,CAGA,MAAMC,EAAmB,OAKlB,MAAMC,CAAe,CAClB,OACA,IACA,UACA,SACA,eAWR,YACEC,EACAC,EACAC,EACAC,EACAC,EACA,CACA,KAAK,OAASJ,EACd,KAAK,IAAMC,EACX,KAAK,UAAYC,EACjB,KAAK,SAAWC,EAChB,KAAK,eAAiBC,CACxB,CAgBA,MAAM,MACJC,EACAC,EAAmC,GACM,CACzC,GAAID,EAAS,OAASP,EACpB,MAAM,IAAI,MAAM,iDAAiD,EAMnE,MAAMS,EAAe,IAAI,KAAK,IAAI,2BAA2B,CAC3D,YAAaF,EACb,UAAW,KAAK,UAChB,sBAAuB,CACrB,SAAU,KAAK,QAAA,EAEjB,oBAAqB,KAAK,eACtB,CAAE,eAAgB,KAAK,gBACvB,MAAA,CACL,EAGKG,GADgB,MAAM,KAAK,OAAO,KAAKD,CAAY,GAClB,iBAEvC,GAAI,CAACC,EACH,MAAM,IAAIC,EAAAA,WAAW,iCAAiC,EAIxD,aAAM,KAAK,uBAAuBD,EAAkBH,CAAQ,EAGrD,KAAK,gBAAgBG,CAAgB,CAC9C,CAKA,MAAc,uBACZA,EACAE,EACe,CAGf,MAAMC,EAAY,KAAK,IAAA,EAEvB,KAAO,KAAK,MAAQA,EAAY,KAAa,CAC3C,MAAMC,EAAU,IAAI,KAAK,IAAI,yBAAyB,CACpD,iBAAkBJ,CAAA,CACnB,EACKK,EAAW,MAAM,KAAK,OAAO,KAAKD,CAAO,EACzCE,EAAQD,EAAS,gBAAgB,QAAQ,MAE/C,GAAIC,IAAU,KAAK,IAAI,oBAAoB,UACzC,OAGF,GACEA,IAAU,KAAK,IAAI,oBAAoB,QACvCA,IAAU,KAAK,IAAI,oBAAoB,UACvC,CACA,MAAMC,EACJF,EAAS,gBAAgB,QAAQ,mBAAqB,gBAExD,GAAIE,EAAO,SAAS,iBAAiB,EAAG,CACtC,MAAMC,EAAYD,EAAO,MAAM,GAAG,EAAE,IAAA,GAAO,QAAU,GACrD,MAAM,IAAIE,EAAAA,kBACR,kIAEED,EACA,GAAA,CAEN,CAEA,MAAM,IAAIP,EAAAA,WACR,iBAAiBC,CAAa,aAAaK,CAAM,EAAA,CAErD,CAEA,MAAM,IAAI,QAASG,GAAY,WAAWA,EAAS,GAAY,CAAC,CAClE,CAEA,MAAM,IAAIT,EAAAA,WACR,yBAAyB,IAAcd,CAAuB,UAAA,CAElE,CAKA,MAAc,gBACZa,EACyC,CACzC,MAAMW,EAA0C,CAAA,EAChD,IAAIC,EACAC,EAAwB,CAAA,EACxBC,EAAc,GAElB,EAAG,CACD,MAAMV,EAAU,IAAI,KAAK,IAAI,uBAAuB,CAClD,iBAAkBJ,EAClB,UAAWY,CAAA,CACZ,EAEKP,EAAW,MAAM,KAAK,OAAO,KAAKD,CAAO,EAE3CU,GAAeT,EAAS,WAAW,mBAAmB,aACxDQ,EAAcR,EAAS,UAAU,kBAAkB,WAAW,IAC5D,CAACU,EAAKC,IAAQ,CAEZ,MAAMC,EAAOF,EAAI,KACjB,OAAOE,GAAQA,EAAK,KAAA,IAAW,GAAKA,EAAO,UAAUD,CAAG,EAC1D,CAAA,GAIJ,MAAME,EAAOb,EAAS,WAAW,MAAQ,CAAA,EAEnCc,EAAWL,EAAcI,EAAK,MAAM,CAAC,EAAIA,EAE/C,UAAWE,KAAOD,EAAU,CAC1B,MAAME,EAAmC,CAAA,EACzCD,EAAI,MAAM,QAAQ,CAACE,EAAMC,IAAU,CAEjC,MAAMC,EAAaX,EAAYU,CAAK,GAAK,UAAUA,CAAK,GACxDF,EAAQG,CAAU,EAAIF,EAAK,cAAgB,IAC7C,CAAC,EACDX,EAAQ,KAAKU,CAAO,CACtB,CAEAT,EAAYP,EAAS,UACrBS,EAAc,EAChB,OAASF,GAET,OAAOD,CACT,CAKA,MAAM,OAAuB,CAC3B,KAAK,OAAO,QAAA,CACd,CACF,CAWA,eAAsBc,GAAgD,CAEpE,MAAMC,EAAY,MAAMtC,EAAA,EAElBuC,EAAU,QAAQ,IAAI,UAAY,GAClCC,EAAoBD,EAAQ,QAAQ,KAAM,GAAG,EAC7CE,EAAoB,QAAQ,IAAI,0BAChCC,EAAe,QAAQ,IAAI,WAC3BC,EAAe,GAAGH,CAAiB,iBACnCI,EAAkBL,EAElBnC,EAAS,IAAIkC,EAAU,aAAa,CACxC,OAAQI,CAAA,CACT,EAGD,GAAI,CACF,aAAMtC,EAAO,KACX,IAAIkC,EAAU,oBAAoB,CAChC,UAAWM,CAAA,CACZ,CAAA,EAII,IAAIzC,EAAeC,EAAQkC,EAAWM,EAAiBD,CAAY,CAC5E,MAAQ,CAGN,GAAI,CAACF,EACH,MAAM,IAAI,MACR,sKAAA,EAKJ,MAAMI,EAAuB,QAAQJ,CAAiB,IAAID,CAAiB,IAC3E,OAAO,IAAIrC,EACTC,EACAkC,EACA,UACAK,EACAE,CAAA,CAEJ,CACF"}

package/dist/server/providers/AthenaProvider.js

@@ -0,0 +1,154 @@
+import { QueryError as w, MissingTableError as E, InvalidProviderConfigurationError as f } from "./exceptions.js";
+const S = 1e3;
+async function g() {
+  try {
+    return await import("@aws-sdk/client-athena");
+  } catch {
+    throw new f(
+      "The '@aws-sdk/client-athena' package is required to use the Athena provider. Please install it: npm install @aws-sdk/client-athena"
+    );
+  }
+}
+const k = 262144;
+class p {
+  client;
+  sdk;
+  workgroup;
+  database;
+  outputLocation;
+  /**
+   * Initialize the Athena data provider
+   *
+   * @param client - AWS Athena client
+   * @param sdk - AWS Athena SDK module (for accessing command classes)
+   * @param workgroup - Athena workgroup to use
+   * @param database - Default database/schema
+   * @param outputLocation - Optional S3 output location
+   */
+  constructor(e, a, n, s, t) {
+    this.client = e, this.sdk = a, this.workgroup = n, this.database = s, this.outputLocation = t;
+  }
+  /**
+   * Query the Athena database
+   *
+   * @param sqlQuery - SQL query to execute
+   * @param _params - Parameters to pass to the query (currently not used - Athena doesn't support parameterized queries)
+   * @returns Promise resolving to array of row objects
+   *
+   * @remarks
+   * **Security Note:** AWS Athena does not support parameterized queries.
+   * Unlike traditional databases, there is no native way to use bind parameters
+   * with Athena. Callers are responsible for properly sanitizing any user input
+   * before constructing the SQL query string. This is a known limitation of the
+   * Athena service, not a design flaw in this implementation.
+   */
+  async query(e, a = {}) {
+    if (e.length > k)
+      throw new Error("Query length exceeds the maximum allowed limit.");
+    const n = new this.sdk.StartQueryExecutionCommand({
+      QueryString: e,
+      WorkGroup: this.workgroup,
+      QueryExecutionContext: {
+        Database: this.database
+      },
+      ResultConfiguration: this.outputLocation ? { OutputLocation: this.outputLocation } : void 0
+    }), t = (await this.client.send(n)).QueryExecutionId;
+    if (!t)
+      throw new w("Failed to start query execution");
+    return await this.waitForQueryCompletion(t, e), this.fetchAllResults(t);
+  }
+  /**
+   * Wait for query to complete
+   */
+  async waitForQueryCompletion(e, a) {
+    const t = Date.now();
+    for (; Date.now() - t < 3e5; ) {
+      const u = new this.sdk.GetQueryExecutionCommand({
+        QueryExecutionId: e
+      }), o = await this.client.send(u), r = o.QueryExecution?.Status?.State;
+      if (r === this.sdk.QueryExecutionState.SUCCEEDED)
+        return;
+      if (r === this.sdk.QueryExecutionState.FAILED || r === this.sdk.QueryExecutionState.CANCELLED) {
+        const i = o.QueryExecution?.Status?.StateChangeReason ?? "Unknown error";
+        if (i.includes("TABLE_NOT_FOUND")) {
+          const l = i.split(":").pop()?.trim() ?? "";
+          throw new E(
+            "Athena is unable to find the table. If the table is created by a tetraflow, make sure that the tetraflow has run successfully. " + l + "."
+          );
+        }
+        throw new w(
+          `Query failed: ${a}. Reason: ${i}`
+        );
+      }
+      await new Promise((i) => setTimeout(i, 1e3));
+    }
+    throw new w(
+      `Query timed out after ${3e5 / S} seconds`
+    );
+  }
+  /**
+   * Fetch all results from a completed query
+   */
+  async fetchAllResults(e) {
+    const a = [];
+    let n, s = [], t = !0;
+    do {
+      const u = new this.sdk.GetQueryResultsCommand({
+        QueryExecutionId: e,
+        NextToken: n
+      }), o = await this.client.send(u);
+      t && o.ResultSet?.ResultSetMetadata?.ColumnInfo && (s = o.ResultSet.ResultSetMetadata.ColumnInfo.map(
+        (l, m) => {
+          const h = l.Name;
+          return h && h.trim() !== "" ? h : `column_${m}`;
+        }
+      ));
+      const r = o.ResultSet?.Rows ?? [], i = t ? r.slice(1) : r;
+      for (const l of i) {
+        const m = {};
+        l.Data?.forEach((h, d) => {
+          const y = s[d] ?? `column_${d}`;
+          m[y] = h.VarCharValue ?? null;
+        }), a.push(m);
+      }
+      n = o.NextToken, t = !1;
+    } while (n);
+    return a;
+  }
+  /**
+   * Close the Athena client (no-op for AWS SDK clients)
+   */
+  async close() {
+    this.client.destroy();
+  }
+}
+async function C() {
+  const c = await g(), e = process.env.ORG_SLUG ?? "", a = e.replace(/-/g, "_"), n = process.env.ATHENA_S3_OUTPUT_LOCATION, s = process.env.AWS_REGION, t = `${a}__tss__default`, u = e, o = new c.AthenaClient({
+    region: s
+  });
+  try {
+    return await o.send(
+      new c.GetWorkGroupCommand({
+        WorkGroup: u
+      })
+    ), new p(o, c, u, t);
+  } catch {
+    if (!n)
+      throw new Error(
+        "ATHENA_S3_OUTPUT_LOCATION environment variable is required when using the 'primary' workgroup. Either set this variable or ensure the org-specific workgroup exists."
+      );
+    const r = `s3://${n}/${a}/`;
+    return new p(
+      o,
+      c,
+      "primary",
+      t,
+      r
+    );
+  }
+}
+export {
+  p as AthenaProvider,
+  C as getTdpAthenaProvider
+};
+//# sourceMappingURL=AthenaProvider.js.map

package/dist/server/providers/AthenaProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AthenaProvider.js","sources":["../../../src/server/providers/AthenaProvider.ts"],"sourcesContent":["/**\n * Athena Data Provider\n *\n * TypeScript equivalent of AthenaProvider from\n * ts-lib-ui-kit-streamlit/tetrascience/data_app_providers/provider.py\n *\n * @remarks\n * This provider requires the `@aws-sdk/client-athena` package to be installed.\n * It is an optional peer dependency - install it only if you need Athena support:\n * ```bash\n * npm install @aws-sdk/client-athena\n * # or\n * yarn add @aws-sdk/client-athena\n * ```\n */\n\nimport {\n  QueryError,\n  MissingTableError,\n  InvalidProviderConfigurationError,\n} from \"./exceptions\";\n\n/** Milliseconds per second */\nconst MILLISECONDS_PER_SECOND = 1000;\n\n// Type imports for @aws-sdk/client-athena (these don't require the package at runtime)\ntype AthenaClient = import(\"@aws-sdk/client-athena\").AthenaClient;\ntype AthenaSDK = typeof import(\"@aws-sdk/client-athena\");\n\n/**\n * Dynamically import @aws-sdk/client-athena\n * @throws {InvalidProviderConfigurationError} If @aws-sdk/client-athena is not installed\n */\nasync function getAthenaSDK(): Promise<AthenaSDK> {\n  try {\n    return await import(\"@aws-sdk/client-athena\");\n  } catch {\n    throw new InvalidProviderConfigurationError(\n      \"The '@aws-sdk/client-athena' package is required to use the Athena provider. \" +\n        \"Please install it: npm install @aws-sdk/client-athena\",\n    );\n  }\n}\n\n/** Maximum query length allowed by Athena */\nconst MAX_QUERY_LENGTH = 262144;\n\n/**\n * Athena data provider\n */\nexport class AthenaProvider {\n  private client: AthenaClient;\n  private sdk: AthenaSDK;\n  private workgroup: string;\n  private database: string;\n  private outputLocation?: string;\n\n  /**\n   * Initialize the Athena data provider\n   *\n   * @param client - AWS Athena client\n   * @param sdk - AWS Athena SDK module (for accessing command classes)\n   * @param workgroup - Athena workgroup to use\n   * @param database - Default database/schema\n   * @param outputLocation - Optional S3 output location\n   */\n  constructor(\n    client: AthenaClient,\n    sdk: AthenaSDK,\n    workgroup: string,\n    database: string,\n    outputLocation?: string,\n  ) {\n    this.client = client;\n    this.sdk = sdk;\n    this.workgroup = workgroup;\n    this.database = database;\n    this.outputLocation = outputLocation;\n  }\n\n  /**\n   * Query the Athena database\n   *\n   * @param sqlQuery - SQL query to execute\n   * @param _params - Parameters to pass to the query (currently not used - Athena doesn't support parameterized queries)\n   * @returns Promise resolving to array of row objects\n   *\n   * @remarks\n   * **Security Note:** AWS Athena does not support parameterized queries.\n   * Unlike traditional databases, there is no native way to use bind parameters\n   * with Athena. Callers are responsible for properly sanitizing any user input\n   * before constructing the SQL query string. This is a known limitation of the\n   * Athena service, not a design flaw in this implementation.\n   */\n  async query(\n    sqlQuery: string,\n    _params: Record<string, unknown> = {},\n  ): Promise<Array<Record<string, unknown>>> {\n    if (sqlQuery.length > MAX_QUERY_LENGTH) {\n      throw new Error(\"Query length exceeds the maximum allowed limit.\");\n    }\n\n    // Start query execution\n    // Note: Athena does not support parameterized queries. The sqlQuery is passed\n    // directly to Athena. Callers must sanitize user input before constructing queries.\n    const startCommand = new this.sdk.StartQueryExecutionCommand({\n      QueryString: sqlQuery,\n      WorkGroup: this.workgroup,\n      QueryExecutionContext: {\n        Database: this.database,\n      },\n      ResultConfiguration: this.outputLocation\n        ? { OutputLocation: this.outputLocation }\n        : undefined,\n    });\n\n    const startResponse = await this.client.send(startCommand);\n    const queryExecutionId = startResponse.QueryExecutionId;\n\n    if (!queryExecutionId) {\n      throw new QueryError(\"Failed to start query execution\");\n    }\n\n    // Wait for query to complete\n    await this.waitForQueryCompletion(queryExecutionId, sqlQuery);\n\n    // Fetch results\n    return this.fetchAllResults(queryExecutionId);\n  }\n\n  /**\n   * Wait for query to complete\n   */\n  private async waitForQueryCompletion(\n    queryExecutionId: string,\n    originalQuery: string,\n  ): Promise<void> {\n    const maxWaitTime = 300000; // 5 minutes\n    const pollInterval = 1000; // 1 second\n    const startTime = Date.now();\n\n    while (Date.now() - startTime < maxWaitTime) {\n      const command = new this.sdk.GetQueryExecutionCommand({\n        QueryExecutionId: queryExecutionId,\n      });\n      const response = await this.client.send(command);\n      const state = response.QueryExecution?.Status?.State;\n\n      if (state === this.sdk.QueryExecutionState.SUCCEEDED) {\n        return;\n      }\n\n      if (\n        state === this.sdk.QueryExecutionState.FAILED ||\n        state === this.sdk.QueryExecutionState.CANCELLED\n      ) {\n        const reason =\n          response.QueryExecution?.Status?.StateChangeReason ?? \"Unknown error\";\n\n        if (reason.includes(\"TABLE_NOT_FOUND\")) {\n          const errorTail = reason.split(\":\").pop()?.trim() ?? \"\";\n          throw new MissingTableError(\n            \"Athena is unable to find the table. If the table is created by a \" +\n              \"tetraflow, make sure that the tetraflow has run successfully. \" +\n              errorTail +\n              \".\",\n          );\n        }\n\n        throw new QueryError(\n          `Query failed: ${originalQuery}. Reason: ${reason}`,\n        );\n      }\n\n      await new Promise((resolve) => setTimeout(resolve, pollInterval));\n    }\n\n    throw new QueryError(\n      `Query timed out after ${maxWaitTime / MILLISECONDS_PER_SECOND} seconds`,\n    );\n  }\n\n  /**\n   * Fetch all results from a completed query\n   */\n  private async fetchAllResults(\n    queryExecutionId: string,\n  ): Promise<Array<Record<string, unknown>>> {\n    const results: Array<Record<string, unknown>> = [];\n    let nextToken: string | undefined;\n    let columnNames: string[] = [];\n    let isFirstPage = true;\n\n    do {\n      const command = new this.sdk.GetQueryResultsCommand({\n        QueryExecutionId: queryExecutionId,\n        NextToken: nextToken,\n      });\n\n      const response = await this.client.send(command);\n\n      if (isFirstPage && response.ResultSet?.ResultSetMetadata?.ColumnInfo) {\n        columnNames = response.ResultSet.ResultSetMetadata.ColumnInfo.map(\n          (col, idx) => {\n            // Handle empty or missing column names by using a fallback\n            const name = col.Name;\n            return name && name.trim() !== \"\" ? name : `column_${idx}`;\n          },\n        );\n      }\n\n      const rows = response.ResultSet?.Rows ?? [];\n      // Skip header row on first page\n      const dataRows = isFirstPage ? rows.slice(1) : rows;\n\n      for (const row of dataRows) {\n        const rowData: Record<string, unknown> = {};\n        row.Data?.forEach((cell, index) => {\n          // columnNames already has fallback values, so we can use them directly\n          const columnName = columnNames[index] ?? `column_${index}`;\n          rowData[columnName] = cell.VarCharValue ?? null;\n        });\n        results.push(rowData);\n      }\n\n      nextToken = response.NextToken;\n      isFirstPage = false;\n    } while (nextToken);\n\n    return results;\n  }\n\n  /**\n   * Close the Athena client (no-op for AWS SDK clients)\n   */\n  async close(): Promise<void> {\n    this.client.destroy();\n  }\n}\n\n/**\n * Get the TDP Athena provider\n *\n * Creates an Athena provider using TDP environment configuration\n *\n * @returns Promise resolving to Athena data provider\n * @throws {InvalidProviderConfigurationError} If @aws-sdk/client-athena is not installed\n * @throws {Error} If ATHENA_S3_OUTPUT_LOCATION is not set when using the 'primary' workgroup\n */\nexport async function getTdpAthenaProvider(): Promise<AthenaProvider> {\n  // Dynamically import @aws-sdk/client-athena\n  const athenaSDK = await getAthenaSDK();\n\n  const orgSlug = process.env.ORG_SLUG ?? \"\";\n  const orgSlugDbFriendly = orgSlug.replace(/-/g, \"_\");\n  const athenaQueryBucket = process.env.ATHENA_S3_OUTPUT_LOCATION;\n  const athenaRegion = process.env.AWS_REGION;\n  const athenaSchema = `${orgSlugDbFriendly}__tss__default`;\n  const athenaWorkgroup = orgSlug;\n\n  const client = new athenaSDK.AthenaClient({\n    region: athenaRegion,\n  });\n\n  // Check if the org-specific workgroup exists\n  try {\n    await client.send(\n      new athenaSDK.GetWorkGroupCommand({\n        WorkGroup: athenaWorkgroup,\n      }),\n    );\n\n    // Workgroup exists, use it\n    return new AthenaProvider(client, athenaSDK, athenaWorkgroup, athenaSchema);\n  } catch {\n    // Workgroup doesn't exist or access denied, use 'primary' workgroup\n    // The 'primary' workgroup requires an explicit output location\n    if (!athenaQueryBucket) {\n      throw new Error(\n        \"ATHENA_S3_OUTPUT_LOCATION environment variable is required when using the 'primary' workgroup. \" +\n          \"Either set this variable or ensure the org-specific workgroup exists.\",\n      );\n    }\n\n    const athenaOutputLocation = `s3://${athenaQueryBucket}/${orgSlugDbFriendly}/`;\n    return new AthenaProvider(\n      client,\n      athenaSDK,\n      \"primary\",\n      athenaSchema,\n      athenaOutputLocation,\n    );\n  }\n}\n\n"],"names":["MILLISECONDS_PER_SECOND","getAthenaSDK","InvalidProviderConfigurationError","MAX_QUERY_LENGTH","AthenaProvider","client","sdk","workgroup","database","outputLocation","sqlQuery","_params","startCommand","queryExecutionId","QueryError","originalQuery","startTime","command","response","state","reason","errorTail","MissingTableError","resolve","results","nextToken","columnNames","isFirstPage","col","idx","name","rows","dataRows","row","rowData","cell","index","columnName","getTdpAthenaProvider","athenaSDK","orgSlug","orgSlugDbFriendly","athenaQueryBucket","athenaRegion","athenaSchema","athenaWorkgroup","athenaOutputLocation"],"mappings":";AAuBA,MAAMA,IAA0B;AAUhC,eAAeC,IAAmC;AAChD,MAAI;AACF,WAAO,MAAM,OAAO,wBAAwB;AAAA,EAC9C,QAAQ;AACN,UAAM,IAAIC;AAAA,MACR;AAAA,IAAA;AAAA,EAGJ;AACF;AAGA,MAAMC,IAAmB;AAKlB,MAAMC,EAAe;AAAA,EAClB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWR,YACEC,GACAC,GACAC,GACAC,GACAC,GACA;AACA,SAAK,SAASJ,GACd,KAAK,MAAMC,GACX,KAAK,YAAYC,GACjB,KAAK,WAAWC,GAChB,KAAK,iBAAiBC;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,MACJC,GACAC,IAAmC,IACM;AACzC,QAAID,EAAS,SAASP;AACpB,YAAM,IAAI,MAAM,iDAAiD;AAMnE,UAAMS,IAAe,IAAI,KAAK,IAAI,2BAA2B;AAAA,MAC3D,aAAaF;AAAA,MACb,WAAW,KAAK;AAAA,MAChB,uBAAuB;AAAA,QACrB,UAAU,KAAK;AAAA,MAAA;AAAA,MAEjB,qBAAqB,KAAK,iBACtB,EAAE,gBAAgB,KAAK,mBACvB;AAAA,IAAA,CACL,GAGKG,KADgB,MAAM,KAAK,OAAO,KAAKD,CAAY,GAClB;AAEvC,QAAI,CAACC;AACH,YAAM,IAAIC,EAAW,iCAAiC;AAIxD,iBAAM,KAAK,uBAAuBD,GAAkBH,CAAQ,GAGrD,KAAK,gBAAgBG,CAAgB;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,uBACZA,GACAE,GACe;AAGf,UAAMC,IAAY,KAAK,IAAA;AAEvB,WAAO,KAAK,QAAQA,IAAY,OAAa;AAC3C,YAAMC,IAAU,IAAI,KAAK,IAAI,yBAAyB;AAAA,QACpD,kBAAkBJ;AAAA,MAAA,CACnB,GACKK,IAAW,MAAM,KAAK,OAAO,KAAKD,CAAO,GACzCE,IAAQD,EAAS,gBAAgB,QAAQ;AAE/C,UAAIC,MAAU,KAAK,IAAI,oBAAoB;AACzC;AAGF,UACEA,MAAU,KAAK,IAAI,oBAAoB,UACvCA,MAAU,KAAK,IAAI,oBAAoB,WACvC;AACA,cAAMC,IACJF,EAAS,gBAAgB,QAAQ,qBAAqB;AAExD,YAAIE,EAAO,SAAS,iBAAiB,GAAG;AACtC,gBAAMC,IAAYD,EAAO,MAAM,GAAG,EAAE,IAAA,GAAO,UAAU;AACrD,gBAAM,IAAIE;AAAA,YACR,oIAEED,IACA;AAAA,UAAA;AAAA,QAEN;AAEA,cAAM,IAAIP;AAAA,UACR,iBAAiBC,CAAa,aAAaK,CAAM;AAAA,QAAA;AAAA,MAErD;AAEA,YAAM,IAAI,QAAQ,CAACG,MAAY,WAAWA,GAAS,GAAY,CAAC;AAAA,IAClE;AAEA,UAAM,IAAIT;AAAA,MACR,yBAAyB,MAAcd,CAAuB;AAAA,IAAA;AAAA,EAElE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,gBACZa,GACyC;AACzC,UAAMW,IAA0C,CAAA;AAChD,QAAIC,GACAC,IAAwB,CAAA,GACxBC,IAAc;AAElB,OAAG;AACD,YAAMV,IAAU,IAAI,KAAK,IAAI,uBAAuB;AAAA,QAClD,kBAAkBJ;AAAA,QAClB,WAAWY;AAAA,MAAA,CACZ,GAEKP,IAAW,MAAM,KAAK,OAAO,KAAKD,CAAO;AAE/C,MAAIU,KAAeT,EAAS,WAAW,mBAAmB,eACxDQ,IAAcR,EAAS,UAAU,kBAAkB,WAAW;AAAA,QAC5D,CAACU,GAAKC,MAAQ;AAEZ,gBAAMC,IAAOF,EAAI;AACjB,iBAAOE,KAAQA,EAAK,KAAA,MAAW,KAAKA,IAAO,UAAUD,CAAG;AAAA,QAC1D;AAAA,MAAA;AAIJ,YAAME,IAAOb,EAAS,WAAW,QAAQ,CAAA,GAEnCc,IAAWL,IAAcI,EAAK,MAAM,CAAC,IAAIA;AAE/C,iBAAWE,KAAOD,GAAU;AAC1B,cAAME,IAAmC,CAAA;AACzC,QAAAD,EAAI,MAAM,QAAQ,CAACE,GAAMC,MAAU;AAEjC,gBAAMC,IAAaX,EAAYU,CAAK,KAAK,UAAUA,CAAK;AACxD,UAAAF,EAAQG,CAAU,IAAIF,EAAK,gBAAgB;AAAA,QAC7C,CAAC,GACDX,EAAQ,KAAKU,CAAO;AAAA,MACtB;AAEA,MAAAT,IAAYP,EAAS,WACrBS,IAAc;AAAA,IAChB,SAASF;AAET,WAAOD;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAuB;AAC3B,SAAK,OAAO,QAAA;AAAA,EACd;AACF;AAWA,eAAsBc,IAAgD;AAEpE,QAAMC,IAAY,MAAMtC,EAAA,GAElBuC,IAAU,QAAQ,IAAI,YAAY,IAClCC,IAAoBD,EAAQ,QAAQ,MAAM,GAAG,GAC7CE,IAAoB,QAAQ,IAAI,2BAChCC,IAAe,QAAQ,IAAI,YAC3BC,IAAe,GAAGH,CAAiB,kBACnCI,IAAkBL,GAElBnC,IAAS,IAAIkC,EAAU,aAAa;AAAA,IACxC,QAAQI;AAAA,EAAA,CACT;AAGD,MAAI;AACF,iBAAMtC,EAAO;AAAA,MACX,IAAIkC,EAAU,oBAAoB;AAAA,QAChC,WAAWM;AAAA,MAAA,CACZ;AAAA,IAAA,GAII,IAAIzC,EAAeC,GAAQkC,GAAWM,GAAiBD,CAAY;AAAA,EAC5E,QAAQ;AAGN,QAAI,CAACF;AACH,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAKJ,UAAMI,IAAuB,QAAQJ,CAAiB,IAAID,CAAiB;AAC3E,WAAO,IAAIrC;AAAA,MACTC;AAAA,MACAkC;AAAA,MACA;AAAA,MACAK;AAAA,MACAE;AAAA,IAAA;AAAA,EAEJ;AACF;"}

package/dist/server/providers/DatabricksProvider.cjs

@@ -0,0 +1,2 @@
+"use strict";var f=Object.create;var o=Object.defineProperty;var v=Object.getOwnPropertyDescriptor;var w=Object.getOwnPropertyNames;var S=Object.getPrototypeOf,_=Object.prototype.hasOwnProperty;var g=(t,e,s,a)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of w(e))!_.call(t,i)&&i!==s&&o(t,i,{get:()=>e[i],enumerable:!(a=v(e,i))||a.enumerable});return t};var m=(t,e,s)=>(s=t!=null?f(S(t)):{},g(e||!t||!t.__esModule?o(s,"default",{value:t,enumerable:!0}):s,t));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const c=require("./exceptions.cjs");async function y(){try{return await import("@databricks/sql")}catch{throw new c.InvalidProviderConfigurationError("The '@databricks/sql' package is required to use the Databricks provider. Please install it: npm install @databricks/sql")}}class l{client;session;constructor(e,s){this.client=e,this.session=s}async query(e,s={}){const a=await this.session.executeStatement(e);try{return await a.fetchAll()}finally{await a.close()}}async close(){await this.session.close(),await this.client.close()}}function k(){return`${(process.env.ORG_SLUG??"").replace(/-/g,"_")}__tss__default`}async function D(t){const{DBSQLClient:e}=await y(),s=["server_hostname","http_path","client_id","client_secret","catalog"];for(const n of s)if(!t.fields[n])throw new c.InvalidProviderConfigurationError(`Missing field '${n}' in the provider '${t.name}' to connect to Databricks.`);const a=t.fields.server_hostname,i=t.fields.http_path,d=t.fields.client_id,u=t.fields.client_secret,h=t.fields.catalog,p=t.fields.schema??k(),r=new e;await r.connect({host:a,path:i,authType:"databricks-oauth",oauthClientId:d,oauthClientSecret:u});const b=await r.openSession({initialCatalog:h,initialSchema:p});return new l(r,b)}exports.DatabricksProvider=l;exports.buildDatabricksProvider=D;
+//# sourceMappingURL=DatabricksProvider.cjs.map

package/dist/server/providers/DatabricksProvider.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"DatabricksProvider.cjs","sources":["../../../src/server/providers/DatabricksProvider.ts"],"sourcesContent":["/**\n * Databricks Data Provider\n *\n * TypeScript equivalent of DatabricksProvider from\n * ts-lib-ui-kit-streamlit/tetrascience/data_app_providers/provider.py\n *\n * @remarks\n * This provider requires the `@databricks/sql` package to be installed.\n * It is an optional peer dependency - install it only if you need Databricks support:\n * ```bash\n * npm install @databricks/sql\n * # or\n * yarn add @databricks/sql\n * ```\n */\n\nimport { InvalidProviderConfigurationError } from \"./exceptions\";\n\nimport type { ProviderConfiguration } from \"./types\";\n\n// Type imports for @databricks/sql (these don't require the package at runtime)\ntype DBSQLClient = import(\"@databricks/sql\").DBSQLClient;\ntype IDBSQLSession = import(\"@databricks/sql/dist/contracts/IDBSQLSession\").default;\n\n/**\n * Dynamically import @databricks/sql\n * @throws {InvalidProviderConfigurationError} If @databricks/sql is not installed\n */\nasync function getDatabricksSQL(): Promise<typeof import(\"@databricks/sql\")> {\n  try {\n    return await import(\"@databricks/sql\");\n  } catch {\n    throw new InvalidProviderConfigurationError(\n      \"The '@databricks/sql' package is required to use the Databricks provider. \" +\n        \"Please install it: npm install @databricks/sql\",\n    );\n  }\n}\n\n/**\n * Databricks data provider\n */\nexport class DatabricksProvider {\n  private client: DBSQLClient;\n  private session: IDBSQLSession;\n\n  /**\n   * Initialize the Databricks data provider\n   *\n   * @param client - Databricks SQL client\n   * @param session - Databricks SQL session\n   */\n  constructor(client: DBSQLClient, session: IDBSQLSession) {\n    this.client = client;\n    this.session = session;\n  }\n\n  /**\n   * Query the Databricks database\n   *\n   * @param sqlQuery - SQL query to execute\n   * @param _params - Parameters to pass to the query (currently not used)\n   * @returns Promise resolving to array of row objects\n   */\n  async query(\n    sqlQuery: string,\n    _params: Record<string, unknown> = {},\n  ): Promise<Array<Record<string, unknown>>> {\n    const operation = await this.session.executeStatement(sqlQuery);\n    try {\n      const result = await operation.fetchAll();\n      return result as Array<Record<string, unknown>>;\n    } finally {\n      // Always close the operation to avoid leaking server-side resources\n      await operation.close();\n    }\n  }\n\n  /**\n   * Close the Databricks connection\n   */\n  async close(): Promise<void> {\n    await this.session.close();\n    await this.client.close();\n  }\n}\n\n/**\n * Get the default Athena schema from environment\n */\nfunction getDefaultSchema(): string {\n  const orgSlug = process.env.ORG_SLUG ?? \"\";\n  const orgSlugDbFriendly = orgSlug.replace(/-/g, \"_\");\n  return `${orgSlugDbFriendly}__tss__default`;\n}\n\n/**\n * Build a Databricks data provider from the configuration\n *\n * @param config - Provider configuration\n * @returns Promise resolving to Databricks data provider\n * @throws {InvalidProviderConfigurationError} If @databricks/sql is not installed or config is invalid\n */\nexport async function buildDatabricksProvider(\n  config: ProviderConfiguration,\n): Promise<DatabricksProvider> {\n  // Dynamically import @databricks/sql\n  const { DBSQLClient } = await getDatabricksSQL();\n\n  const requiredFields = [\n    \"server_hostname\",\n    \"http_path\",\n    \"client_id\",\n    \"client_secret\",\n    \"catalog\",\n  ] as const;\n\n  for (const field of requiredFields) {\n    if (!config.fields[field]) {\n      throw new InvalidProviderConfigurationError(\n        `Missing field '${field}' in the provider '${config.name}' to connect to Databricks.`,\n      );\n    }\n  }\n\n  const serverHostname = config.fields[\"server_hostname\"]!;\n  const httpPath = config.fields[\"http_path\"]!;\n  const clientId = config.fields[\"client_id\"]!;\n  const clientSecret = config.fields[\"client_secret\"]!;\n  const catalog = config.fields[\"catalog\"]!;\n  const schema = config.fields[\"schema\"] ?? getDefaultSchema();\n\n  const client = new DBSQLClient();\n\n  await client.connect({\n    host: serverHostname,\n    path: httpPath,\n    authType: \"databricks-oauth\",\n    oauthClientId: clientId,\n    oauthClientSecret: clientSecret,\n  });\n\n  const session = await client.openSession({\n    initialCatalog: catalog,\n    initialSchema: schema,\n  });\n\n  return new DatabricksProvider(client, session);\n}\n\n"],"names":["getDatabricksSQL","InvalidProviderConfigurationError","DatabricksProvider","client","session","sqlQuery","_params","operation","getDefaultSchema","buildDatabricksProvider","config","DBSQLClient","requiredFields","field","serverHostname","httpPath","clientId","clientSecret","catalog","schema"],"mappings":"+jBA4BA,eAAeA,GAA8D,CAC3E,GAAI,CACF,OAAO,KAAM,QAAO,iBAAiB,CACvC,MAAQ,CACN,MAAM,IAAIC,EAAAA,kCACR,0HAAA,CAGJ,CACF,CAKO,MAAMC,CAAmB,CACtB,OACA,QAQR,YAAYC,EAAqBC,EAAwB,CACvD,KAAK,OAASD,EACd,KAAK,QAAUC,CACjB,CASA,MAAM,MACJC,EACAC,EAAmC,GACM,CACzC,MAAMC,EAAY,MAAM,KAAK,QAAQ,iBAAiBF,CAAQ,EAC9D,GAAI,CAEF,OADe,MAAME,EAAU,SAAA,CAEjC,QAAA,CAEE,MAAMA,EAAU,MAAA,CAClB,CACF,CAKA,MAAM,OAAuB,CAC3B,MAAM,KAAK,QAAQ,MAAA,EACnB,MAAM,KAAK,OAAO,MAAA,CACpB,CACF,CAKA,SAASC,GAA2B,CAGlC,MAAO,IAFS,QAAQ,IAAI,UAAY,IACN,QAAQ,KAAM,GAAG,CACxB,gBAC7B,CASA,eAAsBC,EACpBC,EAC6B,CAE7B,KAAM,CAAE,YAAAC,GAAgB,MAAMX,EAAA,EAExBY,EAAiB,CACrB,kBACA,YACA,YACA,gBACA,SAAA,EAGF,UAAWC,KAASD,EAClB,GAAI,CAACF,EAAO,OAAOG,CAAK,EACtB,MAAM,IAAIZ,EAAAA,kCACR,kBAAkBY,CAAK,sBAAsBH,EAAO,IAAI,6BAAA,EAK9D,MAAMI,EAAiBJ,EAAO,OAAO,gBAC/BK,EAAWL,EAAO,OAAO,UACzBM,EAAWN,EAAO,OAAO,UACzBO,EAAeP,EAAO,OAAO,cAC7BQ,EAAUR,EAAO,OAAO,QACxBS,EAAST,EAAO,OAAO,QAAaF,EAAA,EAEpCL,EAAS,IAAIQ,EAEnB,MAAMR,EAAO,QAAQ,CACnB,KAAMW,EACN,KAAMC,EACN,SAAU,mBACV,cAAeC,EACf,kBAAmBC,CAAA,CACpB,EAED,MAAMb,EAAU,MAAMD,EAAO,YAAY,CACvC,eAAgBe,EAChB,cAAeC,CAAA,CAChB,EAED,OAAO,IAAIjB,EAAmBC,EAAQC,CAAO,CAC/C"}

package/dist/server/providers/DatabricksProvider.js

@@ -0,0 +1,79 @@
+import { InvalidProviderConfigurationError as o } from "./exceptions.js";
+async function p() {
+  try {
+    return await import("@databricks/sql");
+  } catch {
+    throw new o(
+      "The '@databricks/sql' package is required to use the Databricks provider. Please install it: npm install @databricks/sql"
+    );
+  }
+}
+class w {
+  client;
+  session;
+  /**
+   * Initialize the Databricks data provider
+   *
+   * @param client - Databricks SQL client
+   * @param session - Databricks SQL session
+   */
+  constructor(e, s) {
+    this.client = e, this.session = s;
+  }
+  /**
+   * Query the Databricks database
+   *
+   * @param sqlQuery - SQL query to execute
+   * @param _params - Parameters to pass to the query (currently not used)
+   * @returns Promise resolving to array of row objects
+   */
+  async query(e, s = {}) {
+    const a = await this.session.executeStatement(e);
+    try {
+      return await a.fetchAll();
+    } finally {
+      await a.close();
+    }
+  }
+  /**
+   * Close the Databricks connection
+   */
+  async close() {
+    await this.session.close(), await this.client.close();
+  }
+}
+function _() {
+  return `${(process.env.ORG_SLUG ?? "").replace(/-/g, "_")}__tss__default`;
+}
+async function m(t) {
+  const { DBSQLClient: e } = await p(), s = [
+    "server_hostname",
+    "http_path",
+    "client_id",
+    "client_secret",
+    "catalog"
+  ];
+  for (const r of s)
+    if (!t.fields[r])
+      throw new o(
+        `Missing field '${r}' in the provider '${t.name}' to connect to Databricks.`
+      );
+  const a = t.fields.server_hostname, n = t.fields.http_path, c = t.fields.client_id, l = t.fields.client_secret, h = t.fields.catalog, d = t.fields.schema ?? _(), i = new e();
+  await i.connect({
+    host: a,
+    path: n,
+    authType: "databricks-oauth",
+    oauthClientId: c,
+    oauthClientSecret: l
+  });
+  const u = await i.openSession({
+    initialCatalog: h,
+    initialSchema: d
+  });
+  return new w(i, u);
+}
+export {
+  w as DatabricksProvider,
+  m as buildDatabricksProvider
+};
+//# sourceMappingURL=DatabricksProvider.js.map

package/dist/server/providers/DatabricksProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DatabricksProvider.js","sources":["../../../src/server/providers/DatabricksProvider.ts"],"sourcesContent":["/**\n * Databricks Data Provider\n *\n * TypeScript equivalent of DatabricksProvider from\n * ts-lib-ui-kit-streamlit/tetrascience/data_app_providers/provider.py\n *\n * @remarks\n * This provider requires the `@databricks/sql` package to be installed.\n * It is an optional peer dependency - install it only if you need Databricks support:\n * ```bash\n * npm install @databricks/sql\n * # or\n * yarn add @databricks/sql\n * ```\n */\n\nimport { InvalidProviderConfigurationError } from \"./exceptions\";\n\nimport type { ProviderConfiguration } from \"./types\";\n\n// Type imports for @databricks/sql (these don't require the package at runtime)\ntype DBSQLClient = import(\"@databricks/sql\").DBSQLClient;\ntype IDBSQLSession = import(\"@databricks/sql/dist/contracts/IDBSQLSession\").default;\n\n/**\n * Dynamically import @databricks/sql\n * @throws {InvalidProviderConfigurationError} If @databricks/sql is not installed\n */\nasync function getDatabricksSQL(): Promise<typeof import(\"@databricks/sql\")> {\n  try {\n    return await import(\"@databricks/sql\");\n  } catch {\n    throw new InvalidProviderConfigurationError(\n      \"The '@databricks/sql' package is required to use the Databricks provider. \" +\n        \"Please install it: npm install @databricks/sql\",\n    );\n  }\n}\n\n/**\n * Databricks data provider\n */\nexport class DatabricksProvider {\n  private client: DBSQLClient;\n  private session: IDBSQLSession;\n\n  /**\n   * Initialize the Databricks data provider\n   *\n   * @param client - Databricks SQL client\n   * @param session - Databricks SQL session\n   */\n  constructor(client: DBSQLClient, session: IDBSQLSession) {\n    this.client = client;\n    this.session = session;\n  }\n\n  /**\n   * Query the Databricks database\n   *\n   * @param sqlQuery - SQL query to execute\n   * @param _params - Parameters to pass to the query (currently not used)\n   * @returns Promise resolving to array of row objects\n   */\n  async query(\n    sqlQuery: string,\n    _params: Record<string, unknown> = {},\n  ): Promise<Array<Record<string, unknown>>> {\n    const operation = await this.session.executeStatement(sqlQuery);\n    try {\n      const result = await operation.fetchAll();\n      return result as Array<Record<string, unknown>>;\n    } finally {\n      // Always close the operation to avoid leaking server-side resources\n      await operation.close();\n    }\n  }\n\n  /**\n   * Close the Databricks connection\n   */\n  async close(): Promise<void> {\n    await this.session.close();\n    await this.client.close();\n  }\n}\n\n/**\n * Get the default Athena schema from environment\n */\nfunction getDefaultSchema(): string {\n  const orgSlug = process.env.ORG_SLUG ?? \"\";\n  const orgSlugDbFriendly = orgSlug.replace(/-/g, \"_\");\n  return `${orgSlugDbFriendly}__tss__default`;\n}\n\n/**\n * Build a Databricks data provider from the configuration\n *\n * @param config - Provider configuration\n * @returns Promise resolving to Databricks data provider\n * @throws {InvalidProviderConfigurationError} If @databricks/sql is not installed or config is invalid\n */\nexport async function buildDatabricksProvider(\n  config: ProviderConfiguration,\n): Promise<DatabricksProvider> {\n  // Dynamically import @databricks/sql\n  const { DBSQLClient } = await getDatabricksSQL();\n\n  const requiredFields = [\n    \"server_hostname\",\n    \"http_path\",\n    \"client_id\",\n    \"client_secret\",\n    \"catalog\",\n  ] as const;\n\n  for (const field of requiredFields) {\n    if (!config.fields[field]) {\n      throw new InvalidProviderConfigurationError(\n        `Missing field '${field}' in the provider '${config.name}' to connect to Databricks.`,\n      );\n    }\n  }\n\n  const serverHostname = config.fields[\"server_hostname\"]!;\n  const httpPath = config.fields[\"http_path\"]!;\n  const clientId = config.fields[\"client_id\"]!;\n  const clientSecret = config.fields[\"client_secret\"]!;\n  const catalog = config.fields[\"catalog\"]!;\n  const schema = config.fields[\"schema\"] ?? getDefaultSchema();\n\n  const client = new DBSQLClient();\n\n  await client.connect({\n    host: serverHostname,\n    path: httpPath,\n    authType: \"databricks-oauth\",\n    oauthClientId: clientId,\n    oauthClientSecret: clientSecret,\n  });\n\n  const session = await client.openSession({\n    initialCatalog: catalog,\n    initialSchema: schema,\n  });\n\n  return new DatabricksProvider(client, session);\n}\n\n"],"names":["getDatabricksSQL","InvalidProviderConfigurationError","DatabricksProvider","client","session","sqlQuery","_params","operation","getDefaultSchema","buildDatabricksProvider","config","DBSQLClient","requiredFields","field","serverHostname","httpPath","clientId","clientSecret","catalog","schema"],"mappings":";AA4BA,eAAeA,IAA8D;AAC3E,MAAI;AACF,WAAO,MAAM,OAAO,iBAAiB;AAAA,EACvC,QAAQ;AACN,UAAM,IAAIC;AAAA,MACR;AAAA,IAAA;AAAA,EAGJ;AACF;AAKO,MAAMC,EAAmB;AAAA,EACtB;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQR,YAAYC,GAAqBC,GAAwB;AACvD,SAAK,SAASD,GACd,KAAK,UAAUC;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,MACJC,GACAC,IAAmC,IACM;AACzC,UAAMC,IAAY,MAAM,KAAK,QAAQ,iBAAiBF,CAAQ;AAC9D,QAAI;AAEF,aADe,MAAME,EAAU,SAAA;AAAA,IAEjC,UAAA;AAEE,YAAMA,EAAU,MAAA;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAuB;AAC3B,UAAM,KAAK,QAAQ,MAAA,GACnB,MAAM,KAAK,OAAO,MAAA;AAAA,EACpB;AACF;AAKA,SAASC,IAA2B;AAGlC,SAAO,IAFS,QAAQ,IAAI,YAAY,IACN,QAAQ,MAAM,GAAG,CACxB;AAC7B;AASA,eAAsBC,EACpBC,GAC6B;AAE7B,QAAM,EAAE,aAAAC,MAAgB,MAAMX,EAAA,GAExBY,IAAiB;AAAA,IACrB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAGF,aAAWC,KAASD;AAClB,QAAI,CAACF,EAAO,OAAOG,CAAK;AACtB,YAAM,IAAIZ;AAAA,QACR,kBAAkBY,CAAK,sBAAsBH,EAAO,IAAI;AAAA,MAAA;AAK9D,QAAMI,IAAiBJ,EAAO,OAAO,iBAC/BK,IAAWL,EAAO,OAAO,WACzBM,IAAWN,EAAO,OAAO,WACzBO,IAAeP,EAAO,OAAO,eAC7BQ,IAAUR,EAAO,OAAO,SACxBS,IAAST,EAAO,OAAO,UAAaF,EAAA,GAEpCL,IAAS,IAAIQ,EAAA;AAEnB,QAAMR,EAAO,QAAQ;AAAA,IACnB,MAAMW;AAAA,IACN,MAAMC;AAAA,IACN,UAAU;AAAA,IACV,eAAeC;AAAA,IACf,mBAAmBC;AAAA,EAAA,CACpB;AAED,QAAMb,IAAU,MAAMD,EAAO,YAAY;AAAA,IACvC,gBAAgBe;AAAA,IAChB,eAAeC;AAAA,EAAA,CAChB;AAED,SAAO,IAAIjB,EAAmBC,GAAQC,CAAO;AAC/C;"}

package/dist/server/providers/SnowflakeProvider.cjs

@@ -0,0 +1,2 @@
+"use strict";var f=Object.create;var u=Object.defineProperty;var h=Object.getOwnPropertyDescriptor;var k=Object.getOwnPropertyNames;var m=Object.getPrototypeOf,S=Object.prototype.hasOwnProperty;var p=(e,n,o,s)=>{if(n&&typeof n=="object"||typeof n=="function")for(let t of k(n))!S.call(e,t)&&t!==o&&u(e,t,{get:()=>n[t],enumerable:!(s=h(n,t))||s.enumerable});return e};var v=(e,n,o)=>(o=e!=null?f(m(e)):{},p(n||!e||!e.__esModule?u(o,"default",{value:e,enumerable:!0}):o,e));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const a=require("./exceptions.cjs");async function y(){try{const e=await import("snowflake-sdk");return e.default||e}catch{throw new a.InvalidProviderConfigurationError("The 'snowflake-sdk' package is required to use the Snowflake provider. Please install it: npm install snowflake-sdk")}}class w{connection;constructor(n){this.connection=n}async query(n,o={}){const s=(Array.isArray(o),o);return new Promise((t,i)=>{this.connection.execute({sqlText:n,binds:s,complete:(c,l,r)=>{if(c){i(new a.QueryError(`Snowflake provider failed to query the database. Reason: ${c.message}`));return}t(r??[])}})})}async close(){return new Promise((n,o)=>{this.connection.destroy(s=>{if(s){o(s);return}n()})})}}async function P(e){const n=await y(),o=["user","password","account","warehouse","database","schema","role"];for(const t of o)if(!e.fields[t])throw new a.InvalidProviderConfigurationError(`Missing field '${t}' in the provider '${e.name}' to connect to Snowflake using password based authentication.`);const s={account:e.fields.account,username:e.fields.user,password:e.fields.password,warehouse:e.fields.warehouse,database:e.fields.database,schema:e.fields.schema,role:e.fields.role};return new Promise((t,i)=>{n.createConnection(s).connect((l,r)=>{if(l){i(new a.ProviderConnectionError(`Unable to connect to Snowflake. Reason: ${l.message}`));return}r.execute({sqlText:"ALTER SESSION SET TIMEZONE = 'UTC'",complete:d=>{d&&console.warn(`Warning: Failed to set timezone to UTC: ${d.message}`),t(new w(r))}})})})}exports.SnowflakeProvider=w;exports.buildSnowflakeProvider=P;
+//# sourceMappingURL=SnowflakeProvider.cjs.map

package/dist/server/providers/SnowflakeProvider.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"SnowflakeProvider.cjs","sources":["../../../src/server/providers/SnowflakeProvider.ts"],"sourcesContent":["/**\n * Snowflake Data Provider\n *\n * TypeScript equivalent of SnowflakeProvider from\n * ts-lib-ui-kit-streamlit/tetrascience/data_app_providers/provider.py\n *\n * @remarks\n * This provider requires the `snowflake-sdk` package to be installed.\n * It is an optional peer dependency - install it only if you need Snowflake support:\n * ```bash\n * npm install snowflake-sdk\n * # or\n * yarn add snowflake-sdk\n * ```\n */\n\nimport {\n  QueryError,\n  ProviderConnectionError,\n  InvalidProviderConfigurationError,\n} from \"./exceptions\";\n\nimport type { ProviderConfiguration } from \"./types\";\n\n// Type imports for snowflake-sdk (these don't require the package at runtime)\ntype SnowflakeSDK = typeof import(\"snowflake-sdk\");\ntype SnowflakeConnection = import(\"snowflake-sdk\").Connection;\ntype SnowflakeBinds = import(\"snowflake-sdk\").Binds;\ntype SnowflakeError = import(\"snowflake-sdk\").SnowflakeError;\ntype SnowflakeConnectionOptions = import(\"snowflake-sdk\").ConnectionOptions;\ntype SnowflakeRowStatement = import(\"snowflake-sdk\").RowStatement;\ntype SnowflakeFileAndStageBindStatement =\n  import(\"snowflake-sdk\").FileAndStageBindStatement;\n\n/**\n * Dynamically import snowflake-sdk\n * @throws {InvalidProviderConfigurationError} If snowflake-sdk is not installed\n */\nasync function getSnowflakeSDK(): Promise<SnowflakeSDK> {\n  try {\n    const snowflake = await import(\"snowflake-sdk\");\n    return snowflake.default || snowflake;\n  } catch {\n    throw new InvalidProviderConfigurationError(\n      \"The 'snowflake-sdk' package is required to use the Snowflake provider. \" +\n        \"Please install it: npm install snowflake-sdk\",\n    );\n  }\n}\n\n/**\n * Snowflake data provider\n */\nexport class SnowflakeProvider {\n  private connection: SnowflakeConnection;\n\n  /**\n   * Initialize the Snowflake data provider\n   *\n   * @param connection - Snowflake connection\n   */\n  constructor(connection: SnowflakeConnection) {\n    this.connection = connection;\n  }\n\n  /**\n   * Query the Snowflake database\n   *\n   * @param sqlText - SQL query to execute\n   * @param params - Parameters to pass to the query. For positional binds, use an array.\n   *                 For named binds, use an object with keys matching the bind variable names.\n   * @returns Promise resolving to array of row objects\n   */\n  async query(\n    sqlText: string,\n    params: Record<string, unknown> | unknown[] = {},\n  ): Promise<Array<Record<string, unknown>>> {\n    // Snowflake SDK supports both positional binds (array) and named binds (object)\n    // Pass params directly to preserve named bind semantics\n    const binds = Array.isArray(params)\n      ? (params as unknown as SnowflakeBinds)\n      : (params as unknown as SnowflakeBinds);\n\n    return new Promise((resolve, reject) => {\n      this.connection.execute({\n        sqlText,\n        binds,\n        complete: (\n          err: SnowflakeError | undefined,\n          _stmt: SnowflakeRowStatement | SnowflakeFileAndStageBindStatement,\n          rows?: Array<Record<string, unknown>>,\n        ) => {\n          if (err) {\n            reject(\n              new QueryError(\n                `Snowflake provider failed to query the database. Reason: ${err.message}`,\n              ),\n            );\n            return;\n          }\n          resolve(rows ?? []);\n        },\n      });\n    });\n  }\n\n  /**\n   * Close the Snowflake connection\n   */\n  async close(): Promise<void> {\n    return new Promise((resolve, reject) => {\n      this.connection.destroy((err: SnowflakeError | undefined) => {\n        if (err) {\n          reject(err);\n          return;\n        }\n        resolve();\n      });\n    });\n  }\n}\n\n/**\n * Build a Snowflake data provider from the configuration\n *\n * @param config - Provider configuration\n * @returns Promise resolving to Snowflake data provider\n * @throws {InvalidProviderConfigurationError} If snowflake-sdk is not installed or config is invalid\n */\nexport async function buildSnowflakeProvider(\n  config: ProviderConfiguration,\n): Promise<SnowflakeProvider> {\n  // Dynamically import snowflake-sdk\n  const snowflake = await getSnowflakeSDK();\n\n  const requiredFields = [\n    \"user\",\n    \"password\",\n    \"account\",\n    \"warehouse\",\n    \"database\",\n    \"schema\",\n    \"role\",\n  ] as const;\n\n  for (const field of requiredFields) {\n    if (!config.fields[field]) {\n      throw new InvalidProviderConfigurationError(\n        `Missing field '${field}' in the provider '${config.name}' to connect to Snowflake ` +\n          \"using password based authentication.\",\n      );\n    }\n  }\n\n  const connectionOptions: SnowflakeConnectionOptions = {\n    account: config.fields[\"account\"]!,\n    username: config.fields[\"user\"]!,\n    password: config.fields[\"password\"]!,\n    warehouse: config.fields[\"warehouse\"]!,\n    database: config.fields[\"database\"]!,\n    schema: config.fields[\"schema\"]!,\n    role: config.fields[\"role\"]!,\n  };\n\n  return new Promise((resolve, reject) => {\n    const connection = snowflake.createConnection(connectionOptions);\n\n    connection.connect(\n      (err: SnowflakeError | undefined, conn: SnowflakeConnection) => {\n        if (err) {\n          reject(\n            new ProviderConnectionError(\n              `Unable to connect to Snowflake. Reason: ${err.message}`,\n            ),\n          );\n          return;\n        }\n\n        // Set timezone to UTC after connection.\n        // The default timezone is America/Los_Angeles. Timestamps from delta tables will be\n        // returned with the timezone `timezone`. NOTE, this is not a timezone conversion.\n        // The timezone is replaced without translating the clock time. `timezone` is set UTC\n        // to match the timezone of delta table timestamps.\n        conn.execute({\n          sqlText: \"ALTER SESSION SET TIMEZONE = 'UTC'\",\n          complete: (tzErr: SnowflakeError | undefined) => {\n            if (tzErr) {\n              // Log warning but don't fail - timezone setting is not critical\n              console.warn(\n                `Warning: Failed to set timezone to UTC: ${tzErr.message}`,\n              );\n            }\n            resolve(new SnowflakeProvider(conn));\n          },\n        });\n      },\n    );\n  });\n}\n\n"],"names":["getSnowflakeSDK","snowflake","InvalidProviderConfigurationError","SnowflakeProvider","connection","sqlText","params","binds","resolve","reject","err","_stmt","rows","QueryError","buildSnowflakeProvider","config","requiredFields","field","connectionOptions","conn","ProviderConnectionError","tzErr"],"mappings":"+jBAsCA,eAAeA,GAAyC,CACtD,GAAI,CACF,MAAMC,EAAY,KAAM,QAAO,eAAe,EAC9C,OAAOA,EAAU,SAAWA,CAC9B,MAAQ,CACN,MAAM,IAAIC,EAAAA,kCACR,qHAAA,CAGJ,CACF,CAKO,MAAMC,CAAkB,CACrB,WAOR,YAAYC,EAAiC,CAC3C,KAAK,WAAaA,CACpB,CAUA,MAAM,MACJC,EACAC,EAA8C,GACL,CAGzC,MAAMC,GAAQ,MAAM,QAAQD,CAAM,EAC7BA,GAGL,OAAO,IAAI,QAAQ,CAACE,EAASC,IAAW,CACtC,KAAK,WAAW,QAAQ,CACtB,QAAAJ,EACA,MAAAE,EACA,SAAU,CACRG,EACAC,EACAC,IACG,CACH,GAAIF,EAAK,CACPD,EACE,IAAII,EAAAA,WACF,4DAA4DH,EAAI,OAAO,EAAA,CACzE,EAEF,MACF,CACAF,EAAQI,GAAQ,EAAE,CACpB,CAAA,CACD,CACH,CAAC,CACH,CAKA,MAAM,OAAuB,CAC3B,OAAO,IAAI,QAAQ,CAACJ,EAASC,IAAW,CACtC,KAAK,WAAW,QAASC,GAAoC,CAC3D,GAAIA,EAAK,CACPD,EAAOC,CAAG,EACV,MACF,CACAF,EAAA,CACF,CAAC,CACH,CAAC,CACH,CACF,CASA,eAAsBM,EACpBC,EAC4B,CAE5B,MAAMd,EAAY,MAAMD,EAAA,EAElBgB,EAAiB,CACrB,OACA,WACA,UACA,YACA,WACA,SACA,MAAA,EAGF,UAAWC,KAASD,EAClB,GAAI,CAACD,EAAO,OAAOE,CAAK,EACtB,MAAM,IAAIf,EAAAA,kCACR,kBAAkBe,CAAK,sBAAsBF,EAAO,IAAI,gEAAA,EAM9D,MAAMG,EAAgD,CACpD,QAASH,EAAO,OAAO,QACvB,SAAUA,EAAO,OAAO,KACxB,SAAUA,EAAO,OAAO,SACxB,UAAWA,EAAO,OAAO,UACzB,SAAUA,EAAO,OAAO,SACxB,OAAQA,EAAO,OAAO,OACtB,KAAMA,EAAO,OAAO,IAAM,EAG5B,OAAO,IAAI,QAAQ,CAACP,EAASC,IAAW,CACnBR,EAAU,iBAAiBiB,CAAiB,EAEpD,QACT,CAACR,EAAiCS,IAA8B,CAC9D,GAAIT,EAAK,CACPD,EACE,IAAIW,EAAAA,wBACF,2CAA2CV,EAAI,OAAO,EAAA,CACxD,EAEF,MACF,CAOAS,EAAK,QAAQ,CACX,QAAS,qCACT,SAAWE,GAAsC,CAC3CA,GAEF,QAAQ,KACN,2CAA2CA,EAAM,OAAO,EAAA,EAG5Db,EAAQ,IAAIL,EAAkBgB,CAAI,CAAC,CACrC,CAAA,CACD,CACH,CAAA,CAEJ,CAAC,CACH"}