agent-sql 0.2.0 → 0.2.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Chris Arderne
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -12,6 +12,8 @@ It ensures that that the needed tenant table is somewhere in the query,
 and adds a `WHERE` clause ensuring that only values from the supplied ID are returned.
 Then it checks that the tables and `JOIN`s follow the schema, preventing sneaky joins.
 
+Function calls also go through a whitelist (configurable).
+
 Finally, we throw in a `LIMIT` clause (configurable) to prevent accidental LLM denial-of-service.
 
 Apparently this is how [Trigger.dev does it](https://x.com/mattaitken/status/2033928542975639785).
@@ -55,17 +57,14 @@ import { db } from "@/db";
 // Only the tables listed will be permitted
 // Joins can only use the FKs defined here
 const schema = defineSchema({
-  user: { id },
-  msg: { userId: { user: "id" } },
+  user: { id: null },
+  msg: { userId: { ft: "user", fc: "id" } },
 });
 
 function makeSqlTool(userId: string) {
   // Create a sanitiser function for this tenant
-  const agentSql = createAgentSql({
-    column: "user.id",
-    value: userId,
-    schema,
-  });
+  // Specify one or more column->value pairs that will be enforced
+  const agentSql = createAgentSql(schema, { "user.id": userId });
 
   return tool({
     description: "Run raw SQL against the DB",
@@ -95,11 +94,7 @@ import * as drizzleSchema from "@/db/schema";
 const schema = defineSchemaFromDrizzle(drizzleSchema);
 
 // The rest as before...
-const agentSql = createAgentSql({
-  column: "user.id",
-  value: userId,
-  schema,
-});
+const agentSql = createAgentSql(schema, { "user.id": userId });
 ```
 
 You can also exclude tables if you don't want agents to see them:

package/dist/index.d.mts

@@ -1,5 +1,8 @@
 import { i as SelectStatement, n as defineSchema, r as Result, t as Schema } from "./joins-Cu_0yAgN.mjs";
 
+//#region src/functions.d.ts
+type DbType = "postgres" | "pglite" | "sqlite";
+//#endregion
 //#region src/guard.d.ts
 type GuardVal = string | number;
 interface GuardCol {
@@ -10,10 +13,9 @@ interface GuardCol {
 type WhereGuard = GuardCol & {
   value: GuardVal;
 };
-declare function addGuards(ast: SelectStatement, guard: WhereGuard, limit?: number): Result<SelectStatement>;
-//#endregion
-//#region src/namespec.d.ts
 type OneOrTwoDots<S extends string> = S extends `${infer A}.${infer B}.${infer C}` ? A extends `${string}.${string}` ? never : B extends `${string}.${string}` ? never : C extends `${string}.${string}` ? never : S : S extends `${infer A}.${infer B}` ? A extends `${string}.${string}` ? never : B extends `${string}.${string}` ? never : S : never;
+type SchemaGuardKeys<T> = { [Table in keyof T & string]: `${Table}.${keyof T[Table] & string}` }[keyof T & string];
+declare function applyGuards(ast: SelectStatement, guards: WhereGuard[], limit?: number): Result<SelectStatement>;
 //#endregion
 //#region src/output.d.ts
 declare function outputSql(ast: SelectStatement): string;
@@ -24,38 +26,26 @@ declare function parseSql(expr: string): Result<SelectStatement>;
 //#region src/index.d.ts
 declare function agentSql<S extends string>(sql: string, column: S & OneOrTwoDots<S>, value: GuardVal, {
   schema,
-  limit
+  limit,
+  db,
+  allowExtraFunctions
 }?: {
   schema?: Schema;
   limit?: number;
+  db?: DbType;
+  allowExtraFunctions?: string[];
 }): string;
-declare function createAgentSql<S extends string>(_: {
-  column: S & OneOrTwoDots<S>;
-  value: GuardVal;
-  schema?: Schema;
+declare function createAgentSql<T extends Schema, S extends SchemaGuardKeys<T>>(schema: T, guards: Record<S, GuardVal>, opts: {
   limit?: number;
   throws: false;
+  db?: DbType;
+  allowExtraFunctions?: string[];
 }): (expr: string) => Result<string>;
-declare function createAgentSql<S extends string>(_: {
-  column: S & OneOrTwoDots<S>;
-  value: GuardVal;
-  schema?: Schema;
+declare function createAgentSql<T extends Schema, S extends SchemaGuardKeys<T>>(schema: T, guards: Record<S, GuardVal>, opts?: {
   limit?: number;
   throws?: true;
+  db?: DbType;
+  allowExtraFunctions?: string[];
 }): (expr: string) => string;
-declare function createAgentSql<S extends string>(_: {
-  column: S & OneOrTwoDots<S>;
-  value?: undefined;
-  schema?: Schema;
-  limit?: number;
-  throws: false;
-}): (guardVal: GuardVal) => (expr: string) => Result<string>;
-declare function createAgentSql<S extends string>(_: {
-  column: S & OneOrTwoDots<S>;
-  value?: undefined;
-  schema?: Schema;
-  limit?: number;
-  throws?: true;
-}): (guardVal: GuardVal) => (expr: string) => string;
 //#endregion
-export { agentSql, createAgentSql, defineSchema, outputSql, parseSql, addGuards as sanitiseSql };
+export { type DbType, agentSql, createAgentSql, defineSchema, outputSql, parseSql, applyGuards as sanitiseSql };

package/dist/index.mjs

@@ -10,6 +10,769 @@ var AgentSqlError = class extends Error {
 	type = "agent_sql_error";
 };
 //#endregion
+//#region src/result.ts
+function Err(error) {
+	return {
+		ok: false,
+		error,
+		unwrap() {
+			throw new Error(String(error));
+		}
+	};
+}
+function Ok(data) {
+	return {
+		ok: true,
+		data,
+		unwrap() {
+			return data;
+		}
+	};
+}
+function returnOrThrow(result, throws) {
+	if (!throws) return result;
+	if (result.ok) return result.data;
+	throw result.error;
+}
+//#endregion
+//#region src/functions.ts
+const COMMON_FUNCTIONS = [
+	"count",
+	"sum",
+	"avg",
+	"min",
+	"max",
+	"coalesce",
+	"nullif",
+	"greatest",
+	"least",
+	"lower",
+	"upper",
+	"trim",
+	"ltrim",
+	"rtrim",
+	"length",
+	"replace",
+	"substr",
+	"substring",
+	"concat",
+	"reverse",
+	"repeat",
+	"position",
+	"left",
+	"right",
+	"lpad",
+	"rpad",
+	"translate",
+	"char_length",
+	"character_length",
+	"octet_length",
+	"overlay",
+	"ascii",
+	"chr",
+	"starts_with",
+	"abs",
+	"ceil",
+	"ceiling",
+	"floor",
+	"round",
+	"trunc",
+	"truncate",
+	"mod",
+	"power",
+	"sqrt",
+	"cbrt",
+	"log",
+	"ln",
+	"exp",
+	"sign",
+	"random",
+	"pi",
+	"degrees",
+	"radians",
+	"div",
+	"gcd",
+	"lcm",
+	"cast"
+];
+const PGVECTOR_FUNCTIONS = [
+	"l2_distance",
+	"inner_product",
+	"cosine_distance",
+	"l1_distance",
+	"vector_dims",
+	"vector_norm",
+	"l2_normalize",
+	"binary_quantize",
+	"subvector",
+	"vector_avg"
+];
+const POSTGIS_FUNCTIONS = [
+	"st_geomfromtext",
+	"st_geomfromwkb",
+	"st_geomfromewkt",
+	"st_geomfromewkb",
+	"st_geomfromgeojson",
+	"st_geogfromtext",
+	"st_geogfromwkb",
+	"st_makepoint",
+	"st_makepoint",
+	"st_makepointm",
+	"st_makeenvelope",
+	"st_makeline",
+	"st_makepolygon",
+	"st_makebox2d",
+	"st_point",
+	"st_pointz",
+	"st_pointm",
+	"st_pointzm",
+	"st_polygon",
+	"st_linefrommultipoint",
+	"st_tileenvelope",
+	"st_hexagongrid",
+	"st_squaregrid",
+	"st_letters",
+	"st_collect",
+	"st_linemerge",
+	"st_buildarea",
+	"st_polygonize",
+	"st_unaryunion",
+	"st_astext",
+	"st_asewkt",
+	"st_asbinary",
+	"st_asewkb",
+	"st_asgeojson",
+	"st_asgml",
+	"st_askml",
+	"st_assvg",
+	"st_astwkb",
+	"st_asmvtgeom",
+	"st_asmvt",
+	"st_asencodedpolyline",
+	"st_ashexewkb",
+	"st_aslatlontext",
+	"st_x",
+	"st_y",
+	"st_z",
+	"st_m",
+	"st_geometrytype",
+	"st_srid",
+	"st_dimension",
+	"st_coorddim",
+	"st_numgeometries",
+	"st_numpoints",
+	"st_npoints",
+	"st_nrings",
+	"st_numinteriorrings",
+	"st_numinteriorring",
+	"st_exteriorring",
+	"st_interiorringn",
+	"st_geometryn",
+	"st_pointn",
+	"st_startpoint",
+	"st_endpoint",
+	"st_envelope",
+	"st_boundingdiagonal",
+	"st_xmin",
+	"st_xmax",
+	"st_ymin",
+	"st_ymax",
+	"st_zmin",
+	"st_zmax",
+	"st_isempty",
+	"st_isclosed",
+	"st_isring",
+	"st_issimple",
+	"st_isvalid",
+	"st_isvalidreason",
+	"st_isvaliddetail",
+	"st_hasm",
+	"st_hasz",
+	"st_ismeasured",
+	"st_intersects",
+	"st_disjoint",
+	"st_contains",
+	"st_within",
+	"st_covers",
+	"st_coveredby",
+	"st_crosses",
+	"st_overlaps",
+	"st_touches",
+	"st_equals",
+	"st_relate",
+	"st_containsproperly",
+	"st_dwithin",
+	"st_3dintersects",
+	"st_3ddwithin",
+	"st_orderingequals",
+	"st_distance",
+	"st_3ddistance",
+	"st_maxdistance",
+	"st_area",
+	"st_length",
+	"st_length2d",
+	"st_3dlength",
+	"st_perimeter",
+	"st_azimuth",
+	"st_angle",
+	"st_hausdorffdistance",
+	"st_frechetdistance",
+	"st_longestline",
+	"st_shortestline",
+	"st_transform",
+	"st_setsrid",
+	"st_force2d",
+	"st_force3d",
+	"st_force3dz",
+	"st_force3dm",
+	"st_force4d",
+	"st_forcecollection",
+	"st_forcepolygoncw",
+	"st_forcepolygonccw",
+	"st_forcecurve",
+	"st_forcesfs",
+	"st_multi",
+	"st_normalize",
+	"st_flipcoordinates",
+	"st_translate",
+	"st_scale",
+	"st_rotate",
+	"st_rotatex",
+	"st_rotatey",
+	"st_rotatez",
+	"st_affine",
+	"st_transscale",
+	"st_snap",
+	"st_snaptogrid",
+	"st_segmentize",
+	"st_simplify",
+	"st_simplifypreservetopology",
+	"st_simplifyvw",
+	"st_chaikinsmoothing",
+	"st_seteffectivearea",
+	"st_filterbym",
+	"st_locatebetween",
+	"st_locatebetweenelevations",
+	"st_offsetcurve",
+	"st_intersection",
+	"st_union",
+	"st_difference",
+	"st_symdifference",
+	"st_buffer",
+	"st_convexhull",
+	"st_concavehull",
+	"st_minimumboundingcircle",
+	"st_minimumboundingradius",
+	"st_orientedenvelope",
+	"st_centroid",
+	"st_pointonsurface",
+	"st_geometricmedian",
+	"st_voronoipolygons",
+	"st_voronoilines",
+	"st_delaunaytriangles",
+	"st_subdivide",
+	"st_split",
+	"st_sharedpaths",
+	"st_node",
+	"st_clusterdbscan",
+	"st_clusterkmeans",
+	"st_clusterintersecting",
+	"st_clusterwithin",
+	"st_makevalid",
+	"st_lineinterpolatepoint",
+	"st_lineinterpolatepoints",
+	"st_linelocatepoint",
+	"st_linesubstring",
+	"st_addmeasure",
+	"st_closestpoint",
+	"st_linefromencodedpolyline",
+	"box2d",
+	"box3d",
+	"st_expand",
+	"st_estimatedextent",
+	"st_extent",
+	"st_3dextent",
+	"st_memsize",
+	"st_distancesphere",
+	"st_distancespheroid",
+	"st_project",
+	"st_memunion",
+	"st_polygonize",
+	"st_nband",
+	"st_numbands",
+	"st_summary",
+	"st_dump",
+	"st_dumppoints",
+	"st_dumprings",
+	"postgis_version",
+	"postgis_full_version",
+	"postgis_geos_version",
+	"postgis_proj_version",
+	"postgis_lib_version",
+	"postgis_scripts_installed",
+	"postgis_scripts_released",
+	"postgis_type_name",
+	"populate_geometry_columns",
+	"find_srid",
+	"updategeometrysrid",
+	"addgeometrycolumn",
+	"dropgeometrycolumn",
+	"geography",
+	"geometry"
+];
+const POSTGRES_FUNCTIONS = [
+	...COMMON_FUNCTIONS,
+	"array_agg",
+	"string_agg",
+	"json_agg",
+	"jsonb_agg",
+	"json_object_agg",
+	"jsonb_object_agg",
+	"bool_and",
+	"bool_or",
+	"every",
+	"bit_and",
+	"bit_or",
+	"bit_xor",
+	"corr",
+	"covar_pop",
+	"covar_samp",
+	"regr_avgx",
+	"regr_avgy",
+	"regr_count",
+	"regr_intercept",
+	"regr_r2",
+	"regr_slope",
+	"regr_sxx",
+	"regr_sxy",
+	"regr_syy",
+	"stddev",
+	"stddev_pop",
+	"stddev_samp",
+	"variance",
+	"var_pop",
+	"var_samp",
+	"percentile_cont",
+	"percentile_disc",
+	"mode",
+	"rank",
+	"dense_rank",
+	"percent_rank",
+	"cume_dist",
+	"ntile",
+	"lag",
+	"lead",
+	"first_value",
+	"last_value",
+	"nth_value",
+	"row_number",
+	"initcap",
+	"strpos",
+	"encode",
+	"decode",
+	"md5",
+	"sha256",
+	"sha224",
+	"sha384",
+	"sha512",
+	"format",
+	"concat_ws",
+	"regexp_replace",
+	"regexp_match",
+	"regexp_matches",
+	"regexp_split_to_array",
+	"regexp_split_to_table",
+	"split_part",
+	"btrim",
+	"bit_length",
+	"quote_ident",
+	"quote_literal",
+	"quote_nullable",
+	"to_hex",
+	"convert",
+	"convert_from",
+	"convert_to",
+	"string_to_array",
+	"array_to_string",
+	"now",
+	"current_timestamp",
+	"current_date",
+	"current_time",
+	"localtime",
+	"localtimestamp",
+	"clock_timestamp",
+	"statement_timestamp",
+	"transaction_timestamp",
+	"timeofday",
+	"date_trunc",
+	"date_part",
+	"extract",
+	"age",
+	"to_char",
+	"to_date",
+	"to_timestamp",
+	"to_number",
+	"make_date",
+	"make_time",
+	"make_timestamp",
+	"make_timestamptz",
+	"make_interval",
+	"justify_days",
+	"justify_hours",
+	"justify_interval",
+	"isfinite",
+	"json_extract_path",
+	"json_extract_path_text",
+	"jsonb_extract_path",
+	"jsonb_extract_path_text",
+	"json_array_length",
+	"jsonb_array_length",
+	"json_typeof",
+	"jsonb_typeof",
+	"json_build_object",
+	"jsonb_build_object",
+	"json_build_array",
+	"jsonb_build_array",
+	"to_json",
+	"to_jsonb",
+	"row_to_json",
+	"json_each",
+	"json_each_text",
+	"jsonb_each",
+	"jsonb_each_text",
+	"json_object_keys",
+	"jsonb_object_keys",
+	"json_populate_record",
+	"jsonb_populate_record",
+	"json_populate_recordset",
+	"jsonb_populate_recordset",
+	"json_to_record",
+	"jsonb_to_record",
+	"json_to_recordset",
+	"jsonb_to_recordset",
+	"json_array_elements",
+	"jsonb_array_elements",
+	"json_array_elements_text",
+	"jsonb_array_elements_text",
+	"jsonb_set",
+	"jsonb_set_lax",
+	"jsonb_insert",
+	"jsonb_path_query",
+	"jsonb_path_query_array",
+	"jsonb_path_query_first",
+	"jsonb_path_exists",
+	"jsonb_path_match",
+	"jsonb_strip_nulls",
+	"jsonb_pretty",
+	"json_strip_nulls",
+	"to_tsvector",
+	"to_tsquery",
+	"plainto_tsquery",
+	"phraseto_tsquery",
+	"websearch_to_tsquery",
+	"ts_rank",
+	"ts_rank_cd",
+	"ts_headline",
+	"tsvector_to_array",
+	"array_to_tsvector",
+	"numnode",
+	"querytree",
+	"ts_rewrite",
+	"setweight",
+	"strip",
+	"ts_debug",
+	"ts_lexize",
+	"ts_parse",
+	"ts_token_type",
+	"get_current_ts_config",
+	"array_append",
+	"array_cat",
+	"array_dims",
+	"array_fill",
+	"array_length",
+	"array_lower",
+	"array_ndims",
+	"array_position",
+	"array_positions",
+	"array_prepend",
+	"array_remove",
+	"array_replace",
+	"array_upper",
+	"cardinality",
+	"unnest",
+	"generate_subscripts",
+	"lower",
+	"upper",
+	"isempty",
+	"lower_inc",
+	"lower_inf",
+	"upper_inc",
+	"upper_inf",
+	"range_merge",
+	"generate_series",
+	"pg_typeof",
+	"current_setting",
+	"current_database",
+	"current_schema",
+	"current_schemas",
+	"current_user",
+	"session_user",
+	"inet_client_addr",
+	"inet_client_port",
+	"version",
+	"obj_description",
+	"col_description",
+	"shobj_description",
+	"has_table_privilege",
+	"has_column_privilege",
+	"has_schema_privilege",
+	"txid_current",
+	"txid_current_snapshot",
+	"area",
+	"center",
+	"diameter",
+	"height",
+	"width",
+	"isclosed",
+	"isopen",
+	"npoints",
+	"pclose",
+	"popen",
+	"radius",
+	"abbrev",
+	"broadcast",
+	"family",
+	"host",
+	"hostmask",
+	"masklen",
+	"netmask",
+	"network",
+	"set_masklen",
+	"inet_merge",
+	"inet_same_family",
+	"gen_random_uuid",
+	"uuid_generate_v1",
+	"uuid_generate_v4",
+	...PGVECTOR_FUNCTIONS,
+	...POSTGIS_FUNCTIONS
+];
+const SQLITE_FUNCTIONS = [
+	...COMMON_FUNCTIONS,
+	"group_concat",
+	"total",
+	"char",
+	"format",
+	"glob",
+	"hex",
+	"unhex",
+	"instr",
+	"like",
+	"ltrim",
+	"rtrim",
+	"trim",
+	"printf",
+	"quote",
+	"soundex",
+	"unicode",
+	"zeroblob",
+	"acos",
+	"acosh",
+	"asin",
+	"asinh",
+	"atan",
+	"atan2",
+	"atanh",
+	"cos",
+	"cosh",
+	"sin",
+	"sinh",
+	"tan",
+	"tanh",
+	"date",
+	"time",
+	"datetime",
+	"julianday",
+	"unixepoch",
+	"strftime",
+	"timediff",
+	"typeof",
+	"type",
+	"last_insert_rowid",
+	"changes",
+	"total_changes",
+	"sqlite_version",
+	"json",
+	"json_array",
+	"json_array_length",
+	"json_extract",
+	"json_insert",
+	"json_object",
+	"json_patch",
+	"json_remove",
+	"json_replace",
+	"json_set",
+	"json_type",
+	"json_valid",
+	"json_quote",
+	"json_group_array",
+	"json_group_object",
+	"json_each",
+	"json_tree",
+	"iif",
+	"ifnull",
+	"likely",
+	"unlikely",
+	"max",
+	"min",
+	"nullif",
+	"randomblob",
+	"row_number",
+	"rank",
+	"dense_rank",
+	"percent_rank",
+	"cume_dist",
+	"ntile",
+	"lag",
+	"lead",
+	"first_value",
+	"last_value",
+	"nth_value"
+];
+function checkFunctions(ast, db, allowExtraFunctions) {
+	const bad = findDisallowedFunction(ast, buildAllowedSet(db, allowExtraFunctions));
+	if (bad !== null) return Err(new SanitiseError(`Function '${bad}' is not allowed`));
+	return Ok(ast);
+}
+function buildSet(list) {
+	return new Set(list.map((f) => f.toLowerCase()));
+}
+const PG_SET = buildSet(POSTGRES_FUNCTIONS);
+const SQLITE_SET = buildSet(SQLITE_FUNCTIONS);
+function getAllowedFunctions(db) {
+	return db === "sqlite" ? SQLITE_SET : PG_SET;
+}
+function buildAllowedSet(db, extra) {
+	const base = getAllowedFunctions(db);
+	if (extra.length === 0) return base;
+	const merged = new Set(base);
+	for (const f of extra) merged.add(f.toLowerCase());
+	return merged;
+}
+function findDisallowedFunction(ast, allowed) {
+	for (const col of ast.columns) if (col.expr.kind === "expr" && col.expr.expr) {
+		const bad = checkWhereValue(col.expr.expr, allowed);
+		if (bad) return bad;
+	}
+	if (ast.distinct && ast.distinct.type === "distinct_on") for (const val of ast.distinct.columns) {
+		const bad = checkWhereValue(val, allowed);
+		if (bad) return bad;
+	}
+	for (const join of ast.joins) if (join.condition && join.condition.type === "join_on") {
+		const bad = checkWhereExpr(join.condition.expr, allowed);
+		if (bad) return bad;
+	}
+	if (ast.where) {
+		const bad = checkWhereExpr(ast.where.inner, allowed);
+		if (bad) return bad;
+	}
+	if (ast.groupBy) for (const item of ast.groupBy.items) {
+		const bad = checkWhereValue(item, allowed);
+		if (bad) return bad;
+	}
+	if (ast.having) {
+		const bad = checkWhereExpr(ast.having.expr, allowed);
+		if (bad) return bad;
+	}
+	if (ast.orderBy) for (const item of ast.orderBy.items) {
+		const bad = checkWhereValue(item.expr, allowed);
+		if (bad) return bad;
+	}
+	return null;
+}
+function checkFuncCall(func, allowed) {
+	if (!allowed.has(func.name.toLowerCase())) return func.name;
+	if (func.args.kind === "args") for (const arg of func.args.args) {
+		const bad = checkWhereValue(arg, allowed);
+		if (bad) return bad;
+	}
+	return null;
+}
+function checkWhereValue(val, allowed) {
+	switch (val.type) {
+		case "where_value":
+			if (val.kind === "func_call") return checkFuncCall(val.func, allowed);
+			return null;
+		case "where_arith":
+		case "where_jsonb_op":
+		case "where_pgvector_op": {
+			const l = checkWhereValue(val.left, allowed);
+			if (l) return l;
+			return checkWhereValue(val.right, allowed);
+		}
+		case "where_unary_minus": return checkWhereValue(val.expr, allowed);
+		case "case_expr":
+			if (val.subject) {
+				const s = checkWhereValue(val.subject, allowed);
+				if (s) return s;
+			}
+			for (const w of val.whens) {
+				const c = checkWhereValue(w.condition, allowed);
+				if (c) return c;
+				const r = checkWhereValue(w.result, allowed);
+				if (r) return r;
+			}
+			if (val.else) return checkWhereValue(val.else, allowed);
+			return null;
+		case "cast_expr": return checkWhereValue(val.expr, allowed);
+		default: return null;
+	}
+}
+function checkWhereExpr(expr, allowed) {
+	switch (expr.type) {
+		case "where_and":
+		case "where_or": {
+			const l = checkWhereExpr(expr.left, allowed);
+			if (l) return l;
+			return checkWhereExpr(expr.right, allowed);
+		}
+		case "where_not": return checkWhereExpr(expr.expr, allowed);
+		case "where_comparison": {
+			const l = checkWhereValue(expr.left, allowed);
+			if (l) return l;
+			return checkWhereValue(expr.right, allowed);
+		}
+		case "where_is_null": return checkWhereValue(expr.expr, allowed);
+		case "where_is_bool": return checkWhereValue(expr.expr, allowed);
+		case "where_between": {
+			const e = checkWhereValue(expr.expr, allowed);
+			if (e) return e;
+			const lo = checkWhereValue(expr.low, allowed);
+			if (lo) return lo;
+			return checkWhereValue(expr.high, allowed);
+		}
+		case "where_in": {
+			const e = checkWhereValue(expr.expr, allowed);
+			if (e) return e;
+			for (const item of expr.list) {
+				const bad = checkWhereValue(item, allowed);
+				if (bad) return bad;
+			}
+			return null;
+		}
+		case "where_like": {
+			const e = checkWhereValue(expr.expr, allowed);
+			if (e) return e;
+			return checkWhereValue(expr.pattern, allowed);
+		}
+		case "where_ts_match": {
+			const l = checkWhereValue(expr.left, allowed);
+			if (l) return l;
+			return checkWhereValue(expr.right, allowed);
+		}
+		default: return null;
+	}
+}
+//#endregion
 //#region src/utils.ts
 function unreachable(x) {
 	throw new Error(`Unhandled variant: ${JSON.stringify(x)}`);
@@ -220,81 +983,88 @@ function handleColumnExpr(node) {
 	}
 }
 //#endregion
-//#region src/result.ts
-function Err(error) {
-	return {
-		ok: false,
-		error,
-		unwrap() {
-			throw new Error(String(error));
-		}
-	};
-}
-function Ok(data) {
-	return {
-		ok: true,
-		data,
-		unwrap() {
-			return data;
-		}
-	};
-}
-function returnOrThrow(result, throws) {
-	if (!throws) return result;
-	if (result.ok) return result.data;
-	throw result.error;
-}
-//#endregion
 //#region src/guard.ts
 const DEFAULT_LIMIT = 1e4;
-function addGuards(ast, guard, limit = DEFAULT_LIMIT) {
-	const ast2 = addWhereGuard(ast, guard);
+function applyGuards(ast, guards, limit = DEFAULT_LIMIT) {
+	const ast2 = addWhereGuard(ast, guards);
 	if (!ast2.ok) return ast2;
 	return addLimitGuard(ast2.data, limit);
 }
-function addWhereGuard(ast, guard) {
-	const { schema, table, column, value } = guard;
-	const tableRef = {
-		type: "table_ref",
-		schema,
-		name: table
-	};
-	if (!checkIfTableRefExists(ast, tableRef)) return Err(new SanitiseError(`The table '${handleTableRef(tableRef)}' must appear in the FROM or JOIN clauses.`));
-	const newClause = {
-		type: "where_comparison",
-		operator: "=",
-		left: {
-			type: "where_value",
-			kind: "column_ref",
-			ref: {
-				type: "column_ref",
-				schema,
-				table,
-				name: column
-			}
-		},
-		right: typeof value === "string" ? {
-			type: "where_value",
-			kind: "string",
+function resolveGuards(guards) {
+	if (guards.length === 0) return Err(new AgentSqlError("At least one guard must be provided."));
+	const result = [];
+	for (const [column, value] of Object.entries(guards)) {
+		const guardCol = resolveSingleGuardCol(column);
+		if (!guardCol.ok) return guardCol;
+		result.push({
+			...guardCol.data,
 			value
-		} : {
-			type: "where_value",
-			kind: "integer",
-			value
-		}
-	};
+		});
+	}
+	return Ok(result);
+}
+function resolveSingleGuardCol(column) {
+	const [a, b, c] = column.split(".");
+	if (a === void 0 || b === void 0) return Err(new AgentSqlError(`Malformed column string: '${column}'. Pass 'table.column'.`));
+	if (c === void 0) return Ok({
+		table: a,
+		column: b
+	});
+	return Err(new AgentSqlError("Specifying guard as schema.table.name not yet supported"));
+}
+function addWhereGuard(ast, guards) {
+	for (const guard of guards) {
+		const tableRef = {
+			type: "table_ref",
+			schema: guard.schema,
+			name: guard.table
+		};
+		if (!checkIfTableRefExists(ast, tableRef)) return Err(new SanitiseError(`The table '${handleTableRef(tableRef)}' must appear in the FROM or JOIN clauses.`));
+	}
+	const [first, ...rest] = guards.map((guard) => {
+		const { schema, table, column, value } = guard;
+		return {
+			type: "where_comparison",
+			operator: "=",
+			left: {
+				type: "where_value",
+				kind: "column_ref",
+				ref: {
+					type: "column_ref",
+					schema,
+					table,
+					name: column
+				}
+			},
+			right: typeof value === "string" ? {
+				type: "where_value",
+				kind: "string",
+				value
+			} : {
+				type: "where_value",
+				kind: "integer",
+				value
+			}
+		};
+	});
+	if (!first) return Err(new AgentSqlError("No guards were provided"));
+	const combined = rest.reduce((acc, clause) => ({
+		type: "where_and",
+		left: acc,
+		right: clause
+	}), first);
 	return Ok({
 		...ast,
 		where: ast.where ? {
 			type: "where_root",
 			inner: {
 				type: "where_and",
-				left: newClause,
+				left: combined,
 				right: ast.where.inner
 			}
 		} : {
 			type: "where_root",
-			inner: newClause
+			inner: combined
 		}
 	});
 }
@@ -358,21 +1128,6 @@ function getJoinTableRef(joinTableName, left, right) {
 	};
 }
 //#endregion
-//#region src/namespec.ts
-function getQualifiedColumnFromString(column) {
-	const [a, b, c] = column.split(".");
-	if (a === void 0 || b === void 0) throw new AgentSqlError(`Malformed column string: '${column}'. Pass 'table.column'.`);
-	if (c === void 0) return Ok({
-		table: a,
-		column: b
-	});
-	return Ok({
-		schema: a,
-		table: b,
-		column: c
-	});
-}
-//#endregion
 //#region src/sql.ohm-bundle.js
 const result = makeRecipe([
 	"grammar",
@@ -6431,62 +7186,47 @@ function parseSql(expr) {
 }
 //#endregion
 //#region src/index.ts
-function agentSql(sql, column, value, { schema, limit } = {}) {
+function agentSql(sql, column, value, { schema, limit, db = "postgres", allowExtraFunctions = [] } = {}) {
 	return privateAgentSql(sql, {
-		column,
-		value,
+		guards: { [column]: value },
 		schema,
 		limit,
+		db,
+		allowExtraFunctions,
 		throws: true
 	});
 }
-function createAgentSql({ column, schema, value, limit, throws = true }) {
-	if (value !== void 0) return (expr) => throws ? privateAgentSql(expr, {
-		column,
-		value,
+function createAgentSql(schema, guards, { limit, throws = true, db = "postgres", allowExtraFunctions = [] } = {}) {
+	return (expr) => throws ? privateAgentSql(expr, {
+		guards,
 		schema,
 		limit,
+		db,
+		allowExtraFunctions,
 		throws
 	}) : privateAgentSql(expr, {
-		column,
-		value,
+		guards,
 		schema,
 		limit,
+		db,
+		allowExtraFunctions,
 		throws
 	});
-	function factory(guardVal) {
-		return throws ? createAgentSql({
-			column,
-			schema,
-			value: guardVal,
-			limit,
-			throws
-		}) : createAgentSql({
-			column,
-			schema,
-			value: guardVal,
-			limit,
-			throws
-		});
-	}
-	return factory;
 }
-function privateAgentSql(sql, { column, value, schema, limit, throws }) {
-	const guardCol = getQualifiedColumnFromString(column);
-	if (!guardCol.ok) throw guardCol.error;
+function privateAgentSql(sql, { guards: guardsRaw, schema, limit, db, allowExtraFunctions, throws }) {
+	const guards = resolveGuards(guardsRaw);
+	if (!guards.ok) throw guards.error;
 	const ast = parseSql(sql);
 	if (!ast.ok) return returnOrThrow(ast, throws);
 	const ast2 = checkJoins(ast.data, schema);
 	if (!ast2.ok) return returnOrThrow(ast2, throws);
-	const where = {
-		...guardCol.data,
-		value
-	};
-	const san = addGuards(ast2.data, where, limit);
+	const ast3 = checkFunctions(ast2.data, db, allowExtraFunctions);
+	if (!ast3.ok) return returnOrThrow(ast3, throws);
+	const san = applyGuards(ast3.data, guards.data, limit);
 	if (!san.ok) return returnOrThrow(san, throws);
 	const res = outputSql(san.data);
 	if (throws) return res;
 	return Ok(res);
 }
 //#endregion
-export { agentSql, createAgentSql, defineSchema, outputSql, parseSql, addGuards as sanitiseSql };
+export { agentSql, createAgentSql, defineSchema, outputSql, parseSql, applyGuards as sanitiseSql };

package/package.json

@@ -1,7 +1,13 @@
 {
   "name": "agent-sql",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "A starter for creating a TypeScript package.",
+  "keywords": [
+    "agent",
+    "ai",
+    "postgres",
+    "sql"
+  ],
   "homepage": "https://github.com/carderne/agent-sql#readme",
   "bugs": {
     "url": "https://github.com/carderne/agent-sql/issues"
@@ -63,6 +69,5 @@
       "vite": "npm:@voidzero-dev/vite-plus-core@latest",
       "vitest": "npm:@voidzero-dev/vite-plus-test@latest"
     }
-  },
-  "logo": "https://cdn.jsdelivr.net/gh/carderne/agent-sql@main/docs/logo.png"
+  }
 }