sql-preview 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -19037,7 +19037,7 @@ var require_mime_types = __commonJS({
19037
19037
  exports.charset = charset;
19038
19038
  exports.charsets = { lookup: charset };
19039
19039
  exports.contentType = contentType;
19040
- exports.extension = extension;
19040
+ exports.extension = extension2;
19041
19041
  exports.extensions = /* @__PURE__ */ Object.create(null);
19042
19042
  exports.lookup = lookup;
19043
19043
  exports.types = /* @__PURE__ */ Object.create(null);
@@ -19072,7 +19072,7 @@ var require_mime_types = __commonJS({
19072
19072
  }
19073
19073
  return mime;
19074
19074
  }
19075
- function extension(type) {
19075
+ function extension2(type) {
19076
19076
  if (!type || typeof type !== "string") {
19077
19077
  return false;
19078
19078
  }
@@ -19087,11 +19087,11 @@ var require_mime_types = __commonJS({
19087
19087
  if (!path8 || typeof path8 !== "string") {
19088
19088
  return false;
19089
19089
  }
19090
- var extension2 = extname("x." + path8).toLowerCase().slice(1);
19091
- if (!extension2) {
19090
+ var extension3 = extname("x." + path8).toLowerCase().slice(1);
19091
+ if (!extension3) {
19092
19092
  return false;
19093
19093
  }
19094
- return exports.types[extension2] || false;
19094
+ return exports.types[extension3] || false;
19095
19095
  }
19096
19096
  function populateMaps(extensions, types) {
19097
19097
  Object.keys(db).forEach(function forEachMimeType(type) {
@@ -19102,15 +19102,15 @@ var require_mime_types = __commonJS({
19102
19102
  }
19103
19103
  extensions[type] = exts;
19104
19104
  for (var i = 0; i < exts.length; i++) {
19105
- var extension2 = exts[i];
19106
- types[extension2] = _preferredType(extension2, types[extension2], type);
19105
+ var extension3 = exts[i];
19106
+ types[extension3] = _preferredType(extension3, types[extension3], type);
19107
19107
  const legacyType = _preferredTypeLegacy(
19108
- extension2,
19109
- types[extension2],
19108
+ extension3,
19109
+ types[extension3],
19110
19110
  type
19111
19111
  );
19112
- if (legacyType !== types[extension2]) {
19113
- exports._extensionConflicts.push([extension2, legacyType, types[extension2]]);
19112
+ if (legacyType !== types[extension3]) {
19113
+ exports._extensionConflicts.push([extension3, legacyType, types[extension3]]);
19114
19114
  }
19115
19115
  }
19116
19116
  });
@@ -19124,7 +19124,7 @@ var require_mime_types = __commonJS({
19124
19124
  var SOURCE_RANK = ["nginx", "apache", void 0, "iana"];
19125
19125
  var score0 = type0 ? SOURCE_RANK.indexOf(db[type0].source) : 0;
19126
19126
  var score1 = type1 ? SOURCE_RANK.indexOf(db[type1].source) : 0;
19127
- if (exports.types[extension] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension]?.slice(0, 12) === "application/")) {
19127
+ if (exports.types[extension2] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension2]?.slice(0, 12) === "application/")) {
19128
19128
  return type0;
19129
19129
  }
19130
19130
  return score0 > score1 ? type0 : type1;
@@ -19555,10 +19555,7 @@ var require_json = __commonJS({
19555
19555
  var index = str.indexOf(char);
19556
19556
  var partial2 = "";
19557
19557
  if (index !== -1) {
19558
- partial2 = str.substring(0, index) + JSON_SYNTAX_CHAR;
19559
- for (var i = index + 1; i < str.length; i++) {
19560
- partial2 += JSON_SYNTAX_CHAR;
19561
- }
19558
+ partial2 = str.substring(0, index) + JSON_SYNTAX_CHAR.repeat(str.length - index);
19562
19559
  }
19563
19560
  try {
19564
19561
  JSON.parse(partial2);
@@ -21634,7 +21631,7 @@ var require_stringify = __commonJS({
21634
21631
  }
21635
21632
  if (obj === null) {
21636
21633
  if (strictNullHandling) {
21637
- return encoder && !encodeValuesOnly ? encoder(prefix, defaults2.encoder, charset, "key", format) : prefix;
21634
+ return formatter(encoder && !encodeValuesOnly ? encoder(prefix, defaults2.encoder, charset, "key", format) : prefix);
21638
21635
  }
21639
21636
  obj = "";
21640
21637
  }
@@ -21652,7 +21649,9 @@ var require_stringify = __commonJS({
21652
21649
  var objKeys;
21653
21650
  if (generateArrayPrefix === "comma" && isArray2(obj)) {
21654
21651
  if (encodeValuesOnly && encoder) {
21655
- obj = utils.maybeMap(obj, encoder);
21652
+ obj = utils.maybeMap(obj, function(v) {
21653
+ return v == null ? v : encoder(v);
21654
+ });
21656
21655
  }
21657
21656
  objKeys = [{ value: obj.length > 0 ? obj.join(",") || null : void 0 }];
21658
21657
  } else if (isArray2(filter2)) {
@@ -21790,6 +21789,9 @@ var require_stringify = __commonJS({
21790
21789
  var sideChannel = getSideChannel();
21791
21790
  for (var i = 0; i < objKeys.length; ++i) {
21792
21791
  var key = objKeys[i];
21792
+ if (typeof key === "undefined" || key === null) {
21793
+ continue;
21794
+ }
21793
21795
  var value = obj[key];
21794
21796
  if (options.skipNulls && value === null) {
21795
21797
  continue;
@@ -21819,9 +21821,9 @@ var require_stringify = __commonJS({
21819
21821
  var prefix = options.addQueryPrefix === true ? "?" : "";
21820
21822
  if (options.charsetSentinel) {
21821
21823
  if (options.charset === "iso-8859-1") {
21822
- prefix += "utf8=%26%2310003%3B&";
21824
+ prefix += "utf8=%26%2310003%3B" + options.delimiter;
21823
21825
  } else {
21824
- prefix += "utf8=%E2%9C%93&";
21826
+ prefix += "utf8=%E2%9C%93" + options.delimiter;
21825
21827
  }
21826
21828
  }
21827
21829
  return joined.length > 0 ? prefix + joined : "";
@@ -22004,8 +22006,8 @@ var require_parse = __commonJS({
22004
22006
  }
22005
22007
  return leaf;
22006
22008
  };
22007
- var splitKeyIntoSegments = function splitKeyIntoSegments2(givenKey, options) {
22008
- var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, "[$1]") : givenKey;
22009
+ var splitKeyIntoSegments = function splitKeyIntoSegments2(originalKey, options) {
22010
+ var key = options.allowDots ? originalKey.replace(/\.([^.[]+)/g, "[$1]") : originalKey;
22009
22011
  if (options.depth <= 0) {
22010
22012
  if (!options.plainObjects && has.call(Object.prototype, key)) {
22011
22013
  if (!options.allowPrototypes) {
@@ -22014,37 +22016,56 @@ var require_parse = __commonJS({
22014
22016
  }
22015
22017
  return [key];
22016
22018
  }
22017
- var brackets = /(\[[^[\]]*])/;
22018
- var child = /(\[[^[\]]*])/g;
22019
- var segment = brackets.exec(key);
22020
- var parent = segment ? key.slice(0, segment.index) : key;
22021
- var keys = [];
22019
+ var segments = [];
22020
+ var first = key.indexOf("[");
22021
+ var parent = first >= 0 ? key.slice(0, first) : key;
22022
22022
  if (parent) {
22023
22023
  if (!options.plainObjects && has.call(Object.prototype, parent)) {
22024
22024
  if (!options.allowPrototypes) {
22025
22025
  return;
22026
22026
  }
22027
22027
  }
22028
- keys[keys.length] = parent;
22028
+ segments[segments.length] = parent;
22029
22029
  }
22030
- var i = 0;
22031
- while ((segment = child.exec(key)) !== null && i < options.depth) {
22032
- i += 1;
22033
- var segmentContent = segment[1].slice(1, -1);
22034
- if (!options.plainObjects && has.call(Object.prototype, segmentContent)) {
22035
- if (!options.allowPrototypes) {
22036
- return;
22030
+ var n = key.length;
22031
+ var open = first;
22032
+ var collected = 0;
22033
+ while (open >= 0 && collected < options.depth) {
22034
+ var level = 1;
22035
+ var i = open + 1;
22036
+ var close = -1;
22037
+ while (i < n && close < 0) {
22038
+ var cu = key.charCodeAt(i);
22039
+ if (cu === 91) {
22040
+ level += 1;
22041
+ } else if (cu === 93) {
22042
+ level -= 1;
22043
+ if (level === 0) {
22044
+ close = i;
22045
+ }
22037
22046
  }
22047
+ i += 1;
22038
22048
  }
22039
- keys[keys.length] = segment[1];
22049
+ if (close < 0) {
22050
+ segments[segments.length] = "[" + key.slice(open) + "]";
22051
+ return segments;
22052
+ }
22053
+ var seg = key.slice(open, close + 1);
22054
+ var content = seg.slice(1, -1);
22055
+ if (!options.plainObjects && has.call(Object.prototype, content) && !options.allowPrototypes) {
22056
+ return;
22057
+ }
22058
+ segments[segments.length] = seg;
22059
+ collected += 1;
22060
+ open = key.indexOf("[", close + 1);
22040
22061
  }
22041
- if (segment) {
22062
+ if (open >= 0) {
22042
22063
  if (options.strictDepth === true) {
22043
22064
  throw new RangeError("Input depth exceeded depth option of " + options.depth + " and strictDepth is true");
22044
22065
  }
22045
- keys[keys.length] = "[" + key.slice(segment.index) + "]";
22066
+ segments[segments.length] = "[" + key.slice(open) + "]";
22046
22067
  }
22047
- return keys;
22068
+ return segments;
22048
22069
  };
22049
22070
  var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
22050
22071
  if (!givenKey) {
@@ -22194,7 +22215,7 @@ var require_urlencoded = __commonJS({
22194
22215
  type: "parameters.too.many"
22195
22216
  });
22196
22217
  }
22197
- var arrayLimit = extended ? Math.max(100, paramCount) : 0;
22218
+ var arrayLimit = extended ? Math.max(100, paramCount) : paramCount;
22198
22219
  debug("parse " + (extended ? "extended " : "") + "urlencoding");
22199
22220
  try {
22200
22221
  return qs.parse(body, {
@@ -22306,8 +22327,8 @@ var require_escape_html = __commonJS({
22306
22327
  "node_modules/escape-html/index.js"(exports, module2) {
22307
22328
  "use strict";
22308
22329
  var matchHtmlRegExp = /["'&<>]/;
22309
- module2.exports = escapeHtml;
22310
- function escapeHtml(string3) {
22330
+ module2.exports = escapeHtml2;
22331
+ function escapeHtml2(string3) {
22311
22332
  var str = "" + string3;
22312
22333
  var match = matchHtmlRegExp.exec(str);
22313
22334
  if (!match) {
@@ -22432,13 +22453,13 @@ var require_finalhandler = __commonJS({
22432
22453
  "use strict";
22433
22454
  var debug = require_src()("finalhandler");
22434
22455
  var encodeUrl = require_encodeurl();
22435
- var escapeHtml = require_escape_html();
22456
+ var escapeHtml2 = require_escape_html();
22436
22457
  var onFinished = require_on_finished();
22437
22458
  var parseUrl2 = require_parseurl();
22438
22459
  var statuses = require_statuses();
22439
22460
  var isFinished = onFinished.isFinished;
22440
22461
  function createHtmlDocument(message) {
22441
- var body = escapeHtml(message).replaceAll("\n", "<br>").replaceAll(" ", " &nbsp;");
22462
+ var body = escapeHtml2(message).replaceAll("\n", "<br>").replaceAll(" ", " &nbsp;");
22442
22463
  return '<!DOCTYPE html>\n<html lang="en">\n<head>\n<meta charset="utf-8">\n<title>Error</title>\n</head>\n<body>\n<pre>' + body + "</pre>\n</body>\n</html>\n";
22443
22464
  }
22444
22465
  module2.exports = finalhandler;
@@ -22652,14 +22673,14 @@ var require_etag = __commonJS({
22652
22673
  "node_modules/etag/index.js"(exports, module2) {
22653
22674
  "use strict";
22654
22675
  module2.exports = etag;
22655
- var crypto6 = require("crypto");
22676
+ var crypto7 = require("crypto");
22656
22677
  var Stats = require("fs").Stats;
22657
22678
  var toString3 = Object.prototype.toString;
22658
22679
  function entitytag(entity) {
22659
22680
  if (entity.length === 0) {
22660
22681
  return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"';
22661
22682
  }
22662
- var hash = crypto6.createHash("sha1").update(entity, "utf8").digest("base64").substring(0, 27);
22683
+ var hash = crypto7.createHash("sha1").update(entity, "utf8").digest("base64").substring(0, 27);
22663
22684
  var len = typeof entity === "string" ? Buffer.byteLength(entity, "utf8") : entity.length;
22664
22685
  return '"' + len.toString(16) + "-" + hash + '"';
22665
22686
  }
@@ -32100,7 +32121,7 @@ var require_mime_types2 = __commonJS({
32100
32121
  exports.charset = charset;
32101
32122
  exports.charsets = { lookup: charset };
32102
32123
  exports.contentType = contentType;
32103
- exports.extension = extension;
32124
+ exports.extension = extension2;
32104
32125
  exports.extensions = /* @__PURE__ */ Object.create(null);
32105
32126
  exports.lookup = lookup;
32106
32127
  exports.types = /* @__PURE__ */ Object.create(null);
@@ -32135,7 +32156,7 @@ var require_mime_types2 = __commonJS({
32135
32156
  }
32136
32157
  return mime;
32137
32158
  }
32138
- function extension(type) {
32159
+ function extension2(type) {
32139
32160
  if (!type || typeof type !== "string") {
32140
32161
  return false;
32141
32162
  }
@@ -32150,11 +32171,11 @@ var require_mime_types2 = __commonJS({
32150
32171
  if (!path8 || typeof path8 !== "string") {
32151
32172
  return false;
32152
32173
  }
32153
- var extension2 = extname("x." + path8).toLowerCase().slice(1);
32154
- if (!extension2) {
32174
+ var extension3 = extname("x." + path8).toLowerCase().slice(1);
32175
+ if (!extension3) {
32155
32176
  return false;
32156
32177
  }
32157
- return exports.types[extension2] || false;
32178
+ return exports.types[extension3] || false;
32158
32179
  }
32159
32180
  function populateMaps(extensions, types) {
32160
32181
  Object.keys(db).forEach(function forEachMimeType(type) {
@@ -32165,15 +32186,15 @@ var require_mime_types2 = __commonJS({
32165
32186
  }
32166
32187
  extensions[type] = exts;
32167
32188
  for (var i = 0; i < exts.length; i++) {
32168
- var extension2 = exts[i];
32169
- types[extension2] = _preferredType(extension2, types[extension2], type);
32189
+ var extension3 = exts[i];
32190
+ types[extension3] = _preferredType(extension3, types[extension3], type);
32170
32191
  const legacyType = _preferredTypeLegacy(
32171
- extension2,
32172
- types[extension2],
32192
+ extension3,
32193
+ types[extension3],
32173
32194
  type
32174
32195
  );
32175
- if (legacyType !== types[extension2]) {
32176
- exports._extensionConflicts.push([extension2, legacyType, types[extension2]]);
32196
+ if (legacyType !== types[extension3]) {
32197
+ exports._extensionConflicts.push([extension3, legacyType, types[extension3]]);
32177
32198
  }
32178
32199
  }
32179
32200
  });
@@ -32187,7 +32208,7 @@ var require_mime_types2 = __commonJS({
32187
32208
  var SOURCE_RANK = ["nginx", "apache", void 0, "iana"];
32188
32209
  var score0 = type0 ? SOURCE_RANK.indexOf(db[type0].source) : 0;
32189
32210
  var score1 = type1 ? SOURCE_RANK.indexOf(db[type1].source) : 0;
32190
- if (exports.types[extension] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension]?.slice(0, 12) === "application/")) {
32211
+ if (exports.types[extension2] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension2]?.slice(0, 12) === "application/")) {
32191
32212
  return type0;
32192
32213
  }
32193
32214
  return score0 > score1 ? type0 : type1;
@@ -34413,8 +34434,8 @@ var require_application = __commonJS({
34413
34434
  if (typeof fn !== "function") {
34414
34435
  throw new Error("callback function required");
34415
34436
  }
34416
- var extension = ext[0] !== "." ? "." + ext : ext;
34417
- this.engines[extension] = fn;
34437
+ var extension2 = ext[0] !== "." ? "." + ext : ext;
34438
+ this.engines[extension2] = fn;
34418
34439
  return this;
34419
34440
  };
34420
34441
  app.param = function param(name, fn) {
@@ -44473,7 +44494,7 @@ var require_mime_types3 = __commonJS({
44473
44494
  exports.charset = charset;
44474
44495
  exports.charsets = { lookup: charset };
44475
44496
  exports.contentType = contentType;
44476
- exports.extension = extension;
44497
+ exports.extension = extension2;
44477
44498
  exports.extensions = /* @__PURE__ */ Object.create(null);
44478
44499
  exports.lookup = lookup;
44479
44500
  exports.types = /* @__PURE__ */ Object.create(null);
@@ -44508,7 +44529,7 @@ var require_mime_types3 = __commonJS({
44508
44529
  }
44509
44530
  return mime;
44510
44531
  }
44511
- function extension(type) {
44532
+ function extension2(type) {
44512
44533
  if (!type || typeof type !== "string") {
44513
44534
  return false;
44514
44535
  }
@@ -44523,11 +44544,11 @@ var require_mime_types3 = __commonJS({
44523
44544
  if (!path8 || typeof path8 !== "string") {
44524
44545
  return false;
44525
44546
  }
44526
- var extension2 = extname("x." + path8).toLowerCase().slice(1);
44527
- if (!extension2) {
44547
+ var extension3 = extname("x." + path8).toLowerCase().slice(1);
44548
+ if (!extension3) {
44528
44549
  return false;
44529
44550
  }
44530
- return exports.types[extension2] || false;
44551
+ return exports.types[extension3] || false;
44531
44552
  }
44532
44553
  function populateMaps(extensions, types) {
44533
44554
  Object.keys(db).forEach(function forEachMimeType(type) {
@@ -44538,15 +44559,15 @@ var require_mime_types3 = __commonJS({
44538
44559
  }
44539
44560
  extensions[type] = exts;
44540
44561
  for (var i = 0; i < exts.length; i++) {
44541
- var extension2 = exts[i];
44542
- types[extension2] = _preferredType(extension2, types[extension2], type);
44562
+ var extension3 = exts[i];
44563
+ types[extension3] = _preferredType(extension3, types[extension3], type);
44543
44564
  const legacyType = _preferredTypeLegacy(
44544
- extension2,
44545
- types[extension2],
44565
+ extension3,
44566
+ types[extension3],
44546
44567
  type
44547
44568
  );
44548
- if (legacyType !== types[extension2]) {
44549
- exports._extensionConflicts.push([extension2, legacyType, types[extension2]]);
44569
+ if (legacyType !== types[extension3]) {
44570
+ exports._extensionConflicts.push([extension3, legacyType, types[extension3]]);
44550
44571
  }
44551
44572
  }
44552
44573
  });
@@ -44560,7 +44581,7 @@ var require_mime_types3 = __commonJS({
44560
44581
  var SOURCE_RANK = ["nginx", "apache", void 0, "iana"];
44561
44582
  var score0 = type0 ? SOURCE_RANK.indexOf(db[type0].source) : 0;
44562
44583
  var score1 = type1 ? SOURCE_RANK.indexOf(db[type1].source) : 0;
44563
- if (exports.types[extension] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension]?.slice(0, 12) === "application/")) {
44584
+ if (exports.types[extension2] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension2]?.slice(0, 12) === "application/")) {
44564
44585
  return type0;
44565
44586
  }
44566
44587
  return score0 > score1 ? type0 : type1;
@@ -45120,13 +45141,13 @@ var require_content_disposition = __commonJS({
45120
45141
  // node_modules/cookie-signature/index.js
45121
45142
  var require_cookie_signature = __commonJS({
45122
45143
  "node_modules/cookie-signature/index.js"(exports) {
45123
- var crypto6 = require("crypto");
45144
+ var crypto7 = require("crypto");
45124
45145
  exports.sign = function(val, secret) {
45125
45146
  if ("string" != typeof val)
45126
45147
  throw new TypeError("Cookie value must be provided as a string.");
45127
45148
  if (null == secret)
45128
45149
  throw new TypeError("Secret key must be provided.");
45129
- return val + "." + crypto6.createHmac("sha256", secret).update(val).digest("base64").replace(/\=+$/, "");
45150
+ return val + "." + crypto7.createHmac("sha256", secret).update(val).digest("base64").replace(/\=+$/, "");
45130
45151
  };
45131
45152
  exports.unsign = function(input, secret) {
45132
45153
  if ("string" != typeof input)
@@ -45134,7 +45155,7 @@ var require_cookie_signature = __commonJS({
45134
45155
  if (null == secret)
45135
45156
  throw new TypeError("Secret key must be provided.");
45136
45157
  var tentativeValue = input.slice(0, input.lastIndexOf(".")), expectedInput = exports.sign(tentativeValue, secret), expectedBuffer = Buffer.from(expectedInput), inputBuffer = Buffer.from(input);
45137
- return expectedBuffer.length === inputBuffer.length && crypto6.timingSafeEqual(expectedBuffer, inputBuffer) ? tentativeValue : false;
45158
+ return expectedBuffer.length === inputBuffer.length && crypto7.timingSafeEqual(expectedBuffer, inputBuffer) ? tentativeValue : false;
45138
45159
  };
45139
45160
  }
45140
45161
  });
@@ -54721,7 +54742,7 @@ var require_mime_types4 = __commonJS({
54721
54742
  exports.charset = charset;
54722
54743
  exports.charsets = { lookup: charset };
54723
54744
  exports.contentType = contentType;
54724
- exports.extension = extension;
54745
+ exports.extension = extension2;
54725
54746
  exports.extensions = /* @__PURE__ */ Object.create(null);
54726
54747
  exports.lookup = lookup;
54727
54748
  exports.types = /* @__PURE__ */ Object.create(null);
@@ -54756,7 +54777,7 @@ var require_mime_types4 = __commonJS({
54756
54777
  }
54757
54778
  return mime;
54758
54779
  }
54759
- function extension(type) {
54780
+ function extension2(type) {
54760
54781
  if (!type || typeof type !== "string") {
54761
54782
  return false;
54762
54783
  }
@@ -54771,11 +54792,11 @@ var require_mime_types4 = __commonJS({
54771
54792
  if (!path8 || typeof path8 !== "string") {
54772
54793
  return false;
54773
54794
  }
54774
- var extension2 = extname("x." + path8).toLowerCase().slice(1);
54775
- if (!extension2) {
54795
+ var extension3 = extname("x." + path8).toLowerCase().slice(1);
54796
+ if (!extension3) {
54776
54797
  return false;
54777
54798
  }
54778
- return exports.types[extension2] || false;
54799
+ return exports.types[extension3] || false;
54779
54800
  }
54780
54801
  function populateMaps(extensions, types) {
54781
54802
  Object.keys(db).forEach(function forEachMimeType(type) {
@@ -54786,15 +54807,15 @@ var require_mime_types4 = __commonJS({
54786
54807
  }
54787
54808
  extensions[type] = exts;
54788
54809
  for (var i = 0; i < exts.length; i++) {
54789
- var extension2 = exts[i];
54790
- types[extension2] = _preferredType(extension2, types[extension2], type);
54810
+ var extension3 = exts[i];
54811
+ types[extension3] = _preferredType(extension3, types[extension3], type);
54791
54812
  const legacyType = _preferredTypeLegacy(
54792
- extension2,
54793
- types[extension2],
54813
+ extension3,
54814
+ types[extension3],
54794
54815
  type
54795
54816
  );
54796
- if (legacyType !== types[extension2]) {
54797
- exports._extensionConflicts.push([extension2, legacyType, types[extension2]]);
54817
+ if (legacyType !== types[extension3]) {
54818
+ exports._extensionConflicts.push([extension3, legacyType, types[extension3]]);
54798
54819
  }
54799
54820
  }
54800
54821
  });
@@ -54808,7 +54829,7 @@ var require_mime_types4 = __commonJS({
54808
54829
  var SOURCE_RANK = ["nginx", "apache", void 0, "iana"];
54809
54830
  var score0 = type0 ? SOURCE_RANK.indexOf(db[type0].source) : 0;
54810
54831
  var score1 = type1 ? SOURCE_RANK.indexOf(db[type1].source) : 0;
54811
- if (exports.types[extension] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension]?.slice(0, 12) === "application/")) {
54832
+ if (exports.types[extension2] !== "application/octet-stream" && (score0 > score1 || score0 === score1 && exports.types[extension2]?.slice(0, 12) === "application/")) {
54812
54833
  return type0;
54813
54834
  }
54814
54835
  return score0 > score1 ? type0 : type1;
@@ -54823,7 +54844,7 @@ var require_send = __commonJS({
54823
54844
  var createError = require_http_errors();
54824
54845
  var debug = require_src()("send");
54825
54846
  var encodeUrl = require_encodeurl();
54826
- var escapeHtml = require_escape_html();
54847
+ var escapeHtml2 = require_escape_html();
54827
54848
  var etag = require_etag();
54828
54849
  var fresh = require_fresh();
54829
54850
  var fs11 = require("fs");
@@ -54876,7 +54897,7 @@ var require_send = __commonJS({
54876
54897
  }
54877
54898
  var res = this.res;
54878
54899
  var msg = statuses.message[status] || String(status);
54879
- var doc = createHtmlDocument("Error", escapeHtml(msg));
54900
+ var doc = createHtmlDocument("Error", escapeHtml2(msg));
54880
54901
  clearHeaders(res);
54881
54902
  if (err && err.headers) {
54882
54903
  setHeaders(res, err.headers);
@@ -54976,7 +54997,7 @@ var require_send = __commonJS({
54976
54997
  return;
54977
54998
  }
54978
54999
  var loc = encodeUrl(collapseLeadingSlashes(this.path + "/"));
54979
- var doc = createHtmlDocument("Redirecting", "Redirecting to " + escapeHtml(loc));
55000
+ var doc = createHtmlDocument("Redirecting", "Redirecting to " + escapeHtml2(loc));
54980
55001
  res.statusCode = 301;
54981
55002
  res.setHeader("Content-Type", "text/html; charset=UTF-8");
54982
55003
  res.setHeader("Content-Length", Buffer.byteLength(doc));
@@ -55390,7 +55411,7 @@ var require_response = __commonJS({
55390
55411
  var createError = require_http_errors();
55391
55412
  var deprecate = require_depd()("express");
55392
55413
  var encodeUrl = require_encodeurl();
55393
- var escapeHtml = require_escape_html();
55414
+ var escapeHtml2 = require_escape_html();
55394
55415
  var http4 = require("node:http");
55395
55416
  var onFinished = require_on_finished();
55396
55417
  var mime = require_mime_types2();
@@ -55732,7 +55753,7 @@ var require_response = __commonJS({
55732
55753
  body = statuses.message[status] + ". Redirecting to " + address;
55733
55754
  },
55734
55755
  html: function() {
55735
- var u = escapeHtml(address);
55756
+ var u = escapeHtml2(address);
55736
55757
  body = "<p>" + statuses.message[status] + ". Redirecting to " + u + "</p>";
55737
55758
  },
55738
55759
  default: function() {
@@ -55868,7 +55889,7 @@ var require_serve_static = __commonJS({
55868
55889
  "node_modules/serve-static/index.js"(exports, module2) {
55869
55890
  "use strict";
55870
55891
  var encodeUrl = require_encodeurl();
55871
- var escapeHtml = require_escape_html();
55892
+ var escapeHtml2 = require_escape_html();
55872
55893
  var parseUrl2 = require_parseurl();
55873
55894
  var resolve2 = require("path").resolve;
55874
55895
  var send = require_send();
@@ -55954,7 +55975,7 @@ var require_serve_static = __commonJS({
55954
55975
  originalUrl.path = null;
55955
55976
  originalUrl.pathname = collapseLeadingSlashes(originalUrl.pathname + "/");
55956
55977
  var loc = encodeUrl(url2.format(originalUrl));
55957
- var doc = createHtmlDocument("Redirecting", "Redirecting to " + escapeHtml(loc));
55978
+ var doc = createHtmlDocument("Redirecting", "Redirecting to " + escapeHtml2(loc));
55958
55979
  res.statusCode = 301;
55959
55980
  res.setHeader("Content-Type", "text/html; charset=UTF-8");
55960
55981
  res.setHeader("Content-Length", Buffer.byteLength(doc));
@@ -66177,7 +66198,7 @@ var require_mime_types5 = __commonJS({
66177
66198
  exports.charset = charset;
66178
66199
  exports.charsets = { lookup: charset };
66179
66200
  exports.contentType = contentType;
66180
- exports.extension = extension;
66201
+ exports.extension = extension2;
66181
66202
  exports.extensions = /* @__PURE__ */ Object.create(null);
66182
66203
  exports.lookup = lookup;
66183
66204
  exports.types = /* @__PURE__ */ Object.create(null);
@@ -66211,7 +66232,7 @@ var require_mime_types5 = __commonJS({
66211
66232
  }
66212
66233
  return mime;
66213
66234
  }
66214
- function extension(type) {
66235
+ function extension2(type) {
66215
66236
  if (!type || typeof type !== "string") {
66216
66237
  return false;
66217
66238
  }
@@ -66226,11 +66247,11 @@ var require_mime_types5 = __commonJS({
66226
66247
  if (!path8 || typeof path8 !== "string") {
66227
66248
  return false;
66228
66249
  }
66229
- var extension2 = extname("x." + path8).toLowerCase().substr(1);
66230
- if (!extension2) {
66250
+ var extension3 = extname("x." + path8).toLowerCase().substr(1);
66251
+ if (!extension3) {
66231
66252
  return false;
66232
66253
  }
66233
- return exports.types[extension2] || false;
66254
+ return exports.types[extension3] || false;
66234
66255
  }
66235
66256
  function populateMaps(extensions, types) {
66236
66257
  var preference = ["nginx", "apache", void 0, "iana"];
@@ -66242,15 +66263,15 @@ var require_mime_types5 = __commonJS({
66242
66263
  }
66243
66264
  extensions[type] = exts;
66244
66265
  for (var i = 0; i < exts.length; i++) {
66245
- var extension2 = exts[i];
66246
- if (types[extension2]) {
66247
- var from = preference.indexOf(db[types[extension2]].source);
66266
+ var extension3 = exts[i];
66267
+ if (types[extension3]) {
66268
+ var from = preference.indexOf(db[types[extension3]].source);
66248
66269
  var to = preference.indexOf(mime.source);
66249
- if (types[extension2] !== "application/octet-stream" && (from > to || from === to && types[extension2].substr(0, 12) === "application/")) {
66270
+ if (types[extension3] !== "application/octet-stream" && (from > to || from === to && types[extension3].substr(0, 12) === "application/")) {
66250
66271
  continue;
66251
66272
  }
66252
66273
  }
66253
- types[extension2] = type;
66274
+ types[extension3] = type;
66254
66275
  }
66255
66276
  });
66256
66277
  }
@@ -66534,7 +66555,7 @@ var require_form_data = __commonJS({
66534
66555
  var parseUrl2 = require("url").parse;
66535
66556
  var fs11 = require("fs");
66536
66557
  var Stream = require("stream").Stream;
66537
- var crypto6 = require("crypto");
66558
+ var crypto7 = require("crypto");
66538
66559
  var mime = require_mime_types5();
66539
66560
  var asynckit = require_asynckit();
66540
66561
  var setToStringTag = require_es_set_tostringtag();
@@ -66740,7 +66761,7 @@ var require_form_data = __commonJS({
66740
66761
  return Buffer.concat([dataBuffer, Buffer.from(this._lastBoundary())]);
66741
66762
  };
66742
66763
  FormData3.prototype._generateBoundary = function() {
66743
- this._boundary = "--------------------------" + crypto6.randomBytes(12).toString("hex");
66764
+ this._boundary = "--------------------------" + crypto7.randomBytes(12).toString("hex");
66744
66765
  };
66745
66766
  FormData3.prototype.getLengthSync = function() {
66746
66767
  var knownLength = this._overheadLength + this._valueLength;
@@ -74771,6 +74792,9 @@ var src_exports7 = {};
74771
74792
  __export(src_exports7, {
74772
74793
  default: () => SnowflakeConnector
74773
74794
  });
74795
+ function isDriverManagerLike(value) {
74796
+ return typeof value === "object" && value !== null && "getDriver" in value && typeof value.getDriver === "function";
74797
+ }
74774
74798
  function normaliseAccount(account) {
74775
74799
  let a = account.trim();
74776
74800
  a = a.replace(/\/+$/, "");
@@ -74816,6 +74840,9 @@ function mapSnowflakeTableType(tableType) {
74816
74840
  return "UNKNOWN";
74817
74841
  }
74818
74842
  function connectAsync(connection) {
74843
+ if (typeof connection.connectAsync === "function") {
74844
+ return connection.connectAsync();
74845
+ }
74819
74846
  return new Promise((resolve2, reject) => {
74820
74847
  connection.connect((err) => {
74821
74848
  if (err) {
@@ -74877,10 +74904,11 @@ var init_src8 = __esm({
74877
74904
  init_descriptor7();
74878
74905
  SNOWFLAKE_SYSTEM_SCHEMAS = /* @__PURE__ */ new Set(["INFORMATION_SCHEMA"]);
74879
74906
  SnowflakeConnector = class {
74880
- constructor() {
74907
+ constructor(driverManager) {
74881
74908
  this.id = "snowflake";
74882
74909
  this.supportsPagination = false;
74883
74910
  this.configSchema = snowflakeConnectorConfigSchema;
74911
+ this.driverManager = isDriverManagerLike(driverManager) ? driverManager : { getDriver: async (driverName) => driverName };
74884
74912
  }
74885
74913
  // ── validateConfig ──────────────────────────────────────────────────────
74886
74914
  validateConfig(config2) {
@@ -74888,17 +74916,34 @@ var init_src8 = __esm({
74888
74916
  if (!cfg.account) {
74889
74917
  return "account is required";
74890
74918
  }
74891
- if (!cfg.username) {
74919
+ if (!this.resolveUsername(cfg)) {
74892
74920
  return "username is required";
74893
74921
  }
74922
+ const authMode = this.resolveAuthMode(cfg);
74923
+ if (!["password", "keypair", "externalbrowser"].includes(authMode)) {
74924
+ return `unsupported Snowflake auth mode: ${String(cfg.authMode)}`;
74925
+ }
74926
+ if (authMode === "keypair" && !cfg.privateKeyPath) {
74927
+ return "privateKeyPath is required for Snowflake key pair authentication";
74928
+ }
74894
74929
  return void 0;
74895
74930
  }
74896
74931
  // ── Private: build connection options ───────────────────────────────────
74932
+ resolveAuthMode(cfg) {
74933
+ if (cfg.authenticator?.trim().toLowerCase() === "externalbrowser") {
74934
+ return "externalbrowser";
74935
+ }
74936
+ return cfg.authMode ?? (cfg.privateKeyPath ? "keypair" : "password");
74937
+ }
74938
+ resolveUsername(cfg) {
74939
+ return cfg.username || cfg.user;
74940
+ }
74897
74941
  buildConnectionOptions(cfg) {
74898
74942
  const account = normaliseAccount(cfg.account);
74943
+ const authMode = this.resolveAuthMode(cfg);
74899
74944
  const opts = {
74900
74945
  account,
74901
- username: cfg.username,
74946
+ username: this.resolveUsername(cfg),
74902
74947
  warehouse: cfg.warehouse,
74903
74948
  database: cfg.database,
74904
74949
  schema: cfg.schema,
@@ -74906,7 +74951,12 @@ var init_src8 = __esm({
74906
74951
  loginTimeout: cfg.loginTimeout ?? 60,
74907
74952
  application: cfg.application ?? "sql-preview"
74908
74953
  };
74909
- if (cfg.privateKeyPath) {
74954
+ if (authMode === "externalbrowser") {
74955
+ opts["authenticator"] = "EXTERNALBROWSER";
74956
+ if (cfg.clientStoreTemporaryCredential) {
74957
+ opts["clientStoreTemporaryCredential"] = true;
74958
+ }
74959
+ } else if (authMode === "keypair") {
74910
74960
  const keyContent = (0, import_fs.readFileSync)(cfg.privateKeyPath, "utf8");
74911
74961
  const pk = (0, import_crypto2.createPrivateKey)({
74912
74962
  key: keyContent,
@@ -74921,7 +74971,8 @@ var init_src8 = __esm({
74921
74971
  }
74922
74972
  // ── Private: create and connect ─────────────────────────────────────────
74923
74973
  async createConnection(cfg) {
74924
- const snowflake = require("snowflake-sdk");
74974
+ const driverPath = await this.driverManager.getDriver("snowflake-sdk");
74975
+ const snowflake = require(driverPath);
74925
74976
  const connection = snowflake.createConnection(this.buildConnectionOptions(cfg));
74926
74977
  try {
74927
74978
  await connectAsync(connection);
@@ -75087,6 +75138,15 @@ var init_descriptor7 = __esm({
75087
75138
  snowflakeConnectorConfigSchema = {
75088
75139
  type: "object",
75089
75140
  properties: {
75141
+ authMode: {
75142
+ type: "string",
75143
+ title: "Authentication",
75144
+ description: "Choose password, key-pair, or local browser SSO authentication",
75145
+ enum: ["password", "keypair", "externalbrowser"],
75146
+ enumNames: ["Password", "Key pair", "Browser SSO"],
75147
+ default: "password",
75148
+ ui: { fullWidth: true }
75149
+ },
75090
75150
  account: {
75091
75151
  type: "string",
75092
75152
  title: "Account",
@@ -75097,20 +75157,51 @@ var init_descriptor7 = __esm({
75097
75157
  type: "string",
75098
75158
  title: "Password",
75099
75159
  description: "Password (stored securely)",
75100
- ui: { widget: "password" }
75160
+ ui: { widget: "password", visibleWhen: { field: "authMode", equals: "password" } }
75161
+ },
75162
+ privateKeyPath: {
75163
+ type: "string",
75164
+ title: "Private key path",
75165
+ description: "Absolute path to a PEM private key file",
75166
+ ui: { visibleWhen: { field: "authMode", equals: "keypair" } }
75167
+ },
75168
+ privateKeyPassphrase: {
75169
+ type: "string",
75170
+ title: "Private key passphrase",
75171
+ description: "Passphrase for the private key, if one is required",
75172
+ ui: { widget: "password", visibleWhen: { field: "authMode", equals: "keypair" } }
75173
+ },
75174
+ clientStoreTemporaryCredential: {
75175
+ type: "boolean",
75176
+ title: "Cache browser SSO token",
75177
+ description: "Requests Snowflake driver token caching when the account allows ID-token caching",
75178
+ default: true,
75179
+ ui: { visibleWhen: { field: "authMode", equals: "externalbrowser" }, advanced: true }
75101
75180
  },
75102
75181
  warehouse: {
75103
75182
  type: "string",
75104
75183
  title: "Warehouse",
75105
- description: "Virtual warehouse to use (optional)"
75184
+ description: "Virtual warehouse to use (optional)",
75185
+ ui: { advanced: true }
75106
75186
  },
75107
75187
  database: {
75108
75188
  type: "string",
75109
75189
  title: "Database",
75110
- description: "Default database (optional)"
75190
+ description: "Default database (optional)",
75191
+ ui: { advanced: true }
75192
+ },
75193
+ schema: {
75194
+ type: "string",
75195
+ title: "Schema",
75196
+ description: "Default schema (optional)",
75197
+ ui: { advanced: true }
75111
75198
  },
75112
- schema: { type: "string", title: "Schema", description: "Default schema (optional)" },
75113
- role: { type: "string", title: "Role", description: "Role to assume (optional)" }
75199
+ role: {
75200
+ type: "string",
75201
+ title: "Role",
75202
+ description: "Role to assume (optional)",
75203
+ ui: { advanced: true }
75204
+ }
75114
75205
  },
75115
75206
  required: ["account", "username"]
75116
75207
  };
@@ -75119,9 +75210,9 @@ var init_descriptor7 = __esm({
75119
75210
  displayName: "Snowflake",
75120
75211
  supportsPagination: false,
75121
75212
  configSchema: snowflakeConnectorConfigSchema,
75122
- create: () => {
75213
+ create: (driverManager) => {
75123
75214
  const { default: SnowflakeConnector2 } = (init_src8(), __toCommonJS(src_exports7));
75124
- return new SnowflakeConnector2();
75215
+ return new SnowflakeConnector2(driverManager);
75125
75216
  }
75126
75217
  };
75127
75218
  }
@@ -76682,6 +76773,22 @@ var init_querySplitter = __esm({
76682
76773
  });
76683
76774
 
76684
76775
  // src/server/DaemonMcpToolManager.ts
76776
+ function isSnowflakeBrowserSsoProfile(value) {
76777
+ if (!value || typeof value !== "object") {
76778
+ return false;
76779
+ }
76780
+ const profile = value;
76781
+ return profile["type"] === "snowflake" && (profile["authMode"] === "externalbrowser" || typeof profile["authenticator"] === "string" && profile["authenticator"].toLowerCase() === "externalbrowser");
76782
+ }
76783
+ function normalizeConnectionProfileForSave(profile) {
76784
+ const profileToSave = { ...profile };
76785
+ if (isSnowflakeBrowserSsoProfile(profileToSave)) {
76786
+ profileToSave["password"] = "";
76787
+ delete profileToSave["privateKeyPath"];
76788
+ delete profileToSave["privateKeyPassphrase"];
76789
+ }
76790
+ return profileToSave;
76791
+ }
76685
76792
  function stripCommentsAndStrings(sql) {
76686
76793
  let result = "";
76687
76794
  let inSingleQuote = false;
@@ -76770,6 +76877,7 @@ var init_DaemonMcpToolManager = __esm({
76770
76877
  this.queryExecutor = queryExecutor;
76771
76878
  this.connectionManager = connectionManager;
76772
76879
  this.connectorRegistry = connectorRegistry;
76880
+ this.options = options;
76773
76881
  this.safeMode = options.safeMode ?? true;
76774
76882
  this.queryOperationRunner = queryOperationRunner ?? new QueryOperationRunner(sessionManager, queryExecutor);
76775
76883
  }
@@ -76892,6 +77000,20 @@ var init_DaemonMcpToolManager = __esm({
76892
77000
  required: ["connectionProfile"]
76893
77001
  }
76894
77002
  },
77003
+ {
77004
+ name: "request_connection_credentials",
77005
+ description: "Create a short-lived local browser form where the user can enter credentials for a saved connection without exposing the secret in the MCP transcript. Share only the returned URL with the user; never ask them to paste credentials into chat.",
77006
+ inputSchema: {
77007
+ type: "object",
77008
+ properties: {
77009
+ connectionId: {
77010
+ type: "string",
77011
+ description: "Connection ID that should receive the safely submitted password."
77012
+ }
77013
+ },
77014
+ required: ["connectionId"]
77015
+ }
77016
+ },
76895
77017
  {
76896
77018
  name: "test_connection",
76897
77019
  description: "Test connectivity for a specific connection profile.",
@@ -77010,6 +77132,8 @@ var init_DaemonMcpToolManager = __esm({
77010
77132
  return this.handleListConnections();
77011
77133
  case "save_connection":
77012
77134
  return this.handleSaveConnection(args);
77135
+ case "request_connection_credentials":
77136
+ return this.handleRequestConnectionCredentials(args);
77013
77137
  case "test_connection":
77014
77138
  return this.handleTestConnection(args);
77015
77139
  case "delete_connection":
@@ -77181,11 +77305,45 @@ var init_DaemonMcpToolManager = __esm({
77181
77305
  if (!profile || !profile.id || !profile.name || !profile.type) {
77182
77306
  throw new Error("Invalid connection profile: missing id, name, or type");
77183
77307
  }
77184
- await this.connectionManager.saveProfile(profile);
77308
+ const profileToSave = normalizeConnectionProfileForSave(
77309
+ profile
77310
+ );
77311
+ await this.connectionManager.saveProfile(profileToSave);
77185
77312
  return {
77186
77313
  content: [{ type: "text", text: `Connection '${profile.id}' saved.` }]
77187
77314
  };
77188
77315
  }
77316
+ async handleRequestConnectionCredentials(args) {
77317
+ const service = this.options.credentialRequestService;
77318
+ if (!service) {
77319
+ throw new Error("Credential request UI is not available for this SQL Preview daemon.");
77320
+ }
77321
+ const connectionId = args?.connectionId;
77322
+ if (!connectionId) {
77323
+ throw new Error("connectionId is required");
77324
+ }
77325
+ const request = await service.create(connectionId);
77326
+ return {
77327
+ structuredContent: {
77328
+ connectionId: request.connectionId,
77329
+ connectionName: request.connectionName,
77330
+ url: request.url,
77331
+ expiresAt: new Date(request.expiresAt).toISOString()
77332
+ },
77333
+ content: [
77334
+ {
77335
+ type: "text",
77336
+ text: `Open this one-time SQL Preview credential form for '${request.connectionName}' and enter the password there; do not paste the password into chat.
77337
+
77338
+ ${request.url}
77339
+
77340
+ This link expires at ${new Date(
77341
+ request.expiresAt
77342
+ ).toISOString()}.`
77343
+ }
77344
+ ]
77345
+ };
77346
+ }
77189
77347
  async handleTestConnection(args) {
77190
77348
  const typedArgs = args;
77191
77349
  let typeToTest;
@@ -77681,6 +77839,7 @@ var init_DaemonQueryExecutor = __esm({
77681
77839
  this.logger.info(`Query execution completed for session ${sessionId}`);
77682
77840
  } catch (e) {
77683
77841
  const message = e instanceof Error ? e.message : String(e);
77842
+ const lowerMessage = message.toLowerCase();
77684
77843
  const looksLikeMissingDuckDb = message.includes("@duckdb/node-api") || message.includes("Cannot find module") || message.includes("native module is not available");
77685
77844
  if (isAutoRoutedDuckDbFileQuery && looksLikeMissingDuckDb) {
77686
77845
  throw new OptionalDependencyError({
@@ -77692,6 +77851,17 @@ var init_DaemonQueryExecutor = __esm({
77692
77851
  cause: message
77693
77852
  });
77694
77853
  }
77854
+ const looksLikeMissingSnowflakeSdk = message.includes("snowflake-sdk") || lowerMessage.includes("snowflake sdk") || lowerMessage.includes("sdk is not available");
77855
+ if (profile.type === "snowflake" && looksLikeMissingSnowflakeSdk) {
77856
+ throw new OptionalDependencyError({
77857
+ connector: "snowflake",
77858
+ dependency: "snowflake-sdk",
77859
+ capability: "Snowflake connections",
77860
+ installCommand: "npm install snowflake-sdk",
77861
+ guidance: "Snowflake connections require optional Snowflake SDK support, but the SDK is not available in this extension runtime.",
77862
+ cause: message
77863
+ });
77864
+ }
77695
77865
  if (querySignal.didTimeout()) {
77696
77866
  throw new Error(`Query timed out after ${this.queryConfig.timeoutMs}ms`);
77697
77867
  }
@@ -77774,6 +77944,79 @@ var init_DaemonQueryExecutor = __esm({
77774
77944
  }
77775
77945
  });
77776
77946
 
77947
+ // src/server/CredentialRequestService.ts
77948
+ var import_crypto3, DEFAULT_TTL_MS, CredentialRequestService;
77949
+ var init_CredentialRequestService = __esm({
77950
+ "src/server/CredentialRequestService.ts"() {
77951
+ "use strict";
77952
+ import_crypto3 = __toESM(require("crypto"));
77953
+ DEFAULT_TTL_MS = 10 * 60 * 1e3;
77954
+ CredentialRequestService = class {
77955
+ constructor(connectionManager, baseUrl, ttlMs = DEFAULT_TTL_MS) {
77956
+ this.connectionManager = connectionManager;
77957
+ this.baseUrl = baseUrl;
77958
+ this.ttlMs = ttlMs;
77959
+ this.requests = /* @__PURE__ */ new Map();
77960
+ }
77961
+ async create(connectionId) {
77962
+ this.pruneExpired();
77963
+ const profile = await this.connectionManager.getProfile(connectionId);
77964
+ if (!profile) {
77965
+ throw new Error(`Connection profile '${connectionId}' not found`);
77966
+ }
77967
+ const id = import_crypto3.default.randomUUID();
77968
+ const token = import_crypto3.default.randomBytes(24).toString("base64url");
77969
+ const request = {
77970
+ id,
77971
+ token,
77972
+ connectionId,
77973
+ connectionName: profile.name,
77974
+ expiresAt: Date.now() + this.ttlMs,
77975
+ url: `${this.baseUrl}/credential-requests/${encodeURIComponent(id)}?token=${encodeURIComponent(
77976
+ token
77977
+ )}`
77978
+ };
77979
+ this.requests.set(id, request);
77980
+ return request;
77981
+ }
77982
+ get(id, token) {
77983
+ this.pruneExpired();
77984
+ const request = this.requests.get(id);
77985
+ if (!request || request.token !== token) {
77986
+ return void 0;
77987
+ }
77988
+ return request;
77989
+ }
77990
+ async fulfill(id, token, password) {
77991
+ const request = this.get(id, token);
77992
+ if (!request) {
77993
+ throw new Error("Credential request is invalid or expired.");
77994
+ }
77995
+ if (!password) {
77996
+ throw new Error("Password is required.");
77997
+ }
77998
+ const profile = await this.connectionManager.getProfile(request.connectionId);
77999
+ if (!profile) {
78000
+ throw new Error(`Connection profile '${request.connectionId}' not found`);
78001
+ }
78002
+ await this.connectionManager.saveProfile({
78003
+ ...profile,
78004
+ password
78005
+ });
78006
+ this.requests.delete(id);
78007
+ return request;
78008
+ }
78009
+ pruneExpired(now = Date.now()) {
78010
+ for (const [id, request] of this.requests.entries()) {
78011
+ if (request.expiresAt <= now) {
78012
+ this.requests.delete(id);
78013
+ }
78014
+ }
78015
+ }
78016
+ };
78017
+ }
78018
+ });
78019
+
77777
78020
  // src/server/SessionManager.ts
77778
78021
  var import_events2, SessionManager;
77779
78022
  var init_SessionManager = __esm({
@@ -77971,6 +78214,42 @@ function registerDaemonHttpRoutes(context2, mcpHttpSurface) {
77971
78214
  configPath: context2.resolvedConfig.configPath
77972
78215
  });
77973
78216
  });
78217
+ app.get("/credential-requests/:id", (req, res) => {
78218
+ setCredentialPageHeaders(res);
78219
+ const id = req.params.id;
78220
+ const token = typeof req.query["token"] === "string" ? req.query["token"] : "";
78221
+ const request = id ? context2.credentialRequestService.get(id, token) : void 0;
78222
+ if (!request) {
78223
+ res.status(404).send(renderCredentialPage({ error: "This credential request is invalid or expired." }));
78224
+ return;
78225
+ }
78226
+ res.send(renderCredentialPage({ request }));
78227
+ });
78228
+ app.post(
78229
+ "/credential-requests/:id",
78230
+ import_express.default.urlencoded({ extended: false }),
78231
+ async (req, res) => {
78232
+ setCredentialPageHeaders(res);
78233
+ const id = req.params.id;
78234
+ const body = req.body;
78235
+ const token = typeof body.token === "string" ? body.token : "";
78236
+ const password = typeof body.password === "string" ? body.password : "";
78237
+ try {
78238
+ if (!id) {
78239
+ throw new Error("Credential request is invalid or expired.");
78240
+ }
78241
+ const request = await context2.credentialRequestService.fulfill(id, token, password);
78242
+ res.send(
78243
+ renderCredentialPage({
78244
+ success: `Password saved for '${request.connectionName}'. You can close this tab and ask your tool to retry the query.`
78245
+ })
78246
+ );
78247
+ } catch (err) {
78248
+ logger.warn("[Daemon] Credential request failed:", err);
78249
+ res.status(400).send(renderCredentialPage({ error: err instanceof Error ? err.message : String(err) }));
78250
+ }
78251
+ }
78252
+ );
77974
78253
  app.get("/embedded-app", async (_req, res) => {
77975
78254
  serveHtmlFile(res, "mcp-app.html", 'UI bundle not found. Please run "npm run build" first.');
77976
78255
  });
@@ -78154,7 +78433,7 @@ async function handleQueryRoute(context2, req, res, options) {
78154
78433
  res.status(400).json({ error: options.missingQueryMessage });
78155
78434
  return;
78156
78435
  }
78157
- const sessionId = typeof body.sessionId === "string" && body.sessionId.length > 0 ? body.sessionId : `${options.sessionPrefix}-${import_crypto3.default.randomUUID()}`;
78436
+ const sessionId = typeof body.sessionId === "string" && body.sessionId.length > 0 ? body.sessionId : `${options.sessionPrefix}-${import_crypto4.default.randomUUID()}`;
78158
78437
  const controller = new AbortController();
78159
78438
  const cleanupDisconnectAbort = attachAbortOnHttpDisconnect(
78160
78439
  req,
@@ -78233,11 +78512,77 @@ function findDistFile(fileName) {
78233
78512
  ];
78234
78513
  return candidates.find((candidate) => fs6.existsSync(candidate)) || candidates[0] || fileName;
78235
78514
  }
78236
- var import_crypto3, import_express, fs6, path4;
78515
+ function setCredentialPageHeaders(res) {
78516
+ res.setHeader("Cache-Control", "no-store");
78517
+ res.setHeader("Referrer-Policy", "no-referrer");
78518
+ res.setHeader("X-Content-Type-Options", "nosniff");
78519
+ }
78520
+ function renderCredentialPage(input) {
78521
+ const title = "SQL Preview Credential Request";
78522
+ const message = input.success || input.error || "";
78523
+ const escapedMessage = escapeHtml(message);
78524
+ const request = input.request;
78525
+ const form = request ? `<p>Enter the password for <strong>${escapeHtml(request.connectionName)}</strong>.</p>
78526
+ <p class="hint">The password is sent directly to the local SQL Preview daemon and is not shown in the MCP/chat transcript.</p>
78527
+ <form method="post" autocomplete="off">
78528
+ <input type="hidden" name="token" value="${escapeHtml(request.token)}" />
78529
+ <label for="password">Password</label>
78530
+ <input id="password" name="password" type="password" autocomplete="current-password" autofocus required />
78531
+ <button type="submit">Save password</button>
78532
+ </form>
78533
+ <p class="hint">This request expires at ${escapeHtml(new Date(request.expiresAt).toLocaleString())}.</p>` : "";
78534
+ return `<!doctype html>
78535
+ <html lang="en">
78536
+ <head>
78537
+ <meta charset="utf-8" />
78538
+ <meta name="viewport" content="width=device-width, initial-scale=1" />
78539
+ <title>${title}</title>
78540
+ <style>
78541
+ :root { color-scheme: light dark; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; }
78542
+ body { margin: 0; min-height: 100vh; display: grid; place-items: center; background: Canvas; color: CanvasText; }
78543
+ main { width: min(92vw, 32rem); padding: 2rem; border: 1px solid color-mix(in srgb, CanvasText 18%, transparent); border-radius: 12px; box-shadow: 0 12px 40px color-mix(in srgb, CanvasText 12%, transparent); }
78544
+ h1 { margin-top: 0; font-size: 1.35rem; }
78545
+ label { display: block; margin-bottom: 0.4rem; font-weight: 600; }
78546
+ input[type="password"] { box-sizing: border-box; width: 100%; padding: 0.75rem; border: 1px solid color-mix(in srgb, CanvasText 30%, transparent); border-radius: 8px; font: inherit; }
78547
+ button { margin-top: 1rem; padding: 0.7rem 1rem; border: 0; border-radius: 8px; background: #2563eb; color: white; font: inherit; font-weight: 700; cursor: pointer; }
78548
+ .hint { color: color-mix(in srgb, CanvasText 72%, transparent); }
78549
+ .success { color: #15803d; }
78550
+ .error { color: #b91c1c; }
78551
+ </style>
78552
+ </head>
78553
+ <body>
78554
+ <main>
78555
+ <h1>${title}</h1>
78556
+ ${input.success ? `<p class="success">${escapedMessage}</p>` : ""}
78557
+ ${input.error ? `<p class="error">${escapedMessage}</p>` : ""}
78558
+ ${form}
78559
+ </main>
78560
+ </body>
78561
+ </html>`;
78562
+ }
78563
+ function escapeHtml(value) {
78564
+ return value.replace(/[&<>'"]/g, (char) => {
78565
+ switch (char) {
78566
+ case "&":
78567
+ return "&amp;";
78568
+ case "<":
78569
+ return "&lt;";
78570
+ case ">":
78571
+ return "&gt;";
78572
+ case "'":
78573
+ return "&#39;";
78574
+ case '"':
78575
+ return "&quot;";
78576
+ default:
78577
+ return char;
78578
+ }
78579
+ });
78580
+ }
78581
+ var import_crypto4, import_express, fs6, path4;
78237
78582
  var init_DaemonHttpRoutes = __esm({
78238
78583
  "src/server/surfaces/DaemonHttpRoutes.ts"() {
78239
78584
  "use strict";
78240
- import_crypto3 = __toESM(require("crypto"));
78585
+ import_crypto4 = __toESM(require("crypto"));
78241
78586
  import_express = __toESM(require_express2());
78242
78587
  fs6 = __toESM(require("fs"));
78243
78588
  path4 = __toESM(require("path"));
@@ -78292,13 +78637,13 @@ function writeFromReadableStream(stream4, writable) {
78292
78637
  }
78293
78638
  return writeFromReadableStreamDefaultReader(stream4.getReader(), writable);
78294
78639
  }
78295
- var import_http22, import_http23, import_stream5, import_crypto4, RequestError, toRequestError, GlobalRequest, Request, newHeadersFromIncoming, wrapBodyStream, newRequestFromIncoming, getRequestCache, requestCache, incomingKey, urlKey, headersKey, abortControllerKey, getAbortController, requestPrototype, newRequest, responseCache, getResponseCache, cacheKey, GlobalResponse, Response2, buildOutgoingHttpHeaders, X_ALREADY_SENT, outgoingEnded, incomingDraining, DRAIN_TIMEOUT_MS, MAX_DRAIN_BYTES, drainIncoming, handleRequestError, handleFetchError, handleResponseError, flushHeaders, responseViaCache, isPromise, responseViaResponseObject, getRequestListener;
78640
+ var import_http22, import_http23, import_stream5, import_crypto5, RequestError, toRequestError, GlobalRequest, Request, newHeadersFromIncoming, wrapBodyStream, newRequestFromIncoming, getRequestCache, requestCache, incomingKey, urlKey, headersKey, abortControllerKey, getAbortController, requestPrototype, newRequest, responseCache, getResponseCache, cacheKey, GlobalResponse, Response2, buildOutgoingHttpHeaders, X_ALREADY_SENT, outgoingEnded, incomingDraining, DRAIN_TIMEOUT_MS, MAX_DRAIN_BYTES, drainIncoming, handleRequestError, handleFetchError, handleResponseError, flushHeaders, responseViaCache, isPromise, responseViaResponseObject, getRequestListener;
78296
78641
  var init_dist = __esm({
78297
78642
  "node_modules/@hono/node-server/dist/index.mjs"() {
78298
78643
  import_http22 = require("http2");
78299
78644
  import_http23 = require("http2");
78300
78645
  import_stream5 = require("stream");
78301
- import_crypto4 = __toESM(require("crypto"), 1);
78646
+ import_crypto5 = __toESM(require("crypto"), 1);
78302
78647
  RequestError = class extends Error {
78303
78648
  constructor(message, options) {
78304
78649
  super(message, options);
@@ -78592,7 +78937,7 @@ var init_dist = __esm({
78592
78937
  };
78593
78938
  X_ALREADY_SENT = "x-hono-already-sent";
78594
78939
  if (typeof global.crypto === "undefined") {
78595
- global.crypto = import_crypto4.default;
78940
+ global.crypto = import_crypto5.default;
78596
78941
  }
78597
78942
  outgoingEnded = Symbol("outgoingEnded");
78598
78943
  incomingDraining = Symbol("incomingDraining");
@@ -126667,11 +127012,11 @@ var init_McpServerFactory = __esm({
126667
127012
  });
126668
127013
 
126669
127014
  // src/server/surfaces/DaemonMcpHttpSurface.ts
126670
- var import_crypto5, DaemonMcpHttpSurface;
127015
+ var import_crypto6, DaemonMcpHttpSurface;
126671
127016
  var init_DaemonMcpHttpSurface = __esm({
126672
127017
  "src/server/surfaces/DaemonMcpHttpSurface.ts"() {
126673
127018
  "use strict";
126674
- import_crypto5 = __toESM(require("crypto"));
127019
+ import_crypto6 = __toESM(require("crypto"));
126675
127020
  init_streamableHttp();
126676
127021
  init_ConsoleLogger();
126677
127022
  init_logRedaction();
@@ -126751,7 +127096,7 @@ var init_DaemonMcpHttpSurface = __esm({
126751
127096
  if (typeof headerSessionId === "string" && headerSessionId.length > 0) {
126752
127097
  return headerSessionId;
126753
127098
  }
126754
- return `session-${import_crypto5.default.randomUUID()}`;
127099
+ return `session-${import_crypto6.default.randomUUID()}`;
126755
127100
  }
126756
127101
  async getOrCreateSession(sessionId) {
126757
127102
  const existingSession = this.sessions.get(sessionId);
@@ -127265,7 +127610,7 @@ var require_permessage_deflate = __commonJS({
127265
127610
  var kBuffers = Symbol("buffers");
127266
127611
  var kError = Symbol("error");
127267
127612
  var zlibLimiter;
127268
- var PerMessageDeflate = class {
127613
+ var PerMessageDeflate2 = class {
127269
127614
  /**
127270
127615
  * Creates a PerMessageDeflate instance.
127271
127616
  *
@@ -127276,6 +127621,9 @@ var require_permessage_deflate = __commonJS({
127276
127621
  * acknowledge disabling of client context takeover
127277
127622
  * @param {Number} [options.concurrencyLimit=10] The number of concurrent
127278
127623
  * calls to zlib
127624
+ * @param {Boolean} [options.isServer=false] Create the instance in either
127625
+ * server or client mode
127626
+ * @param {Number} [options.maxPayload=0] The maximum allowed message length
127279
127627
  * @param {(Boolean|Number)} [options.serverMaxWindowBits] Request/confirm the
127280
127628
  * use of a custom server window size
127281
127629
  * @param {Boolean} [options.serverNoContextTakeover=false] Request/accept
@@ -127286,15 +127634,12 @@ var require_permessage_deflate = __commonJS({
127286
127634
  * deflate
127287
127635
  * @param {Object} [options.zlibInflateOptions] Options to pass to zlib on
127288
127636
  * inflate
127289
- * @param {Boolean} [isServer=false] Create the instance in either server or
127290
- * client mode
127291
- * @param {Number} [maxPayload=0] The maximum allowed message length
127292
127637
  */
127293
- constructor(options, isServer, maxPayload) {
127294
- this._maxPayload = maxPayload | 0;
127638
+ constructor(options) {
127295
127639
  this._options = options || {};
127296
127640
  this._threshold = this._options.threshold !== void 0 ? this._options.threshold : 1024;
127297
- this._isServer = !!isServer;
127641
+ this._maxPayload = this._options.maxPayload | 0;
127642
+ this._isServer = !!this._options.isServer;
127298
127643
  this._deflate = null;
127299
127644
  this._inflate = null;
127300
127645
  this.params = null;
@@ -127604,7 +127949,7 @@ var require_permessage_deflate = __commonJS({
127604
127949
  });
127605
127950
  }
127606
127951
  };
127607
- module2.exports = PerMessageDeflate;
127952
+ module2.exports = PerMessageDeflate2;
127608
127953
  function deflateOnData(chunk) {
127609
127954
  this[kBuffers].push(chunk);
127610
127955
  this[kTotalLength] += chunk.length;
@@ -127839,7 +128184,7 @@ var require_receiver = __commonJS({
127839
128184
  "node_modules/ws/lib/receiver.js"(exports, module2) {
127840
128185
  "use strict";
127841
128186
  var { Writable } = require("stream");
127842
- var PerMessageDeflate = require_permessage_deflate();
128187
+ var PerMessageDeflate2 = require_permessage_deflate();
127843
128188
  var {
127844
128189
  BINARY_TYPES,
127845
128190
  EMPTY_BUFFER,
@@ -127869,6 +128214,10 @@ var require_receiver = __commonJS({
127869
128214
  * extensions
127870
128215
  * @param {Boolean} [options.isServer=false] Specifies whether to operate in
127871
128216
  * client or server mode
128217
+ * @param {Number} [options.maxBufferedChunks=0] The maximum number of
128218
+ * buffered data chunks
128219
+ * @param {Number} [options.maxFragments=0] The maximum number of message
128220
+ * fragments
127872
128221
  * @param {Number} [options.maxPayload=0] The maximum allowed message length
127873
128222
  * @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
127874
128223
  * not to skip UTF-8 validation for text and close messages
@@ -127879,6 +128228,8 @@ var require_receiver = __commonJS({
127879
128228
  this._binaryType = options.binaryType || BINARY_TYPES[0];
127880
128229
  this._extensions = options.extensions || {};
127881
128230
  this._isServer = !!options.isServer;
128231
+ this._maxBufferedChunks = options.maxBufferedChunks | 0;
128232
+ this._maxFragments = options.maxFragments | 0;
127882
128233
  this._maxPayload = options.maxPayload | 0;
127883
128234
  this._skipUTF8Validation = !!options.skipUTF8Validation;
127884
128235
  this[kWebSocket] = void 0;
@@ -127909,6 +128260,18 @@ var require_receiver = __commonJS({
127909
128260
  _write(chunk, encoding, cb) {
127910
128261
  if (this._opcode === 8 && this._state == GET_INFO)
127911
128262
  return cb();
128263
+ if (this._maxBufferedChunks > 0 && this._buffers.length >= this._maxBufferedChunks) {
128264
+ cb(
128265
+ this.createError(
128266
+ RangeError,
128267
+ "Too many buffered chunks",
128268
+ false,
128269
+ 1008,
128270
+ "WS_ERR_TOO_MANY_BUFFERED_PARTS"
128271
+ )
128272
+ );
128273
+ return;
128274
+ }
127912
128275
  this._bufferedBytes += chunk.length;
127913
128276
  this._buffers.push(chunk);
127914
128277
  this.startLoop(cb);
@@ -128009,7 +128372,7 @@ var require_receiver = __commonJS({
128009
128372
  return;
128010
128373
  }
128011
128374
  const compressed = (buf[0] & 64) === 64;
128012
- if (compressed && !this._extensions[PerMessageDeflate.extensionName]) {
128375
+ if (compressed && !this._extensions[PerMessageDeflate2.extensionName]) {
128013
128376
  const error2 = this.createError(
128014
128377
  RangeError,
128015
128378
  "RSV1 must be clear",
@@ -128246,6 +128609,17 @@ var require_receiver = __commonJS({
128246
128609
  return;
128247
128610
  }
128248
128611
  if (data.length) {
128612
+ if (this._maxFragments > 0 && this._fragments.length >= this._maxFragments) {
128613
+ const error2 = this.createError(
128614
+ RangeError,
128615
+ "Too many message fragments",
128616
+ false,
128617
+ 1008,
128618
+ "WS_ERR_TOO_MANY_BUFFERED_PARTS"
128619
+ );
128620
+ cb(error2);
128621
+ return;
128622
+ }
128249
128623
  this._messageLength = this._totalPayloadLength;
128250
128624
  this._fragments.push(data);
128251
128625
  }
@@ -128259,7 +128633,7 @@ var require_receiver = __commonJS({
128259
128633
  * @private
128260
128634
  */
128261
128635
  decompress(data, cb) {
128262
- const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
128636
+ const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
128263
128637
  perMessageDeflate.decompress(data, this._fin, (err, buf) => {
128264
128638
  if (err)
128265
128639
  return cb(err);
@@ -128276,6 +128650,17 @@ var require_receiver = __commonJS({
128276
128650
  cb(error2);
128277
128651
  return;
128278
128652
  }
128653
+ if (this._maxFragments > 0 && this._fragments.length >= this._maxFragments) {
128654
+ const error2 = this.createError(
128655
+ RangeError,
128656
+ "Too many message fragments",
128657
+ false,
128658
+ 1008,
128659
+ "WS_ERR_TOO_MANY_BUFFERED_PARTS"
128660
+ );
128661
+ cb(error2);
128662
+ return;
128663
+ }
128279
128664
  this._fragments.push(buf);
128280
128665
  }
128281
128666
  this.dataMessage(cb);
@@ -128443,7 +128828,10 @@ var require_sender = __commonJS({
128443
128828
  "use strict";
128444
128829
  var { Duplex } = require("stream");
128445
128830
  var { randomFillSync } = require("crypto");
128446
- var PerMessageDeflate = require_permessage_deflate();
128831
+ var {
128832
+ types: { isUint8Array }
128833
+ } = require("util");
128834
+ var PerMessageDeflate2 = require_permessage_deflate();
128447
128835
  var { EMPTY_BUFFER, kWebSocket, NOOP } = require_constants3();
128448
128836
  var { isBlob: isBlob2, isValidStatusCode } = require_validation3();
128449
128837
  var { mask: applyMask, toBuffer } = require_buffer_util();
@@ -128599,8 +128987,10 @@ var require_sender = __commonJS({
128599
128987
  buf.writeUInt16BE(code, 0);
128600
128988
  if (typeof data === "string") {
128601
128989
  buf.write(data, 2);
128602
- } else {
128990
+ } else if (isUint8Array(data)) {
128603
128991
  buf.set(data, 2);
128992
+ } else {
128993
+ throw new TypeError("Second argument must be a string or a Uint8Array");
128604
128994
  }
128605
128995
  }
128606
128996
  const options = {
@@ -128730,7 +129120,7 @@ var require_sender = __commonJS({
128730
129120
  * @public
128731
129121
  */
128732
129122
  send(data, options, cb) {
128733
- const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
129123
+ const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
128734
129124
  let opcode = options.binary ? 2 : 1;
128735
129125
  let rsv1 = options.compress;
128736
129126
  let byteLength;
@@ -128855,7 +129245,7 @@ var require_sender = __commonJS({
128855
129245
  this.sendFrame(Sender2.frame(data, options), cb);
128856
129246
  return;
128857
129247
  }
128858
- const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
129248
+ const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
128859
129249
  this._bufferedBytes += options[kByteLength];
128860
129250
  this._state = DEFLATING;
128861
129251
  perMessageDeflate.compress(data, options.fin, (_, buf) => {
@@ -129310,12 +129700,12 @@ var require_extension = __commonJS({
129310
129700
  return offers;
129311
129701
  }
129312
129702
  function format(extensions) {
129313
- return Object.keys(extensions).map((extension) => {
129314
- let configurations = extensions[extension];
129703
+ return Object.keys(extensions).map((extension2) => {
129704
+ let configurations = extensions[extension2];
129315
129705
  if (!Array.isArray(configurations))
129316
129706
  configurations = [configurations];
129317
129707
  return configurations.map((params) => {
129318
- return [extension].concat(
129708
+ return [extension2].concat(
129319
129709
  Object.keys(params).map((k) => {
129320
129710
  let values = params[k];
129321
129711
  if (!Array.isArray(values))
@@ -129342,7 +129732,7 @@ var require_websocket = __commonJS({
129342
129732
  var { randomBytes, createHash } = require("crypto");
129343
129733
  var { Duplex, Readable: Readable4 } = require("stream");
129344
129734
  var { URL: URL2 } = require("url");
129345
- var PerMessageDeflate = require_permessage_deflate();
129735
+ var PerMessageDeflate2 = require_permessage_deflate();
129346
129736
  var Receiver2 = require_receiver();
129347
129737
  var Sender2 = require_sender();
129348
129738
  var { isBlob: isBlob2 } = require_validation3();
@@ -129504,6 +129894,10 @@ var require_websocket = __commonJS({
129504
129894
  * multiple times in the same tick
129505
129895
  * @param {Function} [options.generateMask] The function used to generate the
129506
129896
  * masking key
129897
+ * @param {Number} [options.maxBufferedChunks=0] The maximum number of
129898
+ * buffered data chunks
129899
+ * @param {Number} [options.maxFragments=0] The maximum number of message
129900
+ * fragments
129507
129901
  * @param {Number} [options.maxPayload=0] The maximum allowed message size
129508
129902
  * @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
129509
129903
  * not to skip UTF-8 validation for text and close messages
@@ -129515,6 +129909,8 @@ var require_websocket = __commonJS({
129515
129909
  binaryType: this.binaryType,
129516
129910
  extensions: this._extensions,
129517
129911
  isServer: this._isServer,
129912
+ maxBufferedChunks: options.maxBufferedChunks,
129913
+ maxFragments: options.maxFragments,
129518
129914
  maxPayload: options.maxPayload,
129519
129915
  skipUTF8Validation: options.skipUTF8Validation
129520
129916
  });
@@ -129556,8 +129952,8 @@ var require_websocket = __commonJS({
129556
129952
  this.emit("close", this._closeCode, this._closeMessage);
129557
129953
  return;
129558
129954
  }
129559
- if (this._extensions[PerMessageDeflate.extensionName]) {
129560
- this._extensions[PerMessageDeflate.extensionName].cleanup();
129955
+ if (this._extensions[PerMessageDeflate2.extensionName]) {
129956
+ this._extensions[PerMessageDeflate2.extensionName].cleanup();
129561
129957
  }
129562
129958
  this._receiver.removeAllListeners();
129563
129959
  this._readyState = WebSocket2.CLOSED;
@@ -129727,7 +130123,7 @@ var require_websocket = __commonJS({
129727
130123
  fin: true,
129728
130124
  ...options
129729
130125
  };
129730
- if (!this._extensions[PerMessageDeflate.extensionName]) {
130126
+ if (!this._extensions[PerMessageDeflate2.extensionName]) {
129731
130127
  opts.compress = false;
129732
130128
  }
129733
130129
  this._sender.send(data || EMPTY_BUFFER, opts, cb);
@@ -129828,6 +130224,8 @@ var require_websocket = __commonJS({
129828
130224
  autoPong: true,
129829
130225
  closeTimeout: CLOSE_TIMEOUT,
129830
130226
  protocolVersion: protocolVersions[1],
130227
+ maxBufferedChunks: 1024 * 1024,
130228
+ maxFragments: 128 * 1024,
129831
130229
  maxPayload: 100 * 1024 * 1024,
129832
130230
  skipUTF8Validation: false,
129833
130231
  perMessageDeflate: true,
@@ -129856,7 +130254,7 @@ var require_websocket = __commonJS({
129856
130254
  } else {
129857
130255
  try {
129858
130256
  parsedUrl = new URL2(address);
129859
- } catch (e) {
130257
+ } catch {
129860
130258
  throw new SyntaxError(`Invalid URL: ${address}`);
129861
130259
  }
129862
130260
  }
@@ -129904,13 +130302,13 @@ var require_websocket = __commonJS({
129904
130302
  opts.path = parsedUrl.pathname + parsedUrl.search;
129905
130303
  opts.timeout = opts.handshakeTimeout;
129906
130304
  if (opts.perMessageDeflate) {
129907
- perMessageDeflate = new PerMessageDeflate(
129908
- opts.perMessageDeflate !== true ? opts.perMessageDeflate : {},
129909
- false,
129910
- opts.maxPayload
129911
- );
130305
+ perMessageDeflate = new PerMessageDeflate2({
130306
+ ...opts.perMessageDeflate,
130307
+ isServer: false,
130308
+ maxPayload: opts.maxPayload
130309
+ });
129912
130310
  opts.headers["Sec-WebSocket-Extensions"] = format({
129913
- [PerMessageDeflate.extensionName]: perMessageDeflate.offer()
130311
+ [PerMessageDeflate2.extensionName]: perMessageDeflate.offer()
129914
130312
  });
129915
130313
  }
129916
130314
  if (protocols.length) {
@@ -130057,23 +130455,25 @@ var require_websocket = __commonJS({
130057
130455
  return;
130058
130456
  }
130059
130457
  const extensionNames = Object.keys(extensions);
130060
- if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate.extensionName) {
130458
+ if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate2.extensionName) {
130061
130459
  const message = "Server indicated an extension that was not requested";
130062
130460
  abortHandshake(websocket, socket, message);
130063
130461
  return;
130064
130462
  }
130065
130463
  try {
130066
- perMessageDeflate.accept(extensions[PerMessageDeflate.extensionName]);
130464
+ perMessageDeflate.accept(extensions[PerMessageDeflate2.extensionName]);
130067
130465
  } catch (err) {
130068
130466
  const message = "Invalid Sec-WebSocket-Extensions header";
130069
130467
  abortHandshake(websocket, socket, message);
130070
130468
  return;
130071
130469
  }
130072
- websocket._extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
130470
+ websocket._extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
130073
130471
  }
130074
130472
  websocket.setSocket(socket, head, {
130075
130473
  allowSynchronousEvents: opts.allowSynchronousEvents,
130076
130474
  generateMask: opts.generateMask,
130475
+ maxBufferedChunks: opts.maxBufferedChunks,
130476
+ maxFragments: opts.maxFragments,
130077
130477
  maxPayload: opts.maxPayload,
130078
130478
  skipUTF8Validation: opts.skipUTF8Validation
130079
130479
  });
@@ -130407,9 +130807,9 @@ var require_websocket_server = __commonJS({
130407
130807
  var http4 = require("http");
130408
130808
  var { Duplex } = require("stream");
130409
130809
  var { createHash } = require("crypto");
130410
- var extension = require_extension();
130411
- var PerMessageDeflate = require_permessage_deflate();
130412
- var subprotocol = require_subprotocol();
130810
+ var extension2 = require_extension();
130811
+ var PerMessageDeflate2 = require_permessage_deflate();
130812
+ var subprotocol2 = require_subprotocol();
130413
130813
  var WebSocket2 = require_websocket();
130414
130814
  var { CLOSE_TIMEOUT, GUID, kWebSocket } = require_constants3();
130415
130815
  var keyRegex = /^[+/0-9A-Za-z]{22}==$/;
@@ -130435,6 +130835,10 @@ var require_websocket_server = __commonJS({
130435
130835
  * called
130436
130836
  * @param {Function} [options.handleProtocols] A hook to handle protocols
130437
130837
  * @param {String} [options.host] The hostname where to bind the server
130838
+ * @param {Number} [options.maxBufferedChunks=1048576] The maximum number of
130839
+ * buffered data chunks
130840
+ * @param {Number} [options.maxFragments=131072] The maximum number of message
130841
+ * fragments
130438
130842
  * @param {Number} [options.maxPayload=104857600] The maximum allowed message
130439
130843
  * size
130440
130844
  * @param {Boolean} [options.noServer=false] Enable no server mode
@@ -130456,6 +130860,8 @@ var require_websocket_server = __commonJS({
130456
130860
  options = {
130457
130861
  allowSynchronousEvents: true,
130458
130862
  autoPong: true,
130863
+ maxBufferedChunks: 1024 * 1024,
130864
+ maxFragments: 128 * 1024,
130459
130865
  maxPayload: 100 * 1024 * 1024,
130460
130866
  skipUTF8Validation: false,
130461
130867
  perMessageDeflate: false,
@@ -130637,7 +131043,7 @@ var require_websocket_server = __commonJS({
130637
131043
  let protocols = /* @__PURE__ */ new Set();
130638
131044
  if (secWebSocketProtocol !== void 0) {
130639
131045
  try {
130640
- protocols = subprotocol.parse(secWebSocketProtocol);
131046
+ protocols = subprotocol2.parse(secWebSocketProtocol);
130641
131047
  } catch (err) {
130642
131048
  const message = "Invalid Sec-WebSocket-Protocol header";
130643
131049
  abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
@@ -130647,16 +131053,16 @@ var require_websocket_server = __commonJS({
130647
131053
  const secWebSocketExtensions = req.headers["sec-websocket-extensions"];
130648
131054
  const extensions = {};
130649
131055
  if (this.options.perMessageDeflate && secWebSocketExtensions !== void 0) {
130650
- const perMessageDeflate = new PerMessageDeflate(
130651
- this.options.perMessageDeflate,
130652
- true,
130653
- this.options.maxPayload
130654
- );
131056
+ const perMessageDeflate = new PerMessageDeflate2({
131057
+ ...this.options.perMessageDeflate,
131058
+ isServer: true,
131059
+ maxPayload: this.options.maxPayload
131060
+ });
130655
131061
  try {
130656
- const offers = extension.parse(secWebSocketExtensions);
130657
- if (offers[PerMessageDeflate.extensionName]) {
130658
- perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
130659
- extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
131062
+ const offers = extension2.parse(secWebSocketExtensions);
131063
+ if (offers[PerMessageDeflate2.extensionName]) {
131064
+ perMessageDeflate.accept(offers[PerMessageDeflate2.extensionName]);
131065
+ extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
130660
131066
  }
130661
131067
  } catch (err) {
130662
131068
  const message = "Invalid or unacceptable Sec-WebSocket-Extensions header";
@@ -130730,10 +131136,10 @@ var require_websocket_server = __commonJS({
130730
131136
  ws._protocol = protocol;
130731
131137
  }
130732
131138
  }
130733
- if (extensions[PerMessageDeflate.extensionName]) {
130734
- const params = extensions[PerMessageDeflate.extensionName].params;
130735
- const value = extension.format({
130736
- [PerMessageDeflate.extensionName]: [params]
131139
+ if (extensions[PerMessageDeflate2.extensionName]) {
131140
+ const params = extensions[PerMessageDeflate2.extensionName].params;
131141
+ const value = extension2.format({
131142
+ [PerMessageDeflate2.extensionName]: [params]
130737
131143
  });
130738
131144
  headers.push(`Sec-WebSocket-Extensions: ${value}`);
130739
131145
  ws._extensions = extensions;
@@ -130743,6 +131149,8 @@ var require_websocket_server = __commonJS({
130743
131149
  socket.removeListener("error", socketOnError);
130744
131150
  ws.setSocket(socket, head, {
130745
131151
  allowSynchronousEvents: this.options.allowSynchronousEvents,
131152
+ maxBufferedChunks: this.options.maxBufferedChunks,
131153
+ maxFragments: this.options.maxFragments,
130746
131154
  maxPayload: this.options.maxPayload,
130747
131155
  skipUTF8Validation: this.options.skipUTF8Validation
130748
131156
  });
@@ -130802,12 +131210,15 @@ var require_websocket_server = __commonJS({
130802
131210
  });
130803
131211
 
130804
131212
  // node_modules/ws/wrapper.mjs
130805
- var import_stream7, import_receiver, import_sender, import_websocket, import_websocket_server;
131213
+ var import_stream7, import_extension, import_permessage_deflate, import_receiver, import_sender, import_subprotocol, import_websocket, import_websocket_server;
130806
131214
  var init_wrapper = __esm({
130807
131215
  "node_modules/ws/wrapper.mjs"() {
130808
131216
  import_stream7 = __toESM(require_stream(), 1);
131217
+ import_extension = __toESM(require_extension(), 1);
131218
+ import_permessage_deflate = __toESM(require_permessage_deflate(), 1);
130809
131219
  import_receiver = __toESM(require_receiver(), 1);
130810
131220
  import_sender = __toESM(require_sender(), 1);
131221
+ import_subprotocol = __toESM(require_subprotocol(), 1);
130811
131222
  import_websocket = __toESM(require_websocket(), 1);
130812
131223
  import_websocket_server = __toESM(require_websocket_server(), 1);
130813
131224
  }
@@ -131047,7 +131458,8 @@ var init_DaemonSurfaceManager = __esm({
131047
131458
  refreshActivity: this.options.refreshActivity,
131048
131459
  resolvedConfig: this.options.resolvedConfig,
131049
131460
  sessionManager: this.options.sessionManager,
131050
- getSurfaceStatus: () => this.getStatus()
131461
+ getSurfaceStatus: () => this.getStatus(),
131462
+ credentialRequestService: this.options.credentialRequestService
131051
131463
  },
131052
131464
  this.mcpHttpSurface
131053
131465
  );
@@ -131146,6 +131558,7 @@ var init_Daemon = __esm({
131146
131558
  init_DaemonMcpToolManager();
131147
131559
  init_DaemonQueryExecutor();
131148
131560
  init_QueryOperationRunner();
131561
+ init_CredentialRequestService();
131149
131562
  init_SessionManager();
131150
131563
  init_DaemonSurfaceManager();
131151
131564
  Daemon = class {
@@ -131182,13 +131595,20 @@ var init_Daemon = __esm({
131182
131595
  this.config.query
131183
131596
  );
131184
131597
  this.queryOperationRunner = new QueryOperationRunner(this.sessionManager, this.queryExecutor);
131598
+ this.credentialRequestService = new CredentialRequestService(
131599
+ this.connectionManager,
131600
+ this.getHttpBaseUrl()
131601
+ );
131185
131602
  this.toolManager = new DaemonMcpToolManager(
131186
131603
  this.sessionManager,
131187
131604
  this.queryExecutor,
131188
131605
  this.connectionManager,
131189
131606
  this.connectorRegistry,
131190
131607
  this.queryOperationRunner,
131191
- { safeMode: this.config.mcp.safeMode }
131608
+ {
131609
+ safeMode: this.config.mcp.safeMode,
131610
+ credentialRequestService: this.credentialRequestService
131611
+ }
131192
131612
  );
131193
131613
  this.surfaceManager = new DaemonSurfaceManager({
131194
131614
  app: this.app,
@@ -131201,7 +131621,8 @@ var init_Daemon = __esm({
131201
131621
  resolvedConfig: this.resolvedConfig,
131202
131622
  sessionManager: this.sessionManager,
131203
131623
  socketPath: this.SOCKET_PATH,
131204
- toolManager: this.toolManager
131624
+ toolManager: this.toolManager,
131625
+ credentialRequestService: this.credentialRequestService
131205
131626
  });
131206
131627
  this.surfaceManager.registerHttpRoutes();
131207
131628
  this.setupLifecycle();
@@ -131210,6 +131631,10 @@ var init_Daemon = __esm({
131210
131631
  (e) => logger.warn("[Daemon] Failed to create built-in connections:", e)
131211
131632
  );
131212
131633
  }
131634
+ getHttpBaseUrl() {
131635
+ const host = ["0.0.0.0", "::", ""].includes(this.config.server.host) ? "127.0.0.1" : this.config.server.host;
131636
+ return `http://${host}:${this.HTTP_PORT}`;
131637
+ }
131213
131638
  /**
131214
131639
  * Auto-provisions built-in connections that should always be available.
131215
131640
  * DuckDB :memory: allows CSV/Parquet queries without any manual setup.