taurusdb-core 0.2.0 → 0.3.0

package/dist/auth/sql-profile-loader/loader.js

@@ -3,6 +3,7 @@ import os from "node:os";
 import path from "node:path";
 import { parseEnvProfile } from "./env-source.js";
 import { parseProfilesFile } from "./file-source.js";
+import { withRedactedToString } from "./parsing.js";
 export function resolveDefaultProfilePath(config) {
     if (config.profilesPath) {
         return config.profilesPath;
@@ -67,6 +68,13 @@ export class SqlProfileLoader {
                 mergedProfiles.set(name, profile);
             }
         }
+        if (mergedProfiles.size === 0) {
+            mergedProfiles.set("taurus_mcp", withRedactedToString({
+                name: "taurus_mcp",
+                engine: "mysql",
+                port: 3306,
+            }));
+        }
         const defaultDatasource = this.config.defaultDatasource ??
             fileDefaultDatasource ??
             (mergedProfiles.size === 1 ? mergedProfiles.keys().next().value : undefined);

package/dist/auth/sql-profile-loader/runtime-override.d.ts

@@ -5,6 +5,7 @@ export declare class RuntimeOverrideProfileLoader implements RuntimeTargetProfil
     private readonly runtimeTargets;
     constructor(base: ProfileLoader);
     setRuntimeTarget(name: string, target: RuntimeDataSourceTarget): void;
+    clearRuntimeUser(name: string): void;
     clearRuntimeTarget(name: string): void;
     clearAllRuntimeTargets(): void;
     getRuntimeTarget(name: string): RuntimeDataSourceTarget | undefined;

package/dist/auth/sql-profile-loader/runtime-override.js

@@ -29,6 +29,14 @@ export class RuntimeOverrideProfileLoader {
         };
         this.runtimeTargets.set(name, next);
     }
+    clearRuntimeUser(name) {
+        const current = this.runtimeTargets.get(name);
+        if (!current) {
+            return;
+        }
+        const { user: _user, ...next } = current;
+        this.runtimeTargets.set(name, next);
+    }
     clearRuntimeTarget(name) {
         this.runtimeTargets.delete(name);
     }

package/dist/auth/sql-profile-loader/types.d.ts

@@ -31,7 +31,7 @@ export interface DataSourceProfile {
     host?: string;
     port: number;
     database?: string;
-    user: UserCredential;
+    user?: UserCredential;
     tls?: TlsOptions;
     poolSize?: number;
     toString(): string;
@@ -51,6 +51,7 @@ export interface RuntimeDataSourceTarget {
 }
 export interface RuntimeTargetProfileLoader extends ProfileLoader {
     setRuntimeTarget(name: string, target: RuntimeDataSourceTarget): void;
+    clearRuntimeUser(name: string): void;
     clearRuntimeTarget(name: string): void;
     clearAllRuntimeTargets(): void;
     getRuntimeTarget(name: string): RuntimeDataSourceTarget | undefined;

package/dist/engine/runtime.js

@@ -1,6 +1,6 @@
 import { UnsupportedFeatureError } from "../capability/types.js";
 import { InMemoryConfirmationStore } from "../safety/confirmation-store.js";
-import { buildFlashbackSql, FlashbackNoViewError, flashbackReadonlyOptions, formatTimestamp, resolveRelativeTimestampFromBase, resolveFlashbackTimestamp, } from "../taurus/flashback.js";
+import { buildFlashbackSql, FlashbackNoViewError, flashbackReadonlyOptions, formatTimestamp, normalizeFlashbackWhereClause, resolveRelativeTimestampFromBase, resolveFlashbackTimestamp, } from "../taurus/flashback.js";
 import { buildListRecycleBinSql, buildRestoreRecycleBinTableSql, recycleBinMutationOptions, recycleBinReadonlyOptions } from "../taurus/recycle-bin.js";
 import { normalizeSql, sqlHash } from "../utils/hash.js";
 function resolveConfirmationSql(input) {
@@ -90,7 +90,8 @@ async function buildFlashbackNoViewError(engine, ctx, input, database, requested
     }
     if (input.where?.trim()) {
         try {
-            const updatedAtResult = await engine.executor.executeReadonly(`SELECT ${quoteIdentifier("updated_at")} FROM ${quoteIdentifier(database)}.${quoteIdentifier(input.table)} WHERE (${input.where.trim()}) LIMIT 1`, ctx, { maxRows: 1, maxColumns: 1, maxFieldChars: 128 });
+            const where = normalizeFlashbackWhereClause(input.where);
+            const updatedAtResult = await engine.executor.executeReadonly(`SELECT ${quoteIdentifier("updated_at")} FROM ${quoteIdentifier(database)}.${quoteIdentifier(input.table)} WHERE (${where}) LIMIT 1`, ctx, { maxRows: 1, maxColumns: 1, maxFieldChars: 128 });
             const updatedAtRow = firstRowAsObject(updatedAtResult);
             if (typeof updatedAtRow?.updated_at === "string") {
                 details.current_row_updated_at = updatedAtRow.updated_at;

package/dist/executor/connection-pool.js

@@ -33,6 +33,10 @@ async function resolveTls(tls, secretResolver) {
     return resolved;
 }
 function selectCredential(profile, mode, _opts = {}) {
+    void mode;
+    if (!profile.user) {
+        throw new ConnectionPoolError(`Datasource "${profile.name}" does not define SQL credentials. Call begin_sql_login and complete the secure local login form before executing SQL.`);
+    }
     return profile.user;
 }
 async function resolveCredentialValue(ref, secretResolver, context) {

package/dist/taurus/flashback.d.ts

@@ -13,6 +13,7 @@ export interface FlashbackInput {
     columns?: string[];
     limit?: number;
 }
+export declare function normalizeFlashbackWhereClause(where: string): string;
 export type FlashbackNoViewDetails = {
     database?: string;
     table?: string;

package/dist/taurus/flashback.js

@@ -1,3 +1,5 @@
+import { createSqlParser } from "../safety/parser/index.js";
+import { normalizeSql } from "../utils/hash.js";
 const IDENTIFIER_PATTERN = /^[A-Za-z_][A-Za-z0-9_$]*$/;
 const SQL_TIMESTAMP_PATTERN = /^(\d{4}-\d{2}-\d{2})[ T](\d{2}:\d{2}:\d{2})(?:\.\d{1,6})?$/;
 const RELATIVE_DURATION_PATTERN = /(\d+)\s*(ms|milliseconds?|s|sec|secs|seconds?|m|min|mins|minutes?|h|hr|hrs|hours?|d|days?)/gi;
@@ -30,6 +32,15 @@ function quoteIdentifier(identifier, fieldName) {
     }
     return `\`${identifier}\``;
 }
+export function normalizeFlashbackWhereClause(where) {
+    const parser = createSqlParser("mysql");
+    const candidate = parser.normalize(`SELECT 1 FROM placeholder WHERE (${where})`);
+    const parsed = parser.parse(candidate.normalizedSql);
+    if (!parsed.ok || parsed.isMultiStatement || parsed.ast.kind !== "select") {
+        throw new Error("Invalid flashback where clause. Provide a single SQL expression.");
+    }
+    return normalizeSql(where);
+}
 export class FlashbackNoViewError extends Error {
     details;
     constructor(message, details) {
@@ -129,7 +140,7 @@ export function buildFlashbackSql(input, defaultDatabase, now = Date.now) {
     ];
     const whereClause = input.where?.trim();
     if (whereClause) {
-        clauses.push(`WHERE (${whereClause})`);
+        clauses.push(`WHERE (${normalizeFlashbackWhereClause(whereClause)})`);
     }
     if (input.limit !== undefined) {
         if (!Number.isInteger(input.limit) || input.limit <= 0) {
@@ -137,7 +148,7 @@ export function buildFlashbackSql(input, defaultDatabase, now = Date.now) {
         }
         clauses.push(`LIMIT ${input.limit}`);
     }
-    return clauses.join(" ");
+    return normalizeSql(clauses.join(" "));
 }
 export function flashbackReadonlyOptions(limit) {
     if (limit === undefined) {

package/dist/utils/logger.js

@@ -8,6 +8,14 @@ const REDACT_PATHS = [
     "secret",
     "token",
     "*.token",
+    "accessKeyId",
+    "*.accessKeyId",
+    "secretAccessKey",
+    "*.secretAccessKey",
+    "securityToken",
+    "*.securityToken",
+    "authToken",
+    "*.authToken",
 ];
 function createDefaultDestination() {
     return pino.destination({ fd: 2, sync: false });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "taurusdb-core",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Shared TaurusDB data-plane engine for schema, SQL execution, guardrails, and diagnostics.",
   "type": "module",
   "main": "dist/index.js",