feat(scan): enforce table scope at fetch boundary

2026-06-10 08:05:14 +02:00 · 2026-05-22 18:36:53 +02:00 · 2026-05-22 18:36:53 +02:00 · 5b8292cacd
commit 5b8292cacd
parent a698389bc9
19 changed files with 208 additions and 160 deletions
--- a/python/ktx-daemon/tests/test_app.py
+++ b/python/ktx-daemon/tests/test_app.py
@ -114,6 +114,7 @@ def test_database_introspect_endpoint_returns_snapshot() -> None:
            "driver": "postgres",
            "url": "postgresql://readonly@example.test/warehouse",
            "schemas": ["public"],
+            "table_scope": [{"db": "public", "name": "orders"}],
        },
    )

@ -121,6 +122,8 @@ def test_database_introspect_endpoint_returns_snapshot() -> None:
    assert response.json()["connection_id"] == "warehouse"
    assert response.json()["tables"][0]["name"] == "orders"
    assert calls[0].connection_id == "warehouse"
+    assert calls[0].table_scope[0].db == "public"
+    assert calls[0].table_scope[0].name == "orders"


 def test_database_introspect_endpoint_maps_value_error_to_400() -> None:
--- a/python/ktx-daemon/tests/test_cli.py
+++ b/python/ktx-daemon/tests/test_cli.py
@ -311,6 +311,9 @@ def test_database_introspect_command_reads_stdin_and_writes_json(
        assert request.connection_id == "warehouse"
        assert request.driver == "postgres"
        assert request.schemas == ["public"]
+        assert request.table_scope is not None
+        assert request.table_scope[0].db == "public"
+        assert request.table_scope[0].name == "orders"
        return DatabaseIntrospectionResponse(
            connection_id="warehouse",
            extracted_at="2026-04-28T10:00:00+00:00",
@ -337,7 +340,7 @@ def test_database_introspect_command_reads_stdin_and_writes_json(
        sys,
        "stdin",
        io.StringIO(
-            '{"connection_id":"warehouse","driver":"postgres","url":"postgresql://readonly@example.test/warehouse","schemas":["public"]}'
+            '{"connection_id":"warehouse","driver":"postgres","url":"postgresql://readonly@example.test/warehouse","schemas":["public"],"table_scope":[{"db":"public","name":"orders"}]}'
        ),
    )

--- a/python/ktx-daemon/tests/test_database_introspection.py
+++ b/python/ktx-daemon/tests/test_database_introspection.py
@ -5,7 +5,9 @@ import pytest
 from ktx_daemon.database_introspection import (
    DatabaseIntrospectionRequest,
    DatabaseIntrospectionRows,
+    LiveDatabaseTableScopeRef,
    _statement_timeout_config,
+    _table_scope_json,
    introspect_database_response,
 )

@ -146,6 +148,22 @@ def test_database_introspection_request_rejects_empty_schema_list() -> None:
        )


+def test_table_scope_json_serializes_null_wildcards() -> None:
+    assert _table_scope_json(
+        [
+            LiveDatabaseTableScopeRef(catalog=None, db="public", name="orders"),
+            LiveDatabaseTableScopeRef(
+                catalog="warehouse",
+                db="marts",
+                name="customers",
+            ),
+        ]
+    ) == (
+        '[{"catalog": null, "db": "public", "name": "orders"}, '
+        '{"catalog": "warehouse", "db": "marts", "name": "customers"}]'
+    )
+
+
 def test_statement_timeout_config_uses_parameterized_set_config() -> None:
    assert _statement_timeout_config(30_000) == (
        "SELECT set_config('statement_timeout', %s, true)",