fix(context): scope raw schema discovery to allowed connections

2026-06-10 08:05:14 +02:00 · 2026-05-12 23:48:32 +02:00 · 2026-05-12 23:48:32 +02:00 · 8a758ce80b
commit 8a758ce80b
parent 3a1fe3416d
2 changed files with 23 additions and 3 deletions
--- a/packages/context/src/ingest/tools/warehouse-verification/discover-data.tool.test.ts
+++ b/packages/context/src/ingest/tools/warehouse-verification/discover-data.tool.test.ts
@ -55,6 +55,16 @@ describe('DiscoverDataTool', () => {
    expect(result.structured.raw?.hits).toHaveLength(1);
  });

+  it('refuses explicit out-of-scope connection names', async () => {
+    const result = await tool.call({ query: 'orders', connectionName: 'billing' }, context);
+
+    expect(result.markdown).toContain('Connection "billing" is not available to this ingest stage.');
+    expect(result.structured).toEqual({ wiki: null, sl: null, raw: null });
+    expect(wikiSearchTool.call).not.toHaveBeenCalled();
+    expect(slDiscoverTool.call).not.toHaveBeenCalled();
+    expect(catalog.searchByName).not.toHaveBeenCalled();
+  });
+
  it('delegates sourceName inspect mode to sl_discover only', async () => {
    slDiscoverTool.call.mockResolvedValueOnce({
      markdown: 'source detail',
--- a/packages/context/src/ingest/tools/warehouse-verification/discover-data.tool.ts
+++ b/packages/context/src/ingest/tools/warehouse-verification/discover-data.tool.ts
@ -41,6 +41,10 @@ function totalSources(structured: unknown): number {
    : 0;
 }

+function allowedConnectionNames(context: ToolContext): ReadonlySet<string> | null {
+  return context.session?.allowedConnectionNames ?? null;
+}
+
 export class DiscoverDataTool extends BaseTool<typeof discoverDataInputSchema> {
  readonly name = 'discover_data';

@ -57,6 +61,14 @@ export class DiscoverDataTool extends BaseTool<typeof discoverDataInputSchema> {
  }

  async call(input: DiscoverDataInput, context: ToolContext): Promise<ToolOutput<DiscoverDataStructured>> {
+    const allowed = allowedConnectionNames(context);
+    if (input.connectionName && allowed && !allowed.has(input.connectionName)) {
+      return {
+        markdown: `Connection "${input.connectionName}" is not available to this ingest stage.`,
+        structured: { wiki: null, sl: null, raw: null },
+      };
+    }
+
    if (input.sourceName) {
      const sl = await this.deps.slDiscoverTool.call(
        { sourceName: input.sourceName, connectionId: input.connectionName },
@ -95,9 +107,7 @@ export class DiscoverDataTool extends BaseTool<typeof discoverDataInputSchema> {
    }

    const catalog = this.deps.catalogFactory(context);
-    const connections = input.connectionName
-      ? [input.connectionName]
-      : [...(context.session?.allowedConnectionNames ?? [])].sort();
+    const connections = input.connectionName ? [input.connectionName] : [...(allowed ?? [])].sort();
    const rawHits: RawSchemaHit[] = [];
    for (const connectionName of connections) {
      rawHits.push(...(await catalog.searchByName(connectionName, query, limit)));