fix: read semantic sources safely (#284)

* fix: read semantic sources safely

* test: retarget reindex per-scope error case to a broken manifest

Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.

* fix(sl): decouple semantic-layer file names from warehouse naming rules

The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.

- New `source-files.ts`: one total filename derivation (safe lowercase
  names verbatim; otherwise slug + sha256-hash suffix, immune to
  case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
  `assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
  name (human renames survive); new sources get a derived filename; a
  derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
  caller to launder IO errors; `deleteSource` distinguishes manifest-backed
  sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
  now a recommendation for new sources) and rejects sourceName/source.name
  mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
  derivation use resolved paths / in-file names instead of interpolating
  `<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
  helpers onto the shared module; dropped dead service methods.

* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator

- Key broken/renamed semantic-layer files by their recoverable in-file
  name (slSourceNameForFile) so mid-edit sources stay reachable under
  their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
  recover deleted files' declared names from the pre-change commit
  instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
  human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
  validateReadOnly in the connection's dialect, sharing one
  driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
  reject smuggled second statements, and strip trailing
  semicolons/comments before row-limit wrapping
This commit is contained in:
Andrey Avtomonov 2026-06-10 14:06:13 +02:00 committed by GitHub
parent 853f39a7c3
commit f3f893bf01
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
51 changed files with 1797 additions and 476 deletions

View file

@ -18,19 +18,49 @@ describe('deriveFinalizationWikiPageKeys', () => {
});
describe('deriveFinalizationTouchedSources', () => {
it('maps standalone semantic-layer files directly', async () => {
const result = await deriveFinalizationTouchedSources({
it('resolves standalone files by the source diff, not the filename', () => {
// The file carries a derived label (`signed_up-<hash>.yaml`); the source it
// defines is the in-file `name:` (`SIGNED_UP`), visible only via the diff.
const result = deriveFinalizationTouchedSources({
changedPaths: ['semantic-layer/warehouse/signed_up-1a2b3c4d.yaml'],
beforeSourcesByConnection: new Map([['warehouse', []]]),
afterSourcesByConnection: new Map([
['warehouse', [{ name: 'SIGNED_UP', grain: [], columns: [], joins: [], measures: [] }]],
]),
});
expect(result).toEqual({
touchedSources: [{ connectionId: 'warehouse', sourceName: 'SIGNED_UP' }],
unresolvedPaths: [],
});
});
it('resolves deleted standalone files by the name that disappeared', () => {
const result = deriveFinalizationTouchedSources({
changedPaths: ['semantic-layer/warehouse/signed_up-1a2b3c4d.yaml'],
beforeSourcesByConnection: new Map([
['warehouse', [{ name: 'SIGNED_UP', grain: [], columns: [], joins: [], measures: [] }]],
]),
afterSourcesByConnection: new Map([['warehouse', []]]),
});
expect(result).toEqual({
touchedSources: [{ connectionId: 'warehouse', sourceName: 'SIGNED_UP' }],
unresolvedPaths: [],
});
});
it('flags standalone changes that produce no source diff', () => {
const result = deriveFinalizationTouchedSources({
changedPaths: ['semantic-layer/warehouse/orders.yaml'],
beforeSourcesByConnection: new Map(),
afterSourcesByConnection: new Map(),
});
expect(result).toEqual({
touchedSources: [{ connectionId: 'warehouse', sourceName: 'orders' }],
unresolvedPaths: [],
touchedSources: [],
unresolvedPaths: ['semantic-layer/warehouse/orders.yaml'],
});
});
it('resolves aggregate _schema changes by comparing loaded source snapshots', async () => {
it('resolves aggregate _schema changes by comparing loaded source snapshots', () => {
const beforeSourcesByConnection = new Map([
[
'warehouse',
@ -72,7 +102,7 @@ describe('deriveFinalizationTouchedSources', () => {
],
]);
const result = await deriveFinalizationTouchedSources({
const result = deriveFinalizationTouchedSources({
changedPaths: ['semantic-layer/warehouse/_schema/public.yaml'],
beforeSourcesByConnection,
afterSourcesByConnection,
@ -84,11 +114,11 @@ describe('deriveFinalizationTouchedSources', () => {
});
});
it('flags aggregate _schema changes that cannot be resolved to logical sources', async () => {
it('flags aggregate _schema changes that cannot be resolved to logical sources', () => {
const beforeSourcesByConnection = new Map([['warehouse', []]]);
const afterSourcesByConnection = new Map([['warehouse', []]]);
const result = await deriveFinalizationTouchedSources({
const result = deriveFinalizationTouchedSources({
changedPaths: ['semantic-layer/warehouse/_schema/public.yaml'],
beforeSourcesByConnection,
afterSourcesByConnection,