fix: read semantic sources safely (#284)

* fix: read semantic sources safely * test: retarget reindex per-scope error case to a broken manifest Reading a broken standalone source was made non-fatal in de1f1a8d (it is surfaced for repair instead of throwing), so the reindex per-scope error test no longer captured an error. Point it at a corrupt manifest shard, which is the remaining fatal read failure the per-scope catch must isolate, and assert the captured error names the offending file. * fix(sl): decouple semantic-layer file names from warehouse naming rules The in-file `name:` field is now the sole source identity; the filename is a derived label that never participates in identity. This removes the "Unsafe semantic-layer source name" failure class entirely: any warehouse identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can be read, overlaid, edited, and deleted. - New `source-files.ts`: one total filename derivation (safe lowercase names verbatim; otherwise slug + sha256-hash suffix, immune to case-insensitive-filesystem collisions) and one by-name file resolver. - Reads resolve by name everywhere; the path-from-name fast path and `assertSafeSourceName` are gone. - Writes resolve-then-write: rewrites land on the file that declares the name (human renames survive); new sources get a derived filename; a derived path occupied by a different source fails instead of clobbering. - `readSourceFile` returns null for missing files instead of forcing every caller to launder IO errors; `deleteSource` distinguishes manifest-backed sources from not-found instead of silently succeeding. - `sl_write_source` accepts verbatim warehouse identifiers (snake_case is now a recommendation for new sources) and rejects sourceName/source.name mismatches; `sl_edit_source` rejects name-changing edits. - Ingest projection commits, gate-repair allowlists, and touched-source derivation use resolved paths / in-file names instead of interpolating `<connId>/<name>.yaml`. - Collapsed the five parallel path derivations and duplicated path-token helpers onto the shared module; dropped dead service methods. * fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator - Key broken/renamed semantic-layer files by their recoverable in-file name (slSourceNameForFile) so mid-edit sources stay reachable under their real identity in reads, listings, and search - Derive finalization touched sources from composed-source diffs and recover deleted files' declared names from the pre-change commit instead of parsing hash-derived filenames - Resolve revert/rollback paths against history (listFilesAtCommit) so human-renamed files are restored where they lived at preHead - Validate ingest sql_execution through the daemon's sqlglot validateReadOnly in the connection's dialect, sharing one driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest - Harden the local read-only SQL backstop: accept leading comments, reject smuggled second statements, and strip trailing semicolons/comments before row-limit wrapping
2026-06-25 08:48:08 +02:00 · 2026-06-10 14:06:13 +02:00 · 2026-06-10 14:06:13 +02:00 · f3f893bf01
commit f3f893bf01
parent 853f39a7c3
51 changed files with 1797 additions and 476 deletions
--- a/packages/cli/test/context/sl/tools/sl-edit-source.tool.test.ts
+++ b/packages/cli/test/context/sl/tools/sl-edit-source.tool.test.ts
@ -188,7 +188,7 @@ describe('SlEditSourceTool — manifest-backed source without overlay', () => {
  it('returns a directed hint pointing at sl_write_source + overlay shape', async () => {
    const { tool, semanticLayerService } = makeTool({
      semanticLayerService: {
-        readSourceFile: vi.fn().mockRejectedValue(new Error('ENOENT')),
+        readSourceFile: vi.fn().mockResolvedValue(null),
        isManifestBacked: vi.fn().mockResolvedValue(true),
      },
    });
@ -222,7 +222,7 @@ describe('SlEditSourceTool — manifest-backed source without overlay', () => {
  it('still returns the plain "Source not found" error for truly-missing names', async () => {
    const { tool, semanticLayerService } = makeTool({
      semanticLayerService: {
-        readSourceFile: vi.fn().mockRejectedValue(new Error('ENOENT')),
+        readSourceFile: vi.fn().mockResolvedValue(null),
        isManifestBacked: vi.fn().mockResolvedValue(false),
      },
    });
@ -241,3 +241,20 @@ describe('SlEditSourceTool — manifest-backed source without overlay', () => {
    expect(semanticLayerService.writeSource).not.toHaveBeenCalled();
  });
 });
+
+describe('SlEditSourceTool — name edits', () => {
+  it('rejects edits that change the in-file name', async () => {
+    const { tool, semanticLayerService } = makeTool();
+    const result = await tool.call(
+      {
+        connectionId: '11111111-1111-1111-1111-111111111111',
+        sourceName: 'orders',
+        yaml_edits: [{ oldText: 'name: orders', newText: 'name: renamed_orders' }],
+      } as any,
+      baseContext,
+    );
+    expect(result.structured.success).toBe(false);
+    expect(result.markdown).toMatch(/renaming is not supported/i);
+    expect(semanticLayerService.writeSource).not.toHaveBeenCalled();
+  });
+});
--- a/packages/cli/test/context/sl/tools/sl-rollback.tool.test.ts
+++ b/packages/cli/test/context/sl/tools/sl-rollback.tool.test.ts
@ -16,8 +16,15 @@ function makeSession(overrides: Partial<ToolSession> = {}): ToolSession {
    configService: {
      writeFile: vi.fn().mockResolvedValue(undefined),
      deleteFile: vi.fn().mockResolvedValue(undefined),
+      // No live file for `orders` — revert recovers the preHead path from history.
+      listFiles: vi.fn().mockResolvedValue({ files: [] }),
+      readFile: vi.fn().mockRejectedValue(new Error('ENOENT')),
+    } as any,
+    gitService: {
+      // The source lived at its derived filename at preHead.
+      listFilesAtCommit: vi.fn().mockResolvedValue(['semantic-layer/conn-1/orders.yaml']),
+      getFileAtCommit: vi.fn().mockResolvedValue('name: orders\nmeasures: []\n'),
    } as any,
-    gitService: { getFileAtCommit: vi.fn().mockResolvedValue('pre: content') } as any,
    ...overrides,
  };
 }
@ -65,4 +72,33 @@ describe('SlRollbackTool', () => {
    expect(hasTouchedSlSource(session.touchedSlSources, 'conn-1', 'orders')).toBe(false);
    expect(session.actions).toEqual([]);
  });
+
+  it('restores a deleted human-renamed source at the path it occupied at preHead', async () => {
+    // The source lived at a custom filename (≠ the writer-derived `orders.yaml`)
+    // and the session deleted it. Revert must recover the custom path from the
+    // preHead commit and restore there, not write/no-op against the derived path.
+    const slSourcesRepository = { deleteByConnectionAndName: vi.fn().mockResolvedValue(undefined) };
+    const tool = new SlRollbackTool(slSourcesRepository as never, connections as never, 1);
+    const renamedContent = 'name: orders\ntable: public.orders\nmeasures: []\n';
+    const session = makeSession({
+      gitService: {
+        listFilesAtCommit: vi.fn().mockResolvedValue(['semantic-layer/conn-1/custom.yaml']),
+        getFileAtCommit: vi.fn().mockResolvedValue(renamedContent),
+      } as any,
+    });
+    const context: ToolContext = { sourceId: 's', messageId: 'm', userId: 'u', session };
+
+    const result = await tool.call({ sourceName: 'orders' } as any, context);
+
+    expect(result.structured.success).toBe(true);
+    expect((session.configService as any).writeFile).toHaveBeenCalledWith(
+      'semantic-layer/conn-1/custom.yaml',
+      renamedContent,
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+    );
+    expect((session.configService as any).deleteFile).not.toHaveBeenCalled();
+  });
 });
--- a/packages/cli/test/context/sl/tools/sl-write-source.tool.test.ts
+++ b/packages/cli/test/context/sl/tools/sl-write-source.tool.test.ts
@ -13,7 +13,7 @@ function makeTool(overrides: Partial<Record<string, any>> = {}) {
    validateWithProposedSource: vi.fn().mockResolvedValue({ errors: [], warnings: [] }),
    writeSource: vi.fn().mockResolvedValue({ commitHash: 'c1' }),
    deleteSource: vi.fn().mockResolvedValue(undefined),
-    readSourceFile: vi.fn().mockRejectedValue(new Error('not found')),
+    readSourceFile: vi.fn().mockResolvedValue(null),
    ...overrides.semanticLayerService,
  };
  const slSearchService = {
@ -66,7 +66,7 @@ describe('SlWriteSourceTool — session gating', () => {
        deleteSource: vi.fn().mockResolvedValue(undefined),
        listManifestSourceNames: vi.fn().mockResolvedValue([]),
        isManifestBacked: vi.fn().mockResolvedValue(false),
-        readSourceFile: vi.fn().mockRejectedValue(new Error('not found')),
+        readSourceFile: vi.fn().mockResolvedValue(null),
        findManifestEntryByTableRef: vi.fn().mockResolvedValue(null),
      } as any,
      wikiService: {} as any,
@ -248,7 +248,7 @@ describe('SlWriteSourceTool — session gating', () => {
        deleteSource: vi.fn().mockResolvedValue(undefined),
        listManifestSourceNames: vi.fn().mockResolvedValue(['mart_account_segments']),
        isManifestBacked: vi.fn().mockResolvedValue(false),
-        readSourceFile: vi.fn().mockRejectedValue(new Error('not found')),
+        readSourceFile: vi.fn().mockResolvedValue(null),
        findManifestEntryByTableRef: vi.fn().mockResolvedValue(null),
      } as any,
    });
@ -377,3 +377,36 @@ describe('SlWriteSourceTool — standalone shadow guard', () => {
    expect(result.markdown).toMatch(/shadows an existing manifest entry|already exists/i);
  });
 });
+
+describe('SlWriteSourceTool — source name identity', () => {
+  it('accepts verbatim warehouse identifiers as sourceName', () => {
+    const { tool } = makeTool();
+    const base = { connectionId: '11111111-1111-1111-1111-111111111111' };
+    expect(tool.inputSchema.safeParse({ ...base, sourceName: 'SIGNED_UP' }).success).toBe(true);
+    expect(tool.inputSchema.safeParse({ ...base, sourceName: 'EVENT$LOG' }).success).toBe(true);
+    expect(tool.inputSchema.safeParse({ ...base, sourceName: 'orders' }).success).toBe(true);
+    expect(tool.inputSchema.safeParse({ ...base, sourceName: '' }).success).toBe(false);
+  });
+
+  it('rejects a source whose name does not match sourceName', async () => {
+    const { tool, semanticLayerService } = makeTool();
+    const result = await tool.call(
+      {
+        connectionId: '11111111-1111-1111-1111-111111111111',
+        sourceName: 'orders',
+        source: {
+          name: 'other_orders',
+          sql: 'select 1 as id',
+          grain: ['id'],
+          columns: [{ name: 'id', type: 'string' }],
+          measures: [],
+          joins: [],
+        } as any,
+      } as any,
+      baseContext,
+    );
+    expect(result.structured.success).toBe(false);
+    expect(result.markdown).toMatch(/does not match sourceName/);
+    expect(semanticLayerService.writeSource).not.toHaveBeenCalled();
+  });
+});