* feat(sl): add predefined_measures_only guard to semantic query planning SemanticQuery gains a predefined_measures_only flag; the planner rejects any measure resolved with Provenance.COMPOSED (runtime aggregate expressions and query-time derivations) while predefined measures, predefined derived chains, dimensions, filters, and segments pass. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * feat(config): add per-connection query_policy to warehouse connections query_policy: semantic-layer-only | read-only-sql (default) on the warehouse connection schema, plus a policy module with the raw-SQL guard, federated member restriction lookup, and the project-level predicate used to gate sql_execution registration. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * feat(cli): enforce query_policy on raw SQL through one shared executor ktx sql and the MCP sql_execution tool now share executeProjectRawSql (resolve, policy check, read-only validation, execute), collapsing their duplicated validate-then-execute paths. Restricted connections are rejected before validation; federated raw SQL is rejected when any member is restricted. sql_execution is not registered when every SQL connection is restricted, and connection_list marks restricted connections so agents route to sl_query. executeProjectReadOnlySql stays generic for ktx-internal SQL (scan, ingest, SL-generated). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * feat(sl): compile queries with predefined_measures_only from query_policy compileLocalSlQuery injects the flag from the connection's query_policy, never from caller input, covering both ktx sl query and the MCP sl_query tool through the daemon compile path. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * docs: document query_policy semantic-layer-only Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * fix(sl): close semantic-layer-only bypasses via filters and federated hint The predefined_measures_only guard only inspected query.measures, so a composed aggregate written into `filters` slipped through _classify_filters into a HAVING clause untouched — letting a restricted agent evaluate arbitrary aggregates (e.g. threshold-probing `sum(x) BETWEEN a AND b`). Reject filter clauses that compose an aggregate function; a HAVING that compares a predefined measure by name (`orders.revenue > 100`) still works. Also make the federated sl_query error policy-aware: when a member is restricted, raw federated SQL is disabled too, so stop directing the agent to `ktx sql -c _ktx_federated` / sql_execution (a guaranteed failure) and point to per-connection semantic-layer queries instead. --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com> Co-authored-by: Andrey Avtomonov <andreybavt@gmail.com> |
||
|---|---|---|
| .. | ||
| src/ktx_daemon | ||
| tests | ||
| pyproject.toml | ||
| README.md | ||
ktx-daemon
ktx-daemon is the portable Python compute package for ktx.
It supports portable compute in two modes:
- One-shot commands, used by default by the
@kaelio/ktxCLI. - An explicit HTTP server for long-running local MCP sessions.
One-shot semantic query
printf '%s\n' '{"sources":[],"query":{"measures":[],"dimensions":[]},"dialect":"postgres"}' \
| ktx-daemon semantic-query
One-shot source generation
Generate semantic-layer sources from schema scan data:
printf '%s\n' '{"tables":[{"name":"orders","db":"public","columns":[{"name":"id","type":"integer","primary_key":true}]}],"links":[],"dialect":"postgres"}' \
| ktx-daemon semantic-generate-sources
One-shot database introspection
Introspect a Postgres database schema:
printf '%s\n' '{"connection_id":"warehouse","driver":"postgres","url":"postgresql://readonly@example.test/warehouse","schemas":["public"]}' \
| ktx-daemon database-introspect
One-shot LookML parsing
Parse LookML projects into resolved, KSL-ready structures:
printf '%s\n' '{"files":[{"path":"views/orders.view.lkml","content":"view: orders { sql_table_name: public.orders ;; measure: order_count { type: count } }"}],"dialect":"postgres"}' \
| ktx-daemon lookml-parse
One-shot embeddings
Compute text embeddings locally:
printf '%s\n' '{"text":"hello"}' \
| ktx-daemon embedding-compute
Compute text embeddings locally in bulk:
printf '%s\n' '{"texts":["hello","world"]}' \
| ktx-daemon embedding-compute-bulk
One-shot code execution
Execute Python code with the current in-process boundary:
printf '%s\n' '{"code":"result = 1 + 2"}' \
| ktx-daemon code-execute
HTTP compute server
Start the HTTP compute server with code execution disabled:
ktx-daemon serve-http --host 127.0.0.1 --port 8765
Enable HTTP code execution explicitly:
ktx-daemon serve-http --host 127.0.0.1 --port 8765 --enable-code-execution
Available HTTP endpoints:
GET /healthPOST /database/introspectPOST /embeddings/computePOST /embeddings/compute-bulkPOST /lookml/parsePOST /semantic-layer/generate-sourcesPOST /semantic-layer/queryPOST /semantic-layer/validatePOST /code/executewhen--enable-code-executionis passed
The HTTP server exposes Postgres database introspection, LookML parsing, local
embedding compute, and semantic-layer compute for source generation, query
compilation, and validation.
Code execution is off by default. When enabled, it runs Python exec in the
daemon process with the same in-process boundary as the one-shot
code-execute command and does not provide OS-level sandboxing.
HTTP code execution uses the standalone ktx boundary. It does not forward caller authorization headers to a host app and does not connect scratchpad or visualization helpers to host application APIs.