Guides writing read-only SQL for this project's datasource pipeline. Use when writing or reviewing SQL queries, when the user asks for a SQL query, or when working with datasource chat or execute_sql.
SQL in this project runs through app.core.run_sql.run_sql() and is validated before execution. Queries must comply with the following so they execute successfully.
Single SELECT only
;.; is allowed and stripped.Read-only
SELECT is allowed. These keywords are blocked (case-insensitive):
INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, REPLACEGRANT, REVOKE, EXECUTE, EXECLIMIT
LIMIT, the pipeline appends LIMIT 100 (default row limit).LIMIT n or LIMIT n OFFSET m at the end.LIMIT <digits> optionally with , <digits> or OFFSET <digits> at end of query.Timeout
statement_timeout is set). Prefer efficient queries and appropriate limits.; in the middle).When the agent has DatabaseInfo (tables, columns, associations from app.core.db_introspection.get_database_info), use it to:
Valid:
SELECT id, name FROM users LIMIT 50
SELECT region, SUM(amount) AS total
FROM sales
GROUP BY region
ORDER BY total DESC
LIMIT 10;
Invalid (will be rejected):
SELECT 1; SELECT 2;INSERT INTO t (a) VALUES (1);SELECT * FROM users; DROP TABLE users; or use of DELETE, UPDATE, etc.execute_sql in the datasource chat agent (app.services.agent.tools.make_execute_sql_tool).run_sql() in this codebase.