Skip to content

feat: SQL service (tinycloud.sql/*)#22

Merged
skgbafa merged 1 commit intomainfrom
workspace/tc-sql
Feb 19, 2026
Merged

feat: SQL service (tinycloud.sql/*)#22
skgbafa merged 1 commit intomainfrom
workspace/tc-sql

Conversation

@skgbafa
Copy link
Contributor

@skgbafa skgbafa commented Feb 18, 2026
edited
Loading

Summary

  • Implements the SQL service (tinycloud.sql/*) as specified in Appendix J, providing per-space relational databases via SQLite
  • Core SQL module with 7 submodules: types, caveats, parser, authorizer, storage, database (actor), service (registry)
  • Full server integration: route handler, auth guards, config, migration, feature flag
  • Defense-in-depth security: sqlparser-rs pre-validation + SQLite authorizer callback

Architecture

  • Actor-per-database: Each SQLite database runs in a spawn_blocking task with mpsc channels for serialized access
  • Hybrid storage: Starts in-memory, auto-promotes to file when threshold exceeded (10MB default) using SQLite backup API
  • Two-layer security: SQL parsing catches obvious violations fast; SQLite authorizer is the backstop that catches everything else
  • Caveats from delegations: SqlCaveats extracted from UCAN facts enable table/column/statement/read-only restrictions

New Dependencies

  • rusqlite 0.31 (bundled SQLite compilation)
  • sqlparser 0.44 (SQL AST parsing)

Test plan

  • cargo check passes
  • cargo clippy -- -D warnings passes
  • cargo test passes (all existing tests still pass)
  • Integration test: create space, delegate SQL capability, send SQL query, verify response
  • Security test: verify ATTACH/DETACH blocked, caveat enforcement works

@skgbafa
feat: add SQL service (tinycloud.sql/*) with full server integration
c615691 
Implement the SQL service as specified in Appendix J, providing
relational database capabilities per-space via SQLite.

Core SQL module (tinycloud-core/src/sql/):
- types: SqlRequest/SqlResponse/SqlValue/SqlError with serde support
- caveats: SqlCaveats for table/column/statement/read-only restrictions
- parser: Pre-execution SQL validation via sqlparser-rs (blocks ATTACH/DETACH)
- authorizer: SQLite authorizer callback for defense-in-depth enforcement
- storage: Hybrid in-memory/file storage with WAL mode and backup API promotion
- database: Actor-per-database pattern via spawn_blocking + mpsc channels
- service: SqlService registry with DashMap, lazy actor spawning, idle timeout

Server integration:
- Route handler detects sql service capabilities and dispatches to SQL path
- JSON request/response for query/execute/batch, binary for export
- SqlError mapped to appropriate HTTP status codes
- SqlStorageConfig added to server configuration
- sql_database migration for metadata tracking
- "sql" added to /version features

Dependencies: rusqlite 0.31 (bundled), sqlparser 0.44
@skgbafa skgbafa mentioned this pull request Feb 18, 2026
Merged
5 tasks
@skgbafa skgbafa merged commit d68216a into main Feb 19, 2026
13 checks passed
@skgbafa skgbafa deleted the workspace/tc-sql branch February 19, 2026 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skgbafa