kaxil opened a new pull request, #68102: URL: https://github.com/apache/airflow/pull/68102
In read-only mode, the common.ai `SQLToolset` `query` tool only accepted SELECT-family statements (`Select`, `Union`, `Intersect`, `Except`). Read-only metadata statements such as `DESCRIBE TABLE` and `SHOW TABLES` / `SHOW COLUMNS` were rejected with `SQLSafetyError`. Agents frequently open with `DESCRIBE` to learn a table's columns, so a run that composed `SELECT`s directly succeeded while one that started with `DESCRIBE` failed outright, making agent runs nondeterministic. The `query` and `check_query` tools now also accept read-only metadata statements (`DESCRIBE`/`DESC` and `SHOW`) when `allow_writes=False` (the default). ## How it works - `validate_sql()` gains an opt-in `allow_read_only_metadata` flag that widens the read-only allow-list with `exp.Describe` and `exp.Show`. Only `SQLToolset` sets it, so `LLMSQLQueryOperator` keeps its SELECT-family-only contract. - `SQLToolset` passes the connection's dialect to the validator. `SHOW` only parses to a metadata statement on dialects that support it (Snowflake, MySQL); without a supporting dialect sqlglot falls back to a command statement that stays blocked. `DESCRIBE` parses to a metadata statement on every dialect. - The data-modifying deep scan still runs and now also rejects DDL nodes (`CREATE`/`DROP`/`ALTER`/`TRUNCATE`), so writes wrapped behind `DESCRIBE`/`EXPLAIN` (e.g. `EXPLAIN DELETE ...`, `DESCRIBE DROP TABLE ...`) remain blocked. - The SQLAlchemy-to-sqlglot dialect mapping is consolidated into a shared `resolve_sqlglot_dialect()` helper (reused by `LLMSQLQueryOperator`) that returns `None` for unknown dialects, so a misdetected dialect never breaks validation. ## Usage No API change. In the default read-only mode an agent can now run, for example, `DESCRIBE TABLE my_table` or (on databases that support it) `SHOW COLUMNS FROM my_table`. ## Gotchas - `SHOW` is only recognized on databases whose dialect sqlglot supports; elsewhere it stays rejected (those databases generally do not support `SHOW` anyway). - Like `SELECT`, metadata statements are not scoped by `allowed_tables` (a documented visibility hint, not access control). Use database permissions to restrict access. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
