You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(token-db): rewrite TokenDB.execute to speak libsql Hrana v2 protocol (#61)
The v0.17.0 TokenDB assumed a generic POST /query with {sql, params} body —
that's not the wire protocol the project's actual managed-database provider
uses. Replace with libsql/Hrana v2:
- POST {base}/v2/pipeline (with libsql:// rewritten to https://)
- Wrap statements in {requests: [{type: "execute", stmt: {sql, args}}]}
- Encode params as typed value objects {type: "integer"|"text"|..., value}
- Decode rows from arrays of typed value objects back to {col: pyvalue} dicts
- Bearer token in Authorization header (new PC2NUTS_TOKEN_DB_AUTH_TOKEN env var)
- New --auth-token CLI flag
Verified end-to-end against the production database: SELECT round-trips
typed values correctly, init_schema is idempotent, add/revoke/list_active/
list_all all work, RETURNING id is honoured. The unit tests now mock the
Hrana wire shape and stay fast (172 tests pass in 1.4s).
CLI tests' lambda for _make_db extended to accept the new auth_token kwarg.
Bandit B107 false positive on `auth_token: str = ""` suppressed with a
clearly-explained nosec comment.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
0 commit comments