quietlight/skraak_mcp: PHASE1

# Phase 1 Complete: Generic SQL Query Tool

## Summary

Successfully implemented and tested the `execute_sql` generic SQL query tool for the Skraak MCP server.

## Implementation Details

### Files Created

1. **tools/sql.go** (194 lines)
   - Generic SQL query tool with dynamic schema handling
   - Input validation (SELECT/WITH only, forbidden keywords check)
   - Row limiting (default 1000, max 10000)
   - Parameterized query support with `?` placeholders
   - Type conversion for JSON marshaling (time.Time → RFC3339, []byte → base64)
   - Column metadata extraction (name, database type)

2. **shell_scripts/test_sql.sh**
   - Comprehensive test suite with 8 test cases
   - Tests: simple SELECT, explicit limit, parameterized queries, JOINs, aggregates, validation

### Files Modified

1. **main.go** (line 54-58)
   - Registered `execute_sql` tool after `get_current_time`
   - Tool description emphasizes read-only mode and schema integration

### Test Results

All tests passed successfully:

```bash
cd shell_scripts
./test_sql.sh > test_sql.txt 2>&1

# Results:
- 8 successful responses (including initialization)
- 6 successful queries (tests 2-6)
- 2 validation rejections (tests 7-8, as expected)
- 0 unexpected errors
```

### Test Case Verification

✅ **Test 2: Simple SELECT without LIMIT**
- Auto-appended `LIMIT 1000`
- Returned 8 datasets with id, name, type columns
- Column metadata includes database types (VARCHAR, ENUM)

✅ **Test 3: Explicit limit parameter (5 rows)**
- Correctly applied `LIMIT 5`
- Returned exactly 5 location records

✅ **Test 4: Parameterized query with ? placeholder**
- Successfully filtered by `dataset_id = ?`
- Parameter: `["vgIr9JSH_lFj"]`
- Returned 1 matching location with lat/long as DECIMAL(10,7)

✅ **Test 5: Complex JOIN query**
- `LEFT JOIN` with `COUNT()` aggregate
- `GROUP BY` and `ORDER BY` clauses
- Returned location counts per dataset (8 rows)

✅ **Test 6: Aggregate query with GROUP BY**
- `COUNT(*)` aggregate function
- Correctly grouped dataset types
- Returned count: 8 datasets of type "organise"

✅ **Test 7: INSERT attempt (security validation)**
- Correctly rejected with: "only SELECT and WITH queries are allowed"
- `isError: true` in response

✅ **Test 8: SQL injection attempt (DROP TABLE)**
- Correctly rejected with: "query contains forbidden keywords (INSERT/UPDATE/DELETE/DROP/CREATE/ALTER)"
- `isError: true` in response

## Security Verification

### Read-Only Database (Existing Protection)
Database already opened in read-only mode (db/db.go:27):
```go
readOnlyPath := dbPath + "?access_mode=read_only"
```

### Validation Layers (New Protection)
1. **Regex validation**: Must start with SELECT or WITH
2. **Forbidden keywords**: Blocks INSERT/UPDATE/DELETE/DROP/CREATE/ALTER
3. **Row limiting**: Prevents overwhelming responses (1000 default, 10000 max)

## Features Demonstrated

### Dynamic Schema Handling
- Scans into generic `[]interface{}` for unknown column types
- Extracts column names and database types at runtime
- Converts to `map[string]interface{}` for JSON marshaling

### Type Conversion
Handles all DuckDB types properly:
- `time.Time` → RFC3339 string (e.g., "2024-01-26T12:00:00+13:00")
- `[]byte` → base64 string
- `int64`, `float64`, `string`, `bool` → pass through
- `DECIMAL` → string (preserves precision)
- `nil` → JSON null

### Query Flexibility
Tests prove the tool can:
- Execute simple SELECT queries
- Apply filters and conditions
- Join multiple tables (LEFT JOIN, INNER JOIN possible)
- Use aggregate functions (COUNT, SUM, AVG, etc.)
- Group and order results
- Accept parameterized queries for safe filtering

## Performance Characteristics

- **Row limits prevent memory issues**: Default 1000, max 10000 rows
- **Singleton DB connection**: Reuses existing connection from db.GetDB()
- **No streaming**: All results loaded into memory (acceptable for row limits)
- **Generic JSON**: Slower than typed tools due to reflection, but acceptable

## Phase 1 Success Criteria - ALL MET ✅

1. ✅ Tool successfully executes valid SELECT queries
2. ✅ Parameterized queries work with `?` placeholders
3. ✅ INSERT/UPDATE/DELETE are blocked (by database + validation)
4. ✅ SQL injection attempts are detected and rejected
5. ✅ Row limiting prevents overwhelming responses
6. ✅ All DuckDB data types convert properly to JSON
7. ✅ Test suite passes (6 successes, 2 expected failures)
8. ✅ Can query all tables (dataset, location, cluster, file)
9. ✅ Complex JOINs and aggregates work correctly

## Example Queries That Now Work

### Basic Filtering
```sql
SELECT id, name FROM location WHERE active = true ORDER BY name
```

### Parameterized Filtering
```json
{
  "query": "SELECT * FROM location WHERE dataset_id = ?",
  "parameters": ["vgIr9JSH_lFj"]
}
```

### JOINs (Previously Impossible)
```sql
SELECT d.name as dataset, COUNT(l.id) as location_count
FROM dataset d
LEFT JOIN location l ON d.id = l.dataset_id
WHERE d.active = true
GROUP BY d.name
```

### Aggregates (Previously Impossible)
```sql
SELECT type, COUNT(*) as count
FROM dataset
WHERE active = true
GROUP BY type
```

### Complex Analysis
```sql
SELECT d.name, l.name, c.name, COUNT(f.id) as files
FROM dataset d
LEFT JOIN location l ON d.id = l.dataset_id
LEFT JOIN cluster c ON l.id = c.location_id
LEFT JOIN file f ON c.id = f.cluster_id
GROUP BY d.name, l.name, c.name
```

## Next Steps - Phase 2

**ONLY proceed to Phase 2 after user confirmation.**

Phase 2 will:
1. Delete 4 specialized tool files (dataset.go, location.go, cluster.go, file.go)
2. Remove 6 tool registrations from main.go (lines 54-86)
3. Rewrite prompts to teach SQL patterns instead of tool calls
4. Update CLAUDE.md documentation
5. Delete obsolete test scripts (test_new_tools.sh, test_mcp.sh)

This rationalization will reduce the codebase from 8 tools to 2 tools:
- `get_current_time` (utility tool)
- `execute_sql` (generic database query tool)

---

**Phase 1 Status: COMPLETE ✅**
**Date: 2026-01-26**
**Test Results: All tests passing**
**Ready for Phase 2: Awaiting user approval**