Allow DESCRIBE/SHOW metadata statements in common.ai SQLToolset#68102
Merged
Conversation
kaxil
force-pushed
the
sqltoolset-allow-describe-show
branch
3 times, most recently
from
5b6e8d7 to
365bfd7
Compare
gopidesupavan
approved these changes
Jun 5, 2026
In read-only mode the SQLToolset query tool only accepted SELECT-family statements, so an agent that opened with DESCRIBE (a common first move to learn a table's columns) hard-failed with SQLSafetyError. That made agent runs nondeterministic: a run composing SELECTs directly succeeded while one starting with DESCRIBE failed outright. The query and check_query tools now also accept read-only metadata statements (DESCRIBE/DESC and SHOW) via an opt-in allow_read_only_metadata flag on validate_sql(). The toolset passes the connection's dialect through, so SHOW is recognized on databases that support it (Snowflake, MySQL); without a supporting dialect it falls back to a blocked statement. Data-modifying statements stay blocked, including ones wrapped behind DESCRIBE/EXPLAIN (e.g. EXPLAIN DELETE, DESCRIBE DROP TABLE): the deep scan now also rejects DDL nodes that became reachable through the metadata allowlist. The SQLAlchemy-to-sqlglot dialect mapping is consolidated into a shared resolve_sqlglot_dialect() helper (reused by LLMSQLQueryOperator) that returns None for unknown dialects so a misdetected dialect never breaks validation.
kaxil
force-pushed
the
sqltoolset-allow-describe-show
branch
from
365bfd7 to
e2995a8
Compare
75 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In read-only mode, the common.ai
SQLToolsetquerytool only accepted SELECT-family statements (Select,Union,Intersect,Except). Read-only metadata statements such asDESCRIBE TABLEandSHOW TABLES/SHOW COLUMNSwere rejected withSQLSafetyError. Agents frequently open withDESCRIBEto learn a table's columns, so a run that composedSELECTs directly succeeded while one that started withDESCRIBEfailed outright, making agent runs nondeterministic.The
queryandcheck_querytools now also accept read-only metadata statements (DESCRIBE/DESCandSHOW) whenallow_writes=False(the default).How it works
validate_sql()gains an opt-inallow_read_only_metadataflag that widens the read-only allow-list withexp.Describeandexp.Show. OnlySQLToolsetsets it, soLLMSQLQueryOperatorkeeps its SELECT-family-only contract.SQLToolsetpasses the connection's dialect to the validator.SHOWonly parses to a metadata statement on dialects that support it (Snowflake, MySQL); without a supporting dialect sqlglot falls back to a command statement that stays blocked.DESCRIBEparses to a metadata statement on every dialect.CREATE/DROP/ALTER/TRUNCATE), so writes wrapped behindDESCRIBE/EXPLAIN(e.g.EXPLAIN DELETE ...,DESCRIBE DROP TABLE ...) remain blocked.resolve_sqlglot_dialect()helper (reused byLLMSQLQueryOperator) that returnsNonefor unknown dialects, so a misdetected dialect never breaks validation.Usage
No API change. In the default read-only mode an agent can now run, for example,
DESCRIBE TABLE my_tableor (on databases that support it)SHOW COLUMNS FROM my_table.Gotchas
SHOWis only recognized on databases whose dialect sqlglot supports; elsewhere it stays rejected (those databases generally do not supportSHOWanyway).SELECT, metadata statements are not scoped byallowed_tables(a documented visibility hint, not access control). Use database permissions to restrict access.