Skip to content

CogniDB 3.0.1

Latest

Choose a tag to compare

@boxed-dev boxed-dev released this 12 Jul 19:38

3.0.1 — go-live readiness

Intent mode, column allowlists, adversarial corpus, SQLite E2E, Postgres CI,
threat model, and release packaging on top of the 3.0.0 library core.
Install from Git until PyPI upload completes (see docs/RELEASE-CHECKLIST.md).

Security / product law

  • Read mode default (SELECT); write mode opt-in for INSERT/UPDATE/DELETE only
  • DDL always rejected; multi-statement only with write mode + second opt-in
  • Table and column allowlists enforced when access control is enabled (fail-closed on SELECT * with column restrictions)
  • Schema linking with bounded full-schema fallback
  • One repair attempt on execution failure (re-validated against policy)
  • Adversarial SQL corpus under tests/security/corpus/ for closed-fail regressions
  • Threat model documented in docs/threat-model.md + SECURITY.md

Architecture

  • SecureQueryPipeline is the only NL→SQL→execute path
  • Intent mode (generation_mode="intent"): QueryIntentcognidb.intent.render_sql
  • StatementPolicy, table/column extractors, schema linker
  • FakeSQLGenerator / FakeIntentGenerator for offline tests and demos
  • Dialects: SQLite, PostgreSQL, MySQL
  • Public API version 3.0.1 (pyproject.toml, cognidb.__version__, cognidb.client)

Tests / examples

  • Unit + security + SQLite E2E coverage; Postgres integration when DATABASE_URL is set
  • Offline demo: examples/sqlite_offline_demo.py

Docs / community

  • CONTEXT.md glossary, ADRs 0001–0010, GRILL-SUMMARY, ROADMAP
  • Release checklist, CONTRIBUTING, CODE_OF_CONDUCT, GitHub issue/PR templates