perf(snowflake-driver): Combine session init into a single ALTER SESSION

[ovr]

initConnection issued three separate ALTER SESSION SET statements (TIMEZONE, STATEMENT_TIMEOUT_IN_SECONDS, QUOTED_IDENTIFIERS_IGNORE_CASE), each a blocking network round-trip on every connection (re)establishment.

Collapse them into one statement via a buildAlterSessionSql helper, dropping connection init from 4 sequential round-trips (connect + 3 ALTERs) to 2 (connect + 1 ALTER).

Values are interpolated rather than bound: Snowflake does not support bind variables in ALTER SESSION SET (verified against a live instance — it rejects ? with "invalid value [?] for parameter"). The inputs are internal and type-validated, so there is no injection risk.

[claude]

Claude finished @ovr's task in 54s —— View job

---

Code Review

Verdict: LGTM — 2 low-severity nits. Click to expand.

Tasks

• Read diff
• Analyze helper for safety/correctness
• Check call sites
• Post review

Summary

The change is correct and the perf win is real (3 round-trips → 1). The PR body justification (Snowflake rejects binds in ALTER SESSION SET) matches the upstream connector behavior, so string interpolation here is the only option. Current call site is safe: TIMEZONE is a hardcoded 'UTC', the other two values are a number (executionTimeout) and a boolean (identIgnoreCase). No injection surface today.

Nits (low severity)

1. String-value escaping is a latent foot-gun. buildAlterSessionSql wraps any string value with '${value}' but does not escape embedded single quotes. Today only the literal 'UTC' flows through, so it's fine — but the helper is protected and looks reusable. The next caller who threads a user-supplied or env-derived string (e.g. a QUERY_TAG, a regional timezone from config) silently gets a broken statement or worse. Either escape with a value.replace(/'/g, "''"), or tighten the type so only known-safe strings can be passed (e.g. a union of accepted values).

2. Empty assignments produces invalid SQL. If every value in params is undefined, the result is ALTER SESSION SET and Snowflake will error at execution time. Not reachable today (TIMEZONE is always set), but a one-line guard (if (!assignments) return ''; plus a skip in the caller, or just throw) would make the helper safe in isolation. Optional.

3. Comment nit: I've tested it on 04 jun 2026, and it still does not work. — the date will rot fast and reads as a personal note. Consider trimming to just the connector-issue reference; the PR description already captures the verification context.

Nothing blocking — feel free to ship.

• [`perf/snowflake-session-init`](https://github.com/cube-js/cube/tree/perf/snowflake-session-init)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.57%. Comparing base (11588e6) to head (4647927).
⚠️ Report is 1 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (11588e6) and HEAD (4647927). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (11588e6)	HEAD (4647927)
cubesql	1	0

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #11010       +/-   ##
===========================================
- Coverage   83.32%   58.57%   -24.75%     
===========================================
  Files         255      216       -39     
  Lines       77261    17181    -60080     
  Branches        0     3502     +3502     
===========================================
- Hits        64378    10064    -54314     
+ Misses      12883     6609     -6274     
- Partials        0      508      +508     

Flag	Coverage Δ
cube-backend	58.57% <ø> (?)
cubesql	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.