Releases: nickklos10/QueryPilot
Releases · nickklos10/QueryPilot
Release list
v0.1.1 — Examples, README hero, MCP registry readiness
Distribution and MCP-registry readiness release. No library API changes.
pip install querypilotAdded
- README hero image (
docs/assets/eval-report.svg) — a self-contained SVG rendering of thequerypilot eval runterminal report. - First-class
examples/directory: offline quickstart, OpenAI and Anthropic tool-use loops, an access-control walkthrough (blocked columns, row filters, masking), a custom eval suite withquerypilot eval run/check, and an MCP server guide with a paste-ready Claude Desktop / Claude Code config. server.jsonMCP-registry manifest at the repo root and anmcp-nameownership marker in the README, preparing the official MCP registry submission.SECURITY.mdsecurity policy, Contributor Covenant code of conduct, issue templates, and a pull-request template.- PyPI release workflow using trusted publishing, triggered by publishing a GitHub Release.
Changed
- CI now tests Python 3.11, 3.12, and 3.13 and runs
ruff checkas a separate lint job. - MCP docs:
uvx-launching clients should useuvx --from 'querypilot[mcp]' querypilot mcp ...so the MCP SDK dependency is included.
Removed
- Internal planning documents from
docs/.
Full changelog: v0.1.0...v0.1.1
v0.1.0 — Initial public release
Initial public release. Foundation and eval-driven harness shipped.
pip install querypilotSafety engine
- sqlglot-based SQL validation with single-statement and SELECT-only enforcement, blocked-keyword filter, table/column allowlist + blocklist, Cartesian-join detection, automatic
LIMITinjection and max-row capping,SELECT *policy, query fingerprinting, and risk-level scoring. - SQLite and PostgreSQL connectors with per-dialect read-only execution and query timeouts.
Audit & access control
- Structured audit trail:
QueryAuditRecordwith audit ID, original SQL, rewritten SQL, validation result, applied access policy, row count, and execution timing. InMemoryAuditSinkandJSONLAuditSinkimplementations.- Access-control policies: column allowlist + blocklist, row-filter injection ANDed into WHERE, post-execution column masking (redact / null / hash).
Runtimes
- FastAPI server runtime (
querypilot serve) with/health,/schema,/search-schema,/ask,/generate-sql,/validate-sql,/execute-sql,/evals/run, and/audit/recentendpoints. - MCP server runtime (
querypilot mcp) over stdio and Streamable HTTP withask_database,search_schema,validate_sql, andexecute_sqltools.
Generation
DemoSQLGenerator(offline, deterministic) plusOpenAISQLGeneratorandAnthropicSQLGeneratorprovider implementations with a validator-driven repair loop.- Tool-schema producers
as_openai_tools()andas_anthropic_tools()for drop-in agent use.
Eval-driven harness
BenchmarkCase/BenchmarkSuitePydantic schema with thresholds, comparison config, and tags. YAML and JSON suite loaders with shared-config validation across multi-file suite directories.- Result-set comparator with column- and row-order normalization, abs-difference float tolerance, datetime ISO normalization, NaN handling, and structured row diffs.
pipeline.run_caseper-case runner reusing existingQueryPilot.generate_sql,validate_sql, andexecute_sql; per-stage timings; failure classification across 12 categories.- Cost trackers for OpenAI and Anthropic,
NullCostTracker, and aMODEL_PRICINGtable. run_suiteaggregator producingSuiteReportwith pass / safety / correctness / repair rates, p50/p95 latency, token totals, $ estimate, tag rollups, failure breakdown, and threshold violations.- Stdlib JSON writer and screenshot-quality terminal renderer.
querypilot eval run|replay|check|initCLI with audit-log → regression-suite replay, baseline-vs-current regression detection, and a starter scaffold forsuites/and.eval/.- CI regression gate: GitHub Actions workflow running
eval run+eval checkon every PR.
Full changelog: CHANGELOG.md