v1.4.4

What's new

• Automatic update checker — Querly now checks for new versions on launch and in the app menu (Querly → Check for Updates…)
• Crash reporter — unhandled exceptions and fatal signals are captured locally; on next launch you can file a GitHub issue with one click
• Menu improvements — Keyboard Shortcuts, Documentation, and Report an Issue items added to the app menu
• Settings footer — version, build number, and license shown in General tab
• README — Beta label removed (→ Stable)
• Icon — fixed unassigned children warning in Contents.json

Querly v1.4.3

✨ What is new in v1.4.3

Improved auth failure UX

When authentication fails (wrong username/password), the edit-connection
sheet now opens automatically with an inline error banner showing the
server error message — no need to click a toast button.

• Banner auto-dismisses when the user edits any credential field
• Save auto-retries the connection so fixing the password is one flow:
  type → save → connected

Under the hood

• ConnectionEditRequest struct wraps a connection with an optional
  error message, keeping the sheet state clean

Querly v1.4.2

🔒 Security fix

SQL injection hardening

Fixed a second-order SQL injection vector in filter chips and SQL
statement builders. On MySQL (where backslash is an escape character
inside string literals), a cell value containing a trailing backslash
could break out of the literal and append arbitrary SQL — turning a
column filter into a data leak.

• New sqlEscapeLiteralBody() — doubles backslashes on MySQL
  but not on Postgres/SQLite (standard-conforming strings — doubling
  would silently corrupt stored values)
• All statement builders (UPDATE, INSERT, DELETE,
  DUPLICATE) now accept a dialect parameter
• Filter clause builder propagates dialect to value-list
  IN (...) generation and single-value filters
• Numeric IN-list guard — values on "numeric" columns are now
  validated as parseable numbers before emitting unquoted, blocking
  raw SQL injection via non-numeric tokens

Reported via internal audit — no known exploit in production.

Querly v1.4.1

🔧 What is new in v1.4.1

Refactoring & Architecture

• DatabaseDriver stripped to minimal shared surface — removed wrongDriver stubs from MySQL/Postgres/SQLite drivers. Schema/data methods stay concrete per-engine.
• CoreModels extracted — DBColumn, TableRow, StatementKind moved out of Models.swift into pure-Foundation module, enabling SPM compilation and unit testing.
• SQLSafety extracted — read-only mode classification, no-WHERE guard, DML target extraction moved from ConnectionStore into focused, tested module.
• SimpleCSV parser extracted — inline CSV parser moved from ConnectionStore to its own file with unit tests.
• ModelPresentation separated — color/icon mappings for models moved to dedicated AppKit-dependent layer (SRP).
• FilterClauseBuilder extracted — filter WHERE clause generation moved out of TableDataView.
• DBErrorClassifier extracted — error classification moved out of ConnectionStore.
• Connection import parsers extracted — parsers moved into QuerlyCore test target.
• Value-list filter clause builder extracted — separate module for filter chip logic.

Fixes

• SQL formatter: no space after . in qualified names (e.g. t.a)
• SQL formatter: space-before on compound JOIN keywords (LEFT OUTER JOIN)
• SPM test target expanded: SQLImportHelper, AWSRDSAuth, CoreModels, ExportHelpers, SQLSafety, SimpleCSV

Testing

• 162 → 176 tests — added test suites for: AWS RDS auth (SigV4), SQL formatter, SQL import helper, CoreModels, export helpers, SQL safety, SimpleCSV parser
• Driver integration test scaffolding — initial test plan for MySQL/Postgres/SQLite integration tests

Querly v1.4.0

🚀 What is new in v1.4.0

Active Record-Style Row Operations

• Staging model for query results — edits, duplicates & deletes in results grid (full parity with table view)
• Inline cell copy/paste — DataGrip-style paste values directly into cells
• Edge navigation via ⌘/⇧⌘ + arrow keys
• Value-preview strip follows active cell during arrow navigation

AI Assistant (Phase 4 — Settings + Chat)

• Natural Language → SQL — describe what you want in plain English
• Explain error — AI-powered query error explanation
• AI settings panel — provider, model, API key configuration
• Keychain-backed API key storage — no more plaintext in UserDefaults

ER Diagram & Schema Tools (Phase 2–3)

• ER Diagram — visualise table relationships with auto-layout
• Confirm UPDATE/DELETE without WHERE — safety guard for bulk mutations
• EXPLAIN-based Index Advisor — performance insights for slow queries
• Column Profiler — instant in-memory stats (min, max, distinct, nulls)

SQL Editor

• SQL beautifier — proper formatting with configurable style
• TablePlus-style autocomplete — minimal, inline completion popups
• Full-document highlighting — no broken coloring in large scripts
• Statement badges — per-statement metadata in multi-statement scripts
• History filters — search/filter query history

Grid & Data Display

• Inline result charts — quick visualisation of query results
• CSV/JSON/TSV export — export results to file
• Column reorder — drag-to-reorder columns in grid & table view
• Modern cursor zones — resize/select indicators on column headers
• Progressive page load — large result sets load in chunks

Connection Management

• Auto-reopen last connection on launch with full tab restoration
• Order RECENT connections by last-connected time
• Sort jump-to-connection by most recently used
• Connection status pill — TablePlus-style coloured indicator in sidebar
• Silent MySQL reconnect+retry for dropped connections (reads only)
• Disconnect/reconnect UX — tap-to-reconnect banner
• File → Open File… (⌘⇧O) — open SQLite/.db as a connection

Performance

• @Observable migration — fine-grained reactivity, instant tab switch
• Tab-switch animation removed — instant active-state change
• Targeted row repaint on staged edits
• Background schema warm-up — instant grid on table open
• Background read connection — offload schema queries
• Approximate row counts for large tables (no full scan)
• Keep all tabs mounted — instant switching, persistent per-tab state
• Never auto-sort on unindexed columns — huge tables open instantly
• Eliminate main-thread schema freeze + filter race

Fixes

• Crash when opening Settings (⌘,) — unsatisfied @Observable environment
• Editor/results divider — easy grab, scoped cursor, no jump
• ⌘A selects field text while editing (not whole grid)
• ⌘R refreshes active table tab from any focus
• Reconnect banner dismisses properly
• Honor rebound menu shortcuts via global key monitor
• Shortcut recorder — no auto-focus on open, capture menu chords
• Serialize SQLite connection access — stop concurrent-use crash
• Honor user-supplied primary keys on MySQL INSERT
• Filter: cmd-F focuses WHERE field; dropdown-only autocomplete
• Grid: arrow cursor over cells; repaint staged-delete row tint; FK chevron
• Query: whole-row cmd-C copies in query-result grid

Security

• Store AI API key in Keychain instead of UserDefaults
• Native app menu infrastructure + gated dual-backend keychain storage

Chore

• Issue templates (bug report, feature request) + discussions/security routing
• SQLite + PostgreSQL demo datasets (100k rows)
• Prepare repository for open-source launch

Querly 1.0.0

First public release of Querly — a fast, native macOS database client for MySQL, PostgreSQL, and SQLite.

Install

1. Download Querly-1.0.0.zip below
2. Unzip and drag Querly.app to /Applications
3. First launch: right-click → Open to bypass Gatekeeper (the app is ad-hoc signed)

See the README for full feature list and the honest production-readiness assessment.