DatabaseTool: enforce param validation and query timeouts; add tests by Psyborgs-git · Pull Request #18 · Psyborgs-git/Vloop-harness

Psyborgs-git · 2026-04-28T23:38:27Z

Harden the database tool to prevent malformed or slow queries from reaching the DB execution path by validating inputs and bounding execution time.
Fail fast and provide clearer errors when callers submit invalid params or omit required parameter bindings for named SQL tokens.

Added asyncio-based timeouts around SQL execution using the existing _QUERY_TIMEOUT_S to ensure queries cannot run indefinitely (_query_read and _query_write).
Enforced that params must be a mapping by returning an explicit error when params is not a dict for read/write operations.
Added detection of named parameter tokens (:name) and return a clear error when SQL contains named tokens but no params payload is provided.
Introduced _PARAM_TOKEN_RE and small input/validation checks and wiring to existing confirmation flow for write operations, and added a focused test module tests/test_db_tool.py covering the new checks and a parameterized read against an in-memory SQLite engine.

Successfully type-checked the modified files with python -m py_compile harness/tools/db_tool.py tests/test_db_tool.py and no syntax errors were reported.
Ran pytest -q tests/test_db_tool.py tests/test_terminal_tool.py in this environment but the run failed due to missing test runtime dependency pytest_asyncio (ModuleNotFoundError: No module named 'pytest_asyncio').
The new tests/test_db_tool.py includes assertions for invalid params type handling, missing named-parameter payloads for writes, and a successful bound-parameter query_read against an in-memory SQLite DB (intended to pass when pytest_asyncio is available).

Enhance database tool query safety and add coverage

ac7c722

Psyborgs-git added the codex label Apr 28, 2026 — with ChatGPT Codex Connector

Provide feedback