duckhog: adopt duckgres Flight session token workflow #217
Description
Parent: #205
Summary
Adopt duckgres Flight ingress session-token workflow in duckhog/duckhog-sql client path, aligned with merged server behavior from #221.
Scope
- In
duckhog/src/flight/flight_client.cpp:- Capture server-issued
x-duckgres-sessiontoken from Flight response headers/trailers after auth/ping and subsequent RPCs. - Send
x-duckgres-sessionon all Flight RPCs while keeping Basic auth on every request. - Handle token invalid/unauthenticated responses with controlled token invalidation + safe retry for metadata operations only.
- Best-effort session close on shutdown (without relying on custom duckgres Action endpoints).
- Capture server-issued
Acceptance Criteria
- Against token-hardened duckgres ingress from Harden Flight ingress session identity and token lifecycle #221: client reuses server-issued session token for RPC continuity.
- No mutation retry unsafe behavior introduced.
Notes
- This issue now tracks header-based token propagation (
x-duckgres-session) and not custom action bootstrap (DuckgresCreateSessionToken). - Backwards compatibility fallback is out of scope for this issue.
References
- Umbrella: Refactor Flight ingress #205
- Server contract/source of truth: Harden Flight ingress session identity and token lifecycle #221