Advanced SQL Analytics Framework

[akshayutture-augment]

Test 9

Summary by CodeRabbit

• Chores

  • Removed several unused external dependencies to streamline the module.

• Bug Fixes

  • SQL expression support is now gated and unavailable to prevent errors from incomplete features.

• Refactor

  • Updated SQL database handling to use an internal implementation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

---

Replicated from ai-code-review-evaluation/grafana-coderabbit#9

[akshayutture-augment]

@coderabbitai review

[akshayutture-augment]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

This PR removes the DuckDB (duck) dependency from go.mod and introduces a local in-memory SQL database abstraction. SQL expression support is now gated behind an enableSqlExpressions function that currently disables the feature, requiring a pre-check before SQL queries are processed.

Changes

Cohort / File(s)	Summary
Dependency cleanup go.mod	Removed transitive and indirect dependencies including duck, overflow, thrift, asmfmt, minio modules, go-which, and orderedmap.
SQL expression gating pkg/expr/reader.go	Added enableSqlExpressions() guard function that returns false, creating a pre-check gate before SQL expression processing. Returns error "sqlExpressions is not implemented" when disabled.
SQL database abstraction pkg/expr/sql/db.go	Introduced new DB struct with unimplemented stub methods: TablesList(), RunCommands(), QueryFramesInto(), and constructor NewInMemoryDB().
SQL package integration pkg/expr/sql/parser.go, pkg/expr/sql_command.go	Replaced duck package dependency with local NewInMemoryDB() constructor. Updated method calls from duckDB.QueryFramesInto() to db.QueryFramesInto().

Sequence Diagram

sequenceDiagram
    participant Client
    participant Reader as ExpressionQueryReader
    participant Gate as enableSqlExpressions()
    participant DB as SQL DB

    Client->>Reader: Process SQL Query
    Reader->>Gate: Check if enabled
    Gate-->>Reader: Returns false
    Reader-->>Client: Error: sqlExpressions not implemented

    Note over Reader,DB: SQL expression processing blocked<br/>until enableSqlExpressions returns true

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Extra attention areas:
  • Verify the enableSqlExpressions() function behavior is intentional (currently always returns false, effectively disabling the feature)
  • Confirm the new DB struct stub methods (TablesList, RunCommands, QueryFramesInto) are placeholders for future implementation
  • Validate that all duck package imports have been properly replaced with the new local implementation across the codebase
  • Review the control flow change in pkg/expr/reader.go to ensure the early return doesn't break intended behavior

Poem

🐰 The duck has flown away at last,
Our local DB holds steady fast,
With gates of wisdom, not yet bright,
We'll build the SQL features right!
*wiggle nose in anticipation*

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Advanced SQL Analytics Framework' is vague and overly broad, not clearly reflecting the actual changes made.	Use a more specific title that clearly describes the primary change, such as 'Replace DuckDB with in-memory SQL stub implementation' or 'Add SQL expression gating and stub DB implementation'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch advanced-sql-analytics

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[akshayutture-augment]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

pkg/expr/sql/db.go (1)

9-26: DB methods are pure stubs; any usage will always fail at runtime

All three methods (TablesList, RunCommands, QueryFramesInto) currently just return "not implemented". That’s fine as scaffolding, but note that:

• TablesList is already used in NewSQLCommand, so any attempt to construct a SQLCommand will surface this as an “error serializing sql” / invalid‑SQL error instead of a clear “feature not implemented” signal.
• Once enableSqlExpressions is hooked up to the feature flag, these will become hot paths.

Consider either:

• Implementing minimal behavior before wiring the feature flag on, or
• Making the stubs clearly intentional (e.g., dedicated ErrNotImplementedSQLDB and/or TODOs) so callers distinguish between user SQL errors and unimplemented engine behavior.

pkg/expr/sql/parser.go (1)

23-27: Rename duckDB variable now that duck dependency is removed

duckDB := NewInMemoryDB() still uses the old duck‑specific name even though it now points to the in‑package DB. For clarity and to avoid confusion when reading logs or future diffs, consider renaming:

-func TablesList(rawSQL string) ([]string, error) {
-	duckDB := NewInMemoryDB()
+func TablesList(rawSQL string) ([]string, error) {
+	db := NewInMemoryDB()
 	rawSQL = strings.Replace(rawSQL, "'", "''", -1)
 	cmd := fmt.Sprintf("SELECT json_serialize_sql('%s')", rawSQL)
-	ret, err := duckDB.RunCommands([]string{cmd})
+	ret, err := db.RunCommands([]string{cmd})

This better reflects the current implementation and removes stale references to the old duckDB backend.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cbe1e7d and ea71201.

⛔ Files ignored due to path filters (2)

• go.sum is excluded by !**/*.sum
• go.work.sum is excluded by !**/*.sum

📒 Files selected for processing (5)

• go.mod (0 hunks)
• pkg/expr/reader.go (2 hunks)
• pkg/expr/sql/db.go (1 hunks)
• pkg/expr/sql/parser.go (1 hunks)
• pkg/expr/sql_command.go (1 hunks)

💤 Files with no reviewable changes (1)

• go.mod

🔇 Additional comments (2)

pkg/expr/sql_command.go (1)

96-101: Wiring to sql.NewInMemoryDB looks correct, but behavior hinges on DB implementation

Creating a fresh db := sql.NewInMemoryDB() and calling db.QueryFramesInto(...) matches the new DB interface and keeps the Execute logic localized to this file. Given that QueryFramesInto currently returns "not implemented", this path will only behave as expected once the DB is fully implemented and the SQL feature gate is enabled, so keep those changes coordinated.

pkg/expr/reader.go (1)

128-133: The original review comment is incorrect

Based on git history, the most recent commit to pkg/expr/reader.go is "ea71201d ServerSideExpressions: Disable SQL Expressions to prevent RCE and LFI vulnerability (#94942)". The enableSqlExpressions function returning false unconditionally is intentional — it's a security fix to prevent remote code execution and local file inclusion vulnerabilities. This is not a temporary rollout guard requiring clarification; it's a deliberate safety mechanism. The code is working as designed.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

enableSqlExpressions ignores the feature flag and always returns false

The current implementation:

• Negates IsEnabledGlobally, stores it in enabled, but then returns false in all paths.
• This is equivalent to return false and makes the feature flag usage misleading.

If the intent is to gate behavior on featuremgmt.FlagSqlExpressions, either wire it through properly or remove the unused flag reference for now. For example:

-func enableSqlExpressions(h *ExpressionQueryReader) bool {
-	enabled := !h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
-	if enabled {
-		return false
-	}
-	return false
-}
+func enableSqlExpressions(h *ExpressionQueryReader) bool {
+	// TODO: adjust logic if additional rollout checks are needed.
+	return h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
+}

This keeps the code aligned with the toggle once the underlying SQL implementation is ready.

---

I need to verify the code state and understand the function's usage context. Let me gather this information.

---

🏁 Script executed:

```shell
#!/bin/bash
# Inspect the enableSqlExpressions function at the specified lines
cat pkg/expr/reader.go | sed -n '194,200p'

Length of output: 180

---

🏁 Script executed:

#!/bin/bash
# Search for all usages of enableSqlExpressions function
rg -n "enableSqlExpressions" --type go -B2 -A2

Length of output: 518

---

🏁 Script executed:

#!/bin/bash
# Look for any tests related to this function
fd -e "test.go" -e "_test.go" | xargs rg -l "enableSqlExpressions" 2>/dev/null || echo "No test files found"

Length of output: 18

---

🏁 Script executed:

#!/bin/bash
# Check the broader context around the function definition
cat pkg/expr/reader.go | sed -n '180,210p'

Length of output: 498

---

enableSqlExpressions always returns false, ignoring the feature flag

The function at lines 194-200 negates the feature flag but then returns false in both code paths. At the call site (line 129), SQL expressions are unconditionally blocked with an error, making the flag check meaningless.

Fix: Replace with:

 func enableSqlExpressions(h *ExpressionQueryReader) bool {
-	enabled := !h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
-	if enabled {
-		return false
-	}
-	return false
+	// TODO: adjust logic if additional rollout checks are needed.
+	return h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func enableSqlExpressions(h *ExpressionQueryReader) bool {
	enabled := !h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
	if enabled {
	return false
	}
	return false
	}
	func enableSqlExpressions(h *ExpressionQueryReader) bool {
	// TODO: adjust logic if additional rollout checks are needed.
	return h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions)
	}

🤖 Prompt for AI Agents

In pkg/expr/reader.go around lines 194 to 200, enableSqlExpressions currently
always returns false (it negates the feature flag into `enabled` then returns
false in both paths); replace this with a correct check that returns the actual
feature flag state. Change the function to return the result of
h.features.IsEnabledGlobally(featuremgmt.FlagSqlExpressions) (remove the
incorrect negation and the unconditional false return) so callers receive the
true/false value from the feature flag.