fix: read-only flag (#155)

* fix: read-only flag

* Update src/tools/execute-sql.ts

Co-authored-by: Copilot <[email protected]>

* Update src/tools/execute-sql.ts

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>

Author: tianzhou

docs/config/server-options.mdx

@@ -330,8 +330,9 @@ DBHub follows this priority order for configuration:
 **`--config` (TOML) is mutually exclusive with:**
 - `--dsn` - TOML configuration defines database connections directly
 - `--id` - TOML configuration defines source IDs directly in the file
+- `--readonly` - TOML configuration defines readonly mode per-source using `readonly = true`
 
-If using TOML config, remove these flags. If you need `--id` or `--dsn`, use command-line/environment configuration instead.
+If using TOML config, remove these flags. If you need `--id`, `--dsn`, or `--readonly`, use command-line/environment configuration instead.
 </Note>
 
 ## Quick Reference

src/config/env.ts

@@ -487,6 +487,14 @@ export async function resolveSourceConfigs(): Promise<{ sources: SourceConfig[];
           "Either remove the --id flag or use command-line DSN configuration instead."
         );
       }
+      // Validate that --readonly flag is not used with TOML config
+      if (isReadOnlyMode()) {
+        throw new Error(
+          "The --readonly flag cannot be used with TOML configuration. " +
+          "TOML config defines readonly mode per-source using 'readonly = true'. " +
+          "Either remove the --readonly flag or use command-line DSN configuration instead."
+        );
+      }
       return tomlConfig;
     }
   }

src/tools/__tests__/execute-sql.test.ts

@@ -1,12 +1,10 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { createExecuteSqlToolHandler } from '../execute-sql.js';
 import { ConnectorManager } from '../../connectors/manager.js';
-import { isReadOnlyMode } from '../../config/env.js';
 import type { Connector, ConnectorType, SQLResult } from '../../connectors/interface.js';
 
 // Mock dependencies
 vi.mock('../../connectors/manager.js');
-vi.mock('../../config/env.js');
 
 // Mock connector for testing
 const createMockConnector = (id: ConnectorType = 'sqlite'): Connector => ({
@@ -34,21 +32,19 @@ describe('execute-sql tool', () => {
   let mockConnector: Connector;
   const mockGetCurrentConnector = vi.mocked(ConnectorManager.getCurrentConnector);
   const mockGetCurrentExecuteOptions = vi.mocked(ConnectorManager.getCurrentExecuteOptions);
-  const mockIsReadOnlyMode = vi.mocked(isReadOnlyMode);
 
   beforeEach(() => {
     mockConnector = createMockConnector('sqlite');
     mockGetCurrentConnector.mockReturnValue(mockConnector);
     mockGetCurrentExecuteOptions.mockReturnValue({});
-    mockIsReadOnlyMode.mockReturnValue(false);
   });
 
   afterEach(() => {
     vi.clearAllMocks();
   });
 
-  describe('single statement execution', () => {
-    it('should execute a single SELECT statement successfully', async () => {
+  describe('basic execution', () => {
+    it('should execute SELECT and return rows', async () => {
       const mockResult: SQLResult = { rows: [{ id: 1, name: 'test' }] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
 
@@ -62,21 +58,6 @@ describe('execute-sql tool', () => {
       expect(mockConnector.executeSQL).toHaveBeenCalledWith('SELECT * FROM users', {});
     });
 
-    it('should handle execution errors', async () => {
-      vi.mocked(mockConnector.executeSQL).mockRejectedValue(new Error('Database error'));
-
-      const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql: 'SELECT * FROM invalid_table' }, null);
-
-      expect(result.isError).toBe(true);
-      const parsedResult = parseToolResponse(result);
-      expect(parsedResult.success).toBe(false);
-      expect(parsedResult.error).toBe('Database error');
-      expect(parsedResult.code).toBe('EXECUTION_ERROR');
-    });
-  });
-
-  describe('multi-statement execution', () => {
     it('should pass multi-statement SQL directly to connector', async () => {
       const mockResult: SQLResult = { rows: [{ id: 1 }] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
@@ -89,14 +70,28 @@ describe('execute-sql tool', () => {
       expect(parsedResult.success).toBe(true);
       expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
     });
+
+    it('should handle execution errors', async () => {
+      vi.mocked(mockConnector.executeSQL).mockRejectedValue(new Error('Database error'));
+
+      const handler = createExecuteSqlToolHandler('test_source');
+      const result = await handler({ sql: 'SELECT * FROM invalid_table' }, null);
+
+      expect(result.isError).toBe(true);
+      const parsedResult = parseToolResponse(result);
+      expect(parsedResult.success).toBe(false);
+      expect(parsedResult.error).toBe('Database error');
+      expect(parsedResult.code).toBe('EXECUTION_ERROR');
+    });
   });
 
-  describe('read-only mode validation', () => {
+  describe('read-only mode enforcement', () => {
     beforeEach(() => {
-      mockIsReadOnlyMode.mockReturnValue(true);
+      // Set per-source readonly mode via executeOptions (simulates TOML config)
+      mockGetCurrentExecuteOptions.mockReturnValue({ readonly: true });
     });
 
-    it('should allow single SELECT statement in read-only mode', async () => {
+    it('should allow SELECT statements', async () => {
       const mockResult: SQLResult = { rows: [{ id: 1 }] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
 
@@ -105,159 +100,124 @@ describe('execute-sql tool', () => {
       const parsedResult = parseToolResponse(result);
 
       expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalled();
+      expect(mockConnector.executeSQL).toHaveBeenCalledWith('SELECT * FROM users', { readonly: true });
     });
 
-    it('should allow multiple read-only statements in read-only mode', async () => {
+    it('should allow multiple read-only statements', async () => {
       const mockResult: SQLResult = { rows: [] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
 
       const sql = 'SELECT * FROM users; SELECT * FROM roles;';
       const handler = createExecuteSqlToolHandler('test_source');
       const result = await handler({ sql }, null);
-      const parsedResult = parseToolResponse(result);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
+      expect(parseToolResponse(result).success).toBe(true);
     });
 
-    it('should reject single INSERT statement in read-only mode', async () => {
+    it.each([
+      ['INSERT', "INSERT INTO users (name) VALUES ('test')"],
+      ['UPDATE', "UPDATE users SET name = 'x' WHERE id = 1"],
+      ['DELETE', "DELETE FROM users WHERE id = 1"],
+      ['DROP', "DROP TABLE users"],
+      ['CREATE', "CREATE TABLE test (id INT)"],
+      ['ALTER', "ALTER TABLE users ADD COLUMN email VARCHAR(255)"],
+      ['TRUNCATE', "TRUNCATE TABLE users"],
+    ])('should reject %s statement', async (_, sql) => {
       const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql: "INSERT INTO users (name) VALUES ('test')" }, null);
+      const result = await handler({ sql }, null);
 
       expect(result.isError).toBe(true);
       const parsedResult = parseToolResponse(result);
-      expect(parsedResult.success).toBe(false);
-      expect(parsedResult.error).toContain('Read-only mode is enabled');
       expect(parsedResult.code).toBe('READONLY_VIOLATION');
       expect(mockConnector.executeSQL).not.toHaveBeenCalled();
     });
 
-    it('should reject multi-statement with any write operation in read-only mode', async () => {
-      const sql = "SELECT * FROM users; INSERT INTO users (name) VALUES ('test'); SELECT COUNT(*) FROM users;";
+    it('should reject multi-statement with any write operation', async () => {
+      const sql = "SELECT * FROM users; INSERT INTO users (name) VALUES ('test');";
       const handler = createExecuteSqlToolHandler('test_source');
       const result = await handler({ sql }, null);
 
       expect(result.isError).toBe(true);
-      const parsedResult = parseToolResponse(result);
-      expect(parsedResult.success).toBe(false);
-      expect(parsedResult.error).toContain('Read-only mode is enabled');
-      expect(parsedResult.code).toBe('READONLY_VIOLATION');
-      expect(mockConnector.executeSQL).not.toHaveBeenCalled();
+      expect(parseToolResponse(result).code).toBe('READONLY_VIOLATION');
     });
 
-  });
-
-  describe('SQL comments handling', () => {
-    it('should allow SELECT with single-line comment in read-only mode', async () => {
-      mockIsReadOnlyMode.mockReturnValue(true);
-      const mockResult: SQLResult = { rows: [{ id: 1 }] };
-      vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
-
-      const sql = '-- Fetch active users\nSELECT * FROM users WHERE active = TRUE';
-      const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql }, null);
-      const parsedResult = parseToolResponse(result);
+    it('should include source_id in error message', async () => {
+      const handler = createExecuteSqlToolHandler('prod_db');
+      const result = await handler({ sql: "DROP TABLE users" }, null);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
+      expect(parseToolResponse(result).error).toContain('prod_db');
     });
+  });
+
+  describe('readonly per-source isolation', () => {
+    // Verifies readonly is enforced per-source from executeOptions, not globally
 
-    it('should allow SELECT with multi-line comment in read-only mode', async () => {
-      mockIsReadOnlyMode.mockReturnValue(true);
+    it.each([
+      ['readonly: false', { readonly: false }],
+      ['readonly: undefined', {}],
+    ])('should allow writes when %s', async (_, options) => {
+      mockGetCurrentExecuteOptions.mockReturnValue(options);
       const mockResult: SQLResult = { rows: [] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
 
-      const sql = '/* This query fetches\n   all products */\nSELECT * FROM products';
-      const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql }, null);
-      const parsedResult = parseToolResponse(result);
+      const handler = createExecuteSqlToolHandler('writable_source');
+      const result = await handler({ sql: "INSERT INTO users (name) VALUES ('test')" }, null);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
+      expect(parseToolResponse(result).success).toBe(true);
+      expect(mockConnector.executeSQL).toHaveBeenCalled();
     });
 
-    it('should handle multiple statements with comments in read-only mode', async () => {
-      mockIsReadOnlyMode.mockReturnValue(true);
-      const mockResult: SQLResult = { rows: [] };
-      vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
+    it('should enforce readonly even with other options set', async () => {
+      mockGetCurrentExecuteOptions.mockReturnValue({ readonly: true, maxRows: 100 });
 
-      const sql = '-- First query\nSELECT * FROM users;\n/* Second query */\nSELECT * FROM roles;';
-      const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql }, null);
-      const parsedResult = parseToolResponse(result);
+      const handler = createExecuteSqlToolHandler('limited_source');
+      const result = await handler({ sql: "DELETE FROM users" }, null);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
+      expect(parseToolResponse(result).code).toBe('READONLY_VIOLATION');
     });
+  });
 
-    it('should reject INSERT with comment in read-only mode', async () => {
-      mockIsReadOnlyMode.mockReturnValue(true);
-
-      const sql = '-- Insert new user\nINSERT INTO users (name) VALUES (\'test\')';
-      const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql }, null);
-
-      expect(result.isError).toBe(true);
-      const parsedResult = parseToolResponse(result);
-      expect(parsedResult.success).toBe(false);
-      expect(parsedResult.code).toBe('READONLY_VIOLATION');
-      expect(mockConnector.executeSQL).not.toHaveBeenCalled();
+  describe('SQL comments handling in readonly mode', () => {
+    beforeEach(() => {
+      mockGetCurrentExecuteOptions.mockReturnValue({ readonly: true });
     });
 
-    it('should handle query that is only comments as read-only', async () => {
-      mockIsReadOnlyMode.mockReturnValue(true);
+    it.each([
+      ['single-line comment', '-- Fetch users\nSELECT * FROM users'],
+      ['multi-line comment', '/* Fetch all */\nSELECT * FROM products'],
+      ['inline comments', 'SELECT id, -- user id\n       name FROM users'],
+      ['only comments', '-- Just a comment\n/* Another */'],
+    ])('should allow SELECT with %s', async (_, sql) => {
       const mockResult: SQLResult = { rows: [] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
 
-      const sql = '-- Just a comment\n/* Another comment */';
       const handler = createExecuteSqlToolHandler('test_source');
       const result = await handler({ sql }, null);
-      const parsedResult = parseToolResponse(result);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
+      expect(parseToolResponse(result).success).toBe(true);
     });
 
-    it('should handle inline comments correctly', async () => {
-      mockIsReadOnlyMode.mockReturnValue(true);
-      const mockResult: SQLResult = { rows: [] };
-      vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
-
-      const sql = 'SELECT id, -- user id\n       name -- user name\nFROM users';
+    it('should reject write statement hidden after comment', async () => {
+      const sql = '-- Insert new user\nINSERT INTO users (name) VALUES (\'test\')';
       const handler = createExecuteSqlToolHandler('test_source');
       const result = await handler({ sql }, null);
-      const parsedResult = parseToolResponse(result);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith(sql, {});
+      expect(parseToolResponse(result).code).toBe('READONLY_VIOLATION');
     });
   });
 
-
   describe('edge cases', () => {
-    it('should handle empty SQL string', async () => {
+    it.each([
+      ['empty string', ''],
+      ['only semicolons and whitespace', '   ;  ;  ; '],
+    ])('should handle %s', async (_, sql) => {
       const mockResult: SQLResult = { rows: [] };
       vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
 
       const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql: '' }, null);
-      const parsedResult = parseToolResponse(result);
-
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith('', {});
-    });
-
-    it('should handle SQL with only semicolons and whitespace', async () => {
-      const mockResult: SQLResult = { rows: [] };
-      vi.mocked(mockConnector.executeSQL).mockResolvedValue(mockResult);
-
-      const handler = createExecuteSqlToolHandler('test_source');
-      const result = await handler({ sql: '   ;  ;  ; ' }, null);
-      const parsedResult = parseToolResponse(result);
+      const result = await handler({ sql }, null);
 
-      expect(parsedResult.success).toBe(true);
-      expect(mockConnector.executeSQL).toHaveBeenCalledWith('   ;  ;  ; ', {});
+      expect(parseToolResponse(result).success).toBe(true);
     });
   });
-});
+});

src/tools/execute-sql.ts

@@ -1,7 +1,6 @@
 import { z } from "zod";
 import { ConnectorManager } from "../connectors/manager.js";
 import { createToolSuccessResponse, createToolErrorResponse } from "../utils/response-formatter.js";
-import { isReadOnlyMode } from "../config/env.js";
 import { allowedKeywords } from "../utils/allowed-keywords.js";
 import { ConnectorType } from "../connectors/interface.js";
 import { requestStore } from "../requests/index.js";
@@ -108,9 +107,10 @@ export function createExecuteSqlToolHandler(sourceId?: string) {
       const connector = ConnectorManager.getCurrentConnector(sourceId);
       const executeOptions = ConnectorManager.getCurrentExecuteOptions(sourceId);
 
-      // Check if SQL is allowed based on readonly mode
-      if (isReadOnlyMode() && !areAllStatementsReadOnly(sql, connector.id)) {
-        errorMessage = `Read-only mode is enabled. Only the following SQL operations are allowed: ${allowedKeywords[connector.id]?.join(", ") || "none"}`;
+      // Check if SQL is allowed based on readonly mode (per-source)
+      const isReadonly = executeOptions.readonly === true;
+      if (isReadonly && !areAllStatementsReadOnly(sql, connector.id)) {
+        errorMessage = `Read-only mode is enabled for source '${effectiveSourceId}'. Only the following SQL operations are allowed: ${allowedKeywords[connector.id]?.join(", ") || "none"}`;
         success = false;
         return createToolErrorResponse(errorMessage, "READONLY_VIOLATION");
       }