e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
129 lines
2.7 KiB
Python
129 lines
2.7 KiB
Python
# dialects/postgresql/operators.py
|
|
# Copyright (C) 2005-2026 the SQLAlchemy authors and contributors
|
|
# <see AUTHORS file>
|
|
#
|
|
# This module is part of SQLAlchemy and is released under
|
|
# the MIT License: https://www.opensource.org/licenses/mit-license.php
|
|
# mypy: ignore-errors
|
|
from ...sql import operators
|
|
|
|
|
|
_getitem_precedence = operators._PRECEDENCE[operators.json_getitem_op]
|
|
_eq_precedence = operators._PRECEDENCE[operators.eq]
|
|
|
|
# JSON + JSONB
|
|
ASTEXT = operators.custom_op(
|
|
"->>",
|
|
precedence=_getitem_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
)
|
|
|
|
JSONPATH_ASTEXT = operators.custom_op(
|
|
"#>>",
|
|
precedence=_getitem_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
)
|
|
|
|
# JSONB + HSTORE
|
|
HAS_KEY = operators.custom_op(
|
|
"?",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
HAS_ALL = operators.custom_op(
|
|
"?&",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
HAS_ANY = operators.custom_op(
|
|
"?|",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
# JSONB
|
|
DELETE_PATH = operators.custom_op(
|
|
"#-",
|
|
precedence=_getitem_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
)
|
|
|
|
PATH_EXISTS = operators.custom_op(
|
|
"@?",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
PATH_MATCH = operators.custom_op(
|
|
"@@",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
# JSONB + ARRAY + HSTORE + RANGE
|
|
CONTAINS = operators.custom_op(
|
|
"@>",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
CONTAINED_BY = operators.custom_op(
|
|
"<@",
|
|
precedence=_eq_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
is_comparison=True,
|
|
)
|
|
|
|
# ARRAY + RANGE
|
|
OVERLAP = operators.custom_op(
|
|
"&&",
|
|
precedence=_eq_precedence,
|
|
is_comparison=True,
|
|
)
|
|
|
|
# RANGE
|
|
STRICTLY_LEFT_OF = operators.custom_op(
|
|
"<<", precedence=_eq_precedence, is_comparison=True
|
|
)
|
|
|
|
STRICTLY_RIGHT_OF = operators.custom_op(
|
|
">>", precedence=_eq_precedence, is_comparison=True
|
|
)
|
|
|
|
NOT_EXTEND_RIGHT_OF = operators.custom_op(
|
|
"&<", precedence=_eq_precedence, is_comparison=True
|
|
)
|
|
|
|
NOT_EXTEND_LEFT_OF = operators.custom_op(
|
|
"&>", precedence=_eq_precedence, is_comparison=True
|
|
)
|
|
|
|
ADJACENT_TO = operators.custom_op(
|
|
"-|-", precedence=_eq_precedence, is_comparison=True
|
|
)
|
|
|
|
# HSTORE
|
|
GETITEM = operators.custom_op(
|
|
"->",
|
|
precedence=_getitem_precedence,
|
|
natural_self_precedent=True,
|
|
eager_grouping=True,
|
|
)
|