Avatar for the Eventual-Inc user
Eventual-Inc
Daft
BlogDocsChangelog

Performance History

Latest Results

fix(sql): redact password in SQL connection errors and repr (#6902) ## Changes Made `daft.read_sql` error messages and `SQLConnection.__repr__` print the full connection URL, which leaks the password when authentication fails. A customer connecting to Trino reported: ```python df = daft.read_sql( "SELECT * FROM iceberg.namespace.table", f"trino://{user}:{password}@trino_host:443", ) # RuntimeError: Failed to execute sql: ... from connection: trino://user:THE_REAL_PASSWORD@trino_host:443, error: ... ``` This change adds a small `_redact_url` helper in `daft/sql/sql_connection.py` that replaces the password with `***` while preserving the username (matching SQLAlchemy's `URL.render_as_string(hide_password=True)` convention โ€” keeping the username is helpful for debugging and Trino's own auth error already surfaces it). The helper is wired into: - `SQLConnection.__repr__` - The `RuntimeError` raised from the connectorx execution path - The `RuntimeError` raised from the SQLAlchemy execution path After the fix: ``` trino://alice:hunter2@trino.example.com:443 -> trino://alice:***@trino.example.com:443 ``` URLs without a password (e.g. `sqlite:///my.db`, `mysql://user@host/db`) and non-URL strings are returned unchanged. ### Tests Added 10 unit tests in `tests/io/test_sql.py`: - 8 parametrized cases for `_redact_url` covering URLs with/without password, empty username, port/path/query, and non-URL inputs. - `test_execute_sql_error_does_not_leak_password` โ€” drives a real connection failure and asserts the password is absent and the redacted form (`alice:***@127.0.0.1:1`) is present. - `test_repr_does_not_leak_password`. All pass locally. ## Related Issues n/a โ€” reported by a customer. ## Test plan - [ ] CI green (lint, mypy `--all-files`, tests) - [ ] Reviewer confirms password redaction behaviour and convention choice (username preserved) ๐Ÿค– Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Varun Madan <varun@Varuns-MacBook-Pro.local> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Varun Madan <varun@mac.attlocal.net>
main
43 minutes ago
fix(sql): make hide_password explicit in from_connection_factory SQLAlchemy's URL.render_as_string() already defaults to hide_password=True, but spelling it out documents the security intent at the storage site and guards against any future default change. Addresses Greptile P2 on #6902. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
varun/redact-sql-creds
10 hours ago
update remote uri check
gavin9402:introduce_file_resource
14 hours ago
fix(sql): redact password in SQL connection errors and repr read_sql error messages and SQLConnection.__repr__ printed the full connection URL, leaking the password when authentication failed or the connection raised. Replace the password with *** while keeping the username (matching SQLAlchemy's render_as_string(hide_password=True) convention) in error output and repr. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
varun/redact-sql-creds
16 hours ago
feat(lance): partitioned reads/writes (#6898) ## Changes Made implements lance's [Partitioning Spec](https://lance.org/format/namespace/partitioning-spec/) for partitioned reads/writes ## Related Issues <!-- Link to related GitHub issues, e.g., "Closes #123" -->
main
17 hours ago
feat: streaming ASOF joins (#6846) Benchmarks: system ย  ย  ย  scaleย  ย  status ย  med_time_sย  med_peak_gb ``` **Before:** daft_nativeย  smallย  ย  ok ย  ย  ย  ย  ย  ย  3.35 ย  ย  ย  ย  1.21 daft_nativeย  medium ย  okย  ย  ย  ย  41.42ย  ย  ย  ย  10.54 **After:** daft_native small ok 2.74 0.88 daft_native medium ok 33.27 7.10 ``` **The new algorithm:** **Build** - Concat all left morsels into one table - Hash left rows by by_key into groups - Sort each group's rows by on_key **Probe (per worker, per morsel)** - For each right row: hash by_key โ†’ find group โ†’ binary search for first left row where left_on_key >= right_on_key - If that left row has no match yet, or this right row is closer (larger on_key), update best_match[left_idx] = (morsel_idx, row_idx) **Finalize** - Merge each worker's local best_match into a global best via parallel rayon chunks - Backfill: within each group (in sorted order), propagate a match to any subsequent left row that has none - Build output: flatten all right tables, convert (morsel_idx, row_idx) pointers to a flat UInt64Array, take rows from the right table, concat with left table
main
19 hours ago
feat(dashboard): make header smaller in query details (#6900) ## Changes Made This compresses the header in the query details to make more space for the plan and other information.
main
19 hours ago
style: rustfmt long method chain in emit_per_task_stats_updates https://claude.ai/code/session_01RXTspChUo4qFRxfFjJZqjr
claude/implement-linear-df-1992-eIF20
19 hours ago

Latest Branches

CodSpeed Performance Gauge
+10%
fix(sql): redact password in SQL connection errors and repr#6902
11 hours ago
e4fe0b0
varun/redact-sql-creds
CodSpeed Performance Gauge
0%
feat: Introduce file resource management#6637
10 days ago
642fcd5
gavin9402:introduce_file_resource
CodSpeed Performance Gauge
0%
feat(dashboard): per-task rows/bytes stats with task-topology markers#6861
20 hours ago
824fe7f
claude/implement-linear-df-1992-eIF20
ยฉ 2026 CodSpeed Technology
Home Terms Privacy Docs