Class ExecuteResearchQueryAction

Action that executes read-only SQL SELECT queries for research purposes with security validation.

Security Features:

  • SELECT-only enforcement (rejects INSERT, UPDATE, DELETE, DROP, etc.)
  • Dangerous operation detection (EXEC, xp_, sp_, dynamic SQL, etc.)
  • Query timeout protection
  • Audit logging of all queries
  • Result size limiting

Performance Features:

  • Configurable row limits to prevent overwhelming results
  • Execution time tracking
  • Validation warnings for potentially slow queries

Note: SQL syntax validation is handled by SQL Server during execution. This provides more accurate error messages than a JavaScript parser.

Example

// Simple SELECT query
await runAction({
  ActionName: 'Execute Research Query',
  Params: [{
    Name: 'Query',
    Value: 'SELECT TOP 100 * FROM Customers WHERE Country = ''USA'''
  }]
});

// Query with timeout
await runAction({
  ActionName: 'Execute Research Query',
  Params: [{
    Name: 'Query',
    Value: 'SELECT COUNT(*) FROM Orders GROUP BY CustomerID'
  }, {
    Name: 'Timeout',
    Value: 60
  }]
});

Hierarchy (view full)

Constructors

constructor

Properties

DANGEROUS_PATTERNS

Methods

InternalRunAction Run analyzeQueryData buildDetailedMessage ensureRowLimit formatAsCSV formatCSVRow formatCSVValue generateValidationWarnings getNumericParam getPromptByNameAndCategory getStringParam trimResultColumns validateQuerySecurity

Constructors

constructor

Properties

Private Readonly DANGEROUS_PATTERNS

DANGEROUS_PATTERNS: RegExp[] = ...

List of dangerous SQL keywords and patterns that should be blocked

Methods

Protected InternalRunAction

Run

  • Run(params): Promise<ActionResultSimple>

  • Executes the action with the provided parameters.

    Parameters

    • params: RunActionParams<any>

      The action execution parameters including context

    Returns Promise<ActionResultSimple>

    Promise resolving to the action result

Private analyzeQueryData

  • analyzeQueryData(results, columns, analysisRequest, params, columnMaxLength?): Promise<{
        analysis?: string;
        error?: string;
        success: boolean;
    }>

  • Analyze query data using AI prompt

    Parameters

    • results: any[]
    • columns: {
          ColumnName: string;
          DataType: string;
          IsNullable: boolean;
      }[]
    • analysisRequest: string
    • params: RunActionParams<any>
    • columnMaxLength: number = 0

    Returns Promise<{
        analysis?: string;
        error?: string;
        success: boolean;
    }>

Private buildDetailedMessage

  • buildDetailedMessage(results, columns, executionTimeMs, totalTimeMs, wasTruncated, warnings, returnType, formattedData?, analysis?): string

  • Build detailed message with query results for agent consumption

    Parameters

    • results: any[]
    • columns: {
          ColumnName: string;
          DataType: string;
          IsNullable: boolean;
      }[]
    • executionTimeMs: number
    • totalTimeMs: number
    • wasTruncated: boolean
    • warnings: string[]
    • returnType: string
    • Optional formattedData: string
    • Optional analysis: string

    Returns string

Private ensureRowLimit

Private formatAsCSV

Private formatCSVRow

Private formatCSVValue

  • formatCSVValue(value): string

  • Formats a single CSV value with proper escaping

    • Null/undefined values become empty strings
    • All string values are quoted and escaped
    • Numbers and booleans are converted to strings and quoted

    Parameters

    • value: any

    Returns string

Private generateValidationWarnings

Private getNumericParam

Private getPromptByNameAndCategory

Private getStringParam

Private trimResultColumns

  • trimResultColumns(results, maxLength): any[]

  • Trims columns in result set to maximum length Used for JSON format results to prevent verbose fields from overwhelming context

    Parameters

    • results: any[]

      Array of result objects

    • maxLength: number

      Maximum length for string values

    Returns any[]

    New array with trimmed values

Private validateQuerySecurity

  • validateQuerySecurity(query): {
        isValid: boolean;
        message?: string;
        resultCode?: string;
    }

  • Validates query for security concerns

    Parameters

    • query: string

    Returns {
        isValid: boolean;
        message?: string;
        resultCode?: string;
    }

    • isValid: boolean
    • Optional message?: string
    • Optional resultCode?: string

Settings

Member Visibility

Theme

On This Page

constructorDANGEROUS_PATTERNSInternalRunActionRunanalyzeQueryDatabuildDetailedMessageensureRowLimitformatAsCSVformatCSVRowformatCSVValuegenerateValidationWarningsgetNumericParamgetPromptByNameAndCategorygetStringParamtrimResultColumnsvalidateQuerySecurity