Skip to content

Add /api/raw-query (read-only ClickHouse) + hud sql#8161

Open
wdvr wants to merge 2 commits into
mainfrom
wdvr/hud-raw-query
Open

Add /api/raw-query (read-only ClickHouse) + hud sql#8161
wdvr wants to merge 2 commits into
mainfrom
wdvr/hud-raw-query

Conversation

@wdvr

@wdvr wdvr commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Stacked on #8156.

Adds an arbitrary read-only ClickHouse query endpoint and a hud sql command.

POST /api/raw-query { sql, params? }

  • Not public: requires the internal bot token (checkAuthWithApiToken), which only the /api/authed shim supplies after validating pytorch/pytorch write access. So the user-facing path is /api/authed/raw-query.
  • Read-only enforced three ways: the HUD read client (no write creds), ClickHouse readonly=2, and a SELECT/WITH single-statement check. Capped at 60s / 10k rows.

hud sql

hud sql "SELECT name, conclusion FROM default.workflow_job ORDER BY completed_at DESC LIMIT 10"

lib

queryClickhouse gains an optional extraSettings arg (backward compatible) to pass readonly etc.

Note: gcx already offers raw read-only ClickHouse via the Grafana datasource; this makes the hud CLI self-contained. Base is #8156's branch; will retarget to main once that merges.

wdvr added 2 commits June 8, 2026 16:01
@wdvr
Add hud CLI + authed API shim
693ee82 
hud CLI (tools/hud-cli/hud): wraps HUD APIs for humans (tables) and agents
(--json). Commands: login (gh + gcx), trunk, pr, user, and a generic query
over saved ClickHouse queries.

Authed shim (pages/api/authed/[...path].ts): mirrors /api/* but validates a
GitHub token, then forwards with the internal bypass header. Needs two Vercel
firewall bypass rules (see README).
@wdvr
Add /api/raw-query (read-only ClickHouse) + hud sql
9736750 
POST /api/raw-query runs an arbitrary read-only ClickHouse SELECT, gated by the
internal bot token (so it's only reachable with a user identity via the
/api/authed shim). Read-only enforced by the HUD read client, ClickHouse
readonly=2, and a SELECT/WITH single-statement check; results capped.

queryClickhouse gains an optional extraSettings arg (reused, backward compatible).
hud CLI gets 'hud sql "SELECT ..."'.
@vercel

vercel Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
torchci Ready Ready Preview Jun 8, 2026 11:07pm

Request Review

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Jun 8, 2026
@wdvr wdvr mentioned this pull request Jun 9, 2026
Merged
Base automatically changed from wdvr/hud-cli to main June 9, 2026 18:20
@meta-cla

meta-cla Bot commented Jun 27, 2026

Copy link
Copy Markdown

Hi @wdvr!

Thank you for your pull request.

We require contributors to sign our Contributor License Agreement, and yours needs attention.

You currently have a record in our system, but the CLA is no longer valid, and will need to be resubmitted.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wdvr