#93 — SQL table router errors exposes db password
Repo: Twill-AI/facade State: closed | Status: done Assignee: Unassigned
Created: 2024-08-30 · Updated: 2025-09-15
Description
STR
- Login in staging as regular tenant user (user@example.com).
- Hit POST /api/v1/master/sql_table_router/search?query=asdf&k=4
Expected: some error that only “master” tenant users have access.
Actual: error with connection string
logs:
2024-08-30T14:28:59.120715070Z Exception ignored in: <function PGVector.__del__ at 0x76daf0209e40>
2024-08-30T14:28:59.120770894Z Traceback (most recent call last):
2024-08-30T14:28:59.120783096Z File "/usr/local/lib/python3.12/site-packages/langchain_postgres/vectorstores.py", line 327, in __del__
2024-08-30T14:28:59.121202393Z if isinstance(self._engine, sqlalchemy.engine.Connection):
2024-08-30T14:28:59.121221008Z ^^^^^^^^^^^^
2024-08-30T14:28:59.121794003Z AttributeError: 'PGVectorCustom' object has no attribute '_engine'
2024-08-30T14:28:59.143921727Z INFO: 10.0.2.25:48490 - "POST /api/v1/master/sql_table_router/search?query=asdf&k=4 HTTP/1.1" 500 Internal Server Error
2024-08-30T14:29:14.426570819Z INFO: 10.0.2.100:45144 - "GET /docs HTTP/1.1" 200 OK
Implementation Details:
During investigation were found a number issues:
- Implementation of Facade’s
SqlTableRouterRestRouterhave an issue for “regular” users - it fails with “User doesn’t have tenant.” while is expected something like “Only for master tenant users.”. - LlmEngine’s
SqlTableRouterPGVectorWrapperusesPgConnectionw
Notes
Add implementation notes, blockers, and context here
Related
Add wikilinks to related people, meetings, or other tickets