feat(snowflake): snowflake integration

[aadamgough]

Summary

Snowflake integration. Still testing some auth stuff for creating and deleting tables.

Fixes #(issue)

Type of Change

• [x] New feature

Testing

Tested manually

Checklist

• [x] Code follows project style guidelines
• [x] Self-reviewed my changes
• [x] Tests added/updated and passing
• [x] No new warnings introduced
• [x] I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Dec 6, 2025 11:35pm

[greptile-apps[bot]]

Greptile Overview

Greptile Summary

This PR adds comprehensive Snowflake integration with 12 operations including query execution, data manipulation (insert/update/delete), and metadata listing (databases, schemas, tables, views, warehouses, file formats, stages). The implementation uses Personal Access Token (PAT) authentication via Snowflake's SQL API v2.

Key Changes

• New Snowflake block (apps/sim/blocks/blocks/snowflake.ts): Multi-operation block with dropdown selector for different Snowflake operations
• 12 Snowflake tools: Execute query, insert/update/delete rows, and various list/describe operations
• Security improvements: Added sanitizeIdentifier() and validateWhereClause() functions to prevent SQL injection
• Icon addition: Snowflake SVG icon component

Critical Issues Found

Authentication Configuration Mismatch: The accessToken parameter has inconsistent visibility settings across the codebase. The block configuration uses password: true without explicit visibility, while all tools use visibility: 'hidden'. According to project standards, user-provided credentials like Personal Access Tokens should use visibility: 'user-only', not hidden. Only framework-injected OAuth tokens should use hidden visibility. This affects 5 files:

• apps/sim/blocks/blocks/snowflake.ts (line 48)
• apps/sim/tools/snowflake/execute_query.ts (line 28)
• apps/sim/tools/snowflake/insert_rows.ts (line 62)
• apps/sim/tools/snowflake/update_rows.ts (line 70)
• apps/sim/tools/snowflake/delete_rows.ts (line 48)

Positive Aspects

• SQL injection protection implemented through identifier sanitization and WHERE clause validation
• Comprehensive operation coverage for Snowflake data warehouse management
• Consistent error handling and logging across all tools
• Type-safe implementation with well-defined TypeScript interfaces
• Proper integration with existing block and tool registries

Confidence Score: 3/5

• Safe to merge with required fixes to authentication visibility configuration
• The core functionality is well-implemented with SQL injection protections in place. However, the authentication configuration violates project standards for credential visibility. The accessToken parameter uses hidden visibility in all tools when it should use user-only for user-provided PATs. This is a systemic issue affecting 5 files that must be corrected before merge to ensure proper credential handling throughout the application
• All Snowflake tool files (delete_rows.ts, insert_rows.ts, update_rows.ts, execute_query.ts) and the block configuration (snowflake.ts) require updates to accessToken visibility settings

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/blocks/blocks/snowflake.ts	3/5	New Snowflake block configuration with comprehensive operations. Critical issue: accessToken uses password: true without proper user-only visibility setting
apps/sim/tools/snowflake/utils.ts	4/5	Utility functions with SQL injection protection via identifier sanitization and WHERE clause validation. Minor edge case with dot-containing identifiers
apps/sim/tools/snowflake/delete_rows.ts	3/5	DELETE operation tool with proper sanitization. Issue: accessToken uses hidden visibility instead of user-only
apps/sim/tools/snowflake/insert_rows.ts	3/5	INSERT operation tool with identifier sanitization and value escaping. Issue: accessToken uses hidden visibility instead of user-only
apps/sim/tools/snowflake/update_rows.ts	3/5	UPDATE operation tool with sanitization and WHERE validation. Issue: accessToken uses hidden visibility instead of user-only
apps/sim/tools/snowflake/execute_query.ts	3/5	Query execution tool with response parsing. Issue: accessToken uses hidden visibility instead of user-only

Sequence Diagram

sequenceDiagram
    participant User
    participant SnowflakeBlock as Snowflake Block
    participant ToolRegistry as Tool Registry
    participant SnowflakeTool as Snowflake Tool
    participant Utils as Utils (sanitization)
    participant SnowflakeAPI as Snowflake API

    User->>SnowflakeBlock: Configure operation (e.g., insert_rows)
    User->>SnowflakeBlock: Provide accountUrl & accessToken (PAT)
    User->>SnowflakeBlock: Provide operation params (database, schema, table, etc.)
    
    SnowflakeBlock->>SnowflakeBlock: Select tool based on operation
    SnowflakeBlock->>SnowflakeBlock: Build tool params from block config
    
    SnowflakeBlock->>ToolRegistry: Call selected tool (e.g., snowflake_insert_rows)
    ToolRegistry->>SnowflakeTool: Execute tool with params
    
    SnowflakeTool->>Utils: Sanitize identifiers (database, schema, table, columns)
    Utils-->>SnowflakeTool: Return quoted identifiers
    
    alt Operation has WHERE clause
        SnowflakeTool->>Utils: Validate WHERE clause
        Utils-->>SnowflakeTool: Return validation result
    end
    
    SnowflakeTool->>SnowflakeTool: Build SQL statement
    SnowflakeTool->>SnowflakeTool: Create request body with statement
    
    SnowflakeTool->>SnowflakeAPI: POST /api/v2/statements
    Note right of SnowflakeAPI: Headers: Bearer token + PAT type
    
    SnowflakeAPI-->>SnowflakeTool: Response (statementHandle, data, etc.)
    
    SnowflakeTool->>SnowflakeTool: Transform response
    SnowflakeTool-->>ToolRegistry: Return formatted result
    ToolRegistry-->>SnowflakeBlock: Return result
    SnowflakeBlock-->>User: Display operation result