feat: notebooks with coding agents integration

.gitleaksignore

@@ -1,3 +1,5 @@
 8f797d824d664ccecaf1ce356509db5a3e3b739d:e2e/tests/enterprise/oidc.spec.js:generic-api-key:174
 8f797d824d664ccecaf1ce356509db5a3e3b739d:e2e/tests/enterprise/oidc.spec.js:generic-api-key:175
 8f797d824d664ccecaf1ce356509db5a3e3b739d:e2e/tests/enterprise/oidc.spec.js:generic-api-key:176
+b45446d25724585fee8379601c351e0bb1960373:e2e/tests/console/mcpBridgePermissions.spec.js:generic-api-key:9
+b45446d25724585fee8379601c351e0bb1960373:src/utils/mcp/consumePendingPair.test.ts:generic-api-key:27

e2e/commands.js

@@ -722,8 +722,13 @@ Cypress.Commands.add("getSearchResultGroups", () => {
   return cy.getByDataHook("search-result-buffer-group")
 })
 
-Cypress.Commands.add("createTabWithContent", (content, title) => {
+Cypress.Commands.add("addEditorTab", () => {
   cy.getByDataHook("new-tab-button").click()
+  cy.getByDataHook("new-tab-editor").click()
+})
+
+Cypress.Commands.add("createTabWithContent", (content, title) => {
+  cy.addEditorTab()
   cy.get(".chrome-tab-was-just-added").should("be.visible")
   cy.get(".chrome-tab-was-just-added").should("not.exist")
   cy.typeQueryDirectly(content)

e2e/tests/console/aiAssistant.spec.js

@@ -396,8 +396,9 @@ describe("ai assistant", () => {
       // Then
       cy.getByDataHook("ai-settings-modal-step-two").should("be.visible")
 
-      // When
-      cy.getByDataHook("ai-settings-schema-access").click()
+      // When - drop permissions to None so schema tools are excluded.
+      cy.getByDataHook("permissions-trigger").click()
+      cy.getByDataHook("permission-level-none").click()
       cy.getByDataHook("multi-step-modal-next-button").click()
 
       // Then - AI chat should be available
@@ -420,9 +421,10 @@ describe("ai assistant", () => {
         })
       })
 
-      // When - Open settings modal and enable schema access
+      // When - Open settings modal and re-enable schema access
       cy.getByDataHook("ai-assistant-settings-button").click()
-      cy.getByDataHook("ai-settings-schema-access").click()
+      cy.getByDataHook("permissions-trigger").click()
+      cy.getByDataHook("permission-level-schema").click()
       cy.getByDataHook("ai-settings-save").click()
       cy.get(".toast-success-container").should("be.visible").click()
 
@@ -1234,7 +1236,7 @@ describe("ai assistant", () => {
 
       // When - Close chat and create a new tab
       cy.getByDataHook("chat-window-close").click()
-      cy.get(".new-tab-button").click()
+      cy.addEditorTab()
 
       // Then - New tab should be created (2 tabs total now)
       cy.getEditorTabs().should("have.length", 2)
@@ -3026,7 +3028,7 @@ Syntax: \`avg(column)\`
 
       // Close the tab that the suggestion was applied to (archive the buffer)
       // First, create another tab so we can close the current one
-      cy.get(".new-tab-button").click()
+      cy.addEditorTab()
       cy.getEditorTabs().should("have.length", 2)
 
       // Close the first tab (the one with the accepted query)
@@ -3336,7 +3338,8 @@ describe("custom providers", () => {
     cy.getByDataHook("custom-provider-remove-model").click()
     cy.getByDataHook("custom-provider-model-chip").should("not.exist")
 
-    cy.getByDataHook("custom-provider-schema-access").check()
+    cy.getByDataHook("permissions-trigger").click()
+    cy.getByDataHook("permission-level-schema").click()
     cy.getByDataHook("multi-step-modal-next-button").click()
 
     cy.contains("AI Assistant activated successfully").should("be.visible")
@@ -3911,7 +3914,7 @@ describe("custom providers", () => {
       "have.value",
       "200000",
     )
-    cy.getByDataHook("custom-provider-schema-access").should("be.checked")
+    cy.getByDataHook("permissions-trigger").should("contain", "Schema access")
     cy.getByDataHook("custom-provider-add-model-button").should("be.disabled")
 
     cy.getByDataHook("custom-provider-manual-model-input").type(
@@ -4266,8 +4269,8 @@ describe("custom providers", () => {
     cy.get("[data-model='llama3']").should("exist")
     cy.get("[data-model='mistral']").should("exist")
 
-    // Schema access toggle is not disabled
-    cy.getByDataHook("ai-settings-schema-access").should("not.be.disabled")
+    // Permissions select is not disabled
+    cy.getByDataHook("permissions-trigger").should("not.be.disabled")
 
     // Manage models button visible
     cy.getByDataHook("ai-settings-manage-models").should("be.visible")

e2e/tests/console/aiAssistantPermissions.spec.js

@@ -0,0 +1,243 @@
+/// <reference types="cypress" />
+
+const {
+  PROVIDERS,
+  getOpenAIConfiguredSettings,
+  getOpenAIPermissionedSettings,
+  createToolCallFlow,
+} = require("../../utils/aiAssistant")
+
+const installValidateIntercept = () => {
+  cy.intercept("GET", "**/api/v1/sql/validate*", (req) => {
+    const url = new URL(req.url)
+    const sql = (url.searchParams.get("query") || "").trim().toUpperCase()
+    if (sql.startsWith("SELECT") || sql.startsWith("SHOW")) {
+      req.reply({
+        statusCode: 200,
+        body: {
+          query: sql,
+          columns: [{ name: "c1", type: "LONG" }],
+          timestamp: -1,
+        },
+      })
+      return
+    }
+    if (
+      sql.startsWith("INSERT") ||
+      sql.startsWith("UPDATE") ||
+      sql.startsWith("DELETE")
+    ) {
+      req.reply({ statusCode: 200, body: { queryType: "INSERT" } })
+      return
+    }
+    req.reply({ statusCode: 200, body: { queryType: "CREATE TABLE" } })
+  }).as("validate")
+}
+
+const installExecDqlIntercept = () => {
+  cy.intercept("GET", "**/exec*", (req) => {
+    req.reply({
+      statusCode: 200,
+      body: {
+        query: "SELECT 1",
+        columns: [{ name: "c1", type: "LONG" }],
+        dataset: [[1]],
+        count: 1,
+        timestamp: -1,
+      },
+    })
+  }).as("exec")
+}
+
+// get_questdb_toc fetches the docs TOC over the network; stub it so the free
+// tool resolves deterministically instead of reaching questdb.com.
+const installDocsTocIntercept = () => {
+  cy.intercept("GET", "**/web-console/toc-list.json", {
+    statusCode: 200,
+    body: { functions: ["count()"], operators: ["="], sql: ["SELECT"] },
+  }).as("docsToc")
+}
+
+// Every backend a granted tool can touch, stubbed in one call so a single
+// conversation can drive the full surface matrix without hitting the live DB.
+const installToolStubs = () => {
+  installValidateIntercept()
+  installExecDqlIntercept()
+  installDocsTocIntercept()
+}
+
+describe("ai assistant permissions", () => {
+  beforeEach(() => {
+    // Fail loudly on any unmocked provider request — each test scripts its own intercept.
+    cy.intercept("POST", PROVIDERS.openai.endpoint, (req) => {
+      throw new Error(
+        `Unhandled OpenAI request detected! Request body: ${JSON.stringify(
+          req.body,
+        ).slice(0, 200)}...`,
+      )
+    }).as("unhandledOpenAI")
+  })
+
+  describe("PermissionsSection in settings modals", () => {
+    beforeEach(() => {
+      cy.loadConsoleWithAuth(false, getOpenAIConfiguredSettings())
+    })
+
+    it("renders permission level select with cascading levels in SettingsModal", () => {
+      cy.getByDataHook("ai-assistant-settings-button")
+        .should("be.visible")
+        .click()
+
+      cy.getByDataHook("permissions").should("be.visible")
+      cy.getByDataHook("permissions-trigger").should("contain", "Schema access")
+
+      // Raise to Write: trigger label updates and all levels listed in menu.
+      cy.getByDataHook("permissions-trigger").click()
+      cy.getByDataHook("permission-level-write").click()
+      cy.getByDataHook("permissions-trigger").should("contain", "Write")
+
+      // Drop to None: trigger label updates back.
+      cy.getByDataHook("permissions-trigger").click()
+      cy.getByDataHook("permission-level-none").click()
+      cy.getByDataHook("permissions-trigger").should("contain", "None")
+    })
+  })
+
+  describe("tool permission gate — one pass per level", () => {
+    const GRANTED = { excludes: ["PERMISSION_DENIED"] }
+    const GRANTED_DQL = {
+      includes: ['"type":"dql"'],
+      excludes: ["PERMISSION_DENIED"],
+    }
+    const DENIED_SCHEMA = {
+      includes: ["PERMISSION_DENIED", "grantSchemaAccess"],
+    }
+    const DENIED_READ = { includes: ["PERMISSION_DENIED", "'read' permission"] }
+    const DENIED_WRITE = {
+      includes: ["PERMISSION_DENIED", "'write' permission"],
+    }
+
+    const hasRead = (level) => level === "read" || level === "write"
+
+    // Each surface is one tool call; `expect(level)` is the assertion for that
+    // surface's tool result at the configured level. free tools never gate;
+    // schema tools need grantSchemaAccess; run_query DQL needs read, DDL/DML
+    // needs write.
+    const SURFACES = [
+      {
+        toolCall: { name: "validate_query", args: { query: "SELECT 1" } },
+        expect: () => GRANTED,
+      },
+      {
+        toolCall: { name: "suggest_query", args: { query: "SELECT 1" } },
+        expect: () => GRANTED,
+      },
+      {
+        toolCall: { name: "get_questdb_toc", args: {} },
+        expect: () => GRANTED,
+      },
+      {
+        toolCall: { name: "get_tables", args: {} },
+        expect: (level) => (level === "none" ? DENIED_SCHEMA : GRANTED),
+      },
+      {
+        toolCall: {
+          name: "get_table_schema",
+          args: { table_name: "btc_trades" },
+        },
+        expect: (level) => (level === "none" ? DENIED_SCHEMA : GRANTED),
+      },
+      {
+        toolCall: {
+          name: "get_table_details",
+          args: { table_name: "btc_trades" },
+        },
+        expect: (level) => (level === "none" ? DENIED_SCHEMA : GRANTED),
+      },
+      {
+        toolCall: {
+          name: "run_query",
+          args: { sql: "SELECT count(*) FROM btc_trades" },
+        },
+        expect: (level) => (hasRead(level) ? GRANTED_DQL : DENIED_READ),
+      },
+      {
+        toolCall: { name: "run_query", args: { sql: "DROP TABLE btc_trades" } },
+        expect: (level) => (level === "write" ? GRANTED : DENIED_WRITE),
+      },
+    ]
+
+    const buildSteps = (level) => {
+      const steps = SURFACES.map((surface, index) => ({
+        toolCall: surface.toolCall,
+        ...(index > 0
+          ? { expectToolResult: SURFACES[index - 1].expect(level) }
+          : {}),
+      }))
+      steps.push({
+        finalResponse: {
+          explanation: "Permission matrix probe complete.",
+          sql: null,
+        },
+        expectToolResult: SURFACES[SURFACES.length - 1].expect(level),
+      })
+      return steps
+    }
+
+    const runMatrix = (level) => {
+      const flow = createToolCallFlow({
+        provider: "openai",
+        streaming: true,
+        question: `Probe tool permissions for the ${level} level.`,
+        steps: buildSteps(level),
+      })
+
+      flow.intercept()
+      cy.getByDataHook("ai-chat-button").click()
+      cy.getByDataHook("chat-input-textarea")
+        .should("be.visible")
+        .type(flow.question)
+      cy.getByDataHook("chat-send-button").click()
+      flow.waitForCompletion()
+
+      cy.getByDataHook("chat-message-assistant")
+        .should("be.visible")
+        .should("contain", "matrix probe complete")
+    }
+
+    const LEVELS = {
+      none: { read: false, write: false, grantSchemaAccess: false },
+      schema: { read: false, write: false, grantSchemaAccess: true },
+      read: { read: true, write: false, grantSchemaAccess: true },
+      write: { read: true, write: true, grantSchemaAccess: true },
+    }
+
+    const loadAtLevel = (level) => {
+      cy.loadConsoleWithAuth(
+        false,
+        getOpenAIPermissionedSettings(LEVELS[level]),
+      )
+      installToolStubs()
+    }
+
+    it("none: free tools pass, schema and SQL tools are denied", () => {
+      loadAtLevel("none")
+      runMatrix("none")
+    })
+
+    it("schema access: schema tools pass, SQL tools still denied", () => {
+      loadAtLevel("schema")
+      runMatrix("schema")
+    })
+
+    it("read access: DQL runs, write SQL still denied", () => {
+      loadAtLevel("read")
+      runMatrix("read")
+    })
+
+    it("write access: every tool surface is granted", () => {
+      loadAtLevel("write")
+      runMatrix("write")
+    })
+  })
+})