惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - Franky
W
WeLiveSecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
News and Events Feed by Topic
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
Security Affairs
SecWiki News
SecWiki News
T
Tenable Blog
C
CERT Recently Published Vulnerability Notes
Forbes - Security
Forbes - Security
Google Online Security Blog
Google Online Security Blog
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
Cisco Talos Blog
Cisco Talos Blog
PCI Perspectives
PCI Perspectives
Engineering at Meta
Engineering at Meta
博客园 - 聂微东
Cyberwarzone
Cyberwarzone
Hugging Face - Blog
Hugging Face - Blog
Microsoft Azure Blog
Microsoft Azure Blog
V
Vulnerabilities – Threatpost
宝玉的分享
宝玉的分享
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Vercel News
Vercel News
V
Visual Studio Blog
T
Threatpost
Project Zero
Project Zero
Know Your Adversary
Know Your Adversary
I
InfoQ
G
Google Developers Blog
博客园 - 【当耐特】
Google DeepMind News
Google DeepMind News
T
The Blog of Author Tim Ferriss
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
TaoSecurity Blog
TaoSecurity Blog
O
OpenAI News
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tor Project blog
Schneier on Security
Schneier on Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
Security Latest
Security Latest
Attack and Defense Labs
Attack and Defense Labs
aimingoo的专栏
aimingoo的专栏
H
Heimdal Security Blog

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - justjake/sqlite3-parser-js: Pure JavaScript port of SQLite's LALR(1) SQL parser with improved error messages
jitl · 2026-05-12 · via Hacker News: Show HN

Parse SQLite query syntax.

  • Fast: 2x-200x faster than other JavaScript SQL parsers, see benchmarks.
  • Light: Pure JavaScript, no WebAssembly overhead. Ships ~32 KB gzipped and runs unchanged in Node, Bun, and the browser.
  • Faithful: The parser based on SQLite's parse.y grammar file using a patched version of the Lemon parser generator to emit TypeScript code.
  • Helpful: Improved error messages, extending the canonical near "X": syntax error wording with source location, a list of terminals that would have been accepted, and a grammar-aware hint for common mistakes (unclosed groups with a pointer at the opener, trailing commas, keywords-used-as-identifiers, FILTER-before-OVER, etc.).

bundlejs npm CI

Usage

Parse SQL script with multiple statements, or return an error:

import { parse } from "sqlite3-parser"

const result = parse(`
  INSERT INTO users VALUES (1, 'Douglas');
  SELECT id, name FROM users WHERE active = 1
`)

// result is a union of ParseOk and ParseErr
// type ParseOk = { status: "ok"; root: CmdList; ... }
// type ParseErr = { status: "error"; errors: readonly ParseDiagnostic[]; ... }
if (result.status === "ok") {
  // Root is a CmdListNode containing all top-level statements
  const { cmds } = result.root
  console.log(cmds.length) // -> 2
  console.log(cmds[0].type) // -> InsertStmt
  console.log(cmds[1].type) // -> SelectStmt
} else {
  throw "expected ok"
}

Parse single statement at a time, or return an error:

import { parseStmt } from "sqlite3-parser"

const result = parseStmt("SELECT id, name FROM users WHERE active = 1")
if (result.status === "ok") {
  // Root is a StmtNode containing the first top-level statement
  console.log(result.root.type) // -> SelectStmt
}

// By default, parseStmt rejects trailing content (second statements, garbage tokens)
const result2 = parseStmt("SELECT id, name FROM users WHERE active = 1; SELECT 1")
if (result2.status === "error") {
  console.error(result2.errors.join("\n"))
}

// Use `allowTrailing: true` to incrementally parse a multi-statement script
function* parseEach(sql: string) {
  while (sql) {
    const result = parseStmt(sql, { allowTrailing: true })
    yield result
    if (result.status === "error") {
      return
    }
    sql = sql.slice(result.tail)
  }
}

Parse or throw an error:

import { parseOrThrow, parseStmtOrThrow } from "sqlite3-parser"

const { root: cmds } = parseOrThrow("SELECT id, name FROM users WHERE active = 1; SELECT 1")
console.log(cmds.type) // -> CmdList
const { root: stmt } = parseStmtOrThrow("SELECT id, name FROM users WHERE active = 1")
console.log(stmt.type) // -> SelectStmt

Errors

Parse failures are modeled as "diagnostics". These are not sub-classes of Error, so constructing them is cheap since no stack trace is captured.

type ParseDiagnostic = {
  /** Error message */
  readonly message: string
  /** Location of the error */
  readonly span: Span
  /** Optional: the token that caused the error */
  readonly token?: Token
  /** Optional: additional hints about the error (eg, solutions)  */
  readonly hints?: readonly DiagnosticHint[]
  /** Optional: the filename used in error messages, if provided at parse time */
  readonly filename?: string
  /** Format the diagnostic as a string with source code citations rendered as code blocks */
  format(): string
  /** Alias of {@link format} */
  toString(): string
}

interface DiagnosticHint {
  /** Hint message */
  readonly message: string
  /** Optional: the source location the hint is referring to */
  readonly span?: Span
}

parse and parseStmt return an array of structured diagnostics when status === "error". Because diagnostics implement toString, you can use errors.join("\n") to get a ready-to-print block with source code and carets.

const result = parse("SELECT FROM users")
if (result.status === "error") {
  for (const err of result.errors) {
    // access fields:
    //   err.message    → "near \"FROM\": syntax error"
    //   err.span       → { offset, length, line, col }
    //   err.token      → the offending Token, when available
    //   err.hints      → readonly { message, span? }[]
  }

  // Same as result.errors.map(e => e.format()).join("\n")
  console.error(result.errors.join("\n")) // -v
  // near "FROM": syntax error
  //
  // At 1:7:
  //    1│ SELECT FROM users
  //     │        ^^^^
  //
  //   hint: expected a result expression before FROM
} else {
  throw "expected error"
}

parseOrThrow and parseStmtOrThrow throw a Sqlite3ParserDiagnosticError with the diagnostics formatted as the error message.

import { parseOrThrow, Sqlite3ParserDiagnosticError } from "sqlite3-parser"
try {
  parseOrThrow("SELECT FROM users")
} catch (e) {
  if (e instanceof Sqlite3ParserDiagnosticError) {
    console.error(e.errors.length) // -> 1
    console.error(e.errors[0].message) // -> "near \"FROM\": syntax error"
    console.error(e.message) // -v
    // near "FROM": syntax error
    //
    // At 1:7:
    //    1│ SELECT FROM users
    //     │        ^^^^
    //
    //   hint: expected a result expression before FROM
  } else {
    throw e
  }
}

AST Viewer

Use the included sqlite3-parser command-line tool to quicly view AST of queries as JSON (default) or as S-expressions with --pretty:

$ sqlite3-parser 'select 1' --pretty
(CmdList
  (SelectStmt
    (Select
      (SelectFrom
        (ExprResultColumn
          (NumericLiteral :value "1"))))))$ sqlite3-parser --pretty "SELECT 1"

You can chain with the sqllogictest-parser tool to extract queries from a sqllogictest file for parsing:

$ sqllogictest-parser test/examples/expr.sqllogictest --sql --idx 4:5 |
    sqlite3-parser --pretty
(CmdList
  (SelectStmt
    (Select
      (SelectFrom
        (ExprResultColumn
          (FunctionCallExpr :distinctness "Distinct"
            (Id :name "group_concat")
            (Id :name "d")
            (SortListFunctionCallOrder
              (SortedColumn
                (Id :name "a")))))
        (FromClause
          (TableSelectTable
            (QualifiedName
              (Name :text "t1")))))))
  (SelectStmt
    (Select
      (SelectFrom
        (ExprResultColumn
          (FunctionCallExpr
            (Id :name "percentile_cont")
            (NumericLiteral :value "0.5")
            (WithinGroupFunctionCallOrder
              (Id :name "a"))))
        (FromClause
          (TableSelectTable
            (QualifiedName
              (Name :text "t1"))))))))

There are many example queries in the sqlite3-parser test suite:

AST Traversal

traverse exposes an ESTree-style walker. A depth-first walk fires enter on every node, recurses into child slots in their surface-syntax order, then fires leave:

import { parseOrThrow, traverse } from "sqlite3-parser"

const { root } = parseOrThrow("SELECT a, b FROM t")
const tables: string[] = []

traverse(root, {
  // All args optional.
  enter(node, parent) {
    // Runs before `nodes` handler on every node.
  },
  nodes: {
    // Runs before visiting children.
    TableSelectTable(node, _parent) {
      // TableSelectTable.tblName → QualifiedName.objName → Name.text
      tables.push(node.tblName.objName.text)
      // From any handler:
      //   return "skip" to stop descending into the current node
      //   return "break" to halt the whole walk
      //   return "continue" / nothing to proceed
      return "skip"
    },
  },
  leave(node, parent) {
    // Runs after visiting children.
  },
  keys: {
    // Override traversal order & keys for a specific node type.
    Select: ["with", "select", "compounds"],
  },
})

console.log(tables) // -> ["t"]

A few things worth knowing:

  • Per-type handlers. Instead of a single enter with a big switch, pass nodes: { SelectStmt(node) { … }, BinaryExpr(node, parent) { … }, … }. Each handler is strongly typed to that node type.
  • Visit control. Callbacks may return "skip" to stop descending into the current node (but still fire leave), "break" to halt the whole walk, or nothing / "continue" to proceed.
  • Visitor keys. VisitorKeys is the per-type list of child-bearing property names in traversal order. You can pass keys: { CaseExpr: ["base", "elseExpr"] } to override traversal for specific types per call.
  • Parent tracking. Callbacks receive (node, parent) where parent is the enclosing AST node, or undefined at the root.

The type AstNodeMap maps every type discriminator string to its interface. traverse uses that map to type per-type handlers; user code can too — e.g. type NodeOfType<T extends keyof AstNodeMap> = AstNodeMap[T].

Benchmarks

tl;dr:

    ~2.5x faster than liteparser (wasm)
    ~6x   faster than @guanmingchiu/sqlparser-ts (wasm)
   ~10x   faster than node-sql-parser
  ~100x   faster than pgsql-ast-parser
  ~200x   faster than sqlite-parser
  ~250x   faster than @appland/sql-parser
  • Results are averages from bun run bench:compare on one machine:
    • CPU: Apple M4 Max
    • Runtime: Bun 1.3.11 (arm64-darwin)
  • The compared parsers do not produce the same AST shape.
  • WebAssembly libraries pay some bridging overhead.

Cases

Case Description
tiny Single SELECT 1; statement.
small Single CREATE TABLE users (...) statement.
medium WITH query with joins, aggregate, window function, FILTER, grouping, ordering, and LIMIT.
large Wide CREATE TABLE analytics_events (...) statement with 96 metric columns.
deep Nested expressions with a subquery.
broken Invalid input with a trailing comma before FROM; used for the syntax-error path.

Results

Avg per-iteration parse time across the five inputs, compared to ours.

Parser tiny small medium large deep
Ours 0.93 µs 3.12 µs 19.90 µs 61.15 µs 9.80 µs
liteparser (wasm) 2.05 µs (2.2×) 4.92 µs (1.6×) 49.88 µs (2.5×) 86.14 µs (1.4×) 31.71 µs (3.2×)
@guanmingchiu/sqlparser-ts (wasm) 5.97 µs (6.4×) 14.42 µs (4.6×) 143.50 µs (7.2×) 186.30 µs (3.0×) 71.35 µs (7.3×)
node-sql-parser 10.83 µs (12×) 27.53 µs (8.8×) 290.78 µs (15×) 567.35 µs (9.3×) 1.12 ms (114×)
pgsql-ast-parser 53.05 µs (57×) 61.80 µs (20×) 2.73 ms (137×) 925.68 µs (15×) 1.05 ms (108×)
sqlite-parser 472.37 µs (509×) 614.04 µs (197×) 5.59 ms (281×) 7.09 ms (116×) 3.30 ms (337×)
@appland/sql-parser 561.18 µs (605×) 715.16 µs (229×) 6.81 ms (342×) 7.99 ms (131×) 3.73 ms (380×)

Libraries compared:

  • Ours - TypeScript parser derived from SQLite's parse.y grammar, uses Lemon LALR(1) parser generator to dump parser tables as JSON, which is used to drive a small TypeScript emitter.
  • @sqliteai/liteparser — C/WebAssembly parser extracted from the original SQLite parser (parse.y) with minimal modifications. It uses the same Lemon LALR(1) parser generator and a hand-written tokenizer derived from SQLite's own lexer.
  • sqlite-parser — PEG.js-generated pure-JS parser for SQLite (Code School, 2015-2017).
  • @appland/sql-parser — AppLand's maintained fork of sqlite-parser with additional grammar coverage.
  • node-sql-parser — PEG.js-derived multi-dialect parser; run here with database: "sqlite".
  • pgsql-ast-parser — nearley + moo Postgres grammar.
  • @guanmingchiu/sqlparser-ts — Rust/WebAssembly wrapper around datafusion-sqlparser-rs; run with its "sqlite" dialect.

Lemon JSON

Lemon is a LALR(1) parser generator similar to Yacc, written by SQLite's author, Dr. Richard Hipp. SQLite's own parser is generated with Lemon.

Our patched lemon.c can emit a JSON dump of the parser tables, making Lemon usable for any programming language.

To implement a SQLite parser in another language you need roughly:

  1. A lexer. Eg our src/tokenize.ts, SQLite's src/tokenize.c — ~1000 LoC.
  2. An LALR(1) driver. Eg our src/lempar.ts, SQLite's tool/lempar.c — ~400 LoC. Consumes the tables in parser.dev.json, emits shift/reduce events.
  3. parse.y, updated for your AST & language. Eg our parse.y,SQLite's parse.y. Start with one and replace action bodies with your own.

Contributing

├── src/                        runtime (TypeScript)
│   ├── lempar.ts               LALR(1) engine — 1:1 port of sqlite/tool/lempar.c
│   ├── parser.ts               AST-building parser layered on lempar
│   ├── tokenize.ts             lexer — port of sqlite/src/tokenize.c
│   ├── util.ts                 pure helpers from sqlite/src/util.c, string unquoting
│   ├── diagnostics.ts          Diagnostics, hints
│   ├── errors.ts               Error subclasses
│   ├── ast/                    AST definitions + helpers
│   │   ├── nodes.ts            every node interface, plus `AstNode` / `AstNodeMap`
│   │   ├── parseActions.ts     node constructors invoked from grammar actions
│   │   ├── parseState.ts       per-parse mutable state threaded to the reducer
│   │   └── traverse.ts         ESTree-style AST walker + helpers
│   ├── cli/                    shared runner used by the bin/ entry points
│   └── sqllogictest/           sqllogictest reader + test emitter (sqlite3-parser/sqllogictest)
├── generated/                  codegen + tables (checked into git)
│   ├── current.ts              re-export shim for the default version
│   ├── template/               per-version source templates (e.g. `index.ts`) consumed by codegen
│   ├── <version>/              one directory per tracked SQLite release
│   │   ├── index.ts            per-version TS wrapper (codegen)
│   │   ├── parse.ts            LALR tables + per-rule reducer (codegen)
│   │   ├── keywords.ts         keyword table (codegen)
│   │   ├── parser.dev.json     full grammar dump (debug/introspection)
│   │   └── keywords.{dev,prod}.json
│   └── json-schema/v1/         formal JSON Schemas for the dumps
├── vendor/                     vendored SQLite sources + patches
│   ├── manifest.json           which versions we track, their hashes & commits
│   ├── upstream/<version>/     pristine SQLite sources
│   ├── patched/<version>/      our patched lemon.c + mkkeywordhash.c + parse.y
│   └── README.md               details on the vendor tree
├── test/                       test suites (see Testing, below)
│   ├── examples/               curated SQL corpora (`.sqllogictest`) + generated AST snapshot tests
│   ├── sqlite/                 tokenizer, lexer, literal, and keyword tests ported from SQLite
│   └── sqllogictest/           large external sqllogictest corpora (evidence, index, random)
├── scripts/                    build, codegen, bench, and profiling tooling
├── bin/                        standalone CLI entry points
└── Makefile                    pattern rules for the per-version build graph

Development commands:

Command Purpose
bun run test Run the full test suite.
bun run typecheck tsc --noEmit over source + tests + scripts.
bun run lint Run oxlint.
bun run fmt Run oxfmt (formatter).
bun run coverage Run the suite with lcov coverage, then bun run coverage:rules for the grammar rule-hit report.
bun run build Full build: build:gen then build:dist.
bun run build:gen Codegen only — alias for make gen (regenerate everything under generated/).
bun run build:dist Dist only — tsc -p tsconfig.build.json emits a 1:1 JS mirror of the source tree into dist/.
bun run bench Run the internal benchmarks (tokenize, parse, error path). :node runs under Node.
bun run bench:compare Compare performance against other libraries. :node runs under Node.
bun run bench:dist Run bench against the built dist/ (rather than source). :compare / :node variants exist.
bun run prof CPU-profile the parser hot loop. :node runs under Node.
bun run prof:report Render the most recent bun run prof run into a text report.
bun run dist-test Run the external-consumer smoke tests against the built dist/ (use :build to rebuild first).
bun run vendor <ref> Onboard a new SQLite version (see below).
make gen Regenerate all per-version outputs under generated/ (same as build:gen).
make generated/<ver>/… Regenerate a specific output without re-running the whole vendor flow.
make help List every pattern target Make knows about.

Anything touching the vendored SQLite sources is explained in vendor/README.md.

Testing

bun run test runs the full suite. Tests are organized into three clusters:

  • test/examples/ — curated SQL corpora (.sqllogictest) paired with generated AST snapshot tests. Good place to add regression coverage for a new grammar case.
  • test/sqlite/ — tokenizer, lexer, literal, and keyword tests ported from SQLite's own test vectors.
  • test/sqllogictest/ — large external sqllogictest corpora for broad acceptance coverage.

Adding new SQLite versions

bun run vendor 3.55.0

This:

  1. Adds a submodule at vendor/submodule/3.55.0/ pointing at SQLite's GitHub mirror, checked out at tag version-3.55.0.
  2. Copies tool/{lemon.c, mkkeywordhash.c, lempar.c} and src/parse.y into vendor/upstream/3.55.0/.
  3. 3-way merges our patches against the most recent previous version's patched + upstream, writing the result to vendor/patched/3.55.0/. On conflict the script leaves <<<<<<< markers in the patched file and exits non-zero; resolve by hand and re-run.
  4. Rebuilds the tools (build/lemon-3.55.0, build/mkkeywordhash-3.55.0) and runs them to produce generated/3.55.0/{parse.ts, parser.dev.json, keywords.{dev,prod}.json}, validated against the JSON Schemas.
  5. Regenerates generated/3.55.0/index.ts and generated/current.ts. The new version becomes the current one in vendor/manifest.json; old versions are preserved forever.

After the script reports success, review the merged patches, run bun test, and commit. The script never auto-commits — it's easy to bury a silent regression otherwise.

Flags: --no-submodule --from <path> bring your own SQLite source tree (useful for building against an unreleased development snapshot), --commit <sha> overrides the commit hash recorded in the manifest.

Releases

Every push to main is automatically published to npm by CI via GitHub OIDC trusted publishing.

  • New package.json versions publish as "latest" dist-tag; default for npm install (stable)
  • Existing versions publish as ${version}-next.<sha> to the "next" dist-tag; use npm install <pkg>@next to install (preview)
  • See all published versions

Stability

  • AST shape may change on minor versions before v1.0.0.