We give every user SQL access to a shared ClickHouse cluster
4 days ago
- #database
- #security
- #query-language
- TRQL (Trigger Query Language) is a SQL-style language designed to allow users to write arbitrary SQL queries against a shared multi-tenant analytical database without exposing other tenants' data or risking rogue queries.
- TRQL compiles to secure, tenant-isolated ClickHouse queries, ensuring tenant isolation is compiler-enforced and internal database details are hidden.
- Key reasons for building TRQL include: security by controlling operations via grammar, automatic tenant isolation, abstraction of internal database details, and adding features not native to ClickHouse.
- ClickHouse was chosen for its columnar storage, performance, rich SQL capabilities, and scalability.
- TRQL's compilation pipeline includes parsing with ANTLR, schema validation, tenant isolation, time restrictions, parameterization of values, and generating ClickHouse SQL.
- TRQL features virtual columns, column renaming, value transforms, and column metadata for rendering, enhancing usability and security.
- Custom functions like `timeBucket()` and `prettyFormat()` provide automatic time bucketing and rendering hints for computed expressions.
- The query editor offers schema-powered autocomplete and linting, using a dual-parser architecture for performance and correctness.
- Limits on concurrency, rows, time ranges, and query resources ensure system health and prevent abuse.
- TRQL powers dashboard widgets, SDK queries, and the REST API, forming the foundation for Trigger.dev's observability features.