feat: Add support for Trusted connections for MSSQL

[Artmann]

When mssql_trusted_connection: true is set in the connection params, the handler removes the username and password from the URL, enabling Windows Authentication via pymssql:

  {
    "url": "mssql+pymssql://user:pass@server/database",
    "params": {
      "mssql_trusted_connection": true
    }
  }

Transforms to: mssql+pymssql://@server/database

Fixes #56

Reference: sqlalchemy/sqlalchemy#11425

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds support for MS SQL Server trusted connections (Windows Authentication). A new handler _handle_mssql_trusted_connection checks for a mssql_trusted_connection flag and, when enabled for MS SQL Server URLs, removes credentials from the connection string to enable Windows Authentication. The flag is then removed from parameters. Non-MS SQL URLs log a warning. Comprehensive tests validate credential removal, query parameter preservation, flag behavior, and warning emissions.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically summarizes the main change: adding MSSQL trusted connection support. It directly reflects the new _handle_mssql_trusted_connection handler and test suite.
Docstring Coverage	✅ Passed	Docstring coverage is 90.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Python package built successfully!

• Version: 1.2.1.dev2+955416e
• Wheel: deepnote_toolkit-1.2.1.dev2+955416e-py3-none-any.whl
• Install:

  pip install "deepnote-toolkit @ https://deepnote-staging-runtime-artifactory.s3.amazonaws.com/deepnote-toolkit-packages/1.2.1.dev2%2B955416e/deepnote_toolkit-1.2.1.dev2%2B955416e-py3-none-any.whl"

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@tests/unit/test_sql_execution.py`:
- Around line 997-1009: In test_trusted_connection_false, after calling
_handle_mssql_trusted_connection(sql_alchemy_dict) add an assertion to verify
the flag is retained: assert that "mssql_trusted_connection" is present in
sql_alchemy_dict["params"] (i.e., self.assertIn("mssql_trusted_connection",
sql_alchemy_dict["params"])) so the test confirms the parameter was not removed
when False.
- Around line 1011-1027: The test lacks an assertion that the
mssql_trusted_connection flag remains in params when a warning is logged; update
the test_trusted_connection_non_mssql_url_warns test to assert that
"mssql_trusted_connection" is still present in sql_alchemy_dict["params"] after
calling _handle_mssql_trusted_connection, in addition to the existing warning
and URL-equality checks.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6de286f and 0f50678.

📒 Files selected for processing (2)

• deepnote_toolkit/sql/sql_execution.py
• tests/unit/test_sql_execution.py

🧰 Additional context used

📓 Path-based instructions (3)

**/*.py

📄 CodeRabbit inference engine (.cursorrules)

**/*.py: Write clean, readable Python code following PEP 8 style guide
Use type hints with Optional[T] for parameters that can be None (not T = None)
Use explicit type hints for function parameters and return values
Maximum line length: 88 characters (Black default)
Use f-strings instead of .format() for string formatting
Use pathlib.Path for file path operations instead of os.path
Use black for code formatting
Use isort for import sorting (black profile)
Use flake8 for linting
Use early returns to reduce nesting and extract common checks into variables for readability
Use snake_case for variable and function names
Use PascalCase for class names
Use snake_case for file names
Support Python versions 3.9, 3.10, 3.11, 3.12, and 3.13

**/*.py: Follow PEP 8 with Black formatting (line length: 88)
Use isort with Black profile for import sorting
Use type hints consistently
Use docstrings for all functions/classes
Use f-strings instead of .format() for string formatting
Use pathlib.Path for file path operations instead of os.path
Always use Optional[T] for parameters that can be None (not T = None)
Use explicit type hints for function parameters and return values
Use snake_case for files, functions, and variables
Use PascalCase for classes
Use appropriate exception types with context logging for error handling
Handle Jupyter/IPython specific exceptions properly
Use early returns to reduce nesting and extract common checks into variables for readability
Use dictionary unpacking for headers (e.g., headers = {"Content-Type": "application/json", **auth_headers})
Use space-separated format for CLI arguments (e.g., --port 8080)

Files:

• tests/unit/test_sql_execution.py
• deepnote_toolkit/sql/sql_execution.py

**/test_*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Name test files with test_*.py pattern

Files:

• tests/unit/test_sql_execution.py

deepnote_toolkit/**/*.py

📄 CodeRabbit inference engine (.cursorrules)

deepnote_toolkit/**/*.py: Use dictionary unpacking for headers: headers = {"Content-Type": "application/json", **auth_headers}
Use appropriate exception types, log errors with context, and handle Jupyter/IPython specific exceptions properly
Document functions and classes with docstrings

Files:

• deepnote_toolkit/sql/sql_execution.py

🧬 Code graph analysis (1)

tests/unit/test_sql_execution.py (1)

deepnote_toolkit/sql/sql_execution.py (1)

• _handle_mssql_trusted_connection (355-384)

🪛 Ruff (0.14.11)

tests/unit/test_sql_execution.py

960-960: Use a regular assert instead of unittest-style assertIn

Replace assertIn(...) with assert ...

(PT009)

---

961-961: Use a regular assert instead of unittest-style assertIn

Replace assertIn(...) with assert ...

(PT009)

---

962-962: Use a regular assert instead of unittest-style assertIn

Replace assertIn(...) with assert ...

(PT009)

---

963-963: Use a regular assert instead of unittest-style assertNotIn

Replace assertNotIn(...) with assert ...

(PT009)

---

964-964: Use a regular assert instead of unittest-style assertNotIn

Replace assertNotIn(...) with assert ...

(PT009)

---

967-967: Use a regular assert instead of unittest-style assertNotIn

Replace assertNotIn(...) with assert ...

(PT009)

---

981-981: Use a regular assert instead of unittest-style assertIn

Replace assertIn(...) with assert ...

(PT009)

---

995-995: Use a regular assert instead of unittest-style assertEqual

Replace assertEqual(...) with assert ...

(PT009)

---

1009-1009: Use a regular assert instead of unittest-style assertEqual

Replace assertEqual(...) with assert ...

(PT009)

---

1027-1027: Use a regular assert instead of unittest-style assertEqual

Replace assertEqual(...) with assert ...

(PT009)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Test - Python 3.10
• GitHub Check: Test - Python 3.11
• GitHub Check: Test - Python 3.9
• GitHub Check: Build and push artifacts for Python 3.10
• GitHub Check: Build and push artifacts for Python 3.13
• GitHub Check: Build and push artifacts for Python 3.9
• GitHub Check: Build and push artifacts for Python 3.12
• GitHub Check: Build and push artifacts for Python 3.11

🔇 Additional comments (5)

deepnote_toolkit/sql/sql_execution.py (2)

120-120: LGTM!

Correct placement after federated auth handling.

---

355-385: Clean implementation.

Logic correctly removes credentials for Windows Authentication. The early returns keep it readable.

tests/unit/test_sql_execution.py (3)

948-967: Good coverage of the happy path.

Consider adding explicit port check (self.assertIn("1433", ...)) to verify port preservation.

---

969-981: LGTM!

---

983-995: LGTM!

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Verify flag retention.

When mssql_trusted_connection is False, the flag remains in params. Add assertion to confirm:

self.assertIn("mssql_trusted_connection", sql_alchemy_dict["params"])

🧰 Tools

🪛 Ruff (0.14.11)

1009-1009: Use a regular assert instead of unittest-style assertEqual

Replace assertEqual(...) with assert ...

(PT009)

🤖 Prompt for AI Agents

In `@tests/unit/test_sql_execution.py` around lines 997 - 1009, In
test_trusted_connection_false, after calling
_handle_mssql_trusted_connection(sql_alchemy_dict) add an assertion to verify
the flag is retained: assert that "mssql_trusted_connection" is present in
sql_alchemy_dict["params"] (i.e., self.assertIn("mssql_trusted_connection",
sql_alchemy_dict["params"])) so the test confirms the parameter was not removed
when False.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Missing assertion for flag retention.

When warning triggers, flag should remain in params. Add:

self.assertIn("mssql_trusted_connection", sql_alchemy_dict["params"])

🧰 Tools

🪛 Ruff (0.14.11)

1027-1027: Use a regular assert instead of unittest-style assertEqual

Replace assertEqual(...) with assert ...

(PT009)

🤖 Prompt for AI Agents

In `@tests/unit/test_sql_execution.py` around lines 1011 - 1027, The test lacks an
assertion that the mssql_trusted_connection flag remains in params when a
warning is logged; update the test_trusted_connection_non_mssql_url_warns test
to assert that "mssql_trusted_connection" is still present in
sql_alchemy_dict["params"] after calling _handle_mssql_trusted_connection, in
addition to the existing warning and URL-equality checks.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.33%. Comparing base (6de286f) to head (0f50678).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #57      +/-   ##
==========================================
+ Coverage   73.27%   73.33%   +0.06%     
==========================================
  Files          93       93              
  Lines        5193     5205      +12     
  Branches      757      759       +2     
==========================================
+ Hits         3805     3817      +12     
  Misses       1144     1144              
  Partials      244      244              

Flag	Coverage Δ
combined	73.33% <100.00%> (+0.06%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[deepnote-bot]

🚀 Review App Deployment Started

📝 Description	🌐 Link / Info
🌍 Review application	ra-57
🔑 Sign-in URL	Click to sign-in
📊 Application logs	View logs
🔄 Actions	Click to redeploy
🚀 ArgoCD deployment	View deployment
⏰ Last deployed	2026-01-15 12:09:58 (UTC)
📜 Deployed commit	496d332526fc76670efc2b18ff725b390f2fb077
🛠️ Toolkit version	955416e