Reviewing files that changed from the base of the PR and between 28f5b45 and 5e2b16e.

• Cargo.lock is excluded by !**/*.lock

• Cargo.toml (1 hunks)
• PROJECT_PLAN.md (1 hunks)
• crates/tsql/Cargo.toml (1 hunks)
• crates/tsql/src/app/app.rs (29 hunks)
• crates/tsql/src/config/connections.rs (9 hunks)
• crates/tsql/src/config/mod.rs (1 hunks)
• crates/tsql/src/ui/connection_form.rs (27 hunks)
• crates/tsql/src/ui/grid.rs (3 hunks)

• GitHub Check: Test (ubuntu-latest)
• GitHub Check: Test (macos-latest)
• GitHub Check: Test (windows-latest)
• GitHub Check: Integration Tests

crates/tsql/src/config/mod.rs (1)

15-15: LGTM!

The addition of SslMode to the public exports is correct and aligns with the TLS feature additions in this PR.

crates/tsql/Cargo.toml (1)

29-31: LGTM!

The workspace dependency references are correctly specified and align with the workspace-level TLS dependencies added in the root Cargo.toml.

crates/tsql/src/ui/grid.rs (2)

719-756: LGTM! Clear state validation after data mutations.

The clamp_to_bounds method correctly ensures grid state remains valid after rows are appended or removed. The logic properly handles edge cases like empty models and invalid selections.

---

2741-2921: LGTM! Comprehensive test coverage for streaming functionality.

The test suite thoroughly exercises append_rows and clamp_to_bounds behavior, including edge cases like empty inputs, width constraints, and cursor validity after data mutations.

crates/tsql/src/ui/connection_form.rs (6)

131-150: LGTM! SSL mode state tracking is well-structured.

The addition of ssl_mode and ssl_mode_index fields follows the same pattern as the existing color selection, maintaining consistency in the codebase.

---

407-448: LGTM! SSL mode cycling logic is consistent with color cycling.

The Enter, Space, Left, and Right key handlers for SSL mode cycling mirror the existing color field behavior, providing a familiar user experience.

---

675-678: LGTM! Proper handling of default SSL mode.

Converting SslMode::Disable to None in the ConnectionEntry is a sensible design choice that treats "disable" as the absence of an SSL requirement rather than an explicit configuration.

Also applies to: 727-730

---

746-746: Verify modal height increase accommodates new SSL field.

The modal height increased from 18 to 19 lines to accommodate the new SSL mode field. Ensure this doesn't cause layout issues on smaller terminal windows.

Manually test the connection form in a small terminal window (e.g., 80x24) to ensure the modal renders correctly and doesn't overflow.

---

993-1026: LGTM! SSL mode rendering follows established UI patterns.

The render_ssl_mode_field implementation is consistent with render_color_field (lines 957-991), using the same visual indicators (◀ ▶) for cycling and maintaining UI consistency.

---

1119-1130: LGTM! Tests updated to reflect new navigation order.

The navigation tests correctly reflect the new field order: Name → User → Password → SavePassword → SSL Mode → Host → Port → Database → Color → UrlPaste.

crates/tsql/src/app/app.rs (6)

164-171: effective_max_rows helper and tests look good

The helper’s semantics (0 → default 2000, otherwise passthrough) and its dedicated test coverage are straightforward and correct. No changes needed.

Also applies to: 6827-6832

---

596-600: Tokenizer change correctly treats ;() etc. as separate tokens

Adding ';' | '(' | ')' | ',' | '*' as standalone tokens tightens extract_table_from_query without breaking existing simple‑query cases. This works well with the new is_pageable_query tests.

---

992-994: paged_query is integrated cleanly into App state

Adding paged_query: Option<PagedQueryState> to App and initializing it to None in with_config is straightforward and keeps the main state struct coherent. No issues here.

Also applies to: 1175-1176

---

2063-2070: Adaptive event polling based on loading state looks good

Using a tighter poll interval when either a query is running or a page fetch is in progress, and backing off when idle, is a reasonable trade‑off between UI responsiveness and CPU usage. The logic is simple and easy to tune later if needed.

---

6424-6429: Status line running/loading indicator correctly distinguishes initial run vs. page fetch

The paged_loading check and separate “⏳ running” vs. “⏳ loading” strings make it clear when you’re in the initial execution vs. background page fetch. That’s a nice UX touch and works well with the new paging model.

---

8843-8907: is_pageable_query test coverage is thorough

The tests cover positive cases (simple selects, schema‑qualified tables, WHERE clauses) and the main negative cases (joins, subqueries, non‑SELECT, multiple statements, empty input). This matches the intended heuristic and should keep future changes honest.

crates/tsql/src/config/connections.rs (3)

17-48: Well-designed SSL mode abstraction.

The SslMode enum is well-structured with consistent string representations across as_str(), parse(), and serde serialization. The case-insensitive parsing with trim() is a nice touch for robustness.

---

220-224: Verify intended asymmetry between to_url() and from_url() for SslMode::Disable.

There's an asymmetric round-trip behavior:

• to_url() serializes Some(SslMode::Disable) as ?sslmode=disable
• from_url() filters out Disable on line 277, resulting in ssl_mode: None

This means a ConnectionEntry with ssl_mode: Some(SslMode::Disable) won't survive a round-trip through URL serialization. If this is intentional (treating explicit disable as equivalent to unspecified), consider either:

1. Not serializing Disable in to_url() to match, or
2. Adding a comment explaining the normalization behavior

     if let Some(mode) = self.ssl_mode {
+        // Note: SslMode::Disable is normalized to None when parsing URLs,
+        // so explicitly serializing it here may create asymmetry on round-trip.
         url.push_str("?sslmode=");
         url.push_str(mode.as_str());
     }

Also applies to: 268-277

---

156-158: Good type strengthening for ssl_mode field.

Changing from Option<String> to Option<SslMode> provides compile-time validation and eliminates invalid SSL mode strings at the type level.

Reviewing files that changed from the base of the PR and between 5e2b16e and f0c576d.

• Cargo.lock is excluded by !**/*.lock

• Cargo.toml (2 hunks)
• crates/tsql/Cargo.toml (1 hunks)
• crates/tsql/src/app/app.rs (29 hunks)
• crates/tsql/src/ui/grid.rs (4 hunks)

• crates/tsql/Cargo.toml

• GitHub Check: Test (ubuntu-latest)
• GitHub Check: Test (windows-latest)

Cargo.toml (1)

11-11: Excellent work addressing the prior security and maintenance concerns!

The rustls version has been upgraded to 0.23.35, which is well above the required 0.23.18 security patch that addresses the Medium severity vulnerability. Additionally, the project has switched to tokio-postgres-rustls-improved, the actively maintained fork, resolving the maintenance concerns. The rust-version bump to 1.86 is also noted.

Also applies to: 21-23

crates/tsql/src/ui/grid.rs (2)

718-756: Excellent bounds-clamping logic for streaming results.

The method correctly handles edge cases (empty model, out-of-range cursors, invalid selections) and maintains state consistency when rows are incrementally appended. The logic is clear and well-documented.

---

2737-2921: Excellent test coverage for streaming/paging features.

The test suite comprehensively covers edge cases (empty models, out-of-range cursors, width boundaries) and integration scenarios (append + clamp). The descriptive test names and clear assertions make the tests easy to understand and maintain.

crates/tsql/src/app/app.rs (2)

992-999: Paging state, events, and UI integration are coherent

The new paging state and event plumbing looks consistent:

• App.paged_query is initialised/reset in execute_query, apply_db_event(QueryError/QueryCancelled/RowsAppended done), and never left dangling.
• RowsAppended and MetadataLoaded are handled in apply_db_event to update the GridModel, GridState, and metadata without fighting the initial QueryFinished.
• maybe_fetch_more_rows is invoked after grid navigation and uses paged.loading plus a near‑end threshold to rate‑limit fetches.
• The main loop’s polling interval and the status line’s “⏳ running” vs “⏳ loading” states correctly distinguish between the initial query and background page fetches.

Nice job threading the paged state through without bloating App’s hot paths.

Also applies to: 2063-2070, 6177-6360, 6423-6428

---

6752-6832: effective_max_rows helper and its tests look correct and focused

effective_max_rows cleanly encodes the “0 means use default (2000), >0 means exact limit” rule, and the new unit test covers the important cases (0, small, large). This keeps the connection config semantics explicit and easy to change later.

Reviewing files that changed from the base of the PR and between f0c576d and 63d43bb.

• crates/tsql/src/app/app.rs (30 hunks)

crates/tsql/src/app/app.rs (4)

518-539: is_pageable_query logic and tests

The pageable‑query detection (is_pageable_query) is nicely conservative:

• It reuses extract_table_from_query so only simple, single‑table SELECTs are considered.
• It explicitly rejects multiple statements by looking for internal semicolons after trimming.
• New tests cover straightforward SELECTs, schema‑qualified tables, WHERE clauses, joins, subqueries, non‑SELECT statements, multiple statements, and empty input.

The behavior matches the intended “simple SELECT only” cursor criteria and the tests give good coverage.

Also applies to: 8864-8929

---

5759-5782: Server-side paging flow and event handling look sound

The end‑to‑end cursor paging implementation hangs together well:

• execute_query blocks new executions while a paged cursor is active (self.db.running || self.paged_query.is_some()).
• execute_query_paged:
  • declares a WITH HOLD cursor so you don’t keep a transaction open while the user scrolls,
  • fetches the first page immediately, builds an initial QueryResult, and sends QueryFinished promptly for fast UI feedback,
  • enforces max_rows across all fetches (including first page) and marks truncated when the cap is hit,
  • spawns metadata loading (fetch_column_types + fetch_primary_keys) in the background and publishes it via DbEvent::MetadataLoaded,
  • closes the cursor in all completion paths (empty result, max_rows hit, error, or channel close).
• RowsAppended is used to stream subsequent pages, and apply_db_event updates grid, db.last_command_tag, paged_query.loaded_rows/loading/done, and status appropriately, clearing paged_query when done.
• db.running is cleared after the first page so the main “Executing…” overlay isn’t shown for incremental fetches; status line uses paged_query.loading to show a lighter “⏳ loading” indicator instead.

This addresses the previous perf/truncation concerns for large result sets without obvious correctness issues.

Also applies to: 5788-6005, 6125-6157, 6201-6267, 6331-6370, 6445-6450

---

694-701: connected_with_tls wiring and status line tweaks

The new connected_with_tls flag and status-line changes look consistent:

• DbSession initializes connected_with_tls to false, resets it in start_connect, and updates it in apply_db_event::Connected from the DbEvent payload.
• cancel_query chooses between NoTls and the insecure rustls connector based on connected_with_tls, which keeps cancel semantics aligned with how the session was established (modulo the earlier note about using insecure TLS for cancel).
• The status line’s running_indicator now distinguishes between ⏳ running (initial query) and ⏳ loading (paged_query.loading), which matches the paging UI behavior.

This part of the wiring appears correct and self‑consistent.

Also applies to: 753-769, 4860-4867, 6172-6183, 6198-6212, 6382-6452

---

7650-7653: Updated tests around connection form, TLS, and paging

The new/updated tests generally look solid:

• Connection form flow (test_pressing_a_after_saving_connection_opens_new_form) now explicitly tabs through the new SSL mode field, which should keep the test robust against the additional form control.
• ConnectionFormAction::TestConnection path is exercised via the new sslmode resolution and connector selection logic.
• test_effective_max_rows_defaults_and_overrides pins the effective_max_rows behavior.
• The is_pageable_query_* tests cover the expected matrix of eligible and ineligible queries for cursor paging.

These tests provide good coverage for the newly introduced behaviors and will help catch regressions in future changes.

Also applies to: 5508-5580, 6848-6853, 8868-8929

Reviewing files that changed from the base of the PR and between 63d43bb and 7a9c3fc.

• crates/tsql/src/app/app.rs (30 hunks)
• crates/tsql/src/config/connections.rs (10 hunks)
• crates/tsql/src/ui/connection_form.rs (26 hunks)
• crates/tsql/src/ui/grid.rs (6 hunks)

• GitHub Check: Test (windows-latest)

crates/tsql/src/ui/grid.rs (5)

18-23: LGTM: Well-defined display constants.

The constants provide clear semantic meaning and consistent sizing across the grid. UUID_DISPLAY_WIDTH = 9 appropriately accounts for "8 hex digits + ellipsis" truncation.

---

725-763: LGTM: Robust bounds clamping logic.

The method correctly maintains cursor and selection validity after model changes. The handling of zero rows/columns (resetting to 0) and non-zero cases (clamping to valid ranges) ensures state invariants are preserved.

---

1254-1262: LGTM: Improved handling of edge case with is_none_or.

The refactored condition using is_none_or is cleaner and changes behavior for empty identifiers:

• Previously: empty string would not be quoted
• Now: empty string would be quoted

This is more correct since empty SQL identifiers are invalid. The new logic is also more idiomatic.

---

1696-1719: LGTM: Consistent UUID width handling.

The changes correctly integrate the new constants and apply special width handling for UUIDs. Using UUID_DISPLAY_WIDTH for UUID effective width ensures that initial column sizing matches the truncated display format, preventing unnecessarily wide columns while maintaining consistency with format_cell_for_display.

---

2735-2920: LGTM: Comprehensive test coverage for new features.

The test suite thoroughly validates both append_rows and clamp_to_bounds functionality, including:

• Normal operations (extending rows, width updates)
• Edge cases (empty input, mismatched columns, out-of-range cursors)
• Invariant preservation (headers/types unchanged, selections validity)
• Integration scenarios (clamp after append)

The tests are well-structured with clear assertions.

crates/tsql/src/config/connections.rs (2)

17-73: LGTM! Well-designed SslMode enum with comprehensive utility methods.

The enum implementation is clean with appropriate derive macros. The COUNT constant, index-based cycling, and string parsing methods provide a solid foundation for both serialization and UI integration.

---

1439-1577: Excellent test coverage for SSL mode parsing and indexing.

The tests comprehensively cover case insensitivity, whitespace handling, invalid inputs, index round-trips, and variant counting. The test_ssl_mode_count_matches_variants test using HashSet is a good way to verify enum consistency.

crates/tsql/src/ui/connection_form.rs (7)

111-111: LGTM! SSL mode state management is properly integrated.

The ssl_mode and ssl_mode_index fields are correctly initialized and kept in sync. The default of SslMode::Disable with index 0 is appropriate.

Also applies to: 129-130, 182-182, 196-196

---

556-560: LGTM! Cycling implementation follows established pattern.

The cycle_ssl_mode method correctly uses rem_euclid for wrap-around and keeps both ssl_mode_index and ssl_mode in sync.

---

655-658: LGTM! Consistent mapping of Disable to None.

The pattern of mapping SslMode::Disable to None in both try_save() and try_test() aligns with the design intent where None represents the default/disabled state.

Also applies to: 707-710

---

575-576: LGTM! URL paste correctly propagates SSL mode to form state.

The SSL mode from the parsed URL is properly extracted and synchronized with the index for UI cycling.

---

287-288: LGTM! Modification detection properly includes SSL mode.

The is_modified() check correctly considers SSL mode changes for both new and edit forms.

Also applies to: 300-300

---

386-428: LGTM! Key handling for SSL mode field follows established patterns.

The Enter, Space, and Left/Right key bindings for SSL mode cycling are consistent with the Color field implementation. Correctly returning None from get_current_field_and_cursor prevents text input on this field.

Also applies to: 479-479

---

1099-1110: LGTM! Navigation tests updated for new SSL mode field order.

The tests correctly verify the updated tab order with SSL mode positioned between SavePassword and Host.

crates/tsql/src/app/app.rs (6)

56-139: TLS verifier/connectors are cleanly factored and mapped to sslmode semantics

The split between an insecure verifier (for require/prefer) and a root-store‑backed connector (for verify-ca/verify-full), plus the explicit comments about current verify-ca vs verify-full behavior, looks solid and keeps the TLS behavior easy to reason about. I don’t see issues with how these helpers are used by the connection paths.

---

539-556: Paging eligibility heuristics are conservative and well‑tested

Reusing extract_table_from_query plus the extra multiple‑statement check gives a nicely conservative is_pageable_query, and the dedicated tests around simple selects, joins, subqueries, non‑SELECTs, and multiple statements should catch most regressions here. This looks good.

Also applies to: 8882-8946

---

2081-2088: Adaptive event polling based on loading state is a nice responsiveness win

Tying the poll timeout to db.running or paged_query.loading should make the UI feel much snappier during long queries or page fetches while backing off to 100ms when idle to save CPU. No issues here.

---

6189-6201: TLS‑aware cancellation wiring looks correct

Using db.connected_with_tls to choose between a TLS connector and NoTls for CancelToken::cancel_query keeps the cancel path aligned with how the main connection was established, and falling back to the insecure TLS connector for cancellation (since only a cancel signal is sent) is reasonable. I don’t see any functional issues here.

---

6250-6305: Paged query event handling and status updates are coherent

The changes to DbEvent::QueryFinished, RowsAppended, and MetadataLoaded handling nicely separate initial result loading from on‑demand paging:

• QueryFinished now skips transaction‑state tracking when a paged query is active and initializes paged_query.loaded_rows/ loading.
• RowsAppended appends rows, keeps last_command_tag in sync with total rows, and clears paged_query when done (respecting the truncated flag).
• MetadataLoaded cleanly updates grid.primary_keys and grid.col_types post‑hoc for editing.

The overall state machine (including error/cancel branches) looks consistent.

Also applies to: 6349-6396

---

6462-6470: Status line correctly distinguishes initial run vs incremental page loads

Using paged_loading to emit a separate “⏳ loading” indicator while leaving db.running for the initial query execution makes it clear to users when they are just waiting on scroll‑triggered page loads versus a full query rerun. This is a nice UX touch and integrates cleanly with the existing status segments.

Reviewing files that changed from the base of the PR and between 7a9c3fc and 5759d82.

• crates/tsql/src/app/app.rs (30 hunks)
• crates/tsql/src/config/connections.rs (10 hunks)

• GitHub Check: Test (windows-latest)

crates/tsql/src/config/connections.rs (3)

245-248: Clean integration of SSL mode into URL generation.

The sslmode query parameter is correctly appended when present, using the idiomatic as_str() method. This follows PostgreSQL URL conventions.

---

293-312: Correct SSL mode parsing with round-trip consistency.

The sslmode query parameter is properly parsed using SslMode::parse(), which preserves explicit disable values as Some(SslMode::Disable) rather than converting to None. This ensures symmetric behavior between from_url() and to_url(), fixing the round-trip consistency issue from the previous review.

---

734-781: Excellent test coverage for SSL mode functionality.

The test suite is exceptionally thorough, covering:

• Default values and basic serialization (lines 734, 767-781, 824)
• Explicit disable preservation and round-trip consistency for all modes (lines 852-915)
• Edge cases: case-insensitivity, whitespace trimming, invalid inputs, index bounds, uniqueness, and contiguity (lines 1495-1630)

This comprehensive coverage significantly reduces the risk of regressions and validates the correctness of the implementation, including the fix for the previous round-trip consistency issue.

Also applies to: 824-915, 1495-1630

crates/tsql/src/app/app.rs (3)

22-31: TLS connector wiring and insecure verifier usage look correct for the declared sslmodes

SkipServerVerification correctly bypasses certificate validation while still delegating TLS 1.2/1.3 signature checks to the configured CryptoProvider, and make_rustls_connect_insecure vs make_rustls_connect_verified are mapped cleanly from SslMode (Disable/Prefer/Require vs VerifyCa/VerifyFull). Using the insecure connector for cancel_query when connected_with_tls is true is a reasonable trade‑off for a best‑effort cancel path that avoids duplicating certificate configuration.

This all matches the doc comments about sslmode semantics and the note that verify‑ca/verify‑full currently share rustls’ hostname‑verifying behavior.

Also applies to: 56-139, 6197-6208

---

141-194: SSL mode parsing, max_rows normalization, and pageable-query gating are consistent and well covered by tests

• resolve_ssl_mode’s behavior (URL + keyword forms, case-insensitive, explicit default SslMode::Disable, clear errors for invalid values) matches the doc comments and is exercised for all modes and invalid inputs in the new tests.
• effective_max_rows + the updated PagedQueryState::max_rows documentation now accurately capture the “0 → 2000 default, non-zero = actual limit” semantics, with a focused unit test confirming this contract.
• is_pageable_query piggybacks on extract_table_from_query and adds a simple multi-statement guard via semicolon detection; combined with the tests, this gives a clear, conservative definition of what will get a server-side cursor.

All of this looks correct and aligned; no changes needed. If you ever decide you need full libpq keyword-connstring parsing or semicolon detection that understands string literals, that can be layered on later.

Also applies to: 485-507, 553-564, 6873-6878, 8893-8953, 8957-9122

---

6873-6878: New tests comprehensively cover paging, sslmode parsing, and max_rows behavior

The added tests for effective_max_rows, is_pageable_query, and resolve_ssl_mode (URL + keyword styles, case-insensitivity, invalid values, and postgresql://) line up well with the implementation and should guard the core semantics going forward. The connection-form tests updated to tab through the SSL mode field and the connection/test-connection paths that depend on TLS wiring also look correct.

No additional test gaps stand out for this file.

Also applies to: 8893-8953, 8957-9122, 7675-7678, 5527-5604

Reviewing files that changed from the base of the PR and between 5759d82 and 7bf60ff.

• crates/tsql/src/app/app.rs (31 hunks)
• crates/tsql/src/ui/connection_form.rs (26 hunks)
• crates/tsql/src/ui/grid.rs (6 hunks)

crates/tsql/src/ui/grid.rs (5)

18-23: LGTM! Constants extraction improves maintainability.

The extraction of magic numbers into named constants is a good practice. The values are reasonable for terminal UI display, and the documentation clearly explains each constant's purpose.

---

725-763: LGTM! Solid boundary checking for streaming results.

The clamp_to_bounds method correctly handles cursor and selection validation after model changes. The logic properly addresses edge cases (empty rows/columns) and uses safe arithmetic with saturating_sub. This is essential for maintaining valid UI state during cursor-based paging.

---

1699-1722: LGTM! Width calculation is consistent and well-structured.

The updated compute_column_widths function correctly uses the new constants and handles UUID truncation consistently with the display logic. The effective_width calculation ensures UUIDs are sized appropriately from the start, improving the user experience for columns containing UUIDs.

---

2738-2923: Excellent test coverage for streaming features.

The test suite comprehensively covers the new streaming/paging functionality:

• Normal operation and edge cases for append_rows
• Boundary conditions and state validity for clamp_to_bounds
• Integration scenarios combining both methods
• Clear, focused tests with descriptive names

This provides good confidence in the correctness and robustness of the cursor-based paging implementation.

---

1259-1259: The is_none_or method is compatible with the project's MSRV. The repository requires Rust 1.86, which is newer than Rust 1.82.0 when is_none_or was stabilized. No changes needed.

crates/tsql/src/ui/connection_form.rs (11)

17-17: LGTM! SSL mode field integrated cleanly into form navigation.

The FormField enum and navigation order are well-structured, placing SSL Mode logically between SavePassword and Host in the tab sequence.

Also applies to: 30-30, 37-67

---

111-111: LGTM! Struct fields follow existing patterns.

The ssl_mode and ssl_mode_index fields mirror the color/color_index pattern, maintaining consistency with the existing form structure.

Also applies to: 130-130, 162-162

---

287-288: LGTM! Modification tracking handles SSL mode correctly.

The is_modified checks appropriately detect when SSL mode has changed from the default (Disable) for new forms or from the original value for edited forms.

Also applies to: 300-300

---

386-428: LGTM! SSL mode keyboard interaction follows established patterns.

The key bindings for cycling SSL mode (Enter/Space/Left/Right) are consistent with the Color field, providing a familiar and intuitive user experience.

---

575-576: LGTM! URL parsing correctly propagates SSL mode.

The SSL mode extraction from URL with a sensible fallback to Disable ensures consistent behavior when pasting connection strings.

---

655-658: LGTM! SSL mode mapping to Option is correct.

The mapping of SslMode::Disable to None and other modes to Some(mode) aligns with the ConnectionEntry schema where None represents the default (no SSL) state.

Also applies to: 707-710

---

726-726: LGTM! Layout correctly accommodates the new SSL mode field.

The modal height increase and chunk allocation properly account for the additional SSL mode field, maintaining consistent spacing.

Also applies to: 754-830

---

1100-1109: LGTM! Tests updated to reflect new navigation order.

The navigation tests correctly verify that SSL Mode is positioned between SavePassword and Host in the tab sequence.

---

235-241: The SslMode::to_index() method exists and is properly implemented in crates/tsql/src/config/connections.rs at line 53. The code calling this method is correct.

---

973-1006: No action needed. The SslMode::as_str() method is properly implemented.

The method exists at crates/tsql/src/config/connections.rs:31 with signature pub fn as_str(self) -> &'static str and handles all SslMode variants (Disable, Prefer, Require, VerifyCa, VerifyFull).

Likely an incorrect or invalid review comment.

---

556-560: This review comment is incorrect. The SslMode::COUNT constant exists and is properly defined in the codebase at line 29 of crates/tsql/src/config/connections.rs with the value 5. It is documented and thoroughly tested. The cycle_ssl_mode method implementation correctly uses both SslMode::COUNT and SslMode::from_index().

Likely an incorrect or invalid review comment.

crates/tsql/src/app/app.rs (5)

206-218: effective_max_rows normalization and tests look good

The normalization of config_max_rows == 0 to a hard default of 2000, with all other values passed through, is clear and matches the new doc comment and the added unit test. This should remove the earlier ambiguity about “0 = unlimited”.

Also applies to: 6911-6916

---

509-569: PagedQueryState + auto‑fetch wiring are coherent and integrate cleanly with UI/status

The new PagedQueryState encapsulates paging metadata nicely (query, max_rows, page_size, cursor_open, loading, done, loaded_rows, source_table, started, fetch_more_tx), and the request_more() helper keeps the App-level logic simple.

maybe_fetch_more_rows correctly guards on paged_query existing and not done/loading, looks only at grid cursor position vs. loaded row count, and updates paged.loading and the status line when triggering a fetch. The event handlers for QueryFinished, RowsAppended, and MetadataLoaded consistently update paged_query, db.last_command_tag, db.running, and the status line, and they clear paged_query on completion/error/cancel so execute_query() can safely reject concurrent queries via the self.paged_query.is_some() check.

Overall this paging state machine is well‑structured and matches the intended streaming UX.

Also applies to: 570-588, 6188-6221, 6394-6441, 6455-6515

---

7712-7716: Connection form tab-order test comment updated correctly for SSL mode field

The updated comment in test_pressing_a_after_saving_connection_opens_new_form to mention the SSL mode field in the Tab sequence matches the new form layout and keeps the test self‑documenting. No issues here.

---

6455-6515: Status line’s running/loading indicator correctly reflects paged-loading state

The new paged_loading flag (self.paged_query.as_ref().is_some_and(|p| p.loading)) and the "⏳ loading" indicator integrate nicely with the existing "⏳ running" display and transaction/row info. This gives users clear feedback when additional pages are being fetched without conflating it with the initial query’s running state.

---

56-123: TLS helpers are solid; cancel_query uses insecure verifier for all TLS modes

SkipServerVerification and the rustls connector builders correctly implement the intended sslmode behavior: require/prefer use encryption without certificate validation, while verify-ca/verify-full use a RootCertStore + default hostname verification. The implementation of ServerCertVerifier that forwards signature checks to CryptoProvider is appropriate for the "skip cert validation" case.

One nuance: cancel_query always uses make_rustls_connect_insecure() whenever the main connection used TLS, even if the original sslmode was verify-ca or verify-full. This slightly relaxes security guarantees for the cancel connection (no cert/hostname validation). While this is probably acceptable for a best-effort cancel path, consider calling this out explicitly in docs or comments, or optionally using the verified connector when sslmode demanded verification.