feat: Add MCP tool annotations for LLM guidance (#148)

* feat: Add MCP tool annotations for LLM guidance

Add title and hint annotations to all 6 tools to help LLMs understand
tool behavior and make safer decisions about tool usage.

**Read-Only Tools (5 tools):**
- list_catalogs - Discover Trino catalogs
- list_schemas - Browse schemas in a catalog
- list_tables - Discover tables and views
- get_table_schema - Inspect table structure
- explain_query - Analyze query execution plans

**Destructive Tools (1 tool):**
- execute_query - Execute SQL queries (can run DML/DDL)

Uses mark3labs/mcp-go annotation functions:
- WithTitleAnnotation() - Human-readable tool names
- WithReadOnlyHintAnnotation(true) - Safe read operations
- WithDestructiveHintAnnotation(true) - State-modifying operations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Signed-off-by: triepod-ai <[email protected]>

* fix: Update execute_query description to reflect actual capabilities

Address CodeRabbit review feedback: the execute_query tool supports all SQL
statements (including DML/DDL like INSERT, UPDATE, DELETE, CREATE, DROP),
not just SELECT/SHOW/DESCRIBE/EXPLAIN as previously documented.

This clarifies why destructiveHint is set to true - the tool can modify data.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Signed-off-by: triepod-ai <[email protected]>

* fix: Clarify default read-only behavior in execute_query description

Updated description to accurately reflect that by default only read-only
queries (SELECT, SHOW, DESCRIBE, EXPLAIN) are allowed for security.
DML/DDL operations require TRINO_ALLOW_WRITE_QUERIES=true.

Addresses CodeRabbit review feedback.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Signed-off-by: triepod-ai <[email protected]>

---------

Signed-off-by: triepod-ai <[email protected]>
Co-authored-by: triepod-ai <[email protected]>

Pr/tommynguyen vungle/142 (#143)

* [PE-7844] send per-query user identity to Trino (#29)

* added method to retrieve user from context

Signed-off-by: Zhong Liang Ong <[email protected]>

* added run apk update to fix docker build error

* add run apk update to runtime container to fix docker build error

Signed-off-by: Zhong Liang Ong <[email protected]>

* add run apk update to runtime container to fix docker build error

Signed-off-by: Zhong Liang Ong <[email protected]>

* manually update alpine linux version to fix execve error in busybox-1.37.0-r29.trigger

Signed-off-by: Zhong Liang Ong <[email protected]>

* updated trino per query arguments

Signed-off-by: Zhong Liang Ong <[email protected]>

* updated oauth-mcp-proxy to remove scopes_supported in oauth-protected-resource route

Signed-off-by: Zhong Liang Ong <[email protected]>

---------

Signed-off-by: Zhong Liang Ong <[email protected]>

* docs: document query attribution and impersonation identity tracking

Signed-off-by: Tommy Nguyen <[email protected]>

* ci: upload Trivy SARIF only when file exists

Signed-off-by: Tommy Nguyen <[email protected]>

* build: bump Go version to 1.24.11

Signed-off-by: Tommy Nguyen <[email protected]>

---------

Signed-off-by: Zhong Liang Ong <[email protected]>
Signed-off-by: Tommy Nguyen <[email protected]>
Co-authored-by: Zhong Liang Ong <[email protected]>

fix(trino): handle custom HTTP client registration errors

Signed-off-by: Tommy Nguyen <[email protected]>

chore(deps): bump github.com/tuannvm/oauth-mcp-proxy from 1.0.0 to 1.…

…0.1 (#130)

Bumps [github.com/tuannvm/oauth-mcp-proxy](https://github.com/tuannvm/oauth-mcp-proxy) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/tuannvm/oauth-mcp-proxy/releases)
- [Changelog](https://github.com/tuannvm/oauth-mcp-proxy/blob/main/.goreleaser.yml)
- [Commits](tuannvm/oauth-mcp-proxy@v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/tuannvm/oauth-mcp-proxy
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tommy Nguyen <[email protected]>

init commit to fix show create table perm (#123)

Co-authored-by: Tommy Nguyen <[email protected]>

build(update dependency): Bump oauth-mcp-proxy to v0.0.4

Signed-off-by: Tommy Nguyen <[email protected]>

feat(config): Refactor OAuth configuration and enable flexible setup

Signed-off-by: Tommy Nguyen <[email protected]>

chore(go.mod): update Go version to 1.24 and replace oauth-mcp-proxy …

…version

Signed-off-by: Tommy Nguyen <[email protected]>

chore(deps): bump the github-actions group across 1 directory with 5 …

…updates (#116)

Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.33.1` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.5` | `0.20.6` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3` | `4` |



Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

Updates `aquasecurity/trivy-action` from 0.32.0 to 0.33.1
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@0.32.0...0.33.1)

Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

Updates `anchore/sbom-action` from 0.20.5 to 0.20.6
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@v0.20.5...v0.20.6)

Updates `peter-evans/repository-dispatch` from 3 to 4
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases)
- [Commits](peter-evans/repository-dispatch@v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: peter-evans/repository-dispatch
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tommy Nguyen <[email protected]>

chore(README): Add detailed OAuth setup, security, and deployment info

Signed-off-by: Tommy Nguyen <[email protected]>