autoxpp-sql-jitlisted

# AutoXPP SQL JIT Automate the D365 F&O Just-In-Time SQL credential flow from VS2022. Saves the connection string to a per-machine cache so downstream scripts (`sql.py`) and skills don't re-drive the dialog on every query. ## Top rules (read before use) 1. **READ-ONLY.** The JIT credentials grant the `Reader` SQL role only. `scripts/sql.py` additionally rejects any statement starting with `INSERT / UPDATE / DELETE / DROP / ALTER / CREATE / TRUNCATE / EXEC / MERGE` before issuing the query. Both layers must see `SELECT` / schema queries only. If a caller needs write access, the answer is OData (`odata.py`) or the UI — never this skill. 2. **TEST OR ANALYSIS ONLY.** Valid uses: test-case layer-3 assertions, investigation of bugs / behavior / data shape, schema exploration. NOT for: triggering dev-time side effects, ad-hoc data fixes, or anything a user could reasonably call a "change." Never invoke on production environments — JIT is dev/sandbox only. 3. **CACHE LOCATION.** Connection strings land in `~/.autoxpp/ude-configs.json` → `udeConfigs[].sqlCache` — user-home, per-machine, ~24h expiry. Never checked into any repo. Never echoed to stdout / logs. `sql.py status --env <env>` shows non-secret fields (server, database, expiry) only. ## Why this skill exists D365 F&O cloud environments issue temporary read-only SQL credentials (JIT, ~24h expiry) via VS2022's UDE. These credentials are the only practical path to internal tables (`InventTrans`, `WHSWorkLine`, `GeneralJou