* Adds a middleware that sets 2 dynamic vars

- These vars will be used to insert context for embedding analytics

* migration adding embedding_client and embedding_version to qe and vl tables

* clarify function api

* headers come in -> dynamic vars -> written to db

When the vars are set we insert their values into query execution and
query_log under embedding_client and embedding_version.

* update update migrations

* add predconditions to migrations

* fix tablenames + dataset_test

* Code Review responses

- remove commented out requires
- clarify test for merge-count-maps

feat(question): Make two messages in the question footer - query runtime and cache age - more useful (#46072)

Closes #46009

* Lock down the trash collection more

Oops. I was very thorough in checking that you couldn't modify the
trash collection in the sense of moving things to or from it. I missed
the most obvious thing: actually modifying the trash collection itself.
So if someone wanted, they could change the name of the Trash to
"Definitely Not the Trash".

* Remove the Trash Collection from serialization

Serialization tests were failing due to the previous change, but this
got me thinking, and I realized that serializing the Trash collection is
completely unnecessary. We want to create it programatically on
startup (which we are) and then nothing should change it afterwards.

I tightened this up by removing the condition here, thinking that CI
would catch it if it was necessary - but I'm getting failures in
development. Oops - didn't realize that this defmethod wasn't actually
applied during CI runs.

Co-authored-by: bryan <bryan.maass@gmail.com>

Closes #46123

* Updating Tusk Sanity GitHub workflow

* fix: automatic Tusk self-review

---------

Co-authored-by: use-tusk[bot] <144006087+use-tusk[bot]@users.noreply.github.com>

* add mu/defn-

* use new built-in mu/defn-

* mu/defn- preserves metadata

---------

Co-authored-by: Noah Moss <noahbmoss@gmail.com>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>

* Rewrite repro for 27643

* Add TODO for the remaining tasks

* Make a test name consistent with others

* Finish the E2E test for #27643

* Fix the test to use PostgresDB

Since H2 originally doesn't fail the test

* Attempt to fix a flake on CI by waiting for table to finish syncing

* Create QA snapshot with fully synced field metadata

* Fix failed tests from field metadata change

* Simplify question scenarios

* Simplify dashboard scenarios

* Fix permissions

* Rework titles

* Add comment about PG

* Add limit to speed things up

* Fix and improve dashboard assertions

* Fix and improve question assertions

---------

Co-authored-by: Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev>

* Bigquery Pagination Use next page to get proper results

Fixes 45953

WIP

* use new-page in values-iterator

* disable just the part of the test that is still flaky

Want to keep the other part of the test that does prove we're not getting duplicates due to incorrect pagination.

Co-authored-by: Metabase bot <metabase-bot@metabase.com>

Make the sandbox cleanup logic more robust, and reorganize some perms code for better testing (#46102)

* Number formatter Reports correct Decimal places for negative Numbers

Fixes #41640

Prior to this, the number formatter would get the incorrect number of decimal places for negative numbers.

The way the decimal places count is derived works as follows:

 - convert number to a string
 - split the string on the separator (decimal, comma, whatever the instance has set)
 - destructure that split into [int decimal]
 - count decimal to get the number of decimals.

That all works for positive numbers, but for negative numbers, the regex was just splitting on 'not digits', so we got
an extra group due to the leading negative sign. This would incorrectly destructure  the 'int' part of the number into
the count, thus we would always get 1 instead of the correct value.

This fixes it by just taking last instead of destructuring.

* correct comparison to always use abs value in conditonal check

* tiny incorrectness in the test

* Don't show "Download" button until query complete

* Fix `PublicOrEmbeddedDashboardPage` tests

* Add tests

* Remove redundant dataset error checks

* Revert "Remove redundant dataset error checks"

This reverts commit fc7810f0.

* Modify the E2E stress test workflow to allow running PostgresDB

* Fix syntax

* Add qa_db to workflow summary

* Only run necessary containers

* Fix QA DB snapshots running when QA_DB_ENABLED=false

* Use more generic option that's not only specific to postgres

* Make drivers build in parallel rather than sequentially

* Make the whitespace linter happy

* Add duration to steps

Co-authored-by: use-tusk[bot] <144006087+use-tusk[bot]@users.noreply.github.com>

* perf: Add explicit .entryAt method for SnakeHatingMap

Otherwise, SHM invokes .keySet on itself which triggers the contstruction of the list of keys on each map access.

* perf: Cache (un)successful requiring of EE in dynamic-ee-oss-fn

* perf: Add a quicker path for getting metadatas from cache

* perf: Minor improvements

* Add repro

* Fix onOpenQuestion uses unexpected card object

* Refactor dashboard helpers to TypeScript

* Reuse existing helper

It's based on a (global, synchronized) `WeakHashMap` using the query map
itself as the key. That gives the cache the same lifespan as the query
map, which is generally brief but often includes many calls to
expensive, cached functions like `visible-columns`.

This reverts commit 6495def0.

* Make filter corrupted again™

* Speed up the test by limiting the number of rows

* Make the repro more correct, and more resilient

* Remove intercepts

* Improve assertions

* Fix a race condition with models creation

* Fix the test

* Fix the test

* notes on view data vis

* Update docs/permissions/data.md

Co-authored-by: Alex Yarosh <alexandra@metabase.com>

---------

Co-authored-by: Alex Yarosh <alexandra@metabase.com>

Co-authored-by: Ryan Laurie <30528226+iethree@users.noreply.github.com>

* add webpack configuration for cli

* add requirements checking

* docker check

* docker start command

* port checks

* add getting started steps

* add final install message

* cleanup cli text

* handle force-closing prompt

* build the cli when running build-embedding-sdk

* wording updates

* add redundant prompt in case of small terminals

* remove redundant instruction

* make sure the user confirms the step

* change container name to metabase-enterprise-embedding

* migrate cli to es modules instead of webpack

* add shebang line for npx

* add cli dependencies to devDependencies

* Revert "add cli dependencies to devDependencies"

This reverts commit 5d5e952c.

* Revert "add shebang line for npx"

This reverts commit 766fdda0.

* Revert "migrate cli to es modules instead of webpack"

This reverts commit 7d1b0651.

* Rewrite startNewNative helpers

* Update existing tests

* Fix table hovercards E2E flake

* Fix repro 37009

* Update repro 30680

* Add comment

* Fix nested question flake

* Fix typo

* Embedding Parameter Values set in Tokens work properly when `nil` or empty list

Fixes: #40292

If a locked parameter's value is set to `nil` or `[]` in the embedding JWT, we want to treat this as 'no value has
been set' on that filter, but we should still run the query as normal. Likewise, any linked filters should still
properly derive their values from the unfiltered values of the filter to which they are linked.

* when a parameter's value is nil or empty seq, don't include it

This is a partial solution as I still need to find the place that's still erroring on the empty list case in terms of
the linked parameter's values.

* Treat empty list like `nil` for the token param

When you're using a filter in the App, it makes intuitive sense that when you've not selected anything from a filter's
drop down list (or entered any text, etc.), then the filter is effectively not applied.

For token params, we should behave similarly; `nil` and `[]` can both be accepted, and signal that the user intends
for that filter to basically NOT apply.

This also means we should not pass the constraint to the linked filters, since it errors, but even if it worked, it
would return 0 results, making it impossible to properly apply the linked filter at all.

So, this change causes empty lists to be treated as nil, AND will remove any parameters with `nil` as a value before
being passed to the query processor, which results in the proper behaviour of not having constraints on the linked
filter, and having the 'parent' filter not filtering anything.

* Embed preview should always use params from the token

In making a screenshot, I discovered a slight bug in previews, where if the embed had been previously published, it
could pull embedding params from the db that don't match the settings on screen. So, always pull the settings from the
token, which updates as the user is making changes in the Preview Embed UI.

* for previews, merge the embedding params sources instead

* alter 'nil' behaviour to work just as if the key doesn't exist

* fix one spot where I was passing maps into set functions

* Adjust tests to check for consistent behaviour in dash/qstn embeds

* fix an e2e test

* fix up last 2 failing e2e tests

* add the test case of a locked param having no value set in token

* some further e2e changes

We have N+1 detection for simple hydration methods that checks to see
whether the hydration method made any DB queries at all. This makes
sense, because a simple hydration method is called on each instance
individually - if we make database calls *each time*, we're in trouble.

Where this runs into issues is with cached data, where the simple
hydration method is populating the cache - e.g. `:can_read` or
`:can_write` dereferencing `api/*current-user-permissions-set*`.
Currently we specifically exclude those hydration methods from the
check.

But after running into this again for a different simple hydration
method, I think there's a more robust approach:

- first, run the hydration method without counting DB queries

- then, run it again and make sure we don't make any additional DB
queries.

There is a potential downside here: if someone wrote a simple hydration
method with side effects, they'd potentially be very confused (in
development - this doesn't run in prod!) when those side effects
happened twice for a single hydration. But I *think* that's fairly
unlikely.

* Proper fix

* Add e2e repro

* E2E repro

* Update e2e/test/scenarios/models/reproductions.cy.spec.ts

Co-authored-by: Kamil Mielnik <kamil@kamilmielnik.com>

* Update e2e/test/scenarios/models/reproductions.cy.spec.ts

Co-authored-by: Kamil Mielnik <kamil@kamilmielnik.com>

---------

Co-authored-by: Kamil Mielnik <kamil@kamilmielnik.com>