fix: add security hardening and documentation for deployment

- Add document validation to prevent NoneType crash when document not configured
- Add SQL query validation (SELECT only, no multi-statement)
- Add 30-second HTTP request timeout
- Fix filter parameter JSON encoding for get_records
- Add return type annotation to get_document
- Add tests for document lookup and SQL validation
- Add comprehensive README with usage instructions

tests/test_auth.py

@@ -82,3 +82,18 @@ def test_get_accessible_documents(sample_config):
     assert len(docs) == 2
     assert {"name": "budget", "permissions": ["read", "write"]} in docs
     assert {"name": "expenses", "permissions": ["read"]} in docs
+
+
+def test_get_document_returns_document(sample_config):
+    auth = Authenticator(sample_config)
+
+    doc = auth.get_document("budget")
+
+    assert doc.doc_id == "abc123"
+
+
+def test_get_document_raises_on_unknown(sample_config):
+    auth = Authenticator(sample_config)
+
+    with pytest.raises(AuthError, match="Document 'unknown' not configured"):
+        auth.get_document("unknown")

tests/test_grist_client.py

@@ -179,3 +179,20 @@ async def test_delete_column(client, httpx_mock: HTTPXMock):
 
     # Should not raise
     await client.delete_column("Table1", "OldCol")
+
+
+# SQL validation tests
+
+def test_sql_validation_rejects_non_select(client):
+    with pytest.raises(ValueError, match="Only SELECT queries are allowed"):
+        client._validate_sql_query("DROP TABLE users")
+
+
+def test_sql_validation_rejects_multiple_statements(client):
+    with pytest.raises(ValueError, match="Multiple statements not allowed"):
+        client._validate_sql_query("SELECT * FROM users; DROP TABLE users")
+
+
+def test_sql_validation_allows_trailing_semicolon(client):
+    # Should not raise
+    client._validate_sql_query("SELECT * FROM users;")