How we give every user SQL access to a shared ClickHouse cluster

TRQL (Trigger Query Language) is a domain-specific language developed to enable users to write secure, tenant-isolated SQL queries on a shared multi-tenant analytical database without risking data exposure or system stability. Designed as a SQL-style language, TRQL compiles to ClickHouse queries and handles security, abstraction, and translation, making it more than just a SQL passthrough. Its design allows for tenant isolation by automatically injecting necessary filters and hiding internal database details from users, and it provides features like virtual columns, automatic time-bucketing, and value transforms. TRQL is parsed using ANTLR, which enforces a strict grammar that omits potentially dangerous commands, ensuring security by construction rather than validation. The language is compatible with ClickHouse's analytical capabilities, offering custom functions and schema-defined transformations that simplify query writing. Using a dual-parser architecture, the TRQL editor combines fast syntax highlighting with comprehensive schema-aware validation, enhancing the user experience with features like schema-powered autocomplete. By enforcing limits on concurrency, row counts, and query resources, TRQL maintains system performance and security, forming the backbone for Trigger.dev's observability tools and analytics dashboards.