Ability to flag user-defined functions as "direct-only" or "innocuous"

[spazmodius]

I'd like to be able to define custom functions or aggregates and mark them as SQLITE_DIRECTONLY or SQLITE_INNOCUOUS.

[JoshuaWise]

What's your use case for SQLITE_INNOCUOUS?

According to the SQLite3 docs:

Developers are advised to avoid using the SQLITE_INNOCUOUS flag for application-defined functions unless the function has been carefully audited and found to be free of potentially security-adverse side-effects and information-leaks.

[JoshuaWise]

SQLITE_DIRECTONLY is now available in better-sqlite3 version 7.3.0 via the directOnly: true option. I'm hesitant on adding SQLITE_INNOCUOUS until I understand a good use-case.

[spazmodius]

Here's a simplified example of what I'd like to do:

const Database = require('better-sqlite3')
const fnv = require('@sindresorhus/fnv1a')

const db = Database(':memory:')
db.pragma('trusted_schema=off')
db.function('fnv', { deterministic: true, /* innocuous: true */ }, fnv)

db.prepare(`
	create table Strings(
		id integer primary key not null,
		string text not null,
		hash int not null as (fnv(string)) stored
	)
`).run()

db.prepare(`insert into Strings(string) values(?)`).run('Hello, world')