diff --git a/.coveragerc b/.coveragerc deleted file mode 100644 index 6ca0fac8..00000000 --- a/.coveragerc +++ /dev/null @@ -1,2 +0,0 @@ -[run] -omit = datasette/_version.py, datasette/utils/shutil_backport.py diff --git a/.dockerignore b/.dockerignore index 5078bf47..938173e9 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,11 +3,10 @@ .eggs .gitignore .ipynb_checkpoints +.travis.yml build *.spec *.egg-info dist scratchpad venv -*.db -*.sqlite diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs deleted file mode 100644 index 84e574fd..00000000 --- a/.git-blame-ignore-revs +++ /dev/null @@ -1,4 +0,0 @@ -# Applying Black -35d6ee2790e41e96f243c1ff58be0c9c0519a8ce -368638555160fb9ac78f462d0f79b1394163fa30 -2b344f6a34d2adaa305996a1a580ece06397f6e4 diff --git a/.gitattributes b/.gitattributes index 744258eb..e5e5865f 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ +datasette/_version.py export-subst datasette/static/codemirror-* linguist-vendored diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index f0bcdbe0..00000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1 +0,0 @@ -github: [simonw] diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 88bb03b1..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,11 +0,0 @@ -version: 2 -updates: -- package-ecosystem: pip - directory: "/" - schedule: - interval: daily - time: "13:00" - groups: - python-packages: - patterns: - - "*" diff --git a/.github/workflows/deploy-latest.yml b/.github/workflows/deploy-latest.yml deleted file mode 100644 index b0640ae8..00000000 --- a/.github/workflows/deploy-latest.yml +++ /dev/null @@ -1,132 +0,0 @@ -name: Deploy latest.datasette.io - -on: - workflow_dispatch: - push: - branches: - - main - # - 1.0-dev - -permissions: - contents: read - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - name: Check out datasette - uses: actions/checkout@v6 - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: "3.13" - cache: pip - - name: Install Python dependencies - run: | - python -m pip install --upgrade pip - python -m pip install . --group dev - python -m pip install sphinx-to-sqlite==0.1a1 - - name: Run tests - if: ${{ github.ref == 'refs/heads/main' }} - run: | - pytest -n auto -m "not serial" - pytest -m "serial" - - name: Build fixtures.db and other files needed to deploy the demo - run: |- - python tests/fixtures.py \ - fixtures.db \ - fixtures-config.json \ - fixtures-metadata.json \ - plugins \ - --extra-db-filename extra_database.db - - name: Build docs.db - if: ${{ github.ref == 'refs/heads/main' }} - run: |- - cd docs - DISABLE_SPHINX_INLINE_TABS=1 sphinx-build -b xml . _build - sphinx-to-sqlite ../docs.db _build - cd .. - - name: Set up the alternate-route demo - run: | - echo ' - from datasette import hookimpl - - @hookimpl - def startup(datasette): - db = datasette.get_database("fixtures2") - db.route = "alternative-route" - ' > plugins/alternative_route.py - cp fixtures.db fixtures2.db - - name: And the counters writable stored query demo - run: | - cat > plugins/counters.py < metadata.json - # cat metadata.json - - id: auth - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v3 - with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v3 - - name: Deploy to Cloud Run - env: - LATEST_DATASETTE_SECRET: ${{ secrets.LATEST_DATASETTE_SECRET }} - run: |- - gcloud config set run/region us-central1 - gcloud config set project datasette-222320 - export SUFFIX="-${GITHUB_REF#refs/heads/}" - export SUFFIX=${SUFFIX#-main} - # Replace 1.0 with one-dot-zero in SUFFIX - export SUFFIX=${SUFFIX//1.0/one-dot-zero} - datasette publish cloudrun fixtures.db fixtures2.db extra_database.db \ - -m fixtures-metadata.json \ - --plugins-dir=plugins \ - --branch=$GITHUB_SHA \ - --version-note=$GITHUB_SHA \ - --extra-options="--setting template_debug 1 --setting trace_debug 1 --crossdb --root" \ - --install 'datasette-ephemeral-tables>=0.2.2' \ - --service "datasette-latest$SUFFIX" \ - --secret $LATEST_DATASETTE_SECRET - - name: Deploy to docs as well (only for main) - if: ${{ github.ref == 'refs/heads/main' }} - run: |- - # Deploy docs.db to a different service - datasette publish cloudrun docs.db \ - --branch=$GITHUB_SHA \ - --version-note=$GITHUB_SHA \ - --extra-options="--setting template_debug 1" \ - --service=datasette-docs-latest diff --git a/.github/workflows/documentation-links.yml b/.github/workflows/documentation-links.yml deleted file mode 100644 index b8fb8aaa..00000000 --- a/.github/workflows/documentation-links.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Read the Docs Pull Request Preview -on: - pull_request: - types: - - opened - -permissions: - pull-requests: write - -jobs: - documentation-links: - runs-on: ubuntu-latest - steps: - - uses: readthedocs/actions/preview@v1 - with: - project-slug: "datasette" diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml deleted file mode 100644 index 5275ddef..00000000 --- a/.github/workflows/playwright.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Playwright - -on: - push: - pull_request: - workflow_dispatch: - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - browser: [chromium, firefox, webkit] - steps: - - uses: actions/checkout@v6 - - name: Set up Python 3.14 - uses: actions/setup-python@v6 - with: - python-version: "3.14" - allow-prereleases: true - cache: pip - cache-dependency-path: pyproject.toml - - name: Cache uv - uses: actions/cache@v5 - with: - path: ~/.cache/uv - key: ${{ runner.os }}-py3.14-uv-${{ hashFiles('pyproject.toml') }} - restore-keys: | - ${{ runner.os }}-py3.14-uv- - - name: Cache Playwright browsers - uses: actions/cache@v5 - with: - path: ~/.cache/ms-playwright/ - key: ${{ runner.os }}-playwright-${{ matrix.browser }}-${{ hashFiles('pyproject.toml') }} - restore-keys: | - ${{ runner.os }}-playwright-${{ matrix.browser }}- - - name: Install uv - run: python -m pip install uv - - name: Install dependencies - run: uv sync --group dev --group playwright - - name: Install ${{ matrix.browser }} - run: uv run --group dev --group playwright playwright install --with-deps ${{ matrix.browser }} - - name: Run Playwright tests - run: uv run --group dev --group playwright pytest tests/test_playwright.py --playwright --browser ${{ matrix.browser }} diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml deleted file mode 100644 index 735e14e9..00000000 --- a/.github/workflows/prettier.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Check JavaScript for conformance with Prettier - -on: [push] - -permissions: - contents: read - -jobs: - prettier: - runs-on: ubuntu-latest - steps: - - name: Check out repo - uses: actions/checkout@v6 - - uses: actions/cache@v5 - name: Configure npm caching - with: - path: ~/.npm - key: ${{ runner.OS }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.OS }}-npm- - - name: Install dependencies - run: npm ci - - name: Run prettier - run: |- - npm run prettier -- --check diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 87300593..00000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,109 +0,0 @@ -name: Publish Python Package - -on: - release: - types: [created] - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] - steps: - - uses: actions/checkout@v6 - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 - with: - python-version: ${{ matrix.python-version }} - cache: pip - cache-dependency-path: pyproject.toml - - name: Install dependencies - run: | - pip install . --group dev - - name: Run tests - run: | - pytest - - deploy: - runs-on: ubuntu-latest - needs: [test] - environment: release - permissions: - id-token: write - steps: - - uses: actions/checkout@v6 - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.13' - cache: pip - cache-dependency-path: pyproject.toml - - name: Install dependencies - run: | - pip install setuptools wheel build - - name: Build - run: | - python -m build - - name: Publish - uses: pypa/gh-action-pypi-publish@release/v1 - - deploy_static_docs: - runs-on: ubuntu-latest - needs: [deploy] - if: "!github.event.release.prerelease" - steps: - - uses: actions/checkout@v6 - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.10' - cache: pip - cache-dependency-path: pyproject.toml - - name: Install dependencies - run: | - python -m pip install . --group dev - python -m pip install sphinx-to-sqlite==0.1a1 - - name: Build docs.db - run: |- - cd docs - DISABLE_SPHINX_INLINE_TABS=1 sphinx-build -b xml . _build - sphinx-to-sqlite ../docs.db _build - cd .. - - id: auth - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v3 - - name: Deploy stable-docs.datasette.io to Cloud Run - run: |- - gcloud config set run/region us-central1 - gcloud config set project datasette-222320 - datasette publish cloudrun docs.db \ - --service=datasette-docs-stable - - deploy_docker: - runs-on: ubuntu-latest - needs: [deploy] - if: "!github.event.release.prerelease" - steps: - - uses: actions/checkout@v6 - - name: Build and push to Docker Hub - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PASS: ${{ secrets.DOCKER_PASS }} - run: |- - sleep 60 # Give PyPI time to make the new release available - docker login -u $DOCKER_USER -p $DOCKER_PASS - export REPO=datasetteproject/datasette - docker build -f Dockerfile \ - -t $REPO:${GITHUB_REF#refs/tags/} \ - --build-arg VERSION=${GITHUB_REF#refs/tags/} . - docker tag $REPO:${GITHUB_REF#refs/tags/} $REPO:latest - docker push $REPO:${GITHUB_REF#refs/tags/} - docker push $REPO:latest diff --git a/.github/workflows/push_docker_tag.yml b/.github/workflows/push_docker_tag.yml deleted file mode 100644 index e622ef4c..00000000 --- a/.github/workflows/push_docker_tag.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Push specific Docker tag - -on: - workflow_dispatch: - inputs: - version_tag: - description: Tag to build and push - -permissions: - contents: read - -jobs: - deploy_docker: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - name: Build and push to Docker Hub - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PASS: ${{ secrets.DOCKER_PASS }} - VERSION_TAG: ${{ github.event.inputs.version_tag }} - run: |- - docker login -u $DOCKER_USER -p $DOCKER_PASS - export REPO=datasetteproject/datasette - docker build -f Dockerfile \ - -t $REPO:${VERSION_TAG} \ - --build-arg VERSION=${VERSION_TAG} . - docker push $REPO:${VERSION_TAG} diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml deleted file mode 100644 index 9a808194..00000000 --- a/.github/workflows/spellcheck.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Check spelling in documentation - -on: [push, pull_request] - -permissions: - contents: read - -jobs: - spellcheck: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.11' - cache: 'pip' - cache-dependency-path: '**/pyproject.toml' - - name: Install dependencies - run: | - pip install . --group dev - - name: Check spelling - run: | - codespell README.md --ignore-words docs/codespell-ignore-words.txt - codespell docs/*.rst --ignore-words docs/codespell-ignore-words.txt - codespell datasette -S datasette/static --ignore-words docs/codespell-ignore-words.txt - codespell tests --ignore-words docs/codespell-ignore-words.txt diff --git a/.github/workflows/stable-docs.yml b/.github/workflows/stable-docs.yml deleted file mode 100644 index 59b5fbc0..00000000 --- a/.github/workflows/stable-docs.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: Update Stable Docs - -on: - release: - types: [published] - push: - branches: - - main - -permissions: - contents: write - -jobs: - update_stable_docs: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v6 - with: - fetch-depth: 0 # We need all commits to find docs/ changes - - name: Set up Git user - run: | - git config user.name "Automated" - git config user.email "actions@users.noreply.github.com" - - name: Create stable branch if it does not yet exist - run: | - if ! git ls-remote --heads origin stable | grep -qE '\bstable\b'; then - # Make sure we have all tags locally - git fetch --tags --quiet - - # Latest tag that is just numbers and dots (optionally prefixed with 'v') - # e.g., 0.65.2 or v0.65.2 — excludes 1.0a20, 1.0-rc1, etc. - LATEST_RELEASE=$( - git tag -l --sort=-v:refname \ - | grep -E '^v?[0-9]+(\.[0-9]+){1,3}$' \ - | head -n1 - ) - - git checkout -b stable - - # If there are any stable releases, copy docs/ from the most recent - if [ -n "$LATEST_RELEASE" ]; then - rm -rf docs/ - git checkout "$LATEST_RELEASE" -- docs/ || true - fi - - git commit -m "Populate docs/ from $LATEST_RELEASE" || echo "No changes" - git push -u origin stable - fi - - name: Handle Release - if: github.event_name == 'release' && !github.event.release.prerelease - run: | - git fetch --all - git checkout stable - git reset --hard ${GITHUB_REF#refs/tags/} - git push origin stable --force - - name: Handle Commit to Main - if: contains(github.event.head_commit.message, '!stable-docs') - run: | - git fetch origin - git checkout -b stable origin/stable - # Get the list of modified files in docs/ from the current commit - FILES=$(git diff-tree --no-commit-id --name-only -r ${{ github.sha }} -- docs/) - # Check if the list of files is non-empty - if [[ -n "$FILES" ]]; then - # Checkout those files to the stable branch to over-write with their contents - for FILE in $FILES; do - git checkout ${{ github.sha }} -- $FILE - done - git add docs/ - git commit -m "Doc changes from ${{ github.sha }}" - git push origin stable - else - echo "No changes to docs/ in this commit." - exit 0 - fi diff --git a/.github/workflows/test-coverage.yml b/.github/workflows/test-coverage.yml deleted file mode 100644 index c514048e..00000000 --- a/.github/workflows/test-coverage.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Calculate test coverage - -on: - push: - branches: - - main - pull_request: - branches: - - main -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Check out datasette - uses: actions/checkout@v6 - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.12' - cache: 'pip' - cache-dependency-path: '**/pyproject.toml' - - name: Install Python dependencies - run: | - python -m pip install --upgrade pip - python -m pip install . --group dev - python -m pip install pytest-cov - - name: Run tests - run: |- - ls -lah - cat .coveragerc - pytest -m "not serial" --cov=datasette --cov-config=.coveragerc --cov-report xml:coverage.xml --cov-report term -x - ls -lah - - name: Upload coverage report - uses: codecov/codecov-action@v1 - with: - token: ${{ secrets.CODECOV_TOKEN }} - file: coverage.xml diff --git a/.github/workflows/test-pyodide.yml b/.github/workflows/test-pyodide.yml deleted file mode 100644 index 5162c47a..00000000 --- a/.github/workflows/test-pyodide.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Test in Pyodide with shot-scraper - -on: - push: - pull_request: - workflow_dispatch: - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - name: Set up Python 3.10 - uses: actions/setup-python@v6 - with: - python-version: "3.10" - cache: 'pip' - cache-dependency-path: '**/pyproject.toml' - - name: Cache Playwright browsers - uses: actions/cache@v5 - with: - path: ~/.cache/ms-playwright/ - key: ${{ runner.os }}-browsers - - name: Install Playwright dependencies - run: | - pip install shot-scraper build - shot-scraper install - - name: Run test - run: | - ./test-in-pyodide-with-shot-scraper.sh diff --git a/.github/workflows/test-sqlite-support.yml b/.github/workflows/test-sqlite-support.yml deleted file mode 100644 index 23fce459..00000000 --- a/.github/workflows/test-sqlite-support.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Test SQLite versions - -on: [push, pull_request] - -permissions: - contents: read - -jobs: - test: - runs-on: ${{ matrix.platform }} - continue-on-error: true - strategy: - matrix: - platform: [ubuntu-latest] - python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] - sqlite-version: [ - #"3", # latest version - "3.46", - #"3.45", - #"3.27", - #"3.26", - "3.25", - #"3.25.3", # 2018-09-25, window functions breaks test_upsert for some reason on 3.10, skip for now - #"3.24", # 2018-06-04, added UPSERT support - #"3.23.1" # 2018-04-10, before UPSERT - ] - steps: - - uses: actions/checkout@v6 - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 - with: - python-version: ${{ matrix.python-version }} - allow-prereleases: true - cache: pip - cache-dependency-path: pyproject.toml - - name: Set up SQLite ${{ matrix.sqlite-version }} - uses: asg017/sqlite-versions@71ea0de37ae739c33e447af91ba71dda8fcf22e6 - with: - version: ${{ matrix.sqlite-version }} - cflags: "-DSQLITE_ENABLE_DESERIALIZE -DSQLITE_ENABLE_FTS5 -DSQLITE_ENABLE_FTS4 -DSQLITE_ENABLE_FTS3_PARENTHESIS -DSQLITE_ENABLE_RTREE -DSQLITE_ENABLE_JSON1" - - run: python3 -c "import sqlite3; print(sqlite3.sqlite_version)" - - run: echo $LD_LIBRARY_PATH - - name: Build extension for --load-extension test - run: |- - (cd tests && gcc ext.c -fPIC -shared -o ext.so) - - name: Install dependencies - run: | - pip install . --group dev - pip freeze - - name: Run tests - run: | - pytest -n auto -m "not serial" - pytest -m "serial" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 9e47db6f..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Test - -on: [push, pull_request] - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] - steps: - - uses: actions/checkout@v6 - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 - with: - python-version: ${{ matrix.python-version }} - allow-prereleases: true - cache: pip - cache-dependency-path: pyproject.toml - - name: Build extension for --load-extension test - run: |- - (cd tests && gcc ext.c -fPIC -shared -o ext.so) - - name: Install dependencies - run: | - pip install . --group dev - pip freeze - - name: Run tests - run: | - pytest -n auto -m "not serial" - pytest -m "serial" - # And the test that exceeds a localhost HTTPS server - tests/test_datasette_https_server.sh - - name: Black - run: | - black --version - black --check . - - name: Ruff - run: ruff check datasette tests - - name: Check if cog needs to be run - run: | - cog --check docs/*.rst - - name: Check if blacken-docs needs to be run - run: | - # This fails on syntax errors, or a diff was applied - blacken-docs -l 60 docs/*.rst - - name: Test DATASETTE_LOAD_PLUGINS - run: | - pip install datasette-init datasette-json-html - tests/test-datasette-load-plugins.sh diff --git a/.github/workflows/tmate-mac.yml b/.github/workflows/tmate-mac.yml deleted file mode 100644 index a033cd92..00000000 --- a/.github/workflows/tmate-mac.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: tmate session mac - -on: - workflow_dispatch: - -permissions: - contents: read - -jobs: - build: - runs-on: macos-latest - steps: - - uses: actions/checkout@v6 - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 diff --git a/.github/workflows/tmate.yml b/.github/workflows/tmate.yml deleted file mode 100644 index 72af1eec..00000000 --- a/.github/workflows/tmate.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: tmate session - -on: - workflow_dispatch: - -permissions: - contents: read - models: read - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 8c058692..47418755 100644 --- a/.gitignore +++ b/.gitignore @@ -1,18 +1,10 @@ build-metadata.json datasets.json -.playwright-mcp - scratchpad .vscode -uv.lock -data.db - -# test databases -*.db - # We don't use Pipfile, so ignore them Pipfile Pipfile.lock @@ -124,13 +116,3 @@ ENV/ # macOS files .DS_Store -node_modules -.*.swp - -# In case someone compiled tests/ext.c for test_load_extensions, don't -# include it in source control. -tests/*.dylib -tests/*.so -tests/*.dll - -.idea diff --git a/.prettierrc b/.prettierrc deleted file mode 100644 index 222861c3..00000000 --- a/.prettierrc +++ /dev/null @@ -1,4 +0,0 @@ -{ - "tabWidth": 2, - "useTabs": false -} diff --git a/.readthedocs.yaml b/.readthedocs.yaml deleted file mode 100644 index 8b3e54aa..00000000 --- a/.readthedocs.yaml +++ /dev/null @@ -1,17 +0,0 @@ -version: 2 - -sphinx: - configuration: docs/conf.py - -build: - os: ubuntu-24.04 - tools: - python: "3.13" - jobs: - install: - - pip install --upgrade pip - - pip install . --group dev - -formats: -- pdf -- epub diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..10666085 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,55 @@ +language: python +dist: xenial + +# 3.6 is listed first so it gets used for the later build stages +python: + - "3.6" + - "3.7" + - "3.8" + +# Executed for 3.5 AND 3.5 as the first "test" stage: +script: + - pip install -U pip wheel + - pip install .[test] + - pytest + +cache: + directories: + - $HOME/.cache/pip + +# This defines further stages that execute after the tests +jobs: + include: + - stage: deploy latest.datasette.io + if: branch = master AND type = push + script: + - pip install .[test] + - npm install -g now + - python tests/fixtures.py fixtures.db fixtures.json + - export ALIAS=`echo $TRAVIS_COMMIT | cut -c 1-7` + - datasette publish nowv1 fixtures.db -m fixtures.json --token=$NOW_TOKEN --branch=$TRAVIS_COMMIT --version-note=$TRAVIS_COMMIT --name=datasette-latest-$ALIAS --alias=latest.datasette.io --alias=$ALIAS.datasette.io --extra-options='--config template_debug:1' + - stage: release tagged version + if: tag IS present + python: 3.6 + deploy: + - provider: pypi + user: simonw + distributions: bdist_wheel + password: ${PYPI_PASSWORD} + on: + branch: master + tags: true + - stage: publish docker image + if: tag IS present + python: 3.6 + script: + - npm install -g now + - export ALIAS=`echo $TRAVIS_COMMIT | cut -c 1-7` + - export TAG=`echo $TRAVIS_TAG | sed 's/\./-/g' | sed 's/.*/v&/'` + - now alias $ALIAS.datasette.io $TAG.datasette.io --token=$NOW_TOKEN + # Build and release to Docker Hub + - docker login -u $DOCKER_USER -p $DOCKER_PASS + - export REPO=datasetteproject/datasette + - docker build -f Dockerfile -t $REPO:$TRAVIS_TAG . + - docker tag $REPO:$TRAVIS_TAG $REPO:latest + - docker push $REPO diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index 14d4c567..00000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,128 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, religion, or sexual identity -and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -`swillison+datasette-code-of-conduct@gmail.com`. -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within -the community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. - -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. diff --git a/Dockerfile b/Dockerfile index 9a8f06cf..08639e52 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,42 @@ -FROM python:3.11.0-slim-bullseye as build +FROM python:3.7.2-slim-stretch as build -# Version of Datasette to install, e.g. 0.55 -# docker build . -t datasette --build-arg VERSION=0.55 -ARG VERSION +# Setup build dependencies +RUN apt update \ +&& apt install -y python3-dev build-essential wget libxml2-dev libproj-dev libgeos-dev libsqlite3-dev zlib1g-dev pkg-config git \ + && apt clean -RUN apt-get update && \ - apt-get install -y --no-install-recommends libsqlite3-mod-spatialite && \ - apt clean && \ - rm -rf /var/lib/apt && \ - rm -rf /var/lib/dpkg/info/* -RUN pip install https://github.com/simonw/datasette/archive/refs/tags/${VERSION}.zip && \ - find /usr/local/lib -name '__pycache__' | xargs rm -r && \ - rm -rf /root/.cache/pip +RUN wget "https://www.sqlite.org/2018/sqlite-autoconf-3260000.tar.gz" && tar xzf sqlite-autoconf-3260000.tar.gz \ + && cd sqlite-autoconf-3260000 && ./configure --disable-static --enable-fts5 --enable-json1 CFLAGS="-g -O2 -DSQLITE_ENABLE_FTS3=1 -DSQLITE_ENABLE_FTS4=1 -DSQLITE_ENABLE_RTREE=1 -DSQLITE_ENABLE_JSON1" \ + && make && make install + +RUN wget "https://www.gaia-gis.it/gaia-sins/freexl-1.0.5.tar.gz" && tar zxf freexl-1.0.5.tar.gz \ + && cd freexl-1.0.5 && ./configure && make && make install + +RUN wget "https://www.gaia-gis.it/gaia-sins/libspatialite-4.4.0-RC0.tar.gz" && tar zxf libspatialite-4.4.0-RC0.tar.gz \ + && cd libspatialite-4.4.0-RC0 && ./configure && make && make install + +RUN wget "https://www.gaia-gis.it/gaia-sins/readosm-1.1.0.tar.gz" && tar zxf readosm-1.1.0.tar.gz && cd readosm-1.1.0 && ./configure && make && make install + +RUN wget "https://www.gaia-gis.it/gaia-sins/spatialite-tools-4.4.0-RC0.tar.gz" && tar zxf spatialite-tools-4.4.0-RC0.tar.gz \ + && cd spatialite-tools-4.4.0-RC0 && ./configure && make && make install + + +# Add local code to the image instead of fetching from pypi. +COPY . /datasette + +RUN pip install /datasette + +FROM python:3.7.2-slim-stretch + +# Copy python dependencies and spatialite libraries +COPY --from=build /usr/local/lib/ /usr/local/lib/ +# Copy executables +COPY --from=build /usr/local/bin /usr/local/bin +# Copy spatial extensions +COPY --from=build /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu + +ENV LD_LIBRARY_PATH=/usr/local/lib EXPOSE 8001 CMD ["datasette"] diff --git a/Justfile b/Justfile deleted file mode 100644 index 5fcd9afd..00000000 --- a/Justfile +++ /dev/null @@ -1,76 +0,0 @@ -export DATASETTE_SECRET := "not_a_secret" - -# Run tests and linters -@default: test lint - -# Setup project -@init: - uv sync - -# Run pytest with supplied options -@test *options: init - uv run pytest -n auto {{options}} - -# Install Playwright browser support, Chromium by default -@playwright-install browser="chromium": - uv run --group playwright playwright install {{browser}} - -# Install all Playwright browsers used by the test suite -@playwright-install-all: - uv run --group playwright playwright install chromium firefox webkit - -# Run Playwright tests, Chromium by default -@playwright browser="chromium" *options: - uv run --group playwright pytest tests/test_playwright.py --playwright --browser {{browser}} {{options}} - -# Run Playwright tests against all supported browsers -@playwright-all *options: - uv run --group playwright pytest tests/test_playwright.py --playwright --browser chromium --browser firefox --browser webkit {{options}} - -@codespell: - uv run codespell README.md --ignore-words docs/codespell-ignore-words.txt - uv run codespell docs/*.rst --ignore-words docs/codespell-ignore-words.txt - uv run codespell datasette -S datasette/static --ignore-words docs/codespell-ignore-words.txt - uv run codespell tests --ignore-words docs/codespell-ignore-words.txt - -# Run linters: black, ruff, cog -@lint: codespell - uv run black datasette tests --check - uv run ruff check datasette tests - uv run cog --check README.md docs/*.rst - -# Apply ruff fixes -@fix: - uv run ruff check --fix datasette tests - -# Rebuild docs with cog -@cog: - uv run cog -r README.md docs/*.rst - -# Serve live docs on localhost:8000 -@docs: cog blacken-docs - uv run make -C docs livehtml - -# Build docs as static HTML -@docs-build: cog blacken-docs - rm -rf docs/_build && cd docs && uv run make html - -# Apply Black -@black: - uv run black datasette tests - -# Apply blacken-docs -@blacken-docs: - uv run blacken-docs -l 60 docs/*.rst - -# Apply prettier -@prettier: - npm run fix - -# Format code with both black and prettier -@format: black prettier blacken-docs - -@serve *options: - uv run sqlite-utils create-database data.db - uv run sqlite-utils create-table data.db docs id integer title text --pk id --ignore - uv run python -m datasette data.db --root --reload {{options}} diff --git a/MANIFEST.in b/MANIFEST.in index 8c5e3ee6..cca501c9 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,5 +1,3 @@ recursive-include datasette/static * -recursive-include datasette/templates * include versioneer.py include datasette/_version.py -include LICENSE diff --git a/README.md b/README.md index 393e8e5c..8fca1d68 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,85 @@ -Datasette +# Datasette [![PyPI](https://img.shields.io/pypi/v/datasette.svg)](https://pypi.org/project/datasette/) -[![Changelog](https://img.shields.io/github/v/release/simonw/datasette?label=changelog)](https://docs.datasette.io/en/latest/changelog.html) [![Python 3.x](https://img.shields.io/pypi/pyversions/datasette.svg?logo=python&logoColor=white)](https://pypi.org/project/datasette/) -[![Tests](https://github.com/simonw/datasette/workflows/Test/badge.svg)](https://github.com/simonw/datasette/actions?query=workflow%3ATest) -[![Documentation Status](https://readthedocs.org/projects/datasette/badge/?version=latest)](https://docs.datasette.io/en/latest/?badge=latest) -[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/simonw/datasette/blob/main/LICENSE) +[![Travis CI](https://travis-ci.org/simonw/datasette.svg?branch=master)](https://travis-ci.org/simonw/datasette) +[![Documentation Status](https://readthedocs.org/projects/datasette/badge/?version=latest)](http://datasette.readthedocs.io/en/latest/?badge=latest) +[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/simonw/datasette/blob/master/LICENSE) +[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://black.readthedocs.io/en/stable/) [![docker: datasette](https://img.shields.io/badge/docker-datasette-blue)](https://hub.docker.com/r/datasetteproject/datasette) -[![discord](https://img.shields.io/discord/823971286308356157?label=discord)](https://datasette.io/discord) -*An open source multi-tool for exploring and publishing data* +*A tool for exploring and publishing data* Datasette is a tool for exploring and publishing data. It helps people take data of any shape or size and publish that as an interactive, explorable website and accompanying API. -Datasette is aimed at data journalists, museum curators, archivists, local governments, scientists, researchers and anyone else who has data that they wish to share with the world. +Datasette is aimed at data journalists, museum curators, archivists, local governments and anyone else who has data that they wish to share with the world. -[Explore a demo](https://datasette.io/global-power-plants/global-power-plants), watch [a video about the project](https://simonwillison.net/2021/Feb/7/video/) or try it out [on GitHub Codespaces](https://github.com/datasette/datasette-studio). +[Explore a demo](https://fivethirtyeight.datasettes.com/fivethirtyeight), watch [a video about the project](https://www.youtube.com/watch?v=pTr1uLQTJNE) or try it out by [uploading and publishing your own CSV data](https://simonwillison.net/2019/Apr/23/datasette-glitch/). -* [datasette.io](https://datasette.io/) is the official project website -* Latest [Datasette News](https://datasette.io/news) -* Comprehensive documentation: https://docs.datasette.io/ -* Examples: https://datasette.io/examples -* Live demo of current `main` branch: https://latest.datasette.io/ -* Questions, feedback or want to talk about the project? Join our [Discord](https://datasette.io/discord) +* Comprehensive documentation: http://datasette.readthedocs.io/ +* Examples: https://github.com/simonw/datasette/wiki/Datasettes +* Live demo of current master: https://latest.datasette.io/ -Want to stay up-to-date with the project? Subscribe to the [Datasette newsletter](https://datasette.substack.com/) for tips, tricks and news on what's new in the Datasette ecosystem. +## News + + * 21st February 2020: [Datasette 0.36](http://datasette.readthedocs.io/en/latest/changelog.html#v0-36) - new internals documentation for plugins, `prepare_connection()` now accepts optional `database` and `datasette` arguments. + * 4th February 2020: [Datasette 0.35](http://datasette.readthedocs.io/en/latest/changelog.html#v0-35) - new `.render_template()` method for plugins. + * 29th January 2020: [Datasette 0.34](http://datasette.readthedocs.io/en/latest/changelog.html#v0-34) - improvements to search, `datasette publish cloudrun` and `datasette package`. + * 21st January 2020: [Deploying a data API using GitHub Actions and Cloud Run](https://simonwillison.net/2020/Jan/21/github-actions-cloud-run/) - how to use GitHub Actions and Google Cloud Run to automatically scrape data and deploy the result as an API with Datasette. + * 22nd December 2019: [Datasette 0.33](http://datasette.readthedocs.io/en/latest/changelog.html#v0-33) - various small improvements. + * 19th December 2019: [Building tools to bring data-driven reporting to more newsrooms](https://medium.com/jsk-class-of-2020/building-tools-to-bring-data-driven-reporting-to-more-newsrooms-4520a0c9b3f2) - some notes on my JSK fellowship so far. + * 2nd December 2019: [Niche Museums](https://www.niche-museums.com/) is a new site entirely powered by Datasette, using custom templates and plugins. [niche-museums.com, powered by Datasette](https://simonwillison.net/2019/Nov/25/niche-museums/) describes how the site works, and [datasette-atom: Define an Atom feed using a custom SQL query](https://simonwillison.net/2019/Dec/3/datasette-atom/) describes how the new [datasette-atom plugin](https://github.com/simonw/datasette-atom) was used to add an Atom syndication feed to the site. + * 14th November 2019: [Datasette 0.32](https://datasette.readthedocs.io/en/stable/changelog.html#v0-32) now uses asynchronous rendering in Jinja templates, which means template functions can perform asynchronous operations such as executing SQL queries. [datasette-template-sql](https://github.com/simonw/datasette-template-sql) is a new plugin uses this capability to add a new custom `sql(sql_query)` template function. + * 11th November 2019: [Datasette 0.31](https://datasette.readthedocs.io/en/stable/changelog.html#v0-31) - the first version of Datasette to support Python 3.8, which means dropping support for Python 3.5. + * 18th October 2019: [Datasette 0.30](https://datasette.readthedocs.io/en/stable/changelog.html#v0-30) + * 13th July 2019: [Single sign-on against GitHub using ASGI middleware](https://simonwillison.net/2019/Jul/14/sso-asgi/) talks about the implementation of [datasette-auth-github](https://github.com/simonw/datasette-auth-github) in more detail. + * 7th July 2019: [Datasette 0.29](https://datasette.readthedocs.io/en/stable/changelog.html#v0-29) - ASGI, new plugin hooks, facet by date and much, much more... + * [datasette-auth-github](https://github.com/simonw/datasette-auth-github) - a new plugin for Datasette 0.29 that lets you require users to authenticate against GitHub before accessing your Datasette instance. You can whitelist specific users, or you can restrict access to members of specific GitHub organizations or teams. + * [datasette-cors](https://github.com/simonw/datasette-cors) - a plugin that lets you configure CORS access from a list of domains (or a set of domain wildcards) so you can make JavaScript calls to a Datasette instance from a specific set of other hosts. + * 23rd June 2019: [Porting Datasette to ASGI, and Turtles all the way down](https://simonwillison.net/2019/Jun/23/datasette-asgi/) + * 21st May 2019: The anonymized raw data from [the Stack Overflow Developer Survey 2019](https://stackoverflow.blog/2019/05/21/public-data-release-of-stack-overflows-2019-developer-survey/) has been [published in partnership with Glitch](https://glitch.com/culture/discover-insights-explore-developer-survey-results-2019/), powered by Datasette. + * 19th May 2019: [Datasette 0.28](https://datasette.readthedocs.io/en/stable/changelog.html#v0-28) - a salmagundi of new features! + * No longer immutable! Datasette now supports [databases that change](https://datasette.readthedocs.io/en/stable/changelog.html#supporting-databases-that-change). + * [Faceting improvements](https://datasette.readthedocs.io/en/stable/changelog.html#faceting-improvements-and-faceting-plugins) including facet-by-JSON-array and the ability to define custom faceting using plugins. + * [datasette publish cloudrun](https://datasette.readthedocs.io/en/stable/changelog.html#datasette-publish-cloudrun) lets you publish databases to Google's new Cloud Run hosting service. + * New [register_output_renderer](https://datasette.readthedocs.io/en/stable/changelog.html#register-output-renderer-plugins) plugin hook for adding custom output extensions to Datasette in addition to the default `.json` and `.csv`. + * Dozens of other smaller features and tweaks - see [the release notes](https://datasette.readthedocs.io/en/stable/changelog.html#v0-28) for full details. + * Read more about this release here: [Datasette 0.28—and why master should always be releasable](https://simonwillison.net/2019/May/19/datasette-0-28/) + * 24th February 2019: [ +sqlite-utils: a Python library and CLI tool for building SQLite databases](https://simonwillison.net/2019/Feb/25/sqlite-utils/) - a partner tool for easily creating SQLite databases for use with Datasette. + * 31st Janary 2019: [Datasette 0.27](https://datasette.readthedocs.io/en/latest/changelog.html#v0-27) - `datasette plugins` command, newline-delimited JSON export option, new documentation on [The Datasette Ecosystem](https://datasette.readthedocs.io/en/latest/ecosystem.html). + * 10th January 2019: [Datasette 0.26.1](http://datasette.readthedocs.io/en/latest/changelog.html#v0-26-1) - SQLite upgrade in Docker image, `/-/versions` now shows SQLite compile options. + * 2nd January 2019: [Datasette 0.26](http://datasette.readthedocs.io/en/latest/changelog.html#v0-26) - minor bug fixes, `datasette publish now --alias` argument. +* 18th December 2018: [Fast Autocomplete Search for Your Website](https://24ways.org/2018/fast-autocomplete-search-for-your-website/) - a new tutorial on using Datasette to build a JavaScript autocomplete search engine. +* 3rd October 2018: [The interesting ideas in Datasette](https://simonwillison.net/2018/Oct/4/datasette-ideas/) - a write-up of some of the less obvious interesting ideas embedded in the Datasette project. +* 19th September 2018: [Datasette 0.25](http://datasette.readthedocs.io/en/latest/changelog.html#v0-25) - New plugin hooks, improved database view support and an easier way to use more recent versions of SQLite. +* 23rd July 2018: [Datasette 0.24](http://datasette.readthedocs.io/en/latest/changelog.html#v0-24) - a number of small new features +* 29th June 2018: [datasette-vega](https://github.com/simonw/datasette-vega), a new plugin for visualizing data as bar, line or scatter charts +* 21st June 2018: [Datasette 0.23.1](http://datasette.readthedocs.io/en/latest/changelog.html#v0-23-1) - minor bug fixes +* 18th June 2018: [Datasette 0.23: CSV, SpatiaLite and more](http://datasette.readthedocs.io/en/latest/changelog.html#v0-23) - CSV export, foreign key expansion in JSON and CSV, new config options, improved support for SpatiaLite and a bunch of other improvements +* 23rd May 2018: [Datasette 0.22.1 bugfix](https://github.com/simonw/datasette/releases/tag/0.22.1) plus we now use [versioneer](https://github.com/warner/python-versioneer) +* 20th May 2018: [Datasette 0.22: Datasette Facets](https://simonwillison.net/2018/May/20/datasette-facets) +* 5th May 2018: [Datasette 0.21: New _shape=, new _size=, search within columns](https://github.com/simonw/datasette/releases/tag/0.21) +* 25th April 2018: [Exploring the UK Register of Members Interests with SQL and Datasette](https://simonwillison.net/2018/Apr/25/register-members-interests/) - a tutorial describing how [register-of-members-interests.datasettes.com](https://register-of-members-interests.datasettes.com/) was built ([source code here](https://github.com/simonw/register-of-members-interests)) +* 20th April 2018: [Datasette plugins, and building a clustered map visualization](https://simonwillison.net/2018/Apr/20/datasette-plugins/) - introducing Datasette's new plugin system and [datasette-cluster-map](https://pypi.org/project/datasette-cluster-map/), a plugin for visualizing data on a map +* 20th April 2018: [Datasette 0.20: static assets and templates for plugins](https://github.com/simonw/datasette/releases/tag/0.20) +* 16th April 2018: [Datasette 0.19: plugins preview](https://github.com/simonw/datasette/releases/tag/0.19) +* 14th April 2018: [Datasette 0.18: units](https://github.com/simonw/datasette/releases/tag/0.18) +* 9th April 2018: [Datasette 0.15: sort by column](https://github.com/simonw/datasette/releases/tag/0.15) +* 28th March 2018: [Baltimore Sun Public Salary Records](https://simonwillison.net/2018/Mar/28/datasette-in-the-wild/) - a data journalism project from the Baltimore Sun powered by Datasette - source code [is available here](https://github.com/baltimore-sun-data/salaries-datasette) +* 27th March 2018: [Cloud-first: Rapid webapp deployment using containers](https://wwwf.imperial.ac.uk/blog/research-software-engineering/2018/03/27/cloud-first-rapid-webapp-deployment-using-containers/) - a tutorial covering deploying Datasette using Microsoft Azure by the Research Software Engineering team at Imperial College London +* 28th January 2018: [Analyzing my Twitter followers with Datasette](https://simonwillison.net/2018/Jan/28/analyzing-my-twitter-followers/) - a tutorial on using Datasette to analyze follower data pulled from the Twitter API +* 17th January 2018: [Datasette Publish: a web app for publishing CSV files as an online database](https://simonwillison.net/2018/Jan/17/datasette-publish/) +* 12th December 2017: [Building a location to time zone API with SpatiaLite, OpenStreetMap and Datasette](https://simonwillison.net/2017/Dec/12/building-a-location-time-zone-api/) +* 9th December 2017: [Datasette 0.14: customization edition](https://github.com/simonw/datasette/releases/tag/0.14) +* 25th November 2017: [New in Datasette: filters, foreign keys and search](https://simonwillison.net/2017/Nov/25/new-in-datasette/) +* 13th November 2017: [Datasette: instantly create and publish an API for your SQLite databases](https://simonwillison.net/2017/Nov/13/datasette/) ## Installation -If you are on a Mac, [Homebrew](https://brew.sh/) is the easiest way to install Datasette: + pip3 install datasette - brew install datasette - -You can also install it using `pip` or `pipx`: - - pip install datasette - -Datasette requires Python 3.8 or higher. We also have [detailed installation instructions](https://docs.datasette.io/en/stable/installation.html) covering other options such as Docker. +Datasette requires Python 3.6 or higher. We also have [detailed installation instructions](https://datasette.readthedocs.io/en/stable/installation.html) covering other options such as Docker. ## Basic usage @@ -48,12 +91,46 @@ This will start a web server on port 8001 - visit http://localhost:8001/ to acce Use Chrome on OS X? You can run datasette against your browser history like so: - datasette ~/Library/Application\ Support/Google/Chrome/Default/History --nolock + datasette ~/Library/Application\ Support/Google/Chrome/Default/History Now visiting http://localhost:8001/History/downloads will show you a web interface to browse your downloads data: ![Downloads table rendered by datasette](https://static.simonwillison.net/static/2017/datasette-downloads.png) +## datasette serve options + + Usage: datasette serve [OPTIONS] [FILES]... + + Serve up specified SQLite database files with a web UI + + Options: + -i, --immutable PATH Database files to open in immutable mode + -h, --host TEXT Host for server. Defaults to 127.0.0.1 which means + only connections from the local machine will be + allowed. Use 0.0.0.0 to listen to all IPs and + allow access from other machines. + -p, --port INTEGER Port for server, defaults to 8001 + --debug Enable debug mode - useful for development + --reload Automatically reload if database or code change + detected - useful for development + --cors Enable CORS by serving Access-Control-Allow- + Origin: * + --load-extension PATH Path to a SQLite extension to load + --inspect-file TEXT Path to JSON file created using "datasette + inspect" + -m, --metadata FILENAME Path to JSON file containing license/source + metadata + --template-dir DIRECTORY Path to directory containing custom templates + --plugins-dir DIRECTORY Path to directory containing custom plugins + --static STATIC MOUNT mountpoint:path-to-directory for serving static + files + --memory Make :memory: database available + --config CONFIG Set config option using configname:value + datasette.readthedocs.io/en/latest/config.html + --version-note TEXT Additional note to show on /-/versions + --help-config Show available config options + --help Show this message and exit. + ## metadata.json If you want to include licensing and source information in the generated datasette website you can do so using a JSON file that looks something like this: @@ -74,7 +151,7 @@ The license and source information will be displayed on the index page and in th ## datasette publish -If you have [Heroku](https://heroku.com/) or [Google Cloud Run](https://cloud.google.com/run/) configured, Datasette can deploy one or more SQLite databases to the internet with a single command: +If you have [Heroku](https://heroku.com/), [Google Cloud Run](https://cloud.google.com/run/) or [Zeit Now v1](https://zeit.co/now) configured, Datasette can deploy one or more SQLite databases to the internet with a single command: datasette publish heroku database.db @@ -84,8 +161,4 @@ Or: This will create a docker image containing both the datasette application and the specified SQLite database files. It will then deploy that image to Heroku or Cloud Run and give you a URL to access the resulting website and API. -See [Publishing data](https://docs.datasette.io/en/stable/publish.html) in the documentation for more details. - -## Datasette Lite - -[Datasette Lite](https://lite.datasette.io/) is Datasette packaged using WebAssembly so that it runs entirely in your browser, no Python web application server required. Read more about that in the [Datasette Lite documentation](https://github.com/simonw/datasette-lite/blob/main/README.md). +See [Publishing data](https://datasette.readthedocs.io/en/stable/publish.html) in the documentation for more details. diff --git a/_config.yml b/_config.yml new file mode 100644 index 00000000..3397c9a4 --- /dev/null +++ b/_config.yml @@ -0,0 +1 @@ +theme: jekyll-theme-architect \ No newline at end of file diff --git a/codecov.yml b/codecov.yml deleted file mode 100644 index bfdc9877..00000000 --- a/codecov.yml +++ /dev/null @@ -1,8 +0,0 @@ -coverage: - status: - project: - default: - informational: true - patch: - default: - informational: true diff --git a/datasette/__init__.py b/datasette/__init__.py index eb18e59e..0e59760a 100644 --- a/datasette/__init__.py +++ b/datasette/__init__.py @@ -1,9 +1,3 @@ -from datasette.permissions import Permission # noqa from datasette.version import __version_info__, __version__ # noqa -from datasette.events import Event # noqa -from datasette.tokens import TokenHandler, TokenRestrictions # noqa -from datasette.utils.asgi import Forbidden, NotFound, Request, Response # noqa -from datasette.utils import actor_matches_allow # noqa -from datasette.views import Context # noqa from .hookspecs import hookimpl # noqa from .hookspecs import hookspec # noqa diff --git a/datasette/_pytest_plugin.py b/datasette/_pytest_plugin.py deleted file mode 100644 index 103c616d..00000000 --- a/datasette/_pytest_plugin.py +++ /dev/null @@ -1,123 +0,0 @@ -""" -Pytest plugin that automatically closes any Datasette instances constructed -during a pytest test — both in the test body and in function-scoped -fixtures. Instances constructed by session-, module-, class- or package- -scoped fixtures are left alone, because other tests in the session will -still want to use them. - -Registered as a pytest11 entry point in pyproject.toml so that downstream -projects using Datasette get the same FD-safety net for their own tests. - -Opt out by setting ``datasette_autoclose = false`` in pytest.ini (or the -equivalent ini file). -""" - -from __future__ import annotations - -import contextvars -import weakref - -import pytest - -_active_instances: contextvars.ContextVar[list | None] = contextvars.ContextVar( - "datasette_active_instances", default=None -) - -_original_init = None - - -def _install_tracking(): - # datasette.app is imported lazily here rather than at module level: - # as a pytest11 entry point this module is imported during pytest - # startup, before pytest-cov starts measuring, so a module-level - # import would drag in all of datasette and make every import-time - # line in the package invisible to coverage - global _original_init - if _original_init is not None: - return - from datasette.app import Datasette - - _original_init = Datasette.__init__ - - def _tracking_init(self, *args, **kwargs): - _original_init(self, *args, **kwargs) - instances = _active_instances.get() - if instances is not None: - instances.append(weakref.ref(self)) - - Datasette.__init__ = _tracking_init - - -def pytest_configure(config): - if _enabled(config): - _install_tracking() - - -def pytest_addoption(parser): - parser.addini( - "datasette_autoclose", - help=( - "Automatically close Datasette instances created inside test " - "bodies and function-scoped fixtures (default: true)." - ), - default="true", - ) - - -def _enabled(config) -> bool: - value = config.getini("datasette_autoclose") - if isinstance(value, bool): - return value - return str(value).strip().lower() not in ("false", "0", "no", "off") - - -@pytest.hookimpl(hookwrapper=True) -def pytest_runtest_protocol(item, nextitem): - """Track Datasette instances across setup, call and teardown; close at end.""" - if not _enabled(item.config): - yield - return - refs: list[weakref.ref] = [] - token = _active_instances.set(refs) - try: - yield - finally: - _active_instances.reset(token) - for ref in reversed(refs): - ds = ref() - if ds is None: - continue - try: - ds.close() - except Exception as e: - item.warn( - pytest.PytestUnraisableExceptionWarning( - f"Error closing Datasette instance: {e!r}" - ) - ) - - -@pytest.hookimpl(hookwrapper=True) -def pytest_fixture_setup(fixturedef, request): - """Exempt instances created by non-function-scoped fixtures. - - Session-, module-, class- and package-scoped fixtures produce Datasette - instances that must survive beyond the current test — other tests in - the session will still use them. When such a fixture creates one or - more Datasette instances during its setup, we snapshot the tracking - list before the fixture runs and subtract off any instances that were - added during its setup, so they don't get closed at test teardown. - """ - refs = _active_instances.get() - if refs is None: - yield - return - before_ids = {id(ref) for ref in refs} - yield - if fixturedef.scope != "function": - new_refs = [ref for ref in refs if id(ref) not in before_ids] - for new_ref in new_refs: - try: - refs.remove(new_ref) - except ValueError: - pass diff --git a/datasette/_version.py b/datasette/_version.py new file mode 100644 index 00000000..5783f30f --- /dev/null +++ b/datasette/_version.py @@ -0,0 +1,556 @@ +# This file helps to compute a version number in source trees obtained from +# git-archive tarball (such as those provided by githubs download-from-tag +# feature). Distribution tarballs (built by setup.py sdist) and build +# directories (produced by setup.py build) will contain a much shorter file +# that just contains the computed version number. + +# This file is released into the public domain. Generated by +# versioneer-0.18 (https://github.com/warner/python-versioneer) + +"""Git implementation of _version.py.""" + +import errno +import os +import re +import subprocess +import sys + + +def get_keywords(): + """Get the keywords needed to look up the version information.""" + # these strings will be replaced by git during git-archive. + # setup.py/versioneer.py will grep for the variable names, so they must + # each be defined on a line of their own. _version.py will just call + # get_keywords(). + git_refnames = "$Format:%d$" + git_full = "$Format:%H$" + git_date = "$Format:%ci$" + keywords = {"refnames": git_refnames, "full": git_full, "date": git_date} + return keywords + + +class VersioneerConfig: + """Container for Versioneer configuration parameters.""" + + +def get_config(): + """Create, populate and return the VersioneerConfig() object.""" + # these strings are filled in when 'setup.py versioneer' creates + # _version.py + cfg = VersioneerConfig() + cfg.VCS = "git" + cfg.style = "pep440" + cfg.tag_prefix = "" + cfg.parentdir_prefix = "datasette-" + cfg.versionfile_source = "datasette/_version.py" + cfg.verbose = False + return cfg + + +class NotThisMethod(Exception): + """Exception raised if a method is not valid for the current scenario.""" + + +LONG_VERSION_PY = {} +HANDLERS = {} + + +def register_vcs_handler(vcs, method): # decorator + """Decorator to mark a method as the handler for a particular VCS.""" + + def decorate(f): + """Store f in HANDLERS[vcs][method].""" + if vcs not in HANDLERS: + HANDLERS[vcs] = {} + HANDLERS[vcs][method] = f + return f + + return decorate + + +def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False, env=None): + """Call the given command(s).""" + assert isinstance(commands, list) + p = None + for c in commands: + try: + dispcmd = str([c] + args) + # remember shell=False, so use git.cmd on windows, not just git + p = subprocess.Popen( + [c] + args, + cwd=cwd, + env=env, + stdout=subprocess.PIPE, + stderr=(subprocess.PIPE if hide_stderr else None), + ) + break + except EnvironmentError: + e = sys.exc_info()[1] + if e.errno == errno.ENOENT: + continue + if verbose: + print("unable to run %s" % dispcmd) + print(e) + return None, None + else: + if verbose: + print("unable to find command, tried %s" % (commands,)) + return None, None + stdout = p.communicate()[0].strip() + if sys.version_info[0] >= 3: + stdout = stdout.decode() + if p.returncode != 0: + if verbose: + print("unable to run %s (error)" % dispcmd) + print("stdout was %s" % stdout) + return None, p.returncode + return stdout, p.returncode + + +def versions_from_parentdir(parentdir_prefix, root, verbose): + """Try to determine the version from the parent directory name. + + Source tarballs conventionally unpack into a directory that includes both + the project name and a version string. We will also support searching up + two directory levels for an appropriately named parent directory + """ + rootdirs = [] + + for i in range(3): + dirname = os.path.basename(root) + if dirname.startswith(parentdir_prefix): + return { + "version": dirname[len(parentdir_prefix) :], + "full-revisionid": None, + "dirty": False, + "error": None, + "date": None, + } + else: + rootdirs.append(root) + root = os.path.dirname(root) # up a level + + if verbose: + print( + "Tried directories %s but none started with prefix %s" + % (str(rootdirs), parentdir_prefix) + ) + raise NotThisMethod("rootdir doesn't start with parentdir_prefix") + + +@register_vcs_handler("git", "get_keywords") +def git_get_keywords(versionfile_abs): + """Extract version information from the given file.""" + # the code embedded in _version.py can just fetch the value of these + # keywords. When used from setup.py, we don't want to import _version.py, + # so we do it with a regexp instead. This function is not used from + # _version.py. + keywords = {} + try: + f = open(versionfile_abs, "r") + for line in f.readlines(): + if line.strip().startswith("git_refnames ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["refnames"] = mo.group(1) + if line.strip().startswith("git_full ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["full"] = mo.group(1) + if line.strip().startswith("git_date ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["date"] = mo.group(1) + f.close() + except EnvironmentError: + pass + return keywords + + +@register_vcs_handler("git", "keywords") +def git_versions_from_keywords(keywords, tag_prefix, verbose): + """Get version information from git keywords.""" + if not keywords: + raise NotThisMethod("no keywords at all, weird") + date = keywords.get("date") + if date is not None: + # git-2.2.0 added "%cI", which expands to an ISO-8601 -compliant + # datestamp. However we prefer "%ci" (which expands to an "ISO-8601 + # -like" string, which we must then edit to make compliant), because + # it's been around since git-1.5.3, and it's too difficult to + # discover which version we're using, or to work around using an + # older one. + date = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + refnames = keywords["refnames"].strip() + if refnames.startswith("$Format"): + if verbose: + print("keywords are unexpanded, not using") + raise NotThisMethod("unexpanded keywords, not a git-archive tarball") + refs = set([r.strip() for r in refnames.strip("()").split(",")]) + # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of + # just "foo-1.0". If we see a "tag: " prefix, prefer those. + TAG = "tag: " + tags = set([r[len(TAG) :] for r in refs if r.startswith(TAG)]) + if not tags: + # Either we're using git < 1.8.3, or there really are no tags. We use + # a heuristic: assume all version tags have a digit. The old git %d + # expansion behaves like git log --decorate=short and strips out the + # refs/heads/ and refs/tags/ prefixes that would let us distinguish + # between branches and tags. By ignoring refnames without digits, we + # filter out many common branch names like "release" and + # "stabilization", as well as "HEAD" and "master". + tags = set([r for r in refs if re.search(r"\d", r)]) + if verbose: + print("discarding '%s', no digits" % ",".join(refs - tags)) + if verbose: + print("likely tags: %s" % ",".join(sorted(tags))) + for ref in sorted(tags): + # sorting will prefer e.g. "2.0" over "2.0rc1" + if ref.startswith(tag_prefix): + r = ref[len(tag_prefix) :] + if verbose: + print("picking %s" % r) + return { + "version": r, + "full-revisionid": keywords["full"].strip(), + "dirty": False, + "error": None, + "date": date, + } + # no suitable tags, so version is "0+unknown", but full hex is still there + if verbose: + print("no suitable tags, using unknown + full revision id") + return { + "version": "0+unknown", + "full-revisionid": keywords["full"].strip(), + "dirty": False, + "error": "no suitable tags", + "date": None, + } + + +@register_vcs_handler("git", "pieces_from_vcs") +def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command): + """Get version from 'git describe' in the root of the source tree. + + This only gets called if the git-archive 'subst' keywords were *not* + expanded, and _version.py hasn't already been rewritten with a short + version string, meaning we're inside a checked out source tree. + """ + GITS = ["git"] + if sys.platform == "win32": + GITS = ["git.cmd", "git.exe"] + + out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root, hide_stderr=True) + if rc != 0: + if verbose: + print("Directory %s not under git control" % root) + raise NotThisMethod("'git rev-parse --git-dir' returned error") + + # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty] + # if there isn't one, this yields HEX[-dirty] (no NUM) + describe_out, rc = run_command( + GITS, + [ + "describe", + "--tags", + "--dirty", + "--always", + "--long", + "--match", + "%s*" % tag_prefix, + ], + cwd=root, + ) + # --long was added in git-1.5.5 + if describe_out is None: + raise NotThisMethod("'git describe' failed") + describe_out = describe_out.strip() + full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root) + if full_out is None: + raise NotThisMethod("'git rev-parse' failed") + full_out = full_out.strip() + + pieces = {} + pieces["long"] = full_out + pieces["short"] = full_out[:7] # maybe improved later + pieces["error"] = None + + # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty] + # TAG might have hyphens. + git_describe = describe_out + + # look for -dirty suffix + dirty = git_describe.endswith("-dirty") + pieces["dirty"] = dirty + if dirty: + git_describe = git_describe[: git_describe.rindex("-dirty")] + + # now we have TAG-NUM-gHEX or HEX + + if "-" in git_describe: + # TAG-NUM-gHEX + mo = re.search(r"^(.+)-(\d+)-g([0-9a-f]+)$", git_describe) + if not mo: + # unparseable. Maybe git-describe is misbehaving? + pieces["error"] = "unable to parse git-describe output: '%s'" % describe_out + return pieces + + # tag + full_tag = mo.group(1) + if not full_tag.startswith(tag_prefix): + if verbose: + fmt = "tag '%s' doesn't start with prefix '%s'" + print(fmt % (full_tag, tag_prefix)) + pieces["error"] = "tag '%s' doesn't start with prefix '%s'" % ( + full_tag, + tag_prefix, + ) + return pieces + pieces["closest-tag"] = full_tag[len(tag_prefix) :] + + # distance: number of commits since tag + pieces["distance"] = int(mo.group(2)) + + # commit: short hex revision ID + pieces["short"] = mo.group(3) + + else: + # HEX: no tags + pieces["closest-tag"] = None + count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"], cwd=root) + pieces["distance"] = int(count_out) # total number of commits + + # commit date: see ISO-8601 comment in git_versions_from_keywords() + date = run_command(GITS, ["show", "-s", "--format=%ci", "HEAD"], cwd=root)[ + 0 + ].strip() + pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + + return pieces + + +def plus_or_dot(pieces): + """Return a + if we don't already have one, else return a .""" + if "+" in pieces.get("closest-tag", ""): + return "." + return "+" + + +def render_pep440(pieces): + """Build up version string, with post-release "local version identifier". + + Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you + get a tagged build and then dirty it, you'll get TAG+0.gHEX.dirty + + Exceptions: + 1: no tags. git_describe was just HEX. 0+untagged.DISTANCE.gHEX[.dirty] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += plus_or_dot(pieces) + rendered += "%d.g%s" % (pieces["distance"], pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + else: + # exception #1 + rendered = "0+untagged.%d.g%s" % (pieces["distance"], pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + return rendered + + +def render_pep440_pre(pieces): + """TAG[.post.devDISTANCE] -- No -dirty. + + Exceptions: + 1: no tags. 0.post.devDISTANCE + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += ".post.dev%d" % pieces["distance"] + else: + # exception #1 + rendered = "0.post.dev%d" % pieces["distance"] + return rendered + + +def render_pep440_post(pieces): + """TAG[.postDISTANCE[.dev0]+gHEX] . + + The ".dev0" means dirty. Note that .dev0 sorts backwards + (a dirty tree will appear "older" than the corresponding clean one), + but you shouldn't be releasing software with -dirty anyways. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += plus_or_dot(pieces) + rendered += "g%s" % pieces["short"] + else: + # exception #1 + rendered = "0.post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += "+g%s" % pieces["short"] + return rendered + + +def render_pep440_old(pieces): + """TAG[.postDISTANCE[.dev0]] . + + The ".dev0" means dirty. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + else: + # exception #1 + rendered = "0.post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + return rendered + + +def render_git_describe(pieces): + """TAG[-DISTANCE-gHEX][-dirty]. + + Like 'git describe --tags --dirty --always'. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += "-%d-g%s" % (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render_git_describe_long(pieces): + """TAG-DISTANCE-gHEX[-dirty]. + + Like 'git describe --tags --dirty --always -long'. + The distance/hash is unconditional. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + rendered += "-%d-g%s" % (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render(pieces, style): + """Render the given version pieces into the requested style.""" + if pieces["error"]: + return { + "version": "unknown", + "full-revisionid": pieces.get("long"), + "dirty": None, + "error": pieces["error"], + "date": None, + } + + if not style or style == "default": + style = "pep440" # the default + + if style == "pep440": + rendered = render_pep440(pieces) + elif style == "pep440-pre": + rendered = render_pep440_pre(pieces) + elif style == "pep440-post": + rendered = render_pep440_post(pieces) + elif style == "pep440-old": + rendered = render_pep440_old(pieces) + elif style == "git-describe": + rendered = render_git_describe(pieces) + elif style == "git-describe-long": + rendered = render_git_describe_long(pieces) + else: + raise ValueError("unknown style '%s'" % style) + + return { + "version": rendered, + "full-revisionid": pieces["long"], + "dirty": pieces["dirty"], + "error": None, + "date": pieces.get("date"), + } + + +def get_versions(): + """Get version information or return default if unable to do so.""" + # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have + # __file__, we can work backwards from there to the root. Some + # py2exe/bbfreeze/non-CPython implementations don't do __file__, in which + # case we can only use expanded keywords. + + cfg = get_config() + verbose = cfg.verbose + + try: + return git_versions_from_keywords(get_keywords(), cfg.tag_prefix, verbose) + except NotThisMethod: + pass + + try: + root = os.path.realpath(__file__) + # versionfile_source is the relative path from the top of the source + # tree (where the .git directory might live) to this file. Invert + # this to find the root from __file__. + for i in cfg.versionfile_source.split("/"): + root = os.path.dirname(root) + except NameError: + return { + "version": "0+unknown", + "full-revisionid": None, + "dirty": None, + "error": "unable to find root of source tree", + "date": None, + } + + try: + pieces = git_pieces_from_vcs(cfg.tag_prefix, root, verbose) + return render(pieces, cfg.style) + except NotThisMethod: + pass + + try: + if cfg.parentdir_prefix: + return versions_from_parentdir(cfg.parentdir_prefix, root, verbose) + except NotThisMethod: + pass + + return { + "version": "0+unknown", + "full-revisionid": None, + "dirty": None, + "error": "unable to compute version", + "date": None, + } diff --git a/datasette/actor_auth_cookie.py b/datasette/actor_auth_cookie.py deleted file mode 100644 index 368213af..00000000 --- a/datasette/actor_auth_cookie.py +++ /dev/null @@ -1,23 +0,0 @@ -from datasette import hookimpl -from itsdangerous import BadSignature -from datasette.utils import baseconv -import time - - -@hookimpl -def actor_from_request(datasette, request): - if "ds_actor" not in request.cookies: - return None - try: - decoded = datasette.unsign(request.cookies["ds_actor"], "actor") - # If it has "e" and "a" keys process the "e" expiry - if not isinstance(decoded, dict) or "a" not in decoded: - return None - expires_at = decoded.get("e") - if expires_at: - timestamp = int(baseconv.base62.decode(expires_at)) - if time.time() > timestamp: - return None - return decoded["a"] - except BadSignature: - return None diff --git a/datasette/app.py b/datasette/app.py index 9c9b7de4..919a0a51 100644 --- a/datasette/app.py +++ b/datasette/app.py @@ -1,2079 +1,334 @@ -from __future__ import annotations - import asyncio -import contextvars -from typing import TYPE_CHECKING, Any, Dict, Iterable, List, Sequence - -if TYPE_CHECKING: - from datasette.permissions import Resource - from datasette.tokens import TokenRestrictions import collections -import dataclasses -import datetime -import functools -import glob -import httpx -import importlib.metadata -import inspect -from itsdangerous import BadSignature +import hashlib +import itertools import json import os import re -import secrets import sys import threading -import time -import types +import traceback import urllib.parse from concurrent import futures from pathlib import Path -from markupsafe import Markup, escape -from itsdangerous import URLSafeSerializer -from jinja2 import ( - ChoiceLoader, - Environment, - FileSystemLoader, - pass_context, - PrefixLoader, -) +import click +from markupsafe import Markup +from jinja2 import ChoiceLoader, Environment, FileSystemLoader, PrefixLoader, escape from jinja2.environment import Template -from jinja2.exceptions import TemplateNotFound +import uvicorn -from .events import Event -from .column_types import SQLiteType -from . import stored_queries, write_sql -from .views import Context -from .views.database import ( - database_download, - DatabaseView, - QueryView, -) -from .views.table_create_alter import ( - DatabaseForeignKeyTargetsView, - TableAlterView, - TableCreateView, - TableForeignKeySuggestionsView, -) -from .views.execute_write import ExecuteWriteAnalyzeView, ExecuteWriteView -from .views.stored_queries import ( - QueryCreateAnalyzeView, - QueryDeleteView, - QueryDefinitionView, - QueryEditView, - GlobalQueryListView, - QueryListView, - QueryParametersView, - QueryStoreView, - QueryUpdateView, -) +from .views.base import DatasetteError, ureg, AsgiRouter +from .views.database import DatabaseDownload, DatabaseView from .views.index import IndexView -from .views.special import ( - JsonDataView, - PatternPortfolioView, - AutocompleteDebugView, - AuthTokenView, - ApiExplorerView, - CreateTokenView, - LogoutView, - AllowDebugView, - PermissionsDebugView, - MessagesDebugView, - AllowedResourcesView, - PermissionRulesView, - PermissionCheckView, - JumpView, - InstanceSchemaView, - DatabaseSchemaView, - TableSchemaView, -) -from .views.table import ( - TableAutocompleteView, - TableInsertView, - TableUpsertView, - TableSetColumnTypeView, - TableDropView, - TableFragmentView, - table_view, -) -from .views.row import RowView, RowDeleteView, RowUpdateView +from .views.special import JsonDataView +from .views.table import RowView, TableView from .renderer import json_renderer -from .url_builder import Urls -from .database import Database, QueryInterrupted +from .database import Database from .utils import ( - PaginatedResources, - PrefixedUrlString, - SPATIALITE_FUNCTIONS, - StartupError, - async_call_with_supported_arguments, - await_me_maybe, - baseconv, - call_with_supported_arguments, - detect_json1, - display_actor, + QueryInterrupted, escape_css_string, escape_sqlite, - find_spatialite, format_bytes, + get_plugins, module_from_path, - move_plugins_and_allow, - move_table_config, - parse_metadata, - resolve_env_secrets, - resolve_routes, - sha256_file, - tilde_decode, - tilde_encode, + sqlite3, to_css_class, - urlsafe_components, - redact_keys, - row_sql_params_pks, ) from .utils.asgi import ( AsgiLifespan, - Forbidden, NotFound, - DatabaseNotFound, - TableNotFound, - RowNotFound, - Request, Response, - AsgiRunOnFirstRequest, asgi_static, asgi_send, - asgi_send_file, + asgi_send_html, + asgi_send_json, asgi_send_redirect, ) -from .csrf import CrossOriginProtectionMiddleware -from .utils.internal_db import init_internal_db, populate_schema_tables -from .utils.sqlite import ( - sqlite3, - using_pysqlite3, -) from .tracer import AsgiTracer -from .plugins import pm, DEFAULT_PLUGINS, get_plugins +from .plugins import pm, DEFAULT_PLUGINS from .version import __version__ -from .resources import DatabaseResource, TableResource - app_root = Path(__file__).parent.parent +MEMORY = object() -# Context variable to track when code is executing within a datasette.client request -_in_datasette_client = contextvars.ContextVar("in_datasette_client", default=False) - - -class _DatasetteClientContext: - """Context manager to mark code as executing within a datasette.client request.""" - - def __enter__(self): - self.token = _in_datasette_client.set(True) - return self - - def __exit__(self, exc_type, exc_val, exc_tb): - _in_datasette_client.reset(self.token) - return False - - -@dataclasses.dataclass -class PermissionCheck: - """Represents a logged permission check for debugging purposes.""" - - when: str - actor: Dict[str, Any] | None - action: str - parent: str | None - child: str | None - result: bool - - -# https://github.com/simonw/datasette/issues/283#issuecomment-781591015 -SQLITE_LIMIT_ATTACHED = 10 - -INTERNAL_DB_NAME = "__INTERNAL__" - -Setting = collections.namedtuple("Setting", ("name", "default", "help")) -SETTINGS = ( - Setting("default_page_size", 100, "Default page size for the table view"), - Setting( +ConfigOption = collections.namedtuple("ConfigOption", ("name", "default", "help")) +CONFIG_OPTIONS = ( + ConfigOption("default_page_size", 100, "Default page size for the table view"), + ConfigOption( "max_returned_rows", 1000, "Maximum rows that can be returned from a table or custom query", ), - Setting( - "max_insert_rows", - 100, - "Maximum rows that can be inserted at a time using the bulk insert API", - ), - Setting( + ConfigOption( "num_sql_threads", 3, "Number of threads in the thread pool for executing SQLite queries", ), - Setting("sql_time_limit_ms", 1000, "Time limit for a SQL query in milliseconds"), - Setting( + ConfigOption( + "sql_time_limit_ms", 1000, "Time limit for a SQL query in milliseconds" + ), + ConfigOption( "default_facet_size", 30, "Number of values to return for requested facets" ), - Setting("facet_time_limit_ms", 200, "Time limit for calculating a requested facet"), - Setting( + ConfigOption( + "facet_time_limit_ms", 200, "Time limit for calculating a requested facet" + ), + ConfigOption( "facet_suggest_time_limit_ms", 50, "Time limit for calculating a suggested facet", ), - Setting( + ConfigOption( + "hash_urls", + False, + "Include DB file contents hash in URLs, for far-future caching", + ), + ConfigOption( "allow_facet", True, "Allow users to specify columns to facet using ?_facet= parameter", ), - Setting( + ConfigOption( "allow_download", True, "Allow users to download the original SQLite database files", ), - Setting( - "allow_signed_tokens", - True, - "Allow users to create and use signed API tokens", - ), - Setting( - "default_allow_sql", - True, - "Allow anyone to run arbitrary SQL queries", - ), - Setting( - "max_signed_tokens_ttl", - 0, - "Maximum allowed expiry time for signed API tokens", - ), - Setting("suggest_facets", True, "Calculate and display suggested facets"), - Setting( + ConfigOption("suggest_facets", True, "Calculate and display suggested facets"), + ConfigOption("allow_sql", True, "Allow arbitrary SQL queries via ?sql= parameter"), + ConfigOption( "default_cache_ttl", 5, "Default HTTP cache TTL (used in Cache-Control: max-age= header)", ), - Setting("cache_size_kb", 0, "SQLite cache size in KB (0 == use SQLite default)"), - Setting( + ConfigOption( + "default_cache_ttl_hashed", + 365 * 24 * 60 * 60, + "Default HTTP cache TTL for hashed URL pages", + ), + ConfigOption( + "cache_size_kb", 0, "SQLite cache size in KB (0 == use SQLite default)" + ), + ConfigOption( "allow_csv_stream", True, "Allow .csv?_stream=1 to download all rows (ignoring max_returned_rows)", ), - Setting( + ConfigOption( "max_csv_mb", 100, "Maximum size allowed for CSV export in MB - set 0 to disable this limit", ), - Setting( + ConfigOption( "truncate_cells_html", 2048, "Truncate cells longer than this in HTML table view - set 0 to disable", ), - Setting( + ConfigOption( "force_https_urls", False, "Force URLs in API output to always use https:// protocol", ), - Setting( + ConfigOption( "template_debug", False, "Allow display of template debug information with ?_context=1", ), - Setting( - "trace_debug", - False, - "Allow display of SQL trace debug information with ?_trace=1", - ), - Setting("base_url", "/", "Datasette URLs should use this base path"), ) -_HASH_URLS_REMOVED = "The hash_urls setting has been removed, try the datasette-hashed-urls plugin instead" -OBSOLETE_SETTINGS = { - "hash_urls": _HASH_URLS_REMOVED, - "default_cache_ttl_hashed": _HASH_URLS_REMOVED, -} -DEFAULT_SETTINGS = {option.name: option.default for option in SETTINGS} - -FAVICON_PATH = app_root / "datasette" / "static" / "favicon.png" - -DEFAULT_NOT_SET = object() +DEFAULT_CONFIG = {option.name: option.default for option in CONFIG_OPTIONS} -ResourcesSQL = collections.namedtuple("ResourcesSQL", ("sql", "params")) - - -def _permission_cache_key(actor, action, parent, child): - # Key on the full serialized actor so actors differing in any field - # (e.g. token restrictions) never share cache entries - actor_key = ( - json.dumps(actor, sort_keys=True, default=repr) if actor is not None else None - ) - return (actor_key, action, parent, child) - - -async def favicon(request, send): - await asgi_send_file( - send, - str(FAVICON_PATH), - content_type="image/png", - headers={"Cache-Control": "max-age=3600, public"}, - ) - - -ResolvedTable = collections.namedtuple("ResolvedTable", ("db", "table", "is_view")) -ResolvedRow = collections.namedtuple( - "ResolvedRow", ("db", "table", "sql", "params", "pks", "pk_values", "row") -) - - -def _to_string(value): - if isinstance(value, str): - return value - else: - return json.dumps(value, default=str) - - -def _template_context_json_default(value): - if dataclasses.is_dataclass(value) and not isinstance(value, type): - return { - field.name: getattr(value, field.name) - for field in dataclasses.fields(value) - } - return repr(value) - - -@pass_context -def _legacy_template_csrftoken(context): - request = context.get("request") - if request and "csrftoken" in request.scope: - return request.scope["csrftoken"]() - return "" - - -def _resolve_static_asset_path(root_path, path): - root = Path(root_path).resolve() - full_path = (root / path).resolve() - try: - full_path.relative_to(root) - except ValueError: - raise ValueError("Static asset path cannot escape static root") from None - return full_path - - -# Documentation for the variables Datasette.render_template() adds to the -# context for every page. This is part of the documented template contract: -# keys added in render_template() must be documented here - the contract -# tests in tests/test_template_context.py enforce this, and the docs in -# docs/template_context.rst are generated from it. -TEMPLATE_BASE_CONTEXT = { - "request": "The current :ref:`Request object `, or None. Common properties include ``request.path``, ``request.args``, ``request.actor``, ``request.url_vars`` and ``request.host``.", - "crumb_items": 'Async function returning breadcrumb navigation items for the current page. Call it with ``request=request`` plus optional ``database=`` and ``table=`` arguments; it returns a list of ``{"href": url, "label": label}`` dictionaries.', - "urls": "Object with methods for constructing URLs within Datasette. Common methods include ``urls.instance()``, ``urls.database(database)``, ``urls.table(database, table)``, ``urls.query(database, query)``, ``urls.row(database, table, row_path)`` and ``urls.static(path)`` - see :ref:`internals_datasette_urls`.", - "actor": "The currently authenticated actor dictionary, or None. Actors usually include an ``id`` key and may include any other keys supplied by authentication plugins.", - "menu_links": "Async function returning links for the Datasette application menu, including links added by plugins. Each item is a link dictionary with ``href`` and ``label`` keys. See :ref:`plugin_hook_menu_links`; for page action menus that can also include JavaScript-backed buttons, see :ref:`plugin_actions`.", - "display_actor": "Function that accepts an actor dictionary and returns the display string used in the navigation menu.", - "show_logout": "True if the logout link should be shown in the navigation menu", - "zip": "Python's ``zip()`` builtin, made available to template logic", - "body_scripts": 'List of JavaScript snippets contributed by plugins using :ref:`plugin_hook_extra_body_script`. Each item is a dictionary with ``script`` containing JavaScript source and ``module`` indicating whether Datasette will wrap it in `` diff --git a/datasette/templates/_codemirror.html b/datasette/templates/_codemirror.html index 75c16168..17342be5 100644 --- a/datasette/templates/_codemirror.html +++ b/datasette/templates/_codemirror.html @@ -1,16 +1,8 @@ - - + + + + diff --git a/datasette/templates/_codemirror_foot.html b/datasette/templates/_codemirror_foot.html index a624c8a4..4019d448 100644 --- a/datasette/templates/_codemirror_foot.html +++ b/datasette/templates/_codemirror_foot.html @@ -1,42 +1,37 @@ diff --git a/datasette/templates/_crumbs.html b/datasette/templates/_crumbs.html deleted file mode 100644 index bd1ff0da..00000000 --- a/datasette/templates/_crumbs.html +++ /dev/null @@ -1,15 +0,0 @@ -{% macro nav(request, database=None, table=None) -%} -{% if crumb_items is defined %} - {% set items=crumb_items(request=request, database=database, table=table) %} - {% if items %} -

- {% for item in items %} - {{ item.label }} - {% if not loop.last %} - / - {% endif %} - {% endfor %} -

- {% endif %} -{% endif %} -{%- endmacro %} diff --git a/datasette/templates/_debug_common_functions.html b/datasette/templates/_debug_common_functions.html deleted file mode 100644 index d988a2f3..00000000 --- a/datasette/templates/_debug_common_functions.html +++ /dev/null @@ -1,50 +0,0 @@ - diff --git a/datasette/templates/_description_source_license.html b/datasette/templates/_description_source_license.html index f852268f..a2bc18f2 100644 --- a/datasette/templates/_description_source_license.html +++ b/datasette/templates/_description_source_license.html @@ -1,6 +1,6 @@ -{% if metadata.get("description_html") or metadata.get("description") %} +{% if metadata.description_html or metadata.description %}
- {% if metadata.get("description_html") %} + {% if metadata.description_html %} {{ metadata.description_html|safe }} {% else %} {{ metadata.description }} diff --git a/datasette/templates/_execute_write_analysis_scripts.html b/datasette/templates/_execute_write_analysis_scripts.html deleted file mode 100644 index a19bae13..00000000 --- a/datasette/templates/_execute_write_analysis_scripts.html +++ /dev/null @@ -1,111 +0,0 @@ - diff --git a/datasette/templates/_execute_write_analysis_styles.html b/datasette/templates/_execute_write_analysis_styles.html deleted file mode 100644 index 165cfe9f..00000000 --- a/datasette/templates/_execute_write_analysis_styles.html +++ /dev/null @@ -1,41 +0,0 @@ - diff --git a/datasette/templates/_facet_results.html b/datasette/templates/_facet_results.html deleted file mode 100644 index 570bb37e..00000000 --- a/datasette/templates/_facet_results.html +++ /dev/null @@ -1,28 +0,0 @@ -
- {% for facet_info in sorted_facet_results %} -
-

- {{ facet_info.name }}{% if facet_info.type != "column" %} ({{ facet_info.type }}){% endif %} - {% if facet_info.truncated %}>{% endif %}{{ facet_info.results|length }} - - {% if facet_info.hideable %} - - {% endif %} -

-
    - {% for facet_value in facet_info.results %} - {% if not facet_value.selected %} -
  • {{ (facet_value.label | string()) or "-" }} {{ "{:,}".format(facet_value.count) }}
    • - {% else %} -
  • {{ facet_value.label or "-" }} · {{ "{:,}".format(facet_value.count) }}
    • - {% endif %} - {% endfor %} - {% if facet_info.truncated %} -
  • {% if request.args._facet_size != "max" -%} - {% else -%}…{% endif %} -
    • - {% endif %} -
-
- {% endfor %} -
diff --git a/datasette/templates/_footer.html b/datasette/templates/_footer.html index 074270f1..f930f445 100644 --- a/datasette/templates/_footer.html +++ b/datasette/templates/_footer.html @@ -1,5 +1,5 @@ -Powered by Datasette -{% if query_ms %}· Queries took {{ query_ms|round(3) }}ms{% endif %} +Powered by Datasette +{% if query_ms %}· Query took {{ query_ms|round(3) }}ms{% endif %} {% if metadata %} {% if metadata.license or metadata.license_url %}· Data license: {% if metadata.license_url %} diff --git a/datasette/templates/_permission_ui_styles.html b/datasette/templates/_permission_ui_styles.html deleted file mode 100644 index 53a824f1..00000000 --- a/datasette/templates/_permission_ui_styles.html +++ /dev/null @@ -1,145 +0,0 @@ - diff --git a/datasette/templates/_permissions_debug_tabs.html b/datasette/templates/_permissions_debug_tabs.html deleted file mode 100644 index d7203c1e..00000000 --- a/datasette/templates/_permissions_debug_tabs.html +++ /dev/null @@ -1,54 +0,0 @@ -{% if has_debug_permission %} -{% set query_string = '?' + request.query_string if request.query_string else '' %} - - - - -{% endif %} diff --git a/datasette/templates/_query_form_styles.html b/datasette/templates/_query_form_styles.html deleted file mode 100644 index cf2dd42c..00000000 --- a/datasette/templates/_query_form_styles.html +++ /dev/null @@ -1,138 +0,0 @@ - diff --git a/datasette/templates/_query_results.html b/datasette/templates/_query_results.html deleted file mode 100644 index 5e1e2f72..00000000 --- a/datasette/templates/_query_results.html +++ /dev/null @@ -1,20 +0,0 @@ -{% if display_rows %} -
- - - {% for column in columns %}{% endfor %} - - - - {% for row in display_rows %} - - {% for column, td in zip(columns, row) %} - - {% endfor %} - - {% endfor %} - -
{{ column }}
{{ td }}
-{% elif show_zero_results %} -

0 results

-{% endif %} diff --git a/datasette/templates/_sql_parameter_scripts.html b/datasette/templates/_sql_parameter_scripts.html deleted file mode 100644 index 9b83889e..00000000 --- a/datasette/templates/_sql_parameter_scripts.html +++ /dev/null @@ -1,307 +0,0 @@ - diff --git a/datasette/templates/_sql_parameter_styles.html b/datasette/templates/_sql_parameter_styles.html deleted file mode 100644 index bc6838f5..00000000 --- a/datasette/templates/_sql_parameter_styles.html +++ /dev/null @@ -1,58 +0,0 @@ - diff --git a/datasette/templates/_sql_parameters.html b/datasette/templates/_sql_parameters.html deleted file mode 100644 index b5c1bde8..00000000 --- a/datasette/templates/_sql_parameters.html +++ /dev/null @@ -1,10 +0,0 @@ -{% set sql_parameter_name_prefix = sql_parameter_name_prefix|default("") %} -
- {% if parameter_names %} -

Parameters

- {% for parameter in parameter_names %} - {% set parameter_id = (sql_parameter_id_prefix|default("qp")) ~ loop.index %} -

{% if sql_parameters_allow_expand|default(false) %} {% endif %}

- {% endfor %} - {% endif %} -
diff --git a/datasette/templates/_suggested_facets.html b/datasette/templates/_suggested_facets.html deleted file mode 100644 index b80208c3..00000000 --- a/datasette/templates/_suggested_facets.html +++ /dev/null @@ -1,3 +0,0 @@ -

- Suggested facets: {% for facet in suggested_facets %}{{ facet.name }}{% if facet.get("type") %} ({{ facet.type }}){% endif %}{% if not loop.last %}, {% endif %}{% endfor %} -

diff --git a/datasette/templates/_table.html b/datasette/templates/_table.html index 171b6442..42c37c55 100644 --- a/datasette/templates/_table.html +++ b/datasette/templates/_table.html @@ -1,19 +1,16 @@ - -
-{% if display_columns %} -
+{% if display_rows %} {% for column in display_columns %} - @@ -22,16 +19,14 @@ {% for row in display_rows %} - + {% for cell in row %} - + {% endfor %} {% endfor %}
+ {% if not column.sortable %} {{ column.name }} {% else %} {% if column.name == sort %} - {{ column.name }} ▼ + {{ column.name }} ▼ {% else %} - {{ column.name }}{% if column.name == sort_desc %} ▲{% endif %} + {{ column.name }}{% if column.name == sort_desc %} ▲{% endif %} {% endif %} {% endif %}
{{ cell.value }}{{ cell.value }}
-
-{% endif %} -{% if not display_rows %} +{% else %}

0 records

{% endif %} diff --git a/datasette/templates/allow_debug.html b/datasette/templates/allow_debug.html deleted file mode 100644 index 1ecc92df..00000000 --- a/datasette/templates/allow_debug.html +++ /dev/null @@ -1,61 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Debug allow rules{% endblock %} - -{% block extra_head %} - -{% endblock %} - -{% block content %} - -

Debug allow rules

- -{% set current_tab = "allow_debug" %} -{% include "_permissions_debug_tabs.html" %} - -

Use this tool to try out different actor and allow combinations. See Defining permissions with "allow" blocks for documentation.

- -
-
-

- -
-
-

- -
-
- -
-
- -{% if error %}

{{ error }}

{% endif %} - -{% if result == "True" %}

Result: allow

{% endif %} - -{% if result == "False" %}

Result: deny

{% endif %} - -{% endblock %} diff --git a/datasette/templates/api_explorer.html b/datasette/templates/api_explorer.html deleted file mode 100644 index 4927cb8d..00000000 --- a/datasette/templates/api_explorer.html +++ /dev/null @@ -1,208 +0,0 @@ -{% extends "base.html" %} - -{% block title %}API Explorer{% endblock %} - -{% block extra_head %} - -{% endblock %} - -{% block content %} - -

API Explorer{% if private %} 🔒{% endif %}

- -

Use this tool to try out the - {% if datasette_version %} - Datasette API. - {% else %} - Datasette API. - {% endif %} -

-
- GET -
-
- - - -
-
-
-
- POST -
-
- - -
-
- - -
-

-
-
- - - - - -{% if example_links %} -

API endpoints

-
    - {% for database in example_links %} -
  • Database: {{ database.name }}
    • -
      - {% for link in database.links %} -
    • {{ link.path }} - {{ link.label }}
      • - {% endfor %} - {% for table in database.tables %} -
    • {{ table.name }} -
        - {% for link in table.links %} -
      • {{ link.path }} - {{ link.label }}
        • - {% endfor %} -
      -
      • - {% endfor %} -
    - {% endfor %} -
-{% endif %} - -{% endblock %} diff --git a/datasette/templates/base.html b/datasette/templates/base.html index 18288439..d26043f8 100644 --- a/datasette/templates/base.html +++ b/datasette/templates/base.html @@ -1,76 +1,32 @@ -{% import "_crumbs.html" as crumbs with context %} - + + {% block title %}{% endblock %} - + {% for url in extra_css_urls %} - + {% endfor %} - - {% for url in extra_js_urls %} - + {% endfor %} -{%- if alternate_url_json -%} - -{%- endif -%} -{%- block extra_head %}{% endblock -%} +{% block extra_head %}{% endblock %} -
-
-{% block messages %} -{% if show_messages %} - {% for message, message_type in show_messages() %} -

{{ message }}

- {% endfor %} -{% endif %} -{% endblock %} + -
+
{% block content %} {% endblock %} -
-
{% block footer %}{% include "_footer.html" %}{% endblock %}
-{% include "_close_open_menus.html" %} +
{% block footer %}{% include "_footer.html" %}{% endblock %}
{% for body_script in body_scripts %} - {{ body_script.script }} + {% endfor %} {% if select_templates %}{% endif %} - - diff --git a/datasette/templates/create_token.html b/datasette/templates/create_token.html deleted file mode 100644 index 270d9c86..00000000 --- a/datasette/templates/create_token.html +++ /dev/null @@ -1,123 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Create an API token{% endblock %} - -{% block extra_head %} - -{% endblock %} - -{% block content %} - -

Create an API token

- -

This token will allow API access with the same abilities as your current user, {{ request.actor.id }}

- -{% if token %} -
-

Your API token

-
- - -
- -
- Token details - 
{{ token_bits|tojson(4) }}
-
-
-

Create another token

-{% endif %} - -{% if errors %} - {% for error in errors %} -

{{ error }}

- {% endfor %} -{% endif %} - -
-
-
- -
- - - -
- Restrict actions that can be performed using this token -

All databases and tables

-
    - {% for permission in all_actions %} -
    • - {% endfor %} -
- - {% for database in database_with_tables %} -

All tables in "{{ database.name }}"

-
    - {% for permission in database_actions %} -
    • - {% endfor %} -
- {% endfor %} -

Specific tables

- {% for database in database_with_tables %} - {% for table in database.tables %} -

{{ database.name }}: {{ table.name }}

-
    - {% for permission in child_actions %} -
    • - {% endfor %} -
- {% endfor %} - {% endfor %} -
- - -
- - - -{% endblock %} diff --git a/datasette/templates/csrf_error.html b/datasette/templates/csrf_error.html deleted file mode 100644 index b84749d3..00000000 --- a/datasette/templates/csrf_error.html +++ /dev/null @@ -1,13 +0,0 @@ -{% extends "base.html" %} -{% block title %}CSRF check failed{% endblock %} -{% block content %} -

Form origin check failed

- -

Your request's origin could not be validated. Please return to the form and submit it again.

- -
Technical details -

Developers: consult Datasette's CSRF protection documentation.

-

Reason: {{ reason }}

-
- -{% endblock %} diff --git a/datasette/templates/database.html b/datasette/templates/database.html index a9fad8dd..a0d0fcf6 100644 --- a/datasette/templates/database.html +++ b/datasette/templates/database.html @@ -3,40 +3,29 @@ {% block title %}{{ database }}{% endblock %} {% block extra_head %} -{{- super() -}} +{{ super() }} {% include "_codemirror.html" %} -{% include "_sql_parameter_styles.html" %} -{% if database_page_data.createTable %} - - -{% endif %} {% endblock %} {% block body_class %}db db-{{ database|to_css_class }}{% endblock %} -{% block crumbs %} -{{ crumbs.nav(request=request, database=database) }} +{% block nav %} +

+ home +

+ {{ super() }} {% endblock %} {% block content %} -
-

{{ metadata.title or database }}{% if private %} 🔒{% endif %}

-
-{% set action_links, action_title = database_actions(), "Database actions" %} -{% include "_action_menu.html" %} -{{ top_database() }} +

{{ metadata.title or database }}

{% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %} -{% if allow_execute_sql %} -
+{% if config.allow_sql %} +

Custom SQL query

-

- {% set parameter_names = [] %} - {% set parameter_values = {} %} - {% set sql_parameters_allow_expand = false %} - {% include "_sql_parameters.html" %} +

@@ -44,66 +33,42 @@

{% endif %} -{% if attached_databases %} -
-

The following databases are attached to this connection, and can be used for cross-database joins:

-
    - {% for db_name in attached_databases %} -
  • {{ db_name }} - tables
    • - {% endfor %} -
-
-{% endif %} - -{% if queries %} -

Queries

- - {% if queries_more %} -

View {{ "{:,}".format(queries_count) }} quer{% if queries_count == 1 %}y{% else %}ies{% endif %}

- {% endif %} -{% endif %} - -{% if tables %} -

Tables schema

-{% endif %} - {% for table in tables %} {% if show_hidden or not table.hidden %}
-

{{ table.name }}{% if table.private %} 🔒{% endif %}{% if table.hidden %} (hidden){% endif %}

-

{% for column in table.columns %}{{ column }}{% if not loop.last %}, {% endif %}{% endfor %}

-

{% if table.count is none %}Many rows{% elif table.count_truncated %}>{{ "{:,}".format(table.count - 1) }} rows{% else %}{{ "{:,}".format(table.count) }} row{% if table.count == 1 %}{% else %}s{% endif %}{% endif %}

+

{{ table.name }}{% if table.hidden %} (hidden){% endif %}

+

{% for column in table.columns[:9] %}{{ column }}{% if not loop.last %}, {% endif %}{% endfor %}{% if table.columns|length > 9 %}...{% endif %}

+

{% if table.count is none %}Many rows{% else %}{{ "{:,}".format(table.count) }} row{% if table.count == 1 %}{% else %}s{% endif %}{% endif %}

{% endif %} {% endfor %} {% if hidden_count and not show_hidden %} -

... and {{ "{:,}".format(hidden_count) }} hidden table{% if hidden_count == 1 %}{% else %}s{% endif %}

+

... and {{ "{:,}".format(hidden_count) }} hidden table{% if hidden_count == 1 %}{% else %}s{% endif %}

{% endif %} {% if views %} -

Views

-
    +

    Views

    + +{% endif %} + +{% if queries %} +

    Queries

    + {% endif %} {% if allow_download %} -

    Download SQLite DB: {{ database }}.db {{ format_bytes(size) }}

    +

    Download SQLite DB: {{ database }}.db {{ format_bytes(size) }}

    {% endif %} {% include "_codemirror_foot.html" %} -{% include "_sql_parameter_scripts.html" %} - {% endblock %} diff --git a/datasette/templates/debug_actions.html b/datasette/templates/debug_actions.html deleted file mode 100644 index 0ef7b329..00000000 --- a/datasette/templates/debug_actions.html +++ /dev/null @@ -1,43 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Registered Actions{% endblock %} - -{% block content %} -

    Registered actions

    - -{% set current_tab = "actions" %} -{% include "_permissions_debug_tabs.html" %} - -

    - This Datasette instance has registered {{ data|length }} action{{ data|length != 1 and "s" or "" }}. - Actions are used by the permission system to control access to different features. -

    - - - - - - - - - - - - - - - {% for action in data %} - - - - - - - - - - {% endfor %} - -
    NameAbbrDescriptionResourceTakes ParentTakes ChildAlso Requires
    {{ action.name }}{% if action.abbr %}{{ action.abbr }}{% endif %}{{ action.description or "" }}{% if action.resource_class %}{{ action.resource_class }}{% endif %}{% if action.takes_parent %}✓{% endif %}{% if action.takes_child %}✓{% endif %}{% if action.also_requires %}{{ action.also_requires }}{% endif %}
    - -{% endblock %} diff --git a/datasette/templates/debug_allowed.html b/datasette/templates/debug_allowed.html deleted file mode 100644 index 4f8106b8..00000000 --- a/datasette/templates/debug_allowed.html +++ /dev/null @@ -1,229 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Allowed Resources{% endblock %} - -{% block extra_head %} - -{% include "_permission_ui_styles.html" %} -{% include "_debug_common_functions.html" %} -{% endblock %} - -{% block content %} -

    Allowed resources

    - -{% set current_tab = "allowed" %} -{% include "_permissions_debug_tabs.html" %} - -

    Use this tool to check which resources the current actor is allowed to access for a given permission action. It queries the /-/allowed.json API endpoint.

    - -{% if request.actor %} -

    Current actor: {{ request.actor.get("id", "anonymous") }}

    -{% else %} -

    Current actor: anonymous (not logged in)

    -{% endif %} - -
    -
    -
    - - - Only certain actions are supported by this endpoint -
    - -
    - - - Filter results to a specific parent resource -
    - -
    - - - Filter results to a specific child resource (requires parent to be set) -
    - -
    - - - Number of results per page (max 200) -
    - -
    - -
    -
    -
    - - - - - -{% endblock %} diff --git a/datasette/templates/debug_autocomplete.html b/datasette/templates/debug_autocomplete.html deleted file mode 100644 index 380639a3..00000000 --- a/datasette/templates/debug_autocomplete.html +++ /dev/null @@ -1,78 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Debug autocomplete{% endblock %} - -{% block extra_head %} -{{ super() }} - -{% endblock %} - -{% block content %} -

    Debug autocomplete

    - -
    -

    - - -

    -

    - - -

    -

    -
    - -{% if error %} -

    {{ error }}

    -{% elif autocomplete_url %} -

    {{ database_name }} / {{ table_name }}

    - {% if label_column %} -

    Label column: {{ label_column }}

    - {% else %} -

    No label column detected. Results will use primary key values.

    - {% endif %} -
    - - - - -
    -

    Selected row

    - 
    No row selected.
    - -{% else %} -

    Suggested tables

    - {% if suggestions %} -

    Showing up to five tables with a detected label column.

    - - - - - - - - - - {% for suggestion in suggestions %} - - - - - - {% endfor %} - -
    DatabaseTableLabel column
    {{ suggestion.database }}{{ suggestion.table }}{{ suggestion.label_column }}
    - {% else %} -

    No tables with detected label columns found.

    - {% endif %} -

    Scanned {{ scanned }} table{% if scanned != 1 %}s{% endif %}{% if reached_scan_limit %}; stopped at the 100 table scan limit{% endif %}.

    -{% endif %} - -{% endblock %} diff --git a/datasette/templates/debug_check.html b/datasette/templates/debug_check.html deleted file mode 100644 index 3b229a25..00000000 --- a/datasette/templates/debug_check.html +++ /dev/null @@ -1,270 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Permission Check{% endblock %} - -{% block extra_head %} - -{% include "_permission_ui_styles.html" %} -{% include "_debug_common_functions.html" %} - -{% endblock %} - -{% block content %} -

    Permission check

    - -{% set current_tab = "check" %} -{% include "_permissions_debug_tabs.html" %} - -

    Use this tool to test permission checks for the current actor. It queries the /-/check.json API endpoint.

    - -{% if request.actor %} -

    Current actor: {{ request.actor.get("id", "anonymous") }}

    -{% else %} -

    Current actor: anonymous (not logged in)

    -{% endif %} - -
    -
    -
    - - - The permission action to check -
    - -
    - - - For database-level permissions, specify the database name -
    - -
    - - - For table-level permissions, specify the table name (requires parent) -
    - -
    - -
    -
    -
    - - - - - -{% endblock %} diff --git a/datasette/templates/debug_permissions_playground.html b/datasette/templates/debug_permissions_playground.html deleted file mode 100644 index 4410a677..00000000 --- a/datasette/templates/debug_permissions_playground.html +++ /dev/null @@ -1,165 +0,0 @@ -{% extends "base.html" %} - -{% block title %}Debug permissions{% endblock %} - -{% block extra_head %} -{% include "_permission_ui_styles.html" %} - -{% endblock %} - -{% block content %} -

    Permission playground

    - -{% set current_tab = "permissions" %} -{% include "_permissions_debug_tabs.html" %} - -

    This tool lets you simulate an actor and a permission check for that actor.

    - -
    -
    -
    -
    - - -
    -
    -
    -
    - - -
    -
    - - -
    -
    - - -
    -
    -
    - -
    - 
    
-    
    
-
    
-
-
-
-
    Recent permissions checks
    
-
-
    
-    {% if filter != "all" %}All{% else %}All{% endif %},
-    {% if filter != "exclude-yours" %}Exclude yours{% else %}Exclude yours{% endif %},
-    {% if filter != "only-yours" %}Only yours{% else %}Only yours{% endif %}
-
    
-
-{% if permission_checks %}
-
-    
-        
-            
-            
-            
-            
-            
-            
-        
-    
-    
-        {% for check in permission_checks %}
-            
-                
-                
-                
-                
-                
-                
-            
-        {% endfor %}
-        
-
    WhenActionParentChildActorResult
    {{ check.when.split('T', 1)[0] }}
    {{ check.when.split('T', 1)[1].split('+', 1)[0].split('-', 1)[0].split('Z', 1)[0] }}    		{{ check.action }}{{ check.parent or '—' }}{{ check.child or '—' }}{% if check.actor %}{{ check.actor|tojson }}{% else %}anonymous{% endif %}{% if check.result %}Allowed{% elif check.result is none %}No opinion{% else %}Denied{% endif %}
    
-{% else %}
-
    No permission checks have been recorded yet.
    
-{% endif %}
-
-{% endblock %}
diff --git a/datasette/templates/debug_rules.html b/datasette/templates/debug_rules.html
deleted file mode 100644
index aafa755d..00000000
--- a/datasette/templates/debug_rules.html
+++ /dev/null
@@ -1,203 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Permission Rules{% endblock %}
-
-{% block extra_head %}
-
-{% include "_permission_ui_styles.html" %}
-{% include "_debug_common_functions.html" %}
-{% endblock %}
-
-{% block content %}
-
    Permission rules
    
-
-{% set current_tab = "rules" %}
-{% include "_permissions_debug_tabs.html" %}
-
-
    Use this tool to view the permission rules that allow the current actor to access resources for a given permission action. It queries the /-/rules.json API endpoint.
    
-
-{% if request.actor %}
-
    Current actor: {{ request.actor.get("id", "anonymous") }}
    
-{% else %}
-
    Current actor: anonymous (not logged in)
    
-{% endif %}
-
-
    
-    
    
-        
    
-            
-            
-            The permission action to check
-        
    
-
-        
    
-            
-            
-            Number of results per page (max 200)
-        
    
-
-        
    
-            
-        
    
-    
    
-
    
-
-
-
-
-
-{% endblock %}
diff --git a/datasette/templates/execute_write.html b/datasette/templates/execute_write.html
deleted file mode 100644
index 592577f8..00000000
--- a/datasette/templates/execute_write.html
+++ /dev/null
@@ -1,337 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Write to this database{% endblock %}
-
-{% block extra_head %}
-{{- super() -}}
-{% include "_codemirror.html" %}
-
-{% include "_execute_write_analysis_styles.html" %}
-{% include "_sql_parameter_styles.html" %}
-{% endblock %}
-
-{% block body_class %}execute-write db-{{ database|to_css_class }}{% endblock %}
-
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database) }}
-{% endblock %}
-
-{% block content %}
-
-
    Write to this database
    
-
-
    Execute SQL to insert, update or delete rows in this database.
    
-
-{% if execution_message %}
-    
    {{ execution_message }}{% for link in execution_links %} {{ link.label }}{% endfor %}
    
-{% endif %}
-
-{% if execute_write_returns_rows %}
-    
    Returned rows
    
-    {% if execute_write_truncated %}
-        
    Only the first {{ "{:,}".format(execute_write_display_rows|length) }} returned rows are shown.
    
-    {% endif %}
-    {% set columns = execute_write_columns %}
-    {% set display_rows = execute_write_display_rows %}
-    {% set show_zero_results = true %}
-    {% include "_query_results.html" %}
-{% endif %}
-
-
    
-    {% if write_create_table_template_sql or write_template_tables %}
-        
    
-            
    
-                Start with a template
-                
    
-                    {% if write_create_table_template_sql %}
-                        
-                    {% endif %}
-                    {% if write_template_tables %}
-                        
-                        
-                        {% for operation in write_template_operations %}
-                            
-                        {% endfor %}
-                    {% endif %}
-                
    
-            
    
-        
    
-    {% else %}
-        
    There are no tables that you can currently edit.
    
-    {% endif %}
-
-    
    
-
-    {% set sql_parameters_section_id = "execute-write-parameters-section" %}
-    {% set sql_parameters_allow_expand = true %}
-    {% include "_sql_parameters.html" %}
-
-    
    
-        
    Query operations
    
-        {% if analysis_error %}
-            
    {{ analysis_error }}
    
-        {% elif analysis_rows %}
-            
    
-                
-                    
-                        
-                        
-                        
-                        
-                        
-                    
-                
-                
-                    {% for row in analysis_rows %}
-                        
-                            
-                            
-                            
-                            
-                            
-                        
-                    {% endfor %}
-                
-            
    OperationDatabaseTableRequired permissionAllowed
    {{ row.operation }}{{ row.database }}{{ row.table }}{% if row.required_permission %}{{ row.required_permission }}{% endif %}{% if row.allowed is none %}{% elif row.allowed %}yes{% else %}no{% endif %}
    
-        {% else %}
-            
    Analysis will show each affected table and required permission.
    
-        {% endif %}
-    
    
-
-    
    
-        
-        {{ execute_disabled_reason or "" }}
-        {% if save_query_url %}Save this query{% endif %}
-    
    
-
    
-
-{% include "_codemirror_foot.html" %}
-{% include "_sql_parameter_scripts.html" %}
-{% include "_execute_write_analysis_scripts.html" %}
-
-
-
-{% if write_create_table_template_sql or write_template_tables %}
-
-{% endif %}
-
-{% endblock %}
diff --git a/datasette/templates/index.html b/datasette/templates/index.html
index 03349279..b394564a 100644
--- a/datasette/templates/index.html
+++ b/datasette/templates/index.html
@@ -2,26 +2,17 @@
 
 {% block title %}{{ metadata.title or "Datasette" }}: {% for database in databases %}{{ database.name }}{% if not loop.last %}, {% endif %}{% endfor %}{% endblock %}
 
-{% block extra_head %}
-{% if noindex %}{% endif %}
-{% endblock %}
-
 {% block body_class %}index{% endblock %}
 
 {% block content %}
-
    {{ metadata.title or "Datasette" }}{% if private %} 🔒{% endif %}
    
-
-{% set action_links, action_title = homepage_actions, "Homepage actions" %}
-{% include "_action_menu.html" %}
-
-{{ top_homepage() }}
+
    {{ metadata.title or "Datasette" }}
    
 
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
 
 {% for database in databases %}
-    
    {{ database.name }}{% if database.private %} 🔒{% endif %}
    
+    
    {{ database.name }}
    
     
    
-        {% if database.show_table_row_counts %}{{ "{:,}".format(database.table_rows_sum) }} rows in {% endif %}{{ database.tables_count }} table{% if database.tables_count != 1 %}s{% endif %}{% if database.hidden_tables_count %}, {% endif -%}
+        {% if database.show_table_row_counts %}{{ "{:,}".format(database.table_rows_sum) }} rows in {% endif %}{{ database.tables_count }} table{% if database.tables_count != 1 %}s{% endif %}{% if database.tables_count and database.hidden_tables_count %}, {% endif -%}
         {% if database.hidden_tables_count -%}
             {% if database.show_table_row_counts %}{{ "{:,}".format(database.hidden_table_rows_sum) }} rows in {% endif %}{{ database.hidden_tables_count }} hidden table{% if database.hidden_tables_count != 1 %}s{% endif -%}
         {% endif -%}
@@ -30,7 +21,8 @@
             {{ "{:,}".format(database.views_count) }} view{% if database.views_count != 1 %}s{% endif %}
         {% endif %}
     
    
-    
    {% for table in database.tables_and_views_truncated %}{{ table.name }}{% if table.private %} 🔒{% endif %}{% if not loop.last %}, {% endif %}{% endfor %}{% if database.tables_and_views_more %}, ...{% endif %}
    
+    
    {% for table in database.tables_and_views_truncated %}{{ table.name }}{% if not loop.last %}, {% endif %}{% endfor %}{% if database.tables_and_views_more %}, ...{% endif %}
    
 {% endfor %}
 
 {% endblock %}
diff --git a/datasette/templates/logout.html b/datasette/templates/logout.html
deleted file mode 100644
index a99870e6..00000000
--- a/datasette/templates/logout.html
+++ /dev/null
@@ -1,17 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Log out{% endblock %}
-
-{% block content %}
-
-
    Log out
    
-
-
    You are logged in as {{ display_actor(actor) }}
    
-
-
    
-    
    
-        
-    
    
-
    
-
-{% endblock %}
diff --git a/datasette/templates/messages_debug.html b/datasette/templates/messages_debug.html
deleted file mode 100644
index 891cf915..00000000
--- a/datasette/templates/messages_debug.html
+++ /dev/null
@@ -1,26 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Debug messages{% endblock %}
-
-{% block content %}
-
-
    Debug messages
    
-
-
    Set a message:
    
-
-
    
-    
    
-        
-        
    
-            
-        
    
-        
-    
    
-
    
-
-{% endblock %}
diff --git a/datasette/templates/patterns.html b/datasette/templates/patterns.html
deleted file mode 100644
index 075c0117..00000000
--- a/datasette/templates/patterns.html
+++ /dev/null
@@ -1,507 +0,0 @@
-
-
-
-    Datasette: Pattern Portfolio
-    
-    
-    
-    
-
-
-
-
    
-
-
    
-    
    Pattern Portfolio
    
-
    
-
-
-
-
-
    Header for /database/table/row and Messages
    
-
-
    
-  
-
    
-
-
    Example message
    
-
    Example message
    
-
    Example message
    
-
-
    .bd for /
    
-
    
-    
    Datasette Fixtures
    
-    
    
-            An example SQLite database demonstrating Datasette
-    
    
-    
    
-    Data license:
-            Apache License 2.0
-    ·
-        Data source:
-            
-        tests/fixtures.py
-    ·
-        About:
-            
-        About Datasette
-    
    
-    
    fixtures
    
-    
    
-        1,258 rows in 24 tables, 206 rows in 5 hidden tables, 4 views
-    
    
-    
    compound_three_primary_keys, sortable, facetable, roadside_attraction_characteristics, simple_primary_key, ...
    
-    
    data
    
-    
    
-        6 rows in 2 tables
-    
    
-    
    names, foo
    
-
    
-
-
    .bd for /database
    
-
    
-    
    
-        
    fixtures
    
-    
    
-    
    
-        
    
-            
-                
    
-                    
-                        Database actions
-                        
-                        
-                    
-                    Database actions
-                
    
-                
-            
    
-                
    
-                
-            
    
-        
    
-    
    
-
-    
    
-            Test tables description
-    
    
-    
    
-    Data license:
-            Apache License 2.0
-    ·
-        Data source:
-            
-        tests/fixtures.py
-    ·
-        About:
-            
-        About Datasette
-    
    
-    
    
-        
    Custom SQL query
    
-        
    
-        
    
-            
-            
-        
    
-    
    
-    
    
-        
    123_starts_with_digits
    
-        
    content
    
-        
    0 rows
    
-    
    
-    
    
-        
    Table With Space In Name
    
-        
    pk, content
    
-        
    0 rows
    
-    
    
-    
    
-        
    attraction_characteristic
    
-        
    pk, name
    
-        
    2 rows
    
-    
    
-
    
-
-
    .bd for /database/table
    
-
-
    
-    
    
-        
    roadside_attraction_characteristics
    
-    
    
-    
    
-        
    
-            
-                
    
-                    
-                        Database actions
-                        
-                        
-                    
-                    Table actions
-                
    
-                
-            
    
-                
    
-                
-            
    
-        
    
-    
    
-
-    
    
-    Data license:
-            Apache License 2.0
-    ·
-        Data source:
-            
-        tests/fixtures.py
-    ·
-        About:
-            
-        About Datasette
-    
    
-    
    3 rows
-        where characteristic_id = 2
-    
    
-    
    
-    
    
-        
    
-            
    
-                
-            
    
-            
    
-                
-            
    
-        
    
-    
    
-        
    
-            
-        
    
-        
    
-            
-        
    
-    
    
-    
    
-            
    
-                
-            
    
-            
-        
-    
    
-  
    
-
-  
    
-    
    2 extra where clauses
    
-    
-  
    
-
-  
    View and edit SQL
    
-
-  
    This data as json, CSV (advanced)
    
-
-  
    
-        Suggested facets: tags, created (date), tags (array)
-    
    
-
-    
    
-
-            
    
-                
    
-                    tags (array)
-
-                        
-
-                
    
-                
-            
    
-
-            
    
-                
    
-                    created
-
-                        
-
-                
    
-                
-            
    
-
-            
    
-                
    
-                    city_id
-
-                        
-
-                
    
-                
-            
    
-
-    
    
-
-    
-        
-            
-                    
-                    
-                    
-                    
-            
-        
-        
-            
-                    
-                    
-                    
-                    
-            
-            
-                    
-                    
-                    
-                    
-            
-            
-                    
-                    
-                    
-                    
-            
-        
-    
    
-                                Link
-                        
-                                            rowid ▼
-                                
-                                            attraction_id
-                                
-                                            characteristic_id
-                                
    11The Mystery Spot 1Paranormal 2
    22Winchester Mystery House 2Paranormal 2
    33Bigfoot Discovery Museum 4Paranormal 2
    
-    
    
-        
    Advanced export
    
-        
    JSON shape:
-            default,
-            array,
-            newline-delimited
-        
    
-        
    
-            
    
-                CSV options:
-                
-                
-                
-                
-                
-            
    
-        
    
-    
    
-    
    CREATE TABLE roadside_attraction_characteristics (
-    attraction_id INTEGER REFERENCES roadside_attractions(pk),
-    characteristic_id INTEGER REFERENCES attraction_characteristic(pk)
-);
    
-
    
-
-
    .bd for /database/table/row
    
-
    
-    
    roadside_attractions: 2
    
-    
    This data as json
    
-    
-        
-            
-                    
-                    
-                    
-                    
-                    
-            
-        
-        
-            
-                    
-                    
-                    
-                    
-                    
-            
-        
-    
    
-                                pk
-                        
-                                name
-                        
-                                address
-                        
-                                latitude
-                        
-                                longitude
-                        
    2Winchester Mystery House525 South Winchester Boulevard, San Jose, CA 9512837.3184-121.9511
    
-    
    Links from other tables
    
-    
      
-            
    • 
-                
-                    1 row
-                from attraction_id in roadside_attraction_characteristics
-            
      • 
-    
    
-
    
-
-
    .ft
    
-
-
-
-{% include "_close_open_menus.html" %}
-
-
-
diff --git a/datasette/templates/query.html b/datasette/templates/query.html
index 8dd1037f..f10ff000 100644
--- a/datasette/templates/query.html
+++ b/datasette/templates/query.html
@@ -3,7 +3,7 @@
 {% block title %}{{ database }}{% if query and query.sql %}: {{ query.sql }}{% endif %}{% endblock %}
 
 {% block extra_head %}
-{{- super() -}}
+{{ super() }}
 {% if columns %}
 
 {% endif %}
 {% include "_codemirror.html" %}
-{% include "_sql_parameter_styles.html" %}
 {% endblock %}
 
-{% block body_class %}query db-{{ database|to_css_class }}{% if stored_query %} query-{{ stored_query|to_css_class }}{% endif %}{% endblock %}
+{% block body_class %}query db-{{ database|to_css_class }}{% endblock %}
 
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database) }}
+{% block nav %}
+    
    
+        home /
+        {{ database }}
+    
    
+    {{ super() }}
 {% endblock %}
 
 {% block content %}
-
-{% if stored_query_write and db_is_immutable %}
-    
    This query cannot be executed because the database is immutable.
    
-{% endif %}
-
-
    {{ metadata.title or database }}{% if stored_query and not metadata.title %}: {{ stored_query }}{% endif %}{% if private %} 🔒{% endif %}
    
-{% set action_links, action_title = query_actions(), "Query actions" %}
-{% include "_action_menu.html" %}
-
-{% if stored_query %}{{ top_stored_query() }}{% else %}{{ top_query() }}{% endif %}
+
    {{ metadata.title or database }}
    
 
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
 
-
    
-    
    Custom SQL query{% if display_rows %} returning {% if truncated %}more than {% endif %}{{ "{:,}".format(display_rows|length) }} row{% if display_rows|length == 1 %}{% else %}s{% endif %}{% endif %}{% if not query_error %}
-        ({{ show_hide_text }})
-    {% endif %}
    
-    {% if error %}
-        
    {{ error }}
    
-    {% endif %}
+
+    
    Custom SQL query{% if display_rows %} returning {% if truncated %}more than {% endif %}{{ "{:,}".format(display_rows|length) }} row{% if display_rows|length == 1 %}{% else %}s{% endif %}{% endif %} {% if hide_sql %}(show){% else %}(hide){% endif %}
    
     {% if not hide_sql %}
-        {% if editable and allow_execute_sql %}
-            
    
+        {% if editable and config.allow_sql %}
+            
    
         {% else %}
             
    {% if query %}{{ query.sql }}{% endif %}
    
         {% endif %}
     {% else %}
-        {% if not stored_query %}
-            
-        {% endif %}
+        
+        
+    {% endif %}
+    {% if named_parameter_values %}
+        
    Query parameters
    
+        {% for name, value in named_parameter_values.items() %}
+            
     
    
+        {% endfor %}
     {% endif %}
-    {% set parameter_names = named_parameter_values.keys()|list %}
-    {% set parameter_values = named_parameter_values %}
-    {% set sql_parameters_allow_expand = false %}
-    {% include "_sql_parameters.html" %}
     
    
-        {% if not hide_sql %}{% endif %}
-        
-        {{ show_hide_hidden }}
-        {% if save_query_url %}Save this query{% endif %}
-        {% if stored_query and edit_sql_url %}Edit SQL{% endif %}
+        
+        
     
    
 
    
 
 {% if display_rows %}
-
    This data as {% for name, url in renderers.items() %}{{ name }}{{ ", " if not loop.last }}{% endfor %}, CSV
    
+  
    This data as {% for name, url in renderers.items() %}{{ name }}{{ ", " if not loop.last }}{% endfor %}, CSV
    
+
+    
+        
+            {% for column in columns %}{% endfor %}
+        
+    
+    
+    {% for row in display_rows %}
+        
+            {% for column, td in zip(columns, row) %}
+                
+            {% endfor %}
+        
+    {% endfor %}
+    
+
    {{ column }}
    {% if td == None %}{{ " "|safe }}{% else %}{{ td }}{% endif %}
    
+{% else %}
+    
    0 results
    
 {% endif %}
-{% set show_zero_results = not stored_query_write and not error %}
-{% include "_query_results.html" %}
 
 {% include "_codemirror_foot.html" %}
-{% include "_sql_parameter_scripts.html" %}
-
 
 {% endblock %}
diff --git a/datasette/templates/query_create.html b/datasette/templates/query_create.html
deleted file mode 100644
index f2016f27..00000000
--- a/datasette/templates/query_create.html
+++ /dev/null
@@ -1,163 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Create query{% endblock %}
-
-{% block extra_head %}
-{{- super() -}}
-{% include "_codemirror.html" %}
-{% include "_execute_write_analysis_styles.html" %}
-{% include "_query_form_styles.html" %}
-{% endblock %}
-
-{% block body_class %}query-create db-{{ database|to_css_class }}{% endblock %}
-
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database) }}
-{% endblock %}
-
-{% block content %}
-
-
    
-
-
    Create query
    
-
-
    
-    
    
-        
     
    
-        
     {{ urls.database(database) }}/
    
-        
     
    
-    
    
-
-    
    
-
-    
    
-        {% if analysis_error %}This query cannot be saved until the SQL is valid.{% elif not has_sql %}Enter SQL to analyze this query.{% elif analysis_is_write %}This query updates data in the database.{% else %}This is a read-only query.{% endif %}
-        
-        
-        Queries marked private can only be seen by you, their creator.
-    
    
-    
    
-
-    
    
-        {% if has_sql %}
-            
    Query operations
    
-            {% if analysis_error %}
-                
    {{ analysis_error }}
    
-            {% elif analysis_rows %}
-                
    
-                    
-                        
-                            
-                            
-                            
-                            
-                            
-                        
-                    
-                    
-                        {% for row in analysis_rows %}
-                            
-                                
-                                
-                                
-                                
-                                
-                            
-                        {% endfor %}
-                    
-                
    OperationDatabaseTableRequired permissionAllowed
    {{ row.operation }}{{ row.database }}{{ row.table }}{% if row.required_permission %}{{ row.required_permission }}{% else %}n/a{% endif %}{% if row.allowed is none %}n/a{% elif row.allowed %}yes{% else %}no{% endif %}
    
-            {% else %}
-                
    Analysis will show each affected table and required permission.
    
-            {% endif %}
-        {% endif %}
-    
    
-
    
-
-
    
-
-{% include "_codemirror_foot.html" %}
-{% include "_sql_parameter_scripts.html" %}
-{% include "_execute_write_analysis_scripts.html" %}
-
-
-
-
-
-{% endblock %}
diff --git a/datasette/templates/query_delete.html b/datasette/templates/query_delete.html
deleted file mode 100644
index 4d0699a7..00000000
--- a/datasette/templates/query_delete.html
+++ /dev/null
@@ -1,82 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Delete query: {{ query.name }}{% endblock %}
-
-{% block extra_head %}
-{{- super() -}}
-
-{% endblock %}
-
-{% block body_class %}query-delete db-{{ database|to_css_class }}{% endblock %}
-
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database) }}
-{% endblock %}
-
-{% block content %}
-
-
    
-
-
    Delete query: {{ query.title or query.name }}
    
-
-
    Are you sure you want to delete this saved query? This cannot be undone.
    
-
-
    
-    
    URL
    
-    
    {{ query_url }}
    
-    {% if query.description %}
-        
    Description
    
-        
    {{ query.description }}
    
-    {% endif %}
-    
    SQL
    
-    
    {{ query.sql }}
    
-
    
-
-
    
-    
    
-        
-        Cancel
-    
    
-
    
-
-
    
-
-{% endblock %}
diff --git a/datasette/templates/query_edit.html b/datasette/templates/query_edit.html
deleted file mode 100644
index 3eadf42a..00000000
--- a/datasette/templates/query_edit.html
+++ /dev/null
@@ -1,133 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Edit query: {{ name }}{% endblock %}
-
-{% block extra_head %}
-{{- super() -}}
-{% include "_codemirror.html" %}
-{% include "_execute_write_analysis_styles.html" %}
-{% include "_query_form_styles.html" %}
-{% endblock %}
-
-{% block body_class %}query-edit db-{{ database|to_css_class }}{% endblock %}
-
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database) }}
-{% endblock %}
-
-{% block content %}
-
-
    
-
-
    Edit query: {{ title or name }}
    
-
-
    
-    
    
-        
     
    
-        
     {{ query_url }}
    
-        
     
    
-    
    
-
-    
    
-
-    
    
-        {% if analysis_error %}This query cannot be saved until the SQL is valid.{% elif not has_sql %}Enter SQL to analyze this query.{% elif analysis_is_write %}This query updates data in the database.{% else %}This is a read-only query.{% endif %}
-        
-        
-        Queries marked private can only be seen and edited by you, their owner.
-    
    
-    
     Cancel
    
-
-    
    
-        {% if has_sql %}
-            
    Query operations
    
-            {% if analysis_error %}
-                
    {{ analysis_error }}
    
-            {% elif analysis_rows %}
-                
    
-                    
-                        
-                            
-                            
-                            
-                            
-                            
-                        
-                    
-                    
-                        {% for row in analysis_rows %}
-                            
-                                
-                                
-                                
-                                
-                                
-                            
-                        {% endfor %}
-                    
-                
    OperationDatabaseTableRequired permissionAllowed
    {{ row.operation }}{{ row.database }}{{ row.table }}{% if row.required_permission %}{{ row.required_permission }}{% else %}n/a{% endif %}{% if row.allowed is none %}n/a{% elif row.allowed %}yes{% else %}no{% endif %}
    
-            {% else %}
-                
    Analysis will show each affected table and required permission.
    
-            {% endif %}
-        {% endif %}
-    
    
-
    
-
-
    
-
-{% include "_codemirror_foot.html" %}
-{% include "_sql_parameter_scripts.html" %}
-{% include "_execute_write_analysis_scripts.html" %}
-
-
-
-{% endblock %}
diff --git a/datasette/templates/query_list.html b/datasette/templates/query_list.html
deleted file mode 100644
index a8c9a391..00000000
--- a/datasette/templates/query_list.html
+++ /dev/null
@@ -1,281 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}{% if database %}{{ database }}: {% endif %}queries{% endblock %}
-
-{% block extra_head %}
-{{- super() -}}
-
-{% endblock %}
-
-{% block body_class %}query-list{% if database %} db-{{ database|to_css_class }}{% endif %}{% endblock %}
-
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database) }}
-{% endblock %}
-
-{% block content %}
-
-
    
-
-
    Queries
    
-
-{% if queries %}
-    
    
-        
    
-            
-            
-            {% if filters.is_write %}{% endif %}
-            {% if filters.is_private %}{% endif %}
-            {% if filters.source %}{% endif %}
-            {% if filters.owner_id %}{% endif %}
-            
-        
    
-    
    
-
-    
-
-    
    
-        
-            
-                {% if show_database %}{% endif %}
-                
-                
-                
-            
-        
-        
-            {% for query in queries %}
-                
-                    {% if show_database %}
-                        
-                    {% endif %}
-                    
-                    
-                    
-                
-            {% endfor %}
-        
-    
    DatabaseQueryOwnerFlags
    {{ query.database }}
-                        {{ query.title or query.name }}{% if query.private %} 🔒{% endif %}
-                        {% if query.description %}
    {{ query.description }}
    {% endif %}
-                        		{% if query.owner_id is not none %}{{ query.owner_id }}{% else %}-{% endif %}
-                        
-                            {% if query.is_write %}Writable{% else %}Read-only{% endif %}
-                            {% if query.is_private %}Private{% endif %}
-                            {% if query.is_trusted %}Trusted{% endif %}
-                        
-                    
    
-    {% if show_private_note or show_trusted_note %}
-        
    
-            {% if show_private_note %}
    PrivateOnly the owning actor can view this query.
    {% endif %}
-            {% if show_trusted_note %}
    TrustedExecution skips the usual SQL and write permission checks after view-query allows access.
    {% endif %}
-        
    
-    {% endif %}
-{% else %}
-    
    No queries found.
    
-{% endif %}
-
-{% if next_url %}
-    
-{% endif %}
-
-
    
-
-{% endblock %}
diff --git a/datasette/templates/row.html b/datasette/templates/row.html
index aa1f0ecd..5703900d 100644
--- a/datasette/templates/row.html
+++ b/datasette/templates/row.html
@@ -3,14 +3,7 @@
 {% block title %}{{ database }}: {{ table }}{% endblock %}
 
 {% block extra_head %}
-{{- super() -}}
-{% if row_mutation_ui %}
-
-{% if table_page_data.foreignKeys %}
-
-{% endif %}
-
-{% endif %}
+{{ super() }}
 
 {% endblock %}
 
 {% block body_class %}table db-{{ database|to_css_class }} table-{{ table|to_css_class }}{% endblock %}
 
-{% block crumbs %}
-{{ crumbs.nav(request=request, database=database, table=table) }}
+{% block nav %}
+    
    
+        home /
+        {{ database }}
+    
    
+    {{ super() }}
 {% endblock %}
 
 {% block content %}
-
    
-    
    {{ metadata.get("title") or table }}{% if is_view %} (view){% endif %}{% if private %} 🔒{% endif %}
    
-
    
-{% set action_links, action_title = actions(), "View actions" if is_view else "Table actions" %}
-{% include "_action_menu.html" %}
 
-{{ top_table() }}
+
    {{ metadata.title or table }}{% if is_view %} (view){% endif %}
    
 
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
 
-{% if metadata.get("columns") %}
-
    
-    {% for column_name, column_description in metadata.columns.items() %}
-        
    {{ column_name }}
    {{ column_description }}
    
-    {% endfor %}
-
    
-{% endif %}
-
-{% if count or human_description_en %}
-    
    
-        {% if count_truncated %}>{{ "{:,}".format(count - 1) }} rows
-        {% if allow_execute_sql and query.sql %} count all{% endif %}
-        {% elif count or count == 0 %}{{ "{:,}".format(count) }} row{% if count == 1 %}{% else %}s{% endif %}{% endif %}
+{% if filtered_table_rows_count or human_description_en %}
+    
    {% if filtered_table_rows_count or filtered_table_rows_count == 0 %}{{ "{:,}".format(filtered_table_rows_count) }} row{% if filtered_table_rows_count == 1 %}{% else %}s{% endif %}{% endif %}
         {% if human_description_en %}{{ human_description_en }}{% endif %}
     
    
 {% endif %}
 
-
    
+
     {% if supports_search %}
         
    
     {% endif %}
     {% for column, lookup, value in filters.selections() %}
-        
    
+        
    
             
    
                 
         
    
     {% endfor %}
-    
    
+    
    
         
    
             
                 {% for key, display, no_argument in filters.lookups() %}
-                    
+                    
                 {% endfor %}
             
         
    
     
    
-    
    
+    
    
         {% if is_sortable %}
-            
    
+            
    
                 
             
    
-            
+            
         {% endif %}
+        {% for facet in sorted_facet_results %}
+            
+        {% endfor %}
         {% for key, value in form_hidden_args %}
             
         {% endfor %}
-        
+        
     
    
 
 
@@ -125,14 +109,16 @@
 
    
 {% endif %}
 
-{% if query.sql and allow_execute_sql %}
-    
    View and edit SQL
    
+{% if query.sql and config.allow_sql %}
+    
    View and edit SQL
    
 {% endif %}
 
 
    This data as {% for name, url in renderers.items() %}{{ name }}{{ ", " if not loop.last }}{% endfor %}{% if display_rows %}, CSV (advanced){% endif %}
    
 
 {% if suggested_facets %}
-    {% include "_suggested_facets.html" %}
+    
    
+        Suggested facets: {% for facet in suggested_facets %}{{ facet.name }}{% if facet.type %} ({{ facet.type }}){% endif %}{% if not loop.last %}, {% endif %}{% endfor %}
+    
    
 {% endif %}
 
 {% if facets_timed_out %}
@@ -140,40 +126,30 @@
 {% endif %}
 
 {% if facet_results %}
-    {% include "_facet_results.html" %}
-{% endif %}
-
-{% if all_columns %}
-
-
-
-
-{% endif %}
-{% if set_column_type_ui %}
-
-{% endif %}
-
-{% if table_insert_ui %}
-
    
-    
-
    
+    
    
+        {% for facet_info in sorted_facet_results %}
+            
    
+                
    
+                    {{ facet_info.name }}{% if facet_info.type != "column" %} ({{ facet_info.type }}){% endif %}
+                    {% if facet_info.hideable %}
+                        
+                    {% endif %}
+                
    
+                
      
+                    {% for facet_value in facet_info.results %}
+                        {% if not facet_value.selected %}
+                            
    • {{ (facet_value.label if facet_value.label is not none else "_") }} {{ "{:,}".format(facet_value.count) }}
      • 
+                        {% else %}
+                            
    • {{ facet_value.label }} · {{ "{:,}".format(facet_value.count) }} 
      • 
+                        {% endif %}
+                    {% endfor %}
+                    {% if facet_info.truncated %}
+                        
    • ...
      • 
+                    {% endif %}
+                
    
+            
    
+        {% endfor %}
+    
    
 {% endif %}
 
 {% include custom_table_templates %}
@@ -192,12 +168,12 @@ window._setColumnTypeData = {{ set_column_type_ui|tojson }};
                 object
             {% endif %}
         
    
-        
    
+        
             
    
                 CSV options:
                 
                 {% if expandable_columns %}{% endif %}
-                {% if next_url and settings.allow_csv_stream %}{% endif %}
+                {% if next_url and config.allow_csv_stream %}{% endif %}
                 
                 {% for key, value in url_csv_hidden_args %}
                     
@@ -215,41 +191,4 @@ window._setColumnTypeData = {{ set_column_type_ui|tojson }};
     
    {{ view_definition }}
    
 {% endif %}
 
-{% if allow_execute_sql and query.sql %}
-
-{% endif %}
-
 {% endblock %}
diff --git a/datasette/tokens.py b/datasette/tokens.py
deleted file mode 100644
index 38a55529..00000000
--- a/datasette/tokens.py
+++ /dev/null
@@ -1,193 +0,0 @@
-"""
-Token handler system for Datasette.
-
-Provides a base class for token handlers and the default signed token handler.
-Plugins can implement register_token_handler to provide custom token backends
-(e.g. database-backed tokens that can be revoked and audited).
-"""
-
-from __future__ import annotations
-
-import dataclasses
-import time
-from typing import TYPE_CHECKING, Optional
-
-import itsdangerous
-
-if TYPE_CHECKING:
-    from datasette.app import Datasette
-
-
-@dataclasses.dataclass
-class TokenRestrictions:
-    """
-    Restrictions to apply to a token, limiting which actions it can perform.
-
-    Use the builder methods to construct restrictions::
-
-        restrictions = (TokenRestrictions()
-            .allow_all("view-instance")
-            .allow_database("mydb", "create-table")
-            .allow_resource("mydb", "mytable", "insert-row"))
-    """
-
-    all: list[str] = dataclasses.field(default_factory=list)
-    database: dict[str, list[str]] = dataclasses.field(default_factory=dict)
-    resource: dict[str, dict[str, list[str]]] = dataclasses.field(default_factory=dict)
-
-    def allow_all(self, action: str) -> "TokenRestrictions":
-        """Allow an action across all databases and resources."""
-        self.all.append(action)
-        return self
-
-    def allow_database(self, database: str, action: str) -> "TokenRestrictions":
-        """Allow an action on a specific database."""
-        self.database.setdefault(database, []).append(action)
-        return self
-
-    def allow_resource(
-        self, database: str, resource: str, action: str
-    ) -> "TokenRestrictions":
-        """Allow an action on a specific resource within a database."""
-        self.resource.setdefault(database, {}).setdefault(resource, []).append(action)
-        return self
-
-    def abbreviated(self, datasette: "Datasette") -> Optional[dict]:
-        """
-        Return the abbreviated ``_r`` dictionary shape for this set of
-        restrictions, using action abbreviations registered with ``datasette``.
-        Returns ``None`` if no restrictions are set.
-        """
-        if not (self.all or self.database or self.resource):
-            return None
-
-        def abbreviate_action(action):
-            action_obj = datasette.actions.get(action)
-            if not action_obj:
-                return action
-            return action_obj.abbr or action
-
-        result: dict = {}
-        if self.all:
-            result["a"] = [abbreviate_action(a) for a in self.all]
-        if self.database:
-            result["d"] = {
-                database: [abbreviate_action(a) for a in actions]
-                for database, actions in self.database.items()
-            }
-        if self.resource:
-            result["r"] = {}
-            for database, resources in self.resource.items():
-                for resource, actions in resources.items():
-                    result["r"].setdefault(database, {})[resource] = [
-                        abbreviate_action(a) for a in actions
-                    ]
-        return result
-
-
-class TokenHandler:
-    """
-    Base class for token handlers.
-
-    Subclass this and implement create_token() and verify_token() to provide
-    a custom token backend. Return an instance from the register_token_handler hook.
-    """
-
-    name: str = ""
-
-    async def create_token(
-        self,
-        datasette: "Datasette",
-        actor_id: str,
-        *,
-        expires_after: Optional[int] = None,
-        restrictions: Optional[TokenRestrictions] = None,
-    ) -> str:
-        """Create and return a token string for the given actor."""
-        raise NotImplementedError
-
-    async def verify_token(self, datasette: "Datasette", token: str) -> Optional[dict]:
-        """
-        Verify a token and return an actor dict, or None if this handler
-        does not recognize the token.
-        """
-        raise NotImplementedError
-
-
-class SignedTokenHandler(TokenHandler):
-    """
-    Default token handler using itsdangerous signed tokens (dstok_ prefix).
-    """
-
-    name = "signed"
-
-    async def create_token(
-        self,
-        datasette: "Datasette",
-        actor_id: str,
-        *,
-        expires_after: Optional[int] = None,
-        restrictions: Optional[TokenRestrictions] = None,
-    ) -> str:
-        if not datasette.setting("allow_signed_tokens"):
-            raise ValueError(
-                "Signed tokens are not enabled for this Datasette instance"
-            )
-
-        token = {"a": actor_id, "t": int(time.time())}
-
-        if expires_after:
-            token["d"] = expires_after
-        if restrictions is not None:
-            abbreviated = restrictions.abbreviated(datasette)
-            if abbreviated is not None:
-                token["_r"] = abbreviated
-        return "dstok_{}".format(datasette.sign(token, namespace="token"))
-
-    async def verify_token(self, datasette: "Datasette", token: str) -> Optional[dict]:
-        prefix = "dstok_"
-
-        if not datasette.setting("allow_signed_tokens"):
-            return None
-
-        max_signed_tokens_ttl = datasette.setting("max_signed_tokens_ttl")
-
-        if not token.startswith(prefix):
-            return None
-
-        raw = token[len(prefix) :]
-        try:
-            decoded = datasette.unsign(raw, namespace="token")
-        except itsdangerous.BadSignature:
-            return None
-
-        if "t" not in decoded:
-            return None
-        created = decoded["t"]
-        if not isinstance(created, int):
-            return None
-
-        duration = decoded.get("d")
-        if duration is not None and not isinstance(duration, int):
-            return None
-
-        if (duration is None and max_signed_tokens_ttl) or (
-            duration is not None
-            and max_signed_tokens_ttl
-            and duration > max_signed_tokens_ttl
-        ):
-            duration = max_signed_tokens_ttl
-
-        if duration:
-            if time.time() - created > duration:
-                return None
-
-        actor = {"id": decoded["a"], "token": "dstok"}
-
-        if "_r" in decoded:
-            actor["_r"] = decoded["_r"]
-
-        if duration:
-            actor["token_expires"] = created + duration
-
-        return actor
diff --git a/datasette/tracer.py b/datasette/tracer.py
index 28f3cc09..a638b140 100644
--- a/datasette/tracer.py
+++ b/datasette/tracer.py
@@ -1,7 +1,5 @@
 import asyncio
 from contextlib import contextmanager
-from contextvars import ContextVar
-from markupsafe import escape
 import time
 import json
 import traceback
@@ -10,61 +8,47 @@ tracers = {}
 
 TRACE_RESERVED_KEYS = {"type", "start", "end", "duration_ms", "traceback"}
 
-trace_task_id = ContextVar("trace_task_id", default=None)
+
+# asyncio.current_task was introduced in Python 3.7:
+for obj in (asyncio, asyncio.Task):
+    current_task = getattr(obj, "current_task", None)
+    if current_task is not None:
+        break
 
 
 def get_task_id():
-    current = trace_task_id.get(None)
-    if current is not None:
-        return current
     try:
         loop = asyncio.get_event_loop()
     except RuntimeError:
         return None
-    return id(asyncio.current_task(loop=loop))
+    return id(current_task(loop=loop))
 
 
 @contextmanager
-def trace_child_tasks():
-    token = trace_task_id.set(get_task_id())
-    try:
-        yield
-    finally:
-        trace_task_id.reset(token)
-
-
-@contextmanager
-def trace(trace_type, **kwargs):
+def trace(type, **kwargs):
     assert not TRACE_RESERVED_KEYS.intersection(
         kwargs.keys()
-    ), f".trace() keyword parameters cannot include {TRACE_RESERVED_KEYS}"
+    ), ".trace() keyword parameters cannot include {}".format(TRACE_RESERVED_KEYS)
     task_id = get_task_id()
     if task_id is None:
-        yield kwargs
+        yield
         return
     tracer = tracers.get(task_id)
     if tracer is None:
-        yield kwargs
+        yield
         return
-    start = time.perf_counter()
-    captured_error = None
-    try:
-        yield kwargs
-    except Exception as ex:
-        captured_error = ex
-        raise
-    finally:
-        end = time.perf_counter()
-        trace_info = {
-            "type": trace_type,
-            "start": start,
-            "end": end,
-            "duration_ms": (end - start) * 1000,
-            "traceback": traceback.format_list(traceback.extract_stack(limit=6)[:-3]),
-            "error": str(captured_error) if captured_error else None,
-        }
-        trace_info.update(kwargs)
-        tracer.append(trace_info)
+    start = time.time()
+    yield
+    end = time.time()
+    trace_info = {
+        "type": type,
+        "start": start,
+        "end": end,
+        "duration_ms": (end - start) * 1000,
+        "traceback": traceback.format_list(traceback.extract_stack(limit=6)[:-3]),
+    }
+    trace_info.update(kwargs)
+    tracer.append(trace_info)
 
 
 @contextmanager
@@ -90,7 +74,7 @@ class AsgiTracer:
         if b"_trace=1" not in scope.get("query_string", b"").split(b"&"):
             await self.app(scope, receive, send)
             return
-        trace_start = time.perf_counter()
+        trace_start = time.time()
         traces = []
 
         accumulated_body = b""
@@ -99,7 +83,6 @@ class AsgiTracer:
 
         async def wrapped_send(message):
             nonlocal accumulated_body, size_limit_exceeded, response_headers
-
             if message["type"] == "http.response.start":
                 response_headers = message["headers"]
                 await send(message)
@@ -112,12 +95,11 @@ class AsgiTracer:
             # Accumulate body until the end or until size is exceeded
             accumulated_body += message["body"]
             if len(accumulated_body) > self.max_body_bytes:
-                # Send what we have accumulated so far
                 await send(
                     {
                         "type": "http.response.body",
                         "body": accumulated_body,
-                        "more_body": bool(message.get("more_body")),
+                        "more_body": True,
                     }
                 )
                 size_limit_exceeded = True
@@ -127,7 +109,7 @@ class AsgiTracer:
                 # We have all the body - modify it and send the result
                 # TODO: What to do about Content-Type or other cases?
                 trace_info = {
-                    "request_duration_ms": 1000 * (time.perf_counter() - trace_start),
+                    "request_duration_ms": 1000 * (time.time() - trace_start),
                     "sum_trace_duration_ms": sum(t["duration_ms"] for t in traces),
                     "num_traces": len(traces),
                     "traces": traces,
@@ -141,8 +123,8 @@ class AsgiTracer:
                 except IndexError:
                     content_type = ""
                 if "text/html" in content_type and b"" in accumulated_body:
-                    extra = escape(json.dumps(trace_info, indent=2))
-                    extra_html = f"
    {extra}
    ".encode("utf8")
+                    extra = json.dumps(trace_info, indent=2)
+                    extra_html = "
    {}
    ".format(extra).encode("utf8")
                     accumulated_body = accumulated_body.replace(b"", extra_html)
                 elif "json" in content_type and accumulated_body.startswith(b"{"):
                     data = json.loads(accumulated_body.decode("utf8"))
diff --git a/datasette/url_builder.py b/datasette/url_builder.py
deleted file mode 100644
index 16b3d42b..00000000
--- a/datasette/url_builder.py
+++ /dev/null
@@ -1,61 +0,0 @@
-from .utils import tilde_encode, path_with_format, PrefixedUrlString
-import urllib
-
-
-class Urls:
-    def __init__(self, ds):
-        self.ds = ds
-
-    def path(self, path, format=None):
-        if not isinstance(path, PrefixedUrlString):
-            if path.startswith("/"):
-                path = path[1:]
-            path = self.ds.setting("base_url") + path
-        if format is not None:
-            path = path_with_format(path=path, format=format)
-        return PrefixedUrlString(path)
-
-    def instance(self, format=None):
-        return self.path("", format=format)
-
-    def static(self, path):
-        return self.path(f"-/static/{path}")
-
-    def static_plugins(self, plugin, path):
-        return self.path(f"-/static-plugins/{plugin}/{path}")
-
-    def logout(self):
-        return self.path("-/logout")
-
-    def database(self, database, format=None):
-        db = self.ds.get_database(database)
-        return self.path(tilde_encode(db.route), format=format)
-
-    def database_query(self, database, sql, format=None):
-        path = f"{self.database(database)}/-/query?" + urllib.parse.urlencode(
-            {"sql": sql}
-        )
-        return self.path(path, format=format)
-
-    def table(self, database, table, format=None):
-        path = f"{self.database(database)}/{tilde_encode(table)}"
-        if format is not None:
-            path = path_with_format(path=path, format=format)
-        return PrefixedUrlString(path)
-
-    def query(self, database, query, format=None):
-        path = f"{self.database(database)}/{tilde_encode(query)}"
-        if format is not None:
-            path = path_with_format(path=path, format=format)
-        return PrefixedUrlString(path)
-
-    def row(self, database, table, row_path, format=None):
-        path = f"{self.table(database, table)}/{row_path}"
-        if format is not None:
-            path = path_with_format(path=path, format=format)
-        return PrefixedUrlString(path)
-
-    def row_blob(self, database, table, row_path, column):
-        return self.table(database, table) + "/{}.blob?_blob_column={}".format(
-            row_path, urllib.parse.quote_plus(column)
-        )
diff --git a/datasette/utils/__init__.py b/datasette/utils/__init__.py
index 1caff3a8..79ac8e02 100644
--- a/datasette/utils/__init__.py
+++ b/datasette/utils/__init__.py
@@ -1,85 +1,24 @@
-import asyncio
 from contextlib import contextmanager
-import aiofiles
-import click
-from collections import OrderedDict, namedtuple, Counter
-import copy
-import dataclasses
+from collections import OrderedDict
 import base64
+import click
 import hashlib
-import inspect
 import json
-import markupsafe
-import mergedeep
 import os
+import pkg_resources
 import re
 import shlex
 import tempfile
-import typing
 import time
 import types
-import secrets
 import shutil
-from typing import Iterable, List, Tuple
 import urllib
-import yaml
-from .shutil_backport import copytree
-from .sqlite import sqlite3, supports_table_xinfo
-
-if typing.TYPE_CHECKING:
-    from datasette.database import Database
-    from datasette.permissions import Resource
-
-
-@dataclasses.dataclass
-class PaginatedResources:
-    """Paginated results from allowed_resources query."""
-
-    resources: List["Resource"]
-    next: str | None  # Keyset token for next page (None if no more results)
-    _datasette: typing.Any = dataclasses.field(default=None, repr=False)
-    _action: str = dataclasses.field(default=None, repr=False)
-    _actor: typing.Any = dataclasses.field(default=None, repr=False)
-    _parent: str | None = dataclasses.field(default=None, repr=False)
-    _include_is_private: bool = dataclasses.field(default=False, repr=False)
-    _include_reasons: bool = dataclasses.field(default=False, repr=False)
-    _limit: int = dataclasses.field(default=100, repr=False)
-
-    async def all(self):
-        """
-        Async generator that yields all resources across all pages.
-
-        Automatically handles pagination under the hood. This is useful when you need
-        to iterate through all results without manually managing pagination tokens.
-
-        Yields:
-            Resource objects one at a time
-
-        Example:
-            page = await datasette.allowed_resources("view-table", actor)
-            async for table in page.all():
-                print(f"{table.parent}/{table.child}")
-        """
-        # Yield all resources from current page
-        for resource in self.resources:
-            yield resource
-
-        # Continue fetching subsequent pages if there are more
-        next_token = self.next
-        while next_token:
-            page = await self._datasette.allowed_resources(
-                self._action,
-                self._actor,
-                parent=self._parent,
-                include_is_private=self._include_is_private,
-                include_reasons=self._include_reasons,
-                limit=self._limit,
-                next=next_token,
-            )
-            for resource in page.resources:
-                yield resource
-            next_token = page.next
+import numbers
 
+try:
+    import pysqlite3 as sqlite3
+except ImportError:
+    import sqlite3
 
 # From https://www.sqlite.org/lang_keywords.html
 reserved_words = set(
@@ -99,91 +38,43 @@ reserved_words = set(
     ).split()
 )
 
-APT_GET_DOCKERFILE_EXTRAS = r"""
+SPATIALITE_DOCKERFILE_EXTRAS = r"""
 RUN apt-get update && \
-    apt-get install -y {} && \
+    apt-get install -y python3-dev gcc libsqlite3-mod-spatialite && \
     rm -rf /var/lib/apt/lists/*
+ENV SQLITE_EXTENSIONS /usr/lib/x86_64-linux-gnu/mod_spatialite.so
 """
 
-# Can replace with sqlite-utils when I add that dependency
-SPATIALITE_PATHS = (
-    "/usr/lib/x86_64-linux-gnu/mod_spatialite.so",
-    "/usr/local/lib/mod_spatialite.dylib",
-    "/usr/local/lib/mod_spatialite.so",
-    "/opt/homebrew/lib/mod_spatialite.dylib",
-)
-# Used to display /-/versions.json SpatiaLite information
-SPATIALITE_FUNCTIONS = (
-    "spatialite_version",
-    "spatialite_target_cpu",
-    "check_strict_sql_quoting",
-    "freexl_version",
-    "proj_version",
-    "geos_version",
-    "rttopo_version",
-    "libxml2_version",
-    "HasIconv",
-    "HasMathSQL",
-    "HasGeoCallbacks",
-    "HasProj",
-    "HasProj6",
-    "HasGeos",
-    "HasGeosAdvanced",
-    "HasGeosTrunk",
-    "HasGeosReentrant",
-    "HasGeosOnlyReentrant",
-    "HasMiniZip",
-    "HasRtTopo",
-    "HasLibXML2",
-    "HasEpsg",
-    "HasFreeXL",
-    "HasGeoPackage",
-    "HasGCP",
-    "HasTopology",
-    "HasKNN",
-    "HasRouting",
-)
-# Length of hash subset used in hashed URLs:
-HASH_LENGTH = 7
+
+class QueryInterrupted(Exception):
+    pass
 
 
-# Can replace this with Column from sqlite_utils when I add that dependency
-Column = namedtuple(
-    "Column", ("cid", "name", "type", "notnull", "default_value", "is_pk", "hidden")
-)
+class Results:
+    def __init__(self, rows, truncated, description):
+        self.rows = rows
+        self.truncated = truncated
+        self.description = description
 
-functions_marked_as_documented = []
+    @property
+    def columns(self):
+        return [d[0] for d in self.description]
 
+    def __iter__(self):
+        return iter(self.rows)
 
-def documented(fn=None, *, label=None):
-    def decorate(fn):
-        fn._datasette_docs_label = label or "internals_utils_{}".format(fn.__name__)
-        functions_marked_as_documented.append(fn)
-        return fn
-
-    if fn is None:
-        return decorate
-    return decorate(fn)
-
-
-@documented
-async def await_me_maybe(value: typing.Any) -> typing.Any:
-    "If value is callable, call it. If awaitable, await it. Otherwise return it."
-    if callable(value):
-        value = value()
-    if asyncio.iscoroutine(value):
-        value = await value
-    return value
+    def __len__(self):
+        return len(self.rows)
 
 
 def urlsafe_components(token):
-    """Splits token on commas and tilde-decodes each component"""
-    return [tilde_decode(b) for b in token.split(",")]
+    "Splits token on commas and URL decodes each component"
+    return [urllib.parse.unquote_plus(b) for b in token.split(",")]
 
 
 def path_from_row_pks(row, pks, use_rowid, quote=True):
-    """Generate an optionally tilde-encoded unique identifier
-    for a row from its primary keys."""
+    """ Generate an optionally URL-quoted unique identifier
+        for a row from its primary keys."""
     if use_rowid:
         bits = [row["rowid"]]
     else:
@@ -191,7 +82,7 @@ def path_from_row_pks(row, pks, use_rowid, quote=True):
             row[pk]["value"] if isinstance(row[pk], dict) else row[pk] for pk in pks
         ]
     if quote:
-        bits = [tilde_encode(str(bit)) for bit in bits]
+        bits = [urllib.parse.quote_plus(str(bit)) for bit in bits]
     else:
         bits = [str(bit) for bit in bits]
 
@@ -215,40 +106,19 @@ def compound_keys_after_sql(pks, start_index=0):
         last = pks_left[-1]
         rest = pks_left[:-1]
         and_clauses = [
-            f"{escape_sqlite(pk)} = :p{i + start_index}" for i, pk in enumerate(rest)
+            "{} = :p{}".format(escape_sqlite(pk), (i + start_index))
+            for i, pk in enumerate(rest)
         ]
-        and_clauses.append(f"{escape_sqlite(last)} > :p{len(rest) + start_index}")
-        or_clauses.append(f"({' and '.join(and_clauses)})")
+        and_clauses.append(
+            "{} > :p{}".format(escape_sqlite(last), (len(rest) + start_index))
+        )
+        or_clauses.append("({})".format(" and ".join(and_clauses)))
         pks_left.pop()
     or_clauses.reverse()
     return "({})".format("\n  or\n".join(or_clauses))
 
 
-@documented
 class CustomJSONEncoder(json.JSONEncoder):
-    """
-    The CustomJSONEncoder class handles serialization for objects commonly used by Datasette,
-    including SQLite cursors and binary blobs. Datasette uses it internally to serve .json endpoints,
-    and plugins that return JSON can use it to match Datasette's own handling.
-
-    Built-in types (text, numbers, lists, etc) are encoded the same as Python's built-in ``json`` module.
-
-    - ``sqlite3.Row`` becomes a tuple
-    - ``sqlite3.Cursor`` becomes a list
-
-    If a binary blob can be decoded as UTF-8, the encoder returns it as text.
-
-    If it can't (for example, images), it is encoded as an object, with the actual
-    data base64-encoded, like so: ::
-
-        {
-            "$base64": True,
-            "encoded": ...,
-        }
-
-    Example: https://latest.datasette.io/fixtures/binary_data.json
-    """
-
     def default(self, obj):
         if isinstance(obj, sqlite3.Row):
             return tuple(obj)
@@ -268,18 +138,17 @@ class CustomJSONEncoder(json.JSONEncoder):
 
 @contextmanager
 def sqlite_timelimit(conn, ms):
-    deadline = time.perf_counter() + (ms / 1000)
+    deadline = time.time() + (ms / 1000)
     # n is the number of SQLite virtual machine instructions that will be
-    # executed between each check. It takes about 0.08ms to execute 1000.
-    # https://github.com/simonw/datasette/issues/1679
+    # executed between each check. It's hard to know what to pick here.
+    # After some experimentation, I've decided to go with 1000 by default and
+    # 1 for time limits that are less than 50ms
     n = 1000
-    if ms <= 20:
-        # This mainly happens while executing our test suite
+    if ms < 50:
         n = 1
 
     def handler():
-        if time.perf_counter() >= deadline:
-            # Returning 1 terminates the query with an error
+        if time.time() >= deadline:
             return 1
 
     conn.set_progress_handler(handler, n)
@@ -293,53 +162,15 @@ class InvalidSql(Exception):
     pass
 
 
-# Allow SQL to start with a /* */ or -- comment
-comment_re = (
-    # Start of string, then any amount of whitespace
-    r"^\s*("
-    +
-    # Comment that starts with -- and ends at a newline
-    r"(?:\-\-.*?\n\s*)"
-    +
-    # Comment that starts with /* and ends with */ - but does not have */ in it
-    r"|(?:\/\*((?!\*\/)[\s\S])*\*\/)"
-    +
-    # Whitespace
-    r"\s*)*\s*"
-)
-
 allowed_sql_res = [
-    re.compile(comment_re + r"select\b"),
-    re.compile(comment_re + r"explain\s+select\b"),
-    re.compile(comment_re + r"explain\s+query\s+plan\s+select\b"),
-    re.compile(comment_re + r"with\b"),
-    re.compile(comment_re + r"explain\s+with\b"),
-    re.compile(comment_re + r"explain\s+query\s+plan\s+with\b"),
-]
-
-allowed_pragmas = (
-    "database_list",
-    "foreign_key_list",
-    "function_list",
-    "index_info",
-    "index_list",
-    "index_xinfo",
-    "page_count",
-    "max_page_count",
-    "page_size",
-    "schema_version",
-    "table_info",
-    "table_xinfo",
-    "table_list",
-)
-disallawed_sql_res = [
-    (
-        re.compile(f"pragma(?!_({'|'.join(allowed_pragmas)}))"),
-        "Statement contained a disallowed PRAGMA. Allowed pragma functions are {}".format(
-            ", ".join("pragma_{}()".format(pragma) for pragma in allowed_pragmas)
-        ),
-    )
+    re.compile(r"^select\b"),
+    re.compile(r"^explain select\b"),
+    re.compile(r"^explain query plan select\b"),
+    re.compile(r"^with\b"),
+    re.compile(r"^explain with\b"),
+    re.compile(r"^explain query plan with\b"),
 ]
+disallawed_sql_res = [(re.compile("pragma"), "Statement may not contain PRAGMA")]
 
 
 def validate_sql_select(sql):
@@ -356,7 +187,7 @@ def validate_sql_select(sql):
 
 def append_querystring(url, querystring):
     op = "&" if ("?" in url) else "?"
-    return f"{url}{op}{querystring}"
+    return "{}{}{}".format(url, op, querystring)
 
 
 def path_with_added_args(request, args, path=None):
@@ -371,7 +202,7 @@ def path_with_added_args(request, args, path=None):
     current.extend([(key, value) for key, value in args if value is not None])
     query_string = urllib.parse.urlencode(current)
     if query_string:
-        query_string = f"?{query_string}"
+        query_string = "?{}".format(query_string)
     return path + query_string
 
 
@@ -400,7 +231,7 @@ def path_with_removed_args(request, args, path=None):
             current.append((key, value))
     query_string = urllib.parse.urlencode(current)
     if query_string:
-        query_string = f"?{query_string}"
+        query_string = "?{}".format(query_string)
     return path + query_string
 
 
@@ -416,7 +247,7 @@ def path_with_replaced_args(request, args, path=None):
     current.extend([p for p in args if p[1] is not None])
     query_string = urllib.parse.urlencode(current)
     if query_string:
-        query_string = f"?{query_string}"
+        query_string = "?{}".format(query_string)
     return path + query_string
 
 
@@ -425,16 +256,14 @@ _boring_keyword_re = re.compile(r"^[a-zA-Z_][a-zA-Z0-9_]*$")
 
 
 def escape_css_string(s):
-    return _css_re.sub(
-        lambda m: "\\" + (f"{ord(m.group()):X}".zfill(6)),
-        s.replace("\r\n", "\n"),
-    )
+    return _css_re.sub(lambda m: "\\{:X}".format(ord(m.group())), s)
 
 
 def escape_sqlite(s):
     if _boring_keyword_re.match(s) and (s.lower() not in reserved_words):
         return s
-    return '"{}"'.format(s.replace('"', '""'))
+    else:
+        return "[{}]".format(s)
 
 
 def make_dockerfile(
@@ -448,77 +277,60 @@ def make_dockerfile(
     install,
     spatialite,
     version_note,
-    secret,
     environment_variables=None,
     port=8001,
-    apt_get_extras=None,
 ):
     cmd = ["datasette", "serve", "--host", "0.0.0.0"]
-    environment_variables = environment_variables or {}
-    environment_variables["DATASETTE_SECRET"] = secret
-    apt_get_extras = apt_get_extras or []
     for filename in files:
         cmd.extend(["-i", filename])
     cmd.extend(["--cors", "--inspect-file", "inspect-data.json"])
     if metadata_file:
-        cmd.extend(["--metadata", f"{metadata_file}"])
+        cmd.extend(["--metadata", "{}".format(metadata_file)])
     if template_dir:
         cmd.extend(["--template-dir", "templates/"])
     if plugins_dir:
         cmd.extend(["--plugins-dir", "plugins/"])
     if version_note:
-        cmd.extend(["--version-note", f"{version_note}"])
+        cmd.extend(["--version-note", "{}".format(version_note)])
     if static:
         for mount_point, _ in static:
-            cmd.extend(["--static", f"{mount_point}:{mount_point}"])
+            cmd.extend(["--static", "{}:{}".format(mount_point, mount_point)])
     if extra_options:
         for opt in extra_options.split():
-            cmd.append(f"{opt}")
+            cmd.append("{}".format(opt))
     cmd = [shlex.quote(part) for part in cmd]
     # port attribute is a (fixed) env variable and should not be quoted
     cmd.extend(["--port", "$PORT"])
     cmd = " ".join(cmd)
     if branch:
-        install = [f"https://github.com/simonw/datasette/archive/{branch}.zip"] + list(
-            install
-        )
+        install = [
+            "https://github.com/simonw/datasette/archive/{}.zip".format(branch)
+        ] + list(install)
     else:
         install = ["datasette"] + list(install)
 
-    apt_get_extras_ = []
-    apt_get_extras_.extend(apt_get_extras)
-    apt_get_extras = apt_get_extras_
-    if spatialite:
-        apt_get_extras.extend(["python3-dev", "gcc", "libsqlite3-mod-spatialite"])
-        environment_variables["SQLITE_EXTENSIONS"] = (
-            "/usr/lib/x86_64-linux-gnu/mod_spatialite.so"
-        )
     return """
-FROM python:3.11.0-slim-bullseye
+FROM python:3.8
 COPY . /app
 WORKDIR /app
-{apt_get_extras}
+{spatialite_extras}
 {environment_variables}
 RUN pip install -U {install_from}
 RUN datasette inspect {files} --inspect-file inspect-data.json
 ENV PORT {port}
 EXPOSE {port}
 CMD {cmd}""".format(
-        apt_get_extras=(
-            APT_GET_DOCKERFILE_EXTRAS.format(" ".join(apt_get_extras))
-            if apt_get_extras
-            else ""
-        ),
         environment_variables="\n".join(
             [
                 "ENV {} '{}'".format(key, value)
-                for key, value in environment_variables.items()
+                for key, value in (environment_variables or {}).items()
             ]
         ),
-        install_from=" ".join(install),
         files=" ".join(files),
-        port=port,
         cmd=cmd,
+        install_from=" ".join(install),
+        spatialite_extras=SPATIALITE_DOCKERFILE_EXTRAS if spatialite else "",
+        port=port,
     ).strip()
 
 
@@ -535,11 +347,9 @@ def temporary_docker_directory(
     install,
     spatialite,
     version_note,
-    secret,
     extra_metadata=None,
     environment_variables=None,
     port=8001,
-    apt_get_extras=None,
 ):
     extra_metadata = extra_metadata or {}
     tmp = tempfile.TemporaryDirectory()
@@ -550,14 +360,12 @@ def temporary_docker_directory(
     file_paths = [os.path.join(saved_cwd, file_path) for file_path in files]
     file_names = [os.path.split(f)[-1] for f in files]
     if metadata:
-        metadata_content = parse_metadata(metadata.read())
+        metadata_content = json.load(metadata)
     else:
         metadata_content = {}
-    # Merge in the non-null values in extra_metadata
-    mergedeep.merge(
-        metadata_content,
-        {key: value for key, value in extra_metadata.items() if value is not None},
-    )
+    for key, value in extra_metadata.items():
+        if value:
+            metadata_content[key] = value
     try:
         dockerfile = make_dockerfile(
             file_names,
@@ -570,17 +378,13 @@ def temporary_docker_directory(
             install,
             spatialite,
             version_note,
-            secret,
             environment_variables,
             port=port,
-            apt_get_extras=apt_get_extras,
         )
         os.chdir(datasette_dir)
         if metadata_content:
-            with open("metadata.json", "w") as fp:
-                fp.write(json.dumps(metadata_content, indent=2))
-        with open("Dockerfile", "w") as fp:
-            fp.write(dockerfile)
+            open("metadata.json", "w").write(json.dumps(metadata_content, indent=2))
+        open("Dockerfile", "w").write(dockerfile)
         for path, filename in zip(file_paths, file_names):
             link_or_copy(path, os.path.join(datasette_dir, filename))
         if template_dir:
@@ -604,76 +408,50 @@ def temporary_docker_directory(
 
 
 def detect_primary_keys(conn, table):
-    """Figure out primary keys for a table."""
-    columns = table_column_details(conn, table)
-    pks = [column for column in columns if column.is_pk]
-    pks.sort(key=lambda column: column.is_pk)
-    return [column.name for column in pks]
+    " Figure out primary keys for a table. "
+    table_info_rows = [
+        row
+        for row in conn.execute('PRAGMA table_info("{}")'.format(table)).fetchall()
+        if row[-1]
+    ]
+    table_info_rows.sort(key=lambda row: row[-1])
+    return [str(r[1]) for r in table_info_rows]
 
 
 def get_outbound_foreign_keys(conn, table):
-    infos = conn.execute(f"PRAGMA foreign_key_list([{table}])").fetchall()
+    infos = conn.execute("PRAGMA foreign_key_list([{}])".format(table)).fetchall()
     fks = []
     for info in infos:
         if info is not None:
             id, seq, table_name, from_, to_, on_update, on_delete, match = info
             fks.append(
-                {
-                    "column": from_,
-                    "other_table": table_name,
-                    "other_column": to_,
-                    "id": id,
-                    "seq": seq,
-                }
+                {"other_table": table_name, "column": from_, "other_column": to_}
             )
-    # Filter out compound foreign keys by removing any where "id" is not unique
-    id_counts = Counter(fk["id"] for fk in fks)
-    return [
-        {
-            "column": fk["column"],
-            "other_table": fk["other_table"],
-            "other_column": fk["other_column"],
-        }
-        for fk in fks
-        if id_counts[fk["id"]] == 1
-    ]
+    return fks
 
 
 def get_all_foreign_keys(conn):
     tables = [
-        r[0]
-        for r in conn.execute(
-            'select name from sqlite_master where type="table" order by name'
-        )
+        r[0] for r in conn.execute('select name from sqlite_master where type="table"')
     ]
     table_to_foreign_keys = {}
     for table in tables:
         table_to_foreign_keys[table] = {"incoming": [], "outgoing": []}
     for table in tables:
-        fks = get_outbound_foreign_keys(conn, table)
-        for fk in fks:
-            table_name = fk["other_table"]
-            from_ = fk["column"]
-            to_ = fk["other_column"]
-            if table_name not in table_to_foreign_keys:
-                # Weird edge case where something refers to a table that does
-                # not actually exist
-                continue
-            table_to_foreign_keys[table_name]["incoming"].append(
-                {"other_table": table, "column": to_, "other_column": from_}
-            )
-            table_to_foreign_keys[table]["outgoing"].append(
-                {"other_table": table_name, "column": from_, "other_column": to_}
-            )
-
-    # Sort foreign keys for deterministic ordering
-    for table in table_to_foreign_keys:
-        table_to_foreign_keys[table]["incoming"].sort(
-            key=lambda fk: (fk["other_table"], fk["column"], fk["other_column"])
-        )
-        table_to_foreign_keys[table]["outgoing"].sort(
-            key=lambda fk: (fk["other_table"], fk["column"], fk["other_column"])
-        )
+        infos = conn.execute("PRAGMA foreign_key_list([{}])".format(table)).fetchall()
+        for info in infos:
+            if info is not None:
+                id, seq, table_name, from_, to_, on_update, on_delete, match = info
+                if table_name not in table_to_foreign_keys:
+                    # Weird edge case where something refers to a table that does
+                    # not actually exist
+                    continue
+                table_to_foreign_keys[table_name]["incoming"].append(
+                    {"other_table": table, "column": to_, "other_column": from_}
+                )
+                table_to_foreign_keys[table]["outgoing"].append(
+                    {"other_table": table_name, "column": from_, "other_column": to_}
+                )
 
     return table_to_foreign_keys
 
@@ -686,7 +464,7 @@ def detect_spatialite(conn):
 
 
 def detect_fts(conn, table):
-    """Detect if table has a corresponding FTS virtual table and return it"""
+    "Detect if table has a corresponding FTS virtual table and return it"
     rows = conn.execute(detect_fts_sql(table)).fetchall()
     if len(rows) == 0:
         return None
@@ -706,48 +484,28 @@ def detect_fts_sql(table):
                     and sql like '%VIRTUAL TABLE%USING FTS%'
                 )
             )
-    """.format(table=table.replace("'", "''"))
+    """.format(
+        table=table
+    )
 
 
 def detect_json1(conn=None):
-    close_conn = False
     if conn is None:
         conn = sqlite3.connect(":memory:")
-        close_conn = True
     try:
         conn.execute("SELECT json('{}')")
         return True
     except Exception:
         return False
-    finally:
-        if close_conn:
-            conn.close()
 
 
 def table_columns(conn, table):
-    return [column.name for column in table_column_details(conn, table)]
-
-
-def table_column_details(conn, table):
-    if supports_table_xinfo():
-        # table_xinfo was added in 3.26.0
-        return [
-            Column(*r)
-            for r in conn.execute(
-                f"PRAGMA table_xinfo({escape_sqlite(table)});"
-            ).fetchall()
-        ]
-    else:
-        # First trigger a query against sqlite_master to fix an intermittent
-        # test failure, see https://github.com/simonw/datasette/issues/2632
-        conn.execute("select 1 from sqlite_master limit 1").fetchall()
-        return [
-            # Treat hidden as 0 for all columns.
-            Column(*(list(r) + [0]))
-            for r in conn.execute(
-                f"PRAGMA table_info({escape_sqlite(table)});"
-            ).fetchall()
-        ]
+    return [
+        r[1]
+        for r in conn.execute(
+            "PRAGMA table_info({});".format(escape_sqlite(table))
+        ).fetchall()
+    ]
 
 
 filter_column_re = re.compile(r"^_filter_column_\d+$")
@@ -762,7 +520,9 @@ def filters_should_redirect(special_args):
     if "__" in filter_op:
         filter_op, filter_value = filter_op.split("__", 1)
     if filter_column:
-        redirect_params.append((f"{filter_column}__{filter_op}", filter_value))
+        redirect_params.append(
+            ("{}__{}".format(filter_column, filter_op), filter_value)
+        )
     for key in ("_filter_column", "_filter_op", "_filter_value"):
         if key in special_args:
             redirect_params.append((key, None))
@@ -771,17 +531,17 @@ def filters_should_redirect(special_args):
     for column_key in column_keys:
         number = column_key.split("_")[-1]
         column = special_args[column_key]
-        op = special_args.get(f"_filter_op_{number}") or "exact"
-        value = special_args.get(f"_filter_value_{number}") or ""
+        op = special_args.get("_filter_op_{}".format(number)) or "exact"
+        value = special_args.get("_filter_value_{}".format(number)) or ""
         if "__" in op:
             op, value = op.split("__", 1)
         if column:
-            redirect_params.append((f"{column}__{op}", value))
+            redirect_params.append(("{}__{}".format(column, op), value))
         redirect_params.extend(
             [
-                (f"_filter_column_{number}", None),
-                (f"_filter_op_{number}", None),
-                (f"_filter_value_{number}", None),
+                ("_filter_column_{}".format(number), None),
+                ("_filter_op_{}".format(number), None),
+                ("_filter_value_{}".format(number), None),
             ]
         )
     return redirect_params
@@ -791,7 +551,7 @@ whitespace_re = re.compile(r"\s")
 
 
 def is_url(value):
-    """Must start with http:// or https:// and contain JUST a URL"""
+    "Must start with http:// or https:// and contain JUST a URL"
     if not isinstance(value, str):
         return False
     if not value.startswith("http://") and not value.startswith("https://"):
@@ -817,7 +577,7 @@ def to_css_class(s):
     """
     if css_class_re.match(s):
         return s
-    md5_suffix = md5_not_usedforsecurity(s)[:6]
+    md5_suffix = hashlib.md5(s.encode("utf8")).hexdigest()[:6]
     # Strip leading _, -
     s = s.lstrip("_").lstrip("-")
     # Replace any whitespace with hyphens
@@ -841,9 +601,9 @@ def link_or_copy(src, dst):
 
 def link_or_copy_directory(src, dst):
     try:
-        copytree(src, dst, copy_function=os.link, dirs_exist_ok=True)
+        shutil.copytree(src, dst, copy_function=os.link)
     except OSError:
-        copytree(src, dst, dirs_exist_ok=True)
+        shutil.copytree(src, dst)
 
 
 def module_from_path(path, name):
@@ -856,26 +616,66 @@ def module_from_path(path, name):
     return mod
 
 
-def path_with_format(
-    *, request=None, path=None, format=None, extra_qs=None, replace_format=None
-):
+def get_plugins(pm):
+    plugins = []
+    plugin_to_distinfo = dict(pm.list_plugin_distinfo())
+    for plugin in pm.get_plugins():
+        static_path = None
+        templates_path = None
+        try:
+            if pkg_resources.resource_isdir(plugin.__name__, "static"):
+                static_path = pkg_resources.resource_filename(plugin.__name__, "static")
+            if pkg_resources.resource_isdir(plugin.__name__, "templates"):
+                templates_path = pkg_resources.resource_filename(
+                    plugin.__name__, "templates"
+                )
+        except (KeyError, ImportError):
+            # Caused by --plugins_dir= plugins - KeyError/ImportError thrown in Py3.5
+            pass
+        plugin_info = {
+            "name": plugin.__name__,
+            "static_path": static_path,
+            "templates_path": templates_path,
+        }
+        distinfo = plugin_to_distinfo.get(plugin)
+        if distinfo:
+            plugin_info["version"] = distinfo.version
+            plugin_info["name"] = distinfo.project_name
+        plugins.append(plugin_info)
+    return plugins
+
+
+async def resolve_table_and_format(table_and_format, table_exists, allowed_formats=[]):
+    if "." in table_and_format:
+        # Check if a table exists with this exact name
+        it_exists = await table_exists(table_and_format)
+        if it_exists:
+            return table_and_format, None
+
+    # Check if table ends with a known format
+    formats = list(allowed_formats) + ["csv", "jsono"]
+    for _format in formats:
+        if table_and_format.endswith(".{}".format(_format)):
+            table = table_and_format[: -(len(_format) + 1)]
+            return table, _format
+    return table_and_format, None
+
+
+def path_with_format(request, format, extra_qs=None):
     qs = extra_qs or {}
-    if path is None and request:
-        path = request.path
-    if replace_format and path.endswith(f".{replace_format}"):
-        path = path[: -(1 + len(replace_format))]
-    if "." in path:
+    path = request.path
+    if "." in request.path:
         qs["_format"] = format
     else:
-        path = f"{path}.{format}"
+        path = "{}.{}".format(path, format)
     if qs:
         extra = urllib.parse.urlencode(sorted(qs.items()))
-        if request and request.query_string:
-            path = f"{path}?{request.query_string}&{extra}"
+        if request.query_string:
+            path = "{}?{}&{}".format(path, request.query_string, extra)
         else:
-            path = f"{path}?{extra}"
-    elif request and request.query_string:
-        path = f"{path}?{request.query_string}"
+            path = "{}?{}".format(path, extra)
+    elif request.query_string:
+        path = "{}?{}".format(path, request.query_string)
     return path
 
 
@@ -921,41 +721,18 @@ class LimitedWriter:
     async def write(self, bytes):
         self.bytes_count += len(bytes)
         if self.limit_bytes and (self.bytes_count > self.limit_bytes):
-            raise WriteLimitExceeded(f"CSV contains more than {self.limit_bytes} bytes")
+            raise WriteLimitExceeded(
+                "CSV contains more than {} bytes".format(self.limit_bytes)
+            )
         await self.writer.write(bytes)
 
 
-class EscapeHtmlWriter:
-    def __init__(self, writer):
-        self.writer = writer
-
-    async def write(self, content):
-        await self.writer.write(markupsafe.escape(content))
-
-
 _infinities = {float("inf"), float("-inf")}
 
 
 def remove_infinites(row):
-    """
-    Replace float('inf') and float('-inf') with None in a row.
-
-    Returns the original row object unchanged if no infinities are found.
-    """
-    if isinstance(row, dict):
-        for v in row.values():
-            if isinstance(v, float) and v in _infinities:
-                return {
-                    k: (None if isinstance(v2, float) and v2 in _infinities else v2)
-                    for k, v2 in row.items()
-                }
-    else:
-        for v in row:
-            if isinstance(v, float) and v in _infinities:
-                return [
-                    None if isinstance(v2, float) and v2 in _infinities else v2
-                    for v2 in row
-                ]
+    if any((c in _infinities) if isinstance(c, float) else 0 for c in row):
+        return [None if (isinstance(c, float) and c in _infinities) else c for c in row]
     return row
 
 
@@ -965,29 +742,17 @@ class StaticMount(click.ParamType):
     def convert(self, value, param, ctx):
         if ":" not in value:
             self.fail(
-                f'"{value}" should be of format mountpoint:directory',
+                '"{}" should be of format mountpoint:directory'.format(value),
                 param,
                 ctx,
             )
         path, dirpath = value.split(":", 1)
         dirpath = os.path.abspath(dirpath)
         if not os.path.exists(dirpath) or not os.path.isdir(dirpath):
-            self.fail(f"{value} is not a valid directory path", param, ctx)
+            self.fail("%s is not a valid directory path" % value, param, ctx)
         return path, dirpath
 
 
-# The --load-extension parameter can optionally include a specific entrypoint.
-# This is done by appending ":entrypoint_name" after supplying the path to the extension
-class LoadExtension(click.ParamType):
-    name = "path:entrypoint?"
-
-    def convert(self, value, param, ctx):
-        if ":" not in value:
-            return value
-        path, entrypoint = value.split(":", 1)
-        return path, entrypoint
-
-
 def format_bytes(bytes):
     current = float(bytes)
     for unit in ("bytes", "KB", "MB", "GB", "TB"):
@@ -995,9 +760,9 @@ def format_bytes(bytes):
             break
         current = current / 1024
     if unit == "bytes":
-        return f"{int(current)} {unit}"
+        return "{} {}".format(int(current), unit)
     else:
-        return f"{current:.1f} {unit}"
+        return "{:.1f} {}".format(current, unit)
 
 
 _escape_fts_re = re.compile(r'\s+|(".*?")')
@@ -1014,53 +779,17 @@ def escape_fts(query):
     )
 
 
-class MultiParams:
-    def __init__(self, data):
-        # data is a dictionary of key => [list, of, values] or a list of [["key", "value"]] pairs
-        if isinstance(data, dict):
-            for key in data:
-                assert isinstance(
-                    data[key], (list, tuple)
-                ), "dictionary data should be a dictionary of key => [list]"
-            self._data = data
-        elif isinstance(data, list) or isinstance(data, tuple):
-            new_data = {}
-            for item in data:
-                assert (
-                    isinstance(item, (list, tuple)) and len(item) == 2
-                ), "list data should be a list of [key, value] pairs"
-                key, value = item
-                new_data.setdefault(key, []).append(value)
-            self._data = new_data
-
-    def __repr__(self):
-        return f""
-
-    def __contains__(self, key):
-        return key in self._data
-
-    def __getitem__(self, key):
-        return self._data[key][0]
-
-    def keys(self):
-        return self._data.keys()
-
-    def __iter__(self):
-        yield from self._data.keys()
-
-    def __len__(self):
-        return len(self._data)
-
+class RequestParameters(dict):
     def get(self, name, default=None):
-        """Return first value in the list, if available"""
+        "Return first value in the list, if available"
         try:
-            return self._data.get(name)[0]
+            return super().get(name)[0]
         except (KeyError, TypeError):
             return default
 
-    def getlist(self, name):
-        """Return full list"""
-        return self._data.get(name) or []
+    def getlist(self, name, default=None):
+        "Return full list"
+        return super().get(name, default)
 
 
 class ConnectionProblem(Exception):
@@ -1080,526 +809,9 @@ def check_connection(conn):
     ]
     for table in tables:
         try:
-            conn.execute(
-                f"PRAGMA table_info({escape_sqlite(table)});",
-            )
+            conn.execute("PRAGMA table_info({});".format(escape_sqlite(table)),)
         except sqlite3.OperationalError as e:
             if e.args[0] == "no such module: VirtualSpatialIndex":
                 raise SpatialiteConnectionProblem(e)
             else:
                 raise ConnectionProblem(e)
-
-
-class BadMetadataError(Exception):
-    pass
-
-
-@documented
-def parse_metadata(content: str) -> dict:
-    "Detects if content is JSON or YAML and parses it appropriately."
-    # content can be JSON or YAML
-    try:
-        return json.loads(content)
-    except json.JSONDecodeError:
-        try:
-            return yaml.safe_load(content)
-        except yaml.YAMLError:
-            raise BadMetadataError("Metadata is not valid JSON or YAML")
-
-
-def _gather_arguments(fn, kwargs):
-    parameters = inspect.signature(fn).parameters.keys()
-    call_with = []
-    for parameter in parameters:
-        if parameter not in kwargs:
-            raise TypeError(
-                "{} requires parameters {}, missing: {}".format(
-                    fn, tuple(parameters), set(parameters) - set(kwargs.keys())
-                )
-            )
-        call_with.append(kwargs[parameter])
-    return call_with
-
-
-@documented
-def call_with_supported_arguments(fn, **kwargs):
-    """
-    Call ``fn`` with the subset of ``**kwargs`` matching its signature.
-
-    This implements dependency injection: the caller provides all available
-    keyword arguments and the function receives only the ones it declares
-    as parameters.
-
-    :param fn: A callable (sync function)
-    :param kwargs: All available keyword arguments
-    :returns: The return value of ``fn``
-    """
-    call_with = _gather_arguments(fn, kwargs)
-    return fn(*call_with)
-
-
-@documented
-async def async_call_with_supported_arguments(fn, **kwargs):
-    """
-    Async version of :func:`call_with_supported_arguments`.
-
-    Calls ``await fn(...)`` with the subset of ``**kwargs`` matching its
-    signature.
-
-    :param fn: An async callable
-    :param kwargs: All available keyword arguments
-    :returns: The return value of ``await fn(...)``
-    """
-    call_with = _gather_arguments(fn, kwargs)
-    return await fn(*call_with)
-
-
-def actor_matches_allow(actor, allow):
-    if allow is True:
-        return True
-    if allow is False:
-        return False
-    if actor is None and allow and allow.get("unauthenticated") is True:
-        return True
-    if allow is None:
-        return True
-    actor = actor or {}
-    for key, values in allow.items():
-        if values == "*" and key in actor:
-            return True
-        if not isinstance(values, list):
-            values = [values]
-        actor_values = actor.get(key)
-        if actor_values is None:
-            continue
-        if not isinstance(actor_values, list):
-            actor_values = [actor_values]
-        actor_values = set(actor_values)
-        if actor_values.intersection(values):
-            return True
-    return False
-
-
-def resolve_env_secrets(config, environ):
-    """Create copy that recursively replaces {"$env": "NAME"} with values from environ"""
-    if isinstance(config, dict):
-        if list(config.keys()) == ["$env"]:
-            return environ.get(list(config.values())[0])
-        elif list(config.keys()) == ["$file"]:
-            with open(list(config.values())[0]) as fp:
-                return fp.read()
-        else:
-            return {
-                key: resolve_env_secrets(value, environ)
-                for key, value in config.items()
-            }
-    elif isinstance(config, list):
-        return [resolve_env_secrets(value, environ) for value in config]
-    else:
-        return config
-
-
-def display_actor(actor):
-    for key in ("display", "name", "username", "login", "id"):
-        if actor.get(key):
-            return actor[key]
-    return str(actor)
-
-
-class SpatialiteNotFound(Exception):
-    pass
-
-
-# Can replace with sqlite-utils when I add that dependency
-def find_spatialite():
-    for path in SPATIALITE_PATHS:
-        if os.path.exists(path):
-            return path
-    raise SpatialiteNotFound
-
-
-async def initial_path_for_datasette(datasette):
-    """Return suggested path for opening this Datasette, based on number of DBs and tables"""
-    databases = dict([p for p in datasette.databases.items() if p[0] != "_internal"])
-    if len(databases) == 1:
-        db_name = next(iter(databases.keys()))
-        path = datasette.urls.database(db_name)
-        # Does this DB only have one table?
-        db = next(iter(databases.values()))
-        tables = await db.table_names()
-        if len(tables) == 1:
-            path = datasette.urls.table(db_name, tables[0])
-    else:
-        path = datasette.urls.instance()
-    return path
-
-
-class PrefixedUrlString(str):
-    def __add__(self, other):
-        return type(self)(super().__add__(other))
-
-    def __str__(self):
-        return super().__str__()
-
-    def __getattribute__(self, name):
-        if not name.startswith("__") and name in dir(str):
-
-            def method(self, *args, **kwargs):
-                value = getattr(super(), name)(*args, **kwargs)
-                if isinstance(value, str):
-                    return type(self)(value)
-                elif isinstance(value, list):
-                    return [type(self)(i) for i in value]
-                elif isinstance(value, tuple):
-                    return tuple(type(self)(i) for i in value)
-                else:
-                    return value
-
-            return method.__get__(self)
-        else:
-            return super().__getattribute__(name)
-
-
-class StartupError(Exception):
-    pass
-
-
-_single_line_comment_re = re.compile(r"--.*")
-_multi_line_comment_re = re.compile(r"/\*.*?\*/", re.DOTALL)
-_single_quote_re = re.compile(r"'(?:''|[^'])*'")
-_double_quote_re = re.compile(r'"(?:\"\"|[^"])*"')
-_named_param_re = re.compile(r":(\w+)")
-
-
-@documented
-def named_parameters(sql: str) -> List[str]:
-    """
-    Given a SQL statement, return a list of named parameters that are used in the statement
-
-    e.g. for ``select * from foo where id=:id`` this would return ``["id"]``
-    """
-    sql = _single_line_comment_re.sub("", sql)
-    sql = _multi_line_comment_re.sub("", sql)
-    sql = _single_quote_re.sub("", sql)
-    sql = _double_quote_re.sub("", sql)
-    # Extract parameters from what is left
-    return _named_param_re.findall(sql)
-
-
-async def derive_named_parameters(db: "Database", sql: str) -> List[str]:
-    """
-    This undocumented but stable method exists for backwards compatibility
-    with plugins that were using it before it switched to named_parameters()
-    """
-    return named_parameters(sql)
-
-
-def add_cors_headers(headers):
-    headers["Access-Control-Allow-Origin"] = "*"
-    headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type"
-    headers["Access-Control-Expose-Headers"] = "Link"
-    headers["Access-Control-Allow-Methods"] = "GET, POST, HEAD, OPTIONS"
-    headers["Access-Control-Max-Age"] = "3600"
-
-
-_TILDE_ENCODING_SAFE = frozenset(
-    b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-    b"abcdefghijklmnopqrstuvwxyz"
-    b"0123456789_-"
-    # This is the same as Python percent-encoding but I removed
-    # '.' and '~'
-)
-
-_space = ord(" ")
-
-
-class TildeEncoder(dict):
-    # Keeps a cache internally, via __missing__
-    def __missing__(self, b):
-        # Handle a cache miss, store encoded string in cache and return.
-        if b in _TILDE_ENCODING_SAFE:
-            res = chr(b)
-        elif b == _space:
-            res = "+"
-        else:
-            res = "~{:02X}".format(b)
-        self[b] = res
-        return res
-
-
-_tilde_encoder = TildeEncoder().__getitem__
-
-
-@documented
-def tilde_encode(s: str) -> str:
-    "Returns tilde-encoded string - for example ``/foo/bar`` -> ``~2Ffoo~2Fbar``"
-    return "".join(_tilde_encoder(char) for char in s.encode("utf-8"))
-
-
-@documented
-def tilde_decode(s: str) -> str:
-    "Decodes a tilde-encoded string, so ``~2Ffoo~2Fbar`` -> ``/foo/bar``"
-    # Avoid accidentally decoding a %2f style sequence
-    temp = secrets.token_hex(16)
-    s = s.replace("%", temp)
-    decoded = urllib.parse.unquote_plus(s.replace("~", "%"))
-    return decoded.replace(temp, "%")
-
-
-def resolve_routes(routes, path):
-    for regex, view in routes:
-        match = regex.match(path)
-        if match is not None:
-            return match, view
-    return None, None
-
-
-def truncate_url(url, length):
-    if (not length) or (len(url) <= length):
-        return url
-    bits = url.rsplit(".", 1)
-    if len(bits) == 2 and 1 <= len(bits[1]) <= 4 and "/" not in bits[1]:
-        rest, ext = bits
-        return rest[: length - 1 - len(ext)] + "…." + ext
-    return url[: length - 1] + "…"
-
-
-async def row_sql_params_pks(db, table, pk_values):
-    pks = await db.primary_keys(table)
-    use_rowid = not pks
-    select = "*"
-    if use_rowid:
-        select = "rowid, *"
-        pks = ["rowid"]
-    wheres = [f'"{pk}"=:p{i}' for i, pk in enumerate(pks)]
-    sql = f"select {select} from {escape_sqlite(table)} where {' AND '.join(wheres)}"
-    params = {}
-    for i, pk_value in enumerate(pk_values):
-        params[f"p{i}"] = pk_value
-    return sql, params, pks
-
-
-def _handle_pair(key: str, value: str) -> dict:
-    """
-    Turn a key-value pair into a nested dictionary.
-    foo, bar => {'foo': 'bar'}
-    foo.bar, baz => {'foo': {'bar': 'baz'}}
-    foo.bar, [1, 2, 3] => {'foo': {'bar': [1, 2, 3]}}
-    foo.bar, "baz" => {'foo': {'bar': 'baz'}}
-    foo.bar, '{"baz": "qux"}' => {'foo': {'bar': "{'baz': 'qux'}"}}
-    """
-    try:
-        value = json.loads(value)
-    except json.JSONDecodeError:
-        # If it doesn't parse as JSON, treat it as a string
-        pass
-
-    keys = key.split(".")
-    result = current_dict = {}
-
-    for k in keys[:-1]:
-        current_dict[k] = {}
-        current_dict = current_dict[k]
-
-    current_dict[keys[-1]] = value
-    return result
-
-
-def _combine(base: dict, update: dict) -> dict:
-    """
-    Recursively merge two dictionaries.
-    """
-    for key, value in update.items():
-        if isinstance(value, dict) and key in base and isinstance(base[key], dict):
-            base[key] = _combine(base[key], value)
-        else:
-            base[key] = value
-    return base
-
-
-def pairs_to_nested_config(pairs: typing.List[typing.Tuple[str, typing.Any]]) -> dict:
-    """
-    Parse a list of key-value pairs into a nested dictionary.
-    """
-    result = {}
-    for key, value in pairs:
-        parsed_pair = _handle_pair(key, value)
-        result = _combine(result, parsed_pair)
-    return result
-
-
-def make_slot_function(name, datasette, request, **kwargs):
-    from datasette.plugins import pm
-
-    method = getattr(pm.hook, name, None)
-    assert method is not None, "No hook found for {}".format(name)
-
-    async def inner():
-        html_bits = []
-        for hook in method(datasette=datasette, request=request, **kwargs):
-            html = await await_me_maybe(hook)
-            if html is not None:
-                html_bits.append(html)
-        return markupsafe.Markup("".join(html_bits))
-
-    return inner
-
-
-def prune_empty_dicts(d: dict):
-    """
-    Recursively prune all empty dictionaries from a given dictionary.
-    """
-    for key, value in list(d.items()):
-        if isinstance(value, dict):
-            prune_empty_dicts(value)
-            if value == {}:
-                d.pop(key, None)
-
-
-def move_plugins_and_allow(source: dict, destination: dict) -> Tuple[dict, dict]:
-    """
-    Move 'plugins' and 'allow' keys from source to destination dictionary. Creates
-    hierarchy in destination if needed. After moving, recursively remove any keys
-    in the source that are left empty.
-    """
-    source = copy.deepcopy(source)
-    destination = copy.deepcopy(destination)
-
-    def recursive_move(src, dest, path=None):
-        if path is None:
-            path = []
-        for key, value in list(src.items()):
-            new_path = path + [key]
-            if key in ("plugins", "allow"):
-                # Navigate and create the hierarchy in destination if needed
-                d = dest
-                for step in path:
-                    d = d.setdefault(step, {})
-                # Move the plugins
-                d[key] = value
-                # Remove the plugins from source
-                src.pop(key, None)
-            elif isinstance(value, dict):
-                recursive_move(value, dest, new_path)
-                # After moving, check if the current dictionary is empty and remove it if so
-                if not value:
-                    src.pop(key, None)
-
-    recursive_move(source, destination)
-    prune_empty_dicts(source)
-    return source, destination
-
-
-_table_config_keys = (
-    "hidden",
-    "sort",
-    "sort_desc",
-    "size",
-    "sortable_columns",
-    "label_column",
-    "facets",
-    "fts_table",
-    "fts_pk",
-    "searchmode",
-)
-
-
-def move_table_config(metadata: dict, config: dict):
-    """
-    Move all known table configuration keys from metadata to config.
-    """
-    if "databases" not in metadata:
-        return metadata, config
-    metadata = copy.deepcopy(metadata)
-    config = copy.deepcopy(config)
-    for database_name, database in metadata["databases"].items():
-        if "tables" not in database:
-            continue
-        for table_name, table in database["tables"].items():
-            for key in _table_config_keys:
-                if key in table:
-                    config.setdefault("databases", {}).setdefault(
-                        database_name, {}
-                    ).setdefault("tables", {}).setdefault(table_name, {})[
-                        key
-                    ] = table.pop(
-                        key
-                    )
-    prune_empty_dicts(metadata)
-    return metadata, config
-
-
-def redact_keys(original: dict, key_patterns: Iterable) -> dict:
-    """
-    Recursively redact sensitive keys in a dictionary based on given patterns
-
-    :param original: The original dictionary
-    :param key_patterns: A list of substring patterns to redact
-    :return: A copy of the original dictionary with sensitive values redacted
-    """
-
-    def redact(data):
-        if isinstance(data, dict):
-            return {
-                k: (
-                    redact(v)
-                    if not any(pattern in k for pattern in key_patterns)
-                    else "***"
-                )
-                for k, v in data.items()
-            }
-        elif isinstance(data, list):
-            return [redact(item) for item in data]
-        else:
-            return data
-
-    return redact(original)
-
-
-def md5_not_usedforsecurity(s):
-    try:
-        return hashlib.md5(s.encode("utf8"), usedforsecurity=False).hexdigest()
-    except TypeError:
-        # For Python 3.8 which does not support usedforsecurity=False
-        return hashlib.md5(s.encode("utf8")).hexdigest()
-
-
-_etag_cache = {}
-
-
-def sha256_file(filepath, chunk_size=4096):
-    hasher = hashlib.sha256()
-    with open(filepath, "rb") as fp:
-        while True:
-            chunk = fp.read(chunk_size)
-            if not chunk:
-                break
-            hasher.update(chunk)
-    return hasher.hexdigest()
-
-
-async def calculate_etag(filepath, chunk_size=4096):
-    if filepath in _etag_cache:
-        return _etag_cache[filepath]
-
-    hasher = hashlib.md5()
-    async with aiofiles.open(filepath, "rb") as f:
-        while True:
-            chunk = await f.read(chunk_size)
-            if not chunk:
-                break
-            hasher.update(chunk)
-
-    etag = f'"{hasher.hexdigest()}"'
-    _etag_cache[filepath] = etag
-
-    return etag
-
-
-def deep_dict_update(dict1, dict2):
-    for key, value in dict2.items():
-        if isinstance(value, dict):
-            dict1[key] = deep_dict_update(dict1.get(key, type(value)()), value)
-        else:
-            dict1[key] = value
-    return dict1
diff --git a/datasette/utils/actions_sql.py b/datasette/utils/actions_sql.py
deleted file mode 100644
index c7137e6b..00000000
--- a/datasette/utils/actions_sql.py
+++ /dev/null
@@ -1,675 +0,0 @@
-"""
-SQL query builder for hierarchical permission checking.
-
-This module implements a cascading permission system based on the pattern
-from https://github.com/simonw/research/tree/main/sqlite-permissions-poc
-
-It builds SQL queries that:
-
-1. Start with all resources of a given type (from resource_type.resources_sql())
-2. Gather permission rules from plugins (via permission_resources_sql hook)
-3. Apply cascading logic: child → parent → global
-4. Apply DENY-beats-ALLOW at each level
-
-The core pattern is:
-- Resources are identified by (parent, child) tuples
-- Rules are evaluated at three levels:
-  - child: exact match on (parent, child)
-  - parent: match on (parent, NULL)
-  - global: match on (NULL, NULL)
-- At the same level, DENY (allow=0) beats ALLOW (allow=1)
-- Across levels, child beats parent beats global
-"""
-
-import asyncio
-import re
-from typing import TYPE_CHECKING
-
-from datasette.utils.permissions import gather_permission_sql_from_hooks
-
-if TYPE_CHECKING:
-    from datasette.app import Datasette
-
-
-async def build_allowed_resources_sql(
-    datasette: "Datasette",
-    actor: dict | None,
-    action: str,
-    *,
-    parent: str | None = None,
-    include_is_private: bool = False,
-) -> tuple[str, dict]:
-    """
-    Build a SQL query that returns all resources the actor can access for this action.
-
-    Args:
-        datasette: The Datasette instance
-        actor: The actor dict (or None for unauthenticated)
-        action: The action name (e.g., "view-table", "view-database")
-        parent: Optional parent filter to limit results (e.g., database name)
-        include_is_private: If True, add is_private column showing if anonymous cannot access
-
-    Returns:
-        A tuple of (sql_query, params_dict)
-
-    The returned SQL query will have three columns (or four with include_is_private):
-        - parent: The parent resource identifier (or NULL)
-        - child: The child resource identifier (or NULL)
-        - reason: The reason from the rule that granted access
-        - is_private: (if include_is_private) 1 if anonymous cannot access, 0 otherwise
-
-    Example:
-        For action="view-table", this might return:
-        SELECT parent, child, reason FROM ... WHERE is_allowed = 1
-
-        Results would be like:
-        ('analytics', 'users', 'role-based: analysts can access analytics DB')
-        ('analytics', 'events', 'role-based: analysts can access analytics DB')
-        ('production', 'orders', 'business-exception: allow production.orders for carol')
-    """
-    # Get the Action object
-    action_obj = datasette.actions.get(action)
-    if not action_obj:
-        raise ValueError(f"Unknown action: {action}")
-
-    # If this action also_requires another action, we need to combine the queries
-    if action_obj.also_requires:
-        # Build both queries
-        main_sql, main_params = await _build_single_action_sql(
-            datasette,
-            actor,
-            action,
-            parent=parent,
-            include_is_private=include_is_private,
-        )
-        required_sql, required_params = await _build_single_action_sql(
-            datasette,
-            actor,
-            action_obj.also_requires,
-            parent=parent,
-            include_is_private=False,
-        )
-
-        # Merge parameters - they should have identical values for :actor, :actor_id, etc.
-        all_params = {**main_params, **required_params}
-        if parent is not None:
-            all_params["filter_parent"] = parent
-
-        # Combine with INNER JOIN - only resources allowed by both actions
-        combined_sql = f"""
-WITH
-main_allowed AS (
-{main_sql}
-),
-required_allowed AS (
-{required_sql}
-)
-SELECT m.parent, m.child, m.reason"""
-
-        if include_is_private:
-            combined_sql += ", m.is_private"
-
-        combined_sql += """
-FROM main_allowed m
-INNER JOIN required_allowed r
-  ON ((m.parent = r.parent) OR (m.parent IS NULL AND r.parent IS NULL))
- AND ((m.child = r.child) OR (m.child IS NULL AND r.child IS NULL))
-"""
-
-        if parent is not None:
-            combined_sql += "WHERE m.parent = :filter_parent\n"
-
-        combined_sql += "ORDER BY m.parent, m.child"
-
-        return combined_sql, all_params
-
-    # No also_requires, build single action query
-    return await _build_single_action_sql(
-        datasette, actor, action, parent=parent, include_is_private=include_is_private
-    )
-
-
-async def _build_single_action_sql(
-    datasette: "Datasette",
-    actor: dict | None,
-    action: str,
-    *,
-    parent: str | None = None,
-    include_is_private: bool = False,
-) -> tuple[str, dict]:
-    """
-    Build SQL for a single action (internal helper for build_allowed_resources_sql).
-
-    This contains the original logic from build_allowed_resources_sql, extracted
-    to allow combining multiple actions when also_requires is used.
-    """
-    # Get the Action object
-    action_obj = datasette.actions.get(action)
-    if not action_obj:
-        raise ValueError(f"Unknown action: {action}")
-
-    # Get base resources SQL from the resource class
-    base_resources_sql = await action_obj.resource_class.resources_sql(
-        datasette, actor=actor
-    )
-
-    permission_sqls = await gather_permission_sql_from_hooks(
-        datasette=datasette,
-        actor=actor,
-        action=action,
-    )
-
-    # If permission_sqls is the sentinel, skip all permission checks
-    # Return SQL that allows all resources
-    from datasette.utils.permissions import SKIP_PERMISSION_CHECKS
-
-    if permission_sqls is SKIP_PERMISSION_CHECKS:
-        cols = "parent, child, 'skip_permission_checks' AS reason"
-        if include_is_private:
-            cols += ", 0 AS is_private"
-        return f"SELECT {cols} FROM ({base_resources_sql})", {}
-
-    all_params = {}
-    rule_sqls = []
-    restriction_sqls = []
-
-    for permission_sql in permission_sqls:
-        # Always collect params (even from restriction-only plugins)
-        all_params.update(permission_sql.params or {})
-
-        # Collect restriction SQL filters
-        if permission_sql.restriction_sql:
-            restriction_sqls.append(permission_sql.restriction_sql)
-
-        # Skip plugins that only provide restriction_sql (no permission rules)
-        if permission_sql.sql is None:
-            continue
-        rule_sqls.append(f"""
-            SELECT parent, child, allow, reason, '{permission_sql.source}' AS source_plugin FROM (
-                {permission_sql.sql}
-            )
-            """.strip())
-
-    # If no rules, return empty result (deny all)
-    if not rule_sqls:
-        empty_cols = "NULL AS parent, NULL AS child, NULL AS reason"
-        if include_is_private:
-            empty_cols += ", NULL AS is_private"
-        return f"SELECT {empty_cols} WHERE 0", {}
-
-    # Build the cascading permission query
-    rules_union = " UNION ALL ".join(rule_sqls)
-
-    # Build the main query
-    query_parts = [
-        "WITH",
-        "base AS (",
-        f"  {base_resources_sql}",
-        "),",
-        "all_rules AS (",
-        f"  {rules_union}",
-        "),",
-    ]
-
-    # If include_is_private, we need to build anonymous permissions too
-    if include_is_private:
-        anon_permission_sqls = await gather_permission_sql_from_hooks(
-            datasette=datasette,
-            actor=None,
-            action=action,
-        )
-        anon_sqls_rewritten = []
-        anon_params = {}
-
-        for permission_sql in anon_permission_sqls:
-            # Skip plugins that only provide restriction_sql (no permission rules)
-            if permission_sql.sql is None:
-                continue
-            rewritten_sql = permission_sql.sql
-            for key, value in (permission_sql.params or {}).items():
-                anon_key = f"anon_{key}"
-                anon_params[anon_key] = value
-                rewritten_sql = rewritten_sql.replace(f":{key}", f":{anon_key}")
-            anon_sqls_rewritten.append(rewritten_sql)
-
-        all_params.update(anon_params)
-
-        if anon_sqls_rewritten:
-            anon_rules_union = " UNION ALL ".join(anon_sqls_rewritten)
-            query_parts.extend(
-                [
-                    "anon_rules AS (",
-                    f"  {anon_rules_union}",
-                    "),",
-                ]
-            )
-        else:
-            query_parts.extend(
-                [
-                    "anon_rules AS (",
-                    "  SELECT NULL AS parent, NULL AS child, 0 AS allow, NULL AS reason WHERE 0",
-                    "),",
-                ]
-            )
-
-    # Continue with the cascading logic
-    query_parts.extend(
-        [
-            "child_lvl AS (",
-            "  SELECT b.parent, b.child,",
-            "         MAX(CASE WHEN ar.allow = 0 THEN 1 ELSE 0 END) AS any_deny,",
-            "         MAX(CASE WHEN ar.allow = 1 THEN 1 ELSE 0 END) AS any_allow,",
-            "         json_group_array(CASE WHEN ar.allow = 0 THEN ar.source_plugin || ': ' || ar.reason END) AS deny_reasons,",
-            "         json_group_array(CASE WHEN ar.allow = 1 THEN ar.source_plugin || ': ' || ar.reason END) AS allow_reasons",
-            "  FROM base b",
-            "  LEFT JOIN all_rules ar ON ar.parent = b.parent AND ar.child = b.child",
-            "  GROUP BY b.parent, b.child",
-            "),",
-            "parent_lvl AS (",
-            "  SELECT b.parent, b.child,",
-            "         MAX(CASE WHEN ar.allow = 0 THEN 1 ELSE 0 END) AS any_deny,",
-            "         MAX(CASE WHEN ar.allow = 1 THEN 1 ELSE 0 END) AS any_allow,",
-            "         json_group_array(CASE WHEN ar.allow = 0 THEN ar.source_plugin || ': ' || ar.reason END) AS deny_reasons,",
-            "         json_group_array(CASE WHEN ar.allow = 1 THEN ar.source_plugin || ': ' || ar.reason END) AS allow_reasons",
-            "  FROM base b",
-            "  LEFT JOIN all_rules ar ON ar.parent = b.parent AND ar.child IS NULL",
-            "  GROUP BY b.parent, b.child",
-            "),",
-            "global_lvl AS (",
-            "  SELECT b.parent, b.child,",
-            "         MAX(CASE WHEN ar.allow = 0 THEN 1 ELSE 0 END) AS any_deny,",
-            "         MAX(CASE WHEN ar.allow = 1 THEN 1 ELSE 0 END) AS any_allow,",
-            "         json_group_array(CASE WHEN ar.allow = 0 THEN ar.source_plugin || ': ' || ar.reason END) AS deny_reasons,",
-            "         json_group_array(CASE WHEN ar.allow = 1 THEN ar.source_plugin || ': ' || ar.reason END) AS allow_reasons",
-            "  FROM base b",
-            "  LEFT JOIN all_rules ar ON ar.parent IS NULL AND ar.child IS NULL",
-            "  GROUP BY b.parent, b.child",
-            "),",
-        ]
-    )
-
-    # Add anonymous decision logic if needed
-    if include_is_private:
-        query_parts.extend(
-            [
-                "anon_child_lvl AS (",
-                "  SELECT b.parent, b.child,",
-                "         MAX(CASE WHEN ar.allow = 0 THEN 1 ELSE 0 END) AS any_deny,",
-                "         MAX(CASE WHEN ar.allow = 1 THEN 1 ELSE 0 END) AS any_allow",
-                "  FROM base b",
-                "  LEFT JOIN anon_rules ar ON ar.parent = b.parent AND ar.child = b.child",
-                "  GROUP BY b.parent, b.child",
-                "),",
-                "anon_parent_lvl AS (",
-                "  SELECT b.parent, b.child,",
-                "         MAX(CASE WHEN ar.allow = 0 THEN 1 ELSE 0 END) AS any_deny,",
-                "         MAX(CASE WHEN ar.allow = 1 THEN 1 ELSE 0 END) AS any_allow",
-                "  FROM base b",
-                "  LEFT JOIN anon_rules ar ON ar.parent = b.parent AND ar.child IS NULL",
-                "  GROUP BY b.parent, b.child",
-                "),",
-                "anon_global_lvl AS (",
-                "  SELECT b.parent, b.child,",
-                "         MAX(CASE WHEN ar.allow = 0 THEN 1 ELSE 0 END) AS any_deny,",
-                "         MAX(CASE WHEN ar.allow = 1 THEN 1 ELSE 0 END) AS any_allow",
-                "  FROM base b",
-                "  LEFT JOIN anon_rules ar ON ar.parent IS NULL AND ar.child IS NULL",
-                "  GROUP BY b.parent, b.child",
-                "),",
-                "anon_decisions AS (",
-                "  SELECT",
-                "    b.parent, b.child,",
-                "    CASE",
-                "      WHEN acl.any_deny = 1 THEN 0",
-                "      WHEN acl.any_allow = 1 THEN 1",
-                "      WHEN apl.any_deny = 1 THEN 0",
-                "      WHEN apl.any_allow = 1 THEN 1",
-                "      WHEN agl.any_deny = 1 THEN 0",
-                "      WHEN agl.any_allow = 1 THEN 1",
-                "      ELSE 0",
-                "    END AS anon_is_allowed",
-                "  FROM base b",
-                "  JOIN anon_child_lvl acl ON b.parent = acl.parent AND (b.child = acl.child OR (b.child IS NULL AND acl.child IS NULL))",
-                "  JOIN anon_parent_lvl apl ON b.parent = apl.parent AND (b.child = apl.child OR (b.child IS NULL AND apl.child IS NULL))",
-                "  JOIN anon_global_lvl agl ON b.parent = agl.parent AND (b.child = agl.child OR (b.child IS NULL AND agl.child IS NULL))",
-                "),",
-            ]
-        )
-
-    # Final decisions
-    query_parts.extend(
-        [
-            "decisions AS (",
-            "  SELECT",
-            "    b.parent, b.child,",
-            "    -- Cascading permission logic: child → parent → global, DENY beats ALLOW at each level",
-            "    -- Priority order:",
-            "    --   1. Child-level deny (most specific, blocks access)",
-            "    --   2. Child-level allow (most specific, grants access)",
-            "    --   3. Parent-level deny (intermediate, blocks access)",
-            "    --   4. Parent-level allow (intermediate, grants access)",
-            "    --   5. Global-level deny (least specific, blocks access)",
-            "    --   6. Global-level allow (least specific, grants access)",
-            "    --   7. Default deny (no rules match)",
-            "    CASE",
-            "      WHEN cl.any_deny = 1 THEN 0",
-            "      WHEN cl.any_allow = 1 THEN 1",
-            "      WHEN pl.any_deny = 1 THEN 0",
-            "      WHEN pl.any_allow = 1 THEN 1",
-            "      WHEN gl.any_deny = 1 THEN 0",
-            "      WHEN gl.any_allow = 1 THEN 1",
-            "      ELSE 0",
-            "    END AS is_allowed,",
-            "    CASE",
-            "      WHEN cl.any_deny = 1 THEN cl.deny_reasons",
-            "      WHEN cl.any_allow = 1 THEN cl.allow_reasons",
-            "      WHEN pl.any_deny = 1 THEN pl.deny_reasons",
-            "      WHEN pl.any_allow = 1 THEN pl.allow_reasons",
-            "      WHEN gl.any_deny = 1 THEN gl.deny_reasons",
-            "      WHEN gl.any_allow = 1 THEN gl.allow_reasons",
-            "      ELSE '[]'",
-            "    END AS reason",
-        ]
-    )
-
-    if include_is_private:
-        query_parts.append(
-            "    , CASE WHEN ad.anon_is_allowed = 0 THEN 1 ELSE 0 END AS is_private"
-        )
-
-    query_parts.extend(
-        [
-            "  FROM base b",
-            "  JOIN child_lvl cl ON b.parent = cl.parent AND (b.child = cl.child OR (b.child IS NULL AND cl.child IS NULL))",
-            "  JOIN parent_lvl pl ON b.parent = pl.parent AND (b.child = pl.child OR (b.child IS NULL AND pl.child IS NULL))",
-            "  JOIN global_lvl gl ON b.parent = gl.parent AND (b.child = gl.child OR (b.child IS NULL AND gl.child IS NULL))",
-        ]
-    )
-
-    if include_is_private:
-        query_parts.append(
-            "  JOIN anon_decisions ad ON b.parent = ad.parent AND (b.child = ad.child OR (b.child IS NULL AND ad.child IS NULL))"
-        )
-
-    query_parts.append(")")
-
-    # Add restriction list CTE if there are restrictions
-    if restriction_sqls:
-        # Wrap each restriction_sql in a subquery to avoid operator precedence issues
-        # with UNION ALL inside the restriction SQL statements
-        restriction_intersect = "\nINTERSECT\n".join(
-            f"SELECT * FROM ({sql})" for sql in restriction_sqls
-        )
-        query_parts.extend(
-            [",", "restriction_list AS (", f"  {restriction_intersect}", ")"]
-        )
-
-    # Final SELECT
-    select_cols = "parent, child, reason"
-    if include_is_private:
-        select_cols += ", is_private"
-
-    query_parts.append(f"SELECT {select_cols}")
-    query_parts.append("FROM decisions")
-    query_parts.append("WHERE is_allowed = 1")
-
-    # Add restriction filter if there are restrictions
-    if restriction_sqls:
-        query_parts.append("""
-  AND EXISTS (
-    SELECT 1 FROM restriction_list r
-    WHERE (r.parent = decisions.parent OR r.parent IS NULL)
-      AND (r.child = decisions.child OR r.child IS NULL)
-  )""")
-
-    # Add parent filter if specified
-    if parent is not None:
-        query_parts.append("  AND parent = :filter_parent")
-        all_params["filter_parent"] = parent
-
-    query_parts.append("ORDER BY parent, child")
-
-    query = "\n".join(query_parts)
-    return query, all_params
-
-
-async def build_permission_rules_sql(
-    datasette: "Datasette", actor: dict | None, action: str
-) -> tuple[str, dict]:
-    """
-    Build the UNION SQL and params for all permission rules for a given actor and action.
-
-    Returns:
-        A tuple of (sql, params) where sql is a UNION ALL query that returns
-        (parent, child, allow, reason, source_plugin) rows.
-    """
-    # Get the Action object
-    action_obj = datasette.actions.get(action)
-    if not action_obj:
-        raise ValueError(f"Unknown action: {action}")
-
-    permission_sqls = await gather_permission_sql_from_hooks(
-        datasette=datasette,
-        actor=actor,
-        action=action,
-    )
-
-    # If permission_sqls is the sentinel, skip all permission checks
-    # Return SQL that allows everything
-    from datasette.utils.permissions import SKIP_PERMISSION_CHECKS
-
-    if permission_sqls is SKIP_PERMISSION_CHECKS:
-        return (
-            "SELECT NULL AS parent, NULL AS child, 1 AS allow, 'skip_permission_checks' AS reason, 'skip' AS source_plugin",
-            {},
-            [],
-        )
-
-    if not permission_sqls:
-        return (
-            "SELECT NULL AS parent, NULL AS child, 0 AS allow, NULL AS reason, NULL AS source_plugin WHERE 0",
-            {},
-            [],
-        )
-
-    union_parts = []
-    all_params = {}
-    restriction_sqls = []
-
-    for permission_sql in permission_sqls:
-        all_params.update(permission_sql.params or {})
-
-        # Collect restriction SQL filters
-        if permission_sql.restriction_sql:
-            restriction_sqls.append(permission_sql.restriction_sql)
-
-        # Skip plugins that only provide restriction_sql (no permission rules)
-        if permission_sql.sql is None:
-            continue
-
-        union_parts.append(f"""
-            SELECT parent, child, allow, reason, '{permission_sql.source}' AS source_plugin FROM (
-                {permission_sql.sql}
-            )
-            """.strip())
-
-    rules_union = " UNION ALL ".join(union_parts)
-    return rules_union, all_params, restriction_sqls
-
-
-async def check_permissions_for_actions(
-    *,
-    datasette: "Datasette",
-    actor: dict | None,
-    actions: list[str],
-    parent: str | None,
-    child: str | None,
-) -> dict[str, bool]:
-    """
-    Check several actions for one actor and resource in a single query.
-
-    Args:
-        datasette: The Datasette instance
-        actor: The actor dict (or None)
-        actions: List of action names to check
-        parent: The parent resource identifier (e.g., database name, or None)
-        child: The child resource identifier (e.g., table name, or None)
-
-    Returns:
-        Dict mapping each action name to True (allowed) or False (denied)
-
-    Each action contributes its own tagged block of permission rules
-    (gathered from the permission_resources_sql hook, with parameters
-    namespaced per action to avoid collisions) plus an optional
-    restriction allowlist CTE. One internal database query resolves
-    the winning rule per action using the same specificity-then-deny
-    ordering as the rest of the permission system.
-
-    Note: this resolves each action independently - also_requires
-    dependencies are handled by the caller (Datasette.allowed_many).
-    """
-    from datasette.utils.permissions import SKIP_PERMISSION_CHECKS
-
-    for action in actions:
-        if not datasette.actions.get(action):
-            raise ValueError(f"Unknown action: {action}")
-
-    # Dedupe while preserving order
-    unique_actions = list(dict.fromkeys(actions))
-    if not unique_actions:
-        return {}
-
-    # Gather hook results for each action concurrently - hooks within a
-    # single action still run sequentially, preserving existing semantics
-    gathered = await asyncio.gather(
-        *(
-            gather_permission_sql_from_hooks(
-                datasette=datasette, actor=actor, action=action
-            )
-            for action in unique_actions
-        )
-    )
-
-    if any(result is SKIP_PERMISSION_CHECKS for result in gathered):
-        return {action: True for action in unique_actions}
-
-    params = {"_check_parent": parent, "_check_child": child}
-    ctes = []
-    result_rows = []
-    verdicts = {}
-
-    for i, (action, permission_sqls) in enumerate(zip(unique_actions, gathered)):
-        prefix = f"a{i}_"
-        rule_parts = []
-        restriction_parts = []
-
-        for permission_sql in permission_sqls:
-            sql = permission_sql.sql
-            restriction_sql = permission_sql.restriction_sql
-            # Namespace this block's params so identical names used for
-            # different actions cannot collide
-            for key in permission_sql.params or {}:
-                new_key = prefix + key
-                params[new_key] = permission_sql.params[key]
-                pattern = re.compile(":" + re.escape(key) + r"(?![A-Za-z0-9_])")
-                if sql:
-                    sql = pattern.sub(":" + new_key, sql)
-                if restriction_sql:
-                    restriction_sql = pattern.sub(":" + new_key, restriction_sql)
-
-            if restriction_sql:
-                restriction_parts.append(restriction_sql)
-
-            # Skip plugins that only provide restriction_sql (no permission rules)
-            if sql is None:
-                continue
-            rule_parts.append(
-                f"SELECT parent, child, allow, reason, '{permission_sql.source}' AS source_plugin FROM (\n{sql}\n)"
-            )
-
-        if not rule_parts:
-            # No rules from any plugin - default deny. Restrictions can
-            # only restrict, never grant, so no SQL is needed at all
-            verdicts[action] = False
-            continue
-        ctes.append(f"a{i}_rules AS (\n" + "\nUNION ALL\n".join(rule_parts) + "\n)")
-
-        # Winning rule for this action: most specific depth first, then
-        # deny-beats-allow, then source_plugin as a stable tie-break
-        verdict_sql = f"""COALESCE((
-  SELECT allow FROM (
-    SELECT allow, source_plugin,
-      CASE
-        WHEN child IS NOT NULL THEN 2
-        WHEN parent IS NOT NULL THEN 1
-        ELSE 0
-      END AS depth
-    FROM a{i}_rules
-    WHERE (parent IS NULL OR parent = :_check_parent)
-      AND (child IS NULL OR child = :_check_child)
-    ORDER BY
-      depth DESC,
-      CASE WHEN allow = 0 THEN 0 ELSE 1 END,
-      source_plugin
-    LIMIT 1
-  )
-), 0)"""
-
-        if restriction_parts:
-            # Database-level restrictions (parent, NULL) match all children
-            restriction_intersect = "\nINTERSECT\n".join(
-                f"SELECT * FROM ({sql})" for sql in restriction_parts
-            )
-            ctes.append(f"a{i}_restriction AS (\n{restriction_intersect}\n)")
-            verdict_sql = f"""({verdict_sql}) AND EXISTS (
-  SELECT 1 FROM a{i}_restriction r
-  WHERE (r.parent = :_check_parent OR r.parent IS NULL)
-    AND (r.child = :_check_child OR r.child IS NULL)
-)"""
-
-        result_rows.append(f"({i}, ({verdict_sql}))")
-
-    if result_rows:
-        ctes.append(
-            "results(action_idx, is_allowed) AS (VALUES\n"
-            + ",\n".join(result_rows)
-            + "\n)"
-        )
-        query = (
-            "WITH\n" + ",\n".join(ctes) + "\nSELECT action_idx, is_allowed FROM results"
-        )
-        result = await datasette.get_internal_database().execute(query, params)
-        for row in result.rows:
-            verdicts[unique_actions[row[0]]] = bool(row[1])
-    return verdicts
-
-
-async def check_permission_for_resource(
-    *,
-    datasette: "Datasette",
-    actor: dict | None,
-    action: str,
-    parent: str | None,
-    child: str | None,
-) -> bool:
-    """
-    Check if an actor has permission for a specific action on a specific resource.
-
-    Args:
-        datasette: The Datasette instance
-        actor: The actor dict (or None)
-        action: The action name
-        parent: The parent resource identifier (e.g., database name, or None)
-        child: The child resource identifier (e.g., table name, or None)
-
-    Returns:
-        True if the actor is allowed, False otherwise
-    """
-    results = await check_permissions_for_actions(
-        datasette=datasette,
-        actor=actor,
-        actions=[action],
-        parent=parent,
-        child=child,
-    )
-    return results[action]
diff --git a/datasette/utils/asgi.py b/datasette/utils/asgi.py
index e1631b10..bafcfb4a 100644
--- a/datasette/utils/asgi.py
+++ b/datasette/utils/asgi.py
@@ -1,82 +1,20 @@
 import json
-from typing import Optional
-from datasette.utils import MultiParams, calculate_etag, sha256_file
-from datasette.utils.multipart import (
-    parse_form_data,
-    MultipartParseError,
-    FormData,
-    DEFAULT_MAX_FILE_SIZE,
-    DEFAULT_MAX_REQUEST_SIZE,
-    DEFAULT_MAX_FIELDS,
-    DEFAULT_MAX_FILES,
-    DEFAULT_MAX_PARTS,
-    DEFAULT_MAX_FIELD_SIZE,
-    DEFAULT_MAX_MEMORY_FILE_SIZE,
-    DEFAULT_MAX_PART_HEADER_BYTES,
-    DEFAULT_MAX_PART_HEADER_LINES,
-    DEFAULT_MIN_FREE_DISK_BYTES,
-)
+from datasette.utils import RequestParameters
 from mimetypes import guess_type
-from urllib.parse import parse_qs, urlunparse, parse_qsl
+from urllib.parse import parse_qs, urlunparse
 from pathlib import Path
-from http.cookies import SimpleCookie, Morsel
-import aiofiles
-import aiofiles.os
+from html import escape
 import re
-
-# Workaround for adding samesite support to pre 3.8 python
-Morsel._reserved["samesite"] = "SameSite"
-# Thanks, Starlette:
-# https://github.com/encode/starlette/blob/519f575/starlette/responses.py#L17
+import aiofiles
 
 
-class Base400(Exception):
-    status = 400
-
-
-class NotFound(Base400):
-    status = 404
-
-
-class DatabaseNotFound(NotFound):
-    def __init__(self, database_name):
-        self.database_name = database_name
-        super().__init__("Database not found")
-
-
-class TableNotFound(NotFound):
-    def __init__(self, database_name, table):
-        super().__init__("Table not found")
-        self.database_name = database_name
-        self.table = table
-
-
-class RowNotFound(NotFound):
-    def __init__(self, database_name, table, pk_values):
-        super().__init__("Row not found")
-        self.database_name = database_name
-        self.table_name = table
-        self.pk_values = pk_values
-
-
-class Forbidden(Base400):
-    status = 403
-
-
-class BadRequest(Base400):
-    status = 400
-
-
-SAMESITE_VALUES = ("strict", "lax", "none")
+class NotFound(Exception):
+    pass
 
 
 class Request:
-    def __init__(self, scope, receive):
+    def __init__(self, scope):
         self.scope = scope
-        self.receive = receive
-
-    def __repr__(self):
-        return ''.format(self.method, self.url)
 
     @property
     def method(self):
@@ -88,158 +26,103 @@ class Request:
             (self.scheme, self.host, self.path, None, self.query_string, None)
         )
 
-    @property
-    def url_vars(self):
-        return (self.scope.get("url_route") or {}).get("kwargs") or {}
-
     @property
     def scheme(self):
         return self.scope.get("scheme") or "http"
 
     @property
     def headers(self):
-        return {
-            k.decode("latin-1").lower(): v.decode("latin-1")
-            for k, v in self.scope.get("headers") or []
-        }
+        return dict(
+            [
+                (k.decode("latin-1").lower(), v.decode("latin-1"))
+                for k, v in self.scope.get("headers") or []
+            ]
+        )
 
     @property
     def host(self):
         return self.headers.get("host") or "localhost"
 
-    @property
-    def cookies(self):
-        cookies = SimpleCookie()
-        cookies.load(self.headers.get("cookie", ""))
-        return {key: value.value for key, value in cookies.items()}
-
     @property
     def path(self):
-        if self.scope.get("raw_path") is not None:
-            return self.scope["raw_path"].decode("latin-1").partition("?")[0]
+        if "raw_path" in self.scope:
+            return self.scope["raw_path"].decode("latin-1")
         else:
-            path = self.scope["path"]
-            if isinstance(path, str):
-                return path
-            else:
-                return path.decode("utf-8")
+            return self.scope["path"].decode("utf-8")
 
     @property
     def query_string(self):
         return (self.scope.get("query_string") or b"").decode("latin-1")
 
-    @property
-    def full_path(self):
-        qs = self.query_string
-        return "{}{}".format(self.path, ("?" + qs) if qs else "")
-
     @property
     def args(self):
-        return MultiParams(parse_qs(qs=self.query_string, keep_blank_values=True))
+        return RequestParameters(parse_qs(qs=self.query_string))
 
     @property
-    def actor(self):
-        return self.scope.get("actor", None)
-
-    async def post_body(self):
-        body = b""
-        more_body = True
-        while more_body:
-            message = await self.receive()
-            assert message["type"] == "http.request", message
-            body += message.get("body", b"")
-            more_body = message.get("more_body", False)
-        return body
-
-    async def post_vars(self):
-        body = await self.post_body()
-        return dict(parse_qsl(body.decode("utf-8"), keep_blank_values=True))
-
-    async def json(self):
-        body = await self.post_body()
-        return json.loads(body)
-
-    async def form(
-        self,
-        files: bool = False,
-        max_file_size: int = DEFAULT_MAX_FILE_SIZE,
-        max_request_size: int = DEFAULT_MAX_REQUEST_SIZE,
-        max_fields: int = DEFAULT_MAX_FIELDS,
-        max_files: int = DEFAULT_MAX_FILES,
-        max_parts: Optional[int] = DEFAULT_MAX_PARTS,
-        max_field_size: int = DEFAULT_MAX_FIELD_SIZE,
-        max_memory_file_size: int = DEFAULT_MAX_MEMORY_FILE_SIZE,
-        max_part_header_bytes: int = DEFAULT_MAX_PART_HEADER_BYTES,
-        max_part_header_lines: int = DEFAULT_MAX_PART_HEADER_LINES,
-        min_free_disk_bytes: int = DEFAULT_MIN_FREE_DISK_BYTES,
-    ) -> FormData:
-        """
-        Parse form data from the request body.
-
-        Supports both application/x-www-form-urlencoded and multipart/form-data.
-
-        Args:
-            files: If True, store file uploads; if False (default), discard them
-            max_file_size: Maximum size per file in bytes (default 50MB)
-            max_request_size: Maximum total request size in bytes (default 100MB)
-            max_fields: Maximum number of form fields (default 1000)
-            max_files: Maximum number of file uploads (default 100)
-            max_parts: Maximum number of multipart parts (default max_fields + max_files)
-            max_field_size: Maximum size of a text field value in bytes (default 100KB)
-            max_memory_file_size: Threshold before files spill to disk (default 1MB)
-            max_part_header_bytes: Maximum bytes allowed in part headers (default 16KB)
-            max_part_header_lines: Maximum header lines per part (default 100)
-            min_free_disk_bytes: Minimum free bytes required in temp dir (default 50MB)
-
-        Returns:
-            FormData object with dict-like access to fields and files.
-            Use form["key"] for first value, form.getlist("key") for all values.
-
-        Raises:
-            BadRequest: If content-type is missing, unsupported, or parsing fails
-        """
-        content_type = self.headers.get("content-type", "")
-        if not content_type:
-            raise BadRequest(
-                "Missing Content-Type header; expected application/x-www-form-urlencoded "
-                "or multipart/form-data"
-            )
-
-        try:
-            return await parse_form_data(
-                receive=self.receive,
-                content_type=content_type,
-                files=files,
-                max_file_size=max_file_size,
-                max_request_size=max_request_size,
-                max_fields=max_fields,
-                max_files=max_files,
-                max_parts=max_parts,
-                max_field_size=max_field_size,
-                max_memory_file_size=max_memory_file_size,
-                max_part_header_bytes=max_part_header_bytes,
-                max_part_header_lines=max_part_header_lines,
-                min_free_disk_bytes=min_free_disk_bytes,
-            )
-        except MultipartParseError as e:
-            raise BadRequest(str(e))
+    def raw_args(self):
+        return {key: value[0] for key, value in self.args.items()}
 
     @classmethod
-    def fake(cls, path_with_query_string, method="GET", scheme="http", url_vars=None):
-        """Useful for constructing Request objects for tests"""
+    def fake(cls, path_with_query_string, method="GET", scheme="http"):
+        "Useful for constructing Request objects for tests"
         path, _, query_string = path_with_query_string.partition("?")
         scope = {
             "http_version": "1.1",
             "method": method,
             "path": path,
-            "raw_path": path_with_query_string.encode("latin-1"),
+            "raw_path": path.encode("latin-1"),
             "query_string": query_string.encode("latin-1"),
             "scheme": scheme,
             "type": "http",
         }
-        if url_vars:
-            scope["url_route"] = {"kwargs": url_vars}
-        return cls(scope, None)
+        return cls(scope)
+
+
+class AsgiRouter:
+    def __init__(self, routes=None):
+        routes = routes or []
+        self.routes = [
+            # Compile any strings to regular expressions
+            ((re.compile(pattern) if isinstance(pattern, str) else pattern), view)
+            for pattern, view in routes
+        ]
+
+    async def __call__(self, scope, receive, send):
+        # Because we care about "foo/bar" v.s. "foo%2Fbar" we decode raw_path ourselves
+        path = scope["path"]
+        raw_path = scope.get("raw_path")
+        if raw_path:
+            path = raw_path.decode("ascii")
+        for regex, view in self.routes:
+            match = regex.match(path)
+            if match is not None:
+                new_scope = dict(scope, url_route={"kwargs": match.groupdict()})
+                try:
+                    return await view(new_scope, receive, send)
+                except Exception as exception:
+                    return await self.handle_500(scope, receive, send, exception)
+        return await self.handle_404(scope, receive, send)
+
+    async def handle_404(self, scope, receive, send):
+        await send(
+            {
+                "type": "http.response.start",
+                "status": 404,
+                "headers": [[b"content-type", b"text/html"]],
+            }
+        )
+        await send({"type": "http.response.body", "body": b"
    404
    "})
+
+    async def handle_500(self, scope, receive, send, exception):
+        await send(
+            {
+                "type": "http.response.start",
+                "status": 404,
+                "headers": [[b"content-type", b"text/html"]],
+            }
+        )
+        html = "
    500
    ".format(escape(repr(exception)))
+        await send({"type": "http.response.body", "body": html.encode("latin-1")})
 
 
 class AsgiLifespan:
@@ -271,6 +154,33 @@ class AsgiLifespan:
             await self.app(scope, receive, send)
 
 
+class AsgiView:
+    def dispatch_request(self, request, *args, **kwargs):
+        handler = getattr(self, request.method.lower(), None)
+        return handler(request, *args, **kwargs)
+
+    @classmethod
+    def as_asgi(cls, *class_args, **class_kwargs):
+        async def view(scope, receive, send):
+            # Uses scope to create a request object, then dispatches that to
+            # self.get(...) or self.options(...) along with keyword arguments
+            # that were already tucked into scope["url_route"]["kwargs"] by
+            # the router, similar to how Django Channels works:
+            # https://channels.readthedocs.io/en/latest/topics/routing.html#urlrouter
+            request = Request(scope)
+            self = view.view_class(*class_args, **class_kwargs)
+            response = await self.dispatch_request(
+                request, **scope["url_route"]["kwargs"]
+            )
+            await response.asgi_send(send)
+
+        view.view_class = cls
+        view.__doc__ = cls.__doc__
+        view.__module__ = cls.__module__
+        view.__name__ = cls.__name__
+        return view
+
+
 class AsgiStream:
     def __init__(self, stream_fn, status=200, headers=None, content_type="text/plain"):
         self.stream_fn = stream_fn
@@ -280,7 +190,9 @@ class AsgiStream:
 
     async def asgi_send(self, send):
         # Remove any existing content-type header
-        headers = {k: v for k, v in self.headers.items() if k.lower() != "content-type"}
+        headers = dict(
+            [(k, v) for k, v in self.headers.items() if k.lower() != "content-type"]
+        )
         headers["content-type"] = self.content_type
         await send(
             {
@@ -325,38 +237,29 @@ async def asgi_send_json(send, info, status=200, headers=None):
 async def asgi_send_html(send, html, status=200, headers=None):
     headers = headers or {}
     await asgi_send(
-        send,
-        html,
-        status=status,
-        headers=headers,
-        content_type="text/html; charset=utf-8",
+        send, html, status=status, headers=headers, content_type="text/html"
     )
 
 
 async def asgi_send_redirect(send, location, status=302):
-    # Prevent open redirect vulnerability: collapse leading slashes and
-    # backslashes down to a single slash. //example.com is a protocol-relative
-    # URL, and browsers normalise backslashes to slashes so /\example.com would
-    # be treated as //example.com - https://github.com/simonw/datasette/issues/2680
-    location = re.sub(r"^[/\\]+", "/", location)
     await asgi_send(
         send,
         "",
         status=status,
         headers={"Location": location},
-        content_type="text/html; charset=utf-8",
+        content_type="text/html",
     )
 
 
 async def asgi_send(send, content, status, headers=None, content_type="text/plain"):
     await asgi_start(send, status, headers, content_type)
-    await send({"type": "http.response.body", "body": content.encode("utf-8")})
+    await send({"type": "http.response.body", "body": content.encode("latin-1")})
 
 
 async def asgi_start(send, status, headers=None, content_type="text/plain"):
     headers = headers or {}
     # Remove any existing content-type header
-    headers = {k: v for k, v in headers.items() if k.lower() != "content-type"}
+    headers = dict([(k, v) for k, v in headers.items() if k.lower() != "content-type"])
     headers["content-type"] = content_type
     await send(
         {
@@ -371,14 +274,12 @@ async def asgi_start(send, status, headers=None, content_type="text/plain"):
 
 
 async def asgi_send_file(
-    send, filepath, filename=None, content_type=None, chunk_size=4096, headers=None
+    send, filepath, filename=None, content_type=None, chunk_size=4096
 ):
-    headers = headers or {}
+    headers = {}
     if filename:
-        headers["content-disposition"] = f'attachment; filename="{filename}"'
-
+        headers["Content-Disposition"] = 'attachment; filename="{}"'.format(filename)
     first = True
-    headers["content-length"] = str((await aiofiles.os.stat(str(filepath))).st_size)
     async with aiofiles.open(str(filepath), mode="rb") as fp:
         if first:
             await asgi_start(
@@ -397,51 +298,24 @@ async def asgi_send_file(
             )
 
 
-HASHED_STATIC_CACHE_CONTROL = "max-age=31536000, immutable, public"
-
-
 def asgi_static(root_path, chunk_size=4096, headers=None, content_type=None):
-    root_path = Path(root_path)
-    static_headers = {}
-
-    if headers:
-        static_headers = headers.copy()
-
-    async def inner_static(request, send):
-        path = request.scope["url_route"]["kwargs"]["path"]
-        headers = static_headers.copy()
+    async def inner_static(scope, receive, send):
+        path = scope["url_route"]["kwargs"]["path"]
         try:
-            full_path = (root_path / path).resolve().absolute()
+            full_path = (Path(root_path) / path).resolve().absolute()
         except FileNotFoundError:
-            await asgi_send_html(send, "404: Directory not found", 404)
-            return
-        if full_path.is_dir():
-            await asgi_send_html(send, "403: Directory listing is not allowed", 403)
+            await asgi_send_html(send, "404", 404)
             return
         # Ensure full_path is within root_path to avoid weird "../" tricks
         try:
-            full_path.relative_to(root_path.resolve())
+            full_path.relative_to(root_path)
         except ValueError:
-            await asgi_send_html(send, "404: Path not inside root path", 404)
+            await asgi_send_html(send, "404", 404)
             return
         try:
-            # Calculate ETag for filepath
-            hash_value = request.args.get("_hash")
-            if (
-                hash_value
-                and hash_value == sha256_file(full_path, chunk_size=chunk_size)[:12]
-            ):
-                headers["Cache-Control"] = HASHED_STATIC_CACHE_CONTROL
-            etag = await calculate_etag(full_path, chunk_size=chunk_size)
-            headers["ETag"] = etag
-            if_none_match = request.headers.get("if-none-match")
-            if if_none_match and if_none_match == etag:
-                return await asgi_send(send, "", 304, headers=headers)
-            await asgi_send_file(
-                send, full_path, chunk_size=chunk_size, headers=headers
-            )
+            await asgi_send_file(send, full_path, chunk_size=chunk_size)
         except FileNotFoundError:
-            await asgi_send_html(send, "404: File not found", 404)
+            await asgi_send_html(send, "404", 404)
             return
 
     return inner_static
@@ -452,24 +326,20 @@ class Response:
         self.body = body
         self.status = status
         self.headers = headers or {}
-        self._set_cookie_headers = []
         self.content_type = content_type
 
     async def asgi_send(self, send):
         headers = {}
         headers.update(self.headers)
         headers["content-type"] = self.content_type
-        raw_headers = [
-            [key.encode("utf-8"), value.encode("utf-8")]
-            for key, value in headers.items()
-        ]
-        for set_cookie in self._set_cookie_headers:
-            raw_headers.append([b"set-cookie", set_cookie.encode("utf-8")])
         await send(
             {
                 "type": "http.response.start",
                 "status": self.status,
-                "headers": raw_headers,
+                "headers": [
+                    [key.encode("utf-8"), value.encode("utf-8")]
+                    for key, value in headers.items()
+                ],
             }
         )
         body = self.body
@@ -477,37 +347,6 @@ class Response:
             body = body.encode("utf-8")
         await send({"type": "http.response.body", "body": body})
 
-    def set_cookie(
-        self,
-        key,
-        value="",
-        max_age=None,
-        expires=None,
-        path="/",
-        domain=None,
-        secure=False,
-        httponly=False,
-        samesite="lax",
-    ):
-        assert samesite in SAMESITE_VALUES, "samesite should be one of {}".format(
-            SAMESITE_VALUES
-        )
-        cookie = SimpleCookie()
-        cookie[key] = value
-        for prop_name, prop_value in (
-            ("max_age", max_age),
-            ("expires", expires),
-            ("path", path),
-            ("domain", domain),
-            ("samesite", samesite),
-        ):
-            if prop_value is not None:
-                cookie[key][prop_name.replace("_", "-")] = prop_value
-        for prop_name, prop_value in (("secure", secure), ("httponly", httponly)):
-            if prop_value:
-                cookie[key][prop_name] = True
-        self._set_cookie_headers.append(cookie.output(header="").strip())
-
     @classmethod
     def html(cls, body, status=200, headers=None):
         return cls(
@@ -520,21 +359,12 @@ class Response:
     @classmethod
     def text(cls, body, status=200, headers=None):
         return cls(
-            str(body),
+            body,
             status=status,
             headers=headers,
             content_type="text/plain; charset=utf-8",
         )
 
-    @classmethod
-    def json(cls, body, status=200, headers=None, default=None):
-        return cls(
-            json.dumps(body, default=default),
-            status=status,
-            headers=headers,
-            content_type="application/json; charset=utf-8",
-        )
-
     @classmethod
     def redirect(cls, path, status=302, headers=None):
         headers = headers or {}
@@ -544,37 +374,11 @@ class Response:
 
 class AsgiFileDownload:
     def __init__(
-        self,
-        filepath,
-        filename=None,
-        content_type="application/octet-stream",
-        headers=None,
+        self, filepath, filename=None, content_type="application/octet-stream"
     ):
-        self.headers = headers or {}
         self.filepath = filepath
         self.filename = filename
         self.content_type = content_type
 
     async def asgi_send(self, send):
-        return await asgi_send_file(
-            send,
-            self.filepath,
-            filename=self.filename,
-            content_type=self.content_type,
-            headers=self.headers,
-        )
-
-
-class AsgiRunOnFirstRequest:
-    def __init__(self, asgi, on_startup):
-        assert isinstance(on_startup, list)
-        self.asgi = asgi
-        self.on_startup = on_startup
-        self._started = False
-
-    async def __call__(self, scope, receive, send):
-        if not self._started:
-            self._started = True
-            for hook in self.on_startup:
-                await hook()
-        return await self.asgi(scope, receive, send)
+        return await asgi_send_file(send, self.filepath, content_type=self.content_type)
diff --git a/datasette/utils/baseconv.py b/datasette/utils/baseconv.py
deleted file mode 100644
index c4b64908..00000000
--- a/datasette/utils/baseconv.py
+++ /dev/null
@@ -1,59 +0,0 @@
-"""
-Convert numbers from base 10 integers to base X strings and back again.
-
-Sample usage:
-
->>> base20 = BaseConverter('0123456789abcdefghij')
->>> base20.from_decimal(1234)
-'31e'
->>> base20.to_decimal('31e')
-1234
-
-Originally shared here: https://www.djangosnippets.org/snippets/1431/
-"""
-
-
-class BaseConverter(object):
-    decimal_digits = "0123456789"
-
-    def __init__(self, digits):
-        self.digits = digits
-
-    def encode(self, i):
-        return self.convert(i, self.decimal_digits, self.digits)
-
-    def decode(self, s):
-        return int(self.convert(s, self.digits, self.decimal_digits))
-
-    def convert(number, fromdigits, todigits):
-        # Based on http://code.activestate.com/recipes/111286/
-        if str(number)[0] == "-":
-            number = str(number)[1:]
-            neg = 1
-        else:
-            neg = 0
-
-        # make an integer out of the number
-        x = 0
-        for digit in str(number):
-            x = x * len(fromdigits) + fromdigits.index(digit)
-
-        # create the result in base 'len(todigits)'
-        if x == 0:
-            res = todigits[0]
-        else:
-            res = ""
-            while x > 0:
-                digit = x % len(todigits)
-                res = todigits[digit] + res
-                x = int(x / len(todigits))
-            if neg:
-                res = "-" + res
-        return res
-
-    convert = staticmethod(convert)
-
-
-bin = BaseConverter("01")
-hexconv = BaseConverter("0123456789ABCDEF")
-base62 = BaseConverter("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz")
diff --git a/datasette/utils/check_callable.py b/datasette/utils/check_callable.py
deleted file mode 100644
index a0997d20..00000000
--- a/datasette/utils/check_callable.py
+++ /dev/null
@@ -1,25 +0,0 @@
-import inspect
-import types
-from typing import NamedTuple, Any
-
-
-class CallableStatus(NamedTuple):
-    is_callable: bool
-    is_async_callable: bool
-
-
-def check_callable(obj: Any) -> CallableStatus:
-    if not callable(obj):
-        return CallableStatus(False, False)
-
-    if isinstance(obj, type):
-        # It's a class
-        return CallableStatus(True, False)
-
-    if isinstance(obj, types.FunctionType):
-        return CallableStatus(True, inspect.iscoroutinefunction(obj))
-
-    if hasattr(obj, "__call__"):
-        return CallableStatus(True, inspect.iscoroutinefunction(obj.__call__))
-
-    assert False, "obj {} is somehow callable with no __call__ method".format(repr(obj))
diff --git a/datasette/utils/internal_db.py b/datasette/utils/internal_db.py
deleted file mode 100644
index bf172667..00000000
--- a/datasette/utils/internal_db.py
+++ /dev/null
@@ -1,269 +0,0 @@
-import textwrap
-from datasette.utils import table_column_details
-
-
-async def init_internal_db(db):
-    create_tables_sql = textwrap.dedent("""
-    CREATE TABLE IF NOT EXISTS catalog_databases (
-        database_name TEXT PRIMARY KEY,
-        path TEXT,
-        is_memory INTEGER,
-        schema_version INTEGER
-    );
-    CREATE TABLE IF NOT EXISTS catalog_tables (
-        database_name TEXT,
-        table_name TEXT,
-        rootpage INTEGER,
-        sql TEXT,
-        PRIMARY KEY (database_name, table_name),
-        FOREIGN KEY (database_name) REFERENCES catalog_databases(database_name)
-    );
-    CREATE TABLE IF NOT EXISTS catalog_views (
-        database_name TEXT,
-        view_name TEXT,
-        rootpage INTEGER,
-        sql TEXT,
-        PRIMARY KEY (database_name, view_name),
-        FOREIGN KEY (database_name) REFERENCES catalog_databases(database_name)
-    );
-    CREATE TABLE IF NOT EXISTS catalog_columns (
-        database_name TEXT,
-        table_name TEXT,
-        cid INTEGER,
-        name TEXT,
-        type TEXT,
-        "notnull" INTEGER,
-        default_value TEXT, -- renamed from dflt_value
-        is_pk INTEGER, -- renamed from pk
-        hidden INTEGER,
-        PRIMARY KEY (database_name, table_name, name),
-        FOREIGN KEY (database_name) REFERENCES catalog_databases(database_name),
-        FOREIGN KEY (database_name, table_name) REFERENCES catalog_tables(database_name, table_name)
-    );
-    CREATE TABLE IF NOT EXISTS catalog_indexes (
-        database_name TEXT,
-        table_name TEXT,
-        seq INTEGER,
-        name TEXT,
-        "unique" INTEGER,
-        origin TEXT,
-        partial INTEGER,
-        PRIMARY KEY (database_name, table_name, name),
-        FOREIGN KEY (database_name) REFERENCES catalog_databases(database_name),
-        FOREIGN KEY (database_name, table_name) REFERENCES catalog_tables(database_name, table_name)
-    );
-    CREATE TABLE IF NOT EXISTS catalog_foreign_keys (
-        database_name TEXT,
-        table_name TEXT,
-        id INTEGER,
-        seq INTEGER,
-        "table" TEXT,
-        "from" TEXT,
-        "to" TEXT,
-        on_update TEXT,
-        on_delete TEXT,
-        match TEXT,
-        PRIMARY KEY (database_name, table_name, id, seq),
-        FOREIGN KEY (database_name) REFERENCES catalog_databases(database_name),
-        FOREIGN KEY (database_name, table_name) REFERENCES catalog_tables(database_name, table_name)
-    );
-    """).strip()
-    await db.execute_write_script(create_tables_sql)
-    await initialize_metadata_tables(db)
-
-
-async def initialize_metadata_tables(db):
-    await db.execute_write_script(textwrap.dedent("""
-        CREATE TABLE IF NOT EXISTS metadata_instance (
-            key text,
-            value text,
-            unique(key)
-        );
-
-        CREATE TABLE IF NOT EXISTS metadata_databases (
-            database_name text,
-            key text,
-            value text,
-            unique(database_name, key)
-        );
-
-        CREATE TABLE IF NOT EXISTS metadata_resources (
-            database_name text,
-            resource_name text,
-            key text,
-            value text,
-            unique(database_name, resource_name, key)
-        );
-
-        CREATE TABLE IF NOT EXISTS metadata_columns (
-            database_name text,
-            resource_name text,
-            column_name text,
-            key text,
-            value text,
-            unique(database_name, resource_name, column_name, key)
-        );
-
-        CREATE TABLE IF NOT EXISTS column_types (
-            database_name TEXT NOT NULL,
-            resource_name TEXT NOT NULL,
-            column_name TEXT NOT NULL,
-            column_type TEXT NOT NULL,
-            config TEXT,
-            PRIMARY KEY (database_name, resource_name, column_name)
-        );
-
-        CREATE TABLE IF NOT EXISTS queries (
-            database_name TEXT NOT NULL,
-            name TEXT NOT NULL,
-            sql TEXT NOT NULL,
-            title TEXT,
-            description TEXT,
-            description_html TEXT,
-            options TEXT NOT NULL DEFAULT '{}',
-            parameters TEXT NOT NULL DEFAULT '[]',
-            is_write INTEGER NOT NULL DEFAULT 0 CHECK (is_write IN (0, 1)),
-            is_private INTEGER NOT NULL DEFAULT 0 CHECK (is_private IN (0, 1)),
-            is_trusted INTEGER NOT NULL DEFAULT 0 CHECK (is_trusted IN (0, 1)),
-            source TEXT NOT NULL DEFAULT 'user',
-            owner_id TEXT,
-            created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP,
-            updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP,
-            PRIMARY KEY (database_name, name)
-        );
-
-        CREATE INDEX IF NOT EXISTS queries_owner_idx
-            ON queries(owner_id);
-            """))
-
-
-async def populate_schema_tables(internal_db, db):
-    database_name = db.name
-
-    def delete_everything(conn):
-        conn.execute(
-            "DELETE FROM catalog_tables WHERE database_name = ?", [database_name]
-        )
-        conn.execute(
-            "DELETE FROM catalog_views WHERE database_name = ?", [database_name]
-        )
-        conn.execute(
-            "DELETE FROM catalog_columns WHERE database_name = ?", [database_name]
-        )
-        conn.execute(
-            "DELETE FROM catalog_foreign_keys WHERE database_name = ?",
-            [database_name],
-        )
-        conn.execute(
-            "DELETE FROM catalog_indexes WHERE database_name = ?", [database_name]
-        )
-
-    await internal_db.execute_write_fn(delete_everything)
-
-    tables = (await db.execute("select * from sqlite_master WHERE type = 'table'")).rows
-    views = (await db.execute("select * from sqlite_master WHERE type = 'view'")).rows
-
-    def collect_info(conn):
-        tables_to_insert = []
-        views_to_insert = []
-        columns_to_insert = []
-        foreign_keys_to_insert = []
-        indexes_to_insert = []
-
-        for view in views:
-            view_name = view["name"]
-            views_to_insert.append(
-                (database_name, view_name, view["rootpage"], view["sql"])
-            )
-
-        for table in tables:
-            table_name = table["name"]
-            tables_to_insert.append(
-                (database_name, table_name, table["rootpage"], table["sql"])
-            )
-            columns = table_column_details(conn, table_name)
-            columns_to_insert.extend(
-                {
-                    **{"database_name": database_name, "table_name": table_name},
-                    **column._asdict(),
-                }
-                for column in columns
-            )
-            foreign_keys = conn.execute(
-                f"PRAGMA foreign_key_list([{table_name}])"
-            ).fetchall()
-            foreign_keys_to_insert.extend(
-                {
-                    **{"database_name": database_name, "table_name": table_name},
-                    **dict(foreign_key),
-                }
-                for foreign_key in foreign_keys
-            )
-            indexes = conn.execute(f"PRAGMA index_list([{table_name}])").fetchall()
-            indexes_to_insert.extend(
-                {
-                    **{"database_name": database_name, "table_name": table_name},
-                    **dict(index),
-                }
-                for index in indexes
-            )
-        return (
-            tables_to_insert,
-            views_to_insert,
-            columns_to_insert,
-            foreign_keys_to_insert,
-            indexes_to_insert,
-        )
-
-    (
-        tables_to_insert,
-        views_to_insert,
-        columns_to_insert,
-        foreign_keys_to_insert,
-        indexes_to_insert,
-    ) = await db.execute_fn(collect_info)
-
-    await internal_db.execute_write_many(
-        """
-        INSERT INTO catalog_tables (database_name, table_name, rootpage, sql)
-        values (?, ?, ?, ?)
-    """,
-        tables_to_insert,
-    )
-    await internal_db.execute_write_many(
-        """
-        INSERT INTO catalog_views (database_name, view_name, rootpage, sql)
-        values (?, ?, ?, ?)
-    """,
-        views_to_insert,
-    )
-    await internal_db.execute_write_many(
-        """
-        INSERT INTO catalog_columns (
-            database_name, table_name, cid, name, type, "notnull", default_value, is_pk, hidden
-        ) VALUES (
-            :database_name, :table_name, :cid, :name, :type, :notnull, :default_value, :is_pk, :hidden
-        )
-    """,
-        columns_to_insert,
-    )
-    await internal_db.execute_write_many(
-        """
-        INSERT INTO catalog_foreign_keys (
-            database_name, table_name, "id", seq, "table", "from", "to", on_update, on_delete, match
-        ) VALUES (
-            :database_name, :table_name, :id, :seq, :table, :from, :to, :on_update, :on_delete, :match
-        )
-    """,
-        foreign_keys_to_insert,
-    )
-    await internal_db.execute_write_many(
-        """
-        INSERT INTO catalog_indexes (
-            database_name, table_name, seq, name, "unique", origin, partial
-        ) VALUES (
-            :database_name, :table_name, :seq, :name, :unique, :origin, :partial
-        )
-    """,
-        indexes_to_insert,
-    )
diff --git a/datasette/utils/multipart.py b/datasette/utils/multipart.py
deleted file mode 100644
index cfa77486..00000000
--- a/datasette/utils/multipart.py
+++ /dev/null
@@ -1,757 +0,0 @@
-"""
-Streaming multipart/form-data parser for ASGI applications.
-
-Supports:
-- Streaming parsing without buffering entire body in memory
-- Files spill to disk above configurable threshold
-- Security limits on request size, file size, field count
-- Both multipart/form-data and application/x-www-form-urlencoded
-"""
-
-import asyncio
-import shutil
-import tempfile
-from dataclasses import dataclass, field
-from typing import (
-    Any,
-    Callable,
-    Dict,
-    List,
-    Optional,
-    Tuple,
-    Union,
-)
-from urllib.parse import parse_qsl
-
-# Centralized defaults for multipart/form-data parsing
-DEFAULT_MAX_FILE_SIZE = 50 * 1024 * 1024  # 50MB
-DEFAULT_MAX_REQUEST_SIZE = 100 * 1024 * 1024  # 100MB
-DEFAULT_MAX_FIELDS = 1000
-DEFAULT_MAX_FILES = 100
-# If max_parts is not specified, it defaults to max_fields + max_files
-DEFAULT_MAX_PARTS: Optional[int] = None
-DEFAULT_MAX_FIELD_SIZE = 100 * 1024  # 100KB
-DEFAULT_MAX_MEMORY_FILE_SIZE = 1024 * 1024  # 1MB
-DEFAULT_MAX_PART_HEADER_BYTES = 16 * 1024  # 16KB
-DEFAULT_MAX_PART_HEADER_LINES = 100
-DEFAULT_MIN_FREE_DISK_BYTES = 50 * 1024 * 1024  # 50MB
-
-
-class MultipartParseError(Exception):
-    """Raised when multipart parsing fails."""
-
-    pass
-
-
-@dataclass
-class UploadedFile:
-    """
-    Represents an uploaded file from a multipart form.
-
-    Attributes:
-        name: The form field name
-        filename: The original filename from the upload
-        content_type: The MIME type of the file
-        size: Size in bytes
-    """
-
-    name: str
-    filename: str
-    content_type: Optional[str]
-    size: int
-    _file: tempfile.SpooledTemporaryFile = field(repr=False)
-
-    async def read(self, size: int = -1) -> bytes:
-        """Read file contents."""
-        return await asyncio.to_thread(self._file.read, size)
-
-    async def seek(self, offset: int, whence: int = 0) -> int:
-        """Seek to position in file."""
-        return await asyncio.to_thread(self._file.seek, offset, whence)
-
-    async def close(self) -> None:
-        """Close the underlying file."""
-        await asyncio.to_thread(self._file.close)
-
-    def close_sync(self) -> None:
-        """Close the underlying file synchronously."""
-        self._file.close()
-
-    async def __aenter__(self):
-        return self
-
-    async def __aexit__(self, exc_type, exc, tb):
-        await self.close()
-
-    def __del__(self):
-        try:
-            self._file.close()
-        except Exception:
-            pass
-
-
-class FormData:
-    """
-    Container for parsed form data, supporting both fields and files.
-
-    Provides dict-like access with support for multiple values per key.
-    """
-
-    def __init__(self):
-        self._data: List[Tuple[str, Union[str, UploadedFile]]] = []
-
-    def append(self, key: str, value: Union[str, UploadedFile]) -> None:
-        """Add a key-value pair."""
-        self._data.append((key, value))
-
-    def __getitem__(self, key: str) -> Union[str, UploadedFile]:
-        """Get the first value for a key."""
-        for k, v in self._data:
-            if k == key:
-                return v
-        raise KeyError(key)
-
-    def get(self, key: str, default: Any = None) -> Optional[Union[str, UploadedFile]]:
-        """Get the first value for a key, or default if not found."""
-        try:
-            return self[key]
-        except KeyError:
-            return default
-
-    def getlist(self, key: str) -> List[Union[str, UploadedFile]]:
-        """Get all values for a key."""
-        return [v for k, v in self._data if k == key]
-
-    def __contains__(self, key: str) -> bool:
-        """Check if key exists."""
-        return any(k == key for k, _ in self._data)
-
-    def __len__(self) -> int:
-        """Return number of items."""
-        return len(self._data)
-
-    def __iter__(self):
-        """Iterate over unique keys."""
-        seen = set()
-        for k, _ in self._data:
-            if k not in seen:
-                seen.add(k)
-                yield k
-
-    def keys(self):
-        """Return unique keys."""
-        return list(self)
-
-    def items(self) -> List[Tuple[str, Union[str, UploadedFile]]]:
-        """Return all key-value pairs."""
-        return list(self._data)
-
-    def values(self) -> List[Union[str, UploadedFile]]:
-        """Return all values."""
-        return [v for _, v in self._data]
-
-    def _uploaded_files(self) -> List[UploadedFile]:
-        """Return UploadedFile instances contained in this form."""
-        return [v for _, v in self._data if isinstance(v, UploadedFile)]
-
-    def close(self) -> None:
-        """
-        Close any uploaded files.
-
-        This provides deterministic cleanup for spooled temp files.
-        """
-        for uploaded in self._uploaded_files():
-            try:
-                uploaded.close_sync()
-            except Exception:
-                # Best-effort cleanup; ignore close errors
-                pass
-
-    async def aclose(self) -> None:
-        """Asynchronously close any uploaded files."""
-        for uploaded in self._uploaded_files():
-            try:
-                await uploaded.close()
-            except Exception:
-                # Best-effort cleanup; ignore close errors
-                pass
-
-    def __enter__(self):
-        return self
-
-    def __exit__(self, exc_type, exc, tb):
-        self.close()
-
-    async def __aenter__(self):
-        return self
-
-    async def __aexit__(self, exc_type, exc, tb):
-        await self.aclose()
-
-
-def parse_content_disposition(header: str) -> Dict[str, Optional[str]]:
-    """
-    Parse Content-Disposition header value.
-
-    Returns dict with 'name', 'filename' keys (filename may be None).
-    """
-    result: Dict[str, Optional[str]] = {"name": None, "filename": None}
-
-    # Split on semicolons, handling quoted strings
-    parts = []
-    current = ""
-    in_quotes = False
-    i = 0
-    while i < len(header):
-        char = header[i]
-        if char == '"' and (i == 0 or header[i - 1] != "\\"):
-            in_quotes = not in_quotes
-            current += char
-        elif char == ";" and not in_quotes:
-            parts.append(current.strip())
-            current = ""
-        else:
-            current += char
-        i += 1
-    if current.strip():
-        parts.append(current.strip())
-
-    for part in parts[1:]:  # Skip the "form-data" part
-        if "=" not in part:
-            continue
-
-        key, _, value = part.partition("=")
-        key = key.strip().lower()
-        value = value.strip()
-
-        # Handle filename* (RFC 5987 encoding)
-        if key == "filename*":
-            # Format: utf-8''encoded_filename or charset'language'encoded_filename
-            if "'" in value:
-                parts_star = value.split("'", 2)
-                if len(parts_star) >= 3:
-                    # charset = parts_star[0]
-                    # language = parts_star[1]
-                    encoded = parts_star[2]
-                    # URL decode
-                    try:
-                        from urllib.parse import unquote
-
-                        result["filename"] = unquote(encoded, encoding="utf-8")
-                    except Exception:
-                        pass
-            continue
-
-        # Remove quotes if present
-        if value.startswith('"') and value.endswith('"'):
-            value = value[1:-1]
-            # Unescape backslash sequences
-            value = value.replace('\\"', '"').replace("\\\\", "\\")
-
-        if key == "name":
-            result["name"] = value
-        elif key == "filename":
-            # Only set if filename* hasn't already set it
-            if result["filename"] is None:
-                # Strip path components (security)
-                # Handle both Unix and Windows paths
-                value = value.replace("\\", "/")
-                if "/" in value:
-                    value = value.rsplit("/", 1)[-1]
-                result["filename"] = value
-
-    return result
-
-
-def parse_content_type(header: str) -> Tuple[str, Dict[str, str]]:
-    """
-    Parse Content-Type header value.
-
-    Returns (media_type, parameters_dict).
-    """
-    parts = header.split(";")
-    media_type = parts[0].strip().lower()
-    params = {}
-
-    for part in parts[1:]:
-        part = part.strip()
-        if "=" in part:
-            key, _, value = part.partition("=")
-            key = key.strip().lower()
-            value = value.strip()
-            # Remove quotes if present
-            if value.startswith('"') and value.endswith('"'):
-                value = value[1:-1]
-            params[key] = value
-
-    return media_type, params
-
-
-class MultipartParser:
-    """
-    Streaming multipart/form-data parser.
-
-    Processes the body chunk by chunk without loading everything into memory.
-    """
-
-    # Parser states
-    STATE_PREAMBLE = 0
-    STATE_HEADER = 1
-    STATE_BODY = 2
-    STATE_DONE = 3
-
-    def __init__(
-        self,
-        boundary: bytes,
-        max_file_size: int = DEFAULT_MAX_FILE_SIZE,
-        max_request_size: int = DEFAULT_MAX_REQUEST_SIZE,
-        max_fields: int = DEFAULT_MAX_FIELDS,
-        max_files: int = DEFAULT_MAX_FILES,
-        max_parts: Optional[int] = DEFAULT_MAX_PARTS,
-        max_field_size: int = DEFAULT_MAX_FIELD_SIZE,
-        max_memory_file_size: int = DEFAULT_MAX_MEMORY_FILE_SIZE,
-        max_part_header_bytes: int = DEFAULT_MAX_PART_HEADER_BYTES,
-        max_part_header_lines: int = DEFAULT_MAX_PART_HEADER_LINES,
-        min_free_disk_bytes: int = DEFAULT_MIN_FREE_DISK_BYTES,
-        handle_files: bool = False,
-    ):
-        self.boundary = b"--" + boundary
-        self.end_boundary = self.boundary + b"--"
-        self.max_file_size = max_file_size
-        self.max_request_size = max_request_size
-        self.max_fields = max_fields
-        self.max_files = max_files
-        # If not specified, tie max_parts to the other cardinality limits
-        if max_parts is None:
-            max_parts = max_fields + max_files
-        self.max_parts = max_parts
-        self.max_field_size = max_field_size
-        self.max_memory_file_size = max_memory_file_size
-        self.max_part_header_bytes = max_part_header_bytes
-        self.max_part_header_lines = max_part_header_lines
-        self.min_free_disk_bytes = min_free_disk_bytes
-        self.handle_files = handle_files
-
-        self.state = self.STATE_PREAMBLE
-        self.buffer = bytearray()
-        self.total_bytes = 0
-        self.field_count = 0
-        self.file_count = 0
-        self.part_count = 0
-        self.current_part_size = 0
-        self.current_header_bytes = 0
-        self.current_header_lines = 0
-
-        self.form_data = FormData()
-        self._disk_check_interval_bytes = 1024 * 1024  # 1MB between disk checks
-        self._bytes_since_disk_check = 0
-        self._tempdir = tempfile.gettempdir()
-
-        # Current part state
-        self.current_headers: Dict[str, str] = {}
-        self.current_file: Optional[tempfile.SpooledTemporaryFile] = None
-        self.current_body = bytearray()
-        self.current_name: Optional[str] = None
-        self.current_filename: Optional[str] = None
-        self.current_content_type: Optional[str] = None
-
-    def feed(self, chunk: bytes) -> None:
-        """Feed a chunk of data to the parser."""
-        self.total_bytes += len(chunk)
-        if self.total_bytes > self.max_request_size:
-            raise MultipartParseError("Request body too large")
-
-        self.buffer.extend(chunk)
-        self._process()
-
-    def _process(self) -> None:
-        """Process buffered data."""
-        while True:
-            if self.state == self.STATE_PREAMBLE:
-                if not self._process_preamble():
-                    break
-            elif self.state == self.STATE_HEADER:
-                if not self._process_header():
-                    break
-            elif self.state == self.STATE_BODY:
-                if not self._process_body():
-                    break
-            elif self.state == self.STATE_DONE:
-                break
-
-    def _process_preamble(self) -> bool:
-        """Skip preamble and find first boundary."""
-        # Look for boundary (could be at start or after preamble)
-        # Try both \r\n prefixed and bare boundary at start
-        idx = self.buffer.find(self.boundary)
-        if idx == -1:
-            # Keep potential partial boundary at end
-            keep = len(self.boundary) - 1
-            if len(self.buffer) > keep:
-                self.buffer = self.buffer[-keep:]
-            return False
-
-        # Found boundary, skip to after it
-        after_boundary = idx + len(self.boundary)
-
-        # Check for end boundary
-        if self.buffer[idx : idx + len(self.end_boundary)] == self.end_boundary:
-            self.state = self.STATE_DONE
-            return False
-
-        # Skip CRLF or LF after boundary
-        if after_boundary < len(self.buffer):
-            if self.buffer[after_boundary : after_boundary + 2] == b"\r\n":
-                after_boundary += 2
-            elif self.buffer[after_boundary : after_boundary + 1] == b"\n":
-                after_boundary += 1
-
-        self.buffer = self.buffer[after_boundary:]
-        self.state = self.STATE_HEADER
-        self.current_headers = {}
-        self.current_header_bytes = 0
-        self.current_header_lines = 0
-        return True
-
-    def _process_header(self) -> bool:
-        """Parse part headers."""
-        while True:
-            # Look for end of header line
-            crlf_idx = self.buffer.find(b"\r\n")
-            lf_idx = self.buffer.find(b"\n")
-
-            if crlf_idx == -1 and lf_idx == -1:
-                # Guard against unbounded header buffering if no newline is ever sent
-                if len(self.buffer) > self.max_part_header_bytes:
-                    raise MultipartParseError("Part headers too large")
-                return False  # Need more data
-
-            # Use whichever comes first
-            if crlf_idx != -1 and (lf_idx == -1 or crlf_idx < lf_idx):
-                idx = crlf_idx
-                line_end_len = 2
-            else:
-                idx = lf_idx
-                line_end_len = 1
-
-            line = self.buffer[:idx]
-            self.buffer = self.buffer[idx + line_end_len :]
-
-            self.current_header_lines += 1
-            self.current_header_bytes += idx + line_end_len
-            if (
-                self.current_header_lines > self.max_part_header_lines
-                or self.current_header_bytes > self.max_part_header_bytes
-            ):
-                raise MultipartParseError("Part headers too large")
-
-            if not line:
-                # Empty line = end of headers
-                self._start_body()
-                self.state = self.STATE_BODY
-                return True
-
-            # Parse header
-            try:
-                line_str = line.decode("utf-8", errors="replace")
-            except Exception:
-                line_str = line.decode("latin-1")
-
-            if ":" in line_str:
-                name, _, value = line_str.partition(":")
-                self.current_headers[name.strip().lower()] = value.strip()
-
-    def _start_body(self) -> None:
-        """Initialize body parsing for current part."""
-        self.part_count += 1
-        if self.part_count > self.max_parts:
-            raise MultipartParseError("Too many parts")
-
-        # Parse Content-Disposition
-        cd = self.current_headers.get("content-disposition", "")
-        parsed = parse_content_disposition(cd)
-        self.current_name = parsed.get("name")
-        self.current_filename = parsed.get("filename")
-        self.current_content_type = self.current_headers.get("content-type")
-        self.current_part_size = 0
-
-        if self.current_filename is not None:
-            # It's a file
-            self.file_count += 1
-            if self.file_count > self.max_files:
-                raise MultipartParseError("Too many files")
-            if self.handle_files:
-                self.current_file = tempfile.SpooledTemporaryFile(
-                    max_size=self.max_memory_file_size
-                )
-            else:
-                # Will discard file content
-                self.current_file = None
-        else:
-            # It's a text field
-            self.field_count += 1
-            if self.field_count > self.max_fields:
-                raise MultipartParseError("Too many fields")
-            self.current_body = bytearray()
-            self.current_file = None
-
-        # Check disk space before allocating a spooled temp file
-        if self.current_filename is not None and self.handle_files:
-            self._ensure_disk_space()
-
-    def _process_body(self) -> bool:
-        """Process body data for current part."""
-        # Look for boundary in buffer
-        # Need to handle boundary potentially split across chunks
-
-        # The boundary is preceded by \r\n (or \n for lenient parsing)
-        search_boundary = b"\r\n" + self.boundary
-
-        idx = self.buffer.find(search_boundary)
-        if idx == -1:
-            # Try LF-only boundary (lenient)
-            search_boundary_lf = b"\n" + self.boundary
-            idx = self.buffer.find(search_boundary_lf)
-            if idx != -1:
-                search_boundary = search_boundary_lf
-
-        if idx == -1:
-            # No boundary found yet
-            # Keep potential partial boundary at end of buffer
-            safe_len = len(self.buffer) - len(search_boundary) - 1
-            if safe_len > 0:
-                safe_data = self.buffer[:safe_len]
-                self._write_body_data(bytes(safe_data))
-                self.buffer = self.buffer[safe_len:]
-            return False
-
-        # Found boundary - write remaining body data
-        body_data = self.buffer[:idx]
-        self._write_body_data(bytes(body_data))
-
-        # Move past the boundary
-        after_boundary = idx + len(search_boundary)
-
-        # Check for end boundary
-        remaining = self.buffer[after_boundary:]
-        if remaining.startswith(b"--"):
-            # End boundary
-            self._finish_part()
-            self.state = self.STATE_DONE
-            return False
-
-        # Skip CRLF or LF after boundary
-        if remaining.startswith(b"\r\n"):
-            after_boundary += 2
-        elif remaining.startswith(b"\n"):
-            after_boundary += 1
-
-        self.buffer = self.buffer[after_boundary:]
-        self._finish_part()
-        self.state = self.STATE_HEADER
-        self.current_headers = {}
-        self.current_header_bytes = 0
-        self.current_header_lines = 0
-        return True
-
-    def _write_body_data(self, data: bytes) -> None:
-        """Write data to current part body."""
-        if not data:
-            return
-
-        self.current_part_size += len(data)
-
-        if self.current_filename is not None:
-            # File data
-            if self.current_part_size > self.max_file_size:
-                raise MultipartParseError("File too large")
-            if self.handle_files and self.current_file:
-                self._bytes_since_disk_check += len(data)
-                if self._bytes_since_disk_check >= self._disk_check_interval_bytes:
-                    self._ensure_disk_space()
-                    self._bytes_since_disk_check = 0
-                self.current_file.write(data)
-            # else: discard file data
-        else:
-            # Field data
-            if self.current_part_size > self.max_field_size:
-                raise MultipartParseError("Field value too large")
-            self.current_body.extend(data)
-
-    def _finish_part(self) -> None:
-        """Finalize current part and add to form data."""
-        if self.current_name is None:
-            return
-
-        if self.current_filename is not None:
-            # File
-            if self.handle_files and self.current_file:
-                self.current_file.seek(0)
-                uploaded = UploadedFile(
-                    name=self.current_name,
-                    filename=self.current_filename,
-                    content_type=self.current_content_type,
-                    size=self.current_part_size,
-                    _file=self.current_file,
-                )
-                self.form_data.append(self.current_name, uploaded)
-            # else: file was discarded
-        else:
-            # Text field
-            try:
-                value = bytes(self.current_body).decode("utf-8")
-            except UnicodeDecodeError:
-                value = bytes(self.current_body).decode("latin-1")
-            self.form_data.append(self.current_name, value)
-
-        # Reset part state
-        self.current_file = None
-        self.current_body = bytearray()
-        self.current_name = None
-        self.current_filename = None
-        self.current_content_type = None
-
-    def finalize(self) -> FormData:
-        """Finalize parsing and return form data."""
-        # Process any remaining data
-        self._process()
-        if self.state != self.STATE_DONE:
-            raise MultipartParseError(
-                "Truncated multipart body (missing closing boundary)"
-            )
-        return self.form_data
-
-    def _ensure_disk_space(self) -> None:
-        """
-        Ensure there is enough free space on the temp filesystem.
-
-        This is a best-effort guard against filling the disk with uploads.
-        """
-        if not self.handle_files:
-            return
-        if self.min_free_disk_bytes <= 0:
-            return
-        free_bytes = shutil.disk_usage(self._tempdir).free
-        if free_bytes < self.min_free_disk_bytes:
-            raise MultipartParseError("Insufficient disk space for uploads")
-
-
-async def parse_form_data(
-    receive: Callable,
-    content_type: str,
-    files: bool = False,
-    max_file_size: int = DEFAULT_MAX_FILE_SIZE,
-    max_request_size: int = DEFAULT_MAX_REQUEST_SIZE,
-    max_fields: int = DEFAULT_MAX_FIELDS,
-    max_files: int = DEFAULT_MAX_FILES,
-    max_parts: Optional[int] = DEFAULT_MAX_PARTS,
-    max_field_size: int = DEFAULT_MAX_FIELD_SIZE,
-    max_memory_file_size: int = DEFAULT_MAX_MEMORY_FILE_SIZE,
-    max_part_header_bytes: int = DEFAULT_MAX_PART_HEADER_BYTES,
-    max_part_header_lines: int = DEFAULT_MAX_PART_HEADER_LINES,
-    min_free_disk_bytes: int = DEFAULT_MIN_FREE_DISK_BYTES,
-) -> FormData:
-    """
-    Parse form data from an ASGI receive callable.
-
-    Supports both application/x-www-form-urlencoded and multipart/form-data.
-
-    Args:
-        receive: ASGI receive callable
-        content_type: Content-Type header value
-        files: If True, store file uploads; if False, discard them
-        max_file_size: Maximum size per file in bytes
-        max_request_size: Maximum total request size in bytes
-        max_fields: Maximum number of form fields
-        max_files: Maximum number of file uploads
-        max_field_size: Maximum size of a text field value
-        max_memory_file_size: File size threshold before spilling to disk
-
-    Returns:
-        FormData object containing parsed fields and files
-    """
-    media_type, params = parse_content_type(content_type)
-
-    if media_type == "application/x-www-form-urlencoded":
-        # Read entire body for URL-encoded forms (they're typically small)
-        body = bytearray()
-        total = 0
-        while True:
-            message = await receive()
-            message_type = message.get("type")
-            if message_type == "http.disconnect":
-                raise MultipartParseError("Client disconnected during request body")
-            if message_type is not None and message_type != "http.request":
-                continue
-            chunk = message.get("body", b"")
-            total += len(chunk)
-            if total > max_request_size:
-                raise MultipartParseError("Request body too large")
-            body.extend(chunk)
-            if not message.get("more_body", False):
-                break
-
-        form_data = FormData()
-        try:
-            pairs = parse_qsl(bytes(body).decode("utf-8"), keep_blank_values=True)
-        except UnicodeDecodeError:
-            pairs = parse_qsl(bytes(body).decode("latin-1"), keep_blank_values=True)
-
-        for key, value in pairs:
-            form_data.append(key, value)
-
-        return form_data
-
-    elif media_type == "multipart/form-data":
-        boundary = params.get("boundary")
-        if not boundary:
-            raise MultipartParseError("Missing boundary in Content-Type")
-
-        parser = MultipartParser(
-            boundary=boundary.encode("utf-8"),
-            max_file_size=max_file_size,
-            max_request_size=max_request_size,
-            max_fields=max_fields,
-            max_files=max_files,
-            max_parts=max_parts,
-            max_field_size=max_field_size,
-            max_memory_file_size=max_memory_file_size,
-            max_part_header_bytes=max_part_header_bytes,
-            max_part_header_lines=max_part_header_lines,
-            min_free_disk_bytes=min_free_disk_bytes,
-            handle_files=files,
-        )
-
-        # Stream body through parser
-        batch_target = 64 * 1024
-        batch = bytearray()
-
-        async def flush_batch() -> None:
-            if batch:
-                data = bytes(batch)
-                batch.clear()
-                await asyncio.to_thread(parser.feed, data)
-
-        while True:
-            message = await receive()
-            message_type = message.get("type")
-            if message_type == "http.disconnect":
-                raise MultipartParseError("Client disconnected during request body")
-            if message_type is not None and message_type != "http.request":
-                continue
-            chunk = message.get("body", b"")
-            if chunk:
-                batch.extend(chunk)
-                if len(batch) >= batch_target:
-                    await flush_batch()
-            if not message.get("more_body", False):
-                break
-
-        await flush_batch()
-        return await asyncio.to_thread(parser.finalize)
-
-    else:
-        raise MultipartParseError(
-            f"Unsupported Content-Type: {media_type}. "
-            "Expected application/x-www-form-urlencoded or multipart/form-data"
-        )
diff --git a/datasette/utils/permissions.py b/datasette/utils/permissions.py
deleted file mode 100644
index fd1e41a1..00000000
--- a/datasette/utils/permissions.py
+++ /dev/null
@@ -1,436 +0,0 @@
-# perm_utils.py
-from __future__ import annotations
-
-import json
-from typing import Any, Dict, Iterable, List, Sequence, Tuple
-import sqlite3
-
-from datasette.permissions import PermissionSQL
-from datasette.plugins import pm
-from datasette.utils import await_me_maybe
-
-# Sentinel object to indicate permission checks should be skipped
-SKIP_PERMISSION_CHECKS = object()
-
-
-async def gather_permission_sql_from_hooks(
-    *, datasette, actor: dict | None, action: str
-) -> List[PermissionSQL] | object:
-    """Collect PermissionSQL objects from the permission_resources_sql hook.
-
-    Ensures that each returned PermissionSQL has a populated ``source``.
-
-    Returns SKIP_PERMISSION_CHECKS sentinel if skip_permission_checks context variable
-    is set, signaling that all permission checks should be bypassed.
-    """
-    from datasette.permissions import _skip_permission_checks
-
-    # Check if we should skip permission checks BEFORE calling hooks
-    # This avoids creating unawaited coroutines
-    if _skip_permission_checks.get():
-        return SKIP_PERMISSION_CHECKS
-
-    hook_caller = pm.hook.permission_resources_sql
-    hookimpls = hook_caller.get_hookimpls()
-    hook_results = list(hook_caller(datasette=datasette, actor=actor, action=action))
-
-    collected: List[PermissionSQL] = []
-    actor_json = json.dumps(actor) if actor is not None else None
-    actor_id = actor.get("id") if isinstance(actor, dict) else None
-
-    for index, result in enumerate(hook_results):
-        hookimpl = hookimpls[index]
-        resolved = await await_me_maybe(result)
-        default_source = _plugin_name_from_hookimpl(hookimpl)
-        for permission_sql in _iter_permission_sql_from_result(resolved, action=action):
-            if not permission_sql.source:
-                permission_sql.source = default_source
-            params = permission_sql.params or {}
-            params.setdefault("action", action)
-            params.setdefault("actor", actor_json)
-            params.setdefault("actor_id", actor_id)
-            collected.append(permission_sql)
-
-    return collected
-
-
-def _plugin_name_from_hookimpl(hookimpl) -> str:
-    if getattr(hookimpl, "plugin_name", None):
-        return hookimpl.plugin_name
-    plugin = getattr(hookimpl, "plugin", None)
-    if hasattr(plugin, "__name__"):
-        return plugin.__name__
-    return repr(plugin)
-
-
-def _iter_permission_sql_from_result(
-    result: Any, *, action: str
-) -> Iterable[PermissionSQL]:
-    if result is None:
-        return []
-    if isinstance(result, PermissionSQL):
-        return [result]
-    if isinstance(result, (list, tuple)):
-        collected: List[PermissionSQL] = []
-        for item in result:
-            collected.extend(_iter_permission_sql_from_result(item, action=action))
-        return collected
-    if callable(result):
-        permission_sql = result(action)  # type: ignore[call-arg]
-        return _iter_permission_sql_from_result(permission_sql, action=action)
-    raise TypeError(
-        "Plugin providers must return PermissionSQL instances, sequences, or callables"
-    )
-
-
-# -----------------------------
-# Plugin interface & utilities
-# -----------------------------
-
-
-def build_rules_union(
-    actor: dict | None, plugins: Sequence[PermissionSQL]
-) -> Tuple[str, Dict[str, Any]]:
-    """
-    Compose plugin SQL into a UNION ALL.
-
-    Returns:
-      union_sql: a SELECT with columns (parent, child, allow, reason, source_plugin)
-      params:    dict of bound parameters including :actor (JSON), :actor_id, and plugin params
-
-    Note: Plugins are responsible for ensuring their parameter names don't conflict.
-    The system reserves these parameter names: :actor, :actor_id, :action, :filter_parent
-    Plugin parameters should be prefixed with a unique identifier (e.g., source name).
-    """
-    parts: List[str] = []
-    actor_json = json.dumps(actor) if actor else None
-    actor_id = actor.get("id") if actor else None
-    params: Dict[str, Any] = {"actor": actor_json, "actor_id": actor_id}
-
-    for p in plugins:
-        # No namespacing - just use plugin params as-is
-        params.update(p.params or {})
-
-        # Skip plugins that only provide restriction_sql (no permission rules)
-        if p.sql is None:
-            continue
-
-        parts.append(f"""
-            SELECT parent, child, allow, reason, '{p.source}' AS source_plugin FROM (
-                {p.sql}
-            )
-            """.strip())
-
-    if not parts:
-        # Empty UNION that returns no rows
-        union_sql = "SELECT NULL parent, NULL child, NULL allow, NULL reason, 'none' source_plugin WHERE 0"
-    else:
-        union_sql = "\nUNION ALL\n".join(parts)
-
-    return union_sql, params
-
-
-# -----------------------------------------------
-# Core resolvers (no temp tables, no custom UDFs)
-# -----------------------------------------------
-
-
-async def resolve_permissions_from_catalog(
-    db,
-    actor: dict | None,
-    plugins: Sequence[Any],
-    action: str,
-    candidate_sql: str,
-    candidate_params: Dict[str, Any] | None = None,
-    *,
-    implicit_deny: bool = True,
-) -> List[Dict[str, Any]]:
-    """
-    Resolve permissions by embedding the provided *candidate_sql* in a CTE.
-
-    Expectations:
-      - candidate_sql SELECTs: parent TEXT, child TEXT
-        (Use child=NULL for parent-scoped actions like "execute-sql".)
-      - *db* exposes: rows = await db.execute(sql, params)
-        where rows is an iterable of sqlite3.Row
-      - plugins: hook results handled by await_me_maybe - can be sync/async,
-        single PermissionSQL, list, or callable returning PermissionSQL
-      - actor is the actor dict (or None), made available as :actor (JSON), :actor_id, and :action
-
-    Decision policy:
-      1) Specificity first: child (depth=2) > parent (depth=1) > root (depth=0)
-      2) Within the same depth: deny (0) beats allow (1)
-      3) If no matching rule:
-         - implicit_deny=True  -> treat as allow=0, reason='implicit deny'
-         - implicit_deny=False -> allow=None, reason=None
-
-    Returns: list of dict rows
-      - parent, child, allow, reason, source_plugin, depth
-      - resource (rendered "/parent/child" or "/parent" or "/")
-    """
-    resolved_plugins: List[PermissionSQL] = []
-    restriction_sqls: List[str] = []
-
-    for plugin in plugins:
-        if callable(plugin) and not isinstance(plugin, PermissionSQL):
-            resolved = plugin(action)  # type: ignore[arg-type]
-        else:
-            resolved = plugin  # type: ignore[assignment]
-        if not isinstance(resolved, PermissionSQL):
-            raise TypeError("Plugin providers must return PermissionSQL instances")
-        resolved_plugins.append(resolved)
-
-        # Collect restriction SQL filters
-        if resolved.restriction_sql:
-            restriction_sqls.append(resolved.restriction_sql)
-
-    union_sql, rule_params = build_rules_union(actor, resolved_plugins)
-    all_params = {
-        **(candidate_params or {}),
-        **rule_params,
-        "action": action,
-    }
-
-    sql = f"""
-    WITH
-    cands AS (
-        {candidate_sql}
-    ),
-    rules AS (
-        {union_sql}
-    ),
-    matched AS (
-        SELECT
-            c.parent, c.child,
-            r.allow, r.reason, r.source_plugin,
-            CASE
-              WHEN r.child  IS NOT NULL THEN 2  -- child-level (most specific)
-              WHEN r.parent IS NOT NULL THEN 1  -- parent-level
-              ELSE 0                            -- root/global
-            END AS depth
-        FROM cands c
-        JOIN rules r
-          ON (r.parent IS NULL OR r.parent = c.parent)
-         AND (r.child  IS NULL OR r.child  = c.child)
-    ),
-    ranked AS (
-        SELECT *,
-               ROW_NUMBER() OVER (
-                 PARTITION BY parent, child
-                 ORDER BY
-                   depth DESC,                          -- specificity first
-                   CASE WHEN allow=0 THEN 0 ELSE 1 END, -- then deny over allow at same depth
-                   source_plugin                        -- stable tie-break
-               ) AS rn
-        FROM matched
-    ),
-    winner AS (
-        SELECT parent, child,
-               allow, reason, source_plugin, depth
-        FROM ranked WHERE rn = 1
-    )
-    SELECT
-      c.parent, c.child,
-      COALESCE(w.allow, CASE WHEN :implicit_deny THEN 0 ELSE NULL END) AS allow,
-      COALESCE(w.reason, CASE WHEN :implicit_deny THEN 'implicit deny' ELSE NULL END) AS reason,
-      w.source_plugin,
-      COALESCE(w.depth, -1) AS depth,
-      :action AS action,
-      CASE
-        WHEN c.parent IS NULL THEN '/'
-        WHEN c.child  IS NULL THEN '/' || c.parent
-        ELSE '/' || c.parent || '/' || c.child
-      END AS resource
-    FROM cands c
-    LEFT JOIN winner w
-      ON ((w.parent = c.parent) OR (w.parent IS NULL AND c.parent IS NULL))
-     AND ((w.child  = c.child ) OR (w.child  IS NULL AND c.child  IS NULL))
-    ORDER BY c.parent, c.child
-    """
-
-    # If there are restriction filters, wrap the query with INTERSECT
-    # This ensures only resources in the restriction allowlist are returned
-    if restriction_sqls:
-        # Start with the main query, but select only parent/child for the INTERSECT
-        main_query_for_intersect = f"""
-        WITH
-        cands AS (
-            {candidate_sql}
-        ),
-        rules AS (
-            {union_sql}
-        ),
-        matched AS (
-            SELECT
-                c.parent, c.child,
-                r.allow, r.reason, r.source_plugin,
-                CASE
-                  WHEN r.child  IS NOT NULL THEN 2  -- child-level (most specific)
-                  WHEN r.parent IS NOT NULL THEN 1  -- parent-level
-                  ELSE 0                            -- root/global
-                END AS depth
-            FROM cands c
-            JOIN rules r
-              ON (r.parent IS NULL OR r.parent = c.parent)
-             AND (r.child  IS NULL OR r.child  = c.child)
-        ),
-        ranked AS (
-            SELECT *,
-                   ROW_NUMBER() OVER (
-                     PARTITION BY parent, child
-                     ORDER BY
-                       depth DESC,                          -- specificity first
-                       CASE WHEN allow=0 THEN 0 ELSE 1 END, -- then deny over allow at same depth
-                       source_plugin                        -- stable tie-break
-                   ) AS rn
-            FROM matched
-        ),
-        winner AS (
-            SELECT parent, child,
-                   allow, reason, source_plugin, depth
-            FROM ranked WHERE rn = 1
-        ),
-        permitted_resources AS (
-            SELECT c.parent, c.child
-            FROM cands c
-            LEFT JOIN winner w
-              ON ((w.parent = c.parent) OR (w.parent IS NULL AND c.parent IS NULL))
-             AND ((w.child  = c.child ) OR (w.child  IS NULL AND c.child  IS NULL))
-            WHERE COALESCE(w.allow, CASE WHEN :implicit_deny THEN 0 ELSE NULL END) = 1
-        )
-        SELECT parent, child FROM permitted_resources
-        """
-
-        # Build restriction list with INTERSECT (all must match)
-        # Then filter to resources that match hierarchically
-        # Wrap each restriction_sql in a subquery to avoid operator precedence issues
-        # with UNION ALL inside the restriction SQL statements
-        restriction_intersect = "\nINTERSECT\n".join(
-            f"SELECT * FROM ({sql})" for sql in restriction_sqls
-        )
-
-        # Combine: resources allowed by permissions AND in restriction allowlist
-        # Database-level restrictions (parent, NULL) should match all children (parent, *)
-        filtered_resources = f"""
-        WITH restriction_list AS (
-            {restriction_intersect}
-        ),
-        permitted AS (
-            {main_query_for_intersect}
-        ),
-        filtered AS (
-            SELECT p.parent, p.child
-            FROM permitted p
-            WHERE EXISTS (
-                SELECT 1 FROM restriction_list r
-                WHERE (r.parent = p.parent OR r.parent IS NULL)
-                  AND (r.child = p.child OR r.child IS NULL)
-            )
-        )
-        """
-
-        # Now join back to get full results for only the filtered resources
-        sql = f"""
-        {filtered_resources}
-        , cands AS (
-            {candidate_sql}
-        ),
-        rules AS (
-            {union_sql}
-        ),
-        matched AS (
-            SELECT
-                c.parent, c.child,
-                r.allow, r.reason, r.source_plugin,
-                CASE
-                  WHEN r.child  IS NOT NULL THEN 2  -- child-level (most specific)
-                  WHEN r.parent IS NOT NULL THEN 1  -- parent-level
-                  ELSE 0                            -- root/global
-                END AS depth
-            FROM cands c
-            JOIN rules r
-              ON (r.parent IS NULL OR r.parent = c.parent)
-             AND (r.child  IS NULL OR r.child  = c.child)
-        ),
-        ranked AS (
-            SELECT *,
-                   ROW_NUMBER() OVER (
-                     PARTITION BY parent, child
-                     ORDER BY
-                       depth DESC,                          -- specificity first
-                       CASE WHEN allow=0 THEN 0 ELSE 1 END, -- then deny over allow at same depth
-                       source_plugin                        -- stable tie-break
-                   ) AS rn
-            FROM matched
-        ),
-        winner AS (
-            SELECT parent, child,
-                   allow, reason, source_plugin, depth
-            FROM ranked WHERE rn = 1
-        )
-        SELECT
-          c.parent, c.child,
-          COALESCE(w.allow, CASE WHEN :implicit_deny THEN 0 ELSE NULL END) AS allow,
-          COALESCE(w.reason, CASE WHEN :implicit_deny THEN 'implicit deny' ELSE NULL END) AS reason,
-          w.source_plugin,
-          COALESCE(w.depth, -1) AS depth,
-          :action AS action,
-          CASE
-            WHEN c.parent IS NULL THEN '/'
-            WHEN c.child  IS NULL THEN '/' || c.parent
-            ELSE '/' || c.parent || '/' || c.child
-          END AS resource
-        FROM filtered c
-        LEFT JOIN winner w
-          ON ((w.parent = c.parent) OR (w.parent IS NULL AND c.parent IS NULL))
-         AND ((w.child  = c.child ) OR (w.child  IS NULL AND c.child  IS NULL))
-        ORDER BY c.parent, c.child
-        """
-
-    rows_iter: Iterable[sqlite3.Row] = await db.execute(
-        sql,
-        {**all_params, "implicit_deny": 1 if implicit_deny else 0},
-    )
-    return [dict(r) for r in rows_iter]
-
-
-async def resolve_permissions_with_candidates(
-    db,
-    actor: dict | None,
-    plugins: Sequence[Any],
-    candidates: List[Tuple[str, str | None]],
-    action: str,
-    *,
-    implicit_deny: bool = True,
-) -> List[Dict[str, Any]]:
-    """
-    Resolve permissions without any external candidate table by embedding
-    the candidates as a UNION of parameterized SELECTs in a CTE.
-
-    candidates: list of (parent, child) where child can be None for parent-scoped actions.
-    actor: actor dict (or None), made available as :actor (JSON), :actor_id, and :action
-    """
-    # Build a small CTE for candidates.
-    cand_rows_sql: List[str] = []
-    cand_params: Dict[str, Any] = {}
-    for i, (parent, child) in enumerate(candidates):
-        pkey = f"cand_p_{i}"
-        ckey = f"cand_c_{i}"
-        cand_params[pkey] = parent
-        cand_params[ckey] = child
-        cand_rows_sql.append(f"SELECT :{pkey} AS parent, :{ckey} AS child")
-    candidate_sql = (
-        "\nUNION ALL\n".join(cand_rows_sql)
-        if cand_rows_sql
-        else "SELECT NULL AS parent, NULL AS child WHERE 0"
-    )
-
-    return await resolve_permissions_from_catalog(
-        db,
-        actor,
-        plugins,
-        action,
-        candidate_sql=candidate_sql,
-        candidate_params=cand_params,
-        implicit_deny=implicit_deny,
-    )
diff --git a/datasette/utils/shutil_backport.py b/datasette/utils/shutil_backport.py
deleted file mode 100644
index d1fd1bd7..00000000
--- a/datasette/utils/shutil_backport.py
+++ /dev/null
@@ -1,102 +0,0 @@
-"""
-Backported from Python 3.8.
-
-This code is licensed under the Python License:
-https://github.com/python/cpython/blob/v3.8.3/LICENSE
-"""
-
-import os
-from shutil import copy, copy2, copystat, Error
-
-
-def _copytree(
-    entries,
-    src,
-    dst,
-    symlinks,
-    ignore,
-    copy_function,
-    ignore_dangling_symlinks,
-    dirs_exist_ok=False,
-):
-    if ignore is not None:
-        ignored_names = ignore(src, set(os.listdir(src)))
-    else:
-        ignored_names = set()
-
-    os.makedirs(dst, exist_ok=dirs_exist_ok)
-    errors = []
-    use_srcentry = copy_function is copy2 or copy_function is copy
-
-    for srcentry in entries:
-        if srcentry.name in ignored_names:
-            continue
-        srcname = os.path.join(src, srcentry.name)
-        dstname = os.path.join(dst, srcentry.name)
-        srcobj = srcentry if use_srcentry else srcname
-        try:
-            if srcentry.is_symlink():
-                linkto = os.readlink(srcname)
-                if symlinks:
-                    os.symlink(linkto, dstname)
-                    copystat(srcobj, dstname, follow_symlinks=not symlinks)
-                else:
-                    if not os.path.exists(linkto) and ignore_dangling_symlinks:
-                        continue
-                    if srcentry.is_dir():
-                        copytree(
-                            srcobj,
-                            dstname,
-                            symlinks,
-                            ignore,
-                            copy_function,
-                            dirs_exist_ok=dirs_exist_ok,
-                        )
-                    else:
-                        copy_function(srcobj, dstname)
-            elif srcentry.is_dir():
-                copytree(
-                    srcobj,
-                    dstname,
-                    symlinks,
-                    ignore,
-                    copy_function,
-                    dirs_exist_ok=dirs_exist_ok,
-                )
-            else:
-                copy_function(srcentry, dstname)
-        except Error as err:
-            errors.extend(err.args[0])
-        except OSError as why:
-            errors.append((srcname, dstname, str(why)))
-    try:
-        copystat(src, dst)
-    except OSError as why:
-        # Copying file access times may fail on Windows
-        if getattr(why, "winerror", None) is None:
-            errors.append((src, dst, str(why)))
-    if errors:
-        raise Error(errors)
-    return dst
-
-
-def copytree(
-    src,
-    dst,
-    symlinks=False,
-    ignore=None,
-    copy_function=copy2,
-    ignore_dangling_symlinks=False,
-    dirs_exist_ok=False,
-):
-    with os.scandir(src) as entries:
-        return _copytree(
-            entries=entries,
-            src=src,
-            dst=dst,
-            symlinks=symlinks,
-            ignore=ignore,
-            copy_function=copy_function,
-            ignore_dangling_symlinks=ignore_dangling_symlinks,
-            dirs_exist_ok=dirs_exist_ok,
-        )
diff --git a/datasette/utils/sql_analysis.py b/datasette/utils/sql_analysis.py
deleted file mode 100644
index 0a3a947c..00000000
--- a/datasette/utils/sql_analysis.py
+++ /dev/null
@@ -1,550 +0,0 @@
-from dataclasses import dataclass
-from typing import Literal
-
-from datasette.utils.sqlite import SQLiteTableType, sqlite3, sqlite_table_type
-
-SQLOperation = Literal[
-    "read",
-    "insert",
-    "update",
-    "delete",
-    "select",
-    "function",
-    "create",
-    "alter",
-    "drop",
-    "begin",
-    "commit",
-    "rollback",
-    "savepoint",
-    "attach",
-    "detach",
-    "pragma",
-    "analyze",
-    "reindex",
-    "vacuum",
-    "unknown",
-]
-SQLTargetType = Literal[
-    "table",
-    "index",
-    "view",
-    "trigger",
-    "virtual-table",
-    "schema",
-    "statement",
-    "transaction",
-    "database",
-    "pragma",
-    "function",
-    "unknown",
-]
-SQLTableOperation = Literal["read", "insert", "update", "delete"]
-SQLSchemaOperation = Literal["create", "drop"]
-SQLSchemaTargetType = Literal["index", "table", "trigger", "view", "virtual-table"]
-
-
-@dataclass(frozen=True)
-class Operation:
-    operation: SQLOperation
-    target_type: SQLTargetType
-    database: str | None
-    table: str | None
-    sqlite_schema: str | None
-    table_kind: SQLiteTableType | None = None
-    target: str | None = None
-    columns: tuple[str, ...] = ()
-    source: str | None = None
-    internal: bool = False
-
-
-@dataclass(frozen=True)
-class SQLAnalysis:
-    operations: tuple[Operation, ...]
-
-
-# Hashable dict key for grouping repeated authorizer callbacks while collecting columns.
-@dataclass(frozen=True)
-class OperationKey:
-    operation: SQLOperation
-    target_type: SQLTargetType
-    database: str | None
-    table: str | None
-    sqlite_schema: str | None
-    target: str | None
-    source: str | None
-    internal: bool
-
-
-_ACTION_TO_OPERATION: dict[int, SQLTableOperation] = {
-    sqlite3.SQLITE_READ: "read",
-    sqlite3.SQLITE_INSERT: "insert",
-    sqlite3.SQLITE_UPDATE: "update",
-    sqlite3.SQLITE_DELETE: "delete",
-}
-
-# Values are (operation, target_type) pairs used to construct Operation objects.
-_CREATE_ACTIONS: dict[int, tuple[SQLSchemaOperation, SQLSchemaTargetType]] = {
-    sqlite3.SQLITE_CREATE_INDEX: ("create", "index"),
-    sqlite3.SQLITE_CREATE_TABLE: ("create", "table"),
-    sqlite3.SQLITE_CREATE_TRIGGER: ("create", "trigger"),
-    sqlite3.SQLITE_CREATE_VIEW: ("create", "view"),
-}
-_DROP_ACTIONS: dict[int, tuple[SQLSchemaOperation, SQLSchemaTargetType]] = {
-    sqlite3.SQLITE_DROP_INDEX: ("drop", "index"),
-    sqlite3.SQLITE_DROP_TABLE: ("drop", "table"),
-    sqlite3.SQLITE_DROP_TRIGGER: ("drop", "trigger"),
-    sqlite3.SQLITE_DROP_VIEW: ("drop", "view"),
-}
-
-
-def _add_schema_action(
-    action_name: str,
-    operation: SQLSchemaOperation,
-    target_type: SQLSchemaTargetType,
-) -> None:
-    action_value = getattr(sqlite3, action_name, None)
-    if action_value is not None:
-        actions = _CREATE_ACTIONS if operation == "create" else _DROP_ACTIONS
-        actions[action_value] = (operation, target_type)
-
-
-_TEMP_SCHEMA_ACTIONS: tuple[
-    tuple[str, SQLSchemaOperation, SQLSchemaTargetType], ...
-] = (
-    ("SQLITE_CREATE_TEMP_INDEX", "create", "index"),
-    ("SQLITE_CREATE_TEMP_TABLE", "create", "table"),
-    ("SQLITE_CREATE_TEMP_TRIGGER", "create", "trigger"),
-    ("SQLITE_CREATE_TEMP_VIEW", "create", "view"),
-    ("SQLITE_DROP_TEMP_INDEX", "drop", "index"),
-    ("SQLITE_DROP_TEMP_TABLE", "drop", "table"),
-    ("SQLITE_DROP_TEMP_TRIGGER", "drop", "trigger"),
-    ("SQLITE_DROP_TEMP_VIEW", "drop", "view"),
-)
-for schema_action in _TEMP_SCHEMA_ACTIONS:
-    _add_schema_action(*schema_action)
-
-_VTABLE_SCHEMA_ACTIONS: tuple[
-    tuple[str, SQLSchemaOperation, SQLSchemaTargetType], ...
-] = (
-    ("SQLITE_CREATE_VTABLE", "create", "virtual-table"),
-    ("SQLITE_DROP_VTABLE", "drop", "virtual-table"),
-)
-for schema_action in _VTABLE_SCHEMA_ACTIONS:
-    _add_schema_action(*schema_action)
-
-_SQLITE_SCHEMA_TABLES = {
-    "sqlite_master",
-    "sqlite_schema",
-    "sqlite_temp_master",
-    "sqlite_temp_schema",
-}
-_SQLITE_INTERNAL_SCHEMA_FUNCTIONS = {
-    "length",
-    "like",
-    "printf",
-    "sqlite_drop_column",
-    "sqlite_rename_column",
-    "sqlite_rename_quotefix",
-    "sqlite_rename_table",
-    "sqlite_rename_test",
-    "substr",
-}
-
-_AUTHORIZER_ACTION_NAMES = {
-    getattr(sqlite3, name): name
-    for name in (
-        "SQLITE_CREATE_INDEX",
-        "SQLITE_CREATE_TABLE",
-        "SQLITE_CREATE_TEMP_INDEX",
-        "SQLITE_CREATE_TEMP_TABLE",
-        "SQLITE_CREATE_TEMP_TRIGGER",
-        "SQLITE_CREATE_TEMP_VIEW",
-        "SQLITE_CREATE_TRIGGER",
-        "SQLITE_CREATE_VIEW",
-        "SQLITE_DELETE",
-        "SQLITE_DROP_INDEX",
-        "SQLITE_DROP_TABLE",
-        "SQLITE_DROP_TEMP_INDEX",
-        "SQLITE_DROP_TEMP_TABLE",
-        "SQLITE_DROP_TEMP_TRIGGER",
-        "SQLITE_DROP_TEMP_VIEW",
-        "SQLITE_DROP_TRIGGER",
-        "SQLITE_DROP_VIEW",
-        "SQLITE_INSERT",
-        "SQLITE_PRAGMA",
-        "SQLITE_READ",
-        "SQLITE_SELECT",
-        "SQLITE_TRANSACTION",
-        "SQLITE_UPDATE",
-        "SQLITE_ATTACH",
-        "SQLITE_DETACH",
-        "SQLITE_ALTER_TABLE",
-        "SQLITE_REINDEX",
-        "SQLITE_ANALYZE",
-        "SQLITE_CREATE_VTABLE",
-        "SQLITE_DROP_VTABLE",
-        "SQLITE_FUNCTION",
-        "SQLITE_SAVEPOINT",
-        "SQLITE_RECURSIVE",
-    )
-    if hasattr(sqlite3, name)
-}
-
-
-def _allow_authorizer_action(*args):
-    return sqlite3.SQLITE_OK
-
-
-def analyze_sql_tables(
-    conn,
-    sql: str,
-    params=None,
-    *,
-    database_name: str | None = None,
-    schema_to_database: dict[str, str] | None = None,
-) -> SQLAnalysis:
-    """
-    Return operations performed by a SQL statement according to SQLite's authorizer.
-
-    This function is synchronous and connection-based. It temporarily installs a
-    SQLite authorizer, prepares ``EXPLAIN ``, and returns the operation
-    callbacks observed while SQLite compiles the statement.
-    """
-    operations: dict[OperationKey, set[str]] = {}
-
-    def database_for_schema(sqlite_schema):
-        if schema_to_database and sqlite_schema in schema_to_database:
-            return schema_to_database[sqlite_schema]
-        if sqlite_schema == "main" and database_name is not None:
-            return database_name
-        return sqlite_schema
-
-    def record(
-        operation: SQLOperation,
-        target_type: SQLTargetType,
-        *,
-        database: str | None,
-        table: str | None,
-        sqlite_schema: str | None,
-        target: str | None,
-        source: str | None,
-        column: str | None = None,
-        internal: bool = False,
-    ):
-        key = OperationKey(
-            operation=operation,
-            target_type=target_type,
-            database=database,
-            table=table,
-            sqlite_schema=sqlite_schema,
-            target=target,
-            source=source,
-            internal=internal,
-        )
-        columns = operations.setdefault(key, set())
-        if column is not None:
-            columns.add(column)
-
-    def authorizer(action, arg1, arg2, sqlite_schema, source):
-        operation = _ACTION_TO_OPERATION.get(action)
-        if operation is not None and arg1 is not None:
-            target_type = "schema" if arg1 in _SQLITE_SCHEMA_TABLES else "table"
-            column = (
-                arg2 if operation in ("read", "update") and arg2 is not None else None
-            )
-            record(
-                operation,
-                target_type,
-                database=database_for_schema(sqlite_schema),
-                table=arg1 if target_type == "table" else None,
-                sqlite_schema=sqlite_schema,
-                target=arg1,
-                source=source,
-                column=column,
-            )
-            return sqlite3.SQLITE_OK
-
-        create_operation = _CREATE_ACTIONS.get(action)
-        if create_operation is not None and arg1 is not None:
-            operation, target_type = create_operation
-            related_table = arg2 if target_type in {"index", "trigger"} else arg1
-            record(
-                operation,
-                target_type,
-                database=database_for_schema(sqlite_schema),
-                table=related_table,
-                sqlite_schema=sqlite_schema,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        drop_operation = _DROP_ACTIONS.get(action)
-        if drop_operation is not None and arg1 is not None:
-            operation, target_type = drop_operation
-            related_table = arg2 if target_type in {"index", "trigger"} else arg1
-            record(
-                operation,
-                target_type,
-                database=database_for_schema(sqlite_schema),
-                table=related_table,
-                sqlite_schema=sqlite_schema,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_ALTER_TABLE and arg2 is not None:
-            record(
-                "alter",
-                "table",
-                database=database_for_schema(arg1),
-                table=arg2,
-                sqlite_schema=arg1,
-                target=arg2,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_TRANSACTION and arg1 is not None:
-            record(
-                arg1.lower(),
-                "transaction",
-                database=None,
-                table=None,
-                sqlite_schema=None,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_ATTACH and arg1 is not None:
-            record(
-                "attach",
-                "database",
-                database=None,
-                table=None,
-                sqlite_schema=None,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_DETACH and arg1 is not None:
-            record(
-                "detach",
-                "database",
-                database=None,
-                table=None,
-                sqlite_schema=None,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_PRAGMA and arg1 is not None:
-            record(
-                "pragma",
-                "pragma",
-                database=None,
-                table=None,
-                sqlite_schema=sqlite_schema,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_ANALYZE:
-            record(
-                "analyze",
-                "database" if arg1 is None else "table",
-                database=database_for_schema(sqlite_schema),
-                table=arg1,
-                sqlite_schema=sqlite_schema,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_REINDEX and arg1 is not None:
-            record(
-                "reindex",
-                "index",
-                database=database_for_schema(sqlite_schema),
-                table=None,
-                sqlite_schema=sqlite_schema,
-                target=arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_SELECT:
-            record(
-                "select",
-                "statement",
-                database=None,
-                table=None,
-                sqlite_schema=sqlite_schema,
-                target=None,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_FUNCTION and arg2 is not None:
-            record(
-                "function",
-                "function",
-                database=None,
-                table=None,
-                sqlite_schema=sqlite_schema,
-                target=arg2,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        if action == sqlite3.SQLITE_SAVEPOINT and arg1 is not None:
-            record(
-                "savepoint",
-                "transaction",
-                database=None,
-                table=None,
-                sqlite_schema=sqlite_schema,
-                target="{} {}".format(arg1, arg2) if arg2 is not None else arg1,
-                source=source,
-            )
-            return sqlite3.SQLITE_OK
-
-        action_name = _AUTHORIZER_ACTION_NAMES.get(action, "SQLITE_{}".format(action))
-        record(
-            "unknown",
-            "unknown",
-            database=database_for_schema(sqlite_schema),
-            table=None,
-            sqlite_schema=sqlite_schema,
-            target=action_name,
-            source=source,
-        )
-        return sqlite3.SQLITE_OK
-
-    table_kind_cache: dict[tuple[str | None, str], SQLiteTableType | None] = {}
-
-    conn.set_authorizer(authorizer)
-    try:
-        explain_rows = conn.execute(
-            "EXPLAIN " + sql, params if params is not None else {}
-        ).fetchall()
-        # Passing None before these lookups leaves a failing callback installed
-        # on Python 3.10, so use a permissive callback until they are complete.
-        conn.set_authorizer(_allow_authorizer_action)
-
-        if not operations:
-            vacuum_row = next((row for row in explain_rows if row[1] == "Vacuum"), None)
-            if vacuum_row is not None:
-                schema_by_index = {
-                    row[0]: row[1] for row in conn.execute("PRAGMA database_list")
-                }
-                sqlite_schema = schema_by_index.get(vacuum_row[2])
-                database = database_for_schema(sqlite_schema)
-                record(
-                    "vacuum",
-                    "database",
-                    database=database,
-                    table=None,
-                    sqlite_schema=sqlite_schema,
-                    target=database,
-                    source=None,
-                )
-            else:
-                record(
-                    "unknown",
-                    "statement",
-                    database=database_name,
-                    table=None,
-                    sqlite_schema=None,
-                    target=None,
-                    source=None,
-                )
-
-        for key in operations:
-            if (
-                key.target_type == "table"
-                and key.operation in {"read", "insert", "update", "delete"}
-                and key.table is not None
-            ):
-                cache_key = (key.sqlite_schema, key.table)
-                if cache_key not in table_kind_cache:
-                    table_kind_cache[cache_key] = sqlite_table_type(
-                        conn, key.table, schema=key.sqlite_schema
-                    )
-    finally:
-        conn.set_authorizer(None)
-
-    has_schema_operation = any(
-        key.target_type in {"table", "index", "view", "trigger", "virtual-table"}
-        and key.operation in {"create", "alter", "drop"}
-        for key in operations
-    )
-    dropped_tables = {
-        (key.database, key.table)
-        for key in operations
-        if key.operation == "drop" and key.target_type == "table"
-    }
-
-    def key_is_drop_table_delete(key: OperationKey) -> bool:
-        return (
-            key.operation == "delete"
-            and key.target_type == "table"
-            and (key.database, key.table) in dropped_tables
-        )
-
-    has_user_table_access_in_schema_operation = any(
-        key.operation in {"read", "insert", "update", "delete"}
-        and key.target_type == "table"
-        and not key.internal
-        and not key_is_drop_table_delete(key)
-        for key in operations
-    )
-
-    def operation_is_internal(key: OperationKey) -> bool:
-        if key.internal or (has_schema_operation and key.target_type == "schema"):
-            return True
-        if has_schema_operation and key.operation == "reindex":
-            return True
-        if (
-            has_schema_operation
-            and not has_user_table_access_in_schema_operation
-            and key.operation == "function"
-            and key.target in _SQLITE_INTERNAL_SCHEMA_FUNCTIONS
-        ):
-            return True
-        if key_is_drop_table_delete(key):
-            return True
-        return False
-
-    def table_kind_for(key: OperationKey) -> SQLiteTableType | None:
-        if (
-            key.target_type != "table"
-            or key.operation not in {"read", "insert", "update", "delete"}
-            or key.table is None
-        ):
-            return None
-        return table_kind_cache[(key.sqlite_schema, key.table)]
-
-    return SQLAnalysis(
-        operations=tuple(
-            Operation(
-                operation=key.operation,
-                target_type=key.target_type,
-                database=key.database,
-                table=key.table,
-                sqlite_schema=key.sqlite_schema,
-                table_kind=table_kind_for(key),
-                target=key.target,
-                columns=tuple(sorted(columns)),
-                source=key.source,
-                internal=operation_is_internal(key),
-            )
-            for key, columns in operations.items()
-        )
-    )
diff --git a/datasette/utils/sqlite.py b/datasette/utils/sqlite.py
deleted file mode 100644
index 4743ae4c..00000000
--- a/datasette/utils/sqlite.py
+++ /dev/null
@@ -1,197 +0,0 @@
-import re
-from typing import Literal
-
-using_pysqlite3 = False
-try:
-    import pysqlite3 as sqlite3
-
-    using_pysqlite3 = True
-except ImportError:
-    import sqlite3
-
-if hasattr(sqlite3, "enable_callback_tracebacks"):
-    sqlite3.enable_callback_tracebacks(True)
-
-_cached_sqlite_version = None
-_cached_supports_returning = None
-SQLiteTableType = Literal["table", "view", "virtual", "shadow"]
-_VIRTUAL_TABLE_MODULE_RE = re.compile(
-    r"\bCREATE\s+VIRTUAL\s+TABLE\b.*?\bUSING\s+([^\s(]+)",
-    re.IGNORECASE | re.DOTALL,
-)
-_VIRTUAL_TABLE_SHADOW_SUFFIXES = {
-    "fts3": ("_content", "_segdir", "_segments", "_stat", "_docsize"),
-    "fts4": ("_content", "_segdir", "_segments", "_stat", "_docsize"),
-    "fts5": ("_data", "_idx", "_docsize", "_content", "_config"),
-    "rtree": ("_node", "_parent", "_rowid"),
-    "rtree_i32": ("_node", "_parent", "_rowid"),
-}
-
-
-def sqlite_version():
-    global _cached_sqlite_version
-    if _cached_sqlite_version is None:
-        _cached_sqlite_version = _sqlite_version()
-    return _cached_sqlite_version
-
-
-def _sqlite_version():
-    conn = sqlite3.connect(":memory:")
-    try:
-        return tuple(
-            map(
-                int,
-                conn.execute("select sqlite_version()").fetchone()[0].split("."),
-            )
-        )
-    finally:
-        conn.close()
-
-
-def supports_table_xinfo():
-    return sqlite_version() >= (3, 26, 0)
-
-
-def supports_table_list():
-    return sqlite_version() >= (3, 37, 0)
-
-
-def supports_generated_columns():
-    return sqlite_version() >= (3, 31, 0)
-
-
-def supports_returning():
-    global _cached_supports_returning
-    if _cached_supports_returning is None:
-        conn = sqlite3.connect(":memory:")
-        try:
-            conn.execute("create table t (id integer primary key)")
-            conn.execute("insert into t default values returning id").fetchone()
-            _cached_supports_returning = True
-        except sqlite3.DatabaseError:
-            _cached_supports_returning = False
-        finally:
-            conn.close()
-    return _cached_supports_returning
-
-
-def sqlite_table_type(
-    conn,
-    table: str,
-    *,
-    schema: str | None = "main",
-) -> SQLiteTableType | None:
-    if supports_table_list():
-        try:
-            query = "select type from pragma_table_list where name = ?"
-            params: tuple[str, ...] = (table,)
-            if schema is not None:
-                query += " and schema = ?"
-                params = (table, schema)
-            row = conn.execute(query, params).fetchone()
-            if row is not None and row[0] in {"table", "view", "virtual", "shadow"}:
-                return row[0]
-        except sqlite3.DatabaseError:
-            pass
-    return _sqlite_table_type_from_schema(conn, table, schema=schema)
-
-
-def sqlite_hidden_table_names(conn, *, schema: str | None = "main") -> list[str]:
-    schema_table = _sqlite_schema_table(schema)
-    try:
-        rows = conn.execute(
-            "select name, sql from {} where type = 'table'".format(schema_table)
-        ).fetchall()
-    except sqlite3.DatabaseError:
-        return []
-    hidden_tables = []
-    content_fts_tables = []
-    for name, sql in rows:
-        if (
-            name in {"sqlite_stat1", "sqlite_stat2", "sqlite_stat3", "sqlite_stat4"}
-            or name.startswith("_")
-            or sqlite_table_type(conn, name, schema=schema) == "shadow"
-        ):
-            hidden_tables.append(name)
-        elif _is_fts_content_virtual_table(sql):
-            content_fts_tables.append(name)
-    return sorted(hidden_tables) + content_fts_tables
-
-
-def _sqlite_table_type_from_schema(
-    conn,
-    table: str,
-    *,
-    schema: str | None = "main",
-) -> SQLiteTableType | None:
-    schema_table = _sqlite_schema_table(schema)
-    try:
-        row = conn.execute(
-            "select type, sql from {} where name = ?".format(schema_table),
-            (table,),
-        ).fetchone()
-    except sqlite3.DatabaseError:
-        return None
-    if row is None:
-        return None
-    object_type, sql = row
-    if object_type == "view":
-        return "view"
-    if object_type != "table":
-        return None
-    if _virtual_table_module(sql) is not None:
-        return "virtual"
-    if _is_known_shadow_table(conn, table, schema=schema):
-        return "shadow"
-    return "table"
-
-
-def _is_known_shadow_table(
-    conn,
-    table: str,
-    *,
-    schema: str | None = "main",
-) -> bool:
-    schema_table = _sqlite_schema_table(schema)
-    try:
-        rows = conn.execute(
-            "select name, sql from {} where type = 'table'".format(schema_table)
-        ).fetchall()
-    except sqlite3.DatabaseError:
-        return False
-    for virtual_table, sql in rows:
-        module = _virtual_table_module(sql)
-        if module is None:
-            continue
-        for suffix in _VIRTUAL_TABLE_SHADOW_SUFFIXES.get(module, ()):
-            if table == virtual_table + suffix:
-                return True
-    return False
-
-
-def _sqlite_schema_table(schema: str | None) -> str:
-    if schema is None or schema == "main":
-        return "sqlite_master"
-    if schema == "temp":
-        return "sqlite_temp_master"
-    return "{}.sqlite_master".format(_quote_identifier(schema))
-
-
-def _quote_identifier(value: str) -> str:
-    return '"{}"'.format(value.replace('"', '""'))
-
-
-def _virtual_table_module(sql: str | None) -> str | None:
-    if not sql:
-        return None
-    match = _VIRTUAL_TABLE_MODULE_RE.search(sql)
-    if match is None:
-        return None
-    return match.group(1).strip("\"'[]`").lower()
-
-
-def _is_fts_content_virtual_table(sql: str | None) -> bool:
-    return (
-        _virtual_table_module(sql) in {"fts3", "fts4", "fts5"}
-        and "content=" in sql.lower()
-    )
diff --git a/datasette/utils/testing.py b/datasette/utils/testing.py
deleted file mode 100644
index de7e94af..00000000
--- a/datasette/utils/testing.py
+++ /dev/null
@@ -1,174 +0,0 @@
-from asgiref.sync import async_to_sync
-from urllib.parse import urlencode
-import json
-
-# These wrapper classes pre-date the introduction of
-# datasette.client and httpx to Datasette. They could
-# be removed if the Datasette tests are modified to
-# call datasette.client directly.
-
-
-class TestResponse:
-    def __init__(self, httpx_response):
-        self.httpx_response = httpx_response
-
-    @property
-    def status(self):
-        return self.httpx_response.status_code
-
-    # Supports both for test-writing convenience
-    @property
-    def status_code(self):
-        return self.status
-
-    @property
-    def headers(self):
-        return self.httpx_response.headers
-
-    @property
-    def body(self):
-        return self.httpx_response.content
-
-    @property
-    def content(self):
-        return self.body
-
-    @property
-    def cookies(self):
-        return dict(self.httpx_response.cookies)
-
-    @property
-    def json(self):
-        return json.loads(self.text)
-
-    @property
-    def text(self):
-        return self.body.decode("utf8")
-
-
-class TestClient:
-    max_redirects = 5
-
-    def __init__(self, ds):
-        self.ds = ds
-
-    def actor_cookie(self, actor):
-        return self.ds.sign({"a": actor}, "actor")
-
-    @async_to_sync
-    async def get(
-        self,
-        path,
-        follow_redirects=False,
-        redirect_count=0,
-        method="GET",
-        params=None,
-        cookies=None,
-        if_none_match=None,
-        headers=None,
-    ):
-        if params:
-            path += "?" + urlencode(params, doseq=True)
-        return await self._request(
-            path=path,
-            follow_redirects=follow_redirects,
-            redirect_count=redirect_count,
-            method=method,
-            cookies=cookies,
-            if_none_match=if_none_match,
-            headers=headers,
-        )
-
-    @async_to_sync
-    async def post(
-        self,
-        path,
-        post_data=None,
-        body=None,
-        follow_redirects=False,
-        redirect_count=0,
-        content_type="application/x-www-form-urlencoded",
-        cookies=None,
-        headers=None,
-        csrftoken_from=None,
-    ):
-        cookies = cookies or {}
-        post_data = post_data or {}
-        assert not (post_data and body), "Provide one or other of body= or post_data="
-        # csrftoken_from is accepted for backward compatibility but is now a no-op.
-        # Datasette no longer uses CSRF tokens - see CrossOriginProtectionMiddleware.
-        if post_data:
-            body = urlencode(post_data, doseq=True)
-        return await self._request(
-            path=path,
-            follow_redirects=follow_redirects,
-            redirect_count=redirect_count,
-            method="POST",
-            cookies=cookies,
-            headers=headers,
-            post_body=body,
-            content_type=content_type,
-        )
-
-    @async_to_sync
-    async def request(
-        self,
-        path,
-        follow_redirects=True,
-        redirect_count=0,
-        method="GET",
-        cookies=None,
-        headers=None,
-        post_body=None,
-        content_type=None,
-        if_none_match=None,
-    ):
-        return await self._request(
-            path,
-            follow_redirects=follow_redirects,
-            redirect_count=redirect_count,
-            method=method,
-            cookies=cookies,
-            headers=headers,
-            post_body=post_body,
-            content_type=content_type,
-            if_none_match=if_none_match,
-        )
-
-    async def _request(
-        self,
-        path,
-        follow_redirects=True,
-        redirect_count=0,
-        method="GET",
-        cookies=None,
-        headers=None,
-        post_body=None,
-        content_type=None,
-        if_none_match=None,
-    ):
-        await self.ds.invoke_startup()
-        headers = headers or {}
-        if content_type:
-            headers["content-type"] = content_type
-        if if_none_match:
-            headers["if-none-match"] = if_none_match
-        httpx_response = await self.ds.client.request(
-            method,
-            path,
-            follow_redirects=follow_redirects,
-            avoid_path_rewrites=True,
-            cookies=cookies,
-            headers=headers,
-            content=post_body,
-        )
-        response = TestResponse(httpx_response)
-        if follow_redirects and response.status in (301, 302):
-            assert (
-                redirect_count < self.max_redirects
-            ), f"Redirected {redirect_count} times, max_redirects={self.max_redirects}"
-            location = response.headers["Location"]
-            return await self._request(
-                location, follow_redirects=True, redirect_count=redirect_count + 1
-            )
-        return response
diff --git a/datasette/version.py b/datasette/version.py
index 49d270e4..e1fed2c4 100644
--- a/datasette/version.py
+++ b/datasette/version.py
@@ -1,2 +1,6 @@
-__version__ = "1.0a35"
+from ._version import get_versions
+
+__version__ = get_versions()["version"]
+del get_versions
+
 __version_info__ = tuple(__version__.split("."))
diff --git a/datasette/views/__init__.py b/datasette/views/__init__.py
index ed7e175f..e69de29b 100644
--- a/datasette/views/__init__.py
+++ b/datasette/views/__init__.py
@@ -1,89 +0,0 @@
-from dataclasses import dataclass
-import dataclasses
-import types
-import typing
-
-
-@dataclass(frozen=True)
-class ContextField:
-    name: str
-    type_name: str
-    help: str
-    from_extra: bool = False
-
-
-def _type_name(type_):
-    if type_ is type(None):
-        return "None"
-    origin = typing.get_origin(type_)
-    args = typing.get_args(type_)
-    if origin in (typing.Union, types.UnionType):
-        return " | ".join(_type_name(arg) for arg in args)
-    if origin is not None:
-        name = getattr(origin, "__name__", str(origin).removeprefix("typing."))
-        return "{}[{}]".format(name, ", ".join(_type_name(arg) for arg in args))
-    return getattr(type_, "__name__", str(type_).removeprefix("typing."))
-
-
-def from_extra():
-    """
-    Declare a Context dataclass field whose value comes from a registered
-    Extra of the same name - its documentation is the Extra description,
-    so the doc string lives next to the resolve() code rather than being
-    duplicated on the dataclass.
-    """
-    return dataclasses.field(metadata={"from_extra": True})
-
-
-class Context:
-    "Base class for all documented contexts"
-
-    # Set on subclasses whose from_extra() fields should be resolved
-    # against the extras registry for this scope
-    extras_scope = None
-
-    @classmethod
-    def documented_fields(cls):
-        "List of ContextField describing the documented fields of this context"
-        documented = []
-        for f in dataclasses.fields(cls):
-            if f.name.startswith("_"):
-                continue
-            is_from_extra = bool(f.metadata.get("from_extra"))
-            if is_from_extra:
-                help_text = cls._extra_description(f.name)
-            else:
-                help_text = f.metadata.get("help", "")
-            documented.append(
-                ContextField(
-                    name=f.name,
-                    type_name=_type_name(f.type),
-                    help=help_text,
-                    from_extra=is_from_extra,
-                )
-            )
-        return documented
-
-    @classmethod
-    def _extra_description(cls, name):
-        # Imported lazily - table_extras is not needed just to define
-        # Context subclasses
-        from datasette.views.table_extras import table_extra_registry
-
-        try:
-            extra_class = table_extra_registry.classes_by_name[name]
-        except KeyError:
-            raise KeyError(
-                "{}.{} is declared with from_extra() but there is no "
-                "registered extra of that name".format(cls.__name__, name)
-            )
-        if cls.extras_scope is not None and not extra_class.available_for(
-            cls.extras_scope
-        ):
-            raise ValueError(
-                "{}.{} is declared with from_extra() but the {} extra is "
-                "not available for scope {}".format(
-                    cls.__name__, name, name, cls.extras_scope
-                )
-            )
-        return extra_class.description or ""
diff --git a/datasette/views/base.py b/datasette/views/base.py
index 30026f4b..3a958d88 100644
--- a/datasette/views/base.py
+++ b/datasette/views/base.py
@@ -1,23 +1,41 @@
+import asyncio
 import csv
-import hashlib
-import sys
+import itertools
+import json
+import re
+import time
+import urllib
 
-from datasette.utils.asgi import Request
+import jinja2
+import pint
+
+from datasette import __version__
+from datasette.plugins import pm
 from datasette.utils import (
-    add_cors_headers,
-    EscapeHtmlWriter,
+    QueryInterrupted,
     InvalidSql,
     LimitedWriter,
-    path_from_row_pks,
+    is_url,
+    path_with_added_args,
+    path_with_removed_args,
     path_with_format,
+    resolve_table_and_format,
     sqlite3,
+    to_css_class,
 )
 from datasette.utils.asgi import (
     AsgiStream,
+    AsgiWriter,
+    AsgiRouter,
+    AsgiView,
+    NotFound,
     Response,
-    BadRequest,
 )
 
+ureg = pint.UnitRegistry()
+
+HASH_LENGTH = 7
+
 
 class DatasetteError(Exception):
     def __init__(
@@ -27,325 +45,519 @@ class DatasetteError(Exception):
         error_dict=None,
         status=500,
         template=None,
-        message_is_html=False,
+        messagge_is_html=False,
     ):
         self.message = message
         self.title = title
         self.error_dict = error_dict or {}
         self.status = status
-        self.message_is_html = message_is_html
+        self.messagge_is_html = messagge_is_html
 
 
-class View:
-    async def head(self, request, datasette):
-        if not hasattr(self, "get"):
-            return await self.method_not_allowed(request)
-        response = await self.get(request, datasette)
-        response.body = ""
-        return response
-
-    async def method_not_allowed(self, request):
-        if (
-            request.path.endswith(".json")
-            or request.headers.get("content-type") == "application/json"
-        ):
-            response = Response.json(
-                {"ok": False, "error": "Method not allowed"}, status=405
-            )
-        else:
-            response = Response.text("Method not allowed", status=405)
-        return response
-
-    async def options(self, request, datasette):
-        response = Response.text("ok")
-        response.headers["allow"] = ", ".join(
-            method.upper()
-            for method in ("head", "get", "post", "put", "patch", "delete")
-            if hasattr(self, method)
-        )
-        return response
-
-    async def __call__(self, request, datasette):
-        try:
-            handler = getattr(self, request.method.lower())
-        except AttributeError:
-            return await self.method_not_allowed(request)
-        return await handler(request, datasette)
-
-
-class BaseView:
+class BaseView(AsgiView):
     ds = None
-    has_json_alternate = True
-
-    def __init__(self, datasette):
-        self.ds = datasette
 
     async def head(self, *args, **kwargs):
         response = await self.get(*args, **kwargs)
         response.body = b""
         return response
 
-    async def method_not_allowed(self, request):
-        if (
-            request.path.endswith(".json")
-            or request.headers.get("content-type") == "application/json"
-        ):
-            response = Response.json(
-                {"ok": False, "error": "Method not allowed"}, status=405
-            )
+    def database_url(self, database):
+        db = self.ds.databases[database]
+        if self.ds.config("hash_urls") and db.hash:
+            return "/{}-{}".format(database, db.hash[:HASH_LENGTH])
         else:
-            response = Response.text("Method not allowed", status=405)
-        return response
+            return "/{}".format(database)
 
-    async def options(self, request, *args, **kwargs):
-        return Response.text("ok")
+    def database_color(self, database):
+        return "ff0000"
 
-    async def get(self, request, *args, **kwargs):
-        return await self.method_not_allowed(request)
-
-    async def post(self, request, *args, **kwargs):
-        return await self.method_not_allowed(request)
-
-    async def put(self, request, *args, **kwargs):
-        return await self.method_not_allowed(request)
-
-    async def patch(self, request, *args, **kwargs):
-        return await self.method_not_allowed(request)
-
-    async def delete(self, request, *args, **kwargs):
-        return await self.method_not_allowed(request)
-
-    async def dispatch_request(self, request):
-        if self.ds:
-            await self.ds.refresh_schemas()
-        handler = getattr(self, request.method.lower(), None)
-        response = await handler(request)
-        if self.ds.cors:
-            add_cors_headers(response.headers)
-        return response
-
-    async def render(self, templates, request, context=None):
-        context = context or {}
-        environment = self.ds.get_jinja_environment(request)
-        template = environment.select_template(templates)
+    async def render(self, templates, request, context):
+        template = self.ds.jinja_env.select_template(templates)
         template_context = {
             **context,
             **{
-                "select_templates": [
-                    f"{'*' if template_name == template.name else ''}{template_name}"
-                    for template_name in templates
-                ],
+                "database_url": self.database_url,
+                "database_color": self.database_color,
             },
         }
-        headers = {}
-        if self.has_json_alternate:
-            alternate_url_json = self.ds.absolute_url(
-                request,
-                self.ds.urls.path(
-                    path_with_format(
-                        request=request,
-                        path=request.scope.get("route_path"),
-                        format="json",
-                    )
-                ),
-            )
-            template_context["alternate_url_json"] = alternate_url_json
-            headers.update(
-                {
-                    "Link": '<{}>; rel="alternate"; type="application/json+datasette"'.format(
-                        alternate_url_json
-                    )
-                }
+        if (
+            request
+            and request.args.get("_context")
+            and self.ds.config("template_debug")
+        ):
+            return Response.html(
+                "
    {}
    ".format(
+                    jinja2.escape(json.dumps(template_context, default=repr, indent=4))
+                )
             )
         return Response.html(
-            await self.ds.render_template(
-                template,
-                template_context,
-                request=request,
-                view_name=self.name,
-            ),
-            headers=headers,
+            await self.ds.render_template(template, template_context, request=request)
         )
 
-    @classmethod
-    def as_view(cls, *class_args, **class_kwargs):
-        async def view(request, send):
-            self = view.view_class(*class_args, **class_kwargs)
-            return await self.dispatch_request(request)
 
-        view.view_class = cls
-        view.__doc__ = cls.__doc__
-        view.__module__ = cls.__module__
-        view.__name__ = cls.__name__
-        return view
+class DataView(BaseView):
+    name = ""
+    re_named_parameter = re.compile(":([a-zA-Z0-9_]+)")
 
+    def __init__(self, datasette):
+        self.ds = datasette
 
-def _error(messages, status=400):
-    return Response.json({"ok": False, "errors": messages}, status=status)
+    def options(self, request, *args, **kwargs):
+        r = Response.text("ok")
+        if self.ds.cors:
+            r.headers["Access-Control-Allow-Origin"] = "*"
+        return r
 
+    def redirect(self, request, path, forward_querystring=True, remove_args=None):
+        if request.query_string and "?" not in path and forward_querystring:
+            path = "{}?{}".format(path, request.query_string)
+        if remove_args:
+            path = path_with_removed_args(request, remove_args, path=path)
+        r = Response.redirect(path)
+        r.headers["Link"] = "<{}>; rel=preload".format(path)
+        if self.ds.cors:
+            r.headers["Access-Control-Allow-Origin"] = "*"
+        return r
 
-async def stream_csv(datasette, fetch_data, request, database):
-    kwargs = {}
-    stream = request.args.get("_stream")
-    # Do not calculate facets or counts:
-    extra_parameters = [
-        "{}=1".format(key)
-        for key in ("_nofacet", "_nocount")
-        if not request.args.get(key)
-    ]
-    if extra_parameters:
-        # Replace request object with a new one with modified scope
-        if not request.query_string:
-            new_query_string = "&".join(extra_parameters)
+    async def data(self, request, database, hash, **kwargs):
+        raise NotImplementedError
+
+    async def resolve_db_name(self, request, db_name, **kwargs):
+        hash = None
+        name = None
+        if db_name not in self.ds.databases and "-" in db_name:
+            # No matching DB found, maybe it's a name-hash?
+            name_bit, hash_bit = db_name.rsplit("-", 1)
+            if name_bit not in self.ds.databases:
+                raise NotFound("Database not found: {}".format(name))
+            else:
+                name = name_bit
+                hash = hash_bit
         else:
-            new_query_string = request.query_string + "&" + "&".join(extra_parameters)
-        new_scope = dict(request.scope, query_string=new_query_string.encode("latin-1"))
-        receive = request.receive
-        request = Request(new_scope, receive)
-    if stream:
-        # Some quick soundness checks
-        if not datasette.setting("allow_csv_stream"):
-            raise BadRequest("CSV streaming is disabled")
-        if request.args.get("_next"):
-            raise BadRequest("_next not allowed for CSV streaming")
-        kwargs["_size"] = "max"
-    # Fetch the first page
-    try:
-        response_or_template_contexts = await fetch_data(request)
-        if isinstance(response_or_template_contexts, Response):
-            return response_or_template_contexts
-        elif len(response_or_template_contexts) == 4:
-            data, _, _, _ = response_or_template_contexts
-        else:
-            data, _, _ = response_or_template_contexts
-    except (sqlite3.OperationalError, InvalidSql) as e:
-        raise DatasetteError(str(e), title="Invalid SQL", status=400)
+            name = db_name
+        name = urllib.parse.unquote_plus(name)
+        try:
+            db = self.ds.databases[name]
+        except KeyError:
+            raise NotFound("Database not found: {}".format(name))
 
-    except sqlite3.OperationalError as e:
-        raise DatasetteError(str(e))
+        # Verify the hash
+        expected = "000"
+        if db.hash is not None:
+            expected = db.hash[:HASH_LENGTH]
+        correct_hash_provided = expected == hash
 
-    except DatasetteError:
-        raise
+        if not correct_hash_provided:
+            if "table_and_format" in kwargs:
 
-    # Convert rows and columns to CSV
-    headings = data["columns"]
-    # if there are expanded_columns we need to add additional headings
-    expanded_columns = set(data.get("expanded_columns") or [])
-    if expanded_columns:
-        headings = []
-        for column in data["columns"]:
-            headings.append(column)
-            if column in expanded_columns:
-                headings.append(f"{column}_label")
+                async def async_table_exists(t):
+                    return await db.table_exists(t)
 
-    content_type = "text/plain; charset=utf-8"
-    preamble = ""
-    postamble = ""
+                table, _format = await resolve_table_and_format(
+                    table_and_format=urllib.parse.unquote_plus(
+                        kwargs["table_and_format"]
+                    ),
+                    table_exists=async_table_exists,
+                    allowed_formats=self.ds.renderers.keys(),
+                )
+                kwargs["table"] = table
+                if _format:
+                    kwargs["as_format"] = ".{}".format(_format)
+            elif kwargs.get("table"):
+                kwargs["table"] = urllib.parse.unquote_plus(kwargs["table"])
 
-    trace = request.args.get("_trace")
-    if trace:
-        content_type = "text/html; charset=utf-8"
-        preamble = (
-            "CSV debug"
-            '"
 
-    async def stream_fn(r):
-        nonlocal data, trace
-        limited_writer = LimitedWriter(r, datasette.setting("max_csv_mb"))
-        if trace:
-            await limited_writer.write(preamble)
-            writer = csv.writer(EscapeHtmlWriter(limited_writer))
-        else:
-            writer = csv.writer(limited_writer)
-        first = True
-        next = None
-        while first or (next and stream):
-            try:
-                kwargs = {}
-                if next:
-                    kwargs["_next"] = next
-                if not first:
-                    data, _, _ = await fetch_data(request, **kwargs)
-                if first:
-                    if request.args.get("_header") != "off":
+    async def as_csv(self, request, database, hash, **kwargs):
+        stream = request.args.get("_stream")
+        if stream:
+            # Some quick sanity checks
+            if not self.ds.config("allow_csv_stream"):
+                raise DatasetteError("CSV streaming is disabled", status=400)
+            if request.args.get("_next"):
+                raise DatasetteError("_next not allowed for CSV streaming", status=400)
+            kwargs["_size"] = "max"
+        # Fetch the first page
+        try:
+            response_or_template_contexts = await self.data(
+                request, database, hash, **kwargs
+            )
+            if isinstance(response_or_template_contexts, Response):
+                return response_or_template_contexts
+            else:
+                data, _, _ = response_or_template_contexts
+        except (sqlite3.OperationalError, InvalidSql) as e:
+            raise DatasetteError(str(e), title="Invalid SQL", status=400)
+
+        except (sqlite3.OperationalError) as e:
+            raise DatasetteError(str(e))
+
+        except DatasetteError:
+            raise
+
+        # Convert rows and columns to CSV
+        headings = data["columns"]
+        # if there are expanded_columns we need to add additional headings
+        expanded_columns = set(data.get("expanded_columns") or [])
+        if expanded_columns:
+            headings = []
+            for column in data["columns"]:
+                headings.append(column)
+                if column in expanded_columns:
+                    headings.append("{}_label".format(column))
+
+        async def stream_fn(r):
+            nonlocal data
+            writer = csv.writer(LimitedWriter(r, self.ds.config("max_csv_mb")))
+            first = True
+            next = None
+            while first or (next and stream):
+                try:
+                    if next:
+                        kwargs["_next"] = next
+                    if not first:
+                        data, _, _ = await self.data(request, database, hash, **kwargs)
+                    if first:
                         await writer.writerow(headings)
-                    first = False
-                next = data.get("next")
-                for row in data["rows"]:
-                    if any(isinstance(r, bytes) for r in row):
-                        new_row = []
-                        for column, cell in zip(headings, row):
-                            if isinstance(cell, bytes):
-                                # If this is a table page, use .urls.row_blob()
-                                if data.get("table"):
-                                    pks = data.get("primary_keys") or []
-                                    cell = datasette.absolute_url(
-                                        request,
-                                        datasette.urls.row_blob(
-                                            database,
-                                            data["table"],
-                                            path_from_row_pks(row, pks, not pks),
-                                            column,
-                                        ),
-                                    )
-                                else:
-                                    # Otherwise generate URL for this query
-                                    url = datasette.absolute_url(
-                                        request,
-                                        path_with_format(
-                                            request=request,
-                                            format="blob",
-                                            extra_qs={
-                                                "_blob_column": column,
-                                                "_blob_hash": hashlib.sha256(
-                                                    cell
-                                                ).hexdigest(),
-                                            },
-                                            replace_format="csv",
-                                        ),
-                                    )
-                                    cell = url.replace("&_nocount=1", "").replace(
-                                        "&_nofacet=1", ""
-                                    )
-                            new_row.append(cell)
-                        row = new_row
-                    if not expanded_columns:
-                        # Simple path
-                        await writer.writerow(row)
-                    else:
-                        # Look for {"value": "label": } dicts and expand
-                        new_row = []
-                        for heading, cell in zip(data["columns"], row):
-                            if heading in expanded_columns:
-                                if cell is None:
-                                    new_row.extend(("", ""))
-                                else:
-                                    if not isinstance(cell, dict):
-                                        new_row.extend((cell, ""))
+                        first = False
+                    next = data.get("next")
+                    for row in data["rows"]:
+                        if not expanded_columns:
+                            # Simple path
+                            await writer.writerow(row)
+                        else:
+                            # Look for {"value": "label": } dicts and expand
+                            new_row = []
+                            for heading, cell in zip(data["columns"], row):
+                                if heading in expanded_columns:
+                                    if cell is None:
+                                        new_row.extend(("", ""))
                                     else:
+                                        assert isinstance(cell, dict)
                                         new_row.append(cell["value"])
                                         new_row.append(cell["label"])
-                            else:
-                                new_row.append(cell)
-                        await writer.writerow(new_row)
-            except Exception as ex:
-                sys.stderr.write("Caught this error: {}\n".format(ex))
-                sys.stderr.flush()
-                await r.write(str(ex))
-                return
-        await limited_writer.write(postamble)
+                                else:
+                                    new_row.append(cell)
+                            await writer.writerow(new_row)
+                except Exception as e:
+                    print("caught this", e)
+                    await r.write(str(e))
+                    return
 
-    headers = {}
-    if datasette.cors:
-        add_cors_headers(headers)
-    if request.args.get("_dl", None):
-        if not trace:
+        content_type = "text/plain; charset=utf-8"
+        headers = {}
+        if self.ds.cors:
+            headers["Access-Control-Allow-Origin"] = "*"
+        if request.args.get("_dl", None):
             content_type = "text/csv; charset=utf-8"
-        disposition = 'attachment; filename="{}.csv"'.format(
-            request.url_vars.get("table", database)
-        )
-        headers["content-disposition"] = disposition
+            disposition = 'attachment; filename="{}.csv"'.format(
+                kwargs.get("table", database)
+            )
+            headers["Content-Disposition"] = disposition
 
-    return AsgiStream(stream_fn, headers=headers, content_type=content_type)
+        return AsgiStream(stream_fn, headers=headers, content_type=content_type)
+
+    async def get_format(self, request, database, args):
+        """ Determine the format of the response from the request, from URL
+            parameters or from a file extension.
+
+            `args` is a dict of the path components parsed from the URL by the router.
+        """
+        # If ?_format= is provided, use that as the format
+        _format = request.args.get("_format", None)
+        if not _format:
+            _format = (args.pop("as_format", None) or "").lstrip(".")
+        else:
+            args.pop("as_format", None)
+        if "table_and_format" in args:
+            db = self.ds.databases[database]
+
+            async def async_table_exists(t):
+                return await db.table_exists(t)
+
+            table, _ext_format = await resolve_table_and_format(
+                table_and_format=urllib.parse.unquote_plus(args["table_and_format"]),
+                table_exists=async_table_exists,
+                allowed_formats=self.ds.renderers.keys(),
+            )
+            _format = _format or _ext_format
+            args["table"] = table
+            del args["table_and_format"]
+        elif "table" in args:
+            args["table"] = urllib.parse.unquote_plus(args["table"])
+        return _format, args
+
+    async def view_get(self, request, database, hash, correct_hash_provided, **kwargs):
+        _format, kwargs = await self.get_format(request, database, kwargs)
+
+        if _format == "csv":
+            return await self.as_csv(request, database, hash, **kwargs)
+
+        if _format is None:
+            # HTML views default to expanding all foreign key labels
+            kwargs["default_labels"] = True
+
+        extra_template_data = {}
+        start = time.time()
+        status_code = 200
+        templates = []
+        try:
+            response_or_template_contexts = await self.data(
+                request, database, hash, **kwargs
+            )
+            if isinstance(response_or_template_contexts, Response):
+                return response_or_template_contexts
+
+            else:
+                data, extra_template_data, templates = response_or_template_contexts
+        except QueryInterrupted:
+            raise DatasetteError(
+                """
+                SQL query took too long. The time limit is controlled by the
+                sql_time_limit_ms
+                configuration option.
+            """,
+                title="SQL Interrupted",
+                status=400,
+                messagge_is_html=True,
+            )
+        except (sqlite3.OperationalError, InvalidSql) as e:
+            raise DatasetteError(str(e), title="Invalid SQL", status=400)
+
+        except (sqlite3.OperationalError) as e:
+            raise DatasetteError(str(e))
+
+        except DatasetteError:
+            raise
+
+        end = time.time()
+        data["query_ms"] = (end - start) * 1000
+        for key in ("source", "source_url", "license", "license_url"):
+            value = self.ds.metadata(key)
+            if value:
+                data[key] = value
+
+        # Special case for .jsono extension - redirect to _shape=objects
+        if _format == "jsono":
+            return self.redirect(
+                request,
+                path_with_added_args(
+                    request,
+                    {"_shape": "objects"},
+                    path=request.path.rsplit(".jsono", 1)[0] + ".json",
+                ),
+                forward_querystring=False,
+            )
+
+        if _format in self.ds.renderers.keys():
+            # Dispatch request to the correct output format renderer
+            # (CSV is not handled here due to streaming)
+            result = self.ds.renderers[_format](request.args, data, self.name)
+            if result is None:
+                raise NotFound("No data")
+
+            r = Response(
+                body=result.get("body"),
+                status=result.get("status_code", 200),
+                content_type=result.get("content_type", "text/plain"),
+            )
+        else:
+            extras = {}
+            if callable(extra_template_data):
+                extras = extra_template_data()
+                if asyncio.iscoroutine(extras):
+                    extras = await extras
+            else:
+                extras = extra_template_data
+            url_labels_extra = {}
+            if data.get("expandable_columns"):
+                url_labels_extra = {"_labels": "on"}
+
+            renderers = {
+                key: path_with_format(request, key, {**url_labels_extra})
+                for key in self.ds.renderers.keys()
+            }
+            url_csv_args = {"_size": "max", **url_labels_extra}
+            url_csv = path_with_format(request, "csv", url_csv_args)
+            url_csv_path = url_csv.split("?")[0]
+            context = {
+                **data,
+                **extras,
+                **{
+                    "renderers": renderers,
+                    "url_csv": url_csv,
+                    "url_csv_path": url_csv_path,
+                    "url_csv_hidden_args": [
+                        (key, value)
+                        for key, value in urllib.parse.parse_qsl(request.query_string)
+                        if key not in ("_labels", "_facet", "_size")
+                    ]
+                    + [("_size", "max")],
+                    "datasette_version": __version__,
+                    "config": self.ds.config_dict(),
+                },
+            }
+            if "metadata" not in context:
+                context["metadata"] = self.ds.metadata
+            r = await self.render(templates, request=request, context=context)
+            r.status = status_code
+
+        ttl = request.args.get("_ttl", None)
+        if ttl is None or not ttl.isdigit():
+            if correct_hash_provided:
+                ttl = self.ds.config("default_cache_ttl_hashed")
+            else:
+                ttl = self.ds.config("default_cache_ttl")
+
+        return self.set_response_headers(r, ttl)
+
+    def set_response_headers(self, response, ttl):
+        # Set far-future cache expiry
+        if self.ds.cache_headers and response.status == 200:
+            ttl = int(ttl)
+            if ttl == 0:
+                ttl_header = "no-cache"
+            else:
+                ttl_header = "max-age={}".format(ttl)
+            response.headers["Cache-Control"] = ttl_header
+        response.headers["Referrer-Policy"] = "no-referrer"
+        if self.ds.cors:
+            response.headers["Access-Control-Allow-Origin"] = "*"
+        return response
+
+    async def custom_sql(
+        self,
+        request,
+        database,
+        hash,
+        sql,
+        editable=True,
+        canned_query=None,
+        metadata=None,
+        _size=None,
+    ):
+        params = request.raw_args
+        if "sql" in params:
+            params.pop("sql")
+        if "_shape" in params:
+            params.pop("_shape")
+        # Extract any :named parameters
+        named_parameters = self.re_named_parameter.findall(sql)
+        named_parameter_values = {
+            named_parameter: params.get(named_parameter) or ""
+            for named_parameter in named_parameters
+        }
+
+        # Set to blank string if missing from params
+        for named_parameter in named_parameters:
+            if named_parameter not in params:
+                params[named_parameter] = ""
+
+        extra_args = {}
+        if params.get("_timelimit"):
+            extra_args["custom_time_limit"] = int(params["_timelimit"])
+        if _size:
+            extra_args["page_size"] = _size
+        results = await self.ds.execute(
+            database, sql, params, truncate=True, **extra_args
+        )
+        columns = [r[0] for r in results.description]
+
+        templates = ["query-{}.html".format(to_css_class(database)), "query.html"]
+        if canned_query:
+            templates.insert(
+                0,
+                "query-{}-{}.html".format(
+                    to_css_class(database), to_css_class(canned_query)
+                ),
+            )
+
+        async def extra_template():
+            display_rows = []
+            for row in results.rows:
+                display_row = []
+                for column, value in zip(results.columns, row):
+                    display_value = value
+                    # Let the plugins have a go
+                    # pylint: disable=no-member
+                    plugin_value = pm.hook.render_cell(
+                        value=value,
+                        column=column,
+                        table=None,
+                        database=database,
+                        datasette=self.ds,
+                    )
+                    if plugin_value is not None:
+                        display_value = plugin_value
+                    else:
+                        if value in ("", None):
+                            display_value = jinja2.Markup(" ")
+                        elif is_url(str(display_value).strip()):
+                            display_value = jinja2.Markup(
+                                '{url}'.format(
+                                    url=jinja2.escape(value.strip())
+                                )
+                            )
+                    display_row.append(display_value)
+                display_rows.append(display_row)
+            return {
+                "display_rows": display_rows,
+                "custom_sql": True,
+                "named_parameter_values": named_parameter_values,
+                "editable": editable,
+                "canned_query": canned_query,
+                "metadata": metadata,
+                "config": self.ds.config_dict(),
+                "request": request,
+                "path_with_added_args": path_with_added_args,
+                "path_with_removed_args": path_with_removed_args,
+                "hide_sql": "_hide_sql" in params,
+            }
+
+        return (
+            {
+                "database": database,
+                "rows": results.rows,
+                "truncated": results.truncated,
+                "columns": columns,
+                "query": {"sql": sql, "params": params},
+            },
+            extra_template,
+            templates,
+        )
diff --git a/datasette/views/database.py b/datasette/views/database.py
index e02de657..31d6af59 100644
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@@ -1,1242 +1,87 @@
-from dataclasses import asdict, dataclass, field
-from urllib.parse import parse_qsl, urlencode
-import asyncio
-import hashlib
-import itertools
-import json
-import markupsafe
 import os
-import textwrap
 
-from datasette.extras import extra_names_from_request
-from datasette.database import QueryInterrupted
-from datasette.resources import DatabaseResource, QueryResource
-from datasette.stored_queries import StoredQuery, stored_query_to_dict
-from datasette.write_sql import QueryWriteRejected
-from datasette.utils import (
-    add_cors_headers,
-    await_me_maybe,
-    call_with_supported_arguments,
-    named_parameters as derive_named_parameters,
-    format_bytes,
-    make_slot_function,
-    tilde_decode,
-    to_css_class,
-    validate_sql_select,
-    is_url,
-    path_with_added_args,
-    path_with_format,
-    path_with_removed_args,
-    sqlite3,
-    truncate_url,
-    InvalidSql,
-)
-from datasette.utils.asgi import AsgiFileDownload, NotFound, Response, Forbidden
-from datasette.plugins import pm
+from datasette.utils import to_css_class, validate_sql_select
+from datasette.utils.asgi import AsgiFileDownload
 
-from .base import DatasetteError, View, stream_csv
-from .query_helpers import _ensure_stored_query_execution_permissions, _table_columns
-from .table_extras import (
-    QueryExtraContext,
-    resolve_query_extras,
-    table_extra_registry,
-)
-from .table_create_alter import _create_table_ui_context
-from . import Context
+from .base import DatasetteError, DataView
 
 
-@dataclass
-class DatabaseTable:
-    "Summary of a table or view shown on database and query pages."
+class DatabaseView(DataView):
+    name = "database"
 
-    name: str
-    columns: list[str]
-    primary_keys: list[str]
-    count: int | None
-    count_truncated: bool
-    hidden: bool
-    fts_table: str | None
-    foreign_keys: dict[str, list[dict[str, str]]]
-    private: bool
+    async def data(self, request, database, hash, default_labels=False, _size=None):
+        metadata = (self.ds.metadata("databases") or {}).get(database, {})
+        self.ds.update_with_inherited_metadata(metadata)
 
-
-@dataclass
-class DatabaseViewInfo:
-    "Summary of a SQLite view shown on the database page."
-
-    name: str
-    private: bool
-
-
-class DatabaseView(View):
-    async def get(self, request, datasette):
-        format_ = request.url_vars.get("format") or "html"
-
-        await datasette.refresh_schemas()
-
-        db = await datasette.resolve_database(request)
-        database = db.name
-
-        visible, private = await datasette.check_visibility(
-            request.actor,
-            action="view-database",
-            resource=DatabaseResource(database=database),
-        )
-        if not visible:
-            raise Forbidden("You do not have permission to view this database")
-
-        sql = (request.args.get("sql") or "").strip()
-        if sql:
-            redirect_url = datasette.urls.database(database) + "/-/query"
-            if request.url_vars.get("format"):
-                redirect_url = path_with_format(
-                    path=redirect_url, format=request.url_vars.get("format")
-                )
-            redirect_url += "?" + request.query_string
-            response = Response.redirect(redirect_url)
-            if datasette.cors:
-                add_cors_headers(response.headers)
-            return response
-
-        if format_ not in ("html", "json"):
-            raise NotFound("Invalid format: {}".format(format_))
-
-        metadata = await datasette.get_database_metadata(database)
-
-        # Get all tables/views this actor can see in bulk with private flag
-        allowed_tables_page = await datasette.allowed_resources(
-            "view-table",
-            request.actor,
-            parent=database,
-            include_is_private=True,
-            limit=1000,
-        )
-        # Create lookup dict for quick access
-        allowed_dict = {r.child: r for r in allowed_tables_page.resources}
-
-        # Filter to just views
-        view_names_set = set(await db.view_names())
-        sql_views = [
-            DatabaseViewInfo(name=name, private=allowed_dict[name].private)
-            for name in allowed_dict
-            if name in view_names_set
-        ]
-
-        tables = await get_tables(datasette, request, db, allowed_dict)
-
-        queries_page = await datasette.list_queries(
-            database,
-            actor=request.actor,
-            limit=5,
-            include_private=True,
-        )
-        stored_queries = queries_page.queries
-        queries_more = queries_page.has_more
-        queries_count = (
-            await datasette.count_queries(database, actor=request.actor)
-            if queries_more
-            else len(stored_queries)
-        )
-
-        # Resolve the registered database-level actions for this database in
-        # one batched query, seeding the request permission cache so allowed()
-        # calls made inside plugin hooks below are served from the cache.
-        database_action_permissions = await datasette.allowed_many(
-            actions=[
-                name
-                for name, action in datasette.actions.items()
-                if action.resource_class is DatabaseResource
-            ],
-            resource=DatabaseResource(database),
-            actor=request.actor,
-        )
-        create_table_ui = await _create_table_ui_context(
-            datasette, request, db, database, database_action_permissions
-        )
-
-        async def database_actions():
-            links = []
-            if create_table_ui:
-                links.append(
-                    {
-                        "type": "button",
-                        "label": "Create table",
-                        "description": "Create a new table in this database.",
-                        "attrs": {
-                            "aria-label": "Create table in {}".format(database),
-                            "data-database-action": "create-table",
-                        },
-                    }
-                )
-            for hook in pm.hook.database_actions(
-                datasette=datasette,
-                database=database,
-                actor=request.actor,
-                request=request,
-            ):
-                extra_links = await await_me_maybe(hook)
-                if extra_links:
-                    links.extend(extra_links)
-            return links
-
-        attached_databases = [d.name for d in await db.attached_databases()]
-
-        allow_execute_sql = await datasette.allowed(
-            action="execute-sql",
-            resource=DatabaseResource(database=database),
-            actor=request.actor,
-        )
-        json_data = {
-            "ok": True,
-            "database": database,
-            "private": private,
-            "path": datasette.urls.database(database),
-            "size": db.size,
-            "tables": [asdict(table) for table in tables],
-            "hidden_count": len([table for table in tables if table.hidden]),
-            "views": [asdict(view) for view in sql_views],
-            "queries": [stored_query_to_dict(query) for query in stored_queries],
-            "queries_more": queries_more,
-            "queries_count": queries_count,
-            "allow_execute_sql": allow_execute_sql,
-            "table_columns": (
-                await _table_columns(datasette, database) if allow_execute_sql else {}
-            ),
-            "metadata": await datasette.get_database_metadata(database),
-        }
-
-        if format_ == "json":
-            response = Response.json(json_data)
-            if datasette.cors:
-                add_cors_headers(response.headers)
-            return response
-
-        assert format_ == "html"
-        alternate_url_json = datasette.absolute_url(
-            request,
-            datasette.urls.path(
-                path_with_format(
-                    request=request,
-                    path=request.scope.get("route_path"),
-                    format="json",
-                )
-            ),
-        )
-        templates = (f"database-{to_css_class(database)}.html", "database.html")
-        environment = datasette.get_jinja_environment(request)
-        template = environment.select_template(templates)
-        return Response.html(
-            await datasette.render_template(
-                templates,
-                DatabaseContext(
-                    database=database,
-                    private=private,
-                    path=datasette.urls.database(database),
-                    size=db.size,
-                    tables=tables,
-                    hidden_count=len([table for table in tables if table.hidden]),
-                    views=sql_views,
-                    queries=stored_queries,
-                    queries_more=queries_more,
-                    queries_count=queries_count,
-                    allow_execute_sql=allow_execute_sql,
-                    table_columns=(
-                        await _table_columns(datasette, database)
-                        if allow_execute_sql
-                        else {}
-                    ),
-                    metadata=metadata,
-                    database_color=db.color,
-                    database_page_data=(
-                        {"createTable": create_table_ui} if create_table_ui else {}
-                    ),
-                    database_actions=database_actions,
-                    show_hidden=request.args.get("_show_hidden"),
-                    editable=True,
-                    allow_download=datasette.setting("allow_download")
-                    and not db.is_mutable
-                    and not db.is_memory,
-                    attached_databases=attached_databases,
-                    alternate_url_json=alternate_url_json,
-                    select_templates=[
-                        f"{'*' if template_name == template.name else ''}{template_name}"
-                        for template_name in templates
-                    ],
-                    top_database=make_slot_function(
-                        "top_database", datasette, request, database=database
-                    ),
-                ),
-                request=request,
-                view_name="database",
-            ),
-            headers={
-                "Link": '<{}>; rel="alternate"; type="application/json+datasette"'.format(
-                    alternate_url_json
-                )
-            },
-        )
-
-
-@dataclass
-class DatabaseContext(Context):
-    "The page listing the tables, views and queries in a database, e.g. /fixtures."
-
-    documented_template = "database.html"
-
-    database: str = field(metadata={"help": "The name of the database"})
-    private: bool = field(
-        metadata={"help": "Boolean indicating if this is a private database"}
-    )
-    path: str = field(metadata={"help": "The URL path to this database"})
-    size: int = field(metadata={"help": "The size of the database in bytes"})
-    tables: list[DatabaseTable] = field(
-        metadata={
-            "help": "List of ``DatabaseTable`` objects describing tables in the database. Each item has ``name``, ``columns``, ``primary_keys``, ``count``, ``count_truncated``, ``hidden``, ``fts_table``, ``foreign_keys`` and ``private`` attributes. ``count_truncated`` is true if ``count`` is a capped lower bound rather than an exact total."
-        }
-    )
-    hidden_count: int = field(metadata={"help": "Count of hidden tables"})
-    views: list[DatabaseViewInfo] = field(
-        metadata={
-            "help": "List of ``DatabaseViewInfo`` objects describing SQLite views in the database. Each item has ``name`` and ``private`` attributes."
-        }
-    )
-    queries: list[StoredQuery] = field(
-        metadata={
-            "help": "List of ``StoredQuery`` objects. Each has attributes including ``name``, ``sql``, ``title``, ``description``, ``description_html``, ``hide_sql``, ``fragment``, ``parameters``, ``is_write`` and ``private``."
-        }
-    )
-    queries_more: bool = field(
-        metadata={"help": "Boolean indicating if more stored queries are available"}
-    )
-    queries_count: int = field(metadata={"help": "Count of visible stored queries"})
-    allow_execute_sql: bool = field(
-        metadata={"help": "Boolean indicating if custom SQL can be executed"}
-    )
-    table_columns: dict = field(
-        metadata={
-            "help": "Dictionary mapping table names to lists of column names, used to power SQL autocomplete."
-        }
-    )
-    metadata: dict = field(
-        metadata={
-            "help": "Metadata dictionary for the database, such as ``title``, ``description``, ``license`` and ``source`` values from Datasette metadata."
-        }
-    )
-    database_color: str = field(metadata={"help": "The color assigned to the database"})
-    database_page_data: dict = field(
-        metadata={
-            "help": 'JSON data used by JavaScript on the database page. Currently ``{}`` or ``{"createTable": {...}}`` where ``createTable`` includes ``path``, ``foreignKeyTargetsPath``, ``databaseName``, ``columnTypes``, ``defaultExpressions`` and optional ``customColumnTypes``.'
-        }
-    )
-    database_actions: callable = field(
-        metadata={
-            "help": 'Async callable returning action items for the database menu. Each item is either a link with ``href``, ``label`` and optional ``description`` keys, or a button with ``type: "button"``, ``label``, optional ``description`` and optional ``attrs``. See :ref:`plugin_actions` and :ref:`plugin_hook_database_actions`.'
-        }
-    )
-    show_hidden: str = field(metadata={"help": "Value of _show_hidden query parameter"})
-    editable: bool = field(
-        metadata={"help": "Boolean indicating if the database is editable"}
-    )
-    allow_download: bool = field(
-        metadata={"help": "Boolean indicating if database download is allowed"}
-    )
-    attached_databases: list = field(
-        metadata={
-            "help": "List of names of databases attached to this SQLite connection. This is only populated for the special ``/_memory`` database when Datasette is started with ``--crossdb`` for :ref:`cross_database_queries`."
-        }
-    )
-    alternate_url_json: str = field(
-        metadata={"help": "URL for the alternate JSON version of this page"}
-    )
-    select_templates: list = field(
-        metadata={
-            "help": "List of template names that were considered for this page, with the selected template prefixed by ``*``."
-        }
-    )
-    top_database: callable = field(
-        metadata={
-            "help": "Async callable that renders the ``top_database`` plugin slot for this database and returns HTML."
-        }
-    )
-
-
-@dataclass
-class QueryContext(Context):
-    "The page for arbitrary SQL queries (/database/-/query?sql=...) and stored queries (/database/query-name)."
-
-    documented_template = "query.html"
-
-    database: str = field(metadata={"help": "The name of the database being queried"})
-    database_color: str = field(metadata={"help": "The color of the database"})
-    query: dict = field(
-        metadata={
-            "help": "Dictionary describing the SQL query being executed, with ``sql`` and ``params`` keys."
-        }
-    )
-    stored_query: str = field(
-        metadata={"help": "The name of the stored query if this is a stored query"}
-    )
-    private: bool = field(
-        metadata={"help": "Boolean indicating if this is a private database"}
-    )
-    # urls: dict = field(
-    #     metadata={"help": "Object containing URL helpers like `database()`"}
-    # )
-    stored_query_write: bool = field(
-        metadata={
-            "help": "Boolean indicating if this is a stored query that allows writes"
-        }
-    )
-    metadata: dict = field(
-        metadata={
-            "help": "Metadata dictionary for the database or stored query. Stored query metadata may include options such as ``hide_sql``, ``on_success_message`` and ``on_error_redirect``."
-        }
-    )
-    db_is_immutable: bool = field(
-        metadata={"help": "Boolean indicating if this database is immutable"}
-    )
-    error: str = field(metadata={"help": "Any query error message"})
-    hide_sql: bool = field(
-        metadata={"help": "Boolean indicating if the SQL should be hidden"}
-    )
-    show_hide_link: str = field(
-        metadata={"help": "The URL to toggle showing/hiding the SQL"}
-    )
-    show_hide_text: str = field(
-        metadata={"help": "The text for the show/hide SQL link"}
-    )
-    editable: bool = field(
-        metadata={"help": "Boolean indicating if the SQL can be edited"}
-    )
-    allow_execute_sql: bool = field(
-        metadata={"help": "Boolean indicating if custom SQL can be executed"}
-    )
-    save_query_url: str = field(
-        metadata={"help": "URL to save the current arbitrary SQL as a query"}
-    )
-    tables: list[DatabaseTable] = field(
-        metadata={
-            "help": "List of ``DatabaseTable`` objects describing tables in the database. Each item has ``name``, ``columns``, ``primary_keys``, ``count``, ``count_truncated``, ``hidden``, ``fts_table``, ``foreign_keys`` and ``private`` attributes. ``count_truncated`` is true if ``count`` is a capped lower bound rather than an exact total."
-        }
-    )
-    named_parameter_values: dict = field(
-        metadata={
-            "help": "Dictionary of named SQL parameter values, keyed by parameter name without the leading ``:``."
-        }
-    )
-    edit_sql_url: str = field(
-        metadata={"help": "URL to edit the SQL for a stored query"}
-    )
-    display_rows: list = field(
-        metadata={
-            "help": "List of result rows formatted for HTML display. Each row is a list of rendered cell values in the same order as ``columns``."
-        }
-    )
-    columns: list = field(
-        metadata={
-            "help": "List of result column names in the order they appear in ``display_rows`` and ``rows``."
-        }
-    )
-    renderers: dict = field(
-        metadata={
-            "help": "Dictionary mapping output format names such as ``json`` to URLs for this query in that format."
-        }
-    )
-    url_csv: str = field(metadata={"help": "URL for CSV export"})
-    show_hide_hidden: str = field(
-        metadata={
-            "help": "Rendered hidden ```` HTML preserving the current ``_hide_sql`` or ``_show_sql`` state."
-        }
-    )
-    table_columns: dict = field(
-        metadata={
-            "help": "Dictionary mapping table names to lists of column names, used to power SQL autocomplete."
-        }
-    )
-    alternate_url_json: str = field(
-        metadata={"help": "URL for alternate JSON version of this page"}
-    )
-    # TODO: refactor this to somewhere else, probably ds.render_template()
-    select_templates: list = field(
-        metadata={
-            "help": "List of template names that were considered for this page, with the selected template prefixed by ``*``."
-        }
-    )
-    top_query: callable = field(
-        metadata={
-            "help": "Async callable that renders the ``top_query`` plugin slot for this query and returns HTML."
-        }
-    )
-    top_stored_query: callable = field(
-        metadata={
-            "help": "Async callable that renders the ``top_stored_query`` plugin slot for stored queries and returns HTML."
-        }
-    )
-    query_actions: callable = field(
-        metadata={
-            "help": 'Async callable returning action items for the query menu. Each item is either a link with ``href``, ``label`` and optional ``description`` keys, or a button with ``type: "button"``, ``label``, optional ``description`` and optional ``attrs``. See :ref:`plugin_actions` and :ref:`plugin_hook_query_actions`.'
-        }
-    )
-
-
-async def get_tables(datasette, request, db, allowed_dict) -> list[DatabaseTable]:
-    """
-    Get list of tables with metadata for the database view.
-
-    Args:
-        datasette: The Datasette instance
-        request: The current request
-        db: The database
-        allowed_dict: Dict mapping table name -> Resource object with .private attribute
-    """
-    tables = []
-    table_counts = await db.table_counts(100)
-    hidden_table_names = set(await db.hidden_table_names())
-    all_foreign_keys = await db.get_all_foreign_keys()
-
-    for table in table_counts:
-        if table not in allowed_dict:
-            continue
-
-        table_columns = await db.table_columns(table)
-        tables.append(
-            DatabaseTable(
-                name=table,
-                columns=table_columns,
-                primary_keys=await db.primary_keys(table),
-                count=table_counts[table],
-                count_truncated=_table_count_truncated(
-                    datasette, db, table, table_counts[table]
-                ),
-                hidden=table in hidden_table_names,
-                fts_table=await db.fts_table(table),
-                foreign_keys=all_foreign_keys[table],
-                private=allowed_dict[table].private,
+        if request.args.get("sql"):
+            if not self.ds.config("allow_sql"):
+                raise DatasetteError("sql= is not allowed", status=400)
+            sql = request.raw_args.pop("sql")
+            validate_sql_select(sql)
+            return await self.custom_sql(
+                request, database, hash, sql, _size=_size, metadata=metadata
             )
-        )
-    tables.sort(key=lambda table: (table.hidden, table.name))
-    return tables
 
+        db = self.ds.databases[database]
 
-def _table_count_truncated(datasette, db, table, count):
-    if count != db.count_limit + 1:
-        return False
-    if not db.is_mutable and datasette.inspect_data:
-        try:
-            datasette.inspect_data[db.name]["tables"][table]["count"]
-            return False
-        except KeyError:
-            pass
-    return True
+        table_counts = await db.table_counts(5)
+        views = await db.view_names()
+        hidden_table_names = set(await db.hidden_table_names())
+        all_foreign_keys = await db.get_all_foreign_keys()
 
-
-async def database_download(request, datasette):
-    from datasette.resources import DatabaseResource
-
-    database = tilde_decode(request.url_vars["database"])
-    await datasette.ensure_permission(
-        action="view-database-download",
-        resource=DatabaseResource(database=database),
-        actor=request.actor,
-    )
-    try:
-        db = datasette.get_database(route=database)
-    except KeyError:
-        raise DatasetteError("Invalid database", status=404)
-
-    if db.is_memory:
-        raise DatasetteError("Cannot download in-memory databases", status=404)
-    if not datasette.setting("allow_download") or db.is_mutable:
-        raise Forbidden("Database download is forbidden")
-    if not db.path:
-        raise DatasetteError("Cannot download database", status=404)
-    filepath = db.path
-    headers = {}
-    if datasette.cors:
-        add_cors_headers(headers)
-    if db.hash:
-        etag = '"{}"'.format(db.hash)
-        headers["Etag"] = etag
-        # Has user seen this already?
-        if_none_match = request.headers.get("if-none-match")
-        if if_none_match and if_none_match == etag:
-            return Response("", status=304)
-    headers["Transfer-Encoding"] = "chunked"
-    return AsgiFileDownload(
-        filepath,
-        filename=os.path.basename(filepath),
-        content_type="application/octet-stream",
-        headers=headers,
-    )
-
-
-class QueryView(View):
-    async def post(self, request, datasette):
-        from datasette.app import TableNotFound
-
-        db = await datasette.resolve_database(request)
-
-        # We must be a stored query
-        table_found = False
-        try:
-            await datasette.resolve_table(request)
-            table_found = True
-        except TableNotFound as table_not_found:
-            stored_query = await datasette.get_query(
-                table_not_found.database_name, table_not_found.table
-            )
-            if stored_query is None:
-                raise
-        if table_found:
-            # That should not have happened
-            raise DatasetteError("Unexpected table found on POST", status=404)
-
-        if not await datasette.allowed(
-            action="view-query",
-            resource=QueryResource(database=db.name, query=stored_query.name),
-            actor=request.actor,
-        ):
-            raise Forbidden("You do not have permission to view this query")
-
-        try:
-            await _ensure_stored_query_execution_permissions(
-                datasette, db, stored_query, request.actor
-            )
-        except QueryWriteRejected as ex:
-            if request.headers.get("accept") == "application/json" or request.args.get(
-                "_json"
-            ):
-                return Response.json(
-                    {
-                        "ok": False,
-                        "message": ex.message,
-                        "redirect": None,
-                    },
-                    status=403,
-                )
-            datasette.add_message(request, ex.message, datasette.ERROR)
-            return Response.redirect(stored_query.on_error_redirect or request.path)
-
-        # If database is immutable, return an error
-        if not db.is_mutable:
-            raise Forbidden("Database is immutable")
-
-        # Process the POST
-        body = await request.post_body()
-        body = body.decode("utf-8").strip()
-        if body.startswith("{") and body.endswith("}"):
-            params = json.loads(body)
-            # But we want key=value strings
-            for key, value in params.items():
-                params[key] = str(value)
-        else:
-            params = dict(parse_qsl(body, keep_blank_values=True))
-
-        # Don't ever send csrftoken as a SQL parameter
-        params.pop("csrftoken", None)
-
-        # Should we return JSON?
-        should_return_json = (
-            request.headers.get("accept") == "application/json"
-            or request.args.get("_json")
-            or params.get("_json")
-        )
-        params_for_query = MagicParameters(stored_query.sql, params, request, datasette)
-        await params_for_query.execute_params()
-        ok = None
-        redirect_url = None
-        try:
-            cursor = await db.execute_write(
-                stored_query.sql, params_for_query, request=request
-            )
-            # success message can come from on_success_message or on_success_message_sql
-            message = None
-            message_type = datasette.INFO
-            on_success_message_sql = stored_query.on_success_message_sql
-            if on_success_message_sql:
-                try:
-                    message_result = (
-                        await db.execute(on_success_message_sql, params_for_query)
-                    ).first()
-                    if message_result:
-                        message = message_result[0]
-                except Exception as ex:
-                    message = "Error running on_success_message_sql: {}".format(ex)
-                    message_type = datasette.ERROR
-            if not message:
-                if stored_query.on_success_message:
-                    message = stored_query.on_success_message
-                elif cursor.rowcount == -1:
-                    message = "Query executed"
-                else:
-                    message = "Query executed, {} row{} affected".format(
-                        cursor.rowcount, "" if cursor.rowcount == 1 else "s"
-                    )
-
-            redirect_url = stored_query.on_success_redirect
-            ok = True
-        except Exception as ex:
-            message = stored_query.on_error_message or str(ex)
-            message_type = datasette.ERROR
-            redirect_url = stored_query.on_error_redirect
-            ok = False
-        if should_return_json:
-            return Response.json(
+        tables = []
+        for table in table_counts:
+            table_columns = await db.table_columns(table)
+            tables.append(
                 {
-                    "ok": ok,
-                    "message": message,
-                    "redirect": redirect_url,
+                    "name": table,
+                    "columns": table_columns,
+                    "primary_keys": await db.primary_keys(table),
+                    "count": table_counts[table],
+                    "hidden": table in hidden_table_names,
+                    "fts_table": await db.fts_table(table),
+                    "foreign_keys": all_foreign_keys[table],
                 }
             )
-        else:
-            datasette.add_message(request, message, message_type)
-            return Response.redirect(redirect_url or request.path)
 
-    async def get(self, request, datasette):
-        from datasette.app import TableNotFound
-
-        await datasette.refresh_schemas()
-
-        db = await datasette.resolve_database(request)
-        database = db.name
-
-        # Get all tables/views this actor can see in bulk with private flag
-        allowed_tables_page = await datasette.allowed_resources(
-            "view-table",
-            request.actor,
-            parent=database,
-            include_is_private=True,
-            limit=1000,
-        )
-        # Create lookup dict for quick access
-        allowed_dict = {r.child: r for r in allowed_tables_page.resources}
-
-        # Are we a stored query?
-        stored_query = None
-        stored_query_write = False
-        if "table" in request.url_vars:
-            try:
-                await datasette.resolve_table(request)
-            except TableNotFound as table_not_found:
-                # Was this actually a stored query?
-                stored_query = await datasette.get_query(
-                    table_not_found.database_name, table_not_found.table
-                )
-                if stored_query is None:
-                    raise
-                stored_query_write = stored_query.is_write
-
-        private = False
-        if stored_query:
-            # Respect stored query permissions
-            visible, private = await datasette.check_visibility(
-                request.actor,
-                action="view-query",
-                resource=QueryResource(database=database, query=stored_query.name),
-            )
-            if not visible:
-                raise Forbidden("You do not have permission to view this query")
-            if not stored_query_write:
-                await _ensure_stored_query_execution_permissions(
-                    datasette, db, stored_query, request.actor
-                )
-
-        else:
-            visible, private = await datasette.check_visibility(
-                request.actor,
-                action="execute-sql",
-                resource=DatabaseResource(database=database),
-            )
-            if not visible:
-                raise Forbidden("execute-sql")
-
-        # Flattened because of ?sql=&name1=value1&name2=value2 feature
-        params = {key: request.args.get(key) for key in request.args}
-        sql = None
-
-        if stored_query:
-            sql = stored_query.sql
-        elif "sql" in params:
-            sql = params.pop("sql")
-
-        # Extract any :named parameters
-        named_parameters = []
-        if stored_query and stored_query.parameters:
-            named_parameters = stored_query.parameters
-        if not named_parameters and sql:
-            named_parameters = derive_named_parameters(sql)
-        named_parameter_values = {
-            named_parameter: params.get(named_parameter) or ""
-            for named_parameter in named_parameters
-            if not named_parameter.startswith("_")
-        }
-        # Set to blank string if missing from params
-        for named_parameter in named_parameters:
-            if named_parameter not in params and not named_parameter.startswith("_"):
-                params[named_parameter] = ""
-
-        extra_args = {}
-        if params.get("_timelimit"):
-            extra_args["custom_time_limit"] = int(params["_timelimit"])
-
-        format_ = request.url_vars.get("format") or "html"
-
-        query_error = None
-        results = None
-        rows = []
-        columns = []
-
-        params_for_query = params
-
-        if sql and not stored_query_write:
-            try:
-                if not stored_query:
-                    # For regular queries we only allow SELECT, plus other rules
-                    validate_sql_select(sql)
-                else:
-                    # Stored queries can run magic parameters
-                    params_for_query = MagicParameters(sql, params, request, datasette)
-                    await params_for_query.execute_params()
-                results = await datasette.execute(
-                    database, sql, params_for_query, truncate=True, **extra_args
-                )
-                columns = results.columns
-                rows = results.rows
-            except QueryInterrupted as ex:
-                raise DatasetteError(
-                    textwrap.dedent("""
-                    
    SQL query took too long. The time limit is controlled by the
-                    sql_time_limit_ms
-                    configuration option.
    
-                    
-                    
-                """.format(markupsafe.escape(ex.sql))).strip(),
-                    title="SQL Interrupted",
-                    status=400,
-                    message_is_html=True,
-                )
-            except sqlite3.DatabaseError as ex:
-                query_error = str(ex)
-                results = None
-                rows = []
-                columns = []
-            except (sqlite3.OperationalError, InvalidSql) as ex:
-                raise DatasetteError(str(ex), title="Invalid SQL", status=400)
-            except sqlite3.OperationalError as ex:
-                raise DatasetteError(str(ex))
-            except DatasetteError:
-                raise
-
-        async def query_metadata():
-            if stored_query:
-                metadata = stored_query_to_dict(stored_query)
-                metadata.pop("source", None)
-                return metadata
-            return await datasette.get_database_metadata(database)
-
-        # Handle formats from plugins
-        if format_ == "csv":
-            if not sql:
-                raise DatasetteError("?sql= is required", status=400)
-
-            async def fetch_data_for_csv(request, _next=None):
-                results = await db.execute(sql, params, truncate=True)
-                data = {"rows": results.rows, "columns": results.columns}
-                return data, None, None
-
-            return await stream_csv(datasette, fetch_data_for_csv, request, db.name)
-        elif format_ in datasette.renderers.keys():
-            data = {"ok": True, "rows": rows, "columns": columns}
-            extras = extra_names_from_request(request)
-            if extras:
-                query_extra_context = QueryExtraContext(
-                    datasette=datasette,
-                    request=request,
-                    db=db,
-                    database_name=database,
-                    private=private,
-                    rows=rows,
-                    columns=columns,
-                    sql=sql,
-                    params=named_parameter_values,
-                    query_name=stored_query.name if stored_query else None,
-                    metadata=await query_metadata(),
-                    extras=extras,
-                    extra_registry=table_extra_registry,
-                )
-                data.update(await resolve_query_extras(extras, query_extra_context))
-            # Dispatch request to the correct output format renderer
-            # (CSV is not handled here due to streaming)
-            result = call_with_supported_arguments(
-                datasette.renderers[format_][0],
-                datasette=datasette,
-                columns=columns,
-                rows=rows,
-                sql=sql,
-                query_name=stored_query.name if stored_query else None,
-                database=database,
-                table=None,
-                request=request,
-                view_name="table",
-                truncated=results.truncated if results else False,
-                error=query_error,
-                # These will be deprecated in Datasette 1.0:
-                args=request.args,
-                data=data,
-            )
-            if asyncio.iscoroutine(result):
-                result = await result
-            if result is None:
-                raise NotFound("No data")
-            if isinstance(result, dict):
-                r = Response(
-                    body=result.get("body"),
-                    status=result.get("status_code") or 200,
-                    content_type=result.get("content_type", "text/plain"),
-                    headers=result.get("headers"),
-                )
-            elif isinstance(result, Response):
-                r = result
-                # if status_code is not None:
-                #     # Over-ride the status code
-                #     r.status = status_code
-            else:
-                assert False, f"{result} should be dict or Response"
-        elif format_ == "html":
-            headers = {}
-            templates = [f"query-{to_css_class(database)}.html", "query.html"]
-            if stored_query:
-                templates.insert(
-                    0,
-                    f"query-{to_css_class(database)}-{to_css_class(stored_query.name)}.html",
-                )
-
-            environment = datasette.get_jinja_environment(request)
-            template = environment.select_template(templates)
-            alternate_url_json = datasette.absolute_url(
-                request,
-                datasette.urls.path(
-                    path_with_format(
-                        request=request,
-                        path=request.scope.get("route_path"),
-                        format="json",
-                    )
-                ),
-            )
-            data = {
-                "ok": query_error is None,
-                "rows": rows,
-                "columns": columns,
-                "query": {"sql": sql, "params": params},
-                "query_name": stored_query.name if stored_query else None,
+        tables.sort(key=lambda t: (t["hidden"], t["name"]))
+        return (
+            {
                 "database": database,
-                "table": None,
-            }
-            headers.update(
-                {
-                    "Link": '<{}>; rel="alternate"; type="application/json+datasette"'.format(
-                        alternate_url_json
-                    )
-                }
-            )
-            metadata = await query_metadata()
-            renderers = {}
-            for key, (_, can_render) in datasette.renderers.items():
-                it_can_render = call_with_supported_arguments(
-                    can_render,
-                    datasette=datasette,
-                    columns=data.get("columns") or [],
-                    rows=data.get("rows") or [],
-                    sql=data.get("query", {}).get("sql", None),
-                    query_name=data.get("query_name"),
-                    database=database,
-                    table=data.get("table"),
-                    request=request,
-                    view_name="database",
-                )
-                it_can_render = await await_me_maybe(it_can_render)
-                if it_can_render:
-                    renderers[key] = datasette.urls.path(
-                        path_with_format(
-                            request=request,
-                            path=request.scope.get("route_path"),
-                            format=key,
-                        )
-                    )
-
-            allow_execute_sql = await datasette.allowed(
-                action="execute-sql",
-                resource=DatabaseResource(database=database),
-                actor=request.actor,
-            )
-            allow_store_query = await datasette.allowed(
-                action="store-query",
-                resource=DatabaseResource(database=database),
-                actor=request.actor,
-            )
-
-            show_hide_hidden = ""
-            if stored_query and stored_query.hide_sql:
-                if bool(params.get("_show_sql")):
-                    show_hide_link = path_with_removed_args(request, {"_show_sql"})
-                    show_hide_text = "hide"
-                    show_hide_hidden = (
-                        ''
-                    )
-                else:
-                    show_hide_link = path_with_added_args(request, {"_show_sql": 1})
-                    show_hide_text = "show"
-            else:
-                if bool(params.get("_hide_sql")):
-                    show_hide_link = path_with_removed_args(request, {"_hide_sql"})
-                    show_hide_text = "show"
-                    show_hide_hidden = (
-                        ''
-                    )
-                else:
-                    show_hide_link = path_with_added_args(request, {"_hide_sql": 1})
-                    show_hide_text = "hide"
-            hide_sql = show_hide_text == "show"
-
-            # Show 'Edit SQL' button only if:
-            # - User is allowed to execute SQL
-            # - SQL is an approved SELECT statement
-            # - No magic parameters, so no :_ in the SQL string
-            edit_sql_url = None
-            is_validated_sql = False
-            if sql:
-                try:
-                    validate_sql_select(sql)
-                    is_validated_sql = True
-                except InvalidSql:
-                    pass
-                if allow_execute_sql and is_validated_sql and ":_" not in sql:
-                    edit_sql_url = (
-                        datasette.urls.database(database)
-                        + "/-/query"
-                        + "?"
-                        + urlencode(
-                            {
-                                **{
-                                    "sql": sql,
-                                },
-                                **named_parameter_values,
-                            }
-                        )
-                    )
-            save_query_url = None
-            if (
-                not stored_query
-                and allow_execute_sql
-                and allow_store_query
-                and is_validated_sql
-                and ":_" not in sql
-            ):
-                save_query_url = (
-                    datasette.urls.database(database)
-                    + "/-/queries/store?"
-                    + urlencode({"sql": sql})
-                )
-
-            async def query_actions():
-                query_actions = []
-                for hook in pm.hook.query_actions(
-                    datasette=datasette,
-                    actor=request.actor,
-                    database=database,
-                    query_name=stored_query.name if stored_query else None,
-                    request=request,
-                    sql=sql,
-                    params=params,
-                ):
-                    extra_links = await await_me_maybe(hook)
-                    if extra_links:
-                        query_actions.extend(extra_links)
-                return query_actions
-
-            r = Response.html(
-                await datasette.render_template(
-                    template,
-                    QueryContext(
-                        database=database,
-                        database_color=db.color,
-                        query={
-                            "sql": sql,
-                            "params": params,
-                        },
-                        stored_query=stored_query.name if stored_query else None,
-                        private=private,
-                        stored_query_write=stored_query_write,
-                        db_is_immutable=not db.is_mutable,
-                        error=query_error,
-                        hide_sql=hide_sql,
-                        show_hide_link=datasette.urls.path(show_hide_link),
-                        show_hide_text=show_hide_text,
-                        editable=not stored_query,
-                        allow_execute_sql=allow_execute_sql,
-                        save_query_url=save_query_url,
-                        tables=await get_tables(datasette, request, db, allowed_dict),
-                        named_parameter_values=named_parameter_values,
-                        edit_sql_url=edit_sql_url,
-                        display_rows=await display_rows(
-                            datasette, database, request, rows, columns
-                        ),
-                        table_columns=(
-                            await _table_columns(datasette, database)
-                            if allow_execute_sql
-                            else {}
-                        ),
-                        columns=columns,
-                        renderers=renderers,
-                        url_csv=datasette.urls.path(
-                            path_with_format(
-                                request=request,
-                                path=request.scope.get("route_path"),
-                                format="csv",
-                                extra_qs={"_size": "max"},
-                            )
-                        ),
-                        show_hide_hidden=markupsafe.Markup(show_hide_hidden),
-                        metadata=metadata,
-                        alternate_url_json=alternate_url_json,
-                        select_templates=[
-                            f"{'*' if template_name == template.name else ''}{template_name}"
-                            for template_name in templates
-                        ],
-                        top_query=make_slot_function(
-                            "top_query", datasette, request, database=database, sql=sql
-                        ),
-                        top_stored_query=make_slot_function(
-                            "top_stored_query",
-                            datasette,
-                            request,
-                            database=database,
-                            query_name=stored_query.name if stored_query else None,
-                        ),
-                        query_actions=query_actions,
-                    ),
-                    request=request,
-                    view_name="database",
-                ),
-                headers=headers,
-            )
-        else:
-            assert False, "Invalid format: {}".format(format_)
-        if datasette.cors:
-            add_cors_headers(r.headers)
-        return r
-
-
-class MagicParameters(dict):
-    def __init__(self, sql, data, request, datasette):
-        super().__init__(data)
-        self._sql = sql
-        self._request = request
-        self._magics = dict(
-            itertools.chain.from_iterable(
-                pm.hook.register_magic_parameters(datasette=datasette)
-            )
+                "size": db.size,
+                "tables": tables,
+                "hidden_count": len([t for t in tables if t["hidden"]]),
+                "views": views,
+                "queries": self.ds.get_canned_queries(database),
+            },
+            {
+                "show_hidden": request.args.get("_show_hidden"),
+                "editable": True,
+                "metadata": metadata,
+                "allow_download": self.ds.config("allow_download")
+                and not db.is_mutable
+                and database != ":memory:",
+            },
+            ("database-{}.html".format(to_css_class(database)), "database.html"),
         )
-        self._prepared = {}
-
-    async def execute_params(self):
-        for key in derive_named_parameters(self._sql):
-            if key.startswith("_") and key.count("_") >= 2:
-                prefix, suffix = key[1:].split("_", 1)
-                if prefix in self._magics:
-                    result = await await_me_maybe(
-                        self._magics[prefix](suffix, self._request)
-                    )
-                    self._prepared[key] = result
-
-    def __len__(self):
-        # Workaround for 'Incorrect number of bindings' error
-        # https://github.com/simonw/datasette/issues/967#issuecomment-692951144
-        return super().__len__() or 1
-
-    def __getitem__(self, key):
-        if key.startswith("_") and key.count("_") >= 2:
-            if key in self._prepared:
-                return self._prepared[key]
-            # Try the other route
-            prefix, suffix = key[1:].split("_", 1)
-            if prefix in self._magics:
-                try:
-                    return self._magics[prefix](suffix, self._request)
-                except KeyError:
-                    return super().__getitem__(key)
-        else:
-            return super().__getitem__(key)
 
 
-async def display_rows(datasette, database, request, rows, columns):
-    display_rows = []
-    truncate_cells = datasette.setting("truncate_cells_html")
-    for row in rows:
-        display_row = []
-        for column, value in zip(columns, row):
-            display_value = value
-            # Let the plugins have a go
-            # pylint: disable=no-member
-            plugin_display_value = None
-            for candidate in pm.hook.render_cell(
-                row=row,
-                value=value,
-                column=column,
-                table=None,
-                pks=[],
-                database=database,
-                datasette=datasette,
-                request=request,
-                column_type=None,
-            ):
-                candidate = await await_me_maybe(candidate)
-                if candidate is not None:
-                    plugin_display_value = candidate
-                    break
-            if plugin_display_value is not None:
-                display_value = plugin_display_value
-            else:
-                if value in ("", None):
-                    display_value = markupsafe.Markup(" ")
-                elif is_url(str(display_value).strip()):
-                    display_value = markupsafe.Markup(
-                        '{truncated_url}'.format(
-                            url=markupsafe.escape(value.strip()),
-                            truncated_url=markupsafe.escape(
-                                truncate_url(value.strip(), truncate_cells)
-                            ),
-                        )
-                    )
-                elif isinstance(display_value, bytes):
-                    blob_url = path_with_format(
-                        request=request,
-                        format="blob",
-                        extra_qs={
-                            "_blob_column": column,
-                            "_blob_hash": hashlib.sha256(display_value).hexdigest(),
-                        },
-                    )
-                    formatted = format_bytes(len(value))
-                    display_value = markupsafe.Markup(
-                        '<Binary: {:,} byte{}>'.format(
-                            blob_url,
-                            (
-                                ' title="{}"'.format(formatted)
-                                if "bytes" not in formatted
-                                else ""
-                            ),
-                            len(value),
-                            "" if len(value) == 1 else "s",
-                        )
-                    )
-                else:
-                    display_value = str(value)
-                    if truncate_cells and len(display_value) > truncate_cells:
-                        display_value = display_value[:truncate_cells] + "\u2026"
-            display_row.append(display_value)
-        display_rows.append(display_row)
-    return display_rows
+class DatabaseDownload(DataView):
+    name = "database_download"
+
+    async def view_get(self, request, database, hash, correct_hash_present, **kwargs):
+        if database not in self.ds.databases:
+            raise DatasetteError("Invalid database", status=404)
+        db = self.ds.databases[database]
+        if db.is_memory:
+            raise DatasetteError("Cannot download :memory: database", status=404)
+        if not self.ds.config("allow_download") or db.is_mutable:
+            raise DatasetteError("Database download is forbidden", status=403)
+        if not db.path:
+            raise DatasetteError("Cannot download database", status=404)
+        filepath = db.path
+        return AsgiFileDownload(
+            filepath,
+            filename=os.path.basename(filepath),
+            content_type="application/octet-stream",
+        )
diff --git a/datasette/views/execute_write.py b/datasette/views/execute_write.py
deleted file mode 100644
index b7e8288e..00000000
--- a/datasette/views/execute_write.py
+++ /dev/null
@@ -1,507 +0,0 @@
-import re
-from urllib.parse import urlencode
-
-from datasette.resources import DatabaseResource
-from datasette.utils import sqlite3
-from datasette.utils.asgi import Response
-
-from .base import BaseView, _error
-from .database import display_rows as display_query_rows
-from .query_helpers import (
-    QueryValidationError,
-    SQL_PARAMETER_FORM_PREFIX,
-    _analysis_is_write,
-    _analysis_rows,
-    _analysis_rows_with_permissions,
-    _block_framing,
-    _coerce_execute_write_payload,
-    _derived_query_parameters,
-    _execute_write_analysis_data,
-    _execute_write_disabled_reason,
-    _inserted_row_url,
-    _json_or_form_payload,
-    _prepare_execute_write,
-    _table_columns,
-    _wants_json,
-)
-
-WRITE_TEMPLATE_LABELS = {
-    "insert": "Insert row",
-    "update": "Update rows",
-    "delete": "Delete rows",
-}
-WRITE_TEMPLATE_OPERATIONS = tuple(WRITE_TEMPLATE_LABELS)
-CREATE_TABLE_TEMPLATE_SQL = "\n".join(
-    (
-        "create table new_table (",
-        "  id integer primary key,",
-        "  name text",
-        "  -- created text default (datetime('now'))",
-        ")",
-    )
-)
-
-
-def _parameter_names(columns):
-    seen = set()
-    names = {}
-    for column in columns:
-        base = re.sub(r"[^a-z0-9_]+", "_", column.lower())
-        base = base.strip("_") or "value"
-        if base[0].isdigit():
-            base = "p_{}".format(base)
-        name = base
-        index = 2
-        while name in seen:
-            name = "{}_{}".format(base, index)
-            index += 1
-        seen.add(name)
-        names[column] = name
-    return names
-
-
-def _quote_identifier(identifier):
-    return '"{}"'.format(identifier.replace('"', '""'))
-
-
-def _preferred_where_column(table, columns):
-    lower_table_id = "{}_id".format(table.lower())
-    return (
-        next((column for column in columns if column.lower() == "id"), None)
-        or next(
-            (column for column in columns if column.lower() == lower_table_id), None
-        )
-        or columns[0]
-    )
-
-
-def _auto_incrementing_primary_key(columns):
-    primary_keys = [column for column in columns if column.is_pk]
-    if len(primary_keys) != 1:
-        return None
-    primary_key = primary_keys[0]
-    if primary_key.type and primary_key.type.lower() == "integer":
-        return primary_key.name
-    return None
-
-
-def _insert_template_sql(table, columns):
-    column_names = [column.name for column in columns]
-    auto_pk = _auto_incrementing_primary_key(columns)
-    insert_columns = [column for column in column_names if column != auto_pk]
-    if not insert_columns:
-        return "insert into {}\ndefault values".format(_quote_identifier(table))
-    names = _parameter_names(insert_columns)
-    return "\n".join(
-        (
-            "insert into {} (".format(_quote_identifier(table)),
-            ",\n".join(
-                "  {}".format(_quote_identifier(column)) for column in insert_columns
-            ),
-            ")",
-            "values (",
-            ",\n".join("  :{}".format(names[column]) for column in insert_columns),
-            ")",
-        )
-    )
-
-
-def _update_template_sql(table, columns):
-    column_names = [column.name for column in columns]
-    names = _parameter_names(column_names)
-    where_column = _preferred_where_column(table, column_names)
-    set_columns = [column for column in column_names if column != where_column]
-    if not set_columns:
-        return "\n".join(
-            (
-                "update {}".format(_quote_identifier(table)),
-                "set {} = :new_{}".format(
-                    _quote_identifier(where_column), names[where_column]
-                ),
-                "where {} = :{}".format(
-                    _quote_identifier(where_column), names[where_column]
-                ),
-            )
-        )
-    return "\n".join(
-        (
-            "update {}".format(_quote_identifier(table)),
-            "set "
-            + ",\n".join(
-                "{}{} = :{}".format(
-                    "    " if index else "",
-                    _quote_identifier(column),
-                    names[column],
-                )
-                for index, column in enumerate(set_columns)
-            ),
-            "where {} = :{}".format(
-                _quote_identifier(where_column), names[where_column]
-            ),
-        )
-    )
-
-
-def _delete_template_sql(table, columns):
-    column_names = [column.name for column in columns]
-    names = _parameter_names(column_names)
-    where_column = _preferred_where_column(table, column_names)
-    return "\n".join(
-        (
-            "delete from {}".format(_quote_identifier(table)),
-            "where {} = :{}".format(
-                _quote_identifier(where_column), names[where_column]
-            ),
-        )
-    )
-
-
-def _template_sqls_for_table(table, columns):
-    return {
-        "insert": _insert_template_sql(table, columns),
-        "update": _update_template_sql(table, columns),
-        "delete": _delete_template_sql(table, columns),
-    }
-
-
-async def _template_sql_allowed(datasette, db, sql, actor):
-    params = {parameter: "" for parameter in _derived_query_parameters(sql)}
-    try:
-        analysis = await db.analyze_sql(sql, params)
-    except sqlite3.DatabaseError:
-        return False
-    if not _analysis_is_write(analysis):
-        return False
-    analysis_rows = await _analysis_rows_with_permissions(datasette, analysis, actor)
-    return _execute_write_disabled_reason(sql, None, analysis_rows) is None
-
-
-async def _write_template_tables(
-    datasette, db, table_columns, hidden_table_names, actor
-):
-    write_template_tables = {}
-    for table in table_columns:
-        if table in hidden_table_names or not table_columns[table]:
-            continue
-        column_details = [
-            column
-            for column in await db.table_column_details(table)
-            if not column.hidden
-        ]
-        if not column_details:
-            continue
-        templates = {}
-        for operation, sql in _template_sqls_for_table(table, column_details).items():
-            if await _template_sql_allowed(datasette, db, sql, actor):
-                templates[operation] = sql
-        if templates:
-            write_template_tables[table] = {
-                "templates": templates,
-            }
-    return write_template_tables
-
-
-def _write_template_operations(write_template_tables):
-    operations = []
-    for operation in WRITE_TEMPLATE_OPERATIONS:
-        if any(
-            operation in table["templates"] for table in write_template_tables.values()
-        ):
-            operations.append(
-                {
-                    "name": operation,
-                    "label": WRITE_TEMPLATE_LABELS[operation],
-                }
-            )
-    return operations
-
-
-async def _create_table_template_sql(datasette, db, actor):
-    if await datasette.allowed(
-        action="create-table",
-        resource=DatabaseResource(db.name),
-        actor=actor,
-    ):
-        return CREATE_TABLE_TEMPLATE_SQL
-    return None
-
-
-def _analysis_changes_schema(analysis):
-    return any(
-        operation.operation in {"create", "alter", "drop"}
-        for operation in analysis.operations
-    )
-
-
-class ExecuteWriteView(BaseView):
-    name = "execute-write"
-    has_json_alternate = False
-
-    async def _render_form(
-        self,
-        request,
-        db,
-        *,
-        sql="",
-        parameter_values=None,
-        analysis=None,
-        analysis_error=None,
-        execution_message=None,
-        execution_links=None,
-        execution_ok=None,
-        execute_write_returns_rows=False,
-        execute_write_columns=None,
-        execute_write_display_rows=None,
-        execute_write_truncated=False,
-        status=200,
-    ):
-        parameter_values = parameter_values or {}
-        execution_links = execution_links or []
-        execute_write_columns = execute_write_columns or []
-        execute_write_display_rows = execute_write_display_rows or []
-        parameter_names = []
-        analysis_rows = []
-        table_columns = await _table_columns(self.ds, db.name)
-        hidden_table_names = set(await db.hidden_table_names())
-        write_template_tables = await _write_template_tables(
-            self.ds, db, table_columns, hidden_table_names, request.actor
-        )
-        write_template_operations = _write_template_operations(write_template_tables)
-        write_create_table_template_sql = await _create_table_template_sql(
-            self.ds, db, request.actor
-        )
-        if sql and analysis_error is None:
-            try:
-                parameter_names = _derived_query_parameters(sql)
-                if analysis is None:
-                    params = {parameter: "" for parameter in parameter_names}
-                    analysis = await db.analyze_sql(sql, params)
-                if _analysis_is_write(analysis):
-                    analysis_rows = await _analysis_rows_with_permissions(
-                        self.ds, analysis, request.actor
-                    )
-                else:
-                    analysis_error = (
-                        "Use /-/query for read-only SQL; "
-                        "this endpoint only executes writes"
-                    )
-            except (QueryValidationError, sqlite3.DatabaseError) as ex:
-                analysis_error = getattr(ex, "message", str(ex))
-
-        allow_save_query = await self.ds.allowed(
-            action="execute-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ) and await self.ds.allowed(
-            action="store-query",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        )
-        save_query_base_url = None
-        save_query_url = None
-        execute_disabled_reason = _execute_write_disabled_reason(
-            sql, analysis_error, analysis_rows
-        )
-        if allow_save_query:
-            save_query_base_url = self.ds.urls.database(db.name) + "/-/queries/store"
-            if not execute_disabled_reason:
-                save_query_url = save_query_base_url + "?" + urlencode({"sql": sql})
-
-        response = await self.render(
-            ["execute_write.html"],
-            request,
-            {
-                "database": db.name,
-                "database_color": db.color,
-                "sql": sql,
-                "parameter_names": parameter_names,
-                "parameter_values": parameter_values,
-                "analysis_error": analysis_error,
-                "analysis_rows": analysis_rows,
-                "execution_message": execution_message,
-                "execution_links": execution_links,
-                "execution_ok": execution_ok,
-                "execute_write_returns_rows": execute_write_returns_rows,
-                "execute_write_columns": execute_write_columns,
-                "execute_write_display_rows": execute_write_display_rows,
-                "execute_write_truncated": execute_write_truncated,
-                "sql_parameter_name_prefix": SQL_PARAMETER_FORM_PREFIX,
-                "execute_disabled": bool(execute_disabled_reason),
-                "execute_disabled_reason": execute_disabled_reason,
-                "table_columns": table_columns,
-                "write_template_tables": write_template_tables,
-                "write_template_operations": write_template_operations,
-                "write_create_table_template_sql": write_create_table_template_sql,
-                "save_query_url": save_query_url,
-                "save_query_base_url": save_query_base_url,
-            },
-        )
-        response.status = status
-        return _block_framing(response)
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        await self.ds.ensure_permission(
-            action="execute-write-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        )
-        if not db.is_mutable:
-            return _block_framing(
-                _error(
-                    ["Cannot execute write SQL because this database is immutable."],
-                    403,
-                )
-            )
-        return await self._render_form(
-            request,
-            db,
-            sql=request.args.get("sql") or "",
-        )
-
-    async def post(self, request):
-        db = await self.ds.resolve_database(request)
-        if not await self.ds.allowed(
-            action="execute-write-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _block_framing(
-                _error(["Permission denied: need execute-write-sql"], 403)
-            )
-        if not db.is_mutable:
-            return _block_framing(_error(["Database is immutable"], 403))
-
-        data = {}
-        is_json = request.headers.get("content-type", "").startswith("application/json")
-        sql = ""
-        provided_params = {}
-        try:
-            data, is_json = await _json_or_form_payload(request)
-            sql, provided_params = _coerce_execute_write_payload(data, is_json)
-            parameter_names, params, analysis = await _prepare_execute_write(
-                self.ds, db, sql, provided_params, request.actor
-            )
-        except QueryValidationError as ex:
-            if _wants_json(request, is_json, data):
-                return _block_framing(_error([ex.message], ex.status))
-            if ex.flash:
-                self.ds.add_message(request, ex.message, self.ds.ERROR)
-            return await self._render_form(
-                request,
-                db,
-                sql=sql or "",
-                parameter_values=provided_params,
-                analysis_error=None if ex.flash else ex.message,
-                execution_message=None if ex.flash else ex.message,
-                execution_ok=False,
-                status=ex.status,
-            )
-
-        wants_json = _wants_json(request, is_json, data)
-        try:
-            execute_write_kwargs = {"request": request}
-            cursor = await db.execute_write(sql, params, **execute_write_kwargs)
-        except sqlite3.DatabaseError as ex:
-            message = str(ex)
-            if wants_json:
-                return _block_framing(_error([message], 400))
-            return await self._render_form(
-                request,
-                db,
-                sql=sql,
-                parameter_values=params,
-                analysis=analysis,
-                execution_message=message,
-                execution_ok=False,
-                status=400,
-            )
-
-        if _analysis_changes_schema(analysis):
-            await self.ds.refresh_schemas(force=True)
-
-        if cursor.rowcount == -1:
-            message = "Query executed"
-        else:
-            message = "Query executed, {} row{} affected".format(
-                cursor.rowcount, "" if cursor.rowcount == 1 else "s"
-            )
-        if wants_json:
-            data = {
-                "ok": True,
-                "message": message,
-                "rowcount": cursor.rowcount,
-                "rows": [],
-                "truncated": False,
-                "analysis": _analysis_rows(analysis),
-            }
-            if cursor.description is not None:
-                data["rows"] = [dict(row) for row in cursor.fetchall()]
-                data["truncated"] = cursor.truncated
-            return _block_framing(Response.json(data))
-
-        inserted_row_url = await _inserted_row_url(self.ds, db, analysis, cursor)
-        execution_links = (
-            [{"href": inserted_row_url, "label": "View row"}]
-            if inserted_row_url
-            else []
-        )
-        execute_write_returns_rows = cursor.description is not None
-        execute_write_columns = []
-        execute_write_display_rows = []
-        if execute_write_returns_rows:
-            execute_write_columns = [
-                description[0] for description in cursor.description
-            ]
-            execute_write_display_rows = await display_query_rows(
-                self.ds,
-                db.name,
-                request,
-                cursor.fetchall(),
-                execute_write_columns,
-            )
-        return await self._render_form(
-            request,
-            db,
-            sql=sql,
-            parameter_values={name: params.get(name, "") for name in parameter_names},
-            analysis=analysis,
-            execution_message=message,
-            execution_links=execution_links,
-            execution_ok=True,
-            execute_write_returns_rows=execute_write_returns_rows,
-            execute_write_columns=execute_write_columns,
-            execute_write_display_rows=execute_write_display_rows,
-            execute_write_truncated=cursor.truncated,
-        )
-
-
-class ExecuteWriteAnalyzeView(BaseView):
-    name = "execute-write-analyze"
-    has_json_alternate = False
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        if not await self.ds.allowed(
-            action="execute-write-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _block_framing(
-                _error(["Permission denied: need execute-write-sql"], 403)
-            )
-
-        invalid_keys = set(request.args) - {"sql"}
-        if invalid_keys:
-            return _block_framing(
-                _error(
-                    ["Invalid keys: {}".format(", ".join(sorted(invalid_keys)))],
-                    400,
-                )
-            )
-        sql = request.args.get("sql") or ""
-        return _block_framing(
-            Response.json(
-                await _execute_write_analysis_data(self.ds, db, sql, request.actor)
-            )
-        )
diff --git a/datasette/views/index.py b/datasette/views/index.py
index 6a9462ac..f2e5f774 100644
--- a/datasette/views/index.py
+++ b/datasette/views/index.py
@@ -1,87 +1,41 @@
+import hashlib
 import json
 
-from datasette.plugins import pm
-from datasette.utils import (
-    add_cors_headers,
-    await_me_maybe,
-    make_slot_function,
-    CustomJSONEncoder,
-)
+from datasette.utils import CustomJSONEncoder
 from datasette.utils.asgi import Response
 from datasette.version import __version__
 
 from .base import BaseView
 
+
 # Truncate table list on homepage at:
 TRUNCATE_AT = 5
 
-# Only attempt counts if database less than this size in bytes:
-COUNT_DB_SIZE_LIMIT = 100 * 1024 * 1024
+# Only attempt counts if less than this many tables:
+COUNT_TABLE_LIMIT = 30
 
 
 class IndexView(BaseView):
     name = "index"
 
-    async def get(self, request):
-        as_format = request.url_vars["format"]
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-
-        # Get all allowed databases and tables in bulk
-        db_page = await self.ds.allowed_resources(
-            "view-database", request.actor, include_is_private=True
-        )
-        allowed_databases = [r async for r in db_page.all()]
-        allowed_db_dict = {r.parent: r for r in allowed_databases}
-
-        # Group tables by database
-        tables_by_db = {}
-        table_page = await self.ds.allowed_resources(
-            "view-table", request.actor, include_is_private=True
-        )
-        async for t in table_page.all():
-            if t.parent not in tables_by_db:
-                tables_by_db[t.parent] = {}
-            tables_by_db[t.parent][t.child] = t
+    def __init__(self, datasette):
+        self.ds = datasette
 
+    async def get(self, request, as_format):
         databases = []
-        # Iterate over allowed databases instead of all databases
-        for name in allowed_db_dict.keys():
-            db = self.ds.databases[name]
-            database_private = allowed_db_dict[name].private
-
-            # Get allowed tables/views for this database
-            allowed_for_db = tables_by_db.get(name, {})
-
-            # Get table names from allowed set instead of db.table_names()
-            table_names = [child_name for child_name in allowed_for_db.keys()]
-
+        for name, db in self.ds.databases.items():
+            table_names = await db.table_names()
             hidden_table_names = set(await db.hidden_table_names())
-
-            # Determine which allowed items are views
-            view_names_set = set(await db.view_names())
-            views = [
-                {"name": child_name, "private": resource.private}
-                for child_name, resource in allowed_for_db.items()
-                if child_name in view_names_set
-            ]
-
-            # Filter to just tables (not views) for table processing
-            table_names = [name for name in table_names if name not in view_names_set]
-
+            views = await db.view_names()
             # Perform counts only for immutable or DBS with <= COUNT_TABLE_LIMIT tables
             table_counts = {}
-            if not db.is_mutable or db.size < COUNT_DB_SIZE_LIMIT:
+            if not db.is_mutable or len(table_names) <= COUNT_TABLE_LIMIT:
                 table_counts = await db.table_counts(10)
                 # If any of these are None it means at least one timed out - ignore them all
                 if any(v is None for v in table_counts.values()):
                     table_counts = {}
-
             tables = {}
             for table in table_names:
-                # Check if table is in allowed set
-                if table not in allowed_for_db:
-                    continue
-
                 table_columns = await db.table_columns(table)
                 tables[table] = {
                     "name": table,
@@ -91,16 +45,14 @@ class IndexView(BaseView):
                     "hidden": table in hidden_table_names,
                     "fts_table": await db.fts_table(table),
                     "num_relationships_for_sorting": 0,
-                    "private": allowed_for_db[table].private,
                 }
 
             if request.args.get("_sort") == "relationships" or not table_counts:
                 # We will be sorting by number of relationships, so populate that field
                 all_foreign_keys = await db.get_all_foreign_keys()
                 for table, foreign_keys in all_foreign_keys.items():
-                    if table in tables.keys():
-                        count = len(foreign_keys["incoming"] + foreign_keys["outgoing"])
-                        tables[table]["num_relationships_for_sorting"] = count
+                    count = len(foreign_keys["incoming"] + foreign_keys["outgoing"])
+                    tables[table]["num_relationships_for_sorting"] = count
 
             hidden_tables = [t for t in tables.values() if t["hidden"]]
             visible_tables = [t for t in tables.values() if not t["hidden"]]
@@ -120,15 +72,17 @@ class IndexView(BaseView):
             # Only add views if this is less than TRUNCATE_AT
             if len(tables_and_views_truncated) < TRUNCATE_AT:
                 num_views_to_add = TRUNCATE_AT - len(tables_and_views_truncated)
-                for view in views[:num_views_to_add]:
-                    tables_and_views_truncated.append(view)
+                for view_name in views[:num_views_to_add]:
+                    tables_and_views_truncated.append({"name": view_name})
 
             databases.append(
                 {
                     "name": name,
                     "hash": db.hash,
-                    "color": db.color,
-                    "path": self.ds.urls.database(name),
+                    "color": db.hash[:6]
+                    if db.hash
+                    else hashlib.md5(name.encode("utf8")).hexdigest()[:6],
+                    "path": self.database_url(name),
                     "tables_and_views_truncated": tables_and_views_truncated,
                     "tables_and_views_more": (len(visible_tables) + len(views))
                     > TRUNCATE_AT,
@@ -140,50 +94,25 @@ class IndexView(BaseView):
                     ),
                     "hidden_tables_count": len(hidden_tables),
                     "views_count": len(views),
-                    "private": database_private,
                 }
             )
 
         if as_format:
             headers = {}
             if self.ds.cors:
-                add_cors_headers(headers)
+                headers["Access-Control-Allow-Origin"] = "*"
             return Response(
-                json.dumps(
-                    {
-                        "databases": {db["name"]: db for db in databases},
-                        "metadata": await self.ds.get_instance_metadata(),
-                    },
-                    cls=CustomJSONEncoder,
-                ),
+                json.dumps({db["name"]: db for db in databases}, cls=CustomJSONEncoder),
                 content_type="application/json; charset=utf-8",
                 headers=headers,
             )
         else:
-            homepage_actions = []
-            for hook in pm.hook.homepage_actions(
-                datasette=self.ds,
-                actor=request.actor,
-                request=request,
-            ):
-                extra_links = await await_me_maybe(hook)
-                if extra_links:
-                    homepage_actions.extend(extra_links)
-            alternative_homepage = request.path == "/-/"
             return await self.render(
-                ["default:index.html" if alternative_homepage else "index.html"],
+                ["index.html"],
                 request=request,
                 context={
                     "databases": databases,
-                    "metadata": await self.ds.get_instance_metadata(),
+                    "metadata": self.ds.metadata(),
                     "datasette_version": __version__,
-                    "private": not await self.ds.allowed(
-                        action="view-instance", actor=None
-                    ),
-                    "top_homepage": make_slot_function(
-                        "top_homepage", self.ds, request
-                    ),
-                    "homepage_actions": homepage_actions,
-                    "noindex": request.path == "/-/",
                 },
             )
diff --git a/datasette/views/query_helpers.py b/datasette/views/query_helpers.py
deleted file mode 100644
index 026a999f..00000000
--- a/datasette/views/query_helpers.py
+++ /dev/null
@@ -1,638 +0,0 @@
-import json
-import re
-
-from datasette.resources import DatabaseResource
-from datasette.stored_queries import (
-    StoredQuery,
-)
-from datasette.write_sql import (
-    IgnoreWriteSqlOperation,
-    QueryWriteRejected,
-    RequireWriteSqlPermissions,
-    decision_for_write_sql_operation,
-    operation_is_write,
-)
-from datasette.utils import (
-    named_parameters as derive_named_parameters,
-    escape_sqlite,
-    path_from_row_pks,
-    sqlite3,
-    validate_sql_select,
-    InvalidSql,
-)
-from datasette.utils.asgi import Forbidden
-from datasette.utils.sql_analysis import Operation, SQLAnalysis
-
-_query_name_re = re.compile(r"^[^/\.\n]+$")
-
-_query_fields = {
-    "sql",
-    "title",
-    "description",
-    "hide_sql",
-    "fragment",
-    "parameters",
-    "params",
-    "is_private",
-    "on_success_message",
-    "on_success_redirect",
-    "on_error_message",
-    "on_error_redirect",
-}
-
-_query_create_fields = _query_fields | {"name", "mode", "csrftoken"}
-_query_update_fields = _query_fields
-_query_write_fields = {
-    "on_success_message",
-    "on_success_redirect",
-    "on_error_message",
-    "on_error_redirect",
-}
-
-SQL_PARAMETER_FORM_PREFIX = "_sql_param_"
-
-
-class QueryValidationError(Exception):
-    def __init__(self, message, status=400, *, flash=False):
-        self.message = message
-        self.status = status
-        self.flash = flash
-        super().__init__(message)
-
-
-def _actor_id(actor):
-    if isinstance(actor, dict):
-        return actor.get("id")
-    return None
-
-
-def _as_bool(value):
-    if isinstance(value, bool):
-        return value
-    if value is None:
-        return False
-    if isinstance(value, int):
-        return bool(value)
-    if isinstance(value, str):
-        return value.lower() in {"1", "true", "t", "yes", "on"}
-    return bool(value)
-
-
-def _as_optional_bool(value, name):
-    if value is None or value == "":
-        return None
-    if isinstance(value, bool):
-        return value
-    if isinstance(value, int):
-        return bool(value)
-    if isinstance(value, str):
-        lowered = value.lower()
-        if lowered in {"1", "true", "t", "yes", "on"}:
-            return True
-        if lowered in {"0", "false", "f", "no", "off"}:
-            return False
-    raise QueryValidationError("{} must be 0 or 1".format(name))
-
-
-def _query_list_limit(value, default=50):
-    if value in (None, ""):
-        return default
-    try:
-        return min(max(1, int(value)), 1000)
-    except ValueError as ex:
-        raise QueryValidationError("_size must be an integer") from ex
-
-
-def _derived_query_parameters(sql):
-    parameters = []
-    seen = set()
-    for parameter in derive_named_parameters(sql):
-        if parameter.startswith("_"):
-            raise QueryValidationError("Magic parameters are not allowed")
-        if parameter not in seen:
-            parameters.append(parameter)
-            seen.add(parameter)
-    return parameters
-
-
-def _coerce_query_parameters(value, derived):
-    if value is None:
-        return derived
-    if isinstance(value, str):
-        parameters = [
-            parameter.strip()
-            for parameter in re.split(r"[\s,]+", value)
-            if parameter.strip()
-        ]
-    elif isinstance(value, list):
-        parameters = value
-    else:
-        raise QueryValidationError("parameters must be a list of strings")
-    if not all(isinstance(parameter, str) for parameter in parameters):
-        raise QueryValidationError("parameters must be a list of strings")
-    if any(parameter.startswith("_") for parameter in parameters):
-        raise QueryValidationError("Magic parameters are not allowed")
-    if set(parameters) != set(derived):
-        raise QueryValidationError("parameters must match SQL named parameters")
-    return parameters
-
-
-def _analysis_is_write(analysis: SQLAnalysis) -> bool:
-    return any(operation_is_write(operation) for operation in analysis.operations)
-
-
-def _block_framing(response):
-    response.headers["Content-Security-Policy"] = "frame-ancestors 'none'"
-    response.headers["X-Frame-Options"] = "DENY"
-    return response
-
-
-def _wants_json(request, is_json, data):
-    return (
-        is_json
-        or request.headers.get("accept") == "application/json"
-        or (isinstance(data, dict) and data.get("_json"))
-    )
-
-
-def _query_create_form_error_message(message):
-    return {
-        "Query name is required": "URL is required",
-        "Invalid query name": "Invalid URL",
-        "Query name conflicts with a table or view": (
-            "URL conflicts with an existing table or view"
-        ),
-        "Query already exists": "A query already exists at that URL",
-    }.get(message, message)
-
-
-async def _json_or_form_payload(request):
-    content_type = request.headers.get("content-type", "")
-    if content_type.startswith("application/json"):
-        body = await request.post_body()
-        try:
-            return json.loads(body or b"{}"), True
-        except json.JSONDecodeError as e:
-            raise QueryValidationError("Invalid JSON: {}".format(e))
-    return await request.post_vars(), False
-
-
-async def _check_query_name(db, name, *, existing=False):
-    if not name or not isinstance(name, str):
-        raise QueryValidationError("Query name is required")
-    if not _query_name_re.match(name):
-        raise QueryValidationError("Invalid query name")
-    if not existing and (await db.table_exists(name) or await db.view_exists(name)):
-        raise QueryValidationError("Query name conflicts with a table or view")
-
-
-async def _analyze_user_query(datasette, db, sql, *, actor):
-    if not sql or not isinstance(sql, str):
-        raise QueryValidationError("SQL is required")
-    derived = _derived_query_parameters(sql)
-    params = {parameter: "" for parameter in derived}
-    try:
-        analysis = await db.analyze_sql(sql, params)
-    except sqlite3.DatabaseError as ex:
-        raise QueryValidationError("Could not analyze query: {}".format(ex)) from ex
-
-    is_write = _analysis_is_write(analysis)
-    if is_write:
-        try:
-            await datasette.ensure_query_write_permissions(
-                db.name, sql, actor=actor, analysis=analysis
-            )
-        except QueryWriteRejected as ex:
-            raise QueryValidationError(ex.message, status=403, flash=True) from ex
-        except Forbidden as ex:
-            raise QueryValidationError(str(ex), status=403) from ex
-    else:
-        try:
-            validate_sql_select(sql)
-        except InvalidSql as ex:
-            raise QueryValidationError(str(ex)) from ex
-    return is_write, derived, analysis
-
-
-def _display_operations(analysis: SQLAnalysis) -> list[Operation]:
-    operations = []
-    for operation in analysis.operations:
-        if isinstance(
-            decision_for_write_sql_operation(operation), IgnoreWriteSqlOperation
-        ):
-            continue
-        operations.append(operation)
-    return operations
-
-
-def _analysis_rows(analysis: SQLAnalysis) -> list[dict[str, object]]:
-    rows = []
-    for operation in _display_operations(analysis):
-        decision = decision_for_write_sql_operation(operation)
-        required_permission = (
-            ", ".join(permission.action for permission in decision.permissions)
-            if isinstance(decision, RequireWriteSqlPermissions)
-            else ""
-        )
-        rows.append(
-            {
-                "operation": operation.operation,
-                "database": operation.database,
-                "table": operation.table or operation.target,
-                "required_permission": required_permission,
-                "source": operation.source,
-            }
-        )
-    return rows
-
-
-async def _analysis_rows_with_permissions(
-    datasette, analysis: SQLAnalysis, actor
-) -> list[dict[str, object]]:
-    rows = _analysis_rows(analysis)
-    is_write = _analysis_is_write(analysis)
-    for row, operation in zip(rows, _display_operations(analysis)):
-        decision = decision_for_write_sql_operation(operation)
-        if isinstance(decision, RequireWriteSqlPermissions):
-            row["allowed"] = True
-            for permission in decision.permissions:
-                if not await datasette.allowed(
-                    action=permission.action,
-                    resource=permission.resource,
-                    actor=actor,
-                ):
-                    row["allowed"] = False
-                    break
-        elif is_write:
-            row["allowed"] = False
-        else:
-            row["allowed"] = None
-    return rows
-
-
-def _execute_write_disabled_reason(sql, analysis_error, analysis_rows):
-    if not (sql and sql.strip()):
-        return "Enter writable SQL before executing."
-    if analysis_error:
-        return analysis_error
-    if any(row.get("allowed") is False for row in analysis_rows):
-        return "You do not have permission for every operation listed above."
-    return None
-
-
-def _coerce_execute_write_payload(data, is_json):
-    if not isinstance(data, dict):
-        raise QueryValidationError("JSON must be a dictionary")
-    if is_json:
-        invalid_keys = set(data) - {"sql", "params"}
-        if invalid_keys:
-            raise QueryValidationError(
-                "Invalid keys: {}".format(", ".join(sorted(invalid_keys)))
-            )
-        params = data.get("params") or {}
-    else:
-        params = {}
-        for key, value in data.items():
-            if key in {"sql", "csrftoken", "_json"}:
-                continue
-            if key.startswith(SQL_PARAMETER_FORM_PREFIX):
-                key = key[len(SQL_PARAMETER_FORM_PREFIX) :]
-            params[key] = value
-    if not isinstance(params, dict):
-        raise QueryValidationError("params must be a dictionary")
-    return data.get("sql"), params
-
-
-async def _prepare_execute_write(datasette, db, sql, params, actor):
-    if not sql or not isinstance(sql, str):
-        raise QueryValidationError("SQL is required")
-    parameter_names = _derived_query_parameters(sql)
-    extra_params = set(params) - set(parameter_names)
-    if extra_params:
-        raise QueryValidationError(
-            "Unknown parameters: {}".format(", ".join(sorted(extra_params)))
-        )
-    params = {name: params.get(name, "") for name in parameter_names}
-    try:
-        analysis = await db.analyze_sql(sql, params)
-    except sqlite3.DatabaseError as ex:
-        raise QueryValidationError("Could not analyze query: {}".format(ex)) from ex
-    if not _analysis_is_write(analysis):
-        raise QueryValidationError(
-            "Use /-/query for read-only SQL; this endpoint only executes writes"
-        )
-    try:
-        await datasette.ensure_query_write_permissions(
-            db.name, sql, actor=actor, analysis=analysis
-        )
-    except QueryWriteRejected as ex:
-        raise QueryValidationError(ex.message, status=403, flash=True) from ex
-    except Forbidden as ex:
-        raise QueryValidationError(str(ex), status=403) from ex
-    return parameter_names, params, analysis
-
-
-async def _ensure_stored_query_execution_permissions(
-    datasette, db, query: StoredQuery, actor
-):
-    if query.is_trusted:
-        return
-    if query.is_write:
-        await datasette.ensure_permission(
-            action="execute-write-sql",
-            resource=DatabaseResource(db.name),
-            actor=actor,
-        )
-        await datasette.ensure_query_write_permissions(db.name, query.sql, actor=actor)
-    else:
-        await datasette.ensure_permission(
-            action="execute-sql",
-            resource=DatabaseResource(db.name),
-            actor=actor,
-        )
-
-
-async def _execute_write_analysis_data(datasette, db, sql, actor):
-    parameter_names = []
-    analysis_rows = []
-    analysis_error = None
-    if sql:
-        try:
-            parameter_names = _derived_query_parameters(sql)
-            params = {parameter: "" for parameter in parameter_names}
-            analysis = await db.analyze_sql(sql, params)
-            if _analysis_is_write(analysis):
-                analysis_rows = await _analysis_rows_with_permissions(
-                    datasette, analysis, actor
-                )
-            else:
-                analysis_error = (
-                    "Use /-/query for read-only SQL; "
-                    "this endpoint only executes writes"
-                )
-        except (QueryValidationError, sqlite3.DatabaseError) as ex:
-            analysis_error = getattr(ex, "message", str(ex))
-    execute_disabled_reason = _execute_write_disabled_reason(
-        sql, analysis_error, analysis_rows
-    )
-    return {
-        "ok": analysis_error is None,
-        "parameters": parameter_names,
-        "analysis_error": analysis_error,
-        "analysis_rows": analysis_rows,
-        "execute_disabled": bool(execute_disabled_reason),
-        "execute_disabled_reason": execute_disabled_reason,
-    }
-
-
-async def _query_create_analysis_data(datasette, db, sql, actor):
-    has_sql = bool(sql and sql.strip())
-    parameter_names = []
-    analysis_rows = []
-    analysis_error = None
-    analysis: SQLAnalysis | None = None
-    if has_sql:
-        try:
-            parameter_names = _derived_query_parameters(sql)
-            params = {parameter: "" for parameter in parameter_names}
-            analysis = await db.analyze_sql(sql, params)
-            analysis_rows = await _analysis_rows_with_permissions(
-                datasette, analysis, actor
-            )
-        except (QueryValidationError, sqlite3.DatabaseError) as ex:
-            analysis_error = getattr(ex, "message", str(ex))
-    return {
-        "ok": analysis_error is None,
-        "parameters": parameter_names,
-        "analysis_error": analysis_error,
-        "analysis_rows": analysis_rows,
-        "has_sql": has_sql,
-        "analysis_is_write": _analysis_is_write(analysis) if analysis else False,
-        "save_disabled": bool(
-            (not has_sql)
-            or analysis_error
-            or any(row["allowed"] is False for row in analysis_rows)
-        ),
-    }
-
-
-async def _query_create_form_context(
-    datasette,
-    request,
-    db,
-    *,
-    sql="",
-    name="",
-    title="",
-    description="",
-    is_private=True,
-):
-    analysis_data = await _query_create_analysis_data(datasette, db, sql, request.actor)
-    return {
-        "database": db.name,
-        "database_color": db.color,
-        "sql": sql,
-        "name": name,
-        "title": title,
-        "description": description,
-        "is_private": is_private,
-        **analysis_data,
-    }
-
-
-async def _query_edit_form_context(
-    datasette,
-    request,
-    db,
-    existing: StoredQuery,
-    *,
-    sql=None,
-    title=None,
-    description=None,
-    is_private=None,
-):
-    sql = existing.sql if sql is None else sql
-    title = existing.title if title is None else title
-    description = existing.description if description is None else description
-    is_private = existing.is_private if is_private is None else is_private
-    analysis_data = await _query_create_analysis_data(datasette, db, sql, request.actor)
-    return {
-        "database": db.name,
-        "database_color": db.color,
-        "name": existing.name,
-        "sql": sql,
-        "title": title or "",
-        "description": description or "",
-        "is_private": is_private,
-        "query_url": datasette.urls.table(db.name, existing.name),
-        **analysis_data,
-    }
-
-
-async def _inserted_row_url(datasette, db, analysis, cursor):
-    if cursor.rowcount != 1:
-        return None
-    lastrowid = getattr(cursor, "lastrowid", None)
-    if lastrowid is None:
-        return None
-    direct_inserts = [
-        operation
-        for operation in analysis.operations
-        if operation.operation == "insert"
-        and operation.target_type == "table"
-        and not operation.internal
-        and operation.source is None
-        and operation.database == db.name
-    ]
-    if len(direct_inserts) != 1:
-        return None
-    table = direct_inserts[0].table
-    if table is None:
-        return None
-    pks = await db.primary_keys(table)
-    use_rowid = not pks
-    select = (
-        "rowid"
-        if use_rowid
-        else ", ".join(escape_sqlite(primary_key) for primary_key in pks)
-    )
-    try:
-        result = await db.execute(
-            "select {} from {} where rowid = ?".format(select, escape_sqlite(table)),
-            [lastrowid],
-        )
-    except sqlite3.DatabaseError:
-        return None
-    row = result.first()
-    if row is None:
-        return None
-    row_path = path_from_row_pks(row, pks, use_rowid)
-    return datasette.urls.row(db.name, table, row_path)
-
-
-def _apply_query_data_types(data):
-    typed = dict(data)
-    for key in ("hide_sql", "is_private"):
-        if key in typed:
-            typed[key] = _as_bool(typed[key])
-    return typed
-
-
-async def _prepare_query_create(datasette, request, db, data):
-    invalid_keys = set(data) - _query_create_fields
-    if invalid_keys:
-        raise QueryValidationError(
-            "Invalid keys: {}".format(", ".join(sorted(invalid_keys)))
-        )
-
-    data = _apply_query_data_types(data)
-    name = data.get("name")
-    await _check_query_name(db, name)
-    if await datasette.get_query(db.name, name) is not None:
-        raise QueryValidationError("Query already exists")
-
-    is_write, derived, analysis = await _analyze_user_query(
-        datasette,
-        db,
-        data.get("sql"),
-        actor=request.actor,
-    )
-    if not is_write and any(data.get(field) for field in _query_write_fields):
-        raise QueryValidationError("Writable query fields require writable SQL")
-
-    parameters = _coerce_query_parameters(
-        data.get("parameters", data.get("params")),
-        derived,
-    )
-    return {
-        "name": name,
-        "sql": data["sql"],
-        "title": data.get("title"),
-        "description": data.get("description"),
-        "hide_sql": _as_bool(data.get("hide_sql")),
-        "fragment": data.get("fragment"),
-        "parameters": parameters,
-        "is_write": is_write,
-        "is_private": _as_bool(data.get("is_private", True)),
-        "is_trusted": False,
-        "source": "user",
-        "owner_id": _actor_id(request.actor),
-        "on_success_message": data.get("on_success_message"),
-        "on_success_redirect": data.get("on_success_redirect"),
-        "on_error_message": data.get("on_error_message"),
-        "on_error_redirect": data.get("on_error_redirect"),
-        "analysis": analysis,
-    }
-
-
-async def _prepare_query_update(datasette, request, db, existing: StoredQuery, update):
-    invalid_keys = set(update) - _query_update_fields
-    if invalid_keys:
-        raise QueryValidationError(
-            "Invalid keys: {}".format(", ".join(sorted(invalid_keys)))
-        )
-
-    update = _apply_query_data_types(update)
-    sql = update.get("sql", existing.sql)
-    query_is_write = existing.is_write
-    derived = _derived_query_parameters(sql)
-    parameters = None
-
-    if "sql" in update:
-        query_is_write, derived, _ = await _analyze_user_query(
-            datasette,
-            db,
-            sql,
-            actor=request.actor,
-        )
-
-    if "parameters" in update or "params" in update:
-        parameters = _coerce_query_parameters(
-            update.get("parameters", update.get("params")),
-            derived,
-        )
-    elif "sql" in update:
-        parameters = derived
-
-    if not query_is_write and any(update.get(field) for field in _query_write_fields):
-        raise QueryValidationError("Writable query fields require writable SQL")
-
-    field_values = {
-        "sql": sql,
-        "title": update.get("title"),
-        "description": update.get("description"),
-        "hide_sql": update.get("hide_sql"),
-        "fragment": update.get("fragment"),
-        "parameters": parameters,
-        "is_write": query_is_write,
-        "is_private": update.get("is_private"),
-        "on_success_message": update.get("on_success_message"),
-        "on_success_redirect": update.get("on_success_redirect"),
-        "on_error_message": update.get("on_error_message"),
-        "on_error_redirect": update.get("on_error_redirect"),
-    }
-    update_kwargs = {}
-    for field_name, value in field_values.items():
-        if field_name in update:
-            update_kwargs[field_name] = value
-    if parameters is not None:
-        update_kwargs["parameters"] = parameters
-    if "sql" in update:
-        update_kwargs["is_write"] = query_is_write
-    return update_kwargs
-
-
-async def _table_columns(datasette, database_name):
-    internal_db = datasette.get_internal_database()
-    result = await internal_db.execute(
-        "select table_name, name from catalog_columns where database_name = ?",
-        [database_name],
-    )
-    table_columns = {}
-    for row in result.rows:
-        table_columns.setdefault(row["table_name"], []).append(row["name"])
-    # Add views
-    db = datasette.get_database(database_name)
-    for view_name in await db.view_names():
-        table_columns[view_name] = []
-    return table_columns
diff --git a/datasette/views/row.py b/datasette/views/row.py
deleted file mode 100644
index 129216b9..00000000
--- a/datasette/views/row.py
+++ /dev/null
@@ -1,870 +0,0 @@
-import asyncio
-import json
-import textwrap
-import time
-import urllib.parse
-from dataclasses import dataclass, field
-
-import markupsafe
-import sqlite_utils
-
-from datasette.utils.asgi import NotFound, Forbidden, Response
-from datasette.database import QueryInterrupted
-from datasette.events import UpdateRowEvent, DeleteRowEvent
-from datasette.resources import TableResource
-from .base import BaseView, DatasetteError, _error, stream_csv
-from datasette.utils import (
-    add_cors_headers,
-    await_me_maybe,
-    call_with_supported_arguments,
-    CustomRow,
-    InvalidSql,
-    make_slot_function,
-    path_from_row_pks,
-    path_with_added_args,
-    path_with_format,
-    path_with_removed_args,
-    to_css_class,
-    escape_sqlite,
-    sqlite3,
-)
-from datasette.plugins import pm
-from datasette.extras import extra_names_from_request, ExtraScope
-from . import Context, from_extra
-from .table import (
-    display_columns_and_rows,
-    _table_page_data,
-    row_label_from_label_column,
-)
-from .table_extras import RowExtraContext, resolve_row_extras, table_extra_registry
-
-
-@dataclass
-class RowContext(Context):
-    "The page showing an individual row, e.g. /fixtures/facetable/1."
-
-    documented_template = "row.html"
-    extras_scope = ExtraScope.ROW
-
-    # Fields resolved by registered extras - their documentation comes
-    # from the description on each Extra class in table_extras.py
-    columns: list = from_extra()
-    database: str = from_extra()
-    database_color: str = from_extra()
-    foreign_key_tables: list = from_extra()
-    metadata: dict = from_extra()
-    primary_keys: list = from_extra()
-    private: bool = from_extra()
-    table: str = from_extra()
-
-    # Fields added by the view code
-    ok: bool = field(
-        metadata={"help": "True if the data for this page was retrieved without errors"}
-    )
-    rows: list = field(
-        metadata={
-            "help": "A single-item list containing this row as a dictionary mapping column name to raw value."
-        }
-    )
-    primary_key_values: list = field(
-        metadata={"help": "Values of the primary keys for this row, from the URL"}
-    )
-    query_ms: float = field(
-        metadata={
-            "help": "Time taken by the SQL queries for this page, in milliseconds"
-        }
-    )
-    display_columns: list = field(
-        metadata={
-            "help": "Column metadata used by the HTML table display. Each item includes ``name``, ``sortable``, ``is_pk``, ``type``, ``notnull``, ``description``, ``column_type`` and ``column_type_config`` keys."
-        }
-    )
-    display_rows: list = field(
-        metadata={
-            "help": "Rows formatted for the HTML table display. Each row is iterable and contains cell dictionaries with ``column``, ``value``, ``raw`` and ``value_type`` keys."
-        }
-    )
-    custom_table_templates: list = field(
-        metadata={
-            "help": "Custom template names that were considered for displaying this row's table, in lookup order."
-        }
-    )
-    row_actions: list = field(
-        metadata={
-            "help": 'Row actions made available by core and plugin hooks. Each item is either a link with ``href``, ``label`` and optional ``description`` keys, or a button with ``type: "button"``, ``label``, optional ``description`` and optional ``attrs``. See :ref:`plugin_actions` and :ref:`plugin_hook_row_actions`.'
-        }
-    )
-    row_mutation_ui: bool = field(
-        metadata={"help": "True if the row edit/delete JavaScript UI should be enabled"}
-    )
-    table_page_data: dict = field(
-        metadata={
-            "help": "JSON data used by JavaScript on the row page. Includes ``database``, ``table`` and ``tableUrl``, plus optional ``foreignKeys`` mapping column names to autocomplete URLs."
-        }
-    )
-    top_row: callable = field(
-        metadata={
-            "help": "Async callable that renders the ``top_row`` plugin slot for this row and returns HTML."
-        }
-    )
-    renderers: dict = field(
-        metadata={
-            "help": "Dictionary mapping output format names such as ``json`` to URLs for this row in that format."
-        }
-    )
-    url_csv: str = field(metadata={"help": "URL for the CSV export of this page"})
-    url_csv_path: str = field(metadata={"help": "Path portion of the CSV export URL"})
-    url_csv_hidden_args: list = field(
-        metadata={
-            "help": "List of ``(name, value)`` pairs for hidden form fields used by the CSV export form, preserving current options while forcing ``_size=max``."
-        }
-    )
-    settings: dict = field(
-        metadata={
-            "help": "Dictionary of Datasette's current settings, keyed by setting name."
-        }
-    )
-    select_templates: list = field(
-        metadata={
-            "help": "List of template names that were considered for this page, with the selected template prefixed by ``*``."
-        }
-    )
-    alternate_url_json: str = field(
-        metadata={"help": "URL for the JSON version of this page"}
-    )
-
-
-class RowView(BaseView):
-    name = "row"
-
-    def redirect(self, request, path, forward_querystring=True, remove_args=None):
-        if request.query_string and "?" not in path and forward_querystring:
-            path = f"{path}?{request.query_string}"
-        if remove_args:
-            path = path_with_removed_args(request, remove_args, path=path)
-        response = Response.redirect(path)
-        response.headers["Link"] = f"<{path}>; rel=preload"
-        if self.ds.cors:
-            add_cors_headers(response.headers)
-        return response
-
-    async def as_csv(self, request, database):
-        return await stream_csv(self.ds, self.data, request, database)
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        database = db.name
-        database_route = db.route
-        format_ = request.url_vars.get("format") or "html"
-        data_kwargs = {}
-
-        if format_ == "csv":
-            return await self.as_csv(request, database_route)
-
-        if format_ == "html":
-            # HTML views default to expanding all foreign key labels
-            data_kwargs["default_labels"] = True
-
-        extra_template_data = {}
-        start = time.perf_counter()
-        status_code = None
-        templates = ()
-        try:
-            response_or_template_contexts = await self.data(request, **data_kwargs)
-            if isinstance(response_or_template_contexts, Response):
-                return response_or_template_contexts
-            # If it has four items, it includes an HTTP status code
-            if len(response_or_template_contexts) == 4:
-                (
-                    data,
-                    extra_template_data,
-                    templates,
-                    status_code,
-                ) = response_or_template_contexts
-            else:
-                data, extra_template_data, templates = response_or_template_contexts
-        except QueryInterrupted as ex:
-            raise DatasetteError(
-                textwrap.dedent("""
-                
    SQL query took too long. The time limit is controlled by the
-                sql_time_limit_ms
-                configuration option.
    
-                
-                
-            """.format(markupsafe.escape(ex.sql))).strip(),
-                title="SQL Interrupted",
-                status=400,
-                message_is_html=True,
-            )
-        except (sqlite3.OperationalError, InvalidSql) as e:
-            raise DatasetteError(str(e), title="Invalid SQL", status=400)
-        except sqlite3.OperationalError as e:
-            raise DatasetteError(str(e))
-        except DatasetteError:
-            raise
-
-        end = time.perf_counter()
-        data["query_ms"] = (end - start) * 1000
-
-        # Special case for .jsono extension - redirect to _shape=objects
-        if format_ == "jsono":
-            return self.redirect(
-                request,
-                path_with_added_args(
-                    request,
-                    {"_shape": "objects"},
-                    path=request.path.rsplit(".jsono", 1)[0] + ".json",
-                ),
-                forward_querystring=False,
-            )
-
-        if format_ in self.ds.renderers.keys():
-            # Dispatch request to the correct output format renderer
-            # (CSV is not handled here due to streaming)
-            result = call_with_supported_arguments(
-                self.ds.renderers[format_][0],
-                datasette=self.ds,
-                columns=data.get("columns") or [],
-                rows=data.get("rows") or [],
-                sql=data.get("query", {}).get("sql", None),
-                query_name=data.get("query_name"),
-                database=database,
-                table=data.get("table"),
-                request=request,
-                view_name=self.name,
-                truncated=False,  # TODO: support this
-                error=data.get("error"),
-                # These will be deprecated in Datasette 1.0:
-                args=request.args,
-                data=data,
-            )
-            if asyncio.iscoroutine(result):
-                result = await result
-            if result is None:
-                raise NotFound("No data")
-            if isinstance(result, dict):
-                response = Response(
-                    body=result.get("body"),
-                    status=result.get("status_code", status_code or 200),
-                    content_type=result.get("content_type", "text/plain"),
-                    headers=result.get("headers"),
-                )
-            elif isinstance(result, Response):
-                response = result
-                if status_code is not None:
-                    # Over-ride the status code
-                    response.status = status_code
-            else:
-                assert False, f"{result} should be dict or Response"
-        elif format_ == "html":
-            response = await self.html(request, data, extra_template_data, templates)
-            if status_code is not None:
-                response.status = status_code
-        else:
-            raise NotFound("Invalid format: {}".format(format_))
-
-        ttl = request.args.get("_ttl", None)
-        if ttl is None or not ttl.isdigit():
-            ttl = self.ds.setting("default_cache_ttl")
-
-        return self.set_response_headers(response, ttl)
-
-    async def html(self, request, data, extra_template_data, templates):
-        extras = {}
-        if callable(extra_template_data):
-            extras = extra_template_data()
-            if asyncio.iscoroutine(extras):
-                extras = await extras
-        else:
-            extras = extra_template_data
-
-        url_labels_extra = {}
-        if data.get("expandable_columns"):
-            url_labels_extra = {"_labels": "on"}
-
-        renderers = {}
-        for key, (_, can_render) in self.ds.renderers.items():
-            it_can_render = call_with_supported_arguments(
-                can_render,
-                datasette=self.ds,
-                columns=data.get("columns") or [],
-                rows=data.get("rows") or [],
-                sql=data.get("query", {}).get("sql", None),
-                query_name=data.get("query_name"),
-                database=data.get("database"),
-                table=data.get("table"),
-                request=request,
-                view_name=self.name,
-            )
-            it_can_render = await await_me_maybe(it_can_render)
-            if it_can_render:
-                renderers[key] = self.ds.urls.path(
-                    path_with_format(
-                        request=request,
-                        path=request.scope.get("route_path"),
-                        format=key,
-                        extra_qs={**url_labels_extra},
-                    )
-                )
-
-        url_csv_args = {"_size": "max", **url_labels_extra}
-        url_csv = self.ds.urls.path(
-            path_with_format(
-                request=request,
-                path=request.scope.get("route_path"),
-                format="csv",
-                extra_qs=url_csv_args,
-            )
-        )
-        url_csv_path = url_csv.split("?")[0]
-        context = {**data, **extras}
-        if "metadata" not in context:
-            context["metadata"] = await self.ds.get_instance_metadata()
-
-        environment = self.ds.get_jinja_environment(request)
-        template = environment.select_template(templates)
-        alternate_url_json = self.ds.absolute_url(
-            request,
-            self.ds.urls.path(
-                path_with_format(
-                    request=request,
-                    path=request.scope.get("route_path"),
-                    format="json",
-                )
-            ),
-        )
-        return Response.html(
-            await self.ds.render_template(
-                template,
-                RowContext(
-                    columns=context["columns"],
-                    database=context["database"],
-                    database_color=context["database_color"],
-                    foreign_key_tables=context["foreign_key_tables"],
-                    metadata=context["metadata"],
-                    primary_keys=context["primary_keys"],
-                    private=context["private"],
-                    table=context["table"],
-                    ok=context["ok"],
-                    rows=context["rows"],
-                    primary_key_values=context["primary_key_values"],
-                    query_ms=context["query_ms"],
-                    display_columns=context["display_columns"],
-                    display_rows=context["display_rows"],
-                    custom_table_templates=context["custom_table_templates"],
-                    row_actions=context["row_actions"],
-                    row_mutation_ui=context["row_mutation_ui"],
-                    table_page_data=context["table_page_data"],
-                    top_row=context["top_row"],
-                    renderers=renderers,
-                    url_csv=url_csv,
-                    url_csv_path=url_csv_path,
-                    url_csv_hidden_args=[
-                        (key, value)
-                        for key, value in urllib.parse.parse_qsl(request.query_string)
-                        if key not in ("_labels", "_facet", "_size")
-                    ]
-                    + [("_size", "max")],
-                    settings=self.ds.settings_dict(),
-                    select_templates=[
-                        f"{'*' if template_name == template.name else ''}{template_name}"
-                        for template_name in templates
-                    ],
-                    alternate_url_json=alternate_url_json,
-                ),
-                request=request,
-                view_name=self.name,
-            ),
-            headers={
-                "Link": '<{}>; rel="alternate"; type="application/json+datasette"'.format(
-                    alternate_url_json
-                )
-            },
-        )
-
-    def set_response_headers(self, response, ttl):
-        # Set far-future cache expiry
-        if self.ds.cache_headers and response.status == 200:
-            ttl = int(ttl)
-            if ttl == 0:
-                ttl_header = "no-cache"
-            else:
-                ttl_header = f"max-age={ttl}"
-            response.headers["Cache-Control"] = ttl_header
-        response.headers["Referrer-Policy"] = "no-referrer"
-        if self.ds.cors:
-            add_cors_headers(response.headers)
-        return response
-
-    async def data(self, request, default_labels=False):
-        resolved = await self.ds.resolve_row(request)
-        db = resolved.db
-        database = db.name
-        table = resolved.table
-        pk_values = resolved.pk_values
-
-        # Ensure user has permission to view this row
-        visible, private = await self.ds.check_visibility(
-            request.actor,
-            action="view-table",
-            resource=TableResource(database=database, table=table),
-        )
-        if not visible:
-            raise Forbidden("You do not have permission to view this table")
-
-        results = await resolved.db.execute(
-            resolved.sql, resolved.params, truncate=True
-        )
-        columns = [r[0] for r in results.description]
-        rows = list(results.rows)
-        if not rows:
-            raise NotFound(f"Record not found: {pk_values}")
-
-        pks = resolved.pks
-
-        async def template_data():
-            is_table = await db.table_exists(table)
-            # Reorder columns so primary keys come first
-            pk_set = set(pks)
-            pk_cols = [d for d in results.description if d[0] in pk_set]
-            non_pk_cols = [d for d in results.description if d[0] not in pk_set]
-            reordered_description = pk_cols + non_pk_cols
-            reordered_columns = [d[0] for d in reordered_description]
-
-            # Reorder row data to match
-            reordered_rows = []
-            for row in rows:
-                new_row = CustomRow(reordered_columns)
-                for col in reordered_columns:
-                    new_row[col] = row[col]
-                reordered_rows.append(new_row)
-
-            # Expand foreign key columns into dicts so display_columns_and_rows
-            # renders them as hyperlinks, matching the table view behavior
-            expanded_rows = reordered_rows
-            for fk in await db.foreign_keys_for_table(table):
-                column = fk["column"]
-                if column not in reordered_columns:
-                    continue
-                column_index = reordered_columns.index(column)
-                values = [row[column_index] for row in expanded_rows]
-                expanded_labels = await self.ds.expand_foreign_keys(
-                    request.actor, database, table, column, values
-                )
-                if expanded_labels:
-                    new_rows = []
-                    for row in expanded_rows:
-                        new_row = CustomRow(reordered_columns)
-                        for col in reordered_columns:
-                            value = row[col]
-                            if (
-                                col == column
-                                and (col, value) in expanded_labels
-                                and value is not None
-                            ):
-                                new_row[col] = {
-                                    "value": value,
-                                    "label": expanded_labels[(col, value)],
-                                }
-                            else:
-                                new_row[col] = value
-                        new_rows.append(new_row)
-                    expanded_rows = new_rows
-
-            display_columns, display_rows = await display_columns_and_rows(
-                self.ds,
-                database,
-                table,
-                reordered_description,
-                expanded_rows,
-                link_column=False,
-                truncate_cells=0,
-                request=request,
-            )
-            for column in display_columns:
-                column["sortable"] = False
-
-            # Bold primary key cell values
-            for row in display_rows:
-                for cell in row:
-                    if cell["column"] in pk_set:
-                        cell["value"] = markupsafe.Markup(
-                            "{}".format(cell["value"])
-                        )
-
-            label_column = await db.label_column_for_table(table) if is_table else None
-            row_path = path_from_row_pks(rows[0], pks, False)
-            pk_path = path_from_row_pks(rows[0], pks, False, False)
-            row_label = row_label_from_label_column(expanded_rows[0], label_column)
-            for display_row in display_rows:
-                display_row.pk_path = pk_path
-                display_row.row_path = row_path
-                display_row.row_label = row_label
-
-            row_action_label = pk_path
-            if row_label and row_label != pk_path:
-                row_action_label = "{} {}".format(pk_path, row_label)
-
-            row_action_permissions = {}
-            if is_table and db.is_mutable:
-                row_action_permissions = await self.ds.allowed_many(
-                    actions=["update-row", "delete-row"],
-                    resource=TableResource(database=database, table=table),
-                    actor=request.actor,
-                )
-
-            row_actions = []
-            if row_action_permissions.get("update-row"):
-                attrs = {
-                    "aria-label": "Edit row {}".format(row_action_label),
-                    "data-row": row_path,
-                    "data-row-action": "edit",
-                }
-                if row_label:
-                    attrs["data-row-label"] = row_label
-                row_actions.append(
-                    {
-                        "type": "button",
-                        "label": "Edit row",
-                        "description": "Open a dialog to edit this row.",
-                        "attrs": attrs,
-                    }
-                )
-            if row_action_permissions.get("delete-row"):
-                attrs = {
-                    "aria-label": "Delete row {}".format(row_action_label),
-                    "data-row": row_path,
-                    "data-row-action": "delete",
-                }
-                if row_label:
-                    attrs["data-row-label"] = row_label
-                row_actions.append(
-                    {
-                        "type": "button",
-                        "label": "Delete row",
-                        "description": "Open a confirmation dialog to delete this row.",
-                        "attrs": attrs,
-                    }
-                )
-            for hook in pm.hook.row_actions(
-                datasette=self.ds,
-                actor=request.actor,
-                request=request,
-                database=database,
-                table=table,
-                row=rows[0],
-            ):
-                extra_links = await await_me_maybe(hook)
-                if extra_links:
-                    row_actions.extend(extra_links)
-
-            return {
-                "private": private,
-                "columns": reordered_columns,
-                "foreign_key_tables": await self.foreign_key_tables(
-                    database, table, pk_values
-                ),
-                "database_color": db.color,
-                "display_columns": display_columns,
-                "display_rows": display_rows,
-                "custom_table_templates": [
-                    f"_table-{to_css_class(database)}-{to_css_class(table)}.html",
-                    f"_table-row-{to_css_class(database)}-{to_css_class(table)}.html",
-                    "_table.html",
-                ],
-                "row_mutation_ui": any(row_action_permissions.values()),
-                "table_page_data": await _table_page_data(
-                    datasette=self.ds,
-                    request=request,
-                    db=db,
-                    database_name=database,
-                    table_name=table,
-                    is_view=not is_table,
-                    table_insert_ui=None,
-                    table_alter_ui=None,
-                ),
-                "row_actions": row_actions,
-                "top_row": make_slot_function(
-                    "top_row",
-                    self.ds,
-                    request,
-                    database=resolved.db.name,
-                    table=resolved.table,
-                    row=rows[0],
-                ),
-                "metadata": {},
-            }
-
-        data = {
-            "ok": True,
-            "database": database,
-            "table": table,
-            "rows": rows,
-            "columns": columns,
-            "primary_keys": resolved.pks,
-            "primary_key_values": pk_values,
-        }
-
-        extras = extra_names_from_request(request)
-
-        # Process extras
-        row_extra_context = RowExtraContext(
-            datasette=self.ds,
-            request=request,
-            db=db,
-            database_name=database,
-            table_name=table,
-            private=private,
-            rows=rows,
-            columns=columns,
-            pks=pks,
-            pk_values=pk_values,
-            sql=resolved.sql,
-            params=resolved.params,
-            extras=extras,
-            extra_registry=table_extra_registry,
-            foreign_key_tables=self.foreign_key_tables,
-        )
-        data.update(await resolve_row_extras(extras, row_extra_context))
-
-        return (
-            data,
-            template_data,
-            (
-                f"row-{to_css_class(database)}-{to_css_class(table)}.html",
-                "row.html",
-            ),
-        )
-
-    async def foreign_key_tables(self, database, table, pk_values):
-        if len(pk_values) != 1:
-            return []
-        db = self.ds.databases[database]
-        all_foreign_keys = await db.get_all_foreign_keys()
-        foreign_keys = all_foreign_keys[table]["incoming"]
-        if len(foreign_keys) == 0:
-            return []
-
-        sql = "select " + ", ".join(
-            [
-                "(select count(*) from {table} where {column}=:id)".format(
-                    table=escape_sqlite(fk["other_table"]),
-                    column=escape_sqlite(fk["other_column"]),
-                )
-                for fk in foreign_keys
-            ]
-        )
-        try:
-            rows = list(await db.execute(sql, {"id": pk_values[0]}))
-        except QueryInterrupted:
-            # Almost certainly hit the timeout
-            return []
-
-        foreign_table_counts = dict(
-            zip(
-                [(fk["other_table"], fk["other_column"]) for fk in foreign_keys],
-                list(rows[0]),
-            )
-        )
-        foreign_key_tables = []
-        for fk in foreign_keys:
-            count = (
-                foreign_table_counts.get((fk["other_table"], fk["other_column"])) or 0
-            )
-            key = fk["other_column"]
-            if key.startswith("_"):
-                key += "__exact"
-            link = "{}?{}={}".format(
-                self.ds.urls.table(database, fk["other_table"]),
-                key,
-                ",".join(pk_values),
-            )
-            foreign_key_tables.append({**fk, **{"count": count, "link": link}})
-        return foreign_key_tables
-
-
-class RowError(Exception):
-    def __init__(self, error):
-        self.error = error
-
-
-ROW_FLASH_LABEL_MAX_LENGTH = 80
-
-
-def _truncated_row_flash_label(label):
-    label = " ".join(str(label).split())
-    if len(label) <= ROW_FLASH_LABEL_MAX_LENGTH:
-        return label
-    return label[: ROW_FLASH_LABEL_MAX_LENGTH - 1] + "\u2026"
-
-
-async def _row_flash_message(db, action, resolved, row=None):
-    pk_label = ", ".join(resolved.pk_values)
-    label_column = await db.label_column_for_table(resolved.table)
-    label = row_label_from_label_column(row or resolved.row, label_column)
-    if label:
-        label = _truncated_row_flash_label(label)
-    if label and label != pk_label:
-        return "{} row {} ({})".format(action, pk_label, label)
-    return "{} row {}".format(action, pk_label)
-
-
-async def _resolve_row_and_check_permission(datasette, request, permission):
-    from datasette.app import DatabaseNotFound, TableNotFound, RowNotFound
-
-    try:
-        resolved = await datasette.resolve_row(request)
-    except DatabaseNotFound as e:
-        return False, _error(["Database not found: {}".format(e.database_name)], 404)
-    except TableNotFound as e:
-        return False, _error(["Table not found: {}".format(e.table)], 404)
-    except RowNotFound as e:
-        return False, _error(["Record not found: {}".format(e.pk_values)], 404)
-
-    # Ensure user has permission to delete this row
-    if not await datasette.allowed(
-        action=permission,
-        resource=TableResource(database=resolved.db.name, table=resolved.table),
-        actor=request.actor,
-    ):
-        return False, _error(["Permission denied"], 403)
-
-    return True, resolved
-
-
-class RowDeleteView(BaseView):
-    name = "row-delete"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def post(self, request):
-        ok, resolved = await _resolve_row_and_check_permission(
-            self.ds, request, "delete-row"
-        )
-        if not ok:
-            return resolved
-
-        # Delete table
-        def delete_row(conn):
-            sqlite_utils.Database(conn)[resolved.table].delete(resolved.pk_values)
-
-        try:
-            await resolved.db.execute_write_fn(delete_row, request=request)
-        except Exception as e:
-            return _error([str(e)], 500)
-
-        await self.ds.track_event(
-            DeleteRowEvent(
-                actor=request.actor,
-                database=resolved.db.name,
-                table=resolved.table,
-                pks=resolved.pk_values,
-            )
-        )
-
-        if request.args.get("_redirect_to_table"):
-            table_url = self.ds.urls.table(resolved.db.name, resolved.table)
-            self.ds.add_message(
-                request,
-                await _row_flash_message(resolved.db, "Deleted", resolved),
-                self.ds.INFO,
-            )
-            return Response.json({"ok": True, "redirect": str(table_url)}, status=200)
-
-        return Response.json({"ok": True}, status=200)
-
-
-class RowUpdateView(BaseView):
-    name = "row-update"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def post(self, request):
-        ok, resolved = await _resolve_row_and_check_permission(
-            self.ds, request, "update-row"
-        )
-        if not ok:
-            return resolved
-
-        try:
-            data = await request.json()
-        except json.JSONDecodeError as e:
-            return _error(["Invalid JSON: {}".format(e)])
-
-        if not isinstance(data, dict):
-            return _error(["JSON must be a dictionary"])
-        if "update" not in data or not isinstance(data["update"], dict):
-            return _error(["JSON must contain an update dictionary"])
-
-        invalid_keys = set(data.keys()) - {"update", "return", "alter"}
-        if invalid_keys:
-            return _error(["Invalid keys: {}".format(", ".join(invalid_keys))])
-
-        update = data["update"]
-
-        # Validate column types
-        from datasette.views.table import _validate_column_types
-
-        ct_errors = await _validate_column_types(
-            self.ds, resolved.db.name, resolved.table, [update]
-        )
-        if ct_errors:
-            return _error(ct_errors, 400)
-
-        alter = data.get("alter")
-        if alter and not await self.ds.allowed(
-            action="alter-table",
-            resource=TableResource(database=resolved.db.name, table=resolved.table),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied for alter-table"], 403)
-
-        def update_row(conn):
-            sqlite_utils.Database(conn)[resolved.table].update(
-                resolved.pk_values, update, alter=alter
-            )
-
-        try:
-            await resolved.db.execute_write_fn(update_row, request=request)
-        except Exception as e:
-            return _error([str(e)], 400)
-
-        result = {"ok": True}
-        returned_row = None
-        if data.get("return"):
-            results = await resolved.db.execute(
-                resolved.sql, resolved.params, truncate=True
-            )
-            returned_row = results.dicts()[0]
-            result["row"] = returned_row
-
-        await self.ds.track_event(
-            UpdateRowEvent(
-                actor=request.actor,
-                database=resolved.db.name,
-                table=resolved.table,
-                pks=resolved.pk_values,
-            )
-        )
-
-        if request.args.get("_message"):
-            message_row = returned_row
-            if message_row is None:
-                results = await resolved.db.execute(
-                    resolved.sql, resolved.params, truncate=True
-                )
-                message_row = results.first()
-            self.ds.add_message(
-                request,
-                await _row_flash_message(
-                    resolved.db, "Updated", resolved, row=message_row
-                ),
-                self.ds.INFO,
-            )
-
-        return Response.json(result, status=200)
diff --git a/datasette/views/special.py b/datasette/views/special.py
index 3245bc13..2b31028d 100644
--- a/datasette/views/special.py
+++ b/datasette/views/special.py
@@ -1,1378 +1,34 @@
 import json
-import logging
-from datasette.jump import JumpSQL, namespace_sql_params
-from datasette.plugins import pm
-from datasette.events import LogoutEvent, LoginEvent, CreateTokenEvent
-from datasette.resources import DatabaseResource, TableResource
-from datasette.utils.asgi import Response, Forbidden
-from datasette.utils import (
-    actor_matches_allow,
-    add_cors_headers,
-    await_me_maybe,
-    tilde_encode,
-    tilde_decode,
-)
-from .base import BaseView, View
-import secrets
-import urllib
-
-logger = logging.getLogger(__name__)
-
-
-def _resource_path(parent, child):
-    if parent is None:
-        return "/"
-    if child is None:
-        return f"/{parent}"
-    return f"/{parent}/{child}"
+from datasette.utils.asgi import Response
+from .base import BaseView
 
 
 class JsonDataView(BaseView):
     name = "json_data"
-    template = "show_json.html"  # Can be overridden in subclasses
 
-    def __init__(
-        self,
-        datasette,
-        filename,
-        data_callback,
-        needs_request=False,
-        permission="view-instance",
-        template=None,
-    ):
+    def __init__(self, datasette, filename, data_callback):
         self.ds = datasette
         self.filename = filename
         self.data_callback = data_callback
-        self.needs_request = needs_request
-        self.permission = permission
-        if template is not None:
-            self.template = template
 
-    async def get(self, request):
-        if self.permission:
-            await self.ds.ensure_permission(action=self.permission, actor=request.actor)
-        if self.needs_request:
-            data = self.data_callback(request)
-        else:
-            data = self.data_callback()
-
-        # Return JSON or HTML depending on format parameter
-        as_format = request.url_vars.get("format")
+    async def get(self, request, as_format):
+        data = self.data_callback()
         if as_format:
             headers = {}
             if self.ds.cors:
-                add_cors_headers(headers)
-            return Response.json(data, headers=headers)
+                headers["Access-Control-Allow-Origin"] = "*"
+            return Response(
+                json.dumps(data),
+                content_type="application/json; charset=utf-8",
+                headers=headers,
+            )
+
         else:
-            context = {
-                "filename": self.filename,
-                "data": data,
-                "data_json": json.dumps(data, indent=2, default=repr),
-            }
-            # Add has_debug_permission if this view requires permissions-debug
-            if self.permission == "permissions-debug":
-                context["has_debug_permission"] = True
             return await self.render(
-                [self.template],
+                ["show_json.html"],
                 request=request,
-                context=context,
-            )
-
-
-class PatternPortfolioView(View):
-    async def get(self, request, datasette):
-        await datasette.ensure_permission(action="view-instance", actor=request.actor)
-        return Response.html(
-            await datasette.render_template(
-                "patterns.html",
-                request=request,
-                view_name="patterns",
-            )
-        )
-
-
-class AutocompleteDebugView(BaseView):
-    name = "autocomplete_debug"
-    has_json_alternate = False
-
-    async def _suggested_tables(self, request):
-        scanned = 0
-        reached_scan_limit = False
-        suggestions = []
-        for database_name, db in self.ds.databases.items():
-            if scanned >= 100 or len(suggestions) >= 5:
-                break
-            remaining = 100 - scanned
-            results = await db.execute(
-                "select name from sqlite_master where type = 'table' order by name limit ?",
-                [remaining],
-            )
-            for row in results.rows:
-                table_name = row["name"]
-                scanned += 1
-                if scanned >= 100:
-                    reached_scan_limit = True
-                visible, _ = await self.ds.check_visibility(
-                    request.actor,
-                    action="view-table",
-                    resource=TableResource(database=database_name, table=table_name),
-                )
-                if not visible:
-                    if scanned >= 100:
-                        break
-                    continue
-                label_column = await db.label_column_for_table(table_name)
-                if label_column:
-                    suggestions.append(
-                        {
-                            "database": database_name,
-                            "table": table_name,
-                            "label_column": label_column,
-                            "url": self.ds.urls.path(
-                                "-/debug/autocomplete?"
-                                + urllib.parse.urlencode(
-                                    {
-                                        "database": database_name,
-                                        "table": table_name,
-                                    }
-                                )
-                            ),
-                        }
-                    )
-                    if len(suggestions) >= 5:
-                        break
-                if scanned >= 100:
-                    break
-        return suggestions, scanned, reached_scan_limit
-
-    async def get(self, request):
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-        database_name = request.args.get("database")
-        table_name = request.args.get("table")
-        context = {
-            "database_name": database_name,
-            "table_name": table_name,
-        }
-
-        if database_name or table_name:
-            if not database_name or not table_name:
-                context["error"] = "Both database and table are required."
-            elif database_name not in self.ds.databases:
-                context["error"] = "Database not found."
-            else:
-                db = self.ds.databases[database_name]
-                if not await db.table_exists(table_name):
-                    context["error"] = "Table not found."
-                else:
-                    await self.ds.ensure_permission(
-                        action="view-table",
-                        resource=TableResource(
-                            database=database_name,
-                            table=table_name,
-                        ),
-                        actor=request.actor,
-                    )
-                    context.update(
-                        {
-                            "autocomplete_url": "{}/-/autocomplete".format(
-                                self.ds.urls.table(database_name, table_name)
-                            ),
-                            "label_column": await db.label_column_for_table(table_name),
-                        }
-                    )
-        else:
-            suggestions, scanned, reached_scan_limit = await self._suggested_tables(
-                request
-            )
-            context.update(
-                {
-                    "suggestions": suggestions,
-                    "scanned": scanned,
-                    "reached_scan_limit": reached_scan_limit,
-                }
-            )
-
-        return await self.render(["debug_autocomplete.html"], request, context)
-
-
-class AuthTokenView(BaseView):
-    name = "auth_token"
-    has_json_alternate = False
-
-    async def get(self, request):
-        # If already signed in as root, redirect
-        if request.actor and request.actor.get("id") == "root":
-            return Response.redirect(self.ds.urls.instance())
-        token = request.args.get("token") or ""
-        if not self.ds._root_token:
-            raise Forbidden("Root token has already been used")
-        if secrets.compare_digest(token, self.ds._root_token):
-            self.ds._root_token = None
-            response = Response.redirect(self.ds.urls.instance())
-            root_actor = {"id": "root"}
-            self.ds.set_actor_cookie(response, root_actor)
-            await self.ds.track_event(LoginEvent(actor=root_actor))
-            return response
-        else:
-            raise Forbidden("Invalid token")
-
-
-class LogoutView(BaseView):
-    name = "logout"
-    has_json_alternate = False
-
-    async def get(self, request):
-        if not request.actor:
-            return Response.redirect(self.ds.urls.instance())
-        return await self.render(
-            ["logout.html"],
-            request,
-            {"actor": request.actor},
-        )
-
-    async def post(self, request):
-        response = Response.redirect(self.ds.urls.instance())
-        self.ds.delete_actor_cookie(response)
-        self.ds.add_message(request, "You are now logged out", self.ds.WARNING)
-        await self.ds.track_event(LogoutEvent(actor=request.actor))
-        return response
-
-
-class PermissionsDebugView(BaseView):
-    name = "permissions_debug"
-    has_json_alternate = False
-
-    async def get(self, request):
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-        await self.ds.ensure_permission(action="permissions-debug", actor=request.actor)
-        filter_ = request.args.get("filter") or "all"
-        permission_checks = list(reversed(self.ds._permission_checks))
-        if filter_ == "exclude-yours":
-            permission_checks = [
-                check
-                for check in permission_checks
-                if (check.actor or {}).get("id") != request.actor["id"]
-            ]
-        elif filter_ == "only-yours":
-            permission_checks = [
-                check
-                for check in permission_checks
-                if (check.actor or {}).get("id") == request.actor["id"]
-            ]
-        return await self.render(
-            ["debug_permissions_playground.html"],
-            request,
-            # list() avoids error if check is performed during template render:
-            {
-                "permission_checks": permission_checks,
-                "filter": filter_,
-                "has_debug_permission": True,
-                "permissions": [
-                    {
-                        "name": p.name,
-                        "abbr": p.abbr,
-                        "description": p.description,
-                        "takes_parent": p.takes_parent,
-                        "takes_child": p.takes_child,
-                    }
-                    for p in self.ds.actions.values()
-                ],
-            },
-        )
-
-    async def post(self, request):
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-        await self.ds.ensure_permission(action="permissions-debug", actor=request.actor)
-        form = await request.form()
-        actor = json.loads(form["actor"])
-        permission = form["permission"]
-        parent = form.get("resource_1") or None
-        child = form.get("resource_2") or None
-
-        response, status = await _check_permission_for_actor(
-            self.ds, permission, parent, child, actor
-        )
-        return Response.json(response, status=status)
-
-
-class AllowedResourcesView(BaseView):
-    name = "allowed"
-    has_json_alternate = False
-
-    async def get(self, request):
-        await self.ds.refresh_schemas()
-
-        # Check if user has permissions-debug (to show sensitive fields)
-        has_debug_permission = await self.ds.allowed(
-            action="permissions-debug", actor=request.actor
-        )
-
-        # Check if this is a request for JSON (has .json extension)
-        as_format = request.url_vars.get("format")
-
-        if not as_format:
-            # Render the HTML form (even if query parameters are present)
-            # Put most common/interesting actions first
-            priority_actions = [
-                "view-instance",
-                "view-database",
-                "view-table",
-                "view-query",
-                "execute-sql",
-                "insert-row",
-                "update-row",
-                "delete-row",
-            ]
-            actions = list(self.ds.actions.keys())
-            # Priority actions first (in order), then remaining alphabetically
-            sorted_actions = [a for a in priority_actions if a in actions]
-            sorted_actions.extend(
-                sorted(a for a in actions if a not in priority_actions)
-            )
-
-            return await self.render(
-                ["debug_allowed.html"],
-                request,
-                {
-                    "supported_actions": sorted_actions,
-                    "has_debug_permission": has_debug_permission,
+                context={
+                    "filename": self.filename,
+                    "data_json": json.dumps(data, indent=4),
                 },
             )
-
-        payload, status = await self._allowed_payload(request, has_debug_permission)
-        headers = {}
-        if self.ds.cors:
-            add_cors_headers(headers)
-        return Response.json(payload, status=status, headers=headers)
-
-    async def _allowed_payload(self, request, has_debug_permission):
-        action = request.args.get("action")
-        if not action:
-            return {"error": "action parameter is required"}, 400
-        if action not in self.ds.actions:
-            return {"error": f"Unknown action: {action}"}, 404
-
-        actor = request.actor if isinstance(request.actor, dict) else None
-        actor_id = actor.get("id") if actor else None
-        parent_filter = request.args.get("parent")
-        child_filter = request.args.get("child")
-        if child_filter and not parent_filter:
-            return {"error": "parent must be provided when child is specified"}, 400
-
-        try:
-            page = int(request.args.get("page", "1"))
-            page_size = int(request.args.get("page_size", "50"))
-        except ValueError:
-            return {"error": "page and page_size must be integers"}, 400
-        if page < 1:
-            return {"error": "page must be >= 1"}, 400
-        if page_size < 1:
-            return {"error": "page_size must be >= 1"}, 400
-        max_page_size = 200
-        if page_size > max_page_size:
-            page_size = max_page_size
-        offset = (page - 1) * page_size
-
-        # Use the simplified allowed_resources method
-        # Collect all resources with optional reasons for debugging
-        try:
-            allowed_rows = []
-            result = await self.ds.allowed_resources(
-                action=action,
-                actor=actor,
-                parent=parent_filter,
-                include_reasons=has_debug_permission,
-            )
-            async for resource in result.all():
-                parent_val = resource.parent
-                child_val = resource.child
-
-                # Build resource path
-                if parent_val is None:
-                    resource_path = "/"
-                elif child_val is None:
-                    resource_path = f"/{parent_val}"
-                else:
-                    resource_path = f"/{parent_val}/{child_val}"
-
-                row = {
-                    "parent": parent_val,
-                    "child": child_val,
-                    "resource": resource_path,
-                }
-
-                # Add reason if we have it (from include_reasons=True)
-                if has_debug_permission and hasattr(resource, "reasons"):
-                    row["reason"] = resource.reasons
-
-                allowed_rows.append(row)
-        except Exception:
-            # If catalog tables don't exist yet, return empty results
-            return (
-                {
-                    "action": action,
-                    "actor_id": actor_id,
-                    "page": page,
-                    "page_size": page_size,
-                    "total": 0,
-                    "items": [],
-                },
-                200,
-            )
-
-        # Apply child filter if specified
-        if child_filter is not None:
-            allowed_rows = [row for row in allowed_rows if row["child"] == child_filter]
-
-        # Pagination
-        total = len(allowed_rows)
-        paged_rows = allowed_rows[offset : offset + page_size]
-
-        # Items are already in the right format
-        items = paged_rows
-
-        def build_page_url(page_number):
-            pairs = []
-            for key in request.args:
-                if key in {"page", "page_size"}:
-                    continue
-                for value in request.args.getlist(key):
-                    pairs.append((key, value))
-            pairs.append(("page", str(page_number)))
-            pairs.append(("page_size", str(page_size)))
-            query = urllib.parse.urlencode(pairs)
-            return f"{request.path}?{query}"
-
-        response = {
-            "action": action,
-            "actor_id": actor_id,
-            "page": page,
-            "page_size": page_size,
-            "total": total,
-            "items": items,
-        }
-
-        if total > offset + page_size:
-            response["next_url"] = build_page_url(page + 1)
-        if page > 1:
-            response["previous_url"] = build_page_url(page - 1)
-
-        return response, 200
-
-
-class PermissionRulesView(BaseView):
-    name = "permission_rules"
-    has_json_alternate = False
-
-    async def get(self, request):
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-        await self.ds.ensure_permission(action="permissions-debug", actor=request.actor)
-
-        # Check if this is a request for JSON (has .json extension)
-        as_format = request.url_vars.get("format")
-
-        if not as_format:
-            # Render the HTML form (even if query parameters are present)
-            return await self.render(
-                ["debug_rules.html"],
-                request,
-                {
-                    "sorted_actions": sorted(self.ds.actions.keys()),
-                    "has_debug_permission": True,
-                },
-            )
-
-        # JSON API - action parameter is required
-        action = request.args.get("action")
-        if not action:
-            return Response.json({"error": "action parameter is required"}, status=400)
-        if action not in self.ds.actions:
-            return Response.json({"error": f"Unknown action: {action}"}, status=404)
-
-        actor = request.actor if isinstance(request.actor, dict) else None
-
-        try:
-            page = int(request.args.get("page", "1"))
-            page_size = int(request.args.get("page_size", "50"))
-        except ValueError:
-            return Response.json(
-                {"error": "page and page_size must be integers"}, status=400
-            )
-        if page < 1:
-            return Response.json({"error": "page must be >= 1"}, status=400)
-        if page_size < 1:
-            return Response.json({"error": "page_size must be >= 1"}, status=400)
-        max_page_size = 200
-        if page_size > max_page_size:
-            page_size = max_page_size
-        offset = (page - 1) * page_size
-
-        from datasette.utils.actions_sql import build_permission_rules_sql
-
-        union_sql, union_params, restriction_sqls = await build_permission_rules_sql(
-            self.ds, actor, action
-        )
-        await self.ds.refresh_schemas()
-        db = self.ds.get_internal_database()
-
-        count_query = f"""
-        WITH rules AS (
-            {union_sql}
-        )
-        SELECT COUNT(*) AS count
-        FROM rules
-        """
-        count_row = (await db.execute(count_query, union_params)).first()
-        total = count_row["count"] if count_row else 0
-
-        data_query = f"""
-        WITH rules AS (
-            {union_sql}
-        )
-        SELECT parent, child, allow, reason, source_plugin
-        FROM rules
-        ORDER BY allow DESC, (parent IS NOT NULL), parent, child
-        LIMIT :limit OFFSET :offset
-        """
-        params = {**union_params, "limit": page_size, "offset": offset}
-        rows = await db.execute(data_query, params)
-
-        items = []
-        for row in rows:
-            parent = row["parent"]
-            child = row["child"]
-            items.append(
-                {
-                    "parent": parent,
-                    "child": child,
-                    "resource": _resource_path(parent, child),
-                    "allow": row["allow"],
-                    "reason": row["reason"],
-                    "source_plugin": row["source_plugin"],
-                }
-            )
-
-        def build_page_url(page_number):
-            pairs = []
-            for key in request.args:
-                if key in {"page", "page_size"}:
-                    continue
-                for value in request.args.getlist(key):
-                    pairs.append((key, value))
-            pairs.append(("page", str(page_number)))
-            pairs.append(("page_size", str(page_size)))
-            query = urllib.parse.urlencode(pairs)
-            return f"{request.path}?{query}"
-
-        response = {
-            "action": action,
-            "actor_id": (actor or {}).get("id") if actor else None,
-            "page": page,
-            "page_size": page_size,
-            "total": total,
-            "items": items,
-        }
-
-        if total > offset + page_size:
-            response["next_url"] = build_page_url(page + 1)
-        if page > 1:
-            response["previous_url"] = build_page_url(page - 1)
-
-        headers = {}
-        if self.ds.cors:
-            add_cors_headers(headers)
-        return Response.json(response, headers=headers)
-
-
-async def _check_permission_for_actor(ds, action, parent, child, actor):
-    """Shared logic for checking permissions. Returns a dict with check results."""
-    if action not in ds.actions:
-        return {"error": f"Unknown action: {action}"}, 404
-
-    if child and not parent:
-        return {"error": "parent is required when child is provided"}, 400
-
-    # Use the action's properties to create the appropriate resource object
-    action_obj = ds.actions.get(action)
-    if not action_obj:
-        return {"error": f"Unknown action: {action}"}, 400
-
-    # Global actions (no resource_class) don't have a resource
-    if action_obj.resource_class is None:
-        resource_obj = None
-    elif action_obj.takes_parent and action_obj.takes_child:
-        # Child-level resource (e.g., TableResource, QueryResource). The child
-        # argument is named differently per resource class (table, query, ...),
-        # so pass positionally - https://github.com/simonw/datasette/issues/2756
-        resource_obj = action_obj.resource_class(parent, child)
-    elif action_obj.takes_parent:
-        # Parent-level resource (e.g., DatabaseResource)
-        resource_obj = action_obj.resource_class(parent)
-    else:
-        # This shouldn't happen given validation in Action.__post_init__
-        return {"error": f"Invalid action configuration: {action}"}, 500
-
-    allowed = await ds.allowed(action=action, resource=resource_obj, actor=actor)
-
-    response = {
-        "action": action,
-        "allowed": bool(allowed),
-        "resource": {
-            "parent": parent,
-            "child": child,
-            "path": _resource_path(parent, child),
-        },
-    }
-
-    if actor and "id" in actor:
-        response["actor_id"] = actor["id"]
-
-    return response, 200
-
-
-class PermissionCheckView(BaseView):
-    name = "permission_check"
-    has_json_alternate = False
-
-    async def get(self, request):
-        await self.ds.ensure_permission(action="permissions-debug", actor=request.actor)
-        as_format = request.url_vars.get("format")
-
-        if not as_format:
-            return await self.render(
-                ["debug_check.html"],
-                request,
-                {
-                    "sorted_actions": sorted(self.ds.actions.keys()),
-                    "has_debug_permission": True,
-                },
-            )
-
-        # JSON API - action parameter is required
-        action = request.args.get("action")
-        if not action:
-            return Response.json({"error": "action parameter is required"}, status=400)
-
-        parent = request.args.get("parent")
-        child = request.args.get("child")
-
-        response, status = await _check_permission_for_actor(
-            self.ds, action, parent, child, request.actor
-        )
-        return Response.json(response, status=status)
-
-
-class AllowDebugView(BaseView):
-    name = "allow_debug"
-    has_json_alternate = False
-
-    async def get(self, request):
-        errors = []
-        actor_input = request.args.get("actor") or '{"id": "root"}'
-        try:
-            actor = json.loads(actor_input)
-            actor_input = json.dumps(actor, indent=4)
-        except json.decoder.JSONDecodeError as ex:
-            errors.append(f"Actor JSON error: {ex}")
-        allow_input = request.args.get("allow") or '{"id": "*"}'
-        try:
-            allow = json.loads(allow_input)
-            allow_input = json.dumps(allow, indent=4)
-        except json.decoder.JSONDecodeError as ex:
-            errors.append(f"Allow JSON error: {ex}")
-
-        result = None
-        if not errors:
-            result = str(actor_matches_allow(actor, allow))
-
-        return await self.render(
-            ["allow_debug.html"],
-            request,
-            {
-                "result": result,
-                "error": "\n\n".join(errors) if errors else "",
-                "actor_input": actor_input,
-                "allow_input": allow_input,
-                "has_debug_permission": await self.ds.allowed(
-                    action="permissions-debug", actor=request.actor
-                ),
-            },
-        )
-
-
-class MessagesDebugView(BaseView):
-    name = "messages_debug"
-    has_json_alternate = False
-
-    async def get(self, request):
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-        return await self.render(["messages_debug.html"], request)
-
-    async def post(self, request):
-        await self.ds.ensure_permission(action="view-instance", actor=request.actor)
-        form = await request.form()
-        message = form.get("message", "")
-        message_type = form.get("message_type") or "INFO"
-        assert message_type in ("INFO", "WARNING", "ERROR", "all")
-        datasette = self.ds
-        if message_type == "all":
-            datasette.add_message(request, message, datasette.INFO)
-            datasette.add_message(request, message, datasette.WARNING)
-            datasette.add_message(request, message, datasette.ERROR)
-        else:
-            datasette.add_message(request, message, getattr(datasette, message_type))
-        return Response.redirect(self.ds.urls.instance())
-
-
-class CreateTokenView(BaseView):
-    name = "create_token"
-    has_json_alternate = False
-
-    def check_permission(self, request):
-        if not self.ds.setting("allow_signed_tokens"):
-            raise Forbidden("Signed tokens are not enabled for this Datasette instance")
-        if not request.actor:
-            raise Forbidden("You must be logged in to create a token")
-        if not request.actor.get("id"):
-            raise Forbidden(
-                "You must be logged in as an actor with an ID to create a token"
-            )
-        if request.actor.get("token"):
-            raise Forbidden(
-                "Token authentication cannot be used to create additional tokens"
-            )
-
-    async def shared(self, request):
-        self.check_permission(request)
-        # Build list of databases and tables the user has permission to view
-        db_page = await self.ds.allowed_resources("view-database", request.actor)
-        allowed_databases = [r async for r in db_page.all()]
-
-        table_page = await self.ds.allowed_resources("view-table", request.actor)
-        allowed_tables = [r async for r in table_page.all()]
-
-        # Build database -> tables mapping
-        database_with_tables = []
-        for db_resource in allowed_databases:
-            database_name = db_resource.parent
-            if database_name == "_memory":
-                continue
-
-            # Find tables for this database
-            tables = []
-            for table_resource in allowed_tables:
-                if table_resource.parent == database_name:
-                    tables.append(
-                        {
-                            "name": table_resource.child,
-                            "encoded": tilde_encode(table_resource.child),
-                        }
-                    )
-
-            database_with_tables.append(
-                {
-                    "name": database_name,
-                    "encoded": tilde_encode(database_name),
-                    "tables": tables,
-                }
-            )
-        return {
-            "actor": request.actor,
-            "all_actions": self.ds.actions.keys(),
-            "database_actions": [
-                key for key, value in self.ds.actions.items() if value.takes_parent
-            ],
-            "child_actions": [
-                key for key, value in self.ds.actions.items() if value.takes_child
-            ],
-            "database_with_tables": database_with_tables,
-        }
-
-    async def get(self, request):
-        self.check_permission(request)
-        return await self.render(
-            ["create_token.html"], request, await self.shared(request)
-        )
-
-    async def post(self, request):
-        self.check_permission(request)
-        form = await request.form()
-        errors = []
-        expires_after = None
-        if form.get("expire_type"):
-            duration_string = form.get("expire_duration")
-            if (
-                not duration_string
-                or not duration_string.isdigit()
-                or not int(duration_string) > 0
-            ):
-                errors.append("Invalid expire duration")
-            else:
-                unit = form["expire_type"]
-                if unit == "minutes":
-                    expires_after = int(duration_string) * 60
-                elif unit == "hours":
-                    expires_after = int(duration_string) * 60 * 60
-                elif unit == "days":
-                    expires_after = int(duration_string) * 60 * 60 * 24
-                else:
-                    errors.append("Invalid expire duration unit")
-
-        # Are there any restrictions?
-        from datasette.tokens import TokenRestrictions
-
-        restrictions = TokenRestrictions()
-
-        for key in form:
-            if key.startswith("all:") and key.count(":") == 1:
-                restrictions.allow_all(key.split(":")[1])
-            elif key.startswith("database:") and key.count(":") == 2:
-                bits = key.split(":")
-                restrictions.allow_database(tilde_decode(bits[1]), bits[2])
-            elif key.startswith("resource:") and key.count(":") == 3:
-                bits = key.split(":")
-                restrictions.allow_resource(
-                    tilde_decode(bits[1]), tilde_decode(bits[2]), bits[3]
-                )
-
-        token = await self.ds.create_token(
-            request.actor["id"],
-            expires_after=expires_after,
-            restrictions=restrictions,
-            handler="signed",
-        )
-        token_bits = self.ds.unsign(token[len("dstok_") :], namespace="token")
-        await self.ds.track_event(
-            CreateTokenEvent(
-                actor=request.actor,
-                expires_after=expires_after,
-                restrict_all=restrictions.all,
-                restrict_database=restrictions.database,
-                restrict_resource=restrictions.resource,
-            )
-        )
-        context = await self.shared(request)
-        context.update({"errors": errors, "token": token, "token_bits": token_bits})
-        return await self.render(["create_token.html"], request, context)
-
-
-class ApiExplorerView(BaseView):
-    name = "api_explorer"
-    has_json_alternate = False
-
-    async def example_links(self, request):
-        databases = []
-        for name, db in self.ds.databases.items():
-            database_visible, _ = await self.ds.check_visibility(
-                request.actor,
-                action="view-database",
-                resource=DatabaseResource(database=name),
-            )
-            if not database_visible:
-                continue
-            tables = []
-            table_names = await db.table_names()
-            for table in table_names:
-                visible, _ = await self.ds.check_visibility(
-                    request.actor,
-                    action="view-table",
-                    resource=TableResource(database=name, table=table),
-                )
-                if not visible:
-                    continue
-                table_links = []
-                tables.append({"name": table, "links": table_links})
-                table_links.append(
-                    {
-                        "label": "Get rows for {}".format(table),
-                        "method": "GET",
-                        "path": self.ds.urls.table(name, table, format="json"),
-                    }
-                )
-                # If not mutable don't show any write APIs
-                if not db.is_mutable:
-                    continue
-
-                if await self.ds.allowed(
-                    action="insert-row",
-                    resource=TableResource(database=name, table=table),
-                    actor=request.actor,
-                ):
-                    pks = await db.primary_keys(table)
-                    table_links.extend(
-                        [
-                            {
-                                "path": self.ds.urls.table(name, table) + "/-/insert",
-                                "method": "POST",
-                                "label": "Insert rows into {}".format(table),
-                                "json": {
-                                    "rows": [
-                                        {
-                                            column: None
-                                            for column in await db.table_columns(table)
-                                            if column not in pks
-                                        }
-                                    ]
-                                },
-                            },
-                            {
-                                "path": self.ds.urls.table(name, table) + "/-/upsert",
-                                "method": "POST",
-                                "label": "Upsert rows into {}".format(table),
-                                "json": {
-                                    "rows": [
-                                        {
-                                            column: "<{}{}>".format(
-                                                column,
-                                                (
-                                                    " (primary key)"
-                                                    if column in (pks or ["rowid"])
-                                                    else ""
-                                                ),
-                                            )
-                                            for column in (
-                                                (["rowid"] if not pks else [])
-                                                + await db.table_columns(table)
-                                            )
-                                        }
-                                    ]
-                                },
-                            },
-                        ]
-                    )
-                if await self.ds.allowed(
-                    action="drop-table",
-                    resource=TableResource(database=name, table=table),
-                    actor=request.actor,
-                ):
-                    table_links.append(
-                        {
-                            "path": self.ds.urls.table(name, table) + "/-/drop",
-                            "label": "Drop table {}".format(table),
-                            "json": {"confirm": False},
-                            "method": "POST",
-                        }
-                    )
-            database_links = []
-            if (
-                await self.ds.allowed(
-                    action="create-table",
-                    resource=DatabaseResource(database=name),
-                    actor=request.actor,
-                )
-                and db.is_mutable
-            ):
-                database_links.append(
-                    {
-                        "path": self.ds.urls.database(name) + "/-/create",
-                        "label": "Create table in {}".format(name),
-                        "json": {
-                            "table": "new_table",
-                            "columns": [
-                                {"name": "id", "type": "integer"},
-                                {"name": "name", "type": "text"},
-                            ],
-                            "pk": "id",
-                        },
-                        "method": "POST",
-                    }
-                )
-            if database_links or tables:
-                databases.append(
-                    {
-                        "name": name,
-                        "links": database_links,
-                        "tables": tables,
-                    }
-                )
-        # Sort so that mutable databases are first
-        databases.sort(key=lambda d: not self.ds.databases[d["name"]].is_mutable)
-        return databases
-
-    async def get(self, request):
-        visible, private = await self.ds.check_visibility(
-            request.actor,
-            action="view-instance",
-        )
-        if not visible:
-            raise Forbidden("You do not have permission to view this instance")
-
-        def api_path(link):
-            return "{}#{}".format(
-                self.ds.urls.path("/-/api"),
-                urllib.parse.urlencode(
-                    {
-                        key: json.dumps(value, indent=2) if key == "json" else value
-                        for key, value in link.items()
-                        if key in ("path", "method", "json")
-                    }
-                ),
-            )
-
-        return await self.render(
-            ["api_explorer.html"],
-            request,
-            {
-                "example_links": await self.example_links(request),
-                "api_path": api_path,
-                "private": private,
-            },
-        )
-
-
-class JumpView(BaseView):
-    """
-    Endpoint for the jump menu. Returns JSON navigation items the actor can use.
-    """
-
-    name = "jump"
-    has_json_alternate = False
-
-    async def _fragments(self, request):
-        fragments = []
-        for hook in pm.hook.jump_items_sql(
-            datasette=self.ds,
-            actor=request.actor,
-            request=request,
-        ):
-            value = await await_me_maybe(hook)
-            if value is None:
-                continue
-            if isinstance(value, JumpSQL):
-                fragments.append(value)
-            elif isinstance(value, (list, tuple)):
-                for fragment in value:
-                    if fragment is not None:
-                        assert isinstance(
-                            fragment, JumpSQL
-                        ), "jump_items_sql must return JumpSQL instances"
-                        fragments.append(fragment)
-            else:
-                raise TypeError("jump_items_sql must return JumpSQL instances")
-        return fragments
-
-    def _resolve_url(self, url):
-        if not url or url.startswith("/"):
-            return url
-
-        descriptor = json.loads(url)
-        if not isinstance(descriptor, dict):
-            raise TypeError("jump item url JSON must be an object")
-        method_name = descriptor.get("method")
-        if not isinstance(method_name, str) or not method_name:
-            raise TypeError("jump item url JSON must include a method")
-        if method_name.startswith("_"):
-            raise AttributeError(f"datasette.urls has no method named {method_name!r}")
-        try:
-            method = getattr(self.ds.urls, method_name)
-        except AttributeError as ex:
-            raise AttributeError(
-                f"datasette.urls has no method named {method_name!r}"
-            ) from ex
-        if not callable(method):
-            raise TypeError(f"datasette.urls.{method_name} is not callable")
-        kwargs = {key: value for key, value in descriptor.items() if key != "method"}
-        try:
-            return method(**kwargs)
-        except TypeError as ex:
-            raise TypeError(
-                f"Invalid arguments for datasette.urls.{method_name}(): {ex}"
-            ) from ex
-
-    def _sort_key(self, row, q):
-        display_label = row["display_name"] or row["label"]
-        display_label_lower = display_label.lower()
-        q_lower = q.lower()
-        if display_label_lower == q_lower:
-            relevance = 0
-        elif display_label_lower.startswith(q_lower):
-            relevance = 1
-        else:
-            relevance = 2
-        type_sort = {
-            "database": 10,
-            "table": 20,
-            "view": 25,
-            "query": 30,
-        }.get(row["type"], 50)
-        return (relevance, type_sort, len(display_label), row["label"])
-
-    async def _rows_for_database(self, database_name, indexed_fragments, q, pattern):
-        params = {"q": q, "pattern": pattern}
-        union_parts = []
-        for index, fragment in indexed_fragments:
-            fragment_sql, fragment_params = namespace_sql_params(
-                fragment.sql,
-                fragment.params or {},
-                f"jump_{index}",
-            )
-            union_parts.append(f"""
-                SELECT
-                    type,
-                    label,
-                    description,
-                    url,
-                    search_text,
-                    display_name
-                FROM (
-                    {fragment_sql}
-                )
-            """)
-            params.update(fragment_params)
-        sql = f"""
-        WITH jump_items AS (
-            {" UNION ALL ".join(union_parts)}
-        )
-        SELECT
-            type,
-            label,
-            description,
-            url,
-            search_text,
-            display_name
-        FROM jump_items
-        WHERE :q = ''
-           OR search_text LIKE :pattern COLLATE NOCASE
-        ORDER BY
-            CASE
-                WHEN lower(COALESCE(display_name, label)) = lower(:q) THEN 0
-                WHEN lower(COALESCE(display_name, label)) LIKE lower(:q || '%') THEN 1
-                ELSE 2
-            END,
-            CASE type
-                WHEN 'database' THEN 10
-                WHEN 'table' THEN 20
-                WHEN 'view' THEN 25
-                WHEN 'query' THEN 30
-                ELSE 50
-            END,
-            length(COALESCE(display_name, label)),
-            label
-        LIMIT 101
-        """
-        db = (
-            self.ds.get_internal_database()
-            if database_name is None
-            else self.ds.get_database(database_name)
-        )
-        result = await db.execute(sql, params)
-        return list(result.rows)
-
-    async def get(self, request):
-        q = request.args.get("q", "").strip()
-        terms = q.split()
-        pattern = "%" + "%".join(terms) + "%" if terms else "%"
-        fragments = await self._fragments(request)
-
-        fragments_by_database = {}
-        for index, fragment in enumerate(fragments):
-            fragments_by_database.setdefault(fragment.database, []).append(
-                (index, fragment)
-            )
-
-        rows = []
-        truncated = False
-        for database_name, indexed_fragments in fragments_by_database.items():
-            database_rows = await self._rows_for_database(
-                database_name, indexed_fragments, q, pattern
-            )
-            if len(database_rows) > 100:
-                truncated = True
-                database_rows = database_rows[:100]
-            rows.extend(database_rows)
-        rows.sort(key=lambda row: self._sort_key(row, q))
-
-        if len(rows) > 100:
-            truncated = True
-            rows = rows[:100]
-
-        matches = []
-        for row in rows:
-            match = {
-                "name": row["label"],
-                "url": self._resolve_url(row["url"]),
-                "type": row["type"],
-                "description": row["description"],
-            }
-            if row["display_name"]:
-                match["display_name"] = row["display_name"]
-            matches.append(match)
-
-        return Response.json({"matches": matches, "truncated": truncated})
-
-
-class SchemaBaseView(BaseView):
-    """Base class for schema views with common response formatting."""
-
-    has_json_alternate = False
-
-    async def get_database_schema(self, database_name):
-        """Get schema SQL for a database."""
-        db = self.ds.databases[database_name]
-        result = await db.execute(
-            "select group_concat(sql, ';' || CHAR(10)) as schema from sqlite_master where sql is not null"
-        )
-        row = result.first()
-        return row["schema"] if row and row["schema"] else ""
-
-    def format_json_response(self, data):
-        """Format data as JSON response with CORS headers if needed."""
-        headers = {}
-        if self.ds.cors:
-            add_cors_headers(headers)
-        return Response.json(data, headers=headers)
-
-    def format_error_response(self, error_message, format_, status=404):
-        """Format error response based on requested format."""
-        if format_ == "json":
-            headers = {}
-            if self.ds.cors:
-                add_cors_headers(headers)
-            return Response.json(
-                {"ok": False, "error": error_message}, status=status, headers=headers
-            )
-        else:
-            return Response.text(error_message, status=status)
-
-    def format_markdown_response(self, heading, schema):
-        """Format schema as Markdown response."""
-        md_output = f"# {heading}\n\n```sql\n{schema}\n```\n"
-        return Response.text(
-            md_output, headers={"content-type": "text/markdown; charset=utf-8"}
-        )
-
-    async def format_html_response(
-        self, request, schemas, is_instance=False, table_name=None
-    ):
-        """Format schema as HTML response."""
-        context = {
-            "schemas": schemas,
-            "is_instance": is_instance,
-        }
-        if table_name:
-            context["table_name"] = table_name
-        return await self.render(["schema.html"], request=request, context=context)
-
-
-class InstanceSchemaView(SchemaBaseView):
-    """
-    Displays schema for all databases in the instance.
-    Supports HTML, JSON, and Markdown formats.
-    """
-
-    name = "instance_schema"
-
-    async def get(self, request):
-        format_ = request.url_vars.get("format") or "html"
-
-        # Get all databases the actor can view
-        allowed_databases_page = await self.ds.allowed_resources(
-            "view-database",
-            request.actor,
-        )
-        allowed_databases = [r.parent async for r in allowed_databases_page.all()]
-
-        # Get schema for each database
-        schemas = []
-        for database_name in allowed_databases:
-            schema = await self.get_database_schema(database_name)
-            schemas.append({"database": database_name, "schema": schema})
-
-        if format_ == "json":
-            return self.format_json_response({"schemas": schemas})
-        elif format_ == "md":
-            md_parts = [
-                f"# Schema for {item['database']}\n\n```sql\n{item['schema']}\n```"
-                for item in schemas
-            ]
-            return Response.text(
-                "\n\n".join(md_parts),
-                headers={"content-type": "text/markdown; charset=utf-8"},
-            )
-        else:
-            return await self.format_html_response(request, schemas, is_instance=True)
-
-
-class DatabaseSchemaView(SchemaBaseView):
-    """
-    Displays schema for a specific database.
-    Supports HTML, JSON, and Markdown formats.
-    """
-
-    name = "database_schema"
-
-    async def get(self, request):
-        database_name = request.url_vars["database"]
-        format_ = request.url_vars.get("format") or "html"
-
-        # Check if database exists
-        if database_name not in self.ds.databases:
-            return self.format_error_response("Database not found", format_)
-
-        # Check view-database permission
-        await self.ds.ensure_permission(
-            action="view-database",
-            resource=DatabaseResource(database=database_name),
-            actor=request.actor,
-        )
-
-        schema = await self.get_database_schema(database_name)
-
-        if format_ == "json":
-            return self.format_json_response(
-                {"database": database_name, "schema": schema}
-            )
-        elif format_ == "md":
-            return self.format_markdown_response(f"Schema for {database_name}", schema)
-        else:
-            schemas = [{"database": database_name, "schema": schema}]
-            return await self.format_html_response(request, schemas)
-
-
-class TableSchemaView(SchemaBaseView):
-    """
-    Displays schema for a specific table.
-    Supports HTML, JSON, and Markdown formats.
-    """
-
-    name = "table_schema"
-
-    async def get(self, request):
-        database_name = request.url_vars["database"]
-        table_name = request.url_vars["table"]
-        format_ = request.url_vars.get("format") or "html"
-
-        # Check view-table permission
-        await self.ds.ensure_permission(
-            action="view-table",
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        )
-
-        # Get schema for the table
-        db = self.ds.databases[database_name]
-        result = await db.execute(
-            "select sql from sqlite_master where name = ? and sql is not null",
-            [table_name],
-        )
-        row = result.first()
-
-        # Return 404 if table doesn't exist
-        if not row or not row["sql"]:
-            return self.format_error_response("Table not found", format_)
-
-        schema = row["sql"]
-
-        if format_ == "json":
-            return self.format_json_response(
-                {"database": database_name, "table": table_name, "schema": schema}
-            )
-        elif format_ == "md":
-            return self.format_markdown_response(
-                f"Schema for {database_name}.{table_name}", schema
-            )
-        else:
-            schemas = [{"database": database_name, "schema": schema}]
-            return await self.format_html_response(
-                request, schemas, table_name=table_name
-            )
diff --git a/datasette/views/stored_queries.py b/datasette/views/stored_queries.py
deleted file mode 100644
index 2753f876..00000000
--- a/datasette/views/stored_queries.py
+++ /dev/null
@@ -1,644 +0,0 @@
-from urllib.parse import parse_qsl, urlencode
-
-from datasette.resources import DatabaseResource, QueryResource
-from datasette.stored_queries import stored_query_to_dict
-from datasette.utils import sqlite3, tilde_decode
-from datasette.utils.asgi import Response
-
-from .base import BaseView, _error
-from .query_helpers import (
-    QueryValidationError,
-    _as_bool,
-    _as_optional_bool,
-    _block_framing,
-    _derived_query_parameters,
-    _json_or_form_payload,
-    _prepare_query_create,
-    _prepare_query_update,
-    _query_create_analysis_data,
-    _query_create_form_context,
-    _query_create_form_error_message,
-    _query_edit_form_context,
-    _query_list_limit,
-)
-
-
-class QueryParametersView(BaseView):
-    name = "query-parameters"
-    has_json_alternate = False
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        if not await self.ds.allowed(
-            action="execute-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _block_framing(_error(["Permission denied: need execute-sql"], 403))
-
-        invalid_keys = set(request.args) - {"sql"}
-        if invalid_keys:
-            return _block_framing(
-                _error(
-                    ["Invalid keys: {}".format(", ".join(sorted(invalid_keys)))],
-                    400,
-                )
-            )
-        try:
-            parameters = _derived_query_parameters(request.args.get("sql") or "")
-        except QueryValidationError as ex:
-            return _block_framing(_error([ex.message], ex.status))
-        return _block_framing(Response.json({"ok": True, "parameters": parameters}))
-
-
-def _query_list_url(path, query_string, *, set_args=None, remove_args=None):
-    set_args = set_args or {}
-    remove_args = set(remove_args or ())
-    skip = set(set_args) | remove_args | {"_next"}
-    pairs = [
-        (key, value)
-        for key, value in parse_qsl(query_string, keep_blank_values=True)
-        if key not in skip
-    ]
-    for key, value in set_args.items():
-        if value not in (None, ""):
-            pairs.append((key, value))
-    return path + (("?" + urlencode(pairs)) if pairs else "")
-
-
-class QueryListView(BaseView):
-    name = "query-list"
-
-    async def database_name(self, request):
-        return (await self.ds.resolve_database(request)).name
-
-    def query_list_path(self, database):
-        return self.ds.urls.database(database) + "/-/queries"
-
-    async def get(self, request):
-        database = await self.database_name(request)
-        format_ = request.url_vars.get("format") or "html"
-        try:
-            limit = _query_list_limit(
-                request.args.get("_size"),
-                default=20 if format_ == "html" else 50,
-            )
-            is_write = _as_optional_bool(request.args.get("is_write"), "is_write")
-            is_private = _as_optional_bool(request.args.get("is_private"), "is_private")
-        except QueryValidationError as ex:
-            return _error([ex.message], ex.status)
-
-        page = await self.ds.list_queries(
-            database,
-            actor=request.actor,
-            limit=limit,
-            cursor=request.args.get("_next"),
-            q=request.args.get("q") or None,
-            is_write=is_write,
-            is_private=is_private,
-            source=request.args.get("source") or None,
-            owner_id=request.args.get("owner_id") or None,
-            include_private=True,
-        )
-        query_list_path = self.query_list_path(database)
-        next_url = None
-        if page.next:
-            pairs = [
-                (key, value)
-                for key, value in parse_qsl(
-                    request.query_string, keep_blank_values=True
-                )
-                if key != "_next"
-            ]
-            pairs.append(("_next", page.next))
-            next_url = "{}?{}".format(
-                query_list_path,
-                urlencode(pairs),
-            )
-
-        current_filters = {
-            "actor": request.actor,
-            "q": request.args.get("q") or None,
-            "is_write": is_write,
-            "is_private": is_private,
-            "source": request.args.get("source") or None,
-            "owner_id": request.args.get("owner_id") or None,
-        }
-
-        async def facet_count(field, value):
-            if current_filters[field] is not None and current_filters[field] != value:
-                return 0
-            filters = dict(current_filters)
-            filters[field] = value
-            return await self.ds.count_queries(database, **filters)
-
-        def facet_href(field, value):
-            if current_filters[field] == value:
-                return _query_list_url(
-                    query_list_path,
-                    request.query_string,
-                    remove_args=[field],
-                )
-            if current_filters[field] is not None:
-                return None
-            return _query_list_url(
-                query_list_path,
-                request.query_string,
-                set_args={field: str(int(value))},
-            )
-
-        async def facet_item(label, field, value):
-            count = await facet_count(field, value)
-            active = current_filters[field] == value
-            if not active and not count:
-                return None
-            return {
-                "label": label,
-                "count": count,
-                "href": facet_href(field, value) if active or count else None,
-                "active": active,
-            }
-
-        async def facet_items(items):
-            return [
-                item
-                for item in [
-                    await facet_item(label, field, value)
-                    for label, field, value in items
-                ]
-                if item is not None
-            ]
-
-        facets = [
-            {
-                "title": "Mode",
-                "items": await facet_items(
-                    [
-                        ("Read-only", "is_write", False),
-                        ("Writable", "is_write", True),
-                    ]
-                ),
-            },
-            {
-                "title": "Visibility",
-                "items": await facet_items(
-                    [
-                        ("Not private", "is_private", False),
-                        ("Private", "is_private", True),
-                    ]
-                ),
-            },
-        ]
-
-        data = {
-            "ok": True,
-            "database": database,
-            "database_color": (
-                self.ds.get_database(database).color if database is not None else None
-            ),
-            "queries": page.queries,
-            "next": page.next,
-            "next_url": next_url,
-            "has_more": page.has_more,
-            "limit": page.limit,
-            "show_private_note": any(query.is_private for query in page.queries),
-            "show_trusted_note": any(query.is_trusted for query in page.queries),
-            "query_list_path": query_list_path,
-            "show_database": database is None,
-            "facets": facets,
-            "filters": {
-                "q": request.args.get("q") or "",
-                "is_write": request.args.get("is_write") or "",
-                "is_private": request.args.get("is_private") or "",
-                "source": request.args.get("source") or "",
-                "owner_id": request.args.get("owner_id") or "",
-            },
-        }
-        if format_ == "json":
-            return Response.json(
-                {
-                    **data,
-                    "queries": [stored_query_to_dict(query) for query in page.queries],
-                }
-            )
-        return await self.render(
-            ["query_list.html"],
-            request,
-            data,
-        )
-
-
-class GlobalQueryListView(QueryListView):
-    name = "global-query-list"
-
-    async def database_name(self, request):
-        return None
-
-    def query_list_path(self, database):
-        return self.ds.urls.path("/-/queries")
-
-
-class QueryCreateView(BaseView):
-    name = "query-create"
-    has_json_alternate = False
-
-    async def _render_form(
-        self,
-        request,
-        db,
-        *,
-        sql="",
-        name="",
-        title="",
-        description="",
-        is_private=True,
-        status=200,
-    ):
-        response = await self.render(
-            ["query_create.html"],
-            request,
-            await _query_create_form_context(
-                self.ds,
-                request,
-                db,
-                sql=sql,
-                name=name,
-                title=title,
-                description=description,
-                is_private=is_private,
-            ),
-        )
-        response.status = status
-        return response
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        await self.ds.ensure_permission(
-            action="execute-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        )
-        await self.ds.ensure_permission(
-            action="store-query",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        )
-
-        return await self._render_form(request, db, sql=request.args.get("sql") or "")
-
-
-class QueryCreateAnalyzeView(BaseView):
-    name = "query-create-analyze"
-    has_json_alternate = False
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        if not await self.ds.allowed(
-            action="execute-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _block_framing(_error(["Permission denied: need execute-sql"], 403))
-        if not await self.ds.allowed(
-            action="store-query",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _block_framing(_error(["Permission denied: need store-query"], 403))
-
-        invalid_keys = set(request.args) - {"sql"}
-        if invalid_keys:
-            return _block_framing(
-                _error(
-                    ["Invalid keys: {}".format(", ".join(sorted(invalid_keys)))],
-                    400,
-                )
-            )
-        sql = request.args.get("sql") or ""
-        return _block_framing(
-            Response.json(
-                await _query_create_analysis_data(self.ds, db, sql, request.actor)
-            )
-        )
-
-
-class QueryStoreView(QueryCreateView):
-    name = "query-store"
-
-    async def _error_response(self, request, db, query_data, message, status):
-        message = _query_create_form_error_message(message)
-        self.ds.add_message(request, message, self.ds.ERROR)
-        return await self._render_form(
-            request,
-            db,
-            sql=query_data.get("sql") or "",
-            name=query_data.get("name") or "",
-            title=query_data.get("title") or "",
-            description=query_data.get("description") or "",
-            is_private=_as_bool(query_data.get("is_private", True)),
-            status=status,
-        )
-
-    async def post(self, request):
-        db = await self.ds.resolve_database(request)
-        if not await self.ds.allowed(
-            action="execute-sql",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need execute-sql"], 403)
-        if not await self.ds.allowed(
-            action="store-query",
-            resource=DatabaseResource(db.name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need store-query"], 403)
-
-        is_json = False
-        query_data = {}
-        try:
-            data, is_json = await _json_or_form_payload(request)
-            if not isinstance(data, dict):
-                raise QueryValidationError("JSON must be a dictionary")
-            query_data = data.get("query") if is_json else data
-            if not isinstance(query_data, dict):
-                raise QueryValidationError("JSON must contain a query dictionary")
-            prepared = await _prepare_query_create(self.ds, request, db, query_data)
-        except QueryValidationError as ex:
-            if not is_json and isinstance(query_data, dict):
-                return await self._error_response(
-                    request, db, query_data, ex.message, ex.status
-                )
-            return _error([ex.message], ex.status)
-
-        prepared.pop("analysis")
-        name = prepared.pop("name")
-        try:
-            await self.ds.add_query(db.name, name, replace=False, **prepared)
-        except sqlite3.IntegrityError as ex:
-            if not is_json and isinstance(query_data, dict):
-                return await self._error_response(request, db, query_data, str(ex), 400)
-            return _error([str(ex)], 400)
-
-        query = await self.ds.get_query(db.name, name)
-        assert query is not None
-        if is_json:
-            return Response.json(
-                {"ok": True, "query": stored_query_to_dict(query)}, status=201
-            )
-        self.ds.add_message(request, "Query saved", self.ds.INFO)
-        return Response.redirect(self.ds.urls.path(self.ds.urls.table(db.name, name)))
-
-
-class QueryDefinitionView(BaseView):
-    name = "query-definition"
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        query_name = tilde_decode(request.url_vars["query"])
-        query = await self.ds.get_query(db.name, query_name)
-        if query is None:
-            return _error(["Query not found: {}".format(query_name)], 404)
-        if not await self.ds.allowed(
-            action="view-query",
-            resource=QueryResource(db.name, query_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied"], 403)
-        return Response.json({"ok": True, "query": stored_query_to_dict(query)})
-
-
-class QueryUpdateView(BaseView):
-    name = "query-update"
-
-    async def post(self, request):
-        db = await self.ds.resolve_database(request)
-        query_name = tilde_decode(request.url_vars["query"])
-        existing = await self.ds.get_query(db.name, query_name)
-        if existing is None:
-            return _error(["Query not found: {}".format(query_name)], 404)
-        if not await self.ds.allowed(
-            action="update-query",
-            resource=QueryResource(db.name, query_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need update-query"], 403)
-        if existing.is_trusted:
-            return _error(["Trusted queries cannot be updated using the API"], 403)
-
-        try:
-            data, _ = await _json_or_form_payload(request)
-            if not isinstance(data, dict):
-                raise QueryValidationError("JSON must be a dictionary")
-            invalid_keys = set(data) - {"update", "return"}
-            if invalid_keys:
-                raise QueryValidationError(
-                    "Invalid keys: {}".format(", ".join(invalid_keys))
-                )
-            update = data.get("update")
-            if not isinstance(update, dict):
-                raise QueryValidationError("JSON must contain an update dictionary")
-            if "sql" in update and not await self.ds.allowed(
-                action="execute-sql",
-                resource=DatabaseResource(db.name),
-                actor=request.actor,
-            ):
-                raise QueryValidationError(
-                    "Permission denied: need execute-sql", status=403
-                )
-            update_kwargs = await _prepare_query_update(
-                self.ds, request, db, existing, update
-            )
-        except QueryValidationError as ex:
-            return _error([ex.message], ex.status)
-
-        await self.ds.update_query(db.name, query_name, **update_kwargs)
-        if data.get("return"):
-            query = await self.ds.get_query(db.name, query_name)
-            assert query is not None
-            return Response.json(
-                {
-                    "ok": True,
-                    "query": stored_query_to_dict(query),
-                }
-            )
-        return Response.json({"ok": True})
-
-
-class QueryEditView(BaseView):
-    name = "query-edit"
-    has_json_alternate = False
-
-    async def _load(self, request):
-        db = await self.ds.resolve_database(request)
-        query_name = tilde_decode(request.url_vars["query"])
-        existing = await self.ds.get_query(db.name, query_name)
-        return db, query_name, existing
-
-    async def _render_form(
-        self,
-        request,
-        db,
-        existing,
-        *,
-        sql=None,
-        title=None,
-        description=None,
-        is_private=None,
-        status=200,
-    ):
-        response = await self.render(
-            ["query_edit.html"],
-            request,
-            await _query_edit_form_context(
-                self.ds,
-                request,
-                db,
-                existing,
-                sql=sql,
-                title=title,
-                description=description,
-                is_private=is_private,
-            ),
-        )
-        response.status = status
-        return response
-
-    async def get(self, request):
-        db, query_name, existing = await self._load(request)
-        if existing is None:
-            return _error(["Query not found: {}".format(query_name)], 404)
-        await self.ds.ensure_permission(
-            action="update-query",
-            resource=QueryResource(db.name, query_name),
-            actor=request.actor,
-        )
-        if existing.is_trusted:
-            return _error(["Trusted queries cannot be edited"], 403)
-        return await self._render_form(request, db, existing)
-
-    async def post(self, request):
-        db, query_name, existing = await self._load(request)
-        if existing is None:
-            return _error(["Query not found: {}".format(query_name)], 404)
-        if not await self.ds.allowed(
-            action="update-query",
-            resource=QueryResource(db.name, query_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need update-query"], 403)
-        if existing.is_trusted:
-            return _error(["Trusted queries cannot be edited"], 403)
-
-        data, _ = await _json_or_form_payload(request)
-        if not isinstance(data, dict):
-            return _error(["Invalid form submission"], 400)
-        sql = data.get("sql")
-        sql = existing.sql if sql is None else sql.strip()
-        title = data.get("title") or ""
-        description = data.get("description") or ""
-        is_private = _as_bool(data.get("is_private"))
-
-        update = {
-            "title": title,
-            "description": description,
-            "is_private": is_private,
-        }
-        if sql != existing.sql:
-            if not await self.ds.allowed(
-                action="execute-sql",
-                resource=DatabaseResource(db.name),
-                actor=request.actor,
-            ):
-                self.ds.add_message(
-                    request,
-                    "Permission denied: need execute-sql to change the SQL",
-                    self.ds.ERROR,
-                )
-                return await self._render_form(
-                    request,
-                    db,
-                    existing,
-                    sql=sql,
-                    title=title,
-                    description=description,
-                    is_private=is_private,
-                    status=403,
-                )
-            update["sql"] = sql
-
-        try:
-            update_kwargs = await _prepare_query_update(
-                self.ds, request, db, existing, update
-            )
-        except QueryValidationError as ex:
-            self.ds.add_message(request, ex.message, self.ds.ERROR)
-            return await self._render_form(
-                request,
-                db,
-                existing,
-                sql=sql,
-                title=title,
-                description=description,
-                is_private=is_private,
-                status=ex.status,
-            )
-
-        await self.ds.update_query(db.name, query_name, **update_kwargs)
-        self.ds.add_message(request, "Query updated", self.ds.INFO)
-        return Response.redirect(
-            self.ds.urls.path(self.ds.urls.table(db.name, query_name))
-        )
-
-
-class QueryDeleteView(BaseView):
-    name = "query-delete"
-    has_json_alternate = False
-
-    async def _load(self, request):
-        db = await self.ds.resolve_database(request)
-        query_name = tilde_decode(request.url_vars["query"])
-        existing = await self.ds.get_query(db.name, query_name)
-        return db, query_name, existing
-
-    async def get(self, request):
-        db, query_name, existing = await self._load(request)
-        if existing is None:
-            return _error(["Query not found: {}".format(query_name)], 404)
-        await self.ds.ensure_permission(
-            action="delete-query",
-            resource=QueryResource(db.name, query_name),
-            actor=request.actor,
-        )
-        return await self.render(
-            ["query_delete.html"],
-            request,
-            {
-                "database": db.name,
-                "database_color": db.color,
-                "query": stored_query_to_dict(existing),
-                "query_url": self.ds.urls.table(db.name, query_name),
-            },
-        )
-
-    async def post(self, request):
-        db, query_name, existing = await self._load(request)
-        if existing is None:
-            return _error(["Query not found: {}".format(query_name)], 404)
-        if not await self.ds.allowed(
-            action="delete-query",
-            resource=QueryResource(db.name, query_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need delete-query"], 403)
-
-        data, is_json = await _json_or_form_payload(request)
-        await self.ds.remove_query(db.name, query_name)
-        if is_json:
-            return Response.json({"ok": True})
-        self.ds.add_message(
-            request,
-            "Query “{}” deleted".format(existing.title or query_name),
-            self.ds.INFO,
-        )
-        return Response.redirect(self.ds.urls.path(self.ds.urls.database(db.name)))
diff --git a/datasette/views/table.py b/datasette/views/table.py
index 1fc151e6..140f2a15 100644
--- a/datasette/views/table.py
+++ b/datasette/views/table.py
@@ -1,238 +1,41 @@
-import asyncio
+import urllib
 import itertools
 import json
-import urllib
-import urllib.parse
 
-import markupsafe
+import jinja2
 
-from datasette.column_types import SQLiteType
-from datasette.extras import extra_names_from_request
 from datasette.plugins import pm
-from datasette.events import (
-    AlterTableEvent,
-    DropTableEvent,
-    InsertRowsEvent,
-    UpsertRowsEvent,
-)
-from datasette.database import QueryInterrupted
-from datasette import tracer
-from datasette.resources import DatabaseResource, TableResource
 from datasette.utils import (
-    add_cors_headers,
-    await_me_maybe,
-    call_with_supported_arguments,
     CustomRow,
+    QueryInterrupted,
+    RequestParameters,
     append_querystring,
     compound_keys_after_sql,
-    format_bytes,
-    make_slot_function,
-    tilde_encode,
     escape_sqlite,
     filters_should_redirect,
     is_url,
     path_from_row_pks,
     path_with_added_args,
-    path_with_format,
     path_with_removed_args,
     path_with_replaced_args,
+    sqlite3,
     to_css_class,
-    truncate_url,
     urlsafe_components,
     value_as_boolean,
-    InvalidSql,
-    sqlite3,
 )
-from datasette.utils.asgi import BadRequest, Forbidden, NotFound, Request, Response
+from datasette.utils.asgi import NotFound
 from datasette.filters import Filters
-import sqlite_utils
-from dataclasses import dataclass, field
-
-from datasette.extras import ExtraScope
-from . import Context, from_extra
-from .base import BaseView, DatasetteError, _error, stream_csv
-from .database import QueryView
-from .table_create_alter import (
-    ALTER_TABLE_COLUMN_TYPES,
-    ALTER_TABLE_TYPE_FOR_SQLITE_TYPE,
-    _custom_column_type_options_for_create_table,
-    default_expr_for_sql,
-    default_expression_options,
-)
-from .table_extras import (
-    TABLE_EXTRA_BUNDLES,
-    TableExtraContext,
-    precompute_database_action_permissions,
-    precompute_table_action_permissions,
-    resolve_table_extras,
-    table_extra_registry,
-)
-
-
-@dataclass
-class TableContext(Context):
-    "The page showing the rows in a table or SQL view, e.g. /fixtures/facetable."
-
-    documented_template = "table.html"
-    extras_scope = ExtraScope.TABLE
-
-    # Fields resolved by registered extras - their documentation comes
-    # from the description on each Extra class in table_extras.py
-    actions: callable = from_extra()
-    all_columns: list = from_extra()
-    columns: list = from_extra()
-    count: int = from_extra()
-    count_sql: str = from_extra()
-    custom_table_templates: list = from_extra()
-    database: str = from_extra()
-    database_color: str = from_extra()
-    display_columns: list = from_extra()
-    display_rows: list = from_extra()
-    expandable_columns: list = from_extra()
-    facet_results: dict = from_extra()
-    facets_timed_out: list = from_extra()
-    filters: Filters = from_extra()
-    form_hidden_args: list = from_extra()
-    human_description_en: str = from_extra()
-    is_view: bool = from_extra()
-    metadata: dict = from_extra()
-    next_url: str = from_extra()
-    primary_keys: list = from_extra()
-    private: bool = from_extra()
-    query: dict = from_extra()
-    renderers: dict = from_extra()
-    set_column_type_ui: dict = from_extra()
-    sorted_facet_results: list = from_extra()
-    suggested_facets: list = from_extra()
-    table: str = from_extra()
-    table_definition: str = from_extra()
-    view_definition: str = from_extra()
-
-    # Fields added by the view code
-    ok: bool = field(
-        metadata={"help": "True if the data for this page was retrieved without errors"}
-    )
-    next: str = field(metadata={"help": "Pagination token for the next page, or None"})
-    count_truncated: bool = field(
-        metadata={
-            "help": "True if ``count`` is a capped lower bound rather than an exact total, because Datasette stopped counting after its configured row-count limit."
-        }
-    )
-    rows: list = field(
-        metadata={
-            "help": "The rows for this page, as a list of dictionaries mapping column name to raw value."
-        }
-    )
-    filter_columns: list = field(
-        metadata={
-            "help": "List of column names offered by the filter interface, including currently displayed columns and any hidden columns that can still be filtered."
-        }
-    )
-    supports_search: bool = field(
-        metadata={"help": "True if this table has full-text search configured"}
-    )
-    extra_wheres_for_ui: list = field(
-        metadata={
-            "help": "Extra where clauses from ``?_where=`` for display in the UI. Each item has ``text`` for the SQL fragment and ``remove_url`` for a URL that removes that fragment."
-        }
-    )
-    url_csv: str = field(metadata={"help": "URL for the CSV export of this page"})
-    url_csv_path: str = field(metadata={"help": "Path portion of the CSV export URL"})
-    url_csv_hidden_args: list = field(
-        metadata={
-            "help": "List of ``(name, value)`` pairs for hidden form fields used by the CSV export form, preserving current filters while forcing ``_size=max``."
-        }
-    )
-    sort: str = field(metadata={"help": "Column the page is sorted by, or None"})
-    sort_desc: str = field(
-        metadata={"help": "Column the page is sorted by in descending order, or None"}
-    )
-    append_querystring: callable = field(
-        metadata={
-            "help": "Function ``append_querystring(url, querystring)`` that appends additional query string arguments to a URL, using ``?`` or ``&`` as appropriate."
-        }
-    )
-    path_with_replaced_args: callable = field(
-        metadata={
-            "help": "Function for building the current path with modified query string arguments. Pass the current ``request`` and a dictionary of argument names to replacement values, using ``None`` to remove an argument."
-        }
-    )
-    fix_path: callable = field(
-        metadata={
-            "help": "Function that applies the configured ``base_url`` prefix to a path."
-        }
-    )
-    settings: dict = field(
-        metadata={
-            "help": "Dictionary of Datasette's current settings, keyed by setting name."
-        }
-    )
-    alternate_url_json: str = field(
-        metadata={"help": "URL for the JSON version of this page"}
-    )
-    datasette_allow_facet: str = field(
-        metadata={
-            "help": 'The string "true" or "false" reflecting the allow_facet setting'
-        }
-    )
-    is_sortable: bool = field(
-        metadata={"help": "True if any of the displayed columns can be used to sort"}
-    )
-    allow_execute_sql: bool = field(
-        metadata={
-            "help": "True if the current actor can execute custom SQL against this database"
-        }
-    )
-    query_ms: float = field(
-        metadata={
-            "help": "Time taken by the SQL queries for this page, in milliseconds"
-        }
-    )
-    select_templates: list = field(
-        metadata={
-            "help": "List of template names that were considered for this page, with the selected template prefixed by ``*``."
-        }
-    )
-    top_table: callable = field(
-        metadata={
-            "help": "Async callable that renders the ``top_table`` plugin slot for this table or view and returns HTML."
-        }
-    )
-    table_page_data: dict = field(
-        metadata={
-            "help": "JSON data used by JavaScript on the table page. Includes ``database``, ``table`` and ``tableUrl``, plus optional ``foreignKeys`` mapping column names to autocomplete URLs, optional ``insertRow`` data and optional ``alterTable`` data."
-        }
-    )
-    table_insert_ui: dict = field(
-        metadata={
-            "help": "Information needed to enable the row insertion UI, or ``None`` if row insertion is not available to the current actor. When present it has ``path``, ``tableName``, ``columns`` and ``primaryKeys`` keys; each column includes ``name``, ``sqlite_type``, ``notnull``, ``default``, ``has_default``, ``is_pk``, ``value_kind`` and ``column_type`` keys."
-        }
-    )
-    table_alter_ui: dict = field(
-        metadata={
-            "help": "Information needed to enable the alter table UI, or ``None`` if altering this table is not available to the current actor. When present it has ``path``, ``tableName``, ``columns``, ``primaryKeys``, ``columnTypes``, ``defaultExpressions`` and ``foreignKeyTargetsPath`` keys, plus optional ``customColumnTypes`` and ``dropPath`` keys."
-        }
-    )
-
+from .base import DataView, DatasetteError, ureg
 
 LINK_WITH_LABEL = (
-    '{label} {id}'
+    '{label} {id}'
 )
-LINK_WITH_VALUE = '{id}'
+LINK_WITH_VALUE = '{id}'
 
 
 class Row:
-    def __init__(
-        self,
-        cells,
-        pk_path=None,
-        row_path=None,
-        row_label=None,
-    ):
+    def __init__(self, cells):
         self.cells = cells
-        self.pk_path = pk_path
-        self.row_path = row_path
-        self.row_label = row_label
 
     def __iter__(self):
         return iter(self.cells)
@@ -259,2224 +62,831 @@ class Row:
         return json.dumps(d, default=repr, indent=2)
 
 
-def row_label_from_label_column(row, label_column):
-    if not label_column:
-        return None
-    try:
-        value = row[label_column]
-    except (KeyError, IndexError):
-        return None
-    if isinstance(value, dict):
-        value = value.get("label")
-    if value is None or value == "":
-        return None
-    return str(value)
+class RowTableShared(DataView):
+    async def sortable_columns_for_table(self, database, table, use_rowid):
+        db = self.ds.databases[database]
+        table_metadata = self.ds.table_metadata(database, table)
+        if "sortable_columns" in table_metadata:
+            sortable_columns = set(table_metadata["sortable_columns"])
+        else:
+            sortable_columns = set(await db.table_columns(table))
+        if use_rowid:
+            sortable_columns.add("rowid")
+        return sortable_columns
 
+    async def expandable_columns(self, database, table):
+        # Returns list of (fk_dict, label_column-or-None) pairs for that table
+        expandables = []
+        db = self.ds.databases[database]
+        for fk in await db.foreign_keys_for_table(table):
+            label_column = await db.label_column_for_table(fk["other_table"])
+            expandables.append((fk, label_column))
+        return expandables
 
-async def run_sequential(*args):
-    # This used to be swappable for asyncio.gather() to run things in
-    # parallel, but this lead to hard-to-debug locking issues with
-    # in-memory databases: https://github.com/simonw/datasette/issues/2189
-    results = []
-    for fn in args:
-        results.append(await fn)
-    return results
-
-
-def _exact_filter_key(column):
-    if column.startswith("_"):
-        return f"{column}__exact"
-    return column
-
-
-def _request_with_query_string(request, query_string):
-    scope = dict(request.scope)
-    scope["query_string"] = query_string.encode("latin-1")
-    return Request(scope, request.receive)
-
-
-async def _fragment_request_for_row(request, resolved):
-    row_path = request.args.get("_row")
-    if not row_path:
-        return request
-    if resolved.is_view:
-        raise BadRequest("_row is not supported for views")
-
-    pks = await resolved.db.primary_keys(resolved.table)
-    row_pks = pks or ["rowid"]
-    pk_values = urlsafe_components(row_path)
-    if len(pk_values) != len(row_pks):
-        raise BadRequest("_row does not match the primary key for this table")
-
-    row_pk_filter_keys = {
-        key
-        for pk in row_pks
-        for key in {
-            _exact_filter_key(pk),
-            f"{pk}__exact",
-        }
-    }
-    args = [
-        (key, value)
-        for key, value in urllib.parse.parse_qsl(
-            request.query_string, keep_blank_values=True
-        )
-        if key
-        not in {
-            "_row",
-            "_next",
-            "_nocount",
-            "_nofacet",
-            "_nosuggest",
-        }.union(row_pk_filter_keys)
-    ]
-    args.extend(
-        [(_exact_filter_key(pk), value) for pk, value in zip(row_pks, pk_values)]
-    )
-    args.extend(
-        [
-            ("_nocount", "1"),
-            ("_nofacet", "1"),
-            ("_nosuggest", "1"),
+    async def display_columns_and_rows(
+        self, database, table, description, rows, link_column=False, truncate_cells=0
+    ):
+        "Returns columns, rows for specified table - including fancy foreign key treatment"
+        db = self.ds.databases[database]
+        table_metadata = self.ds.table_metadata(database, table)
+        sortable_columns = await self.sortable_columns_for_table(database, table, True)
+        columns = [
+            {"name": r[0], "sortable": r[0] in sortable_columns} for r in description
         ]
-    )
-    return _request_with_query_string(request, urllib.parse.urlencode(args))
+        pks = await db.primary_keys(table)
+        column_to_foreign_key_table = {
+            fk["column"]: fk["other_table"]
+            for fk in await db.foreign_keys_for_table(table)
+        }
+
+        cell_rows = []
+        for row in rows:
+            cells = []
+            # Unless we are a view, the first column is a link - either to the rowid
+            # or to the simple or compound primary key
+            if link_column:
+                is_special_link_column = len(pks) != 1
+                pk_path = path_from_row_pks(row, pks, not pks, False)
+                cells.append(
+                    {
+                        "column": pks[0] if len(pks) == 1 else "Link",
+                        "is_special_link_column": is_special_link_column,
+                        "raw": pk_path,
+                        "value": jinja2.Markup(
+                            '{flat_pks}'.format(
+                                database=database,
+                                table=urllib.parse.quote_plus(table),
+                                flat_pks=str(jinja2.escape(pk_path)),
+                                flat_pks_quoted=path_from_row_pks(row, pks, not pks),
+                            )
+                        ),
+                    }
+                )
+
+            for value, column_dict in zip(row, columns):
+                column = column_dict["name"]
+                if link_column and len(pks) == 1 and column == pks[0]:
+                    # If there's a simple primary key, don't repeat the value as it's
+                    # already shown in the link column.
+                    continue
+
+                # First let the plugins have a go
+                # pylint: disable=no-member
+                plugin_display_value = pm.hook.render_cell(
+                    value=value,
+                    column=column,
+                    table=table,
+                    database=database,
+                    datasette=self.ds,
+                )
+                if plugin_display_value is not None:
+                    display_value = plugin_display_value
+                elif isinstance(value, bytes):
+                    display_value = jinja2.Markup(
+                        "<Binary data: {} byte{}>".format(
+                            len(value), "" if len(value) == 1 else "s"
+                        )
+                    )
+                elif isinstance(value, dict):
+                    # It's an expanded foreign key - display link to other row
+                    label = value["label"]
+                    value = value["value"]
+                    # The table we link to depends on the column
+                    other_table = column_to_foreign_key_table[column]
+                    link_template = (
+                        LINK_WITH_LABEL if (label != value) else LINK_WITH_VALUE
+                    )
+                    display_value = jinja2.Markup(
+                        link_template.format(
+                            database=database,
+                            table=urllib.parse.quote_plus(other_table),
+                            link_id=urllib.parse.quote_plus(str(value)),
+                            id=str(jinja2.escape(value)),
+                            label=str(jinja2.escape(label)),
+                        )
+                    )
+                elif value in ("", None):
+                    display_value = jinja2.Markup(" ")
+                elif is_url(str(value).strip()):
+                    display_value = jinja2.Markup(
+                        '{url}'.format(
+                            url=jinja2.escape(value.strip())
+                        )
+                    )
+                elif column in table_metadata.get("units", {}) and value != "":
+                    # Interpret units using pint
+                    value = value * ureg(table_metadata["units"][column])
+                    # Pint uses floating point which sometimes introduces errors in the compact
+                    # representation, which we have to round off to avoid ugliness. In the vast
+                    # majority of cases this rounding will be inconsequential. I hope.
+                    value = round(value.to_compact(), 6)
+                    display_value = jinja2.Markup(
+                        "{:~P}".format(value).replace(" ", " ")
+                    )
+                else:
+                    display_value = str(value)
+                    if truncate_cells and len(display_value) > truncate_cells:
+                        display_value = display_value[:truncate_cells] + u"\u2026"
+
+                cells.append({"column": column, "value": display_value, "raw": value})
+            cell_rows.append(Row(cells))
+
+        if link_column:
+            # Add the link column header.
+            # If it's a simple primary key, we have to remove and re-add that column name at
+            # the beginning of the header row.
+            if len(pks) == 1:
+                columns = [col for col in columns if col["name"] != pks[0]]
+
+            columns = [
+                {"name": pks[0] if len(pks) == 1 else "Link", "sortable": len(pks) == 1}
+            ] + columns
+        return columns, cell_rows
 
 
-def _redirect(datasette, request, path, forward_querystring=True, remove_args=None):
-    if request.query_string and "?" not in path and forward_querystring:
-        path = f"{path}?{request.query_string}"
-    if remove_args:
-        path = path_with_removed_args(request, remove_args, path=path)
-    r = Response.redirect(path)
-    r.headers["Link"] = f"<{path}>; rel=preload"
-    if datasette.cors:
-        add_cors_headers(r.headers)
-    return r
+class TableView(RowTableShared):
+    name = "table"
 
+    async def data(
+        self,
+        request,
+        database,
+        hash,
+        table,
+        default_labels=False,
+        _next=None,
+        _size=None,
+    ):
+        canned_query = self.ds.get_canned_query(database, table)
+        if canned_query is not None:
+            return await self.custom_sql(
+                request,
+                database,
+                hash,
+                canned_query["sql"],
+                metadata=canned_query,
+                editable=False,
+                canned_query=table,
+            )
+        db = self.ds.databases[database]
+        is_view = bool(await db.get_view_definition(table))
+        table_exists = bool(await db.table_exists(table))
+        if not is_view and not table_exists:
+            raise NotFound("Table not found: {}".format(table))
 
-async def _redirect_if_needed(datasette, request, resolved):
-    # Handle ?_filter_column
-    redirect_params = filters_should_redirect(request.args)
-    if redirect_params:
-        return _redirect(
-            datasette,
-            request,
-            datasette.urls.path(path_with_added_args(request, redirect_params)),
-            forward_querystring=False,
+        pks = await db.primary_keys(table)
+        table_columns = await db.table_columns(table)
+
+        select_columns = ", ".join(escape_sqlite(t) for t in table_columns)
+
+        use_rowid = not pks and not is_view
+        if use_rowid:
+            select = "rowid, {}".format(select_columns)
+            order_by = "rowid"
+            order_by_pks = "rowid"
+        else:
+            select = select_columns
+            order_by_pks = ", ".join([escape_sqlite(pk) for pk in pks])
+            order_by = order_by_pks
+
+        if is_view:
+            order_by = ""
+
+        # Ensure we don't drop anything with an empty value e.g. ?name__exact=
+        args = RequestParameters(
+            urllib.parse.parse_qs(request.query_string, keep_blank_values=True)
         )
 
-    # If ?_sort_by_desc=on (from checkbox) redirect to _sort_desc=(_sort)
-    if "_sort_by_desc" in request.args:
-        return _redirect(
-            datasette,
-            request,
-            datasette.urls.path(
+        # Special args start with _ and do not contain a __
+        # That's so if there is a column that starts with _
+        # it can still be queried using ?_col__exact=blah
+        special_args = {}
+        other_args = []
+        for key, value in args.items():
+            if key.startswith("_") and "__" not in key:
+                special_args[key] = value[0]
+            else:
+                for v in value:
+                    other_args.append((key, v))
+
+        # Handle ?_filter_column and redirect, if present
+        redirect_params = filters_should_redirect(special_args)
+        if redirect_params:
+            return self.redirect(
+                request,
+                path_with_added_args(request, redirect_params),
+                forward_querystring=False,
+            )
+
+        # Spot ?_sort_by_desc and redirect to _sort_desc=(_sort)
+        if "_sort_by_desc" in special_args:
+            return self.redirect(
+                request,
                 path_with_added_args(
                     request,
                     {
-                        "_sort_desc": request.args.get("_sort"),
+                        "_sort_desc": special_args.get("_sort"),
                         "_sort_by_desc": None,
                         "_sort": None,
                     },
-                )
-            ),
-            forward_querystring=False,
-        )
-
-
-async def _validate_column_types(datasette, database_name, table_name, rows):
-    """Validate row values against assigned column types. Returns list of error strings."""
-    ct_map = await datasette.get_column_types(database_name, table_name)
-    if not ct_map:
-        return []
-    errors = []
-    for row in rows:
-        for col_name, ct in ct_map.items():
-            if col_name not in row:
-                continue
-            error = await ct.validate(row[col_name], datasette)
-            if error:
-                errors.append(f"{col_name}: {error}")
-    return errors
-
-
-def _column_value_kind_for_insert_form(column_detail):
-    sqlite_type = SQLiteType.from_declared_type(column_detail.type)
-    if sqlite_type in (SQLiteType.INTEGER, SQLiteType.REAL):
-        return "number"
-    return "string"
-
-
-def _column_sqlite_type_for_insert_form(column_detail):
-    sqlite_type = SQLiteType.from_declared_type(column_detail.type)
-    return sqlite_type.value if sqlite_type is not None else None
-
-
-async def _foreign_key_autocomplete_urls(
-    datasette, request, db, database_name, table_name
-):
-    autocomplete_urls = {}
-    for fk in await db.foreign_keys_for_table(table_name):
-        if not await db.table_exists(fk["other_table"]):
-            continue
-        other_pks = await db.primary_keys(fk["other_table"])
-        other_column = fk["other_column"]
-        if other_column is None and len(other_pks) == 1:
-            other_column = other_pks[0]
-        if len(other_pks) != 1 or other_column != other_pks[0]:
-            continue
-        visible, _ = await datasette.check_visibility(
-            request.actor,
-            action="view-table",
-            resource=TableResource(database=database_name, table=fk["other_table"]),
-        )
-        if not visible:
-            continue
-        autocomplete_urls[fk["column"]] = "{}/-/autocomplete".format(
-            datasette.urls.table(database_name, fk["other_table"])
-        )
-    return autocomplete_urls
-
-
-async def _table_page_data(
-    datasette,
-    request,
-    db,
-    database_name,
-    table_name,
-    is_view,
-    table_insert_ui,
-    table_alter_ui,
-):
-    data = {
-        "database": database_name,
-        "table": table_name,
-        "tableUrl": datasette.urls.table(database_name, table_name),
-    }
-    if table_insert_ui:
-        data["insertRow"] = table_insert_ui
-    if table_alter_ui:
-        data["alterTable"] = table_alter_ui
-    if not is_view:
-        foreign_keys = await _foreign_key_autocomplete_urls(
-            datasette, request, db, database_name, table_name
-        )
-        if foreign_keys:
-            data["foreignKeys"] = foreign_keys
-    return data
-
-
-async def _table_insert_ui(
-    datasette, request, db, database_name, table_name, is_view, pks
-):
-    if is_view or not db.is_mutable:
-        return None
-
-    if not await datasette.allowed(
-        action="insert-row",
-        resource=TableResource(database=database_name, table=table_name),
-        actor=request.actor,
-    ):
-        return None
-
-    column_types_map = await datasette.get_column_types(database_name, table_name)
-    columns = []
-    column_details = await db.table_column_details(table_name)
-    for column in column_details:
-        if column.hidden:
-            continue
-        is_pk = column.name in pks
-        is_auto_pk = (
-            is_pk
-            and len(pks) == 1
-            and SQLiteType.from_declared_type(column.type) == SQLiteType.INTEGER
-        )
-        if is_auto_pk:
-            continue
-        column_type = column_types_map.get(column.name)
-        columns.append(
-            {
-                "name": column.name,
-                "sqlite_type": _column_sqlite_type_for_insert_form(column),
-                "notnull": column.notnull,
-                "default": column.default_value,
-                "has_default": column.default_value is not None,
-                "is_pk": is_pk,
-                "value_kind": _column_value_kind_for_insert_form(column),
-                "column_type": (
-                    {"type": column_type.name, "config": column_type.config}
-                    if column_type is not None
-                    else None
                 ),
-            }
-        )
-
-    return {
-        "path": "{}/-/insert".format(datasette.urls.table(database_name, table_name)),
-        "tableName": table_name,
-        "columns": columns,
-        "primaryKeys": pks,
-    }
-
-
-async def _table_alter_ui(
-    datasette, request, db, database_name, table_name, is_view, pks
-):
-    if is_view or not db.is_mutable:
-        return None
-
-    if not await datasette.allowed(
-        action="alter-table",
-        resource=TableResource(database=database_name, table=table_name),
-        actor=request.actor,
-    ):
-        return None
-
-    column_types_map = await datasette.get_column_types(database_name, table_name)
-    foreign_keys_by_column = {}
-    for fk in await db.foreign_keys_for_table(table_name):
-        other_column = fk["other_column"]
-        if other_column is None and await db.table_exists(fk["other_table"]):
-            other_pks = await db.primary_keys(fk["other_table"])
-            if len(other_pks) == 1:
-                other_column = other_pks[0]
-        if other_column is None:
-            continue
-        foreign_keys_by_column[fk["column"]] = {
-            "fk_table": fk["other_table"],
-            "fk_column": other_column,
-        }
-    columns = []
-    for column in await db.table_column_details(table_name):
-        if column.hidden:
-            continue
-        sqlite_type = SQLiteType.from_declared_type(column.type)
-        column_type = column_types_map.get(column.name)
-        default_expr = default_expr_for_sql(column.default_value)
-        column_data = {
-            "name": column.name,
-            "type": ALTER_TABLE_TYPE_FOR_SQLITE_TYPE.get(sqlite_type, "text"),
-            "sqlite_type": sqlite_type.value,
-            "notnull": column.notnull,
-            "default": None if default_expr else column.default_value,
-            "has_default": column.default_value is not None,
-            "is_pk": column.name in pks,
-            "foreign_key": foreign_keys_by_column.get(column.name),
-            "column_type": (
-                {"type": column_type.name, "config": column_type.config}
-                if column_type is not None
-                else None
-            ),
-        }
-        if default_expr:
-            column_data["default_expr"] = default_expr
-        columns.append(column_data)
-
-    data = {
-        "path": "{}/-/alter".format(datasette.urls.table(database_name, table_name)),
-        "tableName": table_name,
-        "columns": columns,
-        "primaryKeys": pks,
-        "columnTypes": ALTER_TABLE_COLUMN_TYPES,
-        "defaultExpressions": default_expression_options(),
-        "foreignKeyTargetsPath": "{}/-/foreign-key-targets?table={}".format(
-            datasette.urls.database(database_name),
-            urllib.parse.quote(table_name, safe=""),
-        ),
-    }
-    can_set_column_type = await datasette.allowed(
-        action="set-column-type",
-        resource=TableResource(database=database_name, table=table_name),
-        actor=request.actor,
-    )
-    if can_set_column_type:
-        data["customColumnTypes"] = _custom_column_type_options_for_create_table(
-            datasette
-        )
-    can_drop_table = await datasette.allowed(
-        action="drop-table",
-        resource=TableResource(database=database_name, table=table_name),
-        actor=request.actor,
-    )
-    if can_drop_table:
-        data["dropPath"] = "{}/-/drop".format(
-            datasette.urls.table(database_name, table_name)
-        )
-    return data
-
-
-async def display_columns_and_rows(
-    datasette,
-    database_name,
-    table_name,
-    description,
-    rows,
-    link_column=False,
-    truncate_cells=0,
-    sortable_columns=None,
-    request=None,
-):
-    """Returns columns, rows for specified table - including fancy foreign key treatment"""
-    sortable_columns = sortable_columns or set()
-    db = datasette.databases[database_name]
-    column_descriptions = dict(
-        await datasette.get_internal_database().execute(
-            """
-          SELECT
-            column_name,
-            value
-          FROM metadata_columns
-          WHERE database_name = ?
-            AND resource_name = ?
-            AND key = 'description'
-        """,
-            [database_name, table_name],
-        )
-    )
-
-    # Look up column types for this table
-    column_types_map = await datasette.get_column_types(database_name, table_name)
-
-    column_details = {
-        col.name: col for col in await db.table_column_details(table_name)
-    }
-    pks = await db.primary_keys(table_name)
-    pks_for_display = pks
-    if not pks_for_display:
-        pks_for_display = ["rowid"]
-    label_column = None
-    if link_column:
-        label_column = await db.label_column_for_table(table_name)
-    row_action_permissions = {}
-    if link_column and request is not None and db.is_mutable:
-        row_action_permissions = await datasette.allowed_many(
-            actions=["update-row", "delete-row"],
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        )
-
-    columns = []
-    for r in description:
-        if r[0] == "rowid" and "rowid" not in column_details:
-            type_ = "integer"
-            notnull = 0
-        else:
-            type_ = column_details[r[0]].type
-            notnull = column_details[r[0]].notnull
-        col_dict = {
-            "name": r[0],
-            "sortable": r[0] in sortable_columns,
-            "is_pk": r[0] in pks_for_display,
-            "type": type_,
-            "notnull": notnull,
-            "description": column_descriptions.get(r[0]),
-            "column_type": None,
-            "column_type_config": None,
-        }
-        ct = column_types_map.get(r[0])
-        if ct:
-            col_dict["column_type"] = ct.name
-            col_dict["column_type_config"] = ct.config
-        columns.append(col_dict)
-
-    column_to_foreign_key_table = {
-        fk["column"]: fk["other_table"]
-        for fk in await db.foreign_keys_for_table(table_name)
-    }
-
-    cell_rows = []
-    base_url = datasette.setting("base_url")
-    for row in rows:
-        cells = []
-        # Unless we are a view, the first column is a link - either to the rowid
-        # or to the simple or compound primary key
-        if link_column:
-            is_special_link_column = len(pks) != 1
-            pk_path = path_from_row_pks(row, pks, not pks, False)
-            row_path = path_from_row_pks(row, pks, not pks)
-            row_label = row_label_from_label_column(row, label_column)
-            row_action_label = pk_path
-            if row_label and row_label != pk_path:
-                row_action_label = "{} {}".format(pk_path, row_label)
-            table_path = datasette.urls.table(database_name, table_name)
-            row_link = '{flat_pks}'.format(
-                table_path=table_path,
-                flat_pks=str(markupsafe.escape(pk_path)),
-                flat_pks_quoted=row_path,
-            )
-            edit_icon = (
-                '"
-            )
-            delete_icon = (
-                '"
-            )
-            row_actions = []
-            if row_action_permissions.get("update-row"):
-                row_actions.append(
-                    '".format(
-                        edit_icon=edit_icon,
-                        row_label=markupsafe.escape(row_action_label),
-                    )
-                )
-            if row_action_permissions.get("delete-row"):
-                row_actions.append(
-                    '".format(
-                        delete_icon=delete_icon,
-                        row_label=markupsafe.escape(row_action_label),
-                    )
-                )
-            if row_actions:
-                row_link = (
-                    '{row_link}'
-                    ''
-                    "{row_actions}"
-                ).format(row_link=row_link, row_actions="".join(row_actions))
-            cells.append(
-                {
-                    "column": pks[0] if len(pks) == 1 else "Link",
-                    "value_type": "pk",
-                    "is_special_link_column": is_special_link_column,
-                    "raw": pk_path,
-                    "value": markupsafe.Markup(row_link),
-                }
+                forward_querystring=False,
             )
 
-        for value, column_dict in zip(row, columns):
-            column = column_dict["name"]
-            if link_column and len(pks) == 1 and column == pks[0]:
-                # If there's a simple primary key, don't repeat the value as it's
-                # already shown in the link column.
-                continue
+        table_metadata = self.ds.table_metadata(database, table)
+        units = table_metadata.get("units", {})
+        filters = Filters(sorted(other_args), units, ureg)
+        where_clauses, params = filters.build_where_clauses(table)
 
-            # First try column type render_cell, then plugins
-            # pylint: disable=no-member
-            plugin_display_value = None
-            ct = column_types_map.get(column)
-            if ct:
-                candidate = await ct.render_cell(
-                    value=value,
-                    column=column,
-                    table=table_name,
-                    database=database_name,
-                    datasette=datasette,
-                    request=request,
-                )
-                if candidate is not None:
-                    plugin_display_value = candidate
-            if plugin_display_value is None:
-                for candidate in pm.hook.render_cell(
-                    row=row,
-                    value=value,
-                    column=column,
-                    table=table_name,
-                    pks=pks_for_display,
-                    database=database_name,
-                    datasette=datasette,
-                    request=request,
-                    column_type=ct,
-                ):
-                    candidate = await await_me_maybe(candidate)
-                    if candidate is not None:
-                        plugin_display_value = candidate
-                        break
-            if plugin_display_value:
-                display_value = plugin_display_value
-            elif isinstance(value, bytes):
-                formatted = format_bytes(len(value))
-                display_value = markupsafe.Markup(
-                    '<Binary: {:,} byte{}>'.format(
-                        datasette.urls.row_blob(
-                            database_name,
-                            table_name,
-                            path_from_row_pks(row, pks, not pks),
-                            column,
-                        ),
-                        (
-                            ' title="{}"'.format(formatted)
-                            if "bytes" not in formatted
-                            else ""
-                        ),
-                        len(value),
-                        "" if len(value) == 1 else "s",
-                    )
-                )
-            elif isinstance(value, dict):
-                # It's an expanded foreign key - display link to other row
-                label = value["label"]
-                value = value["value"]
-                # The table we link to depends on the column
-                other_table = column_to_foreign_key_table[column]
-                link_template = LINK_WITH_LABEL if (label != value) else LINK_WITH_VALUE
-                display_value = markupsafe.Markup(
-                    link_template.format(
-                        database=tilde_encode(database_name),
-                        base_url=base_url,
-                        table=tilde_encode(other_table),
-                        link_id=tilde_encode(str(value)),
-                        id=str(markupsafe.escape(value)),
-                        label=str(markupsafe.escape(label)) or "-",
-                    )
-                )
-            elif value in ("", None):
-                display_value = markupsafe.Markup(" ")
-            elif is_url(str(value).strip()):
-                display_value = markupsafe.Markup(
-                    '{truncated_url}'.format(
-                        url=markupsafe.escape(value.strip()),
-                        truncated_url=markupsafe.escape(
-                            truncate_url(value.strip(), truncate_cells)
-                        ),
-                    )
-                )
+        extra_wheres_for_ui = []
+        # Add _where= from querystring
+        if "_where" in request.args:
+            if not self.ds.config("allow_sql"):
+                raise DatasetteError("_where= is not allowed", status=400)
             else:
-                display_value = str(value)
-                if truncate_cells and len(display_value) > truncate_cells:
-                    display_value = display_value[:truncate_cells] + "\u2026"
+                where_clauses.extend(request.args["_where"])
+                extra_wheres_for_ui = [
+                    {
+                        "text": text,
+                        "remove_url": path_with_removed_args(request, {"_where": text}),
+                    }
+                    for text in request.args["_where"]
+                ]
 
-            cells.append(
-                {
-                    "column": column,
-                    "value": display_value,
-                    "raw": value,
-                    "value_type": (
-                        "none" if value is None else str(type(value).__name__)
-                    ),
-                }
-            )
-        if link_column:
-            cell_rows.append(
-                Row(
-                    cells,
-                    pk_path=pk_path,
-                    row_path=row_path,
-                    row_label=row_label,
+        # Support for ?_through={table, column, value}
+        extra_human_descriptions = []
+        if "_through" in request.args:
+            for through in request.args["_through"]:
+                through_data = json.loads(through)
+                through_table = through_data["table"]
+                other_column = through_data["column"]
+                value = through_data["value"]
+                outgoing_foreign_keys = await db.get_outbound_foreign_keys(
+                    through_table
+                )
+                try:
+                    fk_to_us = [
+                        fk for fk in outgoing_foreign_keys if fk["other_table"] == table
+                    ][0]
+                except IndexError:
+                    raise DatasetteError(
+                        "Invalid _through - could not find corresponding foreign key"
+                    )
+                param = "p{}".format(len(params))
+                where_clauses.append(
+                    "{our_pk} in (select {our_column} from {through_table} where {other_column} = :{param})".format(
+                        through_table=escape_sqlite(through_table),
+                        our_pk=escape_sqlite(fk_to_us["other_column"]),
+                        our_column=escape_sqlite(fk_to_us["column"]),
+                        other_column=escape_sqlite(other_column),
+                        param=param,
+                    )
+                )
+                params[param] = value
+                extra_human_descriptions.append(
+                    '{}.{} = "{}"'.format(through_table, other_column, value)
                 )
-            )
-        else:
-            cell_rows.append(Row(cells))
 
-    if link_column:
-        # Add the link column header.
-        # If it's a simple primary key, we have to remove and re-add that column name at
-        # the beginning of the header row.
-        first_column = None
-        if len(pks) == 1:
-            columns = [col for col in columns if col["name"] != pks[0]]
-            first_column = {
-                "name": pks[0],
-                "sortable": len(pks) == 1,
-                "is_pk": True,
-                "type": column_details[pks[0]].type,
-                "notnull": column_details[pks[0]].notnull,
-            }
-        else:
-            first_column = {
-                "name": "Link",
-                "sortable": False,
-                "is_pk": False,
-                "type": "",
-                "notnull": 0,
-                "is_special_link_column": True,
-            }
-        columns = [first_column] + columns
-    return columns, cell_rows
+        # _search support:
+        fts_table = special_args.get("_fts_table")
+        fts_table = fts_table or table_metadata.get("fts_table")
+        fts_table = fts_table or await db.fts_table(table)
+        fts_pk = special_args.get("_fts_pk", table_metadata.get("fts_pk", "rowid"))
+        search_args = dict(
+            pair for pair in special_args.items() if pair[0].startswith("_search")
+        )
+        search = ""
+        if fts_table and search_args:
+            if "_search" in search_args:
+                # Simple ?_search=xxx
+                search = search_args["_search"]
+                where_clauses.append(
+                    "{fts_pk} in (select rowid from {fts_table} where {fts_table} match escape_fts(:search))".format(
+                        fts_table=escape_sqlite(fts_table), fts_pk=escape_sqlite(fts_pk)
+                    )
+                )
+                extra_human_descriptions.append('search matches "{}"'.format(search))
+                params["search"] = search
+            else:
+                # More complex: search against specific columns
+                for i, (key, search_text) in enumerate(search_args.items()):
+                    search_col = key.split("_search_", 1)[1]
+                    if search_col not in await db.table_columns(fts_table):
+                        raise DatasetteError("Cannot search by that column", status=400)
 
-
-class TableInsertView(BaseView):
-    name = "table-insert"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def _validate_data(self, request, db, table_name, pks, upsert):
-        errors = []
-
-        pks_list = []
-        if isinstance(pks, str):
-            pks_list = [pks]
-        else:
-            pks_list = list(pks)
-
-        if not pks_list:
-            pks_list = ["rowid"]
-
-        def _errors(errors):
-            return None, errors, {}
-
-        if not request.headers.get("content-type").startswith("application/json"):
-            # TODO: handle form-encoded data
-            return _errors(["Invalid content-type, must be application/json"])
-        try:
-            data = await request.json()
-        except json.JSONDecodeError as e:
-            return _errors(["Invalid JSON: {}".format(e)])
-        if not isinstance(data, dict):
-            return _errors(["JSON must be a dictionary"])
-        keys = data.keys()
-
-        # keys must contain "row" or "rows"
-        if "row" not in keys and "rows" not in keys:
-            return _errors(['JSON must have one or other of "row" or "rows"'])
-        rows = []
-        if "row" in keys:
-            if "rows" in keys:
-                return _errors(['Cannot use "row" and "rows" at the same time'])
-            row = data["row"]
-            if not isinstance(row, dict):
-                return _errors(['"row" must be a dictionary'])
-            rows = [row]
-            data["return"] = True
-        else:
-            rows = data["rows"]
-        if not isinstance(rows, list):
-            return _errors(['"rows" must be a list'])
-        for row in rows:
-            if not isinstance(row, dict):
-                return _errors(['"rows" must be a list of dictionaries'])
-
-        # Does this exceed max_insert_rows?
-        max_insert_rows = self.ds.setting("max_insert_rows")
-        if len(rows) > max_insert_rows:
-            return _errors(
-                ["Too many rows, maximum allowed is {}".format(max_insert_rows)]
-            )
-
-        # Validate other parameters
-        extras = {
-            key: value for key, value in data.items() if key not in ("row", "rows")
-        }
-        valid_extras = {"return", "ignore", "replace", "alter"}
-        invalid_extras = extras.keys() - valid_extras
-        if invalid_extras:
-            return _errors(
-                ['Invalid parameter: "{}"'.format('", "'.join(sorted(invalid_extras)))]
-            )
-        if extras.get("ignore") and extras.get("replace"):
-            return _errors(['Cannot use "ignore" and "replace" at the same time'])
-
-        columns = set(await db.table_columns(table_name))
-        columns.update(pks_list)
-
-        for i, row in enumerate(rows):
-            if upsert:
-                # It MUST have the primary key
-                missing_pks = [pk for pk in pks_list if pk not in row]
-                if missing_pks:
-                    errors.append(
-                        'Row {} is missing primary key column(s): "{}"'.format(
-                            i, '", "'.join(missing_pks)
+                    where_clauses.append(
+                        "rowid in (select rowid from {fts_table} where {search_col} match escape_fts(:search_{i}))".format(
+                            fts_table=escape_sqlite(fts_table),
+                            search_col=escape_sqlite(search_col),
+                            i=i,
                         )
                     )
-                null_pks = [pk for pk in pks_list if pk in row and row[pk] is None]
-                if null_pks:
-                    errors.append(
-                        'Row {} has null primary key column(s): "{}"'.format(
-                            i, '", "'.join(null_pks)
+                    extra_human_descriptions.append(
+                        'search column "{}" matches "{}"'.format(
+                            search_col, search_text
                         )
                     )
-            invalid_columns = set(row.keys()) - columns
-            if invalid_columns and not extras.get("alter"):
-                errors.append(
-                    "Row {} has invalid columns: {}".format(
-                        i, ", ".join(sorted(invalid_columns))
-                    )
-                )
-        if errors:
-            return _errors(errors)
-        return rows, errors, extras
+                    params["search_{}".format(i)] = search_text
 
-    async def post(self, request, upsert=False):
-        try:
-            resolved = await self.ds.resolve_table(request)
-        except NotFound as e:
-            return _error([e.args[0]], 404)
-        db = resolved.db
-        database_name = db.name
-        table_name = resolved.table
+        sortable_columns = set()
 
-        # Table must exist (may handle table creation in the future)
-        db = self.ds.get_database(database_name)
-        if not await db.table_exists(table_name):
-            return _error(["Table not found: {}".format(table_name)], 404)
-
-        if upsert:
-            # Must have insert-row AND upsert-row permissions
-            if not (
-                await self.ds.allowed(
-                    action="insert-row",
-                    resource=TableResource(database=database_name, table=table_name),
-                    actor=request.actor,
-                )
-                and await self.ds.allowed(
-                    action="update-row",
-                    resource=TableResource(database=database_name, table=table_name),
-                    actor=request.actor,
-                )
-            ):
-                return _error(
-                    ["Permission denied: need both insert-row and update-row"], 403
-                )
-        else:
-            # Must have insert-row permission
-            if not await self.ds.allowed(
-                action="insert-row",
-                resource=TableResource(database=database_name, table=table_name),
-                actor=request.actor,
-            ):
-                return _error(["Permission denied"], 403)
-
-        if not db.is_mutable:
-            return _error(["Database is immutable"], 403)
-
-        pks = await db.primary_keys(table_name)
-
-        rows, errors, extras = await self._validate_data(
-            request, db, table_name, pks, upsert
+        sortable_columns = await self.sortable_columns_for_table(
+            database, table, use_rowid
         )
-        if errors:
-            return _error(errors, 400)
 
-        # Validate column types
-        ct_errors = await _validate_column_types(
-            self.ds, database_name, table_name, rows
+        # Allow for custom sort order
+        sort = special_args.get("_sort")
+        if sort:
+            if sort not in sortable_columns:
+                raise DatasetteError("Cannot sort table by {}".format(sort))
+
+            order_by = escape_sqlite(sort)
+        sort_desc = special_args.get("_sort_desc")
+        if sort_desc:
+            if sort_desc not in sortable_columns:
+                raise DatasetteError("Cannot sort table by {}".format(sort_desc))
+
+            if sort:
+                raise DatasetteError("Cannot use _sort and _sort_desc at the same time")
+
+            order_by = "{} desc".format(escape_sqlite(sort_desc))
+
+        from_sql = "from {table_name} {where}".format(
+            table_name=escape_sqlite(table),
+            where=("where {} ".format(" and ".join(where_clauses)))
+            if where_clauses
+            else "",
         )
-        if ct_errors:
-            return _error(ct_errors, 400)
+        # Copy of params so we can mutate them later:
+        from_sql_params = dict(**params)
 
-        num_rows = len(rows)
+        count_sql = "select count(*) {}".format(from_sql)
 
-        # No that we've passed pks to _validate_data it's safe to
-        # fix the rowids case:
-        if not pks:
-            pks = ["rowid"]
-
-        ignore = extras.get("ignore")
-        replace = extras.get("replace")
-        alter = extras.get("alter")
-
-        if upsert and (ignore or replace):
-            return _error(["Upsert does not support ignore or replace"], 400)
-
-        if replace and not await self.ds.allowed(
-            action="update-row",
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        ):
-            return _error(['Permission denied: need update-row to use "replace"'], 403)
-
-        initial_schema = None
-        if alter:
-            # Must have alter-table permission
-            if not await self.ds.allowed(
-                action="alter-table",
-                resource=TableResource(database=database_name, table=table_name),
-                actor=request.actor,
-            ):
-                return _error(["Permission denied for alter-table"], 403)
-            # Track initial schema to check if it changed later
-            initial_schema = await db.execute_fn(
-                lambda conn: sqlite_utils.Database(conn)[table_name].schema
-            )
-
-        should_return = bool(extras.get("return", False))
-        row_pk_values_for_later = []
-        if should_return and upsert:
-            row_pk_values_for_later = [tuple(row[pk] for pk in pks) for row in rows]
-
-        def insert_or_upsert_rows(conn):
-            table = sqlite_utils.Database(conn)[table_name]
-            kwargs = {}
-            if upsert:
-                kwargs = {
-                    "pk": pks[0] if len(pks) == 1 else pks,
-                    "alter": alter,
-                }
+        _next = _next or special_args.get("_next")
+        offset = ""
+        if _next:
+            if is_view:
+                # _next is an offset
+                offset = " offset {}".format(int(_next))
             else:
-                # Insert
-                kwargs = {"ignore": ignore, "replace": replace, "alter": alter}
-            if should_return and not upsert:
-                rowids = []
-                method = table.upsert if upsert else table.insert
-                for row in rows:
-                    rowids.append(method(row, **kwargs).last_rowid)
-                return list(
-                    table.rows_where(
-                        "rowid in ({})".format(",".join("?" for _ in rowids)),
-                        rowids,
-                    )
-                )
-            else:
-                method_all = table.upsert_all if upsert else table.insert_all
-                method_all(rows, **kwargs)
-
-        try:
-            rows = await db.execute_write_fn(insert_or_upsert_rows, request=request)
-        except Exception as e:
-            return _error([str(e)])
-        result = {"ok": True}
-        if should_return:
-            if upsert:
-                # Fetch based on initial input IDs
-                where_clause = " OR ".join(
-                    ["({})".format(" AND ".join("{} = ?".format(pk) for pk in pks))]
-                    * len(row_pk_values_for_later)
-                )
-                args = list(itertools.chain.from_iterable(row_pk_values_for_later))
-                fetched_rows = await db.execute(
-                    "select {}* from [{}] where {}".format(
-                        "rowid, " if pks == ["rowid"] else "", table_name, where_clause
-                    ),
-                    args,
-                )
-                result["rows"] = fetched_rows.dicts()
-            else:
-                result["rows"] = rows
-        # We track the number of rows requested, but do not attempt to show which were actually
-        # inserted or upserted v.s. ignored
-        if upsert:
-            await self.ds.track_event(
-                UpsertRowsEvent(
-                    actor=request.actor,
-                    database=database_name,
-                    table=table_name,
-                    num_rows=num_rows,
-                )
-            )
-        else:
-            await self.ds.track_event(
-                InsertRowsEvent(
-                    actor=request.actor,
-                    database=database_name,
-                    table=table_name,
-                    num_rows=num_rows,
-                    ignore=bool(ignore),
-                    replace=bool(replace),
-                )
-            )
-
-        if initial_schema is not None:
-            after_schema = await db.execute_fn(
-                lambda conn: sqlite_utils.Database(conn)[table_name].schema
-            )
-            if initial_schema != after_schema:
-                await self.ds.track_event(
-                    AlterTableEvent(
-                        request.actor,
-                        database=database_name,
-                        table=table_name,
-                        before_schema=initial_schema,
-                        after_schema=after_schema,
-                    )
-                )
-
-        return Response.json(result, status=200 if upsert else 201)
-
-
-class TableUpsertView(TableInsertView):
-    name = "table-upsert"
-
-    async def post(self, request):
-        return await super().post(request, upsert=True)
-
-
-class TableSetColumnTypeView(BaseView):
-    name = "table-set-column-type"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def post(self, request):
-        try:
-            resolved = await self.ds.resolve_table(request)
-        except NotFound as e:
-            return _error([e.args[0]], 404)
-
-        database_name = resolved.db.name
-        table_name = resolved.table
-
-        if not await self.ds.allowed(
-            action="set-column-type",
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied"], 403)
-
-        content_type = request.headers.get("content-type") or ""
-        if not content_type.startswith("application/json"):
-            return _error(["Invalid content-type, must be application/json"], 400)
-
-        try:
-            data = await request.json()
-        except json.JSONDecodeError as e:
-            return _error(["Invalid JSON: {}".format(e)], 400)
-
-        if not isinstance(data, dict):
-            return _error(["JSON must be a dictionary"], 400)
-
-        invalid_keys = set(data.keys()) - {"column", "column_type"}
-        if invalid_keys:
-            return _error(
-                ['Invalid parameter: "{}"'.format('", "'.join(sorted(invalid_keys)))],
-                400,
-            )
-
-        if "column" not in data:
-            return _error(['"column" is required'], 400)
-        column = data["column"]
-        if not isinstance(column, str):
-            return _error(['"column" must be a string'], 400)
-
-        if "column_type" not in data:
-            return _error(['"column_type" is required'], 400)
-
-        column_details = await self.ds._get_resource_column_details(
-            database_name, table_name
-        )
-        if column not in column_details:
-            return _error(["Column not found: {}".format(column)], 400)
-
-        column_type_data = data["column_type"]
-        if column_type_data is None:
-            await self.ds.remove_column_type(database_name, table_name, column)
-            return Response.json(
-                {
-                    "ok": True,
-                    "database": database_name,
-                    "table": table_name,
-                    "column": column,
-                    "column_type": None,
-                },
-                status=200,
-            )
-
-        if not isinstance(column_type_data, dict):
-            return _error(['"column_type" must be an object or null'], 400)
-
-        invalid_column_type_keys = set(column_type_data.keys()) - {"type", "config"}
-        if invalid_column_type_keys:
-            return _error(
-                [
-                    'Invalid column_type parameter: "{}"'.format(
-                        '", "'.join(sorted(invalid_column_type_keys))
-                    )
-                ],
-                400,
-            )
-
-        if "type" not in column_type_data:
-            return _error(['"column_type.type" is required'], 400)
-        column_type = column_type_data["type"]
-        if not isinstance(column_type, str):
-            return _error(['"column_type.type" must be a string'], 400)
-
-        config = column_type_data.get("config")
-        if config is not None and not isinstance(config, dict):
-            return _error(['"column_type.config" must be a dictionary'], 400)
-
-        if column_type not in self.ds._column_types:
-            return _error(["Unknown column type: {}".format(column_type)], 400)
-
-        try:
-            await self.ds.set_column_type(
-                database_name, table_name, column, column_type, config
-            )
-        except ValueError as e:
-            return _error([str(e)], 400)
-
-        return Response.json(
-            {
-                "ok": True,
-                "database": database_name,
-                "table": table_name,
-                "column": column,
-                "column_type": {"type": column_type, "config": config},
-            },
-            status=200,
-        )
-
-
-class TableDropView(BaseView):
-    name = "table-drop"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def post(self, request):
-        try:
-            resolved = await self.ds.resolve_table(request)
-        except NotFound as e:
-            return _error([e.args[0]], 404)
-        db = resolved.db
-        database_name = db.name
-        table_name = resolved.table
-        # Table must exist
-        db = self.ds.get_database(database_name)
-        if not await db.table_exists(table_name):
-            return _error(["Table not found: {}".format(table_name)], 404)
-        if not await self.ds.allowed(
-            action="drop-table",
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied"], 403)
-        if not db.is_mutable:
-            return _error(["Database is immutable"], 403)
-        confirm = False
-        try:
-            data = await request.json()
-            confirm = data.get("confirm")
-        except json.JSONDecodeError:
-            pass
-
-        if not confirm:
-            return Response.json(
-                {
-                    "ok": True,
-                    "database": database_name,
-                    "table": table_name,
-                    "row_count": (
-                        await db.execute("select count(*) from [{}]".format(table_name))
-                    ).single_value(),
-                    "message": 'Pass "confirm": true to confirm',
-                },
-                status=200,
-            )
-
-        # Drop table
-        def drop_table(conn):
-            sqlite_utils.Database(conn)[table_name].drop()
-
-        await db.execute_write_fn(drop_table, request=request)
-        await self.ds.track_event(
-            DropTableEvent(
-                actor=request.actor, database=database_name, table=table_name
-            )
-        )
-        self.ds.add_message(
-            request,
-            "Table {} dropped".format(table_name),
-            self.ds.WARNING,
-        )
-        return Response.json({"ok": True}, status=200)
-
-
-class TableFragmentView(BaseView):
-    name = "table-fragment"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def get(self, request):
-        resolved = await self.ds.resolve_table(request)
-        request = await _fragment_request_for_row(request, resolved)
-        view_data = await table_view_data(
-            self.ds,
-            request,
-            resolved,
-            extra_extras={"_html"},
-            context_for_html_hack=True,
-            default_labels=True,
-        )
-        if isinstance(view_data, Response):
-            return view_data
-        data, _rows, _columns, _expanded_columns, _sql, _next_url = view_data
-        templates = data["custom_table_templates"]
-        html = await self.ds.render_template(
-            templates,
-            dict(
-                data,
-                append_querystring=append_querystring,
-                path_with_replaced_args=path_with_replaced_args,
-                fix_path=self.ds.urls.path,
-                settings=self.ds.settings_dict(),
-            ),
-            request=request,
-            view_name="table",
-        )
-        return Response.html(html)
-
-
-def _escape_like(value):
-    return value.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_")
-
-
-# Returns the exclusive upper bound for an indexed prefix search:
-# For example, values beginning with "abc" fall below the next prefix boundary.
-# The LIKE clause is still applied separately for exact escaped-LIKE semantics.
-def _prefix_range_end(value):
-    if not value:
-        return None
-    characters = list(value)
-    for i in range(len(characters) - 1, -1, -1):
-        if ord(characters[i]) < 0x10FFFF:
-            return "{}{}".format("".join(characters[:i]), chr(ord(characters[i]) + 1))
-    return None
-
-
-def _autocomplete_like(column):
-    return "{} like :like escape char(92)".format(escape_sqlite(column))
-
-
-def _autocomplete_prefix_like(column):
-    return "{} like :prefix escape char(92)".format(escape_sqlite(column))
-
-
-def _autocomplete_order_by(pks, label_column, exact_pk, label_matches_first=True):
-    clauses = []
-    if exact_pk:
-        clauses.append(
-            "case when cast({} as text) = :q then 0 else 1 end".format(
-                escape_sqlite(pks[0])
-            )
-        )
-    if label_column:
-        label_like = _autocomplete_like(label_column)
-        if label_matches_first:
-            clauses.append("case when {} then 0 else 1 end".format(label_like))
-        clauses.append(
-            "case when {} then length(cast({} as text)) end".format(
-                label_like, escape_sqlite(label_column)
-            )
-        )
-    else:
-        clauses.append("length(cast({} as text))".format(escape_sqlite(pks[0])))
-    clauses.extend(escape_sqlite(pk) for pk in pks)
-    return ", ".join(clauses)
-
-
-def _autocomplete_pk_order_by(pks):
-    return ", ".join(escape_sqlite(pk) for pk in pks)
-
-
-def _autocomplete_initial_order_by(pks):
-    order_by = [f"{escape_sqlite(pks[0])} desc"]
-    order_by.extend(escape_sqlite(pk) for pk in pks[1:])
-    return ", ".join(order_by)
-
-
-def _autocomplete_response_rows(rows, pks, label_column):
-    response_rows = []
-    for row in rows:
-        item = {"pks": {pk: row[pk] for pk in pks}}
-        if label_column:
-            item["label"] = row[label_column]
-        response_rows.append(item)
-    return response_rows
-
-
-AUTOCOMPLETE_TIME_LIMIT_MS = 500
-
-
-class TableAutocompleteView(BaseView):
-    name = "table-autocomplete"
-
-    async def get(self, request):
-        resolved = await self.ds.resolve_table(request)
-        if resolved.is_view:
-            raise BadRequest("Autocomplete is only available for tables")
-
-        db = resolved.db
-        database_name = db.name
-        table_name = resolved.table
-        visible, _ = await self.ds.check_visibility(
-            request.actor,
-            action="view-table",
-            resource=TableResource(database=database_name, table=table_name),
-        )
-        if not visible:
-            raise Forbidden("You do not have permission to view this table")
-
-        pks = await db.primary_keys(table_name)
-        if not pks:
-            pks = ["rowid"]
-        label_column = await db.label_column_for_table(table_name)
-        select_columns = list(
-            dict.fromkeys(pks + ([label_column] if label_column else []))
-        )
-        select_sql = ", ".join(escape_sqlite(column) for column in select_columns)
-        q = request.args.get("q") or ""
-        initial_arg = request.args.get("_initial")
-        initial = (
-            not q
-            and initial_arg is not None
-            and initial_arg != ""
-            and value_as_boolean(initial_arg)
-        )
-        if not q and not initial:
-            return Response.json({"rows": []})
-        params = {
-            "q": q,
-            "like": "%{}%".format(_escape_like(q)),
-            "prefix": "{}%".format(_escape_like(q)),
-        }
-
-        like_columns = pks[:]
-        if label_column and label_column not in like_columns:
-            like_columns.append(label_column)
-        where_sql = " or ".join(_autocomplete_like(column) for column in like_columns)
-        exact_pk = len(pks) == 1
-        order_by = _autocomplete_order_by(pks, label_column, exact_pk)
-
-        if initial:
-            where_sql = "1 = 1"
-            order_by = _autocomplete_initial_order_by(pks)
-
-        sql = """
-            select {select_sql}
-            from {table}
-            where {where}
-            order by {order_by}
-            limit 10
-        """.format(
-            select_sql=select_sql,
-            table=escape_sqlite(table_name),
-            where=where_sql,
-            order_by=order_by,
-        )
-
-        try:
-            results = await db.execute(
-                sql, params, custom_time_limit=AUTOCOMPLETE_TIME_LIMIT_MS
-            )
-        except QueryInterrupted:
-            fallback_where = _autocomplete_prefix_like(pks[0])
-            prefix_end = _prefix_range_end(q)
-            if prefix_end:
-                params["prefix_end"] = prefix_end
-                first_pk = escape_sqlite(pks[0])
-                fallback_where = (
-                    "{first_pk} >= :q and {first_pk} < :prefix_end and {like}"
-                ).format(first_pk=first_pk, like=fallback_where)
-            fallback_sql = """
-                select {select_sql}
-                from {table}
-                where {where}
-                order by {order_by}
-                limit 10
-            """.format(
-                select_sql=select_sql,
-                table=escape_sqlite(table_name),
-                where=fallback_where,
-                order_by=_autocomplete_pk_order_by(pks),
-            )
-            try:
-                results = await db.execute(
-                    fallback_sql,
-                    params,
-                    custom_time_limit=AUTOCOMPLETE_TIME_LIMIT_MS,
-                )
-            except QueryInterrupted:
-                return Response.json({"rows": []})
-
-        return Response.json(
-            {"rows": _autocomplete_response_rows(results.rows, pks, label_column)}
-        )
-
-
-async def _columns_to_select(table_columns, pks, request):
-    columns = list(table_columns)
-    if "_col" in request.args:
-        columns = list(pks)
-        _cols = request.args.getlist("_col")
-        bad_columns = [column for column in _cols if column not in table_columns]
-        if bad_columns:
-            raise DatasetteError(
-                "_col={} - invalid columns".format(", ".join(bad_columns)),
-                status=400,
-            )
-        # De-duplicate maintaining order, skipping columns already added (pks):
-        columns.extend(c for c in dict.fromkeys(_cols) if c not in columns)
-    if "_nocol" in request.args:
-        # Return all columns EXCEPT these
-        bad_columns = [
-            column
-            for column in request.args.getlist("_nocol")
-            if (column not in table_columns) or (column in pks)
-        ]
-        if bad_columns:
-            raise DatasetteError(
-                "_nocol={} - invalid columns".format(", ".join(bad_columns)),
-                status=400,
-            )
-        tmp_columns = [
-            column for column in columns if column not in request.args.getlist("_nocol")
-        ]
-        columns = tmp_columns
-    return columns
-
-
-async def _sortable_columns_for_table(datasette, database_name, table_name, use_rowid):
-    db = datasette.databases[database_name]
-    table_metadata = await datasette.table_config(database_name, table_name)
-    if "sortable_columns" in table_metadata:
-        sortable_columns = set(table_metadata["sortable_columns"])
-    else:
-        sortable_columns = set(await db.table_columns(table_name))
-    if use_rowid:
-        sortable_columns.add("rowid")
-    return sortable_columns
-
-
-async def _sort_order(table_metadata, sortable_columns, request, order_by):
-    sort = request.args.get("_sort")
-    sort_desc = request.args.get("_sort_desc")
-
-    if not sort and not sort_desc:
-        sort = table_metadata.get("sort")
-        sort_desc = table_metadata.get("sort_desc")
-
-    if sort and sort_desc:
-        raise DatasetteError(
-            "Cannot use _sort and _sort_desc at the same time", status=400
-        )
-
-    if sort:
-        if sort not in sortable_columns:
-            raise DatasetteError(f"Cannot sort table by {sort}", status=400)
-
-        order_by = escape_sqlite(sort)
-
-    if sort_desc:
-        if sort_desc not in sortable_columns:
-            raise DatasetteError(f"Cannot sort table by {sort_desc}", status=400)
-
-        order_by = f"{escape_sqlite(sort_desc)} desc"
-
-    return sort, sort_desc, order_by
-
-
-async def table_view(datasette, request):
-    await datasette.refresh_schemas()
-    with tracer.trace_child_tasks():
-        response = await table_view_traced(datasette, request)
-
-    # CORS
-    if datasette.cors:
-        add_cors_headers(response.headers)
-
-    # Cache TTL header
-    ttl = request.args.get("_ttl", None)
-    if ttl is None or not ttl.isdigit():
-        ttl = datasette.setting("default_cache_ttl")
-
-    if datasette.cache_headers and response.status == 200:
-        ttl = int(ttl)
-        if ttl == 0:
-            ttl_header = "no-cache"
-        else:
-            ttl_header = f"max-age={ttl}"
-        response.headers["Cache-Control"] = ttl_header
-
-    # Referrer policy
-    response.headers["Referrer-Policy"] = "no-referrer"
-
-    return response
-
-
-async def table_view_traced(datasette, request):
-    from datasette.app import TableNotFound
-
-    try:
-        resolved = await datasette.resolve_table(request)
-    except TableNotFound as not_found:
-        # Was this actually a stored query?
-        stored_query = await datasette.get_query(
-            not_found.database_name, not_found.table
-        )
-        # If this is a stored query, not a table, then dispatch to QueryView instead
-        if stored_query:
-            return await QueryView()(request, datasette)
-        else:
-            raise
-
-    if request.method == "POST":
-        return Response.text("Method not allowed", status=405)
-
-    format_ = request.url_vars.get("format") or "html"
-    extra_extras = None
-    context_for_html_hack = False
-    default_labels = False
-    if format_ == "html":
-        extra_extras = {"_html"}
-        context_for_html_hack = True
-        default_labels = True
-
-    view_data = await table_view_data(
-        datasette,
-        request,
-        resolved,
-        extra_extras=extra_extras,
-        context_for_html_hack=context_for_html_hack,
-        default_labels=default_labels,
-    )
-    if isinstance(view_data, Response):
-        return view_data
-    data, rows, columns, expanded_columns, sql, next_url = view_data
-
-    # Handle formats from plugins
-    if format_ == "csv":
-
-        async def fetch_data(request, _next=None):
-            (
-                data,
-                rows,
-                columns,
-                expanded_columns,
-                sql,
-                next_url,
-            ) = await table_view_data(
-                datasette,
-                request,
-                resolved,
-                extra_extras=extra_extras,
-                context_for_html_hack=context_for_html_hack,
-                default_labels=default_labels,
-                _next=_next,
-            )
-            data["rows"] = rows
-            data["table"] = resolved.table
-            data["columns"] = columns
-            data["expanded_columns"] = expanded_columns
-            return data, None, None
-
-        return await stream_csv(datasette, fetch_data, request, resolved.db.name)
-    elif format_ in datasette.renderers.keys():
-        # Dispatch request to the correct output format renderer
-        # (CSV is not handled here due to streaming)
-        result = call_with_supported_arguments(
-            datasette.renderers[format_][0],
-            datasette=datasette,
-            columns=columns,
-            rows=rows,
-            sql=sql,
-            query_name=None,
-            database=resolved.db.name,
-            table=resolved.table,
-            request=request,
-            view_name="table",
-            truncated=False,
-            error=None,
-            # These will be deprecated in Datasette 1.0:
-            args=request.args,
-            data=data,
-        )
-        if asyncio.iscoroutine(result):
-            result = await result
-        if result is None:
-            raise NotFound("No data")
-        if isinstance(result, dict):
-            r = Response(
-                body=result.get("body"),
-                status=result.get("status_code") or 200,
-                content_type=result.get("content_type", "text/plain"),
-                headers=result.get("headers"),
-            )
-        elif isinstance(result, Response):
-            r = result
-            # if status_code is not None:
-            #     # Over-ride the status code
-            #     r.status = status_code
-        else:
-            assert False, f"{result} should be dict or Response"
-    elif format_ == "html":
-        headers = {}
-        templates = [
-            f"table-{to_css_class(resolved.db.name)}-{to_css_class(resolved.table)}.html",
-            "table.html",
-        ]
-        environment = datasette.get_jinja_environment(request)
-        template = environment.select_template(templates)
-        alternate_url_json = datasette.absolute_url(
-            request,
-            datasette.urls.path(
-                path_with_format(
-                    request=request,
-                    path=request.scope.get("route_path"),
-                    format="json",
-                )
-            ),
-        )
-        headers.update(
-            {
-                "Link": '<{}>; rel="alternate"; type="application/json+datasette"'.format(
-                    alternate_url_json
-                )
-            }
-        )
-        table_context = TableContext(
-            actions=data["actions"],
-            all_columns=data["all_columns"],
-            columns=data["columns"],
-            count=data["count"],
-            count_sql=data["count_sql"],
-            custom_table_templates=data["custom_table_templates"],
-            database=data["database"],
-            database_color=data["database_color"],
-            display_columns=data["display_columns"],
-            display_rows=data["display_rows"],
-            expandable_columns=data["expandable_columns"],
-            facet_results=data["facet_results"],
-            facets_timed_out=data["facets_timed_out"],
-            filters=data["filters"],
-            form_hidden_args=data["form_hidden_args"],
-            human_description_en=data["human_description_en"],
-            is_view=data["is_view"],
-            metadata=data["metadata"],
-            next_url=data["next_url"],
-            primary_keys=data["primary_keys"],
-            private=data["private"],
-            query=data["query"],
-            renderers=data["renderers"],
-            set_column_type_ui=data["set_column_type_ui"],
-            sorted_facet_results=data["sorted_facet_results"],
-            suggested_facets=data["suggested_facets"],
-            table=data["table"],
-            table_definition=data["table_definition"],
-            view_definition=data["view_definition"],
-            ok=data["ok"],
-            next=data["next"],
-            count_truncated=data["count_truncated"],
-            rows=data["rows"],
-            filter_columns=data["filter_columns"],
-            supports_search=data["supports_search"],
-            extra_wheres_for_ui=data["extra_wheres_for_ui"],
-            url_csv=data["url_csv"],
-            url_csv_path=data["url_csv_path"],
-            url_csv_hidden_args=data["url_csv_hidden_args"],
-            sort=data["sort"],
-            sort_desc=data["sort_desc"],
-            append_querystring=append_querystring,
-            path_with_replaced_args=path_with_replaced_args,
-            fix_path=datasette.urls.path,
-            settings=datasette.settings_dict(),
-            alternate_url_json=alternate_url_json,
-            datasette_allow_facet=(
-                "true" if datasette.setting("allow_facet") else "false"
-            ),
-            is_sortable=any(c["sortable"] for c in data["display_columns"]),
-            allow_execute_sql=await datasette.allowed(
-                action="execute-sql",
-                resource=DatabaseResource(database=resolved.db.name),
-                actor=request.actor,
-            ),
-            query_ms=1.2,
-            select_templates=[
-                f"{'*' if template_name == template.name else ''}{template_name}"
-                for template_name in templates
-            ],
-            top_table=make_slot_function(
-                "top_table",
-                datasette,
-                request,
-                database=resolved.db.name,
-                table=resolved.table,
-            ),
-            table_page_data=data["table_page_data"],
-            table_insert_ui=data["table_insert_ui"],
-            table_alter_ui=data["table_alter_ui"],
-        )
-        r = Response.html(
-            await datasette.render_template(
-                template,
-                table_context,
-                request=request,
-                view_name="table",
-            ),
-            headers=headers,
-        )
-    else:
-        assert False, "Invalid format: {}".format(format_)
-    if next_url:
-        r.headers["link"] = f'<{next_url}>; rel="next"'
-    return r
-
-
-async def table_view_data(
-    datasette,
-    request,
-    resolved,
-    extra_extras=None,
-    context_for_html_hack=False,
-    default_labels=False,
-    _next=None,
-):
-    extra_extras = extra_extras or set()
-    # We have a table or view
-    db = resolved.db
-    database_name = resolved.db.name
-    table_name = resolved.table
-    is_view = resolved.is_view
-
-    # Can this user view it?
-    visible, private = await datasette.check_visibility(
-        request.actor,
-        action="view-table",
-        resource=TableResource(database=database_name, table=table_name),
-    )
-    if not visible:
-        raise Forbidden("You do not have permission to view this table")
-
-    # Redirect based on request.args, if necessary
-    redirect_response = await _redirect_if_needed(datasette, request, resolved)
-    if redirect_response:
-        return redirect_response
-
-    if context_for_html_hack:
-        await precompute_database_action_permissions(
-            datasette, request.actor, database_name
-        )
-        if not is_view:
-            await precompute_table_action_permissions(
-                datasette, request.actor, database_name, table_name
-            )
-
-    # Introspect columns and primary keys for table
-    pks = await db.primary_keys(table_name)
-    table_columns = await db.table_columns(table_name)
-
-    # Take ?_col= and ?_nocol= into account
-    specified_columns = await _columns_to_select(table_columns, pks, request)
-    select_specified_columns = ", ".join(escape_sqlite(t) for t in specified_columns)
-    select_all_columns = ", ".join(escape_sqlite(t) for t in table_columns)
-
-    # rowid tables (no specified primary key) need a different SELECT
-    use_rowid = not pks and not is_view
-    order_by = ""
-    if use_rowid:
-        select_specified_columns = f"rowid, {select_specified_columns}"
-        select_all_columns = f"rowid, {select_all_columns}"
-        order_by = "rowid"
-        order_by_pks = "rowid"
-    else:
-        order_by_pks = ", ".join([escape_sqlite(pk) for pk in pks])
-        order_by = order_by_pks
-
-    if is_view:
-        order_by = ""
-
-    # TODO: This logic should turn into logic about which ?_extras get
-    # executed instead:
-    nocount = request.args.get("_nocount")
-    nofacet = request.args.get("_nofacet")
-    nosuggest = request.args.get("_nosuggest")
-    if request.args.get("_shape") in ("array", "object"):
-        nocount = True
-        nofacet = True
-
-    table_metadata = await datasette.table_config(database_name, table_name)
-
-    # Arguments that start with _ and don't contain a __ are
-    # special - things like ?_search= - and should not be
-    # treated as filters.
-    filter_args = []
-    for key in request.args:
-        if not (key.startswith("_") and "__" not in key):
-            for v in request.args.getlist(key):
-                filter_args.append((key, v))
-
-    # Build where clauses from query string arguments
-    filters = Filters(sorted(filter_args))
-    where_clauses, params = filters.build_where_clauses(table_name)
-
-    # Execute filters_from_request plugin hooks - including the default
-    # ones that live in datasette/filters.py
-    extra_context_from_filters = {}
-    extra_human_descriptions = []
-
-    for hook in pm.hook.filters_from_request(
-        request=request,
-        table=table_name,
-        database=database_name,
-        datasette=datasette,
-    ):
-        filter_arguments = await await_me_maybe(hook)
-        if filter_arguments:
-            where_clauses.extend(filter_arguments.where_clauses)
-            params.update(filter_arguments.params)
-            extra_human_descriptions.extend(filter_arguments.human_descriptions)
-            extra_context_from_filters.update(filter_arguments.extra_context)
-
-    # Deal with custom sort orders
-    sortable_columns = await _sortable_columns_for_table(
-        datasette, database_name, table_name, use_rowid
-    )
-
-    sort, sort_desc, order_by = await _sort_order(
-        table_metadata, sortable_columns, request, order_by
-    )
-
-    from_sql = "from {table_name} {where}".format(
-        table_name=escape_sqlite(table_name),
-        where=(
-            ("where {} ".format(" and ".join(where_clauses))) if where_clauses else ""
-        ),
-    )
-    # Copy of params so we can mutate them later:
-    from_sql_params = dict(**params)
-
-    count_sql = f"select count(*) {from_sql}"
-
-    # Handle pagination driven by ?_next=
-    _next = _next or request.args.get("_next")
-
-    offset = ""
-    if _next:
-        sort_value = None
-        if is_view:
-            # _next is an offset
-            offset = f" offset {int(_next)}"
-        else:
-            components = urlsafe_components(_next)
-            # If a sort order is applied and there are multiple components,
-            # the first of these is the sort value
-            if (sort or sort_desc) and (len(components) > 1):
-                sort_value = components[0]
-                # Special case for if non-urlencoded first token was $null
-                if _next.split(",")[0] == "$null":
-                    sort_value = None
-                components = components[1:]
-
-            # Figure out the SQL for next-based-on-primary-key first
-            next_by_pk_clauses = []
-            if use_rowid:
-                next_by_pk_clauses.append(f"rowid > :p{len(params)}")
-                params[f"p{len(params)}"] = components[0]
-            else:
-                # Apply the tie-breaker based on primary keys
-                if len(components) == len(pks):
-                    param_len = len(params)
-                    next_by_pk_clauses.append(compound_keys_after_sql(pks, param_len))
-                    for i, pk_value in enumerate(components):
-                        params[f"p{param_len + i}"] = pk_value
-
-            # Now add the sort SQL, which may incorporate next_by_pk_clauses
-            if sort or sort_desc:
-                if sort_value is None:
-                    if sort_desc:
-                        # Just items where column is null ordered by pk
-                        where_clauses.append(
-                            "({column} is null and {next_clauses})".format(
-                                column=escape_sqlite(sort_desc),
-                                next_clauses=" and ".join(next_by_pk_clauses),
+                components = urlsafe_components(_next)
+                # If a sort order is applied, the first of these is the sort value
+                if sort or sort_desc:
+                    sort_value = components[0]
+                    # Special case for if non-urlencoded first token was $null
+                    if _next.split(",")[0] == "$null":
+                        sort_value = None
+                    components = components[1:]
+
+                # Figure out the SQL for next-based-on-primary-key first
+                next_by_pk_clauses = []
+                if use_rowid:
+                    next_by_pk_clauses.append("rowid > :p{}".format(len(params)))
+                    params["p{}".format(len(params))] = components[0]
+                else:
+                    # Apply the tie-breaker based on primary keys
+                    if len(components) == len(pks):
+                        param_len = len(params)
+                        next_by_pk_clauses.append(
+                            compound_keys_after_sql(pks, param_len)
+                        )
+                        for i, pk_value in enumerate(components):
+                            params["p{}".format(param_len + i)] = pk_value
+
+                # Now add the sort SQL, which may incorporate next_by_pk_clauses
+                if sort or sort_desc:
+                    if sort_value is None:
+                        if sort_desc:
+                            # Just items where column is null ordered by pk
+                            where_clauses.append(
+                                "({column} is null and {next_clauses})".format(
+                                    column=escape_sqlite(sort_desc),
+                                    next_clauses=" and ".join(next_by_pk_clauses),
+                                )
+                            )
+                        else:
+                            where_clauses.append(
+                                "({column} is not null or ({column} is null and {next_clauses}))".format(
+                                    column=escape_sqlite(sort),
+                                    next_clauses=" and ".join(next_by_pk_clauses),
+                                )
                             )
-                        )
                     else:
                         where_clauses.append(
-                            "({column} is not null or ({column} is null and {next_clauses}))".format(
-                                column=escape_sqlite(sort),
-                                next_clauses=" and ".join(next_by_pk_clauses),
-                            )
-                        )
-                else:
-                    where_clauses.append(
-                        "({column} {op} :p{p}{extra_desc_only} or ({column} = :p{p} and {next_clauses}))".format(
-                            column=escape_sqlite(sort or sort_desc),
-                            op=">" if sort else "<",
-                            p=len(params),
-                            extra_desc_only=(
-                                ""
+                            "({column} {op} :p{p}{extra_desc_only} or ({column} = :p{p} and {next_clauses}))".format(
+                                column=escape_sqlite(sort or sort_desc),
+                                op=">" if sort else "<",
+                                p=len(params),
+                                extra_desc_only=""
                                 if sort
                                 else " or {column2} is null".format(
                                     column2=escape_sqlite(sort or sort_desc)
-                                )
-                            ),
-                            next_clauses=" and ".join(next_by_pk_clauses),
+                                ),
+                                next_clauses=" and ".join(next_by_pk_clauses),
+                            )
                         )
-                    )
-                    params[f"p{len(params)}"] = sort_value
-                order_by = f"{order_by}, {order_by_pks}"
-            else:
-                where_clauses.extend(next_by_pk_clauses)
+                        params["p{}".format(len(params))] = sort_value
+                    order_by = "{}, {}".format(order_by, order_by_pks)
+                else:
+                    where_clauses.extend(next_by_pk_clauses)
 
-    where_clause = ""
-    if where_clauses:
-        where_clause = f"where {' and '.join(where_clauses)} "
+        where_clause = ""
+        if where_clauses:
+            where_clause = "where {} ".format(" and ".join(where_clauses))
 
-    if order_by:
-        order_by = f"order by {order_by}"
+        if order_by:
+            order_by = "order by {} ".format(order_by)
 
-    extra_args = {}
-    # Handle ?_size=500
-    # TODO: This was:
-    # page_size = _size or request.args.get("_size") or table_metadata.get("size")
-    page_size = request.args.get("_size") or table_metadata.get("size")
-    if page_size:
-        if page_size == "max":
-            page_size = datasette.max_returned_rows
-        try:
-            page_size = int(page_size)
-            if page_size < 0:
-                raise ValueError
-
-        except ValueError:
-            raise BadRequest("_size must be a positive integer")
-
-        if page_size > datasette.max_returned_rows:
-            raise BadRequest(f"_size must be <= {datasette.max_returned_rows}")
-
-        extra_args["page_size"] = page_size
-    else:
-        page_size = datasette.page_size
-
-    # Facets are calculated against SQL without order by or limit
-    sql_no_order_no_limit = (
-        "select {select_all_columns} from {table_name} {where}".format(
-            select_all_columns=select_all_columns,
-            table_name=escape_sqlite(table_name),
-            where=where_clause,
-        )
-    )
-
-    # This is the SQL that populates the main table on the page
-    sql = "select {select_specified_columns} from {table_name} {where}{order_by} limit {page_size}{offset}".format(
-        select_specified_columns=select_specified_columns,
-        table_name=escape_sqlite(table_name),
-        where=where_clause,
-        order_by=order_by,
-        page_size=page_size + 1,
-        offset=offset,
-    )
-
-    if request.args.get("_timelimit"):
-        extra_args["custom_time_limit"] = int(request.args.get("_timelimit"))
-
-    # Execute the main query!
-    try:
-        results = await db.execute(sql, params, truncate=True, **extra_args)
-    except (sqlite3.OperationalError, InvalidSql) as e:
-        raise DatasetteError(str(e), title="Invalid SQL", status=400)
-
-    except sqlite3.OperationalError as e:
-        raise DatasetteError(str(e))
-
-    columns = [r[0] for r in results.description]
-    rows = list(results.rows)
-
-    # Expand labeled columns if requested
-    expanded_columns = []
-    # List of (fk_dict, label_column-or-None) pairs for that table
-    expandable_columns = []
-    for fk in await db.foreign_keys_for_table(table_name):
-        label_column = await db.label_column_for_table(fk["other_table"])
-        expandable_columns.append((fk, label_column))
-
-    columns_to_expand = None
-    try:
-        all_labels = value_as_boolean(request.args.get("_labels", ""))
-    except ValueError:
-        all_labels = default_labels
-    # Check for explicit _label=
-    if "_label" in request.args:
-        columns_to_expand = request.args.getlist("_label")
-    if columns_to_expand is None and all_labels:
-        # expand all columns with foreign keys
-        columns_to_expand = [fk["column"] for fk, _ in expandable_columns]
-
-    if columns_to_expand:
-        expanded_labels = {}
-        for fk, _ in expandable_columns:
-            column = fk["column"]
-            if column not in columns_to_expand:
-                continue
-            if column not in columns:
-                continue
-            expanded_columns.append(column)
-            # Gather the values
-            column_index = columns.index(column)
-            values = [row[column_index] for row in rows]
-            # Expand them
-            expanded_labels.update(
-                await datasette.expand_foreign_keys(
-                    request.actor, database_name, table_name, column, values
-                )
-            )
-        if expanded_labels:
-            # Rewrite the rows
-            new_rows = []
-            for row in rows:
-                new_row = CustomRow(columns)
-                for column in row.keys():
-                    value = row[column]
-                    if (column, value) in expanded_labels and value is not None:
-                        new_row[column] = {
-                            "value": value,
-                            "label": expanded_labels[(column, value)],
-                        }
-                    else:
-                        new_row[column] = value
-                new_rows.append(new_row)
-            rows = new_rows
-
-    _next = request.args.get("_next")
-
-    # Pagination next link
-    next_value, next_url = await _next_value_and_url(
-        datasette,
-        db,
-        request,
-        table_name,
-        _next,
-        rows,
-        pks,
-        use_rowid,
-        sort,
-        sort_desc,
-        page_size,
-        is_view,
-    )
-    rows = rows[:page_size]
-
-    # Resolve extras
-    extras = extra_names_from_request(request)
-    if any(k for k in request.args.keys() if k == "_facet" or k.startswith("_facet_")):
-        extras.add("facet_results")
-    if request.args.get("_shape") == "object":
-        extras.add("primary_keys")
-    if extra_extras:
-        extras.update(extra_extras)
-
-    # Faceting
-    if not datasette.setting("allow_facet") and any(
-        arg.startswith("_facet") for arg in request.args
-    ):
-        raise BadRequest("_facet= is not allowed")
-
-    for key, values in TABLE_EXTRA_BUNDLES.items():
-        if f"_{key}" in extras:
-            extras.update(values)
-        extras.discard(f"_{key}")
-
-    table_extra_context = TableExtraContext(
-        datasette=datasette,
-        request=request,
-        resolved=resolved,
-        db=db,
-        database_name=database_name,
-        table_name=table_name,
-        is_view=is_view,
-        private=private,
-        rows=rows,
-        columns=columns,
-        results_description=results.description,
-        table_columns=table_columns,
-        pks=pks,
-        count_sql=count_sql,
-        from_sql=from_sql,
-        from_sql_params=from_sql_params,
-        nocount=nocount,
-        nofacet=nofacet,
-        nosuggest=nosuggest,
-        next_arg=request.args.get("_next"),
-        next_url=next_url,
-        sql=sql,
-        sql_no_order_no_limit=sql_no_order_no_limit,
-        params=params,
-        table_metadata=table_metadata,
-        filters=filters,
-        extra_human_descriptions=extra_human_descriptions,
-        sort=sort,
-        sort_desc=sort_desc,
-        sortable_columns=sortable_columns,
-        extras=extras,
-        extra_registry=table_extra_registry,
-        display_columns_and_rows=display_columns_and_rows,
-        run_sequential=run_sequential,
-    )
-
-    data = {
-        "ok": True,
-        "next": next_value and str(next_value) or None,
-    }
-    data.update(
-        await resolve_table_extras(
-            extras,
-            table_extra_context,
-            # The HTML view needs extras that are not JSON serializable
-            include_internal=bool(extra_extras),
-        )
-    )
-    raw_sqlite_rows = rows[:page_size]
-    # Apply transform_value for columns with assigned types
-    ct_map = await datasette.get_column_types(database_name, table_name)
-    transformed_rows = []
-    for r in raw_sqlite_rows:
-        row_dict = dict(r)
-        for col_name, ct in ct_map.items():
-            if col_name in row_dict:
-                row_dict[col_name] = await ct.transform_value(
-                    row_dict[col_name], datasette
-                )
-        transformed_rows.append(row_dict)
-    data["rows"] = transformed_rows
-
-    if context_for_html_hack:
-        data["count_truncated"] = _count_truncated_for_table_page(
-            datasette, db, database_name, table_name, count_sql, data.get("count")
-        )
-        data.update(extra_context_from_filters)
-        # filter_columns combine the columns we know are available
-        # in the table with any additional columns (such as rowid)
-        # which are available in the query
-        data["filter_columns"] = list(columns) + [
-            table_column
-            for table_column in table_columns
-            if table_column not in columns
-        ]
-        url_labels_extra = {}
-        if data.get("expandable_columns"):
-            url_labels_extra = {"_labels": "on"}
-        url_csv_args = {"_size": "max", **url_labels_extra}
-        url_csv = datasette.urls.path(
-            path_with_format(
-                request=request,
-                path=request.scope.get("route_path"),
-                format="csv",
-                extra_qs=url_csv_args,
-            )
-        )
-        url_csv_path = url_csv.split("?")[0]
-        data.update(
-            {
-                "url_csv": url_csv,
-                "url_csv_path": url_csv_path,
-                "url_csv_hidden_args": [
-                    (key, value)
-                    for key, value in urllib.parse.parse_qsl(request.query_string)
-                    if key not in ("_labels", "_facet", "_size")
-                ]
-                + [("_size", "max")],
-            }
-        )
-        # if no sort specified AND table has a single primary key,
-        # set sort to that so arrow is displayed
-        if not sort and not sort_desc:
-            if 1 == len(pks):
-                sort = pks[0]
-            elif use_rowid:
-                sort = "rowid"
-        data["sort"] = sort
-        data["sort_desc"] = sort_desc
-        table_insert_ui = await _table_insert_ui(
-            datasette, request, db, database_name, table_name, is_view, pks
-        )
-        table_alter_ui = await _table_alter_ui(
-            datasette, request, db, database_name, table_name, is_view, pks
-        )
-        data["table_insert_ui"] = table_insert_ui
-        data["table_alter_ui"] = table_alter_ui
-        data["table_page_data"] = await _table_page_data(
-            datasette=datasette,
-            request=request,
-            db=db,
-            database_name=database_name,
-            table_name=table_name,
-            is_view=is_view,
-            table_insert_ui=table_insert_ui,
-            table_alter_ui=table_alter_ui,
-        )
-
-    return data, rows[:page_size], columns, expanded_columns, sql, next_url
-
-
-def _count_truncated_for_table_page(
-    datasette, db, database_name, table_name, count_sql, count
-):
-    if count != db.count_limit + 1:
-        return False
-    if (
-        not db.is_mutable
-        and datasette.inspect_data
-        and count_sql == f"select count(*) from {table_name} "
-    ):
-        try:
-            datasette.inspect_data[database_name]["tables"][table_name]["count"]
-            return False
-        except KeyError:
-            pass
-    return True
-
-
-async def _next_value_and_url(
-    datasette,
-    db,
-    request,
-    table_name,
-    _next,
-    rows,
-    pks,
-    use_rowid,
-    sort,
-    sort_desc,
-    page_size,
-    is_view,
-):
-    next_value = None
-    next_url = None
-    if 0 < page_size < len(rows):
-        if is_view:
-            next_value = int(_next or 0) + page_size
-        else:
-            next_value = path_from_row_pks(rows[-2], pks, use_rowid)
-        # If there's a sort or sort_desc, add that value as a prefix
-        if (sort or sort_desc) and not is_view:
+        extra_args = {}
+        # Handle ?_size=500
+        page_size = _size or request.raw_args.get("_size")
+        if page_size:
+            if page_size == "max":
+                page_size = self.ds.max_returned_rows
             try:
-                prefix = rows[-2][sort or sort_desc]
-            except IndexError:
-                # sort/sort_desc column missing from SELECT - look up value by PK instead
-                prefix_where_clause = " and ".join(
-                    "[{}] = :pk{}".format(pk, i) for i, pk in enumerate(pks)
+                page_size = int(page_size)
+                if page_size < 0:
+                    raise ValueError
+
+            except ValueError:
+                raise DatasetteError("_size must be a positive integer", status=400)
+
+            if page_size > self.ds.max_returned_rows:
+                raise DatasetteError(
+                    "_size must be <= {}".format(self.ds.max_returned_rows), status=400
                 )
-                prefix_lookup_sql = "select [{}] from [{}] where {}".format(
-                    sort or sort_desc, table_name, prefix_where_clause
-                )
-                prefix = (
-                    await db.execute(
-                        prefix_lookup_sql,
-                        {
-                            **{
-                                "pk{}".format(i): rows[-2][pk]
-                                for i, pk in enumerate(pks)
-                            }
-                        },
-                    )
-                ).single_value()
-            if isinstance(prefix, dict) and "value" in prefix:
-                prefix = prefix["value"]
-            if prefix is None:
-                prefix = "$null"
-            else:
-                prefix = tilde_encode(str(prefix))
-            next_value = f"{prefix},{next_value}"
-            added_args = {"_next": next_value}
-            if sort:
-                added_args["_sort"] = sort
-            else:
-                added_args["_sort_desc"] = sort_desc
+
+            extra_args["page_size"] = page_size
         else:
-            added_args = {"_next": next_value}
-        next_url = datasette.absolute_url(
-            request, datasette.urls.path(path_with_replaced_args(request, added_args))
+            page_size = self.ds.page_size
+
+        sql_no_limit = "select {select} from {table_name} {where}{order_by}".format(
+            select=select,
+            table_name=escape_sqlite(table),
+            where=where_clause,
+            order_by=order_by,
         )
-    return next_value, next_url
+        sql = "{sql_no_limit} limit {limit}{offset}".format(
+            sql_no_limit=sql_no_limit.rstrip(), limit=page_size + 1, offset=offset
+        )
+
+        if request.raw_args.get("_timelimit"):
+            extra_args["custom_time_limit"] = int(request.raw_args["_timelimit"])
+
+        results = await db.execute(sql, params, truncate=True, **extra_args)
+
+        # Number of filtered rows in whole set:
+        filtered_table_rows_count = None
+        if count_sql:
+            try:
+                count_rows = list(await db.execute(count_sql, from_sql_params))
+                filtered_table_rows_count = count_rows[0][0]
+            except QueryInterrupted:
+                pass
+
+        # facets support
+        if not self.ds.config("allow_facet") and any(
+            arg.startswith("_facet") for arg in request.args
+        ):
+            raise DatasetteError("_facet= is not allowed", status=400)
+
+        # pylint: disable=no-member
+        facet_classes = list(
+            itertools.chain.from_iterable(pm.hook.register_facet_classes())
+        )
+        facet_results = {}
+        facets_timed_out = []
+        facet_instances = []
+        for klass in facet_classes:
+            facet_instances.append(
+                klass(
+                    self.ds,
+                    request,
+                    database,
+                    sql=sql_no_limit,
+                    params=params,
+                    table=table,
+                    metadata=table_metadata,
+                    row_count=filtered_table_rows_count,
+                )
+            )
+
+        for facet in facet_instances:
+            (
+                instance_facet_results,
+                instance_facets_timed_out,
+            ) = await facet.facet_results()
+            facet_results.update(instance_facet_results)
+            facets_timed_out.extend(instance_facets_timed_out)
+
+        # Figure out columns and rows for the query
+        columns = [r[0] for r in results.description]
+        rows = list(results.rows)
+
+        # Expand labeled columns if requested
+        expanded_columns = []
+        expandable_columns = await self.expandable_columns(database, table)
+        columns_to_expand = None
+        try:
+            all_labels = value_as_boolean(special_args.get("_labels", ""))
+        except ValueError:
+            all_labels = default_labels
+        # Check for explicit _label=
+        if "_label" in request.args:
+            columns_to_expand = request.args["_label"]
+        if columns_to_expand is None and all_labels:
+            # expand all columns with foreign keys
+            columns_to_expand = [fk["column"] for fk, _ in expandable_columns]
+
+        if columns_to_expand:
+            expanded_labels = {}
+            for fk, _ in expandable_columns:
+                column = fk["column"]
+                if column not in columns_to_expand:
+                    continue
+                expanded_columns.append(column)
+                # Gather the values
+                column_index = columns.index(column)
+                values = [row[column_index] for row in rows]
+                # Expand them
+                expanded_labels.update(
+                    await self.ds.expand_foreign_keys(database, table, column, values)
+                )
+            if expanded_labels:
+                # Rewrite the rows
+                new_rows = []
+                for row in rows:
+                    new_row = CustomRow(columns)
+                    for column in row.keys():
+                        value = row[column]
+                        if (column, value) in expanded_labels and value is not None:
+                            new_row[column] = {
+                                "value": value,
+                                "label": expanded_labels[(column, value)],
+                            }
+                        else:
+                            new_row[column] = value
+                    new_rows.append(new_row)
+                rows = new_rows
+
+        # Pagination next link
+        next_value = None
+        next_url = None
+        if len(rows) > page_size and page_size > 0:
+            if is_view:
+                next_value = int(_next or 0) + page_size
+            else:
+                next_value = path_from_row_pks(rows[-2], pks, use_rowid)
+            # If there's a sort or sort_desc, add that value as a prefix
+            if (sort or sort_desc) and not is_view:
+                prefix = rows[-2][sort or sort_desc]
+                if isinstance(prefix, dict) and "value" in prefix:
+                    prefix = prefix["value"]
+                if prefix is None:
+                    prefix = "$null"
+                else:
+                    prefix = urllib.parse.quote_plus(str(prefix))
+                next_value = "{},{}".format(prefix, next_value)
+                added_args = {"_next": next_value}
+                if sort:
+                    added_args["_sort"] = sort
+                else:
+                    added_args["_sort_desc"] = sort_desc
+            else:
+                added_args = {"_next": next_value}
+            next_url = self.ds.absolute_url(
+                request, path_with_replaced_args(request, added_args)
+            )
+            rows = rows[:page_size]
+
+        # Detect suggested facets
+        suggested_facets = []
+
+        if (
+            self.ds.config("suggest_facets")
+            and self.ds.config("allow_facet")
+            and not _next
+        ):
+            for facet in facet_instances:
+                suggested_facets.extend(await facet.suggest())
+
+        # human_description_en combines filters AND search, if provided
+        human_description_en = filters.human_description_en(
+            extra=extra_human_descriptions
+        )
+
+        if sort or sort_desc:
+            sorted_by = "sorted by {}{}".format(
+                (sort or sort_desc), " descending" if sort_desc else ""
+            )
+            human_description_en = " ".join(
+                [b for b in [human_description_en, sorted_by] if b]
+            )
+
+        async def extra_template():
+            display_columns, display_rows = await self.display_columns_and_rows(
+                database,
+                table,
+                results.description,
+                rows,
+                link_column=not is_view,
+                truncate_cells=self.ds.config("truncate_cells_html"),
+            )
+            metadata = (
+                (self.ds.metadata("databases") or {})
+                .get(database, {})
+                .get("tables", {})
+                .get(table, {})
+            )
+            self.ds.update_with_inherited_metadata(metadata)
+            form_hidden_args = []
+            for arg in ("_fts_table", "_fts_pk"):
+                if arg in special_args:
+                    form_hidden_args.append((arg, special_args[arg]))
+            if request.args.get("_where"):
+                for where_text in request.args["_where"]:
+                    form_hidden_args.append(("_where", where_text))
+            return {
+                "supports_search": bool(fts_table),
+                "search": search or "",
+                "use_rowid": use_rowid,
+                "filters": filters,
+                "display_columns": display_columns,
+                "filter_columns": columns,
+                "display_rows": display_rows,
+                "facets_timed_out": facets_timed_out,
+                "sorted_facet_results": sorted(
+                    facet_results.values(),
+                    key=lambda f: (len(f["results"]), f["name"]),
+                    reverse=True,
+                ),
+                "extra_wheres_for_ui": extra_wheres_for_ui,
+                "form_hidden_args": form_hidden_args,
+                "is_sortable": any(c["sortable"] for c in display_columns),
+                "path_with_replaced_args": path_with_replaced_args,
+                "path_with_removed_args": path_with_removed_args,
+                "append_querystring": append_querystring,
+                "request": request,
+                "sort": sort,
+                "sort_desc": sort_desc,
+                "disable_sort": is_view,
+                "custom_table_templates": [
+                    "_table-{}-{}.html".format(
+                        to_css_class(database), to_css_class(table)
+                    ),
+                    "_table-table-{}-{}.html".format(
+                        to_css_class(database), to_css_class(table)
+                    ),
+                    "_table.html",
+                ],
+                "metadata": metadata,
+                "view_definition": await db.get_view_definition(table),
+                "table_definition": await db.get_table_definition(table),
+            }
+
+        return (
+            {
+                "database": database,
+                "table": table,
+                "is_view": is_view,
+                "human_description_en": human_description_en,
+                "rows": rows[:page_size],
+                "truncated": results.truncated,
+                "filtered_table_rows_count": filtered_table_rows_count,
+                "expanded_columns": expanded_columns,
+                "expandable_columns": expandable_columns,
+                "columns": columns,
+                "primary_keys": pks,
+                "units": units,
+                "query": {"sql": sql, "params": params},
+                "facet_results": facet_results,
+                "suggested_facets": suggested_facets,
+                "next": next_value and str(next_value) or None,
+                "next_url": next_url,
+            },
+            extra_template,
+            (
+                "table-{}-{}.html".format(to_css_class(database), to_css_class(table)),
+                "table.html",
+            ),
+        )
+
+
+class RowView(RowTableShared):
+    name = "row"
+
+    async def data(self, request, database, hash, table, pk_path, default_labels=False):
+        pk_values = urlsafe_components(pk_path)
+        db = self.ds.databases[database]
+        pks = await db.primary_keys(table)
+        use_rowid = not pks
+        select = "*"
+        if use_rowid:
+            select = "rowid, *"
+            pks = ["rowid"]
+        wheres = ['"{}"=:p{}'.format(pk, i) for i, pk in enumerate(pks)]
+        sql = "select {} from {} where {}".format(
+            select, escape_sqlite(table), " AND ".join(wheres)
+        )
+        params = {}
+        for i, pk_value in enumerate(pk_values):
+            params["p{}".format(i)] = pk_value
+        results = await db.execute(sql, params, truncate=True)
+        columns = [r[0] for r in results.description]
+        rows = list(results.rows)
+        if not rows:
+            raise NotFound("Record not found: {}".format(pk_values))
+
+        async def template_data():
+            display_columns, display_rows = await self.display_columns_and_rows(
+                database,
+                table,
+                results.description,
+                rows,
+                link_column=False,
+                truncate_cells=0,
+            )
+            for column in display_columns:
+                column["sortable"] = False
+            return {
+                "foreign_key_tables": await self.foreign_key_tables(
+                    database, table, pk_values
+                ),
+                "display_columns": display_columns,
+                "display_rows": display_rows,
+                "custom_table_templates": [
+                    "_table-{}-{}.html".format(
+                        to_css_class(database), to_css_class(table)
+                    ),
+                    "_table-row-{}-{}.html".format(
+                        to_css_class(database), to_css_class(table)
+                    ),
+                    "_table.html",
+                ],
+                "metadata": (self.ds.metadata("databases") or {})
+                .get(database, {})
+                .get("tables", {})
+                .get(table, {}),
+            }
+
+        data = {
+            "database": database,
+            "table": table,
+            "rows": rows,
+            "columns": columns,
+            "primary_keys": pks,
+            "primary_key_values": pk_values,
+            "units": self.ds.table_metadata(database, table).get("units", {}),
+        }
+
+        if "foreign_key_tables" in (request.raw_args.get("_extras") or "").split(","):
+            data["foreign_key_tables"] = await self.foreign_key_tables(
+                database, table, pk_values
+            )
+
+        return (
+            data,
+            template_data,
+            (
+                "row-{}-{}.html".format(to_css_class(database), to_css_class(table)),
+                "row.html",
+            ),
+        )
+
+    async def foreign_key_tables(self, database, table, pk_values):
+        if len(pk_values) != 1:
+            return []
+        db = self.ds.databases[database]
+        all_foreign_keys = await db.get_all_foreign_keys()
+        foreign_keys = all_foreign_keys[table]["incoming"]
+        if len(foreign_keys) == 0:
+            return []
+
+        sql = "select " + ", ".join(
+            [
+                "(select count(*) from {table} where {column}=:id)".format(
+                    table=escape_sqlite(fk["other_table"]),
+                    column=escape_sqlite(fk["other_column"]),
+                )
+                for fk in foreign_keys
+            ]
+        )
+        try:
+            rows = list(await db.execute(sql, {"id": pk_values[0]}))
+        except sqlite3.OperationalError:
+            # Almost certainly hit the timeout
+            return []
+
+        foreign_table_counts = dict(
+            zip(
+                [(fk["other_table"], fk["other_column"]) for fk in foreign_keys],
+                list(rows[0]),
+            )
+        )
+        foreign_key_tables = []
+        for fk in foreign_keys:
+            count = (
+                foreign_table_counts.get((fk["other_table"], fk["other_column"])) or 0
+            )
+            foreign_key_tables.append({**fk, **{"count": count}})
+        return foreign_key_tables
diff --git a/datasette/views/table_create_alter.py b/datasette/views/table_create_alter.py
deleted file mode 100644
index ffeb7f14..00000000
--- a/datasette/views/table_create_alter.py
+++ /dev/null
@@ -1,1353 +0,0 @@
-import json
-import re
-import time
-from typing import Annotated, Any, Literal, Union
-
-from datasette.database import QueryInterrupted
-from pydantic import (
-    BaseModel,
-    ConfigDict,
-    Field,
-    ValidationError,
-    field_validator,
-    model_validator,
-)
-from pydantic_core import PydanticCustomError
-import sqlite_utils
-from sqlite_utils.db import DEFAULT as SQLITE_UTILS_DEFAULT
-
-from datasette.column_types import SQLiteType
-from datasette.events import AlterTableEvent, CreateTableEvent, InsertRowsEvent
-from datasette.resources import DatabaseResource, TableResource
-from datasette.utils import (
-    escape_sqlite,
-    get_outbound_foreign_keys,
-    table_column_details,
-)
-from datasette.utils.asgi import NotFound, Response
-from datasette.utils.sqlite import sqlite_hidden_table_names
-
-from .base import BaseView, _error
-
-CREATE_TABLE_COLUMN_TYPES = ["text", "integer", "float", "blob"]
-CREATE_TABLE_SQLITE_TYPES = {
-    "text": SQLiteType.TEXT,
-    "integer": SQLiteType.INTEGER,
-    "float": SQLiteType.REAL,
-    "blob": SQLiteType.BLOB,
-}
-CREATE_TABLE_TYPE_FOR_SQLITE_TYPE = {
-    sqlite_type: column_type
-    for column_type, sqlite_type in CREATE_TABLE_SQLITE_TYPES.items()
-}
-TABLE_NAME_RE = re.compile(r"^(?!sqlite_)[^\n]+$")
-ALTER_TABLE_COLUMN_TYPES = CREATE_TABLE_COLUMN_TYPES
-ALTER_TABLE_TYPE_FOR_SQLITE_TYPE = {
-    SQLiteType.TEXT: "text",
-    SQLiteType.INTEGER: "integer",
-    SQLiteType.REAL: "float",
-    SQLiteType.BLOB: "blob",
-}
-FOREIGN_KEY_SUGGESTION_ROW_LIMIT = 500
-FOREIGN_KEY_SUGGESTION_TIME_LIMIT_MS = 50
-FOREIGN_KEY_SUGGESTION_TOTAL_TIME_LIMIT_MS = 200
-FOREIGN_KEY_TARGETS_SQL = """
-select
-  m.name as fk_table,
-  p.name as fk_column,
-  case
-    when upper(coalesce(p.type, '')) like '%INT%' then 'integer'
-    when upper(coalesce(p.type, '')) like '%CHAR%'
-      or upper(coalesce(p.type, '')) like '%CLOB%'
-      or upper(coalesce(p.type, '')) like '%TEXT%' then 'text'
-    when upper(coalesce(p.type, '')) like '%BLOB%'
-      or coalesce(p.type, '') = '' then 'blob'
-    when upper(coalesce(p.type, '')) like '%REAL%'
-      or upper(coalesce(p.type, '')) like '%FLOA%'
-      or upper(coalesce(p.type, '')) like '%' || 'DOU' || 'B' || '%' then 'real'
-    else 'numeric'
-  end as type
-from sqlite_master as m
-cross join pragma_table_info(m.name) as p
-where m.type = 'table'
-  and m.name not like 'sqlite_%'
-  and p.pk > 0
-  and (
-    select count(*)
-    from pragma_table_info(m.name) as p2
-    where p2.pk > 0
-  ) = 1
-order by m.name
-"""
-
-
-class ForeignKeySuggestionTimedOut(Exception):
-    pass
-
-
-def _sqlite_type_affinity(type_name):
-    type_name = (type_name or "").upper()
-    if "INT" in type_name:
-        return "integer"
-    if any(token in type_name for token in ("CHAR", "CLOB", "TEXT")):
-        return "text"
-    if "BLOB" in type_name or not type_name:
-        return "blob"
-    if any(
-        token in type_name
-        for token in ("REAL", "FLOA", "DOUB")  # codespell:ignore doub
-    ):
-        return "real"
-    return "numeric"
-
-
-def _foreign_key_type_compatible(source_affinity, target_affinity):
-    if source_affinity == target_affinity:
-        return True
-    numeric_affinities = {"integer", "real", "numeric"}
-    if source_affinity == "numeric":
-        return target_affinity in numeric_affinities
-    if target_affinity == "numeric":
-        return source_affinity in numeric_affinities
-    return False
-
-
-def _public_foreign_key_target(target):
-    return {
-        "fk_table": target["fk_table"],
-        "fk_column": target["fk_column"],
-        "type": target["type"],
-    }
-
-
-def _singular(name):
-    if name.endswith("ies") and len(name) > 3:
-        return name[:-3] + "y"
-    if name.endswith("s") and len(name) > 1:
-        return name[:-1]
-    return name
-
-
-def _foreign_key_name_reasons(source_column, target):
-    source = source_column.lower()
-    table = target["fk_table"].lower()
-    singular_table = _singular(table)
-    column = target["fk_column"].lower()
-    possible_names = {
-        "{}_{}".format(table, column),
-        "{}_{}".format(singular_table, column),
-    }
-    if column == "id":
-        possible_names.update(
-            {
-                "{}_id".format(table),
-                "{}_id".format(singular_table),
-            }
-        )
-    return ["name_match"] if source in possible_names else []
-
-
-def _foreign_key_option_sort_key(source_column, target):
-    has_name_match = bool(_foreign_key_name_reasons(source_column, target))
-    return (
-        0 if has_name_match else 1,
-        target["fk_table"],
-        target["fk_column"],
-    )
-
-
-def _foreign_key_suggestion_metadata(conn, table_name):
-    hidden_tables = set(sqlite_hidden_table_names(conn))
-    source_columns = [
-        {
-            "column": column.name,
-            "type": (column.type or "").upper(),
-            "affinity": _sqlite_type_affinity(column.type),
-        }
-        for column in table_column_details(conn, table_name)
-        if not column.hidden
-    ]
-    current_by_column = {
-        fk["column"]: {
-            "fk_table": fk["other_table"],
-            "fk_column": fk["other_column"],
-        }
-        for fk in get_outbound_foreign_keys(conn, table_name)
-    }
-    table_names = [
-        row[0]
-        for row in conn.execute(
-            "select name from sqlite_master where type = 'table' order by name"
-        ).fetchall()
-        if not row[0].startswith("sqlite_")
-    ]
-    targets = []
-    for candidate_table in table_names:
-        if candidate_table == table_name or candidate_table in hidden_tables:
-            continue
-        columns = [column for column in table_column_details(conn, candidate_table)]
-        pks = [column for column in columns if column.is_pk and not column.hidden]
-        pks.sort(key=lambda column: column.is_pk)
-        if len(pks) != 1:
-            continue
-        pk = pks[0]
-        targets.append(
-            {
-                "fk_table": candidate_table,
-                "fk_column": pk.name,
-                "type": (pk.type or "").upper(),
-                "affinity": _sqlite_type_affinity(pk.type),
-            }
-        )
-    return source_columns, targets, current_by_column
-
-
-async def _foreign_key_suggestion_samples(db, table_name, columns):
-    if not columns:
-        return 0, {}
-    sql = "select {} from {} limit {}".format(
-        ", ".join(escape_sqlite(column) for column in columns),
-        escape_sqlite(table_name),
-        FOREIGN_KEY_SUGGESTION_ROW_LIMIT,
-    )
-    try:
-        results = await db.execute(
-            sql,
-            custom_time_limit=FOREIGN_KEY_SUGGESTION_TIME_LIMIT_MS,
-            log_sql_errors=False,
-        )
-    except QueryInterrupted as e:
-        raise ForeignKeySuggestionTimedOut from e
-    values_by_column = {column: [] for column in columns}
-    seen_by_column = {column: set() for column in columns}
-    for row in results.rows:
-        for column in columns:
-            value = row[column]
-            if value is None or value in seen_by_column[column]:
-                continue
-            seen_by_column[column].add(value)
-            values_by_column[column].append(value)
-    return len(results.rows), values_by_column
-
-
-async def _foreign_key_suggestion_values_exist(db, target, values, time_limit_ms):
-    if not values:
-        return False
-    sql = "select {} from {} where {} in ({})".format(
-        escape_sqlite(target["fk_column"]),
-        escape_sqlite(target["fk_table"]),
-        escape_sqlite(target["fk_column"]),
-        ", ".join("?" for _ in values),
-    )
-    try:
-        results = await db.execute(
-            sql,
-            params=values,
-            custom_time_limit=time_limit_ms,
-            log_sql_errors=False,
-        )
-    except QueryInterrupted as e:
-        raise ForeignKeySuggestionTimedOut from e
-    found = {row[0] for row in results.rows}
-    return all(value in found for value in values)
-
-
-async def _create_table_ui_context(
-    datasette, request, db, database_name, database_action_permissions
-):
-    if not db.is_mutable:
-        return None
-    if not database_action_permissions.get("create-table"):
-        return None
-    data = {
-        "path": "{}/-/create".format(datasette.urls.database(database_name)),
-        "foreignKeyTargetsPath": "{}/-/foreign-key-targets".format(
-            datasette.urls.database(database_name)
-        ),
-        "databaseName": database_name,
-        "columnTypes": CREATE_TABLE_COLUMN_TYPES,
-        "defaultExpressions": default_expression_options(),
-    }
-    can_set_column_type = await datasette.allowed(
-        action="set-column-type",
-        resource=TableResource(database=database_name, table="__new_table__"),
-        actor=request.actor,
-    )
-    if can_set_column_type:
-        data["customColumnTypes"] = _custom_column_type_options_for_create_table(
-            datasette
-        )
-    return data
-
-
-def _custom_column_type_options_for_create_table(datasette):
-    options = []
-    for name, ct_cls in sorted(datasette._column_types.items()):
-        sqlite_types = getattr(ct_cls, "sqlite_types", None)
-        if sqlite_types is None:
-            option_sqlite_types = CREATE_TABLE_COLUMN_TYPES[:]
-        else:
-            option_sqlite_types = [
-                create_table_type
-                for create_table_type, sqlite_type in CREATE_TABLE_SQLITE_TYPES.items()
-                if sqlite_type in sqlite_types
-            ]
-        if not option_sqlite_types:
-            continue
-        option = {
-            "name": name,
-            "description": ct_cls.description,
-            "sqliteTypes": option_sqlite_types,
-        }
-        if sqlite_types is not None and len(sqlite_types) == 1:
-            fixed_sqlite_type = CREATE_TABLE_TYPE_FOR_SQLITE_TYPE.get(sqlite_types[0])
-            if fixed_sqlite_type is not None:
-                option["fixedSqliteType"] = fixed_sqlite_type
-        options.append(option)
-    return options
-
-
-SqliteApiType = Literal["text", "integer", "float", "blob"]
-DEFAULT_EXPRESSIONS = {
-    "current_timestamp": {
-        "sql": "CURRENT_TIMESTAMP",
-        "label": "Current timestamp in UTC, e.g. 2026-05-01 13:34:00",
-        "sqliteType": "text",
-    },
-    "current_date": {
-        "sql": "CURRENT_DATE",
-        "label": "Current date in UTC, e.g. 2026-05-01",
-        "sqliteType": "text",
-    },
-    "current_time": {
-        "sql": "CURRENT_TIME",
-        "label": "Current time in UTC, e.g. 13:34:00",
-        "sqliteType": "text",
-    },
-    "current_unixtime": {
-        "sql": "(CAST(strftime('%s', 'now') AS INTEGER))",
-        "label": "Current Unix time, integer seconds since the epoch",
-        "sqliteType": "integer",
-    },
-    "current_unixtime_ms": {
-        "sql": "(CAST((julianday('now') - 2440587.5) * 86400000 AS INTEGER))",
-        "label": "Current Unix time, integer milliseconds since the epoch",
-        "sqliteType": "integer",
-    },
-}
-DefaultExpr = str
-DEFAULT_EXPR_SQL = {
-    name: metadata["sql"] for name, metadata in DEFAULT_EXPRESSIONS.items()
-}
-
-
-def _strip_wrapping_parentheses(expression):
-    expression = expression.strip()
-    while expression.startswith("(") and expression.endswith(")"):
-        depth = 0
-        in_single_quote = False
-        wraps_whole_expression = True
-        i = 0
-        while i < len(expression):
-            char = expression[i]
-            if char == "'":
-                if (
-                    in_single_quote
-                    and i + 1 < len(expression)
-                    and expression[i + 1] == "'"
-                ):
-                    i += 2
-                    continue
-                in_single_quote = not in_single_quote
-            elif not in_single_quote:
-                if char == "(":
-                    depth += 1
-                elif char == ")":
-                    depth -= 1
-                    if depth == 0 and i != len(expression) - 1:
-                        wraps_whole_expression = False
-                        break
-            i += 1
-        if not wraps_whole_expression or depth != 0 or in_single_quote:
-            break
-        expression = expression[1:-1].strip()
-    return expression
-
-
-def _default_expression_lookup_key(expression):
-    return re.sub(r"\s+", " ", _strip_wrapping_parentheses(expression)).lower()
-
-
-DEFAULT_EXPR_BY_SQL = {
-    _default_expression_lookup_key(sql): name for name, sql in DEFAULT_EXPR_SQL.items()
-}
-
-
-def default_expr_for_sql(expression):
-    if expression is None:
-        return None
-    return DEFAULT_EXPR_BY_SQL.get(_default_expression_lookup_key(expression))
-
-
-def _quoted_options(options):
-    if len(options) == 1:
-        return "'{}'".format(options[0])
-    return "{} or '{}'".format(
-        ", ".join("'{}'".format(option) for option in options[:-1]),
-        options[-1],
-    )
-
-
-def _default_expr_error_message():
-    return "Input should be {}".format(_quoted_options(list(DEFAULT_EXPRESSIONS)))
-
-
-def default_expression_options():
-    return [
-        {
-            "value": value,
-            "label": metadata["label"],
-            "sqliteType": metadata["sqliteType"],
-        }
-        for value, metadata in DEFAULT_EXPRESSIONS.items()
-    ]
-
-
-class _StrictPydanticModel(BaseModel):
-    model_config = ConfigDict(extra="forbid")
-
-
-class _DefaultArgsMixin(_StrictPydanticModel):
-    default: Any | None = None
-    default_expr: DefaultExpr | None = None
-
-    @field_validator("default_expr")
-    @classmethod
-    def validate_default_expr_value(cls, value):
-        if value is not None and value not in DEFAULT_EXPRESSIONS:
-            raise PydanticCustomError("default_expr", _default_expr_error_message())
-        return value
-
-    @model_validator(mode="after")
-    def validate_default_fields(self):
-        has_default = "default" in self.model_fields_set
-        has_default_expr = "default_expr" in self.model_fields_set
-        if has_default and has_default_expr:
-            raise ValueError("default and default_expr cannot both be provided")
-        if has_default_expr and self.default_expr is None:
-            raise ValueError("default_expr cannot be null")
-        return self
-
-
-class CreateTableColumn(_DefaultArgsMixin):
-
-    name: Any = None
-    type: Any = "text"
-    fk_table: str | None = None
-    fk_column: str | None = None
-    not_null: bool = False
-
-    @model_validator(mode="after")
-    def validate_column(self):
-        if not self.name or not isinstance(self.name, str):
-            raise PydanticCustomError("create_table", "Column name is required")
-        if not self.type:
-            self.type = "text"
-        elif self.type not in CREATE_TABLE_COLUMN_TYPES:
-            raise PydanticCustomError(
-                "create_table", "Unsupported column type: {type}", {"type": self.type}
-            )
-        if self.fk_column and not self.fk_table:
-            raise PydanticCustomError(
-                "create_table_with_location",
-                "fk_column requires fk_table",
-            )
-        return self
-
-
-class CreateTableRequest(_StrictPydanticModel):
-    table: Any = None
-    rows: Any = None
-    row: Any = None
-    columns: list[CreateTableColumn] | None = None
-    pk: Any = None
-    pks: Any = None
-    ignore: bool | None = None
-    replace: bool | None = None
-    alter: bool | None = None
-
-    @field_validator("columns", mode="before")
-    @classmethod
-    def validate_columns_list(cls, value):
-        if value is None:
-            return value
-        if not isinstance(value, list):
-            raise PydanticCustomError("create_table", "columns must be a list")
-        if not all(isinstance(column, dict) for column in value):
-            raise PydanticCustomError(
-                "create_table", "columns must be a list of objects"
-            )
-        return value
-
-    @model_validator(mode="after")
-    def validate_request(self):
-        if not self.table:
-            raise PydanticCustomError("create_table", "Table is required")
-        if not isinstance(self.table, str) or not TABLE_NAME_RE.match(self.table):
-            raise PydanticCustomError("create_table", "Invalid table name")
-        if not self.columns and not self.rows and not self.row:
-            raise PydanticCustomError(
-                "create_table", "columns, rows or row is required"
-            )
-        if self.rows and self.row:
-            raise PydanticCustomError(
-                "create_table", "Cannot specify both rows and row"
-            )
-        if self.columns and (self.rows or self.row):
-            raise PydanticCustomError(
-                "create_table", "Cannot specify columns with rows or row"
-            )
-        if self.columns is not None:
-            seen = set()
-            duplicates = []
-            for column in self.columns:
-                if column.name in seen and column.name not in duplicates:
-                    duplicates.append(column.name)
-                seen.add(column.name)
-            if duplicates:
-                raise PydanticCustomError(
-                    "create_table",
-                    "Duplicate column name: {names}",
-                    {"names": ", ".join(duplicates)},
-                )
-        if self.rows is not None:
-            if not isinstance(self.rows, list):
-                raise PydanticCustomError("create_table", "rows must be a list")
-            if not all(isinstance(row, dict) for row in self.rows):
-                raise PydanticCustomError(
-                    "create_table", "rows must be a list of objects"
-                )
-        if self.pk is not None and not isinstance(self.pk, str):
-            raise PydanticCustomError("create_table", "pk must be a string")
-        if self.pk and self.pks:
-            raise PydanticCustomError("create_table", "Cannot specify both pk and pks")
-        if self.pks is not None:
-            if not isinstance(self.pks, list):
-                raise PydanticCustomError("create_table", "pks must be a list")
-            if not all(isinstance(pk, str) for pk in self.pks):
-                raise PydanticCustomError(
-                    "create_table", "pks must be a list of strings"
-                )
-        if self.ignore and self.replace:
-            raise PydanticCustomError(
-                "create_table", "ignore and replace are mutually exclusive"
-            )
-        if {"ignore", "replace"} & self.model_fields_set:
-            if not self.row and not self.rows:
-                raise PydanticCustomError(
-                    "create_table", "ignore and replace require row or rows"
-                )
-            if not self.pk and not self.pks:
-                raise PydanticCustomError(
-                    "create_table", "ignore and replace require pk or pks"
-                )
-        return self
-
-    @property
-    def rows_list(self):
-        return [self.row] if self.row else self.rows
-
-    @property
-    def foreign_keys(self):
-        if not self.columns:
-            return None
-        foreign_keys = []
-        for column in self.columns:
-            if column.fk_table and column.fk_column:
-                foreign_keys.append((column.name, column.fk_table, column.fk_column))
-            elif column.fk_table:
-                foreign_keys.append((column.name, column.fk_table))
-        return foreign_keys or None
-
-
-class AddColumnArgs(_DefaultArgsMixin):
-    name: str
-    type: SqliteApiType = "text"
-    not_null: bool = False
-
-
-class RenameColumnArgs(_StrictPydanticModel):
-    name: str
-    to: str
-
-
-class RenameTableArgs(_StrictPydanticModel):
-    to: str
-
-    @field_validator("to")
-    @classmethod
-    def validate_table_name(cls, v):
-        if not TABLE_NAME_RE.match(v):
-            raise PydanticCustomError(
-                "alter_table_rename_table",
-                "Invalid table name",
-            )
-        return v
-
-
-class AlterColumnArgs(_DefaultArgsMixin):
-    name: str
-    type: SqliteApiType | None = None
-    not_null: bool | None = None
-
-    @model_validator(mode="after")
-    def require_change(self):
-        if not (
-            {"type", "not_null", "default", "default_expr"} & self.model_fields_set
-        ):
-            raise ValueError(
-                "At least one of type, not_null, default or default_expr must be provided"
-            )
-        return self
-
-
-class DropColumnArgs(_StrictPydanticModel):
-    name: str
-
-
-class SetPrimaryKeyArgs(_StrictPydanticModel):
-    columns: list[str] = Field(min_length=1)
-
-
-class ReorderColumnsArgs(_StrictPydanticModel):
-    columns: list[str] = Field(min_length=1)
-
-
-class ForeignKeyArgs(_StrictPydanticModel):
-    column: str
-    fk_table: str | None = None
-    fk_column: str | None = None
-
-    @model_validator(mode="after")
-    def validate_foreign_key(self):
-        if self.fk_column and not self.fk_table:
-            raise PydanticCustomError(
-                "alter_table_foreign_key",
-                "fk_column requires fk_table",
-            )
-        if not self.fk_table:
-            raise PydanticCustomError(
-                "alter_table_foreign_key",
-                "fk_table is required",
-            )
-        return self
-
-    @property
-    def tuple(self):
-        if self.fk_column:
-            return (self.column, self.fk_table, self.fk_column)
-        return (self.column, self.fk_table)
-
-
-class DropForeignKeyArgs(_StrictPydanticModel):
-    column: str
-
-
-class SetForeignKeysArgs(_StrictPydanticModel):
-    foreign_keys: list[ForeignKeyArgs]
-
-
-class AddColumnOperation(_StrictPydanticModel):
-    op: Literal["add_column"]
-    args: AddColumnArgs
-
-
-class RenameColumnOperation(_StrictPydanticModel):
-    op: Literal["rename_column"]
-    args: RenameColumnArgs
-
-
-class RenameTableOperation(_StrictPydanticModel):
-    op: Literal["rename_table"]
-    args: RenameTableArgs
-
-
-class AlterColumnOperation(_StrictPydanticModel):
-    op: Literal["alter_column"]
-    args: AlterColumnArgs
-
-
-class DropColumnOperation(_StrictPydanticModel):
-    op: Literal["drop_column"]
-    args: DropColumnArgs
-
-
-class SetPrimaryKeyOperation(_StrictPydanticModel):
-    op: Literal["set_primary_key"]
-    args: SetPrimaryKeyArgs
-
-
-class ReorderColumnsOperation(_StrictPydanticModel):
-    op: Literal["reorder_columns"]
-    args: ReorderColumnsArgs
-
-
-class AddForeignKeyOperation(_StrictPydanticModel):
-    op: Literal["add_foreign_key"]
-    args: ForeignKeyArgs
-
-
-class DropForeignKeyOperation(_StrictPydanticModel):
-    op: Literal["drop_foreign_key"]
-    args: DropForeignKeyArgs
-
-
-class SetForeignKeysOperation(_StrictPydanticModel):
-    op: Literal["set_foreign_keys"]
-    args: SetForeignKeysArgs
-
-
-AlterTableOperation = Annotated[
-    Union[
-        AddColumnOperation,
-        RenameColumnOperation,
-        RenameTableOperation,
-        AlterColumnOperation,
-        DropColumnOperation,
-        SetPrimaryKeyOperation,
-        ReorderColumnsOperation,
-        AddForeignKeyOperation,
-        DropForeignKeyOperation,
-        SetForeignKeysOperation,
-    ],
-    Field(discriminator="op"),
-]
-
-
-class AlterTableRequest(_StrictPydanticModel):
-    operations: list[AlterTableOperation] = Field(min_length=1)
-
-
-def _pydantic_errors(validation_error):
-    errors = []
-    for error in validation_error.errors():
-        location = ".".join(str(item) for item in error["loc"])
-        message = error["msg"]
-        errors.append("{}: {}".format(location, message) if location else message)
-    return errors
-
-
-def _create_table_pydantic_errors(validation_error):
-    errors = validation_error.errors()
-    invalid_keys = sorted(
-        str(error["loc"][0])
-        for error in errors
-        if error["type"] == "extra_forbidden" and len(error["loc"]) == 1
-    )
-    if invalid_keys:
-        return ["Invalid keys: {}".format(", ".join(invalid_keys))]
-
-    output = []
-    for error in errors:
-        message = error["msg"]
-        if error["type"] == "create_table":
-            output.append(message)
-            continue
-        location = ".".join(str(item) for item in error["loc"])
-        output.append("{}: {}".format(location, message) if location else message)
-    return output
-
-
-def _table_schema_from_conn(conn, table_name):
-    row = conn.execute(
-        "select sql from sqlite_master where type = 'table' and name = ?",
-        [table_name],
-    ).fetchone()
-    return row[0] if row else None
-
-
-def _primary_key_value(columns):
-    if len(columns) == 1:
-        return columns[0]
-    return tuple(columns)
-
-
-def _default_expression_sql(default_expr):
-    return DEFAULT_EXPR_SQL[default_expr]
-
-
-def _literal_default(db, value):
-    if isinstance(value, str):
-        return db.quote(value)
-    return value
-
-
-class TableCreateView(BaseView):
-    name = "table-create"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def post(self, request):
-        db = await self.ds.resolve_database(request)
-        database_name = db.name
-
-        # Must have create-table permission
-        if not await self.ds.allowed(
-            action="create-table",
-            resource=DatabaseResource(database=database_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied"], 403)
-
-        try:
-            data = await request.json()
-        except json.JSONDecodeError as e:
-            return _error(["Invalid JSON: {}".format(e)])
-
-        if not isinstance(data, dict):
-            return _error(["JSON must be an object"])
-
-        try:
-            create_request = CreateTableRequest.model_validate(data)
-        except ValidationError as e:
-            return _error(_create_table_pydantic_errors(e))
-
-        ignore = create_request.ignore
-        replace = create_request.replace
-
-        if replace:
-            # Must have update-row permission
-            if not await self.ds.allowed(
-                action="update-row",
-                resource=DatabaseResource(database=database_name),
-                actor=request.actor,
-            ):
-                return _error(["Permission denied: need update-row"], 403)
-
-        table_name = create_request.table
-        table_exists = await db.table_exists(table_name)
-        columns = create_request.columns
-        rows = create_request.rows_list
-
-        if rows:
-            # Must have insert-row permission
-            if not await self.ds.allowed(
-                action="insert-row",
-                resource=DatabaseResource(database=database_name),
-                actor=request.actor,
-            ):
-                return _error(["Permission denied: need insert-row"], 403)
-
-        alter = False
-        if rows:
-            if not table_exists:
-                # if table is being created for the first time, alter=True
-                alter = True
-            else:
-                # alter=True only if they request it AND they have permission
-                if create_request.alter:
-                    if not await self.ds.allowed(
-                        action="alter-table",
-                        resource=DatabaseResource(database=database_name),
-                        actor=request.actor,
-                    ):
-                        return _error(["Permission denied: need alter-table"], 403)
-                    alter = True
-
-        pk = create_request.pk
-        pks = create_request.pks
-
-        # If table exists already, read pks from that instead
-        if table_exists:
-            actual_pks = await db.primary_keys(table_name)
-            # if pk passed and table already exists check it does not change
-            bad_pks = False
-            if len(actual_pks) == 1 and pk and pk != actual_pks[0]:
-                bad_pks = True
-            elif len(actual_pks) > 1 and pks and set(pks) != set(actual_pks):
-                bad_pks = True
-            if bad_pks:
-                return _error(["pk cannot be changed for existing table"])
-            pks = actual_pks
-
-        initial_schema = None
-        if table_exists:
-            initial_schema = await db.execute_fn(
-                lambda conn: sqlite_utils.Database(conn)[table_name].schema
-            )
-
-        def create_table(conn):
-            db_for_write = sqlite_utils.Database(conn)
-            table = db_for_write[table_name]
-            if rows:
-                table.insert_all(
-                    rows, pk=pks or pk, ignore=ignore, replace=replace, alter=alter
-                )
-            else:
-                not_null = [column.name for column in columns if column.not_null]
-                defaults = {}
-                for column in columns:
-                    if "default_expr" in column.model_fields_set:
-                        defaults[column.name] = _default_expression_sql(
-                            column.default_expr
-                        )
-                    elif (
-                        "default" in column.model_fields_set
-                        and column.default is not None
-                    ):
-                        defaults[column.name] = _literal_default(
-                            db_for_write, column.default
-                        )
-                table.create(
-                    {column.name: column.type for column in columns},
-                    pk=pks or pk,
-                    foreign_keys=create_request.foreign_keys,
-                    not_null=not_null or None,
-                    defaults=defaults or None,
-                )
-            return table.schema
-
-        try:
-            schema = await db.execute_write_fn(create_table, request=request)
-        except Exception as e:
-            return _error([str(e)])
-
-        if initial_schema is not None and initial_schema != schema:
-            await self.ds.track_event(
-                AlterTableEvent(
-                    request.actor,
-                    database=database_name,
-                    table=table_name,
-                    before_schema=initial_schema,
-                    after_schema=schema,
-                )
-            )
-
-        table_url = self.ds.absolute_url(
-            request, self.ds.urls.table(db.name, table_name)
-        )
-        table_api_url = self.ds.absolute_url(
-            request, self.ds.urls.table(db.name, table_name, format="json")
-        )
-        details = {
-            "ok": True,
-            "database": db.name,
-            "table": table_name,
-            "table_url": table_url,
-            "table_api_url": table_api_url,
-            "schema": schema,
-        }
-        if rows:
-            details["row_count"] = len(rows)
-
-        if not table_exists:
-            # Only log creation if we created a table
-            await self.ds.track_event(
-                CreateTableEvent(
-                    request.actor, database=db.name, table=table_name, schema=schema
-                )
-            )
-        if rows:
-            await self.ds.track_event(
-                InsertRowsEvent(
-                    request.actor,
-                    database=db.name,
-                    table=table_name,
-                    num_rows=len(rows),
-                    ignore=ignore,
-                    replace=replace,
-                )
-            )
-        return Response.json(details, status=201)
-
-
-class DatabaseForeignKeyTargetsView(BaseView):
-    name = "database-foreign-key-targets"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def get(self, request):
-        db = await self.ds.resolve_database(request)
-        database_name = db.name
-
-        table_name = request.args.get("table")
-        can_create_table = await self.ds.allowed(
-            action="create-table",
-            resource=DatabaseResource(database=database_name),
-            actor=request.actor,
-        )
-        can_alter_table = False
-        if table_name and await db.table_exists(table_name):
-            can_alter_table = await self.ds.allowed(
-                action="alter-table",
-                resource=TableResource(database=database_name, table=table_name),
-                actor=request.actor,
-            )
-        if not (can_create_table or can_alter_table):
-            return _error(["Permission denied: need create-table"], 403)
-
-        hidden_tables = await db.execute_fn(
-            lambda conn: set(sqlite_hidden_table_names(conn))
-        )
-        targets = [
-            target
-            for target in (await db.execute(FOREIGN_KEY_TARGETS_SQL)).dicts()
-            if target["fk_table"] not in hidden_tables
-        ]
-        return Response.json(
-            {
-                "ok": True,
-                "database": database_name,
-                "targets": targets,
-            }
-        )
-
-
-class TableForeignKeySuggestionsView(BaseView):
-    name = "table-foreign-key-suggestions"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def get(self, request):
-        try:
-            resolved = await self.ds.resolve_table(request)
-        except NotFound as e:
-            return _error([e.args[0]], 404)
-
-        db = resolved.db
-        database_name = db.name
-        table_name = resolved.table
-
-        if resolved.is_view:
-            return _error(["Cannot suggest foreign keys for a view"], 400)
-
-        if not await self.ds.allowed(
-            action="alter-table",
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need alter-table"], 403)
-
-        source_columns, targets, current_by_column = await db.execute_fn(
-            lambda conn: _foreign_key_suggestion_metadata(conn, table_name)
-        )
-
-        columns = []
-        options_by_column = {}
-        for source_column in source_columns:
-            options = sorted(
-                [
-                    target
-                    for target in targets
-                    if _foreign_key_type_compatible(
-                        source_column["affinity"], target["affinity"]
-                    )
-                ],
-                key=lambda target: _foreign_key_option_sort_key(
-                    source_column["column"], target
-                ),
-            )
-            options_by_column[source_column["column"]] = options
-            columns.append(
-                {
-                    "column": source_column["column"],
-                    "type": source_column["type"],
-                    "affinity": source_column["affinity"],
-                    "current": current_by_column.get(source_column["column"]),
-                    "suggestions": [],
-                    "options": [
-                        _public_foreign_key_target(option) for option in options
-                    ],
-                }
-            )
-
-        columns_to_sample = [
-            column["column"]
-            for column in columns
-            if options_by_column[column["column"]]
-        ]
-        row_check = {
-            "attempted": bool(columns_to_sample),
-            "status": "completed" if columns_to_sample else "skipped",
-            "row_limit": FOREIGN_KEY_SUGGESTION_ROW_LIMIT,
-            "sampled_rows": 0,
-            "checked_options": 0,
-        }
-
-        try:
-            sampled_rows, values_by_column = await _foreign_key_suggestion_samples(
-                db, table_name, columns_to_sample
-            )
-            row_check["sampled_rows"] = sampled_rows
-            deadline = time.perf_counter() + (
-                FOREIGN_KEY_SUGGESTION_TOTAL_TIME_LIMIT_MS / 1000
-            )
-            for column_info in columns:
-                values = values_by_column.get(column_info["column"]) or []
-                if not values:
-                    continue
-                for option in options_by_column[column_info["column"]]:
-                    remaining_ms = int((deadline - time.perf_counter()) * 1000)
-                    if remaining_ms <= 0:
-                        raise ForeignKeySuggestionTimedOut
-                    if await _foreign_key_suggestion_values_exist(
-                        db,
-                        option,
-                        values,
-                        min(FOREIGN_KEY_SUGGESTION_TIME_LIMIT_MS, remaining_ms),
-                    ):
-                        reasons = [
-                            "type_match",
-                            "sample_values_exist",
-                        ] + _foreign_key_name_reasons(column_info["column"], option)
-                        column_info["suggestions"].append(
-                            {
-                                "fk_table": option["fk_table"],
-                                "fk_column": option["fk_column"],
-                                "confidence": "sampled",
-                                "sampled_values": len(values),
-                                "reasons": reasons,
-                            }
-                        )
-                    row_check["checked_options"] += 1
-        except ForeignKeySuggestionTimedOut:
-            row_check["status"] = "timed_out"
-
-        return Response.json(
-            {
-                "ok": True,
-                "database": database_name,
-                "table": table_name,
-                "row_check": row_check,
-                "columns": columns,
-            }
-        )
-
-
-class TableAlterView(BaseView):
-    name = "table-alter"
-
-    def __init__(self, datasette):
-        self.ds = datasette
-
-    async def post(self, request):
-        try:
-            resolved = await self.ds.resolve_table(request)
-        except NotFound as e:
-            return _error([e.args[0]], 404)
-
-        db = resolved.db
-        database_name = db.name
-        table_name = resolved.table
-
-        if not await self.ds.allowed(
-            action="alter-table",
-            resource=TableResource(database=database_name, table=table_name),
-            actor=request.actor,
-        ):
-            return _error(["Permission denied: need alter-table"], 403)
-
-        if not db.is_mutable:
-            return _error(["Database is immutable"], 403)
-
-        content_type = request.headers.get("content-type") or ""
-        if not content_type.startswith("application/json"):
-            return _error(["Invalid content-type, must be application/json"], 400)
-
-        try:
-            data = await request.json()
-        except json.JSONDecodeError as e:
-            return _error(["Invalid JSON: {}".format(e)], 400)
-
-        if not isinstance(data, dict):
-            return _error(["JSON must be a dictionary"], 400)
-
-        try:
-            alter_request = AlterTableRequest.model_validate(data)
-        except ValidationError as e:
-            return _error(_pydantic_errors(e), 400)
-
-        def alter_table(conn):
-            before_schema = _table_schema_from_conn(conn, table_name)
-
-            def apply_operations(operation_conn):
-                db_for_write = sqlite_utils.Database(operation_conn)
-                table = db_for_write[table_name]
-                current_table_name = table_name
-
-                add_columns = []
-                types = {}
-                rename = {}
-                rename_table_to = None
-                drop = set()
-                not_null = {}
-                defaults = {}
-                column_order = None
-                pk = SQLITE_UTILS_DEFAULT
-                add_foreign_keys = []
-                drop_foreign_keys = []
-                foreign_keys = None
-
-                for operation in alter_request.operations:
-                    args = operation.args
-                    if operation.op == "add_column":
-                        if args.not_null and not (
-                            (
-                                "default" in args.model_fields_set
-                                and args.default is not None
-                            )
-                            or "default_expr" in args.model_fields_set
-                        ):
-                            raise ValueError(
-                                "add_column args.default or args.default_expr is required when not_null is true"
-                            )
-                        add_columns.append(args)
-                        if "default" in args.model_fields_set and not args.not_null:
-                            defaults[args.name] = _literal_default(
-                                db_for_write, args.default
-                            )
-                        if (
-                            "default_expr" in args.model_fields_set
-                            and not args.not_null
-                        ):
-                            defaults[args.name] = _default_expression_sql(
-                                args.default_expr
-                            )
-                    elif operation.op == "rename_table":
-                        rename_table_to = args.to
-                    elif operation.op == "rename_column":
-                        rename[args.name] = args.to
-                    elif operation.op == "alter_column":
-                        if args.type is not None:
-                            types[args.name] = args.type
-                        if args.not_null is not None:
-                            not_null[args.name] = args.not_null
-                        if "default" in args.model_fields_set:
-                            defaults[args.name] = (
-                                None
-                                if args.default is None
-                                else _literal_default(db_for_write, args.default)
-                            )
-                        if "default_expr" in args.model_fields_set:
-                            defaults[args.name] = _default_expression_sql(
-                                args.default_expr
-                            )
-                    elif operation.op == "drop_column":
-                        drop.add(args.name)
-                    elif operation.op == "set_primary_key":
-                        pk = _primary_key_value(args.columns)
-                    elif operation.op == "reorder_columns":
-                        column_order = args.columns
-                    elif operation.op == "add_foreign_key":
-                        add_foreign_keys.append(args.tuple)
-                    elif operation.op == "drop_foreign_key":
-                        drop_foreign_keys.append(args.column)
-                    elif operation.op == "set_foreign_keys":
-                        foreign_keys = [fk.tuple for fk in args.foreign_keys]
-
-                with operation_conn:
-                    for column in add_columns:
-                        not_null_default = None
-                        if column.not_null:
-                            if "default_expr" in column.model_fields_set:
-                                not_null_default = _default_expression_sql(
-                                    column.default_expr
-                                )
-                            else:
-                                not_null_default = _literal_default(
-                                    db_for_write, column.default
-                                )
-                        table.add_column(
-                            column.name,
-                            column.type,
-                            not_null_default=not_null_default,
-                        )
-
-                    should_transform = any(
-                        (
-                            types,
-                            rename,
-                            drop,
-                            not_null,
-                            defaults,
-                            column_order is not None,
-                            pk is not SQLITE_UTILS_DEFAULT,
-                            add_foreign_keys,
-                            drop_foreign_keys,
-                            foreign_keys is not None,
-                        )
-                    )
-                    if should_transform:
-                        table.transform(
-                            types=types or None,
-                            rename=rename or None,
-                            drop=drop or None,
-                            pk=pk,
-                            not_null=not_null or None,
-                            defaults=defaults or None,
-                            column_order=column_order,
-                            add_foreign_keys=add_foreign_keys or None,
-                            drop_foreign_keys=drop_foreign_keys or None,
-                            foreign_keys=foreign_keys,
-                        )
-                    if (
-                        rename_table_to is not None
-                        and rename_table_to != current_table_name
-                    ):
-                        operation_conn.execute(
-                            "alter table {} rename to {}".format(
-                                escape_sqlite(current_table_name),
-                                escape_sqlite(rename_table_to),
-                            )
-                        )
-                        current_table_name = rename_table_to
-
-                return current_table_name, _table_schema_from_conn(
-                    operation_conn, current_table_name
-                )
-
-            after_table_name, after_schema = apply_operations(conn)
-            return before_schema, after_schema, after_table_name
-
-        try:
-            before_schema, after_schema, after_table_name = await db.execute_write_fn(
-                alter_table, request=request
-            )
-        except Exception as e:
-            return _error([str(e)], 400)
-
-        altered = before_schema != after_schema
-        if altered:
-            await self.ds.track_event(
-                AlterTableEvent(
-                    request.actor,
-                    database=database_name,
-                    table=after_table_name,
-                    before_schema=before_schema,
-                    after_schema=after_schema,
-                )
-            )
-
-        table_url = self.ds.absolute_url(
-            request, self.ds.urls.table(database_name, after_table_name)
-        )
-        table_api_url = self.ds.absolute_url(
-            request, self.ds.urls.table(database_name, after_table_name, format="json")
-        )
-        return Response.json(
-            {
-                "ok": True,
-                "database": database_name,
-                "table": after_table_name,
-                "table_url": table_url,
-                "table_api_url": table_api_url,
-                "altered": altered,
-                "schema": after_schema,
-                "before_schema": before_schema,
-                "operations_applied": len(alter_request.operations),
-            },
-            status=200,
-        )
diff --git a/datasette/views/table_extras.py b/datasette/views/table_extras.py
deleted file mode 100644
index db659c80..00000000
--- a/datasette/views/table_extras.py
+++ /dev/null
@@ -1,1252 +0,0 @@
-import itertools
-from dataclasses import dataclass
-
-from datasette.database import QueryInterrupted
-from datasette.extras import Extra, ExtraExample, ExtraRegistry, ExtraScope, Provider
-from datasette.plugins import pm
-from datasette.resources import DatabaseResource, TableResource
-from datasette.utils import (
-    await_me_maybe,
-    call_with_supported_arguments,
-    path_with_added_args,
-    path_with_format,
-    path_with_removed_args,
-    to_css_class,
-)
-
-
-@dataclass(frozen=True)
-class TableExtraContext:
-    datasette: object
-    request: object
-    resolved: object
-    db: object
-    database_name: str
-    table_name: str
-    is_view: bool
-    private: bool
-    rows: list
-    columns: list
-    results_description: list
-    table_columns: list
-    pks: list
-    count_sql: str
-    from_sql: str
-    from_sql_params: dict
-    nocount: object
-    nofacet: object
-    nosuggest: object
-    next_arg: object
-    next_url: str | None
-    sql: str
-    sql_no_order_no_limit: str
-    params: dict
-    table_metadata: dict
-    filters: object
-    extra_human_descriptions: list
-    sort: str | None
-    sort_desc: str | None
-    sortable_columns: set
-    extras: set
-    extra_registry: ExtraRegistry
-    display_columns_and_rows: object
-    run_sequential: object
-    query_name: str | None = None
-    scope: ExtraScope = ExtraScope.TABLE
-
-
-@dataclass(frozen=True)
-class RowExtraContext:
-    datasette: object
-    request: object
-    db: object
-    database_name: str
-    table_name: str
-    private: bool
-    rows: list
-    columns: list
-    pks: list
-    pk_values: list
-    sql: str
-    params: dict
-    extras: set
-    extra_registry: ExtraRegistry
-    foreign_key_tables: object
-    is_view: bool = False
-    scope: ExtraScope = ExtraScope.ROW
-
-
-@dataclass(frozen=True)
-class QueryExtraContext:
-    datasette: object
-    request: object
-    db: object
-    database_name: str
-    private: bool
-    rows: list
-    columns: list
-    sql: str | None
-    params: dict
-    query_name: str | None
-    metadata: dict
-    extras: set
-    extra_registry: ExtraRegistry
-    table_name: str | None = None
-    is_view: bool = False
-    pks: list | None = None
-    scope: ExtraScope = ExtraScope.QUERY
-
-
-class CountSqlExtra(Extra):
-    description = "SQL query string used to calculate the total count for the current table view, including active filters."
-    example = ExtraExample("/fixtures/facetable.json?_size=0&_extra=count_sql")
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return context.count_sql
-
-
-class CountExtra(Extra):
-    description = "Total count of rows matching these filters"
-    example = ExtraExample("/fixtures/facetable.json?_extra=count")
-    scopes = {ExtraScope.TABLE}
-    expensive = True
-
-    async def resolve(self, context):
-        count = None
-        if (
-            not context.db.is_mutable
-            and context.datasette.inspect_data
-            and context.count_sql == f"select count(*) from {context.table_name} "
-        ):
-            try:
-                count = context.datasette.inspect_data[context.database_name]["tables"][
-                    context.table_name
-                ]["count"]
-            except KeyError:
-                pass
-
-        if context.count_sql and count is None and not context.nocount:
-            count_sql_limited = "select count(*) from (select * {} limit {})".format(
-                context.from_sql, context.db.count_limit + 1
-            )
-            try:
-                count_rows = list(
-                    await context.db.execute(count_sql_limited, context.from_sql_params)
-                )
-                count = count_rows[0][0]
-            except QueryInterrupted:
-                pass
-        return count
-
-
-class FacetInstancesProvider(Provider):
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context, count):
-        facet_instances = []
-        facet_classes = list(
-            itertools.chain.from_iterable(pm.hook.register_facet_classes())
-        )
-        for facet_class in facet_classes:
-            facet_instances.append(
-                facet_class(
-                    context.datasette,
-                    context.request,
-                    context.database_name,
-                    sql=context.sql_no_order_no_limit,
-                    params=context.params,
-                    table=context.table_name,
-                    table_config=context.table_metadata,
-                    row_count=count,
-                )
-            )
-        return facet_instances
-
-
-class FacetResultsExtra(Extra):
-    description = "Results of facets calculated against this data. A dictionary with ``results`` and ``timed_out`` keys: ``results`` maps facet names to facet dictionaries with ``name``, ``type``, ``results`` and URL keys, and each facet result item includes ``value``, ``label``, ``count`` and ``toggle_url``."
-    example = ExtraExample(
-        value={
-            "results": {
-                "state": {
-                    "name": "state",
-                    "type": "column",
-                    "results": [
-                        {"value": "CA", "label": "CA", "count": 10},
-                        {"value": "MI", "label": "MI", "count": 4},
-                    ],
-                }
-            },
-            "timed_out": [],
-        },
-        note="Shape abbreviated from /fixtures/facetable.json?_facet=state&_extra=facet_results.",
-    )
-    scopes = {ExtraScope.TABLE}
-    expensive = True
-    docs_note = "See :ref:`facets` for details of how facets work."
-
-    async def resolve(self, context, facet_instances):
-        facet_results = {}
-        facets_timed_out = []
-
-        if not context.nofacet:
-            facet_awaitables = [facet.facet_results() for facet in facet_instances]
-            facet_awaitable_results = await context.run_sequential(*facet_awaitables)
-            for (
-                instance_facet_results,
-                instance_facets_timed_out,
-            ) in facet_awaitable_results:
-                for facet_info in instance_facet_results:
-                    base_key = facet_info["name"]
-                    key = base_key
-                    i = 1
-                    while key in facet_results:
-                        i += 1
-                        key = f"{base_key}_{i}"
-                    facet_results[key] = facet_info
-                facets_timed_out.extend(instance_facets_timed_out)
-
-        return {
-            "results": facet_results,
-            "timed_out": facets_timed_out,
-        }
-
-
-class FacetsTimedOutExtra(Extra):
-    description = (
-        "List of names of facet calculations that exceeded the facet time limit."
-    )
-    example = ExtraExample(
-        "/fixtures/facetable.json?_facet=state&_extra=facets_timed_out",
-        note=(
-            "A list of the names of any facets that exceeded the "
-            ":ref:`setting_facet_time_limit_ms` time limit - an empty list "
-            "if every facet calculation completed."
-        ),
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context, facet_results):
-        return facet_results["timed_out"]
-
-
-class SuggestedFacetsExtra(Extra):
-    description = "Suggestions for facets that might return interesting results. Each item is a dictionary with ``name`` and ``toggle_url`` keys, and may include extra keys such as ``type`` or ``label`` depending on the facet class."
-    example = ExtraExample(
-        value=[
-            {
-                "name": "state",
-                "toggle_url": "http://localhost/fixtures/facetable.json?_extra=suggested_facets&_facet=state",
-            }
-        ],
-        note="Shape abbreviated from /fixtures/facetable.json?_extra=suggested_facets.",
-    )
-    scopes = {ExtraScope.TABLE}
-    expensive = True
-    docs_note = (
-        "Suggestions are controlled by the :ref:`setting_suggest_facets` setting."
-    )
-
-    async def resolve(self, context, facet_instances):
-        suggested_facets = []
-        if (
-            context.datasette.setting("suggest_facets")
-            and context.datasette.setting("allow_facet")
-            and not context.next_arg
-            and not context.nofacet
-            and not context.nosuggest
-        ):
-            facet_suggest_awaitables = [facet.suggest() for facet in facet_instances]
-            for suggest_result in await context.run_sequential(
-                *facet_suggest_awaitables
-            ):
-                suggested_facets.extend(suggest_result)
-        return suggested_facets
-
-
-class HumanDescriptionEnExtra(Extra):
-    description = "Human-readable description of the filters"
-    example = ExtraExample(
-        "/fixtures/facetable.json?state=CA&_sort=pk&_extra=human_description_en"
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        human_description_en = context.filters.human_description_en(
-            extra=context.extra_human_descriptions
-        )
-        if context.sort or context.sort_desc:
-            sorted_by = "sorted by {}{}".format(
-                (context.sort or context.sort_desc),
-                " descending" if context.sort_desc else "",
-            )
-            human_description_en = " ".join(
-                [b for b in [human_description_en, sorted_by] if b]
-            )
-        return human_description_en
-
-
-class NextUrlExtra(Extra):
-    description = "Full URL for the next page of results"
-    example = ExtraExample(
-        "/fixtures/facetable.json?_size=1&_extra=next_url",
-        note=(
-            "``null`` if there are no more pages of results. "
-            "See :ref:`json_api_pagination`."
-        ),
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return context.next_url
-
-
-class ColumnsExtra(Extra):
-    description = "List of column names returned by this table, row or query."
-    example = ExtraExample("/fixtures/facetable.json?_extra=columns")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=columns"
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=columns"
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        return context.columns
-
-
-class AllColumnsExtra(Extra):
-    description = "List of all column names in the table, regardless of ``_col=`` or ``_nocol=`` filtering."
-    example = ExtraExample("/fixtures/facetable.json?_col=pk&_extra=all_columns")
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return list(context.table_columns)
-
-
-class PrimaryKeysExtra(Extra):
-    description = "List of primary key column names for this table, or an empty list if the table has no explicit primary key."
-    example = ExtraExample("/fixtures/facetable.json?_extra=primary_keys")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=primary_keys"
-        )
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW}
-
-    async def resolve(self, context):
-        return context.pks
-
-
-class ActionsExtra(Extra):
-    description = 'Async callable returning table or view actions made available by core and plugin hooks. Each item is either a link with ``href``, ``label`` and optional ``description`` keys, or a button with ``type: "button"``, ``label``, optional ``description`` and optional ``attrs``. See :ref:`plugin_actions`, :ref:`plugin_hook_table_actions` and :ref:`plugin_hook_view_actions`.'
-    scopes = {ExtraScope.TABLE}
-    # Returns an async function for the HTML templates - not JSON serializable
-    public = False
-
-    async def resolve(self, context):
-        async def actions():
-            links = []
-            kwargs = {
-                "datasette": context.datasette,
-                "database": context.database_name,
-                "actor": context.request.actor,
-                "request": context.request,
-            }
-            if context.is_view:
-                kwargs["view"] = context.table_name
-                method = pm.hook.view_actions
-            else:
-                kwargs["table"] = context.table_name
-                method = pm.hook.table_actions
-                # Resolve the registered table-level actions for this table
-                # and the database-level actions for its database in two
-                # batched queries, seeding the request permission cache so
-                # that allowed() calls made inside the plugin hooks below
-                # are served from the cache
-                datasette = context.datasette
-                await precompute_table_action_permissions(
-                    datasette,
-                    context.request.actor,
-                    context.database_name,
-                    context.table_name,
-                )
-                await precompute_database_action_permissions(
-                    datasette, context.request.actor, context.database_name
-                )
-            for hook in method(**kwargs):
-                extra_links = await await_me_maybe(hook)
-                if extra_links:
-                    links.extend(extra_links)
-            return links
-
-        return actions
-
-
-async def precompute_table_action_permissions(
-    datasette, actor, database_name, table_name
-):
-    await datasette.allowed_many(
-        actions=[
-            name
-            for name, action in datasette.actions.items()
-            if action.resource_class is TableResource
-        ],
-        resource=TableResource(database_name, table_name),
-        actor=actor,
-    )
-
-
-async def precompute_database_action_permissions(datasette, actor, database_name):
-    await datasette.allowed_many(
-        actions=[
-            name
-            for name, action in datasette.actions.items()
-            if action.resource_class is DatabaseResource
-        ],
-        resource=DatabaseResource(database_name),
-        actor=actor,
-    )
-
-
-class IsViewExtra(Extra):
-    description = "Whether this resource is a view instead of a table"
-    example = ExtraExample("/fixtures/simple_view.json?_extra=is_view")
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return context.is_view
-
-
-class DebugExtra(Extra):
-    description = "Extra debug information dictionary. This is intended for development only and its shape is not part of the stable template contract."
-    docs_note = (
-        "The contents of this block are not a stable part of the Datasette "
-        "API and may change without warning."
-    )
-    example = ExtraExample("/fixtures/facetable.json?_extra=debug")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=debug"
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=debug"
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        debug = {
-            "url_vars": context.request.url_vars,
-        }
-        if context.scope == ExtraScope.TABLE:
-            debug["resolved"] = repr(context.resolved)
-            debug["nofacet"] = context.nofacet
-            debug["nosuggest"] = context.nosuggest
-        elif context.scope == ExtraScope.ROW:
-            debug["resolved"] = {
-                "table": context.table_name,
-                "sql": context.sql,
-                "params": context.params,
-                "pks": context.pks,
-                "pk_values": context.pk_values,
-            }
-        return debug
-
-
-class RequestExtra(Extra):
-    description = "Dictionary with request details: ``url``, ``path``, ``full_path``, ``host`` and ``args`` where ``args`` maps query string parameter names to their values."
-    example = ExtraExample("/fixtures/facetable.json?_extra=request")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=request"
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=request"
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        return {
-            "url": context.request.url,
-            "path": context.request.path,
-            "full_path": context.request.full_path,
-            "host": context.request.host,
-            "args": context.request.args._data,
-        }
-
-
-class DisplayColumnsAndRowsProvider(Provider):
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        display_columns, display_rows = await context.display_columns_and_rows(
-            context.datasette,
-            context.database_name,
-            context.table_name,
-            context.results_description,
-            context.rows,
-            link_column=not context.is_view,
-            truncate_cells=context.datasette.setting("truncate_cells_html"),
-            sortable_columns=context.sortable_columns,
-            request=context.request,
-        )
-        return {
-            "columns": display_columns,
-            "rows": display_rows,
-        }
-
-
-class DisplayColumnsExtra(Extra):
-    description = "Column metadata used by the HTML table display. Each item includes ``name``, ``sortable``, ``is_pk``, ``type``, ``notnull``, ``description``, ``column_type`` and ``column_type_config`` keys."
-    example = ExtraExample(
-        value=[
-            {
-                "name": "pk",
-                "sortable": True,
-                "is_pk": True,
-                "type": "INTEGER",
-                "notnull": 0,
-            },
-            {
-                "name": "created",
-                "sortable": True,
-                "is_pk": False,
-                "type": "TEXT",
-                "notnull": 0,
-                "description": None,
-                "column_type": None,
-                "column_type_config": None,
-            },
-        ],
-        note="Shape abbreviated from /fixtures/facetable.json?_size=1&_extra=display_columns.",
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context, display_columns_and_rows):
-        return display_columns_and_rows["columns"]
-
-
-class DisplayRowsExtra(Extra):
-    description = "Rows formatted for the HTML table display. Each row is iterable and contains cell dictionaries with ``column``, ``value``, ``raw`` and ``value_type`` keys; table pages may also provide ``pk_path``, ``row_path`` and ``row_label`` attributes on each row object."
-    scopes = {ExtraScope.TABLE}
-    # Contains markupsafe/sqlite3.Row values - not JSON serializable
-    public = False
-
-    async def resolve(self, context, display_columns_and_rows):
-        return display_columns_and_rows["rows"]
-
-
-class RenderCellExtra(Extra):
-    description = "Rendered HTML for each cell using the render_cell plugin hook"
-    docs_note = (
-        "See the :ref:`render_cell() plugin hook ` "
-        "documentation."
-    )
-    example = ExtraExample(
-        value={
-            "rows": [
-                {"id": 1, "content": "hello"},
-                {"id": 4, "content": "RENDER_CELL_DEMO"},
-            ],
-            "render_cell": [
-                {},
-                {"content": "Custom rendered HTML"},
-            ],
-        },
-        note=(
-            "The ``render_cell`` array has one item per row, in the same order as "
-            "the ``rows`` array. Each object is keyed by column name. Only columns "
-            "whose rendered value differs from the default are included."
-        ),
-    )
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            value={
-                "rows": [{"id": 4, "content": "RENDER_CELL_DEMO"}],
-                "render_cell": [{"content": "Custom rendered HTML"}],
-            },
-            note=(
-                "The ``render_cell`` array has one item for the requested row. "
-                "The object is keyed by column name. Only columns whose rendered "
-                "value differs from the default are included."
-            ),
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            value={
-                "rows": [{"content": "RENDER_CELL_DEMO"}],
-                "render_cell": [{"content": "Custom rendered HTML"}],
-            },
-            note=(
-                "The ``render_cell`` array has one item per query result row, in "
-                "the same order as the ``rows`` array. Each object is keyed by "
-                "column name. Only columns whose rendered value differs from the "
-                "default are included."
-            ),
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        table_name = context.table_name
-        pks_for_display = context.pks or (
-            ["rowid"] if table_name and not context.is_view else []
-        )
-        ct_map = (
-            await context.datasette.get_column_types(context.database_name, table_name)
-            if table_name
-            else {}
-        )
-        rendered_rows = []
-        for row in context.rows:
-            rendered_row = {}
-            for value, column in zip(row, context.columns):
-                ct = ct_map.get(column)
-                plugin_display_value = None
-                if ct:
-                    candidate = await ct.render_cell(
-                        value=value,
-                        column=column,
-                        table=table_name,
-                        database=context.database_name,
-                        datasette=context.datasette,
-                        request=context.request,
-                    )
-                    if candidate is not None:
-                        plugin_display_value = candidate
-                if plugin_display_value is None:
-                    for candidate in pm.hook.render_cell(
-                        row=row,
-                        value=value,
-                        column=column,
-                        table=table_name,
-                        pks=pks_for_display,
-                        database=context.database_name,
-                        datasette=context.datasette,
-                        request=context.request,
-                        column_type=ct,
-                    ):
-                        candidate = await await_me_maybe(candidate)
-                        if candidate is not None:
-                            plugin_display_value = candidate
-                            break
-                if plugin_display_value:
-                    rendered_row[column] = str(plugin_display_value)
-            rendered_rows.append(rendered_row)
-        return rendered_rows
-
-
-class QueryExtra(Extra):
-    description = "Details of the underlying SQL query as a dictionary with ``sql`` and ``params`` keys."
-    example = ExtraExample("/fixtures/facetable.json?_size=1&_extra=query")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=query"
-        ),
-        ExtraScope.QUERY: [
-            ExtraExample("/fixtures/-/query.json?sql=select+1+as+one&_extra=query"),
-            ExtraExample("/fixtures/neighborhood_search.json?text=town&_extra=query"),
-        ],
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        return {
-            "sql": context.sql,
-            "params": context.params,
-        }
-
-
-class ColumnTypesExtra(Extra):
-    description = 'Column type assignments for this table. A dictionary mapping column names to ``{"type": type_name, "config": config}`` dictionaries.'
-    docs_note = (
-        "An empty object if no column types have been assigned. Column types "
-        "can be assigned in :ref:`configuration "
-        "` or using the :ref:`set column "
-        "type API `."
-    )
-    example = ExtraExample(
-        "/fixtures/facetable.json?_size=0&_extra=column_types",
-        note=(
-            "This example is from an instance where the ``tags`` column has "
-            "been assigned the ``json`` column type."
-        ),
-    )
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/facetable/1.json?_extra=column_types",
-            note=(
-                "This example is from an instance where the ``tags`` column "
-                "has been assigned the ``json`` column type."
-            ),
-        )
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW}
-
-    async def resolve(self, context):
-        ct_map = await context.datasette.get_column_types(
-            context.database_name, context.table_name
-        )
-        return {
-            col_name: {
-                "type": ct.name,
-                "config": ct.config,
-            }
-            for col_name, ct in ct_map.items()
-        }
-
-
-class SetColumnTypeUiExtra(Extra):
-    description = "Information needed to build an interface for assigning column types, or ``None`` if unavailable. When present it has ``path`` and ``columns`` keys; ``columns`` maps column names to ``current`` and ``options`` values."
-    docs_note = (
-        "``null`` unless the current actor is allowed to use the :ref:`set "
-        "column type API ` for this table."
-    )
-    example = ExtraExample(
-        value={
-            "path": "/fixtures/facetable/-/set-column-type",
-            "columns": {
-                "created": {
-                    "current": None,
-                    "options": [
-                        {"name": "email", "description": "Email address"},
-                        {"name": "json", "description": "JSON data"},
-                        {"name": "url", "description": "URL"},
-                    ],
-                },
-                "tags": {
-                    "current": {"type": "json", "config": None},
-                    "options": [
-                        {"name": "email", "description": "Email address"},
-                        {"name": "json", "description": "JSON data"},
-                        {"name": "url", "description": "URL"},
-                    ],
-                },
-            },
-        },
-        note=(
-            "Shape abbreviated to two columns, as seen by an actor with "
-            "``set-column-type`` permission. ``current`` is the column type "
-            "currently assigned to each column and ``options`` lists the "
-            "types that could be assigned to it."
-        ),
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        if context.is_view:
-            return None
-
-        if not await context.datasette.allowed(
-            action="set-column-type",
-            resource=TableResource(
-                database=context.database_name, table=context.table_name
-            ),
-            actor=context.request.actor,
-        ):
-            return None
-
-        column_details = await context.datasette._get_resource_column_details(
-            context.database_name, context.table_name
-        )
-        ct_map = await context.datasette.get_column_types(
-            context.database_name, context.table_name
-        )
-        columns = {}
-        for column_name, column_detail in column_details.items():
-            current = ct_map.get(column_name)
-            columns[column_name] = {
-                "current": (
-                    {"type": current.name, "config": current.config}
-                    if current is not None
-                    else None
-                ),
-                "options": [
-                    {
-                        "name": name,
-                        "description": ct_cls.description,
-                    }
-                    for name, ct_cls in sorted(context.datasette._column_types.items())
-                    if context.datasette._column_type_is_applicable(
-                        ct_cls, column_detail
-                    )
-                ],
-            }
-        return {
-            "path": "{}/-/set-column-type".format(
-                context.datasette.urls.table(context.database_name, context.table_name)
-            ),
-            "columns": columns,
-        }
-
-
-class MetadataExtra(Extra):
-    description = "Metadata dictionary for the table, database or stored query. Table and row metadata include a ``columns`` dictionary mapping column names to descriptions; stored query metadata returns the stored query configuration."
-    docs_note = "See :ref:`metadata` for how to attach metadata to tables."
-    example = ExtraExample(
-        "/fixtures/facetable.json?_extra=metadata",
-        note=(
-            "This example is from an instance where the ``facetable`` table "
-            "has a metadata ``description`` and a :ref:`column description "
-            "` for its ``state`` column. The "
-            "``columns`` object is empty for tables with no column "
-            "descriptions."
-        ),
-    )
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=metadata",
-            note=(
-                "This table has no metadata, so only an empty ``columns`` "
-                "object is returned."
-            ),
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/neighborhood_search.json?text=town&_extra=metadata",
-            note=(
-                "For stored queries this returns the full configuration of "
-                "the query, including the :ref:`stored query options "
-                "`. For ``?sql=`` queries it returns an "
-                "empty object."
-            ),
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        if context.scope == ExtraScope.QUERY:
-            return context.metadata
-
-        tablemetadata = await context.datasette.get_resource_metadata(
-            context.database_name, context.table_name
-        )
-
-        rows = await context.datasette.get_internal_database().execute(
-            """
-              SELECT
-                column_name,
-                value
-              FROM metadata_columns
-              WHERE database_name = ?
-                AND resource_name = ?
-                AND key = 'description'
-            """,
-            [context.database_name, context.table_name],
-        )
-        tablemetadata["columns"] = dict(rows)
-        return tablemetadata
-
-
-class DatabaseExtra(Extra):
-    description = "Database name"
-    example = ExtraExample("/fixtures/facetable.json?_extra=database")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=database"
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=database"
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        return context.database_name
-
-
-class TableExtra(Extra):
-    description = "Table name"
-    example = ExtraExample("/fixtures/facetable.json?_extra=table")
-    examples = {
-        ExtraScope.ROW: ExtraExample("/fixtures/simple_primary_key/1.json?_extra=table")
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW}
-
-    async def resolve(self, context):
-        return context.table_name
-
-
-class DatabaseColorExtra(Extra):
-    description = "Color assigned to the database"
-    docs_note = (
-        "A six character hex color, without the leading ``#``, derived from "
-        "a hash of the database name and used in the Datasette interface."
-    )
-    example = ExtraExample("/fixtures/facetable.json?_extra=database_color")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=database_color"
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=database_color"
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        return context.db.color
-
-
-class FormHiddenArgsExtra(Extra):
-    description = "List of ``(name, value)`` pairs for hidden form fields used by the HTML table interface to preserve current query string options."
-    example = ExtraExample(
-        "/fixtures/facetable.json?_facet=state&_size=1&_extra=form_hidden_args"
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        form_hidden_args = []
-        for key in context.request.args:
-            if (
-                key.startswith("_")
-                and key not in ("_sort", "_sort_desc", "_search", "_next")
-                and "__" not in key
-            ):
-                for value in context.request.args.getlist(key):
-                    form_hidden_args.append((key, value))
-        return form_hidden_args
-
-
-class FiltersExtra(Extra):
-    description = "``Filters`` object used by the HTML table interface. Useful methods include ``filters.human_description_en()``; this is not JSON serializable."
-    scopes = {ExtraScope.TABLE}
-    # Returns a Filters instance for the HTML templates - not JSON serializable
-    public = False
-
-    async def resolve(self, context):
-        return context.filters
-
-
-class CustomTableTemplatesExtra(Extra):
-    description = "List of custom template names considered for rendering table rows, in lookup order."
-    docs_note = (
-        "The first template in this list that exists will be used to render "
-        "the table on the HTML version of this page. See "
-        ":ref:`customization_custom_templates`."
-    )
-    example = ExtraExample("/fixtures/facetable.json?_extra=custom_table_templates")
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return [
-            f"_table-{to_css_class(context.database_name)}-{to_css_class(context.table_name)}.html",
-            f"_table-table-{to_css_class(context.database_name)}-{to_css_class(context.table_name)}.html",
-            "_table.html",
-        ]
-
-
-class SortedFacetResultsExtra(Extra):
-    description = "Facet result dictionaries sorted for display. Each item has the same shape as an entry from ``facet_results['results']``."
-    docs_note = (
-        "The same data as ``facet_results``, as a list in the order used by "
-        "the HTML interface: facets from :ref:`facet configuration "
-        "` first, then other facets ordered by their number "
-        "of results."
-    )
-    example = ExtraExample(
-        "/fixtures/facetable.json?_facet=state&_extra=sorted_facet_results"
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context, facet_results):
-        facet_configs = context.table_metadata.get("facets", [])
-        if facet_configs:
-            metadata_facet_names = []
-            for fc in facet_configs:
-                if isinstance(fc, str):
-                    metadata_facet_names.append(fc)
-                elif isinstance(fc, dict):
-                    metadata_facet_names.append(list(fc.values())[0])
-            metadata_order = {name: i for i, name in enumerate(metadata_facet_names)}
-            metadata_facets = []
-            request_facets = []
-            for f in facet_results["results"].values():
-                if f["name"] in metadata_order:
-                    metadata_facets.append(f)
-                else:
-                    request_facets.append(f)
-            metadata_facets.sort(key=lambda f: metadata_order[f["name"]])
-            request_facets.sort(
-                key=lambda f: (len(f["results"]), f["name"]),
-                reverse=True,
-            )
-            return metadata_facets + request_facets
-        else:
-            return sorted(
-                facet_results["results"].values(),
-                key=lambda f: (len(f["results"]), f["name"]),
-                reverse=True,
-            )
-
-
-class TableDefinitionExtra(Extra):
-    description = "SQL definition for this table"
-    example = ExtraExample("/fixtures/facetable.json?_extra=table_definition")
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return await context.db.get_table_definition(context.table_name)
-
-
-class ViewDefinitionExtra(Extra):
-    description = "SQL definition for this view"
-    example = ExtraExample("/fixtures/simple_view.json?_extra=view_definition")
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        return await context.db.get_view_definition(context.table_name)
-
-
-class RenderersExtra(Extra):
-    description = "Dictionary mapping output format names such as ``json`` or plugin-provided renderer names to URLs for this data in that format."
-    example = ExtraExample(
-        "/fixtures/facetable.json?_extra=renderers",
-        note=(
-            "Each key is the name of an output format, each value the URL "
-            "for this data in that format. Plugins can add additional "
-            "formats using the :ref:`register_output_renderer() plugin hook "
-            "`."
-        ),
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context, expandable_columns, query):
-        renderers = {}
-        url_labels_extra = {}
-        if expandable_columns:
-            url_labels_extra = {"_labels": "on"}
-        table_name = context.table_name
-        view_name = "table" if context.scope == ExtraScope.TABLE else "database"
-        for key, (_, can_render) in context.datasette.renderers.items():
-            it_can_render = call_with_supported_arguments(
-                can_render,
-                datasette=context.datasette,
-                columns=context.columns or [],
-                rows=context.rows or [],
-                sql=query.get("sql", None),
-                query_name=context.query_name,
-                database=context.database_name,
-                table=table_name,
-                request=context.request,
-                view_name=view_name,
-            )
-            it_can_render = await await_me_maybe(it_can_render)
-            if it_can_render:
-                renderers[key] = context.datasette.urls.path(
-                    path_with_format(
-                        request=context.request,
-                        path=context.request.scope.get("route_path"),
-                        format=key,
-                        extra_qs={**url_labels_extra},
-                    )
-                )
-        return renderers
-
-
-class PrivateExtra(Extra):
-    description = "Whether this resource is private to the current actor"
-    docs_note = (
-        "``true`` if the current actor can see this resource but an "
-        "anonymous user could not. See :ref:`authentication_permissions`."
-    )
-    example = ExtraExample("/fixtures/facetable.json?_extra=private")
-    examples = {
-        ExtraScope.ROW: ExtraExample(
-            "/fixtures/simple_primary_key/1.json?_extra=private"
-        ),
-        ExtraScope.QUERY: ExtraExample(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=private"
-        ),
-    }
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        return context.private
-
-
-class ExpandableColumnsExtra(Extra):
-    description = "List of foreign key columns that can be expanded with labels. Each item is a ``(foreign_key, label_column)`` pair where ``foreign_key`` is the SQLite foreign key dictionary and ``label_column`` is the label column in the referenced table, or ``None``."
-    docs_note = "See :ref:`expand_foreign_keys` for how to expand these labels."
-    example = ExtraExample(
-        "/fixtures/facetable.json?_extra=expandable_columns",
-        note=(
-            "Each item is a ``[foreign_key, label_column]`` pair: the "
-            "foreign key relationship, then the column in the other table "
-            "that would be used as the label for each expanded value."
-        ),
-    )
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        expandables = []
-        db = context.datasette.databases[context.database_name]
-        for fk in await db.foreign_keys_for_table(context.table_name):
-            label_column = await db.label_column_for_table(fk["other_table"])
-            expandables.append((fk, label_column))
-        return expandables
-
-
-class ForeignKeyTablesExtra(Extra):
-    description = "List of tables that link to this row using foreign keys. Each item includes the foreign key fields plus ``count`` for matching rows and ``link`` for the filtered table URL."
-    example = ExtraExample(
-        "/fixtures/simple_primary_key/1.json?_extra=foreign_key_tables",
-        note=(
-            "``count`` is the number of rows in the other table that "
-            "reference this row, and ``link`` is a URL to browse those rows."
-        ),
-    )
-    scopes = {ExtraScope.ROW}
-    expensive = True
-
-    async def resolve(self, context):
-        return await context.foreign_key_tables(
-            context.database_name, context.table_name, context.pk_values
-        )
-
-
-class ExtrasExtra(Extra):
-    description = "List of ``?_extra=`` blocks that can be used on this page. Each item has ``name``, ``description``, ``toggle_url`` and ``selected`` keys."
-    example = ExtraExample(
-        value=[
-            {
-                "name": "count",
-                "description": "Total count of rows matching these filters",
-                "toggle_url": "http://localhost/fixtures/facetable.json?_extra=extras&_extra=count",
-                "selected": False,
-            },
-            {
-                "name": "extras",
-                "description": "List of ?_extra= blocks that can be used on this page",
-                "toggle_url": "http://localhost/fixtures/facetable.json",
-                "selected": True,
-            },
-        ],
-        note=(
-            "Shape abbreviated from /fixtures/facetable.json?_extra=extras - "
-            "the full response lists every extra described on this page. "
-            "``toggle_url`` is the current URL with that extra added or "
-            "removed, and ``selected`` is ``true`` for extras included in "
-            "the current request."
-        ),
-    )
-    scopes = {ExtraScope.TABLE, ExtraScope.ROW, ExtraScope.QUERY}
-
-    async def resolve(self, context):
-        all_extras = [
-            (cls.key(), cls.description)
-            for cls in context.extra_registry.public_classes_for_scope(context.scope)
-        ]
-        return [
-            {
-                "name": name,
-                "description": description,
-                "toggle_url": context.datasette.absolute_url(
-                    context.request,
-                    context.datasette.urls.path(
-                        path_with_added_args(context.request, {"_extra": name})
-                        if name not in context.extras
-                        else path_with_removed_args(context.request, {"_extra": name})
-                    ),
-                ),
-                "selected": name in context.extras,
-            }
-            for name, description in all_extras
-        ]
-
-
-TABLE_EXTRA_BUNDLES = {
-    "html": [
-        "suggested_facets",
-        "facet_results",
-        "facets_timed_out",
-        "count",
-        "count_sql",
-        "human_description_en",
-        "next_url",
-        "metadata",
-        "query",
-        "columns",
-        "display_columns",
-        "display_rows",
-        "database",
-        "table",
-        "database_color",
-        "actions",
-        "filters",
-        "renderers",
-        "custom_table_templates",
-        "sorted_facet_results",
-        "table_definition",
-        "view_definition",
-        "is_view",
-        "private",
-        "primary_keys",
-        "all_columns",
-        "expandable_columns",
-        "form_hidden_args",
-        "set_column_type_ui",
-    ]
-}
-
-
-TABLE_EXTRA_CLASSES = [
-    CountExtra,
-    CountSqlExtra,
-    FacetResultsExtra,
-    FacetsTimedOutExtra,
-    SuggestedFacetsExtra,
-    FacetInstancesProvider,
-    HumanDescriptionEnExtra,
-    NextUrlExtra,
-    ColumnsExtra,
-    AllColumnsExtra,
-    PrimaryKeysExtra,
-    DisplayColumnsAndRowsProvider,
-    DisplayColumnsExtra,
-    DisplayRowsExtra,
-    RenderCellExtra,
-    DebugExtra,
-    RequestExtra,
-    QueryExtra,
-    ColumnTypesExtra,
-    SetColumnTypeUiExtra,
-    MetadataExtra,
-    ExtrasExtra,
-    DatabaseExtra,
-    TableExtra,
-    DatabaseColorExtra,
-    ActionsExtra,
-    FiltersExtra,
-    RenderersExtra,
-    CustomTableTemplatesExtra,
-    SortedFacetResultsExtra,
-    TableDefinitionExtra,
-    ViewDefinitionExtra,
-    IsViewExtra,
-    PrivateExtra,
-    ExpandableColumnsExtra,
-    ForeignKeyTablesExtra,
-    FormHiddenArgsExtra,
-]
-
-
-table_extra_registry = ExtraRegistry(TABLE_EXTRA_CLASSES)
-
-
-async def resolve_table_extras(extras, context, include_internal=False):
-    return await table_extra_registry.resolve(
-        extras, context, ExtraScope.TABLE, include_internal=include_internal
-    )
-
-
-async def resolve_row_extras(extras, context):
-    return await table_extra_registry.resolve(extras, context, ExtraScope.ROW)
-
-
-async def resolve_query_extras(extras, context):
-    return await table_extra_registry.resolve(extras, context, ExtraScope.QUERY)
diff --git a/datasette/write_sql.py b/datasette/write_sql.py
deleted file mode 100644
index cdc0c6d3..00000000
--- a/datasette/write_sql.py
+++ /dev/null
@@ -1,253 +0,0 @@
-from __future__ import annotations
-
-from dataclasses import dataclass
-from typing import TYPE_CHECKING
-
-from .permissions import Resource
-from .resources import DatabaseResource, TableResource
-from .utils import named_parameters, sqlite3
-from .utils.asgi import Forbidden
-from .utils.sql_analysis import Operation, SQLAnalysis
-
-if TYPE_CHECKING:
-    from .app import Datasette
-
-
-class QueryWriteRejected(Exception):
-    def __init__(self, message: str):
-        self.message = message
-        super().__init__(message)
-
-
-@dataclass(frozen=True)
-class PermissionRequirement:
-    action: str
-    resource: Resource
-
-
-PermissionRequirements = tuple[PermissionRequirement, ...]
-
-
-class WriteSqlOperationDecision:
-    """What Datasette should do with one operation in user-supplied write SQL."""
-
-
-@dataclass(frozen=True)
-class IgnoreWriteSqlOperation(WriteSqlOperationDecision):
-    reason: str
-
-
-@dataclass(frozen=True)
-class RequireWriteSqlPermissions(WriteSqlOperationDecision):
-    permissions: PermissionRequirements
-
-
-@dataclass(frozen=True)
-class RejectWriteSqlOperation(WriteSqlOperationDecision):
-    message: str
-
-
-@dataclass(frozen=True)
-class UnsupportedWriteSqlOperation(WriteSqlOperationDecision):
-    message: str
-
-
-def row_mutation_requirements(database: str, table: str) -> PermissionRequirements:
-    resource = TableResource(database=database, table=table)
-    return tuple(
-        PermissionRequirement(action=action, resource=resource)
-        for action in ("insert-row", "update-row", "delete-row")
-    )
-
-
-def decision_for_write_sql_operation(
-    operation: Operation,
-) -> WriteSqlOperationDecision:
-    unsupported_message = (
-        f"Unsupported SQL operation: {operation.operation} {operation.target_type}"
-    )
-    if operation.internal:
-        return IgnoreWriteSqlOperation("internal SQLite operation")
-    if operation.operation == "select":
-        return IgnoreWriteSqlOperation("select statement")
-    if operation.operation == "vacuum":
-        return RejectWriteSqlOperation("VACUUM is not allowed in user-supplied SQL")
-    if operation.operation in {"insert", "update", "delete"}:
-        if operation.table_kind == "virtual":
-            return RejectWriteSqlOperation(
-                "Writes to virtual tables are not allowed in user-supplied SQL"
-            )
-        if operation.table_kind == "shadow":
-            return RejectWriteSqlOperation(
-                "Writes to shadow tables are not allowed in user-supplied SQL"
-            )
-    if operation.operation == "function":
-        return IgnoreWriteSqlOperation("SQL function")
-    if (
-        operation.operation == "read"
-        and operation.target_type == "table"
-        and operation.database is not None
-        and operation.table is not None
-    ):
-        return RequireWriteSqlPermissions(
-            (
-                PermissionRequirement(
-                    action="view-table",
-                    resource=TableResource(
-                        database=operation.database, table=operation.table
-                    ),
-                ),
-            )
-        )
-    if (
-        operation.operation in {"insert", "update"}
-        and operation.target_type == "table"
-        and operation.database is not None
-        and operation.table is not None
-    ):
-        return RequireWriteSqlPermissions(
-            row_mutation_requirements(
-                database=operation.database,
-                table=operation.table,
-            )
-        )
-    if (
-        operation.operation == "delete"
-        and operation.target_type == "table"
-        and operation.database is not None
-        and operation.table is not None
-    ):
-        return RequireWriteSqlPermissions(
-            (
-                PermissionRequirement(
-                    action="delete-row",
-                    resource=TableResource(
-                        database=operation.database, table=operation.table
-                    ),
-                ),
-            )
-        )
-    if operation.operation == "create" and operation.target_type == "table":
-        if operation.database is None:
-            return UnsupportedWriteSqlOperation(unsupported_message)
-        return RequireWriteSqlPermissions(
-            (
-                PermissionRequirement(
-                    action="create-table",
-                    resource=DatabaseResource(database=operation.database),
-                ),
-            )
-        )
-    if (
-        operation.operation == "alter"
-        and operation.target_type == "table"
-        and operation.database is not None
-        and operation.table is not None
-    ):
-        return RequireWriteSqlPermissions(
-            (
-                PermissionRequirement(
-                    action="alter-table",
-                    resource=TableResource(
-                        database=operation.database, table=operation.table
-                    ),
-                ),
-            )
-        )
-    if (
-        operation.operation == "drop"
-        and operation.target_type == "table"
-        and operation.database is not None
-        and operation.table is not None
-    ):
-        return RequireWriteSqlPermissions(
-            (
-                PermissionRequirement(
-                    action="drop-table",
-                    resource=TableResource(
-                        database=operation.database, table=operation.table
-                    ),
-                ),
-            )
-        )
-    if (
-        operation.operation in {"create", "drop"}
-        and operation.target_type == "index"
-        and operation.database is not None
-        and operation.table is not None
-    ):
-        return RequireWriteSqlPermissions(
-            (
-                PermissionRequirement(
-                    action="alter-table",
-                    resource=TableResource(
-                        database=operation.database, table=operation.table
-                    ),
-                ),
-            )
-        )
-    return UnsupportedWriteSqlOperation(unsupported_message)
-
-
-def operation_is_write(operation: Operation) -> bool:
-    return operation.operation in {
-        "insert",
-        "update",
-        "delete",
-        "create",
-        "alter",
-        "drop",
-        "begin",
-        "commit",
-        "rollback",
-        "savepoint",
-        "attach",
-        "detach",
-        "pragma",
-        "analyze",
-        "reindex",
-        "vacuum",
-        "unknown",
-    }
-
-
-async def ensure_query_write_permissions(
-    datasette: Datasette,
-    database: str,
-    sql: str,
-    *,
-    actor: dict[str, object] | None = None,
-    params: dict[str, object] | None = None,
-    analysis: SQLAnalysis | None = None,
-) -> SQLAnalysis:
-    db = datasette.get_database(database)
-    if analysis is None:
-        if params is None:
-            params = {name: "" for name in named_parameters(sql)}
-        try:
-            analysis = await db.analyze_sql(sql, params)
-        except sqlite3.DatabaseError as ex:
-            raise Forbidden(f"Could not analyze query: {ex}") from ex
-
-    for operation in analysis.operations:
-        decision = decision_for_write_sql_operation(operation)
-        if isinstance(decision, IgnoreWriteSqlOperation):
-            continue
-        if isinstance(decision, RejectWriteSqlOperation):
-            raise QueryWriteRejected(decision.message)
-        if isinstance(decision, UnsupportedWriteSqlOperation):
-            raise Forbidden(decision.message)
-        permissions = decision.permissions
-        if operation.database != database:
-            raise Forbidden("Writable queries may not access attached databases")
-        for permission in permissions:
-            if not await datasette.allowed(
-                action=permission.action,
-                resource=permission.resource,
-                actor=actor,
-            ):
-                raise Forbidden(
-                    f"Permission denied: need {permission.action} "
-                    f"on {permission.resource}"
-                )
-    return analysis
diff --git a/demos/apache-proxy/000-default.conf b/demos/apache-proxy/000-default.conf
deleted file mode 100644
index 5b6607a3..00000000
--- a/demos/apache-proxy/000-default.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-
-    Options Indexes FollowSymLinks
-    AllowOverride None
-    Require all granted
-
-
-
-    ServerName localhost
-    DocumentRoot /app/html
-    ProxyPreserveHost On
-    ProxyPass /prefix/ http://127.0.0.1:8001/
-    Header add X-Proxied-By "Apache2 Debian"
-
diff --git a/demos/apache-proxy/Dockerfile b/demos/apache-proxy/Dockerfile
deleted file mode 100644
index 9a8448da..00000000
--- a/demos/apache-proxy/Dockerfile
+++ /dev/null
@@ -1,56 +0,0 @@
-FROM python:3.11.0-slim-bullseye
-
-RUN apt-get update && \
-    apt-get install -y apache2 supervisor && \
-    apt clean && \
-    rm -rf /var/lib/apt && \
-    rm -rf /var/lib/dpkg/info/*
-
-# Apache environment, copied from
-# https://github.com/ijklim/laravel-benfords-law-app/blob/e9bf385dcaddb62ea466a7b245ab6e4ef708c313/docker/os/Dockerfile
-ENV APACHE_DOCUMENT_ROOT=/var/www/html/public
-ENV APACHE_RUN_USER www-data
-ENV APACHE_RUN_GROUP www-data
-ENV APACHE_PID_FILE /var/run/apache2.pid
-ENV APACHE_RUN_DIR /var/run/apache2
-ENV APACHE_LOCK_DIR /var/lock/apache2
-ENV APACHE_LOG_DIR /var/log
-RUN ln -sf /dev/stdout /var/log/apache2-access.log
-RUN ln -sf /dev/stderr /var/log/apache2-error.log
-RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR
-
-RUN a2enmod proxy
-RUN a2enmod proxy_http
-RUN a2enmod headers
-
-ARG DATASETTE_REF
-
-RUN pip install \
-    https://github.com/simonw/datasette/archive/${DATASETTE_REF}.zip \
-    datasette-redirect-to-https datasette-debug-asgi
-
-ADD 000-default.conf /etc/apache2/sites-enabled/000-default.conf
-
-WORKDIR /app
-RUN mkdir -p /app/html
-RUN echo '
    Demo is at /prefix/
    ' > /app/html/index.html
-
-ADD https://latest.datasette.io/fixtures.db /app/fixtures.db
-
-EXPOSE 80
-
-# Dynamically build supervisord config since it includes $DATASETTE_REF:
-RUN echo "[supervisord]" >> /app/supervisord.conf
-RUN echo "nodaemon=true" >> /app/supervisord.conf
-RUN echo "" >> /app/supervisord.conf
-RUN echo "[program:apache2]" >> /app/supervisord.conf
-RUN echo "command=apache2 -D FOREGROUND" >> /app/supervisord.conf
-RUN echo "stdout_logfile=/dev/stdout" >> /app/supervisord.conf
-RUN echo "stdout_logfile_maxbytes=0" >> /app/supervisord.conf
-RUN echo "" >> /app/supervisord.conf
-RUN echo "[program:datasette]" >> /app/supervisord.conf
-RUN echo "command=datasette /app/fixtures.db --setting base_url '/prefix/' --version-note '${DATASETTE_REF}' -h 0.0.0.0 -p 8001" >> /app/supervisord.conf
-RUN echo "stdout_logfile=/dev/stdout" >> /app/supervisord.conf
-RUN echo "stdout_logfile_maxbytes=0" >> /app/supervisord.conf
-
-CMD ["/usr/bin/supervisord", "-c", "/app/supervisord.conf"]
diff --git a/demos/apache-proxy/README.md b/demos/apache-proxy/README.md
deleted file mode 100644
index c76e440d..00000000
--- a/demos/apache-proxy/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Datasette running behind an Apache proxy
-
-See also [Running Datasette behind a proxy](https://docs.datasette.io/en/latest/deploying.html#running-datasette-behind-a-proxy)
-
-This live demo is running at https://datasette-apache-proxy-demo.fly.dev/prefix/
-
-To build locally, passing in a Datasette commit hash (or `main` for the main branch):
-
-    docker build -t datasette-apache-proxy-demo . \
-      --build-arg DATASETTE_REF=c617e1769ea27e045b0f2907ef49a9a1244e577d
-
-Then run it like this:
-
-    docker run -p 5000:80 datasette-apache-proxy-demo
-
-And visit `http://localhost:5000/` or `http://localhost:5000/prefix/`
-
-## Deployment to Fly
-
-To deploy to [Fly](https://fly.io/) first create an application there by running:
-
-    flyctl apps create --name datasette-apache-proxy-demo
-
-You will need a different name, since I have already taken that one.
-
-Then run this command to deploy:
-
-    flyctl deploy --build-arg DATASETTE_REF=main
-
-This uses `fly.toml` in this directory, which hard-codes the `datasette-apache-proxy-demo` name - so you would need to edit that file to match your application name before running this.
-
-## Deployment to Cloud Run
-
-Deployments to Cloud Run currently result in intermittent 503 errors and I'm not sure why, see [issue #1522](https://github.com/simonw/datasette/issues/1522).
-
-You can deploy like this:
-
-    DATASETTE_REF=main ./deploy-to-cloud-run.sh
diff --git a/demos/apache-proxy/deploy-to-cloud-run.sh b/demos/apache-proxy/deploy-to-cloud-run.sh
deleted file mode 100755
index 2846590a..00000000
--- a/demos/apache-proxy/deploy-to-cloud-run.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-# https://til.simonwillison.net/cloudrun/using-build-args-with-cloud-run
-
-if [[ -z "$DATASETTE_REF" ]]; then
-    echo "Must provide DATASETTE_REF environment variable" 1>&2
-    exit 1
-fi
-
-NAME="datasette-apache-proxy-demo"
-PROJECT=$(gcloud config get-value project)
-IMAGE="gcr.io/$PROJECT/$NAME"
-
-# Need YAML so we can set --build-arg
-echo "
-steps:
-- name: 'gcr.io/cloud-builders/docker'
-  args: ['build', '-t', '$IMAGE', '.', '--build-arg', 'DATASETTE_REF=$DATASETTE_REF']
-- name: 'gcr.io/cloud-builders/docker'
-  args: ['push', '$IMAGE']
-" > /tmp/cloudbuild.yml
-
-gcloud builds submit --config /tmp/cloudbuild.yml
-
-rm /tmp/cloudbuild.yml
-
-gcloud run deploy $NAME \
-  --allow-unauthenticated \
-  --platform=managed \
-  --image $IMAGE \
-  --port 80
diff --git a/demos/apache-proxy/fly.toml b/demos/apache-proxy/fly.toml
deleted file mode 100644
index 52e6af5d..00000000
--- a/demos/apache-proxy/fly.toml
+++ /dev/null
@@ -1,37 +0,0 @@
-app = "datasette-apache-proxy-demo"
-
-kill_signal = "SIGINT"
-kill_timeout = 5
-processes = []
-
-[env]
-
-[experimental]
-  allowed_public_ports = []
-  auto_rollback = true
-
-[[services]]
-  http_checks = []
-  internal_port = 80
-  processes = ["app"]
-  protocol = "tcp"
-  script_checks = []
-
-  [services.concurrency]
-    hard_limit = 25
-    soft_limit = 20
-    type = "connections"
-
-  [[services.ports]]
-    handlers = ["http"]
-    port = 80
-
-  [[services.ports]]
-    handlers = ["tls", "http"]
-    port = 443
-
-  [[services.tcp_checks]]
-    grace_period = "1s"
-    interval = "15s"
-    restart_limit = 0
-    timeout = "2s"
diff --git a/demos/plugins/example_js_manager_plugins.py b/demos/plugins/example_js_manager_plugins.py
deleted file mode 100644
index 2705f2c5..00000000
--- a/demos/plugins/example_js_manager_plugins.py
+++ /dev/null
@@ -1,21 +0,0 @@
-from datasette import hookimpl
-
-# Test command:
-# datasette fixtures.db \ --plugins-dir=demos/plugins/
-#                       \ --static static:demos/plugins/static
-
-# Create a set with view names that qualify for this JS, since plugins won't do anything on other pages
-# Same pattern as in Nteract data explorer
-# https://github.com/hydrosquall/datasette-nteract-data-explorer/blob/main/datasette_nteract_data_explorer/__init__.py#L77
-PERMITTED_VIEWS = {"table", "query", "database"}
-
-
-@hookimpl
-def extra_js_urls(view_name):
-    print(view_name)
-    if view_name in PERMITTED_VIEWS:
-        return [
-            {
-                "url": "/static/table-example-plugins.js",
-            }
-        ]
diff --git a/demos/plugins/static/table-example-plugins.js b/demos/plugins/static/table-example-plugins.js
deleted file mode 100644
index 8c19d9a6..00000000
--- a/demos/plugins/static/table-example-plugins.js
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Example usage of Datasette JS Manager API
- */
-
-document.addEventListener("datasette_init", function (evt) {
-  const { detail: manager } = evt;
-  // === Demo plugins: remove before merge===
-  addPlugins(manager);
-});
-
-/**
- * Examples for to test datasette JS api
- */
-const addPlugins = (manager) => {
-
-  manager.registerPlugin("column-name-plugin", {
-    version: 0.1,
-    makeColumnActions: (columnMeta) => {
-      const { column } = columnMeta;
-
-      return [
-        {
-          label: "Copy name to clipboard",
-          onClick: (evt) => copyToClipboard(column),
-        },
-        {
-          label: "Log column metadata to console",
-          onClick: (evt) => console.log(column),
-        },
-      ];
-    },
-  });
-
-  manager.registerPlugin("panel-plugin-graphs", {
-    version: 0.1,
-    makeAboveTablePanelConfigs: () => {
-      return [
-        {
-          id: 'first-panel',
-          label: "First",
-          render: node => {
-            const description = document.createElement('p');
-            description.innerText = 'Hello world';
-            node.appendChild(description);
-          }
-        },
-        {
-          id: 'second-panel',
-          label: "Second",
-          render: node => {
-            const iframe = document.createElement('iframe');
-            iframe.src = "https://observablehq.com/embed/@d3/sortable-bar-chart?cell=viewof+order&cell=chart";
-            iframe.width = 800;
-            iframe.height = 635;
-            iframe.frameborder = '0';
-            node.appendChild(iframe);
-          }
-        },
-      ];
-    },
-  });
-
-  manager.registerPlugin("panel-plugin-maps", {
-    version: 0.1,
-    makeAboveTablePanelConfigs: () => {
-      return [
-        {
-          // ID only has to be unique within a plugin, manager namespaces for you
-          id: 'first-map-panel',
-          label: "Map plugin",
-          // datasette-vega, leafleft can provide a "render" function
-          render: node => node.innerHTML = "Here sits a map",
-        },
-        {
-          id: 'second-panel',
-          label: "Image plugin",
-          render: node => {
-            const img = document.createElement('img');
-            img.src = 'https://datasette.io/static/datasette-logo.svg'
-            node.appendChild(img);
-          },
-        }
-      ];
-    },
-  });
-
-  // Future: dispatch message to some other part of the page with CustomEvent API
-  // Could use to drive filter/sort query builder actions without  page refresh.
-}
-
-
-
-async function copyToClipboard(str) {
-  try {
-    await navigator.clipboard.writeText(str);
-  } catch (err) {
-    /** Rejected - text failed to copy to the clipboard. Browsers didn't give permission */
-    console.error('Failed to copy: ', err);
-  }
-}
diff --git a/docs/Makefile b/docs/Makefile
index a0d17c81..2b092179 100644
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -20,4 +20,4 @@ help:
 	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
 livehtml:
-	sphinx-autobuild -b html --watch ../datasette "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(0)
+	sphinx-autobuild -b html "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(0)
diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css
deleted file mode 100644
index 0a6f8799..00000000
--- a/docs/_static/css/custom.css
+++ /dev/null
@@ -1,8 +0,0 @@
-a.external {
-    overflow-wrap: anywhere;
-}
-body[data-theme="dark"] .sidebar-logo-container {
-    background-color: white;
-    padding: 5px;
-    opacity: 0.6;
-}
diff --git a/docs/_static/datasette-favicon.png b/docs/_static/datasette-favicon.png
deleted file mode 100644
index 4993163f..00000000
Binary files a/docs/_static/datasette-favicon.png and /dev/null differ
diff --git a/docs/_static/js/custom.js b/docs/_static/js/custom.js
deleted file mode 100644
index 91c3e306..00000000
--- a/docs/_static/js/custom.js
+++ /dev/null
@@ -1,23 +0,0 @@
-jQuery(function ($) {
-  // Show banner linking to /stable/ if this is a /latest/ page
-  if (!/\/latest\//.test(location.pathname)) {
-    return;
-  }
-  var stableUrl = location.pathname.replace("/latest/", "/stable/");
-  // Check it's not a 404
-  fetch(stableUrl, { method: "HEAD" }).then((response) => {
-    if (response.status == 200) {
-      var warning = $(
-        `
    
-           
    Note
    
-           
    
-             This documentation covers the development version of Datasette.
    
-             
    See this page for the current stable release.
-           
    
-        
    `
-      );
-      warning.find("a").attr("href", stableUrl);
-      $("article[role=main]").prepend(warning);
-    }
-  });
-});
diff --git a/docs/_templates/base.html b/docs/_templates/base.html
deleted file mode 100644
index 9dea86eb..00000000
--- a/docs/_templates/base.html
+++ /dev/null
@@ -1,37 +0,0 @@
-{%- extends "!base.html" %}
-
-{% block site_meta %}
-{{ super() }}
-
-{% endblock %}
-
-{% block scripts %}
-{{ super() }}
-
-{% endblock %}
diff --git a/docs/_templates/sidebar/brand.html b/docs/_templates/sidebar/brand.html
deleted file mode 100644
index 8be9e8ee..00000000
--- a/docs/_templates/sidebar/brand.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
    
-  {% block brand_content %}
-  
    
-    
-  
    
-  {%- set nav_version = version %}
-  {% if READTHEDOCS and current_version %}
-    {%- set nav_version = current_version %}
-  {% endif %}
-  {% if nav_version %}
-    
    
-      {{ nav_version }}
-    
    
-  {% endif %}
-  {% endblock brand_content %}
-
    
diff --git a/docs/_templates/sidebar/navigation.html b/docs/_templates/sidebar/navigation.html
deleted file mode 100644
index c460a17e..00000000
--- a/docs/_templates/sidebar/navigation.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
    
-  
-  {{ toctree(
-    collapse=True,
-    titles_only=False,
-    maxdepth=3,
-    includehidden=True,
-) }}
-
    
\ No newline at end of file
diff --git a/docs/advanced_export.png b/docs/advanced_export.png
new file mode 100644
index 00000000..d4349fac
Binary files /dev/null and b/docs/advanced_export.png differ
diff --git a/docs/authentication.rst b/docs/authentication.rst
deleted file mode 100644
index 8101699c..00000000
--- a/docs/authentication.rst
+++ /dev/null
@@ -1,1462 +0,0 @@
-.. _authentication:
-
-================================
- Authentication and permissions
-================================
-
-Datasette doesn't require authentication by default. Any visitor to a Datasette instance can explore the full data and execute read-only SQL queries.
-
-Datasette can be configured to only allow authenticated users, or to control which databases, tables, and queries can be accessed by the public or by specific users. Datasette's plugin system can be used to add many different styles of authentication, such as user accounts, single sign-on or API keys.
-
-.. _authentication_actor:
-
-Actors
-======
-
-Through plugins, Datasette can support both authenticated users (with cookies) and authenticated API clients (via authentication tokens). The word "actor" is used to cover both of these cases.
-
-Every request to Datasette has an associated actor value, available in the code as ``request.actor``. This can be ``None`` for unauthenticated requests, or a JSON compatible Python dictionary for authenticated users or API clients.
-
-The actor dictionary can be any shape - the design of that data structure is left up to the plugins. Actors should always include a unique ``"id"`` string, as demonstrated by the "root" actor below.
-
-Plugins can use the :ref:`plugin_hook_actor_from_request` hook to implement custom logic for authenticating an actor based on the incoming HTTP request.
-
-.. _authentication_actor_display:
-
-How actors are displayed
-------------------------
-
-In a number of places - such as the navigation menu and the ``/-/logout`` page - Datasette needs to display a short label representing the currently authenticated actor.
-
-To decide what to show, Datasette looks through the following keys in the actor dictionary and uses the value of the first one that is present and not empty:
-
-* ``display``
-* ``name``
-* ``username``
-* ``login``
-* ``id``
-
-If none of those keys have a value the actor dictionary is displayed as a string instead.
-
-.. _authentication_root:
-
-Using the "root" actor
-----------------------
-
-Datasette currently leaves almost all forms of authentication to plugins - `datasette-auth-github `__ for example.
-
-The one exception is the "root" account, which you can sign into while using Datasette on your local machine. The root user has **all permissions** - they can perform any action regardless of other permission rules.
-
-The ``--root`` flag is designed for local development and testing. When you start Datasette with ``--root``, the root user automatically receives every permission, including:
-
-* All view permissions (``view-instance``, ``view-database``, ``view-table``, etc.)
-* All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``alter-table``, ``set-column-type``, ``drop-table``)
-* Debug permissions (``permissions-debug``, ``debug-menu``)
-* Any custom permissions defined by plugins
-
-If you add explicit deny rules in ``datasette.yaml`` those can still block the
-root actor from specific databases or tables.
-
-The ``--root`` flag sets an internal ``root_enabled`` switch—without it, a signed-in user with ``{"id": "root"}`` is treated like any other actor.
-
-To sign in as root, start Datasette using the ``--root`` command-line option, like this::
-
-    datasette --root
-
-Datasette will output a single-use-only login URL on startup::
-
-    http://127.0.0.1:8001/-/auth-token?token=786fc524e0199d70dc9a581d851f466244e114ca92f33aa3b42a139e9388daa7
-    INFO:     Started server process [25801]
-    INFO:     Waiting for application startup.
-    INFO:     Application startup complete.
-    INFO:     Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit)
-
-Click on that link and then visit ``http://127.0.0.1:8001/-/actor`` to confirm that you are authenticated as an actor that looks like this:
-
-.. code-block:: json
-
-    {
-        "id": "root"
-    }
-
-.. _authentication_permissions:
-
-Permissions
-===========
-
-Datasette's permissions system is built around SQL queries. Datasette and its plugins construct SQL queries to resolve the list of resources that an actor cas access.
-
-The key question the permissions system answers is this:
-
-    Is this **actor** allowed to perform this **action**, optionally against this particular **resource**?
-
-**Actors** are :ref:`described above `.
-
-An **action** is a string describing the action the actor would like to perform. A full list is :ref:`provided below ` - examples include ``view-table`` and ``execute-sql``.
-
-A **resource** is the item the actor wishes to interact with - for example a specific database or table. Some actions, such as ``permissions-debug``, are not associated with a particular resource.
-
-Datasette's built-in view actions (``view-database``, ``view-table`` etc) are allowed by Datasette's default configuration: unless you :ref:`configure additional permission rules ` unauthenticated users will be allowed to access content.
-
-Other actions, including those introduced by plugins, will default to *deny*.
-
-.. _authentication_default_deny:
-
-Denying all permissions by default
-----------------------------------
-
-By default, Datasette allows unauthenticated access to view databases, tables, and execute SQL queries.
-
-You may want to run Datasette in a mode where **all** access is denied by default, and you explicitly grant permissions only to authenticated users, either using the :ref:`--root mechanism ` or through :ref:`configuration file rules ` or plugins.
-
-Use the ``--default-deny`` command-line option to run Datasette in this mode::
-
-    datasette --default-deny data.db --root
-
-With ``--default-deny`` enabled:
-
-* Anonymous users are denied access to view the instance, databases, tables, and queries
-* Authenticated users are also denied access unless they're explicitly granted permissions
-* The root user (when using ``--root``) still has access to everything
-* You can grant permissions using :ref:`configuration file rules ` or plugins
-
-For example, to allow only a specific user to access your instance::
-
-    datasette --default-deny data.db --config datasette.yaml
-
-Where ``datasette.yaml`` contains:
-
-.. code-block:: yaml
-
-    allow:
-      id: alice
-
-This configuration will deny access to everyone except the user with ``id`` of ``alice``.
-
-.. _authentication_permissions_explained:
-
-How permissions are resolved
-----------------------------
-
-Datasette performs permission checks using the internal :ref:`datasette_allowed`, method which accepts keyword arguments for ``action``, ``resource`` and an optional ``actor``.
-
-``resource`` should be an instance of the appropriate ``Resource`` subclass from :mod:`datasette.resources`—for example ``InstanceResource()``, ``DatabaseResource(database="...``)`` or ``TableResource(database="...", table="...")``. This defaults to ``InstanceResource()`` if not specified.
-
-When a check runs Datasette gathers allow/deny rules from multiple sources and
-compiles them into a SQL query. The resulting query describes all of the
-resources an actor may access for that action, together with the reasons those
-resources were allowed or denied. The combined sources are:
-
-* ``allow`` blocks configured in :ref:`datasette.yaml `.
-* :ref:`Actor restrictions ` encoded into the actor dictionary or API token.
-* The "root" user shortcut when ``--root`` (or :attr:`Datasette.root_enabled `) is active, replying ``True`` to all permission chucks unless configuration rules deny them at a more specific level.
-* Any additional SQL provided by plugins implementing :ref:`plugin_hook_permission_resources_sql`.
-
-Datasette evaluates the SQL to determine if the requested ``resource`` is
-included. Explicit deny rules returned by configuration or plugins will block
-access even if other rules allowed it.
-
-.. _authentication_permissions_allow:
-
-Defining permissions with "allow" blocks
-----------------------------------------
-
-One way to define permissions in Datasette is to use an ``"allow"`` block :ref:`in the datasette.yaml file `. This is a JSON document describing which actors are allowed to perform an action against a specific resource.
-
-Each ``allow`` block is compiled into SQL and combined with any
-:ref:`plugin-provided rules ` to produce
-the cascading allow/deny decisions that power :ref:`datasette_allowed`.
-
-The most basic form of allow block is this (`allow demo `__, `deny demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow:
-          id: root
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow:
-          id: root
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": {
-            "id": "root"
-          }
-        }
-.. [[[end]]]
-
-This will match any actors with an ``"id"`` property of ``"root"`` - for example, an actor that looks like this:
-
-.. code-block:: json
-
-    {
-        "id": "root",
-        "name": "Root User"
-    }
-
-An allow block can specify "deny all" using ``false`` (`demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow: false
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow: false
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": false
-        }
-.. [[[end]]]
-
-An ``"allow"`` of ``true`` allows all access (`demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow: true
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow: true
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": true
-        }
-.. [[[end]]]
-
-Allow keys can provide a list of values. These will match any actor that has any of those values (`allow demo `__, `deny demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow:
-          id:
-          - simon
-          - cleopaws
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow:
-          id:
-          - simon
-          - cleopaws
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": {
-            "id": [
-              "simon",
-              "cleopaws"
-            ]
-          }
-        }
-.. [[[end]]]
-
-This will match any actor with an ``"id"`` of either ``"simon"`` or ``"cleopaws"``.
-
-Actors can have properties that feature a list of values. These will be matched against the list of values in an allow block. Consider the following actor:
-
-.. code-block:: json
-
-      {
-          "id": "simon",
-          "roles": ["staff", "developer"]
-      }
-
-This allow block will provide access to any actor that has ``"developer"`` as one of their roles (`allow demo `__, `deny demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow:
-          roles:
-          - developer
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow:
-          roles:
-          - developer
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": {
-            "roles": [
-              "developer"
-            ]
-          }
-        }
-.. [[[end]]]
-
-Note that "roles" is not a concept that is baked into Datasette - it's a convention that plugins can choose to implement and act on.
-
-If you want to provide access to any actor with a value for a specific key, use ``"*"``. For example, to match any logged-in user specify the following (`allow demo `__, `deny demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow:
-          id: "*"
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow:
-          id: "*"
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": {
-            "id": "*"
-          }
-        }
-.. [[[end]]]
-
-You can specify that only unauthenticated actors (from anonymous HTTP requests) should be allowed access using the special ``"unauthenticated": true`` key in an allow block (`allow demo `__, `deny demo `__):
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow:
-          unauthenticated: true
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow:
-          unauthenticated: true
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": {
-            "unauthenticated": true
-          }
-        }
-.. [[[end]]]
-
-Allow keys act as an "or" mechanism. An actor will be able to execute the query if any of their JSON properties match any of the values in the corresponding lists in the ``allow`` block. The following block will allow users with either a ``role`` of ``"ops"`` OR users who have an ``id`` of ``"simon"`` or ``"cleopaws"``:
-
-.. [[[cog
-    from metadata_doc import config_example
-    import textwrap
-    config_example(cog, textwrap.dedent(
-      """
-        allow:
-          id:
-          - simon
-          - cleopaws
-          role: ops
-        """).strip(),
-        "YAML", "JSON"
-      )
-.. ]]]
-
-.. tab:: YAML
-
-    .. code-block:: yaml
-
-        allow:
-          id:
-          - simon
-          - cleopaws
-          role: ops
-
-.. tab:: JSON
-
-    .. code-block:: json
-
-        {
-          "allow": {
-            "id": [
-              "simon",
-              "cleopaws"
-            ],
-            "role": "ops"
-          }
-        }
-.. [[[end]]]
-
-`Demo for cleopaws `__, `demo for ops role `__, `demo for an actor matching neither rule `__.
-
-.. _AllowDebugView:
-
-The /-/allow-debug tool
------------------------
-
-The ``/-/allow-debug`` tool lets you try out different  ``"action"`` blocks against different ``"actor"`` JSON objects. You can try that out here: https://latest.datasette.io/-/allow-debug
-
-.. _authentication_permissions_config:
-
-Access permissions in ``datasette.yaml``
-========================================
-
-There are two ways to configure permissions using ``datasette.yaml`` (or ``datasette.json``).
-
-For simple visibility permissions you can use ``"allow"`` blocks in the root, database, table and query sections.
-
-For other permissions you can use a ``"permissions"`` block, described :ref:`in the next section `.
-
-You can limit who is allowed to view different parts of your Datasette instance using ``"allow"`` keys in your :ref:`configuration`.
-
-You can control the following:
-
-* Access to the entire Datasette instance
-* Access to specific databases
-* Access to specific tables and views
-* Access to specific :ref:`queries `
-
-If a user has permission to view a table they will be able to view that table, independent of if they have permission to view the database or instance that the table exists within.
-
-.. _authentication_permissions_instance:
-
-Access to an instance
----------------------
-
-Here's how to restrict access to your entire Datasette instance to just the ``"id": "root"`` user:
-
-.. [[[cog
-    from metadata_doc import config_example
-    config_example(cog, """
-        title: My private Datasette instance
-        allow:
-          id: root
-      """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            title: My private Datasette instance
-            allow:
-              id: root
-  
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "title": "My private Datasette instance",
-          "allow": {
-            "id": "root"
-          }
-        }
-.. [[[end]]]
-
-To deny access to all users, you can use ``"allow": false``:
-
-.. [[[cog
-    config_example(cog, """
-        title: My entirely inaccessible instance
-        allow: false
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            title: My entirely inaccessible instance
-            allow: false
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "title": "My entirely inaccessible instance",
-          "allow": false
-        }
-.. [[[end]]]
-
-One reason to do this is if you are using a Datasette plugin - such as `datasette-permissions-sql `__ - to control permissions instead.
-
-.. _authentication_permissions_database:
-
-Access to specific databases
-----------------------------
-
-To limit access to a specific ``private.db`` database to just authenticated users, use the ``"allow"`` block like this:
-
-.. [[[cog
-    config_example(cog, """
-        databases:
-          private:
-            allow:
-              id: "*"
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            databases:
-              private:
-                allow:
-                  id: "*"
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "databases": {
-            "private": {
-              "allow": {
-                "id": "*"
-              }
-            }
-          }
-        }
-.. [[[end]]]
-
-.. _authentication_permissions_table:
-
-Access to specific tables and views
------------------------------------
-
-To limit access to the ``users`` table in your ``bakery.db`` database:
-
-.. [[[cog
-    config_example(cog, """
-        databases:
-          bakery:
-            tables:
-              users:
-                allow:
-                  id: '*'
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            databases:
-              bakery:
-                tables:
-                  users:
-                    allow:
-                      id: '*'
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "databases": {
-            "bakery": {
-              "tables": {
-                "users": {
-                  "allow": {
-                    "id": "*"
-                  }
-                }
-              }
-            }
-          }
-        }
-.. [[[end]]]
-
-This works for SQL views as well - you can list their names in the ``"tables"`` block above in the same way as regular tables.
-
-.. warning::
-    Restricting access to tables and views in this way will NOT prevent users from querying them using arbitrary SQL queries, `like this `__ for example.
-
-    If you are restricting access to specific tables you should also use the ``"allow_sql"`` block to prevent users from bypassing the limit with their own SQL queries - see :ref:`authentication_permissions_execute_sql`.
-
-.. _authentication_permissions_query:
-
-Access to specific queries
---------------------------
-
-:ref:`Queries ` allow you to configure named SQL queries in your ``datasette.yaml`` that can be executed by users. These queries can be set up to both read and write to the database, so controlling who can execute them can be important.
-
-To limit access to the ``add_name`` query in your ``dogs.db`` database to just the :ref:`root user`:
-
-.. [[[cog
-    config_example(cog, """
-        databases:
-          dogs:
-            queries:
-              add_name:
-                sql: INSERT INTO names (name) VALUES (:name)
-                write: true
-                allow:
-                  id:
-                  - root
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            databases:
-              dogs:
-                queries:
-                  add_name:
-                    sql: INSERT INTO names (name) VALUES (:name)
-                    write: true
-                    allow:
-                      id:
-                      - root
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "databases": {
-            "dogs": {
-              "queries": {
-                "add_name": {
-                  "sql": "INSERT INTO names (name) VALUES (:name)",
-                  "write": true,
-                  "allow": {
-                    "id": [
-                      "root"
-                    ]
-                  }
-                }
-              }
-            }
-          }
-        }
-.. [[[end]]]
-
-.. _authentication_permissions_execute_sql:
-
-Controlling the ability to execute arbitrary SQL
-------------------------------------------------
-
-Datasette defaults to allowing any site visitor to execute their own custom SQL queries, for example using the form on `the database page `__ or by appending a ``?_where=`` parameter to the table page `like this `__.
-
-Access to this ability is controlled by the :ref:`actions_execute_sql` permission.
-
-The easiest way to disable arbitrary SQL queries is using the :ref:`default_allow_sql setting ` when you first start Datasette running.
-
-You can alternatively use an ``"allow_sql"`` block to control who is allowed to execute arbitrary SQL queries.
-
-To prevent any user from executing arbitrary SQL queries, use this:
-
-.. [[[cog
-    config_example(cog, """
-        allow_sql: false
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            allow_sql: false
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "allow_sql": false
-        }
-.. [[[end]]]
-
-To enable just the :ref:`root user` to execute SQL for all databases in your instance, use the following:
-
-.. [[[cog
-    config_example(cog, """
-        allow_sql:
-          id: root
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            allow_sql:
-              id: root
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "allow_sql": {
-            "id": "root"
-          }
-        }
-.. [[[end]]]
-
-To limit this ability for just one specific database, use this:
-
-.. [[[cog
-    config_example(cog, """
-        databases:
-          mydatabase:
-            allow_sql:
-              id: root
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            databases:
-              mydatabase:
-                allow_sql:
-                  id: root
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "databases": {
-            "mydatabase": {
-              "allow_sql": {
-                "id": "root"
-              }
-            }
-          }
-        }
-.. [[[end]]]
-
-.. _authentication_permissions_other:
-
-Other permissions in ``datasette.yaml``
-=======================================
-
-For all other permissions, you can use one or more ``"permissions"`` blocks in your ``datasette.yaml`` configuration file.
-
-To grant access to the :ref:`permissions debug tool ` to all signed in users, you can grant ``permissions-debug`` to any actor with an ``id`` matching the wildcard ``*`` by adding this a the root of your configuration:
-
-.. [[[cog
-    config_example(cog, """
-        permissions:
-          debug-menu:
-            id: '*'
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            permissions:
-              debug-menu:
-                id: '*'
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "permissions": {
-            "debug-menu": {
-              "id": "*"
-            }
-          }
-        }
-.. [[[end]]]
-
-To grant ``create-table`` to the user with ``id`` of ``editor`` for the ``docs`` database:
-
-.. [[[cog
-    config_example(cog, """
-        databases:
-          docs:
-            permissions:
-              create-table:
-                id: editor
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            databases:
-              docs:
-                permissions:
-                  create-table:
-                    id: editor
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "databases": {
-            "docs": {
-              "permissions": {
-                "create-table": {
-                  "id": "editor"
-                }
-              }
-            }
-          }
-        }
-.. [[[end]]]
-
-Other table-scoped write permissions, including ``set-column-type``, can be configured in the same place.
-
-And for ``insert-row`` against the ``reports`` table in that ``docs`` database:
-
-.. [[[cog
-    config_example(cog, """
-        databases:
-          docs:
-            tables:
-              reports:
-                permissions:
-                  insert-row:
-                    id: editor
-    """)
-.. ]]]
-
-.. tab:: datasette.yaml
-
-    .. code-block:: yaml
-
-
-            databases:
-              docs:
-                tables:
-                  reports:
-                    permissions:
-                      insert-row:
-                        id: editor
-
-
-.. tab:: datasette.json
-
-    .. code-block:: json
-
-        {
-          "databases": {
-            "docs": {
-              "tables": {
-                "reports": {
-                  "permissions": {
-                    "insert-row": {
-                      "id": "editor"
-                    }
-                  }
-                }
-              }
-            }
-          }
-        }
-.. [[[end]]]
-
-The :ref:`permissions debug tool ` can be useful for helping test permissions that you have configured in this way.
-
-.. _CreateTokenView:
-
-API Tokens
-==========
-
-Datasette includes a default mechanism for generating API tokens that can be used to authenticate requests.
-
-Authenticated users can create new API tokens using a form on the ``/-/create-token`` page.
-
-Tokens created in this way can be further restricted to only allow access to specific actions, or to limit those actions to specific databases, tables or queries.
-
-Created tokens can then be passed in the ``Authorization: Bearer $token`` header of HTTP requests to Datasette.
-
-A token created by a user will include that user's ``"id"`` in the token payload, so any permissions granted to that user based on their ID can be made available to the token as well.
-
-When one of these a token accompanies a request, the actor for that request will have the following shape:
-
-.. code-block:: json
-
-    {
-        "id": "user_id",
-        "token": "dstok",
-        "token_expires": 1667717426
-    }
-
-The ``"id"`` field duplicates the ID of the actor who first created the token.
-
-The ``"token"`` field identifies that this actor was authenticated using a Datasette signed token (``dstok``).
-
-The ``"token_expires"`` field, if present, indicates that the token will expire after that integer timestamp.
-
-The ``/-/create-token`` page cannot be accessed by actors that are authenticated with a ``"token": "some-value"`` property. This is to prevent API tokens from being used to create more tokens.
-
-Datasette plugins that implement their own form of API token authentication should follow this convention.
-
-You can disable the signed token feature entirely using the :ref:`allow_signed_tokens ` setting.
-
-.. _authentication_cli_create_token:
-
-datasette create-token
-----------------------
-
-You can also create tokens on the command line using the ``datasette create-token`` command.
-
-This command takes one required argument - the ID of the actor to be associated with the created token.
-
-You can specify a ``-e/--expires-after`` option in seconds. If omitted, the token will never expire.
-
-The command will sign the token using the ``DATASETTE_SECRET`` environment variable, if available. You can also pass the secret using the ``--secret`` option.
-
-This means you can run the command locally to create tokens for use with a deployed Datasette instance, provided you know that instance's secret.
-
-To create a token for the ``root`` actor that will expire in one hour::
-
-    datasette create-token root --expires-after 3600
-
-To create a token that never expires using a specific secret::
-
-    datasette create-token root --secret my-secret-goes-here
-
-.. _authentication_cli_create_token_restrict:
-
-Restricting the actions that a token can perform
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Tokens created using ``datasette create-token ACTOR_ID`` will inherit all of the permissions of the actor that they are associated with.
-
-You can pass additional options to create tokens that are restricted to a subset of that actor's permissions.
-
-To restrict the token to just specific permissions against all available databases, use the ``--all`` option::
-
-    datasette create-token root --all insert-row --all update-row
-
-This option can be passed as many times as you like. In the above example the token will only be allowed to insert and update rows.
-
-You can also restrict permissions such that they can only be used within specific databases::
-
-    datasette create-token root --database mydatabase insert-row
-
-The resulting token will only be able to insert rows, and only to tables in the ``mydatabase`` database.
-
-Finally, you can restrict permissions to individual resources - tables, SQL views and :ref:`named queries ` - within a specific database::
-
-    datasette create-token root --resource mydatabase mytable insert-row
-
-These options have short versions: ``-a`` for ``--all``, ``-d`` for ``--database`` and ``-r`` for ``--resource``.
-
-You can add ``--debug`` to see a JSON representation of the token that has been created. Here's a full example::
-
-    datasette create-token root \
-        --secret mysecret \
-        --all view-instance \
-        --all view-table \
-        --database docs view-query \
-        --resource docs documents insert-row \
-        --resource docs documents update-row \
-        --debug
-
-This example outputs the following::
-
-    dstok_.eJxFizEKgDAMRe_y5w4qYrFXERGxDkVsMI0uxbubdjFL8l_ez1jhwEQCA6Fjjxp90qtkuHawzdjYrh8MFobLxZ_wBH0_gtnAF-hpS5VfmF8D_lnd97lHqUJgLd6sls4H1qwlhA.nH_7RecYHj5qSzvjhMU95iy0Xlc
-
-    Decoded:
-
-    {
-      "a": "root",
-      "token": "dstok",
-      "t": 1670907246,
-      "_r": {
-        "a": [
-          "vi",
-          "vt"
-        ],
-        "d": {
-          "docs": [
-            "vq"
-          ]
-        },
-        "r": {
-          "docs": {
-            "documents": [
-              "ir",
-              "ur"
-            ]
-          }
-        }
-      }
-    }
-
-Restrictions act as an allowlist layered on top of the actor's existing
-permissions. They can only remove access the actor would otherwise have—they
-cannot grant new access. If the underlying actor is denied by ``allow`` rules in
-``datasette.yaml`` or by a plugin, a token that lists that resource in its
-``"_r"`` section will still be denied.
-
-To create tokens with restrictions in Python code, use the :ref:`TokenRestrictions ` builder and pass it to :ref:`datasette.create_token() `.
-
-.. _permissions_plugins:
-
-Checking permissions in plugins
-===============================
-
-Datasette plugins can check if an actor has permission to perform an action using :ref:`datasette_allowed`—for example::
-
-    from datasette.resources import TableResource
-
-    can_edit = await datasette.allowed(
-        action="update-row",
-        resource=TableResource(database="fixtures", table="facetable"),
-        actor=request.actor,
-    )
-
-Use :ref:`datasette_ensure_permission` when you need to enforce a permission and
-raise a ``Forbidden`` error automatically.
-
-Plugins that define new operations should return :class:`~datasette.permissions.Action`
-objects from :ref:`plugin_register_actions` and can supply additional allow/deny
-rules by returning :class:`~datasette.permissions.PermissionSQL` objects from the
-:ref:`plugin_hook_permission_resources_sql` hook. Those rules are merged with
-configuration ``allow`` blocks and actor restrictions to determine the final
-result for each check.
-
-.. _authentication_actor_matches_allow:
-
-actor_matches_allow()
-=====================
-
-Plugins that wish to implement this same ``"allow"`` block permissions scheme can take advantage of the ``datasette.utils.actor_matches_allow(actor, allow)`` function:
-
-.. code-block:: python
-
-    from datasette.utils import actor_matches_allow
-
-    actor_matches_allow({"id": "root"}, {"id": "*"})
-    # returns True
-
-The currently authenticated actor is made available to plugins as ``request.actor``.
-
-.. _PermissionsDebugView:
-
-Permissions debug tools
-=======================
-
-The debug tool at ``/-/permissions`` is available to any actor with the ``permissions-debug`` permission. By default this is just the :ref:`authenticated root user ` but you can open it up to all users by starting Datasette like this::
-
-    datasette -s permissions.permissions-debug true data.db
-
-The page shows the permission checks that have been carried out by the Datasette instance.
-
-It also provides an interface for running hypothetical permission checks against a hypothetical actor. This is a useful way of confirming that your configured permissions work in the way you expect.
-
-This is designed to help administrators and plugin authors understand exactly how permission checks are being carried out, in order to effectively configure Datasette's permission system.
-
-.. _AllowedResourcesView:
-
-Allowed resources view
-----------------------
-
-The ``/-/allowed`` endpoint displays resources that the current actor can access for a specified ``action``.
-
-This endpoint provides an interactive HTML form interface. Add ``.json`` to the URL path (e.g. ``/-/allowed.json``) to get the raw JSON response instead.
-
-Pass ``?action=view-table`` (or another action) to select the action. Optional ``parent=`` and ``child=`` query parameters can narrow the results to a specific database/table pair.
-
-This endpoint is publicly accessible to help users understand their own permissions. The potentially sensitive ``reason`` field is only shown to users with the ``permissions-debug`` permission - it shows the plugins and explanatory reasons that were responsible for each decision.
-
-.. _PermissionRulesView:
-
-Permission rules view
----------------------
-
-The ``/-/rules`` endpoint displays all permission rules (both allow and deny) for each candidate resource for the requested action.
-
-This endpoint provides an interactive HTML form interface. Add ``.json`` to the URL path (e.g. ``/-/rules.json?action=view-table``) to get the raw JSON response instead.
-
-Pass ``?action=`` as a query parameter to specify which action to check.
-
-This endpoint requires the ``permissions-debug`` permission.
-
-.. _PermissionCheckView:
-
-Permission check view
----------------------
-
-The ``/-/check`` endpoint evaluates a single action/resource pair and returns information indicating whether the access was allowed along with diagnostic information.
-
-This endpoint provides an interactive HTML form interface. Add ``.json`` to the URL path (e.g. ``/-/check.json?action=view-instance``) to get the raw JSON response instead.
-
-Pass ``?action=`` to specify the action to check, and optional ``?parent=`` and ``?child=`` parameters to specify the resource.
-
-.. _authentication_ds_actor:
-
-The ds_actor cookie
-===================
-
-Datasette includes a default authentication plugin which looks for a signed ``ds_actor`` cookie containing a JSON actor dictionary. This is how the :ref:`root actor ` mechanism works.
-
-Authentication plugins can set signed ``ds_actor`` cookies themselves like so:
-
-.. code-block:: python
-
-    response = Response.redirect("/")
-    datasette.set_actor_cookie(response, {"id": "cleopaws"})
-
-The shape of data encoded in the cookie is as follows:
-
-.. code-block:: json
-
-    {
-      "a": {
-        "id": "cleopaws"
-      }
-    }
-
-To implement logout in a plugin, use the ``delete_actor_cookie()`` method:
-
-.. code-block:: python
-
-    response = Response.redirect("/")
-    datasette.delete_actor_cookie(response)
-
-.. _authentication_ds_actor_expiry:
-
-Including an expiry time
-------------------------
-
-``ds_actor`` cookies can optionally include a signed expiry timestamp, after which the cookies will no longer be valid. Authentication plugins may chose to use this mechanism to limit the lifetime of the cookie. For example, if a plugin implements single-sign-on against another source it may decide to set short-lived cookies so that if the user is removed from the SSO system their existing Datasette cookies will stop working shortly afterwards.
-
-To include an expiry pass ``expire_after=`` to ``datasette.set_actor_cookie()`` with a number of seconds. For example, to expire in 24 hours:
-
-.. code-block:: python
-
-    response = Response.redirect("/")
-    datasette.set_actor_cookie(
-        response, {"id": "cleopaws"}, expire_after=60 * 60 * 24
-    )
-
-The resulting cookie will encode data that looks something like this:
-
-.. code-block:: json
-
-    {
-      "a": {
-        "id": "cleopaws"
-      },
-      "e": "1jjSji"
-    }
-
-.. _LogoutView:
-
-The /-/logout page
-------------------
-
-The page at ``/-/logout`` provides the ability to log out of a ``ds_actor`` cookie authentication session.
-
-.. _actions:
-
-Built-in actions
-================
-
-This section lists all of the permission checks that are carried out by Datasette core, along with the ``resource`` if it was passed.
-
-.. _actions_view_instance:
-
-view-instance
--------------
-
-Top level permission - Actor is allowed to view any pages within this instance, starting at https://latest.datasette.io/
-
-.. _actions_view_database:
-
-view-database
--------------
-
-Actor is allowed to view a database page, e.g. https://latest.datasette.io/fixtures
-
-``resource`` - ``datasette.permissions.DatabaseResource(database)``
-    ``database`` is the name of the database (string)
-
-.. _actions_view_database_download:
-
-view-database-download
-----------------------
-
-Actor is allowed to download a database, e.g. https://latest.datasette.io/fixtures.db
-
-``resource`` - ``datasette.resources.DatabaseResource(database)``
-    ``database`` is the name of the database (string)
-
-.. _actions_view_table:
-
-view-table
-----------
-
-Actor is allowed to view a table (or view) page, e.g. https://latest.datasette.io/fixtures/complex_foreign_keys
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_view_query:
-
-view-query
-----------
-
-Actor is allowed to view a stored query page, e.g. https://latest.datasette.io/fixtures/pragma_cache_size. Executing an untrusted stored query also requires ``execute-sql`` or the relevant write permissions; :ref:`trusted stored queries ` can execute with ``view-query`` alone.
-
-``resource`` - ``datasette.resources.QueryResource(database, query)``
-    ``database`` is the name of the database (string)
-
-    ``query`` is the name of the query (string)
-
-.. _actions_store_query:
-
-store-query
------------
-
-Actor is allowed to create stored queries against a database.
-
-``resource`` - ``datasette.resources.DatabaseResource(database)``
-    ``database`` is the name of the database (string)
-
-.. _actions_update_query:
-
-update-query
-------------
-
-Actor is allowed to update a stored query.
-
-``resource`` - ``datasette.resources.QueryResource(database, query)``
-    ``database`` is the name of the database (string)
-
-    ``query`` is the name of the query (string)
-
-.. _actions_delete_query:
-
-delete-query
-------------
-
-Actor is allowed to delete a stored query.
-
-``resource`` - ``datasette.resources.QueryResource(database, query)``
-    ``database`` is the name of the database (string)
-
-    ``query`` is the name of the query (string)
-
-.. _actions_insert_row:
-
-insert-row
-----------
-
-Actor is allowed to insert rows into a table.
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_delete_row:
-
-delete-row
-----------
-
-Actor is allowed to delete rows from a table.
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_update_row:
-
-update-row
-----------
-
-Actor is allowed to update rows in a table.
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_create_table:
-
-create-table
-------------
-
-Actor is allowed to create a database table.
-
-``resource`` - ``datasette.resources.DatabaseResource(database)``
-    ``database`` is the name of the database (string)
-
-.. _actions_alter_table:
-
-alter-table
------------
-
-Actor is allowed to alter a database table.
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_set_column_type:
-
-set-column-type
----------------
-
-Actor is allowed to set assigned :ref:`column types ` for columns in a table.
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_drop_table:
-
-drop-table
-----------
-
-Actor is allowed to drop a database table.
-
-``resource`` - ``datasette.resources.TableResource(database, table)``
-    ``database`` is the name of the database (string)
-
-    ``table`` is the name of the table (string)
-
-.. _actions_execute_sql:
-
-execute-sql
------------
-
-Actor is allowed to run arbitrary read-only SQL queries against a specific database using the :ref:`custom SQL query page `, e.g. https://latest.datasette.io/fixtures/-/query?sql=select+100
-
-``resource`` - ``datasette.resources.DatabaseResource(database)``
-    ``database`` is the name of the database (string)
-
-See also :ref:`the default_allow_sql setting `.
-
-.. _actions_execute_write_sql:
-
-execute-write-sql
------------------
-
-Actor is allowed to run arbitrary writable SQL queries against a specific database using the :ref:`write SQL queries page `, subject to table-level write permissions such as ``insert-row``, ``update-row`` and ``delete-row``. SQL functions are allowed and are not separately restricted by Datasette permissions.
-
-``resource`` - ``datasette.resources.DatabaseResource(database)``
-    ``database`` is the name of the database (string)
-
-.. _actions_permissions_debug:
-
-permissions-debug
------------------
-
-Actor is allowed to view the ``/-/permissions`` debug tools.
-
-.. _actions_debug_menu:
-
-debug-menu
-----------
-
-Controls if the various debug pages are displayed in the jump menu.
diff --git a/docs/binary_data.rst b/docs/binary_data.rst
deleted file mode 100644
index 0c890fe5..00000000
--- a/docs/binary_data.rst
+++ /dev/null
@@ -1,68 +0,0 @@
-.. _binary:
-
-=============
- Binary data
-=============
-
-SQLite tables can contain binary data in ``BLOB`` columns.
-
-Datasette includes special handling for these binary values. The Datasette interface detects binary values and provides a link to download their content, for example on https://latest.datasette.io/fixtures/binary_data
-
-.. image:: https://raw.githubusercontent.com/simonw/datasette-screenshots/0.62/binary-data.png
-   :width: 311px
-   :alt: Screenshot showing download links next to binary data in the table view
-
-Binary data is represented in ``.json`` exports using Base64 encoding.
-
-https://latest.datasette.io/fixtures/binary_data.json?_shape=array
-
-.. code-block:: json
-
-    [
-        {
-            "rowid": 1,
-            "data": {
-                "$base64": true,
-                "encoded": "FRwCx60F/g=="
-            }
-        },
-        {
-            "rowid": 2,
-            "data": {
-                "$base64": true,
-                "encoded": "FRwDx60F/g=="
-            }
-        },
-        {
-            "rowid": 3,
-            "data": null
-        }
-    ]
-
-.. _binary_linking:
-
-Linking to binary downloads
----------------------------
-
-The ``.blob`` output format is used to return binary data. It requires a ``_blob_column=`` query string argument specifying which BLOB column should be downloaded, for example:
-
-https://latest.datasette.io/fixtures/binary_data/1.blob?_blob_column=data
-
-This output format can also be used to return binary data from an arbitrary SQL query. Since such queries do not specify an exact row, an additional ``?_blob_hash=`` parameter can be used to specify the SHA-256 hash of the value that is being linked to.
-
-Consider the query ``select data from binary_data`` - `demonstrated here `__.
-
-That page links to the binary value downloads. Those links look like this:
-
-https://latest.datasette.io/fixtures.blob?sql=select+data+from+binary_data&_blob_column=data&_blob_hash=f3088978da8f9aea479ffc7f631370b968d2e855eeb172bea7f6c7a04262bb6d
-
-These ``.blob`` links are also returned in the ``.csv`` exports Datasette provides for binary tables and queries, since the CSV format does not have a mechanism for representing binary data.
-
-Binary plugins
---------------
-
-Several Datasette plugins are available that change the way Datasette treats binary data.
-
-- `datasette-render-binary `__ modifies Datasette's default interface to show an automatic guess at what type of binary data is being stored, along with a visual representation of the binary value that displays ASCII strings directly in the interface.
-- `datasette-render-images `__ detects common image formats and renders them as images directly in the Datasette interface.
-- `datasette-media `__ allows Datasette interfaces to be configured to serve binary files from configured SQL queries, and includes the ability to resize images directly before serving them.
diff --git a/docs/changelog.rst b/docs/changelog.rst
index ec32b57e..80be3c80 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -4,1966 +4,14 @@
 Changelog
 =========
 
-.. _v1_0_a35:
-
-1.0a35 (2026-06-23)
--------------------
-
-This release adds UI for **creating tables** and **altering tables**, to complement the insert and update row interfaces added in :ref:`v1_0_a34`.
-
-- New "Create table" interface in the database actions menu, backed by the ``//-/create`` :ref:`JSON API `. It can define columns, primary keys, custom column types, ``NOT NULL`` constraints, literal defaults, expression defaults and single-column foreign keys. (:issue:`2787`)
-- New "Alter table" table action and ``///-/alter`` :ref:`JSON API ` for changing existing tables: add, rename, reorder and drop columns; change column types, defaults, ``NOT NULL`` constraints, primary keys and foreign keys; and rename the table. The alter table dialog also includes a "Drop table" button. (:issue:`2788`)
-- New ``//-/foreign-key-targets`` and ``//
    /-/foreign-key-suggestions`` JSON APIs for discovering valid single-column foreign key targets and suggested relationships.
-- New :ref:`template_context` documentation listing the variables available to custom templates for Datasette's core pages. Variables documented there are treated as a stable API for custom templates until Datasette 2.0. The documentation is generated from dataclass definitions next to the view code, with tests that compare the documented fields against the actual contexts rendered by the database, table, query and row pages. (:issue:`1510`, :issue:`2127`, :issue:`1477`, :pr:`2803`)
-- The "Write to this database" page now includes a Create table starter template, alongside the existing Insert, Update and Delete templates. (:pr:`2794`)
-- New ``static()`` template function and ``datasette.static()`` method for generating cache-busting static asset URLs based on the file contents. Static assets served with a matching ``?_hash=`` parameter now receive far-future immutable cache headers. This works for Datasette's bundled static assets, plugin static assets and directories mounted using ``--static``. See :ref:`customization_static_files`.
-- Database and table pages now use the ``count_truncated`` template context value to display capped row counts as ``>N rows``.
-- Significant visual improvements to the table filter form UI, plus working add/remove filter buttons. (:issue:`2798`)
-- Improved edit row icon on table pages. (:issue:`2796`)
-- Documentation covers how actors are displayed. Thanks, `Sebastian Cao `__. (:issue:`2002`)
-- Fix for bug where appending ``?_col=pk`` resulted in duplicate primary key columns in the response. Thanks, `Ritesh Kewlani `__. (:issue:`1975`)
-
-.. _v1_0_a34:
-
-1.0a34 (2026-06-16)
--------------------
-
-The big feature in this alpha is tools to **insert, edit and delete** rows within the Datasette interface. These features are available on table pages, and edit and delete are also available as action items on the row page.
-
-The edit interface takes :ref:`custom column types ` into account. Plugins that define their own column types can use JavaScript to customize how those column types are presented in the edit interface.
-
-- ``datasette.allowed_many()`` method for :ref:`resolving multiple permission checks at once `. (:pr:`2775`)
-- Permission checks are now cached on a per-request basis, speeding up table pages with multiple plugins that check permissions in order to populate the :ref:`table actions menu `.
-- Fixed a warning about ``gen.throw(*sys.exc_info())``. (:issue:`2776`)
-- New default custom column type ``textarea`` for multi-line text content. This is rendered as a ``\n'
-            ""
-        ),
-        "status": 400,
-        "title": "SQL Interrupted",
-    }
+    assert "SQL Interrupted" == response.json["title"]
 
 
-@pytest.mark.asyncio
-async def test_custom_sql_time_limit(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?sql=select+sleep(0.01)",
+def test_custom_sql_time_limit(app_client):
+    response = app_client.get("/fixtures.json?sql=select+sleep(0.01)")
+    assert 200 == response.status
+    response = app_client.get("/fixtures.json?sql=select+sleep(0.01)&_timelimit=5")
+    assert 400 == response.status
+    assert "SQL Interrupted" == response.json["title"]
+
+
+def test_invalid_custom_sql(app_client):
+    response = app_client.get("/fixtures.json?sql=.schema")
+    assert response.status == 400
+    assert response.json["ok"] is False
+    assert "Statement must be a SELECT" == response.json["error"]
+
+
+def test_allow_sql_off():
+    for client in make_app_client(config={"allow_sql": False}):
+        response = client.get("/fixtures.json?sql=select+sleep(0.01)")
+        assert 400 == response.status
+        assert "sql= is not allowed" == response.json["error"]
+
+
+def test_table_json(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=objects")
+    assert response.status == 200
+    data = response.json
+    assert (
+        data["query"]["sql"]
+        == "select id, content from simple_primary_key order by id limit 51"
     )
-    assert response.status_code == 200
-    response = await ds_client.get(
-        "/fixtures/-/query.json?sql=select+sleep(0.01)&_timelimit=5",
-    )
-    assert response.status_code == 400
-    assert response.json()["title"] == "SQL Interrupted"
-
-
-@pytest.mark.asyncio
-async def test_invalid_custom_sql(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?sql=.schema",
-    )
-    assert response.status_code == 400
-    assert response.json()["ok"] is False
-    assert "Statement must be a SELECT" == response.json()["error"]
-
-
-@pytest.mark.asyncio
-async def test_row(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key/1.json?_shape=objects")
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-    assert response.json()["rows"] == [{"id": 1, "content": "hello"}]
-
-
-@pytest.mark.asyncio
-async def test_row_strange_table_name(ds_client):
-    response = await ds_client.get(
-        "/fixtures/table~2Fwith~2Fslashes~2Ecsv/3.json?_shape=objects"
-    )
-    assert response.status_code == 200
-    assert response.json()["rows"] == [{"pk": "3", "content": "hey"}]
-
-
-@pytest.mark.asyncio
-async def test_row_foreign_key_tables(ds_client):
-    response = await ds_client.get(
-        "/fixtures/simple_primary_key/1.json?_extra=foreign_key_tables"
-    )
-    assert response.status_code == 200
-    # Foreign keys are sorted by (other_table, column, other_column)
-    assert response.json()["foreign_key_tables"] == [
-        {
-            "other_table": "complex_foreign_keys",
-            "column": "id",
-            "other_column": "f1",
-            "count": 1,
-            "link": "/fixtures/complex_foreign_keys?f1=1",
-        },
-        {
-            "other_table": "complex_foreign_keys",
-            "column": "id",
-            "other_column": "f2",
-            "count": 0,
-            "link": "/fixtures/complex_foreign_keys?f2=1",
-        },
-        {
-            "other_table": "complex_foreign_keys",
-            "column": "id",
-            "other_column": "f3",
-            "count": 1,
-            "link": "/fixtures/complex_foreign_keys?f3=1",
-        },
-        {
-            "other_table": "foreign_key_references",
-            "column": "id",
-            "other_column": "foreign_key_with_blank_label",
-            "count": 0,
-            "link": "/fixtures/foreign_key_references?foreign_key_with_blank_label=1",
-        },
-        {
-            "other_table": "foreign_key_references",
-            "column": "id",
-            "other_column": "foreign_key_with_label",
-            "count": 1,
-            "link": "/fixtures/foreign_key_references?foreign_key_with_label=1",
-        },
+    assert data["query"]["params"] == {}
+    assert data["rows"] == [
+        {"id": "1", "content": "hello"},
+        {"id": "2", "content": "world"},
+        {"id": "3", "content": ""},
+        {"id": "4", "content": "RENDER_CELL_DEMO"},
     ]
 
 
-@pytest.mark.asyncio
-async def test_row_extras(ds_client):
-    response = await ds_client.get(
-        "/fixtures/simple_primary_key/1.json?_extra=database,table,primary_keys,query,request,debug,foreign_key_tables"
+def test_table_not_exists_json(app_client):
+    assert {
+        "ok": False,
+        "error": "Table not found: blah",
+        "status": 404,
+        "title": None,
+    } == app_client.get("/fixtures/blah.json").json
+
+
+def test_jsono_redirects_to_shape_objects(app_client_with_hash):
+    response_1 = app_client_with_hash.get(
+        "/fixtures/simple_primary_key.jsono", allow_redirects=False
     )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["database"] == "fixtures"
-    assert data["table"] == "simple_primary_key"
-    assert data["primary_keys"] == ["id"]
-    assert data["query"]["sql"] == 'select * from simple_primary_key where "id"=:p0'
-    assert data["query"]["params"] == {"p0": "1"}
-    assert data["request"]["path"] == "/fixtures/simple_primary_key/1.json"
-    assert data["debug"]["url_vars"] == {
-        "database": "fixtures",
-        "table": "simple_primary_key",
-        "pks": "1",
-        "format": "json",
-    }
-    assert len(data["foreign_key_tables"]) == 5
-
-
-@pytest.mark.asyncio
-async def test_row_extra_render_cell():
-    """Test that _extra=render_cell returns rendered HTML from render_cell plugin hook on row pages"""
-    from datasette import hookimpl
-    from datasette.app import Datasette
-
-    class TestRenderCellPlugin:
-        __name__ = "TestRenderCellPlugin"
-
-        @hookimpl
-        def render_cell(self, value, column, table, database):
-            # Only modify cells in our test table
-            if table == "test_render" and column == "name":
-                return f"{value}"
-            return None
-
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    db = ds.add_memory_database("test_row_render")
-    await db.execute_write(
-        "create table test_render (id integer primary key, name text)"
+    response = app_client_with_hash.get(
+        response_1.headers["Location"], allow_redirects=False
     )
-    await db.execute_write("insert into test_render values (1, 'Alice')")
+    assert response.status == 302
+    assert response.headers["Location"].endswith("?_shape=objects")
 
-    # Register our test plugin
-    ds.pm.register(TestRenderCellPlugin(), name="TestRenderCellPlugin")
 
-    try:
-        # Request row with _extra=render_cell
-        response = await ds.client.get(
-            "/test_row_render/test_render/1.json?_extra=render_cell"
+def test_table_shape_arrays(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=arrays")
+    assert [
+        ["1", "hello"],
+        ["2", "world"],
+        ["3", ""],
+        ["4", "RENDER_CELL_DEMO"],
+    ] == response.json["rows"]
+
+
+def test_table_shape_arrayfirst(app_client):
+    response = app_client.get(
+        "/fixtures.json?"
+        + urllib.parse.urlencode(
+            {
+                "sql": "select content from simple_primary_key order by id",
+                "_shape": "arrayfirst",
+            }
         )
-        assert response.status_code == 200
-        data = response.json()
+    )
+    assert ["hello", "world", "", "RENDER_CELL_DEMO"] == response.json
 
-        # Verify the response structure
-        assert "render_cell" in data
-        assert "rows" in data
 
-        # render_cell should be a list with one row (since this is a row page)
-        # Only columns modified by plugins are included (sparse output)
-        render_cell = data["render_cell"]
-        assert len(render_cell) == 1
+def test_table_shape_objects(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=objects")
+    assert [
+        {"id": "1", "content": "hello"},
+        {"id": "2", "content": "world"},
+        {"id": "3", "content": ""},
+        {"id": "4", "content": "RENDER_CELL_DEMO"},
+    ] == response.json["rows"]
 
-        # The row: id=1, name='Alice'
-        # The 'name' column should be rendered by our plugin as Alice
-        assert render_cell[0]["name"] == "Alice"
-        # The 'id' column is not included since no plugin modified it
-        assert "id" not in render_cell[0]
 
-        # The regular rows should still contain raw values
-        assert data["rows"] == [{"id": 1, "name": "Alice"}]
+def test_table_shape_array(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=array")
+    assert [
+        {"id": "1", "content": "hello"},
+        {"id": "2", "content": "world"},
+        {"id": "3", "content": ""},
+        {"id": "4", "content": "RENDER_CELL_DEMO"},
+    ] == response.json
 
-    finally:
-        ds.pm.unregister(name="TestRenderCellPlugin")
+
+def test_table_shape_array_nl(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=array&_nl=on")
+    lines = response.text.split("\n")
+    results = [json.loads(line) for line in lines]
+    assert [
+        {"id": "1", "content": "hello"},
+        {"id": "2", "content": "world"},
+        {"id": "3", "content": ""},
+        {"id": "4", "content": "RENDER_CELL_DEMO"},
+    ] == results
+
+
+def test_table_shape_invalid(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=invalid")
+    assert {
+        "ok": False,
+        "error": "Invalid _shape: invalid",
+        "status": 400,
+        "title": None,
+    } == response.json
+
+
+def test_table_shape_object(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_shape=object")
+    assert {
+        "1": {"id": "1", "content": "hello"},
+        "2": {"id": "2", "content": "world"},
+        "3": {"id": "3", "content": ""},
+        "4": {"id": "4", "content": "RENDER_CELL_DEMO"},
+    } == response.json
+
+
+def test_table_shape_object_compound_primary_Key(app_client):
+    response = app_client.get("/fixtures/compound_primary_key.json?_shape=object")
+    assert {"a,b": {"pk1": "a", "pk2": "b", "content": "c"}} == response.json
+
+
+def test_table_with_slashes_in_name(app_client):
+    response = app_client.get(
+        "/fixtures/table%2Fwith%2Fslashes.csv?_shape=objects&_format=json"
+    )
+    assert response.status == 200
+    data = response.json
+    assert data["rows"] == [{"pk": "3", "content": "hey"}]
+
+
+def test_table_with_reserved_word_name(app_client):
+    response = app_client.get("/fixtures/select.json?_shape=objects")
+    assert response.status == 200
+    data = response.json
+    assert data["rows"] == [
+        {
+            "rowid": 1,
+            "group": "group",
+            "having": "having",
+            "and": "and",
+            "json": '{"href": "http://example.com/", "label":"Example"}',
+        }
+    ]
+
+
+@pytest.mark.parametrize(
+    "path,expected_rows,expected_pages",
+    [
+        ("/fixtures/no_primary_key.json", 201, 5),
+        ("/fixtures/paginated_view.json", 201, 5),
+        ("/fixtures/no_primary_key.json?_size=25", 201, 9),
+        ("/fixtures/paginated_view.json?_size=25", 201, 9),
+        ("/fixtures/paginated_view.json?_size=max", 201, 3),
+        ("/fixtures/123_starts_with_digits.json", 0, 1),
+        # Ensure faceting doesn't break pagination:
+        ("/fixtures/compound_three_primary_keys.json?_facet=pk1", 1001, 21),
+        # Paginating while sorted by an expanded foreign key should work
+        (
+            "/fixtures/roadside_attraction_characteristics.json?_size=2&_sort=attraction_id&_labels=on",
+            5,
+            3,
+        ),
+    ],
+)
+def test_paginate_tables_and_views(app_client, path, expected_rows, expected_pages):
+    fetched = []
+    count = 0
+    while path:
+        response = app_client.get(path)
+        assert 200 == response.status
+        count += 1
+        fetched.extend(response.json["rows"])
+        path = response.json["next_url"]
+        if path:
+            assert urllib.parse.urlencode({"_next": response.json["next"]}) in path
+            path = path.replace("http://localhost", "")
+        assert count < 30, "Possible infinite loop detected"
+
+    assert expected_rows == len(fetched)
+    assert expected_pages == count
+
+
+@pytest.mark.parametrize(
+    "path,expected_error",
+    [
+        ("/fixtures/no_primary_key.json?_size=-4", "_size must be a positive integer"),
+        ("/fixtures/no_primary_key.json?_size=dog", "_size must be a positive integer"),
+        ("/fixtures/no_primary_key.json?_size=1001", "_size must be <= 100"),
+    ],
+)
+def test_validate_page_size(app_client, path, expected_error):
+    response = app_client.get(path)
+    assert expected_error == response.json["error"]
+    assert 400 == response.status
+
+
+def test_page_size_zero(app_client):
+    "For _size=0 we return the counts, empty rows and no continuation token"
+    response = app_client.get("/fixtures/no_primary_key.json?_size=0")
+    assert 200 == response.status
+    assert [] == response.json["rows"]
+    assert 201 == response.json["filtered_table_rows_count"]
+    assert None is response.json["next"]
+    assert None is response.json["next_url"]
+
+
+def test_paginate_compound_keys(app_client):
+    fetched = []
+    path = "/fixtures/compound_three_primary_keys.json?_shape=objects"
+    page = 0
+    while path:
+        page += 1
+        response = app_client.get(path)
+        fetched.extend(response.json["rows"])
+        path = response.json["next_url"]
+        if path:
+            path = path.replace("http://localhost", "")
+        assert page < 100
+    assert 1001 == len(fetched)
+    assert 21 == page
+    # Should be correctly ordered
+    contents = [f["content"] for f in fetched]
+    expected = [r[3] for r in generate_compound_rows(1001)]
+    assert expected == contents
+
+
+def test_paginate_compound_keys_with_extra_filters(app_client):
+    fetched = []
+    path = (
+        "/fixtures/compound_three_primary_keys.json?content__contains=d&_shape=objects"
+    )
+    page = 0
+    while path:
+        page += 1
+        assert page < 100
+        response = app_client.get(path)
+        fetched.extend(response.json["rows"])
+        path = response.json["next_url"]
+        if path:
+            path = path.replace("http://localhost", "")
+    assert 2 == page
+    expected = [r[3] for r in generate_compound_rows(1001) if "d" in r[3]]
+    assert expected == [f["content"] for f in fetched]
+
+
+@pytest.mark.parametrize(
+    "query_string,sort_key,human_description_en",
+    [
+        ("_sort=sortable", lambda row: row["sortable"], "sorted by sortable"),
+        (
+            "_sort_desc=sortable",
+            lambda row: -row["sortable"],
+            "sorted by sortable descending",
+        ),
+        (
+            "_sort=sortable_with_nulls",
+            lambda row: (
+                1 if row["sortable_with_nulls"] is not None else 0,
+                row["sortable_with_nulls"],
+            ),
+            "sorted by sortable_with_nulls",
+        ),
+        (
+            "_sort_desc=sortable_with_nulls",
+            lambda row: (
+                1 if row["sortable_with_nulls"] is None else 0,
+                -row["sortable_with_nulls"]
+                if row["sortable_with_nulls"] is not None
+                else 0,
+                row["content"],
+            ),
+            "sorted by sortable_with_nulls descending",
+        ),
+        # text column contains '$null' - ensure it doesn't confuse pagination:
+        ("_sort=text", lambda row: row["text"], "sorted by text"),
+    ],
+)
+def test_sortable(app_client, query_string, sort_key, human_description_en):
+    path = "/fixtures/sortable.json?_shape=objects&{}".format(query_string)
+    fetched = []
+    page = 0
+    while path:
+        page += 1
+        assert page < 100
+        response = app_client.get(path)
+        assert human_description_en == response.json["human_description_en"]
+        fetched.extend(response.json["rows"])
+        path = response.json["next_url"]
+        if path:
+            path = path.replace("http://localhost", "")
+    assert 5 == page
+    expected = list(generate_sortable_rows(201))
+    expected.sort(key=sort_key)
+    assert [r["content"] for r in expected] == [r["content"] for r in fetched]
+
+
+def test_sortable_and_filtered(app_client):
+    path = (
+        "/fixtures/sortable.json"
+        "?content__contains=d&_sort_desc=sortable&_shape=objects"
+    )
+    response = app_client.get(path)
+    fetched = response.json["rows"]
+    assert (
+        'where content contains "d" sorted by sortable descending'
+        == response.json["human_description_en"]
+    )
+    expected = [row for row in generate_sortable_rows(201) if "d" in row["content"]]
+    assert len(expected) == response.json["filtered_table_rows_count"]
+    expected.sort(key=lambda row: -row["sortable"])
+    assert [r["content"] for r in expected] == [r["content"] for r in fetched]
+
+
+def test_sortable_argument_errors(app_client):
+    response = app_client.get("/fixtures/sortable.json?_sort=badcolumn")
+    assert "Cannot sort table by badcolumn" == response.json["error"]
+    response = app_client.get("/fixtures/sortable.json?_sort_desc=badcolumn2")
+    assert "Cannot sort table by badcolumn2" == response.json["error"]
+    response = app_client.get(
+        "/fixtures/sortable.json?_sort=sortable_with_nulls&_sort_desc=sortable"
+    )
+    assert "Cannot use _sort and _sort_desc at the same time" == response.json["error"]
+
+
+def test_sortable_columns_metadata(app_client):
+    response = app_client.get("/fixtures/sortable.json?_sort=content")
+    assert "Cannot sort table by content" == response.json["error"]
+    # no_primary_key has ALL sort options disabled
+    for column in ("content", "a", "b", "c"):
+        response = app_client.get("/fixtures/sortable.json?_sort={}".format(column))
+        assert "Cannot sort table by {}".format(column) == response.json["error"]
+
+
+@pytest.mark.parametrize(
+    "path,expected_rows",
+    [
+        (
+            "/fixtures/searchable.json?_search=dog",
+            [
+                [1, "barry cat", "terry dog", "panther"],
+                [2, "terry dog", "sara weasel", "puma"],
+            ],
+        ),
+        (
+            # Special keyword shouldn't break FTS query
+            "/fixtures/searchable.json?_search=AND",
+            [],
+        ),
+        (
+            "/fixtures/searchable.json?_search=weasel",
+            [[2, "terry dog", "sara weasel", "puma"]],
+        ),
+        (
+            "/fixtures/searchable.json?_search_text2=dog",
+            [[1, "barry cat", "terry dog", "panther"]],
+        ),
+        (
+            "/fixtures/searchable.json?_search_name%20with%20.%20and%20spaces=panther",
+            [[1, "barry cat", "terry dog", "panther"]],
+        ),
+    ],
+)
+def test_searchable(app_client, path, expected_rows):
+    response = app_client.get(path)
+    assert expected_rows == response.json["rows"]
+
+
+@pytest.mark.parametrize(
+    "path,expected_rows",
+    [
+        (
+            "/fixtures/searchable_view_configured_by_metadata.json?_search=weasel",
+            [[2, "terry dog", "sara weasel", "puma"]],
+        ),
+        # This should return all results because search is not configured:
+        (
+            "/fixtures/searchable_view.json?_search=weasel",
+            [
+                [1, "barry cat", "terry dog", "panther"],
+                [2, "terry dog", "sara weasel", "puma"],
+            ],
+        ),
+        (
+            "/fixtures/searchable_view.json?_search=weasel&_fts_table=searchable_fts&_fts_pk=pk",
+            [[2, "terry dog", "sara weasel", "puma"]],
+        ),
+    ],
+)
+def test_searchable_views(app_client, path, expected_rows):
+    response = app_client.get(path)
+    assert expected_rows == response.json["rows"]
+
+
+def test_searchable_invalid_column(app_client):
+    response = app_client.get("/fixtures/searchable.json?_search_invalid=x")
+    assert 400 == response.status
+    assert {
+        "ok": False,
+        "error": "Cannot search by that column",
+        "status": 400,
+        "title": None,
+    } == response.json
+
+
+@pytest.mark.parametrize(
+    "path,expected_rows",
+    [
+        ("/fixtures/simple_primary_key.json?content=hello", [["1", "hello"]]),
+        (
+            "/fixtures/simple_primary_key.json?content__contains=o",
+            [["1", "hello"], ["2", "world"], ["4", "RENDER_CELL_DEMO"]],
+        ),
+        ("/fixtures/simple_primary_key.json?content__exact=", [["3", ""]]),
+        (
+            "/fixtures/simple_primary_key.json?content__not=world",
+            [["1", "hello"], ["3", ""], ["4", "RENDER_CELL_DEMO"]],
+        ),
+    ],
+)
+def test_table_filter_queries(app_client, path, expected_rows):
+    response = app_client.get(path)
+    assert expected_rows == response.json["rows"]
+
+
+def test_table_filter_queries_multiple_of_same_type(app_client):
+    response = app_client.get(
+        "/fixtures/simple_primary_key.json?content__not=world&content__not=hello"
+    )
+    assert [["3", ""], ["4", "RENDER_CELL_DEMO"]] == response.json["rows"]
+
+
+@pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
+def test_table_filter_json_arraycontains(app_client):
+    response = app_client.get("/fixtures/facetable.json?tags__arraycontains=tag1")
+    assert [
+        [
+            1,
+            "2019-01-14 08:00:00",
+            1,
+            1,
+            "CA",
+            1,
+            "Mission",
+            '["tag1", "tag2"]',
+            '[{"foo": "bar"}]',
+            "one",
+        ],
+        [
+            2,
+            "2019-01-14 08:00:00",
+            1,
+            1,
+            "CA",
+            1,
+            "Dogpatch",
+            '["tag1", "tag3"]',
+            "[]",
+            "two",
+        ],
+    ] == response.json["rows"]
+
+
+def test_table_filter_extra_where(app_client):
+    response = app_client.get("/fixtures/facetable.json?_where=neighborhood='Dogpatch'")
+    assert [
+        [
+            2,
+            "2019-01-14 08:00:00",
+            1,
+            1,
+            "CA",
+            1,
+            "Dogpatch",
+            '["tag1", "tag3"]',
+            "[]",
+            "two",
+        ]
+    ] == response.json["rows"]
+
+
+def test_table_filter_extra_where_invalid(app_client):
+    response = app_client.get("/fixtures/facetable.json?_where=neighborhood=Dogpatch'")
+    assert 400 == response.status
+    assert "Invalid SQL" == response.json["title"]
+
+
+def test_table_filter_extra_where_disabled_if_no_sql_allowed():
+    for client in make_app_client(config={"allow_sql": False}):
+        response = client.get("/fixtures/facetable.json?_where=neighborhood='Dogpatch'")
+        assert 400 == response.status
+        assert "_where= is not allowed" == response.json["error"]
+
+
+def test_table_through(app_client):
+    # Just the museums:
+    response = app_client.get(
+        '/fixtures/roadside_attractions.json?_through={"table":"roadside_attraction_characteristics","column":"characteristic_id","value":"1"}'
+    )
+    assert [
+        [
+            3,
+            "Burlingame Museum of PEZ Memorabilia",
+            "214 California Drive, Burlingame, CA 94010",
+            37.5793,
+            -122.3442,
+        ],
+        [
+            4,
+            "Bigfoot Discovery Museum",
+            "5497 Highway 9, Felton, CA 95018",
+            37.0414,
+            -122.0725,
+        ],
+    ] == response.json["rows"]
+    assert (
+        'where roadside_attraction_characteristics.characteristic_id = "1"'
+        == response.json["human_description_en"]
+    )
+
+
+def test_max_returned_rows(app_client):
+    response = app_client.get("/fixtures.json?sql=select+content+from+no_primary_key")
+    data = response.json
+    assert {"sql": "select content from no_primary_key", "params": {}} == data["query"]
+    assert data["truncated"]
+    assert 100 == len(data["rows"])
+
+
+def test_view(app_client):
+    response = app_client.get("/fixtures/simple_view.json?_shape=objects")
+    assert response.status == 200
+    data = response.json
+    assert data["rows"] == [
+        {"upper_content": "HELLO", "content": "hello"},
+        {"upper_content": "WORLD", "content": "world"},
+        {"upper_content": "", "content": ""},
+        {"upper_content": "RENDER_CELL_DEMO", "content": "RENDER_CELL_DEMO"},
+    ]
+
+
+def test_row(app_client):
+    response = app_client.get("/fixtures/simple_primary_key/1.json?_shape=objects")
+    assert response.status == 200
+    assert [{"id": "1", "content": "hello"}] == response.json["rows"]
+
+
+def test_row_format_in_querystring(app_client):
+    # regression test for https://github.com/simonw/datasette/issues/563
+    response = app_client.get(
+        "/fixtures/simple_primary_key/1?_format=json&_shape=objects"
+    )
+    assert response.status == 200
+    assert [{"id": "1", "content": "hello"}] == response.json["rows"]
+
+
+def test_row_strange_table_name(app_client):
+    response = app_client.get(
+        "/fixtures/table%2Fwith%2Fslashes.csv/3.json?_shape=objects"
+    )
+    assert response.status == 200
+    assert [{"pk": "3", "content": "hey"}] == response.json["rows"]
+
+
+def test_row_foreign_key_tables(app_client):
+    response = app_client.get(
+        "/fixtures/simple_primary_key/1.json?_extras=foreign_key_tables"
+    )
+    assert response.status == 200
+    assert [
+        {
+            "column": "id",
+            "count": 1,
+            "other_column": "foreign_key_with_label",
+            "other_table": "foreign_key_references",
+        },
+        {
+            "column": "id",
+            "count": 1,
+            "other_column": "f3",
+            "other_table": "complex_foreign_keys",
+        },
+        {
+            "column": "id",
+            "count": 0,
+            "other_column": "f2",
+            "other_table": "complex_foreign_keys",
+        },
+        {
+            "column": "id",
+            "count": 1,
+            "other_column": "f1",
+            "other_table": "complex_foreign_keys",
+        },
+    ] == response.json["foreign_key_tables"]
+
+
+def test_unit_filters(app_client):
+    response = app_client.get(
+        "/fixtures/units.json?distance__lt=75km&frequency__gt=1kHz"
+    )
+    assert response.status == 200
+    data = response.json
+
+    assert data["units"]["distance"] == "m"
+    assert data["units"]["frequency"] == "Hz"
+
+    assert len(data["rows"]) == 1
+    assert data["rows"][0][0] == 2
 
 
 def test_databases_json(app_client_two_attached_databases_one_immutable):
@@ -511,128 +1220,402 @@ def test_databases_json(app_client_two_attached_databases_one_immutable):
     assert 2 == len(databases)
     extra_database, fixtures_database = databases
     assert "extra database" == extra_database["name"]
-    assert extra_database["hash"] is None
-    assert extra_database["is_mutable"] is True
-    assert extra_database["is_memory"] is False
+    assert None == extra_database["hash"]
+    assert True == extra_database["is_mutable"]
+    assert False == extra_database["is_memory"]
 
     assert "fixtures" == fixtures_database["name"]
     assert fixtures_database["hash"] is not None
-    assert fixtures_database["is_mutable"] is False
-    assert fixtures_database["is_memory"] is False
+    assert False == fixtures_database["is_mutable"]
+    assert False == fixtures_database["is_memory"]
 
 
-@pytest.mark.asyncio
-async def test_threads_json(ds_client):
-    response = await ds_client.get("/-/threads.json")
+def test_metadata_json(app_client):
+    response = app_client.get("/-/metadata.json")
+    assert METADATA == response.json
+
+
+def test_threads_json(app_client):
+    response = app_client.get("/-/threads.json")
     expected_keys = {"threads", "num_threads"}
     if sys.version_info >= (3, 7, 0):
         expected_keys.update({"tasks", "num_tasks"})
-    data = response.json()
-    assert set(data.keys()) == expected_keys
-    # Should be at least one _execute_writes thread for __INTERNAL__
-    thread_names = [thread["name"] for thread in data["threads"]]
-    assert "_execute_writes for database __INTERNAL__" in thread_names
+    assert expected_keys == set(response.json.keys())
 
 
-@pytest.mark.asyncio
-async def test_plugins_json(ds_client):
-    response = await ds_client.get("/-/plugins.json")
-    # Filter out TrackEventPlugin
-    actual_plugins = sorted(
-        [p for p in response.json() if p["name"] != "TrackEventPlugin"],
-        key=lambda p: p["name"],
-    )
-    assert EXPECTED_PLUGINS == actual_plugins
-    # Try with ?all=1
-    response = await ds_client.get("/-/plugins.json?all=1")
-    names = {p["name"] for p in response.json()}
-    assert names.issuperset(p["name"] for p in EXPECTED_PLUGINS)
-    assert names.issuperset(DEFAULT_PLUGINS)
+def test_plugins_json(app_client):
+    response = app_client.get("/-/plugins.json")
+    assert [
+        {"name": "my_plugin.py", "static": False, "templates": False, "version": None},
+        {
+            "name": "my_plugin_2.py",
+            "static": False,
+            "templates": False,
+            "version": None,
+        },
+    ] == sorted(response.json, key=lambda p: p["name"])
 
 
-@pytest.mark.asyncio
-async def test_versions_json(ds_client):
-    response = await ds_client.get("/-/versions.json")
-    data = response.json()
-    assert "python" in data
-    assert "3.0" == data.get("asgi")
-    assert "version" in data["python"]
-    assert "full" in data["python"]
-    assert "datasette" in data
-    assert "version" in data["datasette"]
-    assert data["datasette"]["version"] == __version__
-    assert "sqlite" in data
-    assert "version" in data["sqlite"]
-    assert "fts_versions" in data["sqlite"]
-    assert "compile_options" in data["sqlite"]
-    # By default, the json1 extension is enabled in the SQLite
-    # provided by the `ubuntu-latest` github actions runner, and
-    # all versions of SQLite from 3.38.0 onwards
-    assert data["sqlite"]["extensions"]["json1"]
+def test_versions_json(app_client):
+    response = app_client.get("/-/versions.json")
+    assert "python" in response.json
+    assert "3.0" == response.json.get("asgi")
+    assert "version" in response.json["python"]
+    assert "full" in response.json["python"]
+    assert "datasette" in response.json
+    assert "version" in response.json["datasette"]
+    assert "sqlite" in response.json
+    assert "version" in response.json["sqlite"]
+    assert "fts_versions" in response.json["sqlite"]
+    assert "compile_options" in response.json["sqlite"]
 
 
-@pytest.mark.asyncio
-async def test_actions_json(ds_client):
-    original_root_enabled = ds_client.ds.root_enabled
-    try:
-        ds_client.ds.root_enabled = True
-        response = await ds_client.get("/-/actions.json", actor={"id": "root"})
-        data = response.json()
-    finally:
-        ds_client.ds.root_enabled = original_root_enabled
-    assert isinstance(data, list)
-    assert len(data) > 0
-    # Check structure of first action
-    action = data[0]
-    for key in (
-        "name",
-        "abbr",
-        "description",
-        "takes_parent",
-        "takes_child",
-        "resource_class",
-        "also_requires",
-    ):
-        assert key in action
-    # Check that some expected actions exist
-    action_names = {a["name"] for a in data}
-    for expected_action in (
-        "view-instance",
-        "view-database",
-        "view-table",
-        "execute-sql",
-    ):
-        assert expected_action in action_names
-
-
-@pytest.mark.asyncio
-async def test_settings_json(ds_client):
-    response = await ds_client.get("/-/settings.json")
-    assert response.json() == {
+def test_config_json(app_client):
+    response = app_client.get("/-/config.json")
+    assert {
         "default_page_size": 50,
         "default_facet_size": 30,
-        "default_allow_sql": True,
-        "facet_suggest_time_limit_ms": 200,
+        "facet_suggest_time_limit_ms": 50,
         "facet_time_limit_ms": 200,
         "max_returned_rows": 100,
-        "max_insert_rows": 100,
         "sql_time_limit_ms": 200,
         "allow_download": True,
-        "allow_signed_tokens": True,
-        "max_signed_tokens_ttl": 0,
         "allow_facet": True,
         "suggest_facets": True,
+        "allow_sql": True,
         "default_cache_ttl": 5,
-        "num_sql_threads": 1,
+        "default_cache_ttl_hashed": 365 * 24 * 60 * 60,
+        "num_sql_threads": 3,
         "cache_size_kb": 0,
         "allow_csv_stream": True,
         "max_csv_mb": 100,
         "truncate_cells_html": 2048,
         "force_https_urls": False,
+        "hash_urls": False,
         "template_debug": False,
-        "trace_debug": False,
-        "base_url": "/",
-    }
+    } == response.json
+
+
+def test_page_size_matching_max_returned_rows(
+    app_client_returned_rows_matches_page_size,
+):
+    fetched = []
+    path = "/fixtures/no_primary_key.json"
+    while path:
+        response = app_client_returned_rows_matches_page_size.get(path)
+        fetched.extend(response.json["rows"])
+        assert len(response.json["rows"]) in (1, 50)
+        path = response.json["next_url"]
+        if path:
+            path = path.replace("http://localhost", "")
+    assert 201 == len(fetched)
+
+
+@pytest.mark.parametrize(
+    "path,expected_facet_results",
+    [
+        (
+            "/fixtures/facetable.json?_facet=state&_facet=city_id",
+            {
+                "state": {
+                    "name": "state",
+                    "hideable": True,
+                    "type": "column",
+                    "toggle_url": "/fixtures/facetable.json?_facet=city_id",
+                    "results": [
+                        {
+                            "value": "CA",
+                            "label": "CA",
+                            "count": 10,
+                            "toggle_url": "_facet=state&_facet=city_id&state=CA",
+                            "selected": False,
+                        },
+                        {
+                            "value": "MI",
+                            "label": "MI",
+                            "count": 4,
+                            "toggle_url": "_facet=state&_facet=city_id&state=MI",
+                            "selected": False,
+                        },
+                        {
+                            "value": "MC",
+                            "label": "MC",
+                            "count": 1,
+                            "toggle_url": "_facet=state&_facet=city_id&state=MC",
+                            "selected": False,
+                        },
+                    ],
+                    "truncated": False,
+                },
+                "city_id": {
+                    "name": "city_id",
+                    "hideable": True,
+                    "type": "column",
+                    "toggle_url": "/fixtures/facetable.json?_facet=state",
+                    "results": [
+                        {
+                            "value": 1,
+                            "label": "San Francisco",
+                            "count": 6,
+                            "toggle_url": "_facet=state&_facet=city_id&city_id=1",
+                            "selected": False,
+                        },
+                        {
+                            "value": 2,
+                            "label": "Los Angeles",
+                            "count": 4,
+                            "toggle_url": "_facet=state&_facet=city_id&city_id=2",
+                            "selected": False,
+                        },
+                        {
+                            "value": 3,
+                            "label": "Detroit",
+                            "count": 4,
+                            "toggle_url": "_facet=state&_facet=city_id&city_id=3",
+                            "selected": False,
+                        },
+                        {
+                            "value": 4,
+                            "label": "Memnonia",
+                            "count": 1,
+                            "toggle_url": "_facet=state&_facet=city_id&city_id=4",
+                            "selected": False,
+                        },
+                    ],
+                    "truncated": False,
+                },
+            },
+        ),
+        (
+            "/fixtures/facetable.json?_facet=state&_facet=city_id&state=MI",
+            {
+                "state": {
+                    "name": "state",
+                    "hideable": True,
+                    "type": "column",
+                    "toggle_url": "/fixtures/facetable.json?_facet=city_id&state=MI",
+                    "results": [
+                        {
+                            "value": "MI",
+                            "label": "MI",
+                            "count": 4,
+                            "selected": True,
+                            "toggle_url": "_facet=state&_facet=city_id",
+                        }
+                    ],
+                    "truncated": False,
+                },
+                "city_id": {
+                    "name": "city_id",
+                    "hideable": True,
+                    "type": "column",
+                    "toggle_url": "/fixtures/facetable.json?_facet=state&state=MI",
+                    "results": [
+                        {
+                            "value": 3,
+                            "label": "Detroit",
+                            "count": 4,
+                            "selected": False,
+                            "toggle_url": "_facet=state&_facet=city_id&state=MI&city_id=3",
+                        }
+                    ],
+                    "truncated": False,
+                },
+            },
+        ),
+        (
+            "/fixtures/facetable.json?_facet=planet_int",
+            {
+                "planet_int": {
+                    "name": "planet_int",
+                    "hideable": True,
+                    "type": "column",
+                    "toggle_url": "/fixtures/facetable.json",
+                    "results": [
+                        {
+                            "value": 1,
+                            "label": 1,
+                            "count": 14,
+                            "selected": False,
+                            "toggle_url": "_facet=planet_int&planet_int=1",
+                        },
+                        {
+                            "value": 2,
+                            "label": 2,
+                            "count": 1,
+                            "selected": False,
+                            "toggle_url": "_facet=planet_int&planet_int=2",
+                        },
+                    ],
+                    "truncated": False,
+                }
+            },
+        ),
+        (
+            # planet_int is an integer field:
+            "/fixtures/facetable.json?_facet=planet_int&planet_int=1",
+            {
+                "planet_int": {
+                    "name": "planet_int",
+                    "hideable": True,
+                    "type": "column",
+                    "toggle_url": "/fixtures/facetable.json?planet_int=1",
+                    "results": [
+                        {
+                            "value": 1,
+                            "label": 1,
+                            "count": 14,
+                            "selected": True,
+                            "toggle_url": "_facet=planet_int",
+                        }
+                    ],
+                    "truncated": False,
+                }
+            },
+        ),
+    ],
+)
+def test_facets(app_client, path, expected_facet_results):
+    response = app_client.get(path)
+    facet_results = response.json["facet_results"]
+    # We only compare the querystring portion of the taggle_url
+    for facet_name, facet_info in facet_results.items():
+        assert facet_name == facet_info["name"]
+        assert False is facet_info["truncated"]
+        for facet_value in facet_info["results"]:
+            facet_value["toggle_url"] = facet_value["toggle_url"].split("?")[1]
+    assert expected_facet_results == facet_results
+
+
+def test_suggested_facets(app_client):
+    suggestions = [
+        {
+            "name": suggestion["name"],
+            "querystring": suggestion["toggle_url"].split("?")[-1],
+        }
+        for suggestion in app_client.get("/fixtures/facetable.json").json[
+            "suggested_facets"
+        ]
+    ]
+    expected = [
+        {"name": "created", "querystring": "_facet=created"},
+        {"name": "planet_int", "querystring": "_facet=planet_int"},
+        {"name": "on_earth", "querystring": "_facet=on_earth"},
+        {"name": "state", "querystring": "_facet=state"},
+        {"name": "city_id", "querystring": "_facet=city_id"},
+        {"name": "neighborhood", "querystring": "_facet=neighborhood"},
+        {"name": "tags", "querystring": "_facet=tags"},
+        {"name": "complex_array", "querystring": "_facet=complex_array"},
+        {"name": "created", "querystring": "_facet_date=created"},
+    ]
+    if detect_json1():
+        expected.append({"name": "tags", "querystring": "_facet_array=tags"})
+    assert expected == suggestions
+
+
+def test_allow_facet_off():
+    for client in make_app_client(config={"allow_facet": False}):
+        assert 400 == client.get("/fixtures/facetable.json?_facet=planet_int").status
+        # Should not suggest any facets either:
+        assert [] == client.get("/fixtures/facetable.json").json["suggested_facets"]
+
+
+def test_suggest_facets_off():
+    for client in make_app_client(config={"suggest_facets": False}):
+        # Now suggested_facets should be []
+        assert [] == client.get("/fixtures/facetable.json").json["suggested_facets"]
+
+
+def test_expand_labels(app_client):
+    response = app_client.get(
+        "/fixtures/facetable.json?_shape=object&_labels=1&_size=2"
+        "&neighborhood__contains=c"
+    )
+    assert {
+        "2": {
+            "pk": 2,
+            "created": "2019-01-14 08:00:00",
+            "planet_int": 1,
+            "on_earth": 1,
+            "state": "CA",
+            "city_id": {"value": 1, "label": "San Francisco"},
+            "neighborhood": "Dogpatch",
+            "tags": '["tag1", "tag3"]',
+            "complex_array": "[]",
+            "distinct_some_null": "two",
+        },
+        "13": {
+            "pk": 13,
+            "created": "2019-01-17 08:00:00",
+            "planet_int": 1,
+            "on_earth": 1,
+            "state": "MI",
+            "city_id": {"value": 3, "label": "Detroit"},
+            "neighborhood": "Corktown",
+            "tags": "[]",
+            "complex_array": "[]",
+            "distinct_some_null": None,
+        },
+    } == response.json
+
+
+def test_expand_label(app_client):
+    response = app_client.get(
+        "/fixtures/foreign_key_references.json?_shape=object"
+        "&_label=foreign_key_with_label&_size=1"
+    )
+    assert {
+        "1": {
+            "pk": "1",
+            "foreign_key_with_label": {"value": "1", "label": "hello"},
+            "foreign_key_with_no_label": "1",
+        }
+    } == response.json
+
+
+@pytest.mark.parametrize(
+    "path,expected_cache_control",
+    [
+        ("/fixtures/facetable.json", "max-age=5"),
+        ("/fixtures/facetable.json?_ttl=invalid", "max-age=5"),
+        ("/fixtures/facetable.json?_ttl=10", "max-age=10"),
+        ("/fixtures/facetable.json?_ttl=0", "no-cache"),
+    ],
+)
+def test_ttl_parameter(app_client, path, expected_cache_control):
+    response = app_client.get(path)
+    assert expected_cache_control == response.headers["Cache-Control"]
+
+
+@pytest.mark.parametrize(
+    "path,expected_redirect",
+    [
+        ("/fixtures/facetable.json?_hash=1", "/fixtures-HASH/facetable.json"),
+        (
+            "/fixtures/facetable.json?city_id=1&_hash=1",
+            "/fixtures-HASH/facetable.json?city_id=1",
+        ),
+    ],
+)
+def test_hash_parameter(
+    app_client_two_attached_databases_one_immutable, path, expected_redirect
+):
+    # First get the current hash for the fixtures database
+    current_hash = app_client_two_attached_databases_one_immutable.ds.databases[
+        "fixtures"
+    ].hash[:7]
+    response = app_client_two_attached_databases_one_immutable.get(
+        path, allow_redirects=False
+    )
+    assert response.status == 302
+    location = response.headers["Location"]
+    assert expected_redirect.replace("HASH", current_hash) == location
+
+
+def test_hash_parameter_ignored_for_mutable_databases(app_client):
+    path = "/fixtures/facetable.json?_hash=1"
+    response = app_client.get(path, allow_redirects=False)
+    assert response.status == 200
 
 
 test_json_columns_default_expected = [
@@ -640,7 +1623,6 @@ test_json_columns_default_expected = [
 ]
 
 
-@pytest.mark.asyncio
 @pytest.mark.parametrize(
     "extra_args,expected",
     [
@@ -654,100 +1636,89 @@ test_json_columns_default_expected = [
         ),
     ],
 )
-async def test_json_columns(ds_client, extra_args, expected):
+def test_json_columns(app_client, extra_args, expected):
     sql = """
         select 1 as intval, "s" as strval, 0.5 as floatval,
         '{"foo": "bar"}' as jsonval
     """
-    path = "/fixtures/-/query.json?" + urllib.parse.urlencode(
-        {"sql": sql, "_shape": "array"}
-    )
+    path = "/fixtures.json?" + urllib.parse.urlencode({"sql": sql, "_shape": "array"})
     path += extra_args
-    response = await ds_client.get(
-        path,
-    )
-    assert response.json() == expected
+    response = app_client.get(path)
+    assert expected == response.json
 
 
 def test_config_cache_size(app_client_larger_cache_size):
     response = app_client_larger_cache_size.get("/fixtures/pragma_cache_size.json")
-    assert response.json["rows"] == [{"cache_size": -2500}]
+    assert [[-2500]] == response.json["rows"]
 
 
 def test_config_force_https_urls():
-    with make_app_client(settings={"force_https_urls": True}) as client:
-        response = client.get(
-            "/fixtures/facetable.json?_size=3&_facet=state&_extra=next_url,suggested_facets"
-        )
+    for client in make_app_client(config={"force_https_urls": True}):
+        response = client.get("/fixtures/facetable.json?_size=3&_facet=state")
         assert response.json["next_url"].startswith("https://")
-        assert response.json["facet_results"]["results"]["state"]["results"][0][
+        assert response.json["facet_results"]["state"]["results"][0][
             "toggle_url"
         ].startswith("https://")
         assert response.json["suggested_facets"][0]["toggle_url"].startswith("https://")
-        # Also confirm that request.url and request.scheme are set correctly
-        response = client.get("/")
-        assert client.ds._last_request.url.startswith("https://")
-        assert client.ds._last_request.scheme == "https"
+
+
+def test_infinity_returned_as_null(app_client):
+    response = app_client.get("/fixtures/infinity.json?_shape=array")
+    assert [
+        {"rowid": 1, "value": None},
+        {"rowid": 2, "value": None},
+        {"rowid": 3, "value": 1.5},
+    ] == response.json
+
+
+def test_infinity_returned_as_invalid_json_if_requested(app_client):
+    response = app_client.get("/fixtures/infinity.json?_shape=array&_json_infinity=1")
+    assert [
+        {"rowid": 1, "value": float("inf")},
+        {"rowid": 2, "value": float("-inf")},
+        {"rowid": 3, "value": 1.5},
+    ] == response.json
+
+
+def test_custom_query_with_unicode_characters(app_client):
+    response = app_client.get("/fixtures/𝐜𝐢𝐭𝐢𝐞𝐬.json?_shape=array")
+    assert [{"id": 1, "name": "San Francisco"}] == response.json
+
+
+def test_trace(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.json?_trace=1")
+    data = response.json
+    assert "_trace" in data
+    trace_info = data["_trace"]
+    assert isinstance(trace_info["request_duration_ms"], float)
+    assert isinstance(trace_info["sum_trace_duration_ms"], float)
+    assert isinstance(trace_info["num_traces"], int)
+    assert isinstance(trace_info["traces"], list)
+    assert len(trace_info["traces"]) == trace_info["num_traces"]
+    for trace in trace_info["traces"]:
+        assert isinstance(trace["type"], str)
+        assert isinstance(trace["start"], float)
+        assert isinstance(trace["end"], float)
+        assert trace["duration_ms"] == (trace["end"] - trace["start"]) * 1000
+        assert isinstance(trace["traceback"], list)
+        assert isinstance(trace["database"], str)
+        assert isinstance(trace["sql"], str)
+        assert isinstance(trace["params"], (list, dict))
 
 
 @pytest.mark.parametrize(
     "path,status_code",
     [
-        ("/fixtures.db", 200),
         ("/fixtures.json", 200),
         ("/fixtures/no_primary_key.json", 200),
         # A 400 invalid SQL query should still have the header:
-        ("/fixtures/-/query.json?sql=select+blah", 400),
-        # Write APIs
-        ("/fixtures/-/create", 405),
-        ("/fixtures/facetable/-/insert", 405),
-        ("/fixtures/facetable/-/drop", 405),
+        ("/fixtures.json?sql=select+blah", 400),
     ],
 )
-def test_cors(
-    app_client_with_cors,
-    app_client_two_attached_databases_one_immutable,
-    path,
-    status_code,
-):
-    response = app_client_with_cors.get(
-        path,
-    )
+def test_cors(app_client_with_cors, path, status_code):
+    response = app_client_with_cors.get(path)
     assert response.status == status_code
-    assert response.headers["Access-Control-Allow-Origin"] == "*"
-    assert (
-        response.headers["Access-Control-Allow-Headers"]
-        == "Authorization, Content-Type"
-    )
-    assert response.headers["Access-Control-Expose-Headers"] == "Link"
-    assert (
-        response.headers["Access-Control-Allow-Methods"] == "GET, POST, HEAD, OPTIONS"
-    )
-    assert response.headers["Access-Control-Max-Age"] == "3600"
-    # Same request to app_client_two_attached_databases_one_immutable
-    # should not have those headers - I'm using that fixture because
-    # regular app_client doesn't have immutable fixtures.db which means
-    # the test for /fixtures.db returns a 403 error
-    response = app_client_two_attached_databases_one_immutable.get(
-        path,
-    )
-    assert response.status == status_code
-    assert "Access-Control-Allow-Origin" not in response.headers
-    assert "Access-Control-Allow-Headers" not in response.headers
-    assert "Access-Control-Expose-Headers" not in response.headers
-    assert "Access-Control-Allow-Methods" not in response.headers
-    assert "Access-Control-Max-Age" not in response.headers
-
-
-def test_cors_query_redirect(app_client_with_cors):
-    # /db?sql= redirects to /db/-/query - the redirect itself needs CORS
-    # headers, otherwise browsers refuse to follow it cross-origin
-    response = app_client_with_cors.get(
-        "/fixtures?sql=select+1", follow_redirects=False
-    )
-    assert response.status == 302
-    assert response.headers["Location"] == "/fixtures/-/query?sql=select+1"
-    assert response.headers["Access-Control-Allow-Origin"] == "*"
+    assert "*" == response.headers["Access-Control-Allow-Origin"]
 
 
 @pytest.mark.parametrize(
@@ -762,232 +1733,36 @@ def test_cors_query_redirect(app_client_with_cors):
     ),
 )
 def test_database_with_space_in_name(app_client_two_attached_databases, path):
-    response = app_client_two_attached_databases.get(
-        "/extra~20database" + path, follow_redirects=True
-    )
+    response = app_client_two_attached_databases.get("/extra database" + path)
     assert response.status == 200
 
 
 def test_common_prefix_database_names(app_client_conflicting_database_names):
     # https://github.com/simonw/datasette/issues/597
-    assert ["foo-bar", "foo", "fixtures"] == [
+    assert ["fixtures", "foo", "foo-bar"] == [
         d["name"]
-        for d in app_client_conflicting_database_names.get("/-/databases.json").json
+        for d in json.loads(
+            app_client_conflicting_database_names.get("/-/databases.json").body.decode(
+                "utf8"
+            )
+        )
     ]
     for db_name, path in (("foo", "/foo.json"), ("foo-bar", "/foo-bar.json")):
-        data = app_client_conflicting_database_names.get(path).json
+        data = json.loads(
+            app_client_conflicting_database_names.get(path).body.decode("utf8")
+        )
         assert db_name == data["database"]
 
 
-def test_inspect_file_used_for_count(app_client_immutable_and_inspect_file):
-    response = app_client_immutable_and_inspect_file.get(
-        "/fixtures/sortable.json?_extra=count"
+def test_null_foreign_keys_are_not_expanded(app_client):
+    response = app_client.get(
+        "/fixtures/foreign_key_references.json?_shape=array&_labels=on"
     )
-    assert response.json["count"] == 100
-
-
-@pytest.mark.asyncio
-async def test_http_options_request(ds_client):
-    response = await ds_client.options("/fixtures")
-    assert response.status_code == 200
-    assert response.text == "ok"
-
-
-@pytest.mark.asyncio
-async def test_db_path(app_client):
-    # Needs app_client because needs file based database
-    db = app_client.ds.get_database()
-    path = pathlib.Path(db.path)
-
-    assert path.exists()
-
-    datasette = Datasette([path])
-
-    # Previously this broke if path was a pathlib.Path:
-    await datasette.refresh_schemas()
-
-
-@pytest.mark.asyncio
-async def test_hidden_sqlite_stat1_table():
-    ds = Datasette()
-    db = ds.add_memory_database("db")
-    await db.execute_write("create table normal (id integer primary key, name text)")
-    await db.execute_write("create index idx on normal (name)")
-    await db.execute_write("analyze")
-    data = (await ds.client.get("/db.json?_show_hidden=1")).json()
-    tables = [(t["name"], t["hidden"]) for t in data["tables"]]
-    assert tables in (
-        [("normal", False), ("sqlite_stat1", True)],
-        [("normal", False), ("sqlite_stat1", True), ("sqlite_stat4", True)],
-    )
-
-
-@pytest.mark.asyncio
-async def test_hide_tables_starting_with_underscore():
-    ds = Datasette()
-    db = ds.add_memory_database("test_hide_tables_starting_with_underscore")
-    await db.execute_write("create table normal (id integer primary key, name text)")
-    await db.execute_write("create table _hidden (id integer primary key, name text)")
-    data = (
-        await ds.client.get(
-            "/test_hide_tables_starting_with_underscore.json?_show_hidden=1"
-        )
-    ).json()
-    tables = [(t["name"], t["hidden"]) for t in data["tables"]]
-    assert tables == [("normal", False), ("_hidden", True)]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("db_name", ("foo", r"fo%o", "f~/c.d"))
-async def test_tilde_encoded_database_names(db_name):
-    ds = Datasette()
-    ds.add_memory_database(db_name)
-    response = await ds.client.get("/.json")
-    assert db_name in response.json()["databases"].keys()
-    path = response.json()["databases"][db_name]["path"]
-    # And the JSON for that database
-    response2 = await ds.client.get(path + ".json")
-    assert response2.status_code == 200
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "config,expected",
-    (
-        ({}, {}),
-        ({"plugins": {"datasette-foo": "bar"}}, {"plugins": {"datasette-foo": "bar"}}),
-        # Test redaction
-        (
-            {
-                "plugins": {
-                    "datasette-auth": {"secret_key": "key"},
-                    "datasette-foo": "bar",
-                    "datasette-auth2": {"password": "password"},
-                    "datasette-sentry": {
-                        "dsn": "sentry:///foo",
-                    },
-                }
-            },
-            {
-                "plugins": {
-                    "datasette-auth": {"secret_key": "***"},
-                    "datasette-foo": "bar",
-                    "datasette-auth2": {"password": "***"},
-                    "datasette-sentry": {"dsn": "***"},
-                }
-            },
-        ),
-    ),
-)
-async def test_config_json(config, expected):
-    "/-/config.json should return redacted configuration"
-    ds = Datasette(config=config)
-    response = await ds.client.get("/-/config.json")
-    assert response.json() == expected
-
-
-@pytest.mark.asyncio
-@pytest.mark.skip(reason="rm?")
-@pytest.mark.parametrize(
-    "metadata,expected_config,expected_metadata",
-    (
-        ({}, {}, {}),
-        (
-            # Metadata input
-            {
-                "title": "Datasette Fixtures",
-                "databases": {
-                    "fixtures": {
-                        "tables": {
-                            "sortable": {
-                                "sortable_columns": [
-                                    "sortable",
-                                    "sortable_with_nulls",
-                                    "sortable_with_nulls_2",
-                                    "text",
-                                ],
-                            },
-                            "no_primary_key": {"sortable_columns": [], "hidden": True},
-                            "primary_key_multiple_columns_explicit_label": {
-                                "label_column": "content2"
-                            },
-                            "simple_view": {"sortable_columns": ["content"]},
-                            "searchable_view_configured_by_metadata": {
-                                "fts_table": "searchable_fts",
-                                "fts_pk": "pk",
-                            },
-                            "roadside_attractions": {
-                                "columns": {
-                                    "name": "The name of the attraction",
-                                    "address": "The street address for the attraction",
-                                }
-                            },
-                            "attraction_characteristic": {"sort_desc": "pk"},
-                            "facet_cities": {"sort": "name"},
-                            "paginated_view": {"size": 25},
-                        },
-                    }
-                },
-            },
-            # Should produce a config with just the table configuration keys
-            {
-                "databases": {
-                    "fixtures": {
-                        "tables": {
-                            "sortable": {
-                                "sortable_columns": [
-                                    "sortable",
-                                    "sortable_with_nulls",
-                                    "sortable_with_nulls_2",
-                                    "text",
-                                ]
-                            },
-                            # These one get redacted:
-                            "no_primary_key": "***",
-                            "primary_key_multiple_columns_explicit_label": "***",
-                            "simple_view": {"sortable_columns": ["content"]},
-                            "searchable_view_configured_by_metadata": {
-                                "fts_table": "searchable_fts",
-                                "fts_pk": "pk",
-                            },
-                            "attraction_characteristic": {"sort_desc": "pk"},
-                            "facet_cities": {"sort": "name"},
-                            "paginated_view": {"size": 25},
-                        }
-                    }
-                }
-            },
-            # And metadata with everything else
-            {
-                "title": "Datasette Fixtures",
-                "databases": {
-                    "fixtures": {
-                        "tables": {
-                            "roadside_attractions": {
-                                "columns": {
-                                    "name": "The name of the attraction",
-                                    "address": "The street address for the attraction",
-                                }
-                            },
-                        }
-                    }
-                },
-            },
-        ),
-    ),
-)
-async def test_upgrade_metadata(metadata, expected_config, expected_metadata):
-    ds = Datasette(metadata=metadata)
-    response = await ds.client.get("/-/config.json")
-    assert response.json() == expected_config
-    response2 = await ds.client.get("/-/metadata.json")
-    assert response2.json() == expected_metadata
-
-
-class Either:
-    def __init__(self, a, b):
-        self.a = a
-        self.b = b
-
-    def __eq__(self, other):
-        return other == self.a or other == self.b
+    assert [
+        {
+            "pk": "1",
+            "foreign_key_with_label": {"value": "1", "label": "hello"},
+            "foreign_key_with_no_label": {"value": "1", "label": "1"},
+        },
+        {"pk": "2", "foreign_key_with_label": None, "foreign_key_with_no_label": None,},
+    ] == response.json
diff --git a/tests/test_api_write.py b/tests/test_api_write.py
deleted file mode 100644
index 76797742..00000000
--- a/tests/test_api_write.py
+++ /dev/null
@@ -1,2556 +0,0 @@
-from datasette.app import Datasette
-from datasette.events import RenameTableEvent
-from datasette.utils import escape_sqlite, sqlite3
-from .utils import last_event
-import pytest
-import time
-
-
-@pytest.fixture
-def ds_write(tmp_path_factory):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db_path_immutable = str(db_directory / "immutable.db")
-    db1 = sqlite3.connect(str(db_path))
-    db2 = sqlite3.connect(str(db_path_immutable))
-    for db in (db1, db2):
-        db.execute("vacuum")
-        db.execute(
-            "create table docs (id integer primary key, title text, score float, age integer)"
-        )
-    db1.close()
-    db2.close()
-    ds = Datasette([db_path], immutables=[db_path_immutable])
-    ds.root_enabled = True
-    yield ds
-    ds.close()
-
-
-def write_token(ds, actor_id="root", permissions=None):
-    to_sign = {"a": actor_id, "token": "dstok", "t": int(time.time())}
-    if permissions:
-        to_sign["_r"] = {"a": permissions}
-    return "dstok_{}".format(ds.sign(to_sign, namespace="token"))
-
-
-def _headers(token):
-    return {
-        "Authorization": "Bearer {}".format(token),
-        "Content-Type": "application/json",
-    }
-
-
-def _insert_and_fetch_created(conn, table, insert_sql):
-    cursor = conn.execute(insert_sql)
-    return conn.execute(
-        "select created, typeof(created) from {} where rowid = ?".format(
-            escape_sqlite(table)
-        ),
-        (cursor.lastrowid,),
-    ).fetchone()
-
-
-@pytest.mark.asyncio
-async def test_api_explorer_upsert_example_json(ds_write):
-    response = await ds_write.client.get("/-/api", actor={"id": "root"})
-    assert response.status_code == 200
-    import urllib.parse
-
-    text = urllib.parse.unquote_plus(response.text)
-    upsert_idx = text.index("/data/docs/-/upsert")
-    upsert_chunk = text[upsert_idx : upsert_idx + 500]
-    assert '"id": ""' in upsert_chunk
-    assert '"title": ""' in upsert_chunk
-    assert '"score": "<score>"' in upsert_chunk
-    assert '"age": "<age>"' in upsert_chunk
-
-
-@pytest.mark.asyncio
-async def test_api_explorer_upsert_example_json_rowid_table(tmp_path_factory):
-    db_path = str(tmp_path_factory.mktemp("dbs") / "data.db")
-    conn = sqlite3.connect(db_path)
-    conn.execute("create table things (title text, score float)")
-    conn.close()
-    ds = Datasette([db_path])
-    ds.root_enabled = True
-    response = await ds.client.get("/-/api", actor={"id": "root"})
-    assert response.status_code == 200
-    import urllib.parse
-
-    text = urllib.parse.unquote_plus(response.text)
-    upsert_idx = text.index("/data/things/-/upsert")
-    upsert_chunk = text[upsert_idx : upsert_idx + 500]
-    assert '"rowid": "<rowid (primary key)>"' in upsert_chunk
-    assert '"title": "<title>"' in upsert_chunk
-    assert '"score": "<score>"' in upsert_chunk
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "content_type",
-    (
-        "application/json",
-        "application/json; charset=utf-8",
-    ),
-)
-async def test_insert_row(ds_write, content_type):
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/docs/-/insert",
-        json={"row": {"title": "Test", "score": 1.2, "age": 5}},
-        headers={
-            "Authorization": "Bearer {}".format(token),
-            "Content-Type": content_type,
-        },
-    )
-    expected_row = {"id": 1, "title": "Test", "score": 1.2, "age": 5}
-    assert response.status_code == 201
-    assert response.json()["ok"] is True
-    assert response.json()["rows"] == [expected_row]
-    rows = (await ds_write.get_database("data").execute("select * from docs")).dicts()
-    assert rows[0] == expected_row
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.name == "insert-rows"
-    assert event.num_rows == 1
-    assert event.database == "data"
-    assert event.table == "docs"
-    assert not event.ignore
-    assert not event.replace
-
-
-@pytest.mark.asyncio
-async def test_insert_row_alter(ds_write):
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/docs/-/insert",
-        json={
-            "row": {"title": "Test", "score": 1.2, "age": 5, "extra": "extra"},
-            "alter": True,
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-    assert response.json()["ok"] is True
-    assert response.json()["rows"][0]["extra"] == "extra"
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.name == "alter-table"
-    assert "extra" not in event.before_schema
-    assert "extra" in event.after_schema
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("return_rows", (True, False))
-async def test_insert_rows(ds_write, return_rows):
-    token = write_token(ds_write)
-    data = {
-        "rows": [
-            {"title": "Test {}".format(i), "score": 1.0, "age": 5} for i in range(20)
-        ]
-    }
-    if return_rows:
-        data["return"] = True
-    response = await ds_write.client.post(
-        "/data/docs/-/insert",
-        json=data,
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.name == "insert-rows"
-    assert event.num_rows == 20
-    assert event.database == "data"
-    assert event.table == "docs"
-    assert not event.ignore
-    assert not event.replace
-
-    actual_rows = (
-        await ds_write.get_database("data").execute("select * from docs")
-    ).dicts()
-    assert len(actual_rows) == 20
-    assert actual_rows == [
-        {"id": i + 1, "title": "Test {}".format(i), "score": 1.0, "age": 5}
-        for i in range(20)
-    ]
-    assert response.json()["ok"] is True
-    if return_rows:
-        assert response.json()["rows"] == actual_rows
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,input,special_case,expected_status,expected_errors",
-    (
-        (
-            "/data2/docs/-/insert",
-            {},
-            None,
-            404,
-            ["Database not found"],
-        ),
-        (
-            "/data/docs2/-/insert",
-            {},
-            None,
-            404,
-            ["Table not found"],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test"} for i in range(10)]},
-            "bad_token",
-            403,
-            ["Permission denied"],
-        ),
-        (
-            "/data/docs/-/insert",
-            {},
-            "invalid_json",
-            400,
-            [
-                "Invalid JSON: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)"
-            ],
-        ),
-        (
-            "/data/docs/-/insert",
-            {},
-            "invalid_content_type",
-            400,
-            ["Invalid content-type, must be application/json"],
-        ),
-        (
-            "/data/docs/-/insert",
-            [],
-            None,
-            400,
-            ["JSON must be a dictionary"],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"row": "blah"},
-            None,
-            400,
-            ['"row" must be a dictionary'],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"blah": "blah"},
-            None,
-            400,
-            ['JSON must have one or other of "row" or "rows"'],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": "blah"},
-            None,
-            400,
-            ['"rows" must be a list'],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": ["blah"]},
-            None,
-            400,
-            ['"rows" must be a list of dictionaries'],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test"} for i in range(101)]},
-            None,
-            400,
-            ["Too many rows, maximum allowed is 100"],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"id": 1, "title": "Test"}, {"id": 2, "title": "Test"}]},
-            "duplicate_id",
-            400,
-            ["UNIQUE constraint failed: docs.id"],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test"}], "ignore": True, "replace": True},
-            None,
-            400,
-            ['Cannot use "ignore" and "replace" at the same time'],
-        ),
-        (
-            # Replace is not allowed if you don't have update-row
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test"}], "replace": True},
-            "insert-but-not-update",
-            403,
-            ['Permission denied: need update-row to use "replace"'],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test"}], "invalid_param": True},
-            None,
-            400,
-            ['Invalid parameter: "invalid_param"'],
-        ),
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test"}], "one": True, "two": True},
-            None,
-            400,
-            ['Invalid parameter: "one", "two"'],
-        ),
-        (
-            "/immutable/docs/-/insert",
-            {"rows": [{"title": "Test"}]},
-            None,
-            403,
-            ["Database is immutable"],
-        ),
-        # Validate columns of each row
-        (
-            "/data/docs/-/insert",
-            {"rows": [{"title": "Test", "bad": 1, "worse": 2} for i in range(2)]},
-            None,
-            400,
-            [
-                "Row 0 has invalid columns: bad, worse",
-                "Row 1 has invalid columns: bad, worse",
-            ],
-        ),
-        ## UPSERT ERRORS:
-        (
-            "/immutable/docs/-/upsert",
-            {"rows": [{"title": "Test"}]},
-            None,
-            403,
-            ["Database is immutable"],
-        ),
-        (
-            "/data/badtable/-/upsert",
-            {"rows": [{"title": "Test"}]},
-            None,
-            404,
-            ["Table not found"],
-        ),
-        # missing primary key
-        (
-            "/data/docs/-/upsert",
-            {"rows": [{"title": "Missing PK"}]},
-            None,
-            400,
-            ['Row 0 is missing primary key column(s): "id"'],
-        ),
-        # null primary key
-        (
-            "/data/docs/-/upsert",
-            {"rows": [{"id": None, "title": "Null PK"}]},
-            None,
-            400,
-            ['Row 0 has null primary key column(s): "id"'],
-        ),
-        # Upsert does not support ignore or replace
-        (
-            "/data/docs/-/upsert",
-            {"rows": [{"id": 1, "title": "Bad"}], "ignore": True},
-            None,
-            400,
-            ["Upsert does not support ignore or replace"],
-        ),
-        # Upsert permissions
-        (
-            "/data/docs/-/upsert",
-            {"rows": [{"id": 1, "title": "Disallowed"}]},
-            "insert-but-not-update",
-            403,
-            ["Permission denied: need both insert-row and update-row"],
-        ),
-        (
-            "/data/docs/-/upsert",
-            {"rows": [{"id": 1, "title": "Disallowed"}]},
-            "update-but-not-insert",
-            403,
-            ["Permission denied: need both insert-row and update-row"],
-        ),
-        # Alter table forbidden without alter permission
-        (
-            "/data/docs/-/upsert",
-            {"rows": [{"id": 1, "title": "One", "extra": "extra"}], "alter": True},
-            "update-and-insert-but-no-alter",
-            403,
-            ["Permission denied for alter-table"],
-        ),
-    ),
-)
-async def test_insert_or_upsert_row_errors(
-    ds_write, path, input, special_case, expected_status, expected_errors
-):
-    token_permissions = []
-    if special_case == "insert-but-not-update":
-        token_permissions = ["ir", "vi"]
-    if special_case == "update-but-not-insert":
-        token_permissions = ["ur", "vi"]
-    if special_case == "update-and-insert-but-no-alter":
-        token_permissions = ["ur", "ir"]
-    token = write_token(ds_write, permissions=token_permissions)
-    if special_case == "duplicate_id":
-        await ds_write.get_database("data").execute_write(
-            "insert into docs (id) values (1)"
-        )
-    if special_case == "bad_token":
-        token += "bad"
-    kwargs = dict(
-        json=input,
-        headers={
-            "Authorization": "Bearer {}".format(token),
-            "Content-Type": (
-                "text/plain"
-                if special_case == "invalid_content_type"
-                else "application/json"
-            ),
-        },
-    )
-
-    actor_response = (
-        await ds_write.client.get("/-/actor.json", headers=kwargs["headers"])
-    ).json()
-    assert set((actor_response["actor"] or {}).get("_r", {}).get("a") or []) == set(
-        token_permissions
-    )
-
-    if special_case == "invalid_json":
-        del kwargs["json"]
-        kwargs["content"] = "{bad json"
-    before_count = (
-        await ds_write.get_database("data").execute("select count(*) from docs")
-    ).rows[0][0] == 0
-    response = await ds_write.client.post(
-        path,
-        **kwargs,
-    )
-    assert response.status_code == expected_status
-    assert response.json()["ok"] is False
-    assert response.json()["errors"] == expected_errors
-    # Check that no rows were inserted
-    after_count = (
-        await ds_write.get_database("data").execute("select count(*) from docs")
-    ).rows[0][0] == 0
-    assert before_count == after_count
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("allowed", (True, False))
-async def test_upsert_permissions_per_table(ds_write, allowed):
-    # https://github.com/simonw/datasette/issues/2262
-    token = "dstok_{}".format(
-        ds_write.sign(
-            {
-                "a": "root",
-                "token": "dstok",
-                "t": int(time.time()),
-                "_r": {
-                    "r": {
-                        "data": {
-                            "docs" if allowed else "other": ["ir", "ur"],
-                        }
-                    }
-                },
-            },
-            namespace="token",
-        )
-    )
-    response = await ds_write.client.post(
-        "/data/docs/-/upsert",
-        json={"rows": [{"id": 1, "title": "One"}]},
-        headers={
-            "Authorization": "Bearer {}".format(token),
-        },
-    )
-    if allowed:
-        assert response.status_code == 200
-        assert response.json()["ok"] is True
-    else:
-        assert response.status_code == 403
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "ignore,replace,expected_rows",
-    (
-        (
-            True,
-            False,
-            [
-                {"id": 1, "title": "Exists", "score": None, "age": None},
-            ],
-        ),
-        (
-            False,
-            True,
-            [
-                {"id": 1, "title": "One", "score": None, "age": None},
-            ],
-        ),
-    ),
-)
-@pytest.mark.parametrize("should_return", (True, False))
-async def test_insert_ignore_replace(
-    ds_write, ignore, replace, expected_rows, should_return
-):
-    await ds_write.get_database("data").execute_write(
-        "insert into docs (id, title) values (1, 'Exists')"
-    )
-    token = write_token(ds_write)
-    data = {"rows": [{"id": 1, "title": "One"}]}
-    if ignore:
-        data["ignore"] = True
-    if replace:
-        data["replace"] = True
-    if should_return:
-        data["return"] = True
-    response = await ds_write.client.post(
-        "/data/docs/-/insert",
-        json=data,
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.name == "insert-rows"
-    assert event.num_rows == 1
-    assert event.database == "data"
-    assert event.table == "docs"
-    assert event.ignore == ignore
-    assert event.replace == replace
-
-    actual_rows = (
-        await ds_write.get_database("data").execute("select * from docs")
-    ).dicts()
-
-    assert actual_rows == expected_rows
-    assert response.json()["ok"] is True
-    if should_return:
-        assert response.json()["rows"] == expected_rows
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "initial,input,expected_rows",
-    (
-        (
-            # Simple primary key update
-            {"rows": [{"id": 1, "title": "One"}], "pk": "id"},
-            {"rows": [{"id": 1, "title": "Two"}]},
-            [
-                {"id": 1, "title": "Two"},
-            ],
-        ),
-        (
-            # Multiple rows update one of them
-            {
-                "rows": [{"id": 1, "title": "One"}, {"id": 2, "title": "Two"}],
-                "pk": "id",
-            },
-            {"rows": [{"id": 1, "title": "Three"}]},
-            [
-                {"id": 1, "title": "Three"},
-                {"id": 2, "title": "Two"},
-            ],
-        ),
-        (
-            # rowid update
-            {"rows": [{"title": "One"}]},
-            {"rows": [{"rowid": 1, "title": "Two"}]},
-            [
-                {"rowid": 1, "title": "Two"},
-            ],
-        ),
-        (
-            # Compound primary key update
-            {"rows": [{"id": 1, "title": "One", "score": 1}], "pks": ["id", "score"]},
-            {"rows": [{"id": 1, "title": "Two", "score": 1}]},
-            [
-                {"id": 1, "title": "Two", "score": 1},
-            ],
-        ),
-        (
-            # Upsert with an alter
-            {"rows": [{"id": 1, "title": "One"}], "pk": "id"},
-            {"rows": [{"id": 1, "title": "Two", "extra": "extra"}], "alter": True},
-            [{"id": 1, "title": "Two", "extra": "extra"}],
-        ),
-    ),
-)
-@pytest.mark.parametrize("should_return", (False, True))
-async def test_upsert(ds_write, initial, input, expected_rows, should_return):
-    token = write_token(ds_write)
-    # Insert initial data
-    initial["table"] = "upsert_test"
-    create_response = await ds_write.client.post(
-        "/data/-/create",
-        json=initial,
-        headers=_headers(token),
-    )
-    assert create_response.status_code == 201
-    if should_return:
-        input["return"] = True
-    response = await ds_write.client.post(
-        "/data/upsert_test/-/upsert",
-        json=input,
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    assert response.json()["ok"] is True
-
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.database == "data"
-    assert event.table == "upsert_test"
-    if input.get("alter"):
-        assert event.name == "alter-table"
-        assert "extra" in event.after_schema
-    else:
-        assert event.name == "upsert-rows"
-        assert event.num_rows == 1
-
-    if should_return:
-        # We only expect it to return rows corresponding to those we sent
-        expected_returned_rows = expected_rows[: len(input["rows"])]
-        assert response.json()["rows"] == expected_returned_rows
-    # Check the database too
-    actual_rows = (
-        await ds_write.client.get("/data/upsert_test.json?_shape=array")
-    ).json()
-    assert actual_rows == expected_rows
-    # Drop the upsert_test table
-    await ds_write.get_database("data").execute_write("drop table upsert_test")
-
-
-async def _insert_row(ds):
-    insert_response = await ds.client.post(
-        "/data/docs/-/insert",
-        json={"row": {"title": "Row one", "score": 1.2, "age": 5}, "return": True},
-        headers=_headers(write_token(ds)),
-    )
-    assert insert_response.status_code == 201
-    return insert_response.json()["rows"][0]["id"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("scenario", ("no_token", "no_perm", "bad_table"))
-async def test_delete_row_errors(ds_write, scenario):
-    if scenario == "no_token":
-        token = "bad_token"
-    elif scenario == "no_perm":
-        token = write_token(ds_write, actor_id="not-root")
-    else:
-        token = write_token(ds_write)
-
-    pk = await _insert_row(ds_write)
-
-    path = "/data/{}/{}/-/delete".format(
-        "docs" if scenario != "bad_table" else "bad_table", pk
-    )
-    response = await ds_write.client.post(
-        path,
-        headers=_headers(token),
-    )
-    assert response.status_code == 403 if scenario in ("no_token", "bad_token") else 404
-    assert response.json()["ok"] is False
-    assert (
-        response.json()["errors"] == ["Permission denied"]
-        if scenario == "no_token"
-        else ["Table not found"]
-    )
-    assert len((await ds_write.client.get("/data/docs.json?_shape=array")).json()) == 1
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "table,row_for_create,pks,delete_path",
-    (
-        ("rowid_table", {"name": "rowid row"}, None, None),
-        ("pk_table", {"id": 1, "name": "ID table"}, "id", "1"),
-        (
-            "compound_pk_table",
-            {"type": "article", "key": "k"},
-            ["type", "key"],
-            "article,k",
-        ),
-    ),
-)
-async def test_delete_row(ds_write, table, row_for_create, pks, delete_path):
-    # First create the table with that example row
-    create_data = {
-        "table": table,
-        "row": row_for_create,
-    }
-    if pks:
-        if isinstance(pks, str):
-            create_data["pk"] = pks
-        else:
-            create_data["pks"] = pks
-    create_response = await ds_write.client.post(
-        "/data/-/create",
-        json=create_data,
-        headers=_headers(write_token(ds_write)),
-    )
-    assert create_response.status_code == 201, create_response.json()
-    # Should be a single row
-    assert (
-        await ds_write.client.get(
-            "/data/-/query.json?_shape=arrayfirst&sql=select+count(*)+from+{}".format(
-                table
-            )
-        )
-    ).json() == [1]
-    # Now delete the row
-    if delete_path is None:
-        # Special case for that rowid table
-        delete_path = (
-            await ds_write.client.get(
-                "/data/-/query.json?_shape=arrayfirst&sql=select+rowid+from+{}".format(
-                    table
-                )
-            )
-        ).json()[0]
-
-    delete_response = await ds_write.client.post(
-        "/data/{}/{}/-/delete".format(table, delete_path),
-        headers=_headers(write_token(ds_write)),
-    )
-    assert delete_response.status_code == 200
-
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.name == "delete-row"
-    assert event.database == "data"
-    assert event.table == table
-    assert event.pks == str(delete_path).split(",")
-    assert (
-        await ds_write.client.get(
-            "/data/-/query.json?_shape=arrayfirst&sql=select+count(*)+from+{}".format(
-                table
-            )
-        )
-    ).json() == [0]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "scenario", ("no_token", "no_perm", "bad_table", "cannot_alter")
-)
-async def test_update_row_check_permission(ds_write, scenario):
-    if scenario == "no_token":
-        token = "bad_token"
-    elif scenario == "no_perm":
-        token = write_token(ds_write, actor_id="not-root")
-    elif scenario == "cannot_alter":
-        # update-row but no alter-table:
-        token = write_token(ds_write, permissions=["ur"])
-    else:
-        token = write_token(ds_write)
-
-    pk = await _insert_row(ds_write)
-
-    path = "/data/{}/{}/-/update".format(
-        "docs" if scenario != "bad_table" else "bad_table", pk
-    )
-
-    json_body = {"update": {"title": "New title"}}
-    if scenario == "cannot_alter":
-        json_body["alter"] = True
-
-    response = await ds_write.client.post(
-        path,
-        json=json_body,
-        headers=_headers(token),
-    )
-    assert response.status_code == 403 if scenario in ("no_token", "bad_token") else 404
-    assert response.json()["ok"] is False
-    assert (
-        response.json()["errors"] == ["Permission denied"]
-        if scenario == "no_token"
-        else ["Table not found"]
-    )
-
-
-@pytest.mark.asyncio
-async def test_update_row_invalid_key(ds_write):
-    token = write_token(ds_write)
-
-    pk = await _insert_row(ds_write)
-
-    path = "/data/docs/{}/-/update".format(pk)
-    response = await ds_write.client.post(
-        path,
-        json={"update": {"title": "New title"}, "bad_key": 1},
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert response.json() == {"ok": False, "errors": ["Invalid keys: bad_key"]}
-
-
-@pytest.mark.asyncio
-async def test_update_row_alter(ds_write):
-    token = write_token(ds_write, permissions=["ur", "at"])
-    pk = await _insert_row(ds_write)
-    path = "/data/docs/{}/-/update".format(pk)
-    response = await ds_write.client.post(
-        path,
-        json={"update": {"title": "New title", "extra": "extra"}, "alter": True},
-        headers=_headers(token),
-    )
-    assert response.status_code == 200
-    assert response.json() == {"ok": True}
-
-
-@pytest.mark.asyncio
-async def test_alter_table_operations(ds_write):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    before_schema = await db.execute_fn(
-        lambda conn: conn.execute(
-            "select sql from sqlite_master where type = 'table' and name = 'docs'"
-        ).fetchone()[0]
-    )
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {
-                    "op": "add_column",
-                    "args": {
-                        "name": "slug",
-                        "type": "text",
-                        "not_null": True,
-                        "default": "",
-                    },
-                },
-                {
-                    "op": "add_column",
-                    "args": {
-                        "name": "created",
-                        "type": "text",
-                        "default_expr": "current_timestamp",
-                    },
-                },
-                {
-                    "op": "add_column",
-                    "args": {
-                        "name": "literal_default",
-                        "type": "text",
-                        "default": "hello)",
-                    },
-                },
-                {"op": "rename_column", "args": {"name": "title", "to": "headline"}},
-                {
-                    "op": "alter_column",
-                    "args": {"name": "age", "type": "text", "default": "0"},
-                },
-                {"op": "drop_column", "args": {"name": "score"}},
-                {
-                    "op": "reorder_columns",
-                    "args": {
-                        "columns": [
-                            "id",
-                            "headline",
-                            "slug",
-                            "created",
-                            "literal_default",
-                            "age",
-                        ]
-                    },
-                },
-                {"op": "set_primary_key", "args": {"columns": ["id"]}},
-            ]
-        },
-        headers=_headers(token),
-    )
-
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert data["ok"] is True
-    assert data["database"] == "data"
-    assert data["table"] == "docs"
-    assert data["altered"] is True
-    assert data["operations_applied"] == 8
-    assert data["before_schema"] == before_schema
-    assert "headline" in data["schema"]
-    assert "score" not in data["schema"]
-    assert "DEFAULT CURRENT_TIMESTAMP" in data["schema"]
-    assert "DEFAULT 'hello)'" in data["schema"]
-
-    columns = (
-        await db.execute("select * from pragma_table_info('docs') order by cid")
-    ).dicts()
-    assert [column["name"] for column in columns] == [
-        "id",
-        "headline",
-        "slug",
-        "created",
-        "literal_default",
-        "age",
-    ]
-    assert columns[0]["pk"] == 1
-    assert columns[2]["notnull"] == 1
-    assert columns[2]["dflt_value"] == "''"
-    assert columns[3]["dflt_value"] == "CURRENT_TIMESTAMP"
-    assert columns[4]["dflt_value"] == "'hello)'"
-    assert columns[5]["type"] == "TEXT"
-    assert columns[5]["dflt_value"] == "'0'"
-
-    event = last_event(ds_write)
-    assert event.name == "alter-table"
-    assert event.database == "data"
-    assert event.table == "docs"
-    assert event.before_schema == before_schema
-    assert event.after_schema == data["schema"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "default_expr,minimum_value,expected_schema",
-    (
-        (
-            "current_unixtime",
-            1_600_000_000,
-            "strftime('%s', 'now')",
-        ),
-        (
-            "current_unixtime_ms",
-            1_600_000_000_000,
-            "julianday('now')",
-        ),
-    ),
-)
-async def test_alter_table_integer_default_expr(
-    ds_write, default_expr, minimum_value, expected_schema
-):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {
-                    "op": "add_column",
-                    "args": {
-                        "name": "created",
-                        "type": "integer",
-                        "default_expr": default_expr,
-                    },
-                }
-            ]
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert expected_schema in data["schema"]
-
-    columns = await db.execute("select * from pragma_table_info('docs')")
-    created_column = [
-        column for column in columns.dicts() if column["name"] == "created"
-    ][0]
-    assert created_column["type"] == "INTEGER"
-    assert expected_schema in created_column["dflt_value"]
-
-    row = await db.execute_write_fn(
-        lambda conn: _insert_and_fetch_created(
-            conn, "docs", "insert into docs (title) values ('with default')"
-        )
-    )
-    assert row[0] > minimum_value
-    assert row[1] == "integer"
-
-
-@pytest.mark.asyncio
-async def test_alter_table_rename_table(ds_write):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    before_schema = await db.execute_fn(
-        lambda conn: conn.execute(
-            "select sql from sqlite_master where type = 'table' and name = 'docs'"
-        ).fetchone()[0]
-    )
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {"op": "rename_table", "args": {"to": "documents"}},
-            ]
-        },
-        headers=_headers(token),
-    )
-
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert data["ok"] is True
-    assert data["database"] == "data"
-    assert data["table"] == "documents"
-    assert data["table_url"].endswith("/data/documents")
-    assert data["table_api_url"].endswith("/data/documents.json")
-    assert data["altered"] is True
-    assert data["operations_applied"] == 1
-    assert data["before_schema"] == before_schema
-    assert 'CREATE TABLE "documents"' in data["schema"]
-
-    tables = (
-        await db.execute(
-            "select name from sqlite_master where type = 'table' order by name"
-        )
-    ).dicts()
-    table_names = [table["name"] for table in tables]
-    assert "docs" not in table_names
-    assert "documents" in table_names
-
-    rename_events = [
-        event
-        for event in ds_write._tracked_events
-        if isinstance(event, RenameTableEvent)
-    ]
-    assert len(rename_events) == 1
-    assert rename_events[0].database == "data"
-    assert rename_events[0].old_table == "docs"
-    assert rename_events[0].new_table == "documents"
-
-
-@pytest.mark.asyncio
-async def test_alter_table_foreign_key_operations(ds_write):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    await db.execute_write("create table owners (id integer primary key)")
-    await db.execute_write("create table categories (id integer primary key)")
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {"op": "add_column", "args": {"name": "owner_id", "type": "integer"}},
-                {
-                    "op": "add_foreign_key",
-                    "args": {"column": "owner_id", "fk_table": "owners"},
-                },
-            ]
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert data["operations_applied"] == 2
-    assert "[owner_id] INTEGER REFERENCES [owners]([id])" in data["schema"]
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [{"op": "drop_foreign_key", "args": {"column": "owner_id"}}]
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert "[owner_id] INTEGER REFERENCES" not in data["schema"]
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {
-                    "op": "set_foreign_keys",
-                    "args": {
-                        "foreign_keys": [
-                            {
-                                "column": "owner_id",
-                                "fk_table": "categories",
-                                "fk_column": "id",
-                            }
-                        ]
-                    },
-                }
-            ]
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert "[owner_id] INTEGER REFERENCES [categories]([id])" in data["schema"]
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={"operations": [{"op": "set_foreign_keys", "args": {"foreign_keys": []}}]},
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert "[owner_id] INTEGER REFERENCES" not in data["schema"]
-
-
-@pytest.mark.asyncio
-async def test_alter_table_foreign_key_requires_fk_table_for_fk_column(ds_write):
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {
-                    "op": "add_foreign_key",
-                    "args": {"column": "age", "fk_column": "id"},
-                }
-            ]
-        },
-        headers=_headers(write_token(ds_write, permissions=["at"])),
-    )
-    assert response.status_code == 400
-    assert response.json() == {
-        "ok": False,
-        "errors": ["operations.0.add_foreign_key.args: fk_column requires fk_table"],
-    }
-
-
-@pytest.mark.asyncio
-async def test_alter_table_foreign_key_without_fk_column_requires_single_pk(ds_write):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    await db.execute_write(
-        "create table accounts (tenant_id integer, id integer, primary key (tenant_id, id))"
-    )
-
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={
-            "operations": [
-                {
-                    "op": "add_foreign_key",
-                    "args": {"column": "age", "fk_table": "accounts"},
-                }
-            ]
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert response.json() == {
-        "ok": False,
-        "errors": ["Could not detect single primary key for table 'accounts'"],
-    }
-
-
-@pytest.mark.asyncio
-async def test_foreign_key_suggestions(ds_write):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    await db.execute_write("create table owners (id integer primary key)")
-    await db.execute_write("insert into owners (id) values (1), (2), (3)")
-    await db.execute_write("create table categories (slug text primary key)")
-    await db.execute_write("insert into categories (slug) values ('one'), ('two')")
-    await db.execute_write("create table numbers (id integer primary key)")
-    await db.execute_write("insert into numbers (id) values (10), (20)")
-    await db.execute_write("create table weights (id real primary key)")
-    await db.execute_write("insert into weights (id) values (1.5), (2.5)")
-    await db.execute_write(
-        "insert into docs (id, title, score, age) values "
-        "(1, 'one', 1.5, 1), (2, 'two', 999.5, 2), (3, null, null, null)"
-    )
-
-    response = await ds_write.client.get(
-        "/data/docs/-/foreign-key-suggestions",
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert data["ok"] is True
-    assert data["database"] == "data"
-    assert data["table"] == "docs"
-    assert data["row_check"]["attempted"] is True
-    assert data["row_check"]["status"] == "completed"
-    assert data["row_check"]["row_limit"] == 500
-    assert data["row_check"]["sampled_rows"] == 3
-
-    columns = {column["column"]: column for column in data["columns"]}
-    assert columns["age"]["options"] == [
-        {"fk_table": "numbers", "fk_column": "id", "type": "INTEGER"},
-        {"fk_table": "owners", "fk_column": "id", "type": "INTEGER"},
-    ]
-    assert columns["age"]["suggestions"] == [
-        {
-            "fk_table": "owners",
-            "fk_column": "id",
-            "confidence": "sampled",
-            "sampled_values": 2,
-            "reasons": ["type_match", "sample_values_exist"],
-        }
-    ]
-    assert columns["title"]["options"] == [
-        {"fk_table": "categories", "fk_column": "slug", "type": "TEXT"}
-    ]
-    assert columns["title"]["suggestions"][0]["fk_table"] == "categories"
-    assert columns["score"]["options"] == [
-        {"fk_table": "weights", "fk_column": "id", "type": "REAL"}
-    ]
-    assert columns["score"]["suggestions"] == []
-
-
-@pytest.mark.asyncio
-async def test_foreign_key_suggestions_permission_denied(ds_write):
-    token = write_token(ds_write, permissions=["ir"])
-    response = await ds_write.client.get(
-        "/data/docs/-/foreign-key-suggestions",
-        headers=_headers(token),
-    )
-    assert response.status_code == 403
-    assert response.json() == {
-        "ok": False,
-        "errors": ["Permission denied: need alter-table"],
-    }
-
-
-@pytest.mark.asyncio
-async def test_foreign_key_suggestions_fail_open(ds_write, monkeypatch):
-    token = write_token(ds_write, permissions=["at"])
-    db = ds_write.get_database("data")
-    await db.execute_write("create table owners (id integer primary key)")
-
-    async def raise_timeout(*args, **kwargs):
-        raise table_create_alter.ForeignKeySuggestionTimedOut
-
-    from datasette.views import table_create_alter
-
-    monkeypatch.setattr(
-        table_create_alter,
-        "_foreign_key_suggestion_samples",
-        raise_timeout,
-    )
-
-    response = await ds_write.client.get(
-        "/data/docs/-/foreign-key-suggestions",
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    data = response.json()
-    assert data["row_check"]["status"] == "timed_out"
-    columns = {column["column"]: column for column in data["columns"]}
-    assert columns["age"]["options"] == [
-        {"fk_table": "owners", "fk_column": "id", "type": "INTEGER"}
-    ]
-    assert columns["age"]["suggestions"] == []
-
-
-@pytest.mark.asyncio
-async def test_foreign_key_targets(ds_write):
-    token = write_token(ds_write, permissions=["ct"])
-    db = ds_write.get_database("data")
-    await db.execute_write("create table owners (id integer primary key)")
-    await db.execute_write("create table categories (slug varchar(30) primary key)")
-    await db.execute_write("create table blob_things (hash blob primary key)")
-    await db.execute_write(
-        "create table numeric_codes (code decimal(10,5) primary key)"
-    )
-    await db.execute_write(
-        'create table floating_point (value "FLOATING POINT" primary key)'
-    )
-    await db.execute_write(
-        "create table compound (a integer, b integer, primary key (a, b))"
-    )
-    await db.execute_write("create table no_pk (name text)")
-    try:
-        await db.execute_write("create virtual table search_docs using fts5(body)")
-    except Exception:
-        pass
-
-    response = await ds_write.client.get(
-        "/data/-/foreign-key-targets",
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    assert response.json() == {
-        "ok": True,
-        "database": "data",
-        "targets": [
-            {
-                "fk_table": "blob_things",
-                "fk_column": "hash",
-                "type": "blob",
-            },
-            {
-                "fk_table": "categories",
-                "fk_column": "slug",
-                "type": "text",
-            },
-            {
-                "fk_table": "docs",
-                "fk_column": "id",
-                "type": "integer",
-            },
-            {
-                "fk_table": "floating_point",
-                "fk_column": "value",
-                "type": "integer",
-            },
-            {
-                "fk_table": "numeric_codes",
-                "fk_column": "code",
-                "type": "numeric",
-            },
-            {
-                "fk_table": "owners",
-                "fk_column": "id",
-                "type": "integer",
-            },
-        ],
-    }
-    assert not any(
-        target["fk_table"].startswith("search_docs_")
-        for target in response.json()["targets"]
-    )
-
-
-@pytest.mark.asyncio
-async def test_foreign_key_targets_permission_denied(ds_write):
-    token = write_token(ds_write, permissions=["ir"])
-    response = await ds_write.client.get(
-        "/data/-/foreign-key-targets",
-        headers=_headers(token),
-    )
-    assert response.status_code == 403
-    assert response.json() == {
-        "ok": False,
-        "errors": ["Permission denied: need create-table"],
-    }
-
-
-@pytest.mark.asyncio
-async def test_foreign_key_targets_allowed_for_alter_table(ds_write):
-    token = write_token(ds_write, permissions=["at"])
-    response = await ds_write.client.get(
-        "/data/-/foreign-key-targets?table=docs",
-        headers=_headers(token),
-    )
-    assert response.status_code == 200, response.text
-    assert response.json()["ok"] is True
-
-
-@pytest.mark.asyncio
-async def test_alter_table_permission_denied(ds_write):
-    token = write_token(ds_write, permissions=["ir"])
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json={"operations": [{"op": "add_column", "args": {"name": "slug"}}]},
-        headers=_headers(token),
-    )
-    assert response.status_code == 403
-    assert response.json() == {
-        "ok": False,
-        "errors": ["Permission denied: need alter-table"],
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "body,expected_error",
-    (
-        (
-            {
-                "dry_run": True,
-                "operations": [
-                    {"op": "add_column", "args": {"name": "slug", "type": "text"}}
-                ],
-            },
-            "dry_run: Extra inputs are not permitted",
-        ),
-        (
-            {"operations": [{"op": "add_column", "args": {"type": "text"}}]},
-            "operations.0.add_column.args.name: Field required",
-        ),
-        (
-            {
-                "operations": [
-                    {"op": "add_column", "args": {"name": "x", "type": "bad"}}
-                ]
-            },
-            "operations.0.add_column.args.type: Input should be 'text', 'integer', 'float' or 'blob'",
-        ),
-        (
-            {
-                "operations": [
-                    {
-                        "op": "add_column",
-                        "args": {
-                            "name": "x",
-                            "default_expr": "datetime('now')",
-                        },
-                    }
-                ]
-            },
-            "operations.0.add_column.args.default_expr: Input should be 'current_timestamp', 'current_date', 'current_time', 'current_unixtime' or 'current_unixtime_ms'",
-        ),
-        (
-            {
-                "operations": [
-                    {
-                        "op": "add_column",
-                        "args": {
-                            "name": "x",
-                            "default": "x",
-                            "default_expr": "current_timestamp",
-                        },
-                    }
-                ]
-            },
-            "operations.0.add_column.args: Value error, default and default_expr cannot both be provided",
-        ),
-    ),
-)
-async def test_alter_table_validation_errors(ds_write, body, expected_error):
-    response = await ds_write.client.post(
-        "/data/docs/-/alter",
-        json=body,
-        headers=_headers(write_token(ds_write, permissions=["at"])),
-    )
-    assert response.status_code == 400
-    assert response.json()["ok"] is False
-    assert response.json()["errors"] == [expected_error]
-
-
-@pytest.mark.asyncio
-async def test_execute_write_form_parameter_called_sql():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("execute_write_parameter_sql", name="data")
-    await db.execute_write("create table docs (id integer primary key, title text)")
-    await db.execute_write("insert into docs (id, title) values (1, 'Initial')")
-    await ds.invoke_startup()
-
-    form_response = await ds.client.get(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        params={"sql": "update docs set title = :sql where id = :id"},
-    )
-    assert form_response.status_code == 200
-    assert 'data-parameter-name-prefix="_sql_param_"' in form_response.text
-    assert '<label for="qp1">sql</label>' in form_response.text
-    assert 'name="_sql_param_sql"' in form_response.text
-    assert 'data-parameter-name="sql"' in form_response.text
-    assert 'name="_sql_param_id"' in form_response.text
-
-    response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        data={
-            "sql": "update docs set title = :sql where id = :id",
-            "_sql_param_sql": "Updated",
-            "_sql_param_id": "1",
-        },
-    )
-
-    assert response.status_code == 200
-    assert "Query executed, 1 row affected" in response.text
-    assert (await db.execute("select title from docs where id = 1")).first()[
-        0
-    ] == "Updated"
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "input,expected_errors",
-    (
-        ({"title": "New title"}, None),
-        ({"title": None}, None),
-        ({"score": 1.6}, None),
-        ({"age": 10}, None),
-        ({"title": "New title", "score": 1.6}, None),
-        ({"title2": "New title"}, ["no such column: title2"]),
-    ),
-)
-@pytest.mark.parametrize("use_return", (True, False))
-async def test_update_row(ds_write, input, expected_errors, use_return):
-    token = write_token(ds_write)
-    pk = await _insert_row(ds_write)
-
-    path = "/data/docs/{}/-/update".format(pk)
-
-    data = {"update": input}
-    if use_return:
-        data["return"] = True
-
-    response = await ds_write.client.post(
-        path,
-        json=data,
-        headers=_headers(token),
-    )
-    if expected_errors:
-        assert response.status_code == 400
-        assert response.json()["ok"] is False
-        assert response.json()["errors"] == expected_errors
-        return
-
-    assert response.json()["ok"] is True
-    if not use_return:
-        assert "row" not in response.json()
-    else:
-        returned_row = response.json()["row"]
-        assert returned_row["id"] == pk
-        for k, v in input.items():
-            assert returned_row[k] == v
-
-    # Analytics event
-    event = last_event(ds_write)
-    assert event.actor == {"id": "root", "token": "dstok"}
-    assert event.database == "data"
-    assert event.table == "docs"
-    assert event.pks == [str(pk)]
-
-    # And fetch the row to check it's updated
-    response = await ds_write.client.get(
-        "/data/docs/{}.json?_shape=array".format(pk),
-    )
-    assert response.status_code == 200
-    row = response.json()[0]
-    assert row["id"] == pk
-    for k, v in input.items():
-        assert row[k] == v
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "scenario", ("no_token", "no_perm", "bad_table", "has_perm", "immutable")
-)
-async def test_drop_table(ds_write, scenario):
-    if scenario == "no_token":
-        token = "bad_token"
-    elif scenario == "no_perm":
-        token = write_token(ds_write, actor_id="not-root")
-    else:
-        token = write_token(ds_write)
-    should_work = scenario == "has_perm"
-    await ds_write.get_database("data").execute_write(
-        "insert into docs (id, title) values (1, 'Row 1')"
-    )
-    path = "/{database}/{table}/-/drop".format(
-        database="immutable" if scenario == "immutable" else "data",
-        table="docs" if scenario != "bad_table" else "bad_table",
-    )
-    response = await ds_write.client.post(
-        path,
-        headers=_headers(token),
-    )
-    if not should_work:
-        assert (
-            response.status_code == 403
-            if scenario in ("no_token", "bad_token")
-            else 404
-        )
-        assert response.json()["ok"] is False
-        expected_error = "Permission denied"
-        if scenario == "bad_table":
-            expected_error = "Table not found"
-        elif scenario == "immutable":
-            expected_error = "Database is immutable"
-        assert response.json()["errors"] == [expected_error]
-        assert (await ds_write.client.get("/data/docs")).status_code == 200
-    else:
-        # It should show a confirmation page
-        assert response.status_code == 200
-        assert response.json() == {
-            "ok": True,
-            "database": "data",
-            "table": "docs",
-            "row_count": 1,
-            "message": 'Pass "confirm": true to confirm',
-        }
-        assert (await ds_write.client.get("/data/docs")).status_code == 200
-        # Now send confirm: true
-        response2 = await ds_write.client.post(
-            path,
-            json={"confirm": True},
-            headers=_headers(token),
-        )
-        assert response2.json() == {"ok": True}
-        # Check event
-        event = last_event(ds_write)
-        assert event.name == "drop-table"
-        assert event.actor == {"id": "root", "token": "dstok"}
-        assert event.table == "docs"
-        assert event.database == "data"
-        # Table should 404
-        assert (await ds_write.client.get("/data/docs")).status_code == 404
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "input,expected_status,expected_response,expected_events",
-    (
-        # Permission error with a bad token
-        (
-            {"table": "bad", "row": {"id": 1}},
-            403,
-            {"ok": False, "errors": ["Permission denied"]},
-            [],
-        ),
-        # Successful creation with columns:
-        (
-            {
-                "table": "one",
-                "columns": [
-                    {
-                        "name": "id",
-                        "type": "integer",
-                    },
-                    {
-                        "name": "title",
-                        "type": "text",
-                    },
-                    {
-                        "name": "score",
-                        "type": "integer",
-                    },
-                    {
-                        "name": "weight",
-                        "type": "float",
-                    },
-                    {
-                        "name": "thumbnail",
-                        "type": "blob",
-                    },
-                ],
-                "pk": "id",
-            },
-            201,
-            {
-                "ok": True,
-                "database": "data",
-                "table": "one",
-                "table_url": "http://localhost/data/one",
-                "table_api_url": "http://localhost/data/one.json",
-                "schema": (
-                    "CREATE TABLE [one] (\n"
-                    "   [id] INTEGER PRIMARY KEY,\n"
-                    "   [title] TEXT,\n"
-                    "   [score] INTEGER,\n"
-                    "   [weight] FLOAT,\n"
-                    "   [thumbnail] BLOB\n"
-                    ")"
-                ),
-            },
-            ["create-table"],
-        ),
-        # Successful creation with rows:
-        (
-            {
-                "table": "two",
-                "rows": [
-                    {
-                        "id": 1,
-                        "title": "Row 1",
-                        "score": 1.5,
-                    },
-                    {
-                        "id": 2,
-                        "title": "Row 2",
-                        "score": 1.5,
-                    },
-                ],
-                "pk": "id",
-            },
-            201,
-            {
-                "ok": True,
-                "database": "data",
-                "table": "two",
-                "table_url": "http://localhost/data/two",
-                "table_api_url": "http://localhost/data/two.json",
-                "schema": (
-                    "CREATE TABLE [two] (\n"
-                    "   [id] INTEGER PRIMARY KEY,\n"
-                    "   [title] TEXT,\n"
-                    "   [score] FLOAT\n"
-                    ")"
-                ),
-                "row_count": 2,
-            },
-            ["create-table", "insert-rows"],
-        ),
-        # Successful creation with row:
-        (
-            {
-                "table": "three",
-                "row": {
-                    "id": 1,
-                    "title": "Row 1",
-                    "score": 1.5,
-                },
-                "pk": "id",
-            },
-            201,
-            {
-                "ok": True,
-                "database": "data",
-                "table": "three",
-                "table_url": "http://localhost/data/three",
-                "table_api_url": "http://localhost/data/three.json",
-                "schema": (
-                    "CREATE TABLE [three] (\n"
-                    "   [id] INTEGER PRIMARY KEY,\n"
-                    "   [title] TEXT,\n"
-                    "   [score] FLOAT\n"
-                    ")"
-                ),
-                "row_count": 1,
-            },
-            ["create-table", "insert-rows"],
-        ),
-        # Create with row and no primary key
-        (
-            {
-                "table": "four",
-                "row": {
-                    "name": "Row 1",
-                },
-            },
-            201,
-            {
-                "ok": True,
-                "database": "data",
-                "table": "four",
-                "table_url": "http://localhost/data/four",
-                "table_api_url": "http://localhost/data/four.json",
-                "schema": ("CREATE TABLE [four] (\n" "   [name] TEXT\n" ")"),
-                "row_count": 1,
-            },
-            ["create-table", "insert-rows"],
-        ),
-        # Create table with compound primary key
-        (
-            {
-                "table": "five",
-                "row": {"type": "article", "key": 123, "title": "Article 1"},
-                "pks": ["type", "key"],
-            },
-            201,
-            {
-                "ok": True,
-                "database": "data",
-                "table": "five",
-                "table_url": "http://localhost/data/five",
-                "table_api_url": "http://localhost/data/five.json",
-                "schema": (
-                    "CREATE TABLE [five] (\n   [type] TEXT,\n   [key] INTEGER,\n"
-                    "   [title] TEXT,\n   PRIMARY KEY ([type], [key])\n)"
-                ),
-                "row_count": 1,
-            },
-            ["create-table", "insert-rows"],
-        ),
-        # Error: Table is required
-        (
-            {
-                "row": {"id": 1},
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Table is required"],
-            },
-            [],
-        ),
-        # Error: Invalid table name
-        (
-            {
-                "table": "sqlite_bad_name",
-                "row": {"id": 1},
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Invalid table name"],
-            },
-            [],
-        ),
-        # Error: JSON must be an object
-        (
-            [],
-            400,
-            {
-                "ok": False,
-                "errors": ["JSON must be an object"],
-            },
-            [],
-        ),
-        # Error: Cannot specify columns with rows or row
-        (
-            {
-                "table": "bad",
-                "columns": [{"name": "id", "type": "integer"}],
-                "rows": [{"id": 1}],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Cannot specify columns with rows or row"],
-            },
-            [],
-        ),
-        # Error: columns, rows or row is required
-        (
-            {
-                "table": "bad",
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["columns, rows or row is required"],
-            },
-            [],
-        ),
-        # Error: columns must be a list
-        (
-            {
-                "table": "bad",
-                "columns": {"name": "id", "type": "integer"},
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["columns must be a list"],
-            },
-            [],
-        ),
-        # Error: columns must be a list of objects
-        (
-            {
-                "table": "bad",
-                "columns": ["id"],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["columns must be a list of objects"],
-            },
-            [],
-        ),
-        # Error: Column name is required
-        (
-            {
-                "table": "bad",
-                "columns": [{"type": "integer"}],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Column name is required"],
-            },
-            [],
-        ),
-        # Error: Unsupported column type
-        (
-            {
-                "table": "bad",
-                "columns": [{"name": "id", "type": "bad"}],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Unsupported column type: bad"],
-            },
-            [],
-        ),
-        # Error: Duplicate column name
-        (
-            {
-                "table": "bad",
-                "columns": [
-                    {"name": "id", "type": "integer"},
-                    {"name": "id", "type": "integer"},
-                ],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Duplicate column name: id"],
-            },
-            [],
-        ),
-        # Error: rows must be a list
-        (
-            {
-                "table": "bad",
-                "rows": {"id": 1},
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["rows must be a list"],
-            },
-            [],
-        ),
-        # Error: rows must be a list of objects
-        (
-            {
-                "table": "bad",
-                "rows": ["id"],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["rows must be a list of objects"],
-            },
-            [],
-        ),
-        # Error: pk must be a string
-        (
-            {
-                "table": "bad",
-                "row": {"id": 1},
-                "pk": 1,
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["pk must be a string"],
-            },
-            [],
-        ),
-        # Error: Cannot specify both pk and pks
-        (
-            {
-                "table": "bad",
-                "row": {"id": 1, "name": "Row 1"},
-                "pk": "id",
-                "pks": ["id", "name"],
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["Cannot specify both pk and pks"],
-            },
-            [],
-        ),
-        # Error: pks must be a list
-        (
-            {
-                "table": "bad",
-                "row": {"id": 1, "name": "Row 1"},
-                "pks": "id",
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["pks must be a list"],
-            },
-            [],
-        ),
-        # Error: pks must be a list of strings
-        (
-            {"table": "bad", "row": {"id": 1, "name": "Row 1"}, "pks": [1, 2]},
-            400,
-            {"ok": False, "errors": ["pks must be a list of strings"]},
-            [],
-        ),
-        # Error: ignore and replace are mutually exclusive
-        (
-            {
-                "table": "bad",
-                "row": {"id": 1, "name": "Row 1"},
-                "pk": "id",
-                "ignore": True,
-                "replace": True,
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["ignore and replace are mutually exclusive"],
-            },
-            [],
-        ),
-        # ignore and replace require row or rows
-        (
-            {
-                "table": "bad",
-                "columns": [{"name": "id", "type": "integer"}],
-                "ignore": True,
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["ignore and replace require row or rows"],
-            },
-            [],
-        ),
-        # ignore and replace require pk or pks
-        (
-            {
-                "table": "bad",
-                "row": {"id": 1},
-                "ignore": True,
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["ignore and replace require pk or pks"],
-            },
-            [],
-        ),
-        (
-            {
-                "table": "bad",
-                "row": {"id": 1},
-                "replace": True,
-            },
-            400,
-            {
-                "ok": False,
-                "errors": ["ignore and replace require pk or pks"],
-            },
-            [],
-        ),
-    ),
-)
-async def test_create_table(
-    ds_write, input, expected_status, expected_response, expected_events
-):
-    ds_write._tracked_events = []
-    # Special case for expected status of 403
-    if expected_status == 403:
-        token = "bad_token"
-    else:
-        token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json=input,
-        headers=_headers(token),
-    )
-    assert response.status_code == expected_status
-    data = response.json()
-    assert data == expected_response
-    # Should have tracked the expected events
-    events = ds_write._tracked_events
-    assert [e.name for e in events] == expected_events
-
-
-@pytest.mark.asyncio
-async def test_create_table_with_foreign_key(ds_write):
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "owners",
-            "columns": [
-                {"name": "id", "type": "integer"},
-                {"name": "name", "type": "text"},
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "projects",
-            "columns": [
-                {"name": "id", "type": "integer"},
-                {
-                    "name": "owner_id",
-                    "type": "integer",
-                    "fk_table": "owners",
-                },
-                {"name": "title", "type": "text"},
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-    data = response.json()
-    assert "[owner_id] INTEGER REFERENCES [owners]([id])" in data["schema"]
-
-
-@pytest.mark.asyncio
-async def test_create_table_with_column_constraints(ds_write):
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "constrained",
-            "columns": [
-                {"name": "id", "type": "integer"},
-                {
-                    "name": "title",
-                    "type": "text",
-                    "not_null": True,
-                    "default": "Untitled",
-                },
-                {
-                    "name": "created",
-                    "type": "text",
-                    "default_expr": "current_timestamp",
-                },
-                {"name": "score", "type": "integer", "default": 0},
-                {"name": "literal_default", "type": "text", "default": "hello)"},
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201, response.text
-    data = response.json()
-    assert data["ok"] is True
-    assert "NOT NULL DEFAULT 'Untitled'" in data["schema"]
-    assert "DEFAULT CURRENT_TIMESTAMP" in data["schema"]
-    assert "DEFAULT 0" in data["schema"]
-    assert "DEFAULT 'hello)'" in data["schema"]
-
-    db = ds_write.get_database("data")
-    columns = (
-        await db.execute("select * from pragma_table_info('constrained') order by cid")
-    ).dicts()
-    assert [column["name"] for column in columns] == [
-        "id",
-        "title",
-        "created",
-        "score",
-        "literal_default",
-    ]
-    assert columns[0]["pk"] == 1
-    assert columns[1]["notnull"] == 1
-    assert columns[1]["dflt_value"] == "'Untitled'"
-    assert columns[2]["dflt_value"] == "CURRENT_TIMESTAMP"
-    assert columns[3]["dflt_value"] == "0"
-    assert columns[4]["dflt_value"] == "'hello)'"
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "default_expr,minimum_value,expected_schema",
-    (
-        (
-            "current_unixtime",
-            1_600_000_000,
-            "strftime('%s', 'now')",
-        ),
-        (
-            "current_unixtime_ms",
-            1_600_000_000_000,
-            "julianday('now')",
-        ),
-    ),
-)
-async def test_create_table_integer_default_expr(
-    ds_write, default_expr, minimum_value, expected_schema
-):
-    token = write_token(ds_write)
-    table = "default_{}".format(default_expr)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": table,
-            "columns": [
-                {"name": "id", "type": "integer"},
-                {
-                    "name": "created",
-                    "type": "integer",
-                    "default_expr": default_expr,
-                },
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201, response.text
-    data = response.json()
-    assert expected_schema in data["schema"]
-
-    db = ds_write.get_database("data")
-    columns = (await db.execute("select * from pragma_table_info(?)", [table])).dicts()
-    assert columns[1]["type"] == "INTEGER"
-    assert expected_schema in columns[1]["dflt_value"]
-
-    row = await db.execute_write_fn(
-        lambda conn: _insert_and_fetch_created(
-            conn, table, "insert into {} default values".format(escape_sqlite(table))
-        )
-    )
-    assert row[0] > minimum_value
-    assert row[1] == "integer"
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "column,expected_error",
-    (
-        (
-            {"name": "owner_id", "type": "integer", "fk_table": "owners"},
-            None,
-        ),
-        (
-            {"name": "owner_id", "type": "integer", "fk_column": "id"},
-            "columns.0: fk_column requires fk_table",
-        ),
-        (
-            {
-                "name": "created",
-                "type": "text",
-                "default_expr": "datetime('now')",
-            },
-            "columns.0.default_expr: Input should be 'current_timestamp', 'current_date', 'current_time', 'current_unixtime' or 'current_unixtime_ms'",
-        ),
-        (
-            {
-                "name": "created",
-                "type": "text",
-                "default": "x",
-                "default_expr": "current_timestamp",
-            },
-            "columns.0: Value error, default and default_expr cannot both be provided",
-        ),
-    ),
-)
-async def test_create_table_column_validation(ds_write, column, expected_error):
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "projects",
-            "columns": [column],
-        },
-        headers=_headers(token),
-    )
-    if expected_error:
-        assert response.status_code == 400
-        assert response.json() == {"ok": False, "errors": [expected_error]}
-    else:
-        assert response.status_code == 400
-        assert response.json() == {
-            "ok": False,
-            "errors": ["Could not detect single primary key for table 'owners'"],
-        }
-
-
-@pytest.mark.asyncio
-async def test_create_table_foreign_key_without_fk_column_requires_single_pk(ds_write):
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "accounts",
-            "columns": [
-                {"name": "tenant_id", "type": "integer"},
-                {"name": "id", "type": "integer"},
-                {"name": "name", "type": "text"},
-            ],
-            "pks": ["tenant_id", "id"],
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "projects",
-            "columns": [
-                {"name": "id", "type": "integer"},
-                {
-                    "name": "account_id",
-                    "type": "integer",
-                    "fk_table": "accounts",
-                },
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert response.json() == {
-        "ok": False,
-        "errors": ["Could not detect single primary key for table 'accounts'"],
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "permissions,body,expected_status,expected_errors",
-    (
-        (["create-table"], {"table": "t", "columns": [{"name": "c"}]}, 201, None),
-        # Need insert-row too if you use "rows":
-        (
-            ["create-table"],
-            {"table": "t", "rows": [{"name": "c"}]},
-            403,
-            ["Permission denied: need insert-row"],
-        ),
-        # This should work:
-        (
-            ["create-table", "insert-row"],
-            {"table": "t", "rows": [{"name": "c"}]},
-            201,
-            None,
-        ),
-        # If you use replace: true you need update-row too:
-        (
-            ["create-table", "insert-row"],
-            {"table": "t", "rows": [{"id": 1}], "pk": "id", "replace": True},
-            403,
-            ["Permission denied: need update-row"],
-        ),
-    ),
-)
-async def test_create_table_permissions(
-    ds_write, permissions, body, expected_status, expected_errors
-):
-    from datasette.tokens import TokenRestrictions
-
-    restrictions = TokenRestrictions()
-    for action in ["view-instance"] + permissions:
-        restrictions.allow_all(action)
-    token = await ds_write.create_token(
-        "root", handler="signed", restrictions=restrictions
-    )
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json=body,
-        headers=_headers(token),
-    )
-    assert response.status_code == expected_status
-    if expected_errors:
-        data = response.json()
-        assert data["ok"] is False
-        assert data["errors"] == expected_errors
-
-
-@pytest.mark.asyncio
-@pytest.mark.xfail(reason="Flaky, see https://github.com/simonw/datasette/issues/2356")
-@pytest.mark.parametrize(
-    "input,expected_rows_after",
-    (
-        (
-            {
-                "table": "test_insert_replace",
-                "rows": [
-                    {"id": 1, "name": "Row 1 new"},
-                    {"id": 3, "name": "Row 3 new"},
-                ],
-                "pk": "id",
-                "ignore": True,
-            },
-            [
-                {"id": 1, "name": "Row 1"},
-                {"id": 2, "name": "Row 2"},
-                {"id": 3, "name": "Row 3 new"},
-            ],
-        ),
-        (
-            {
-                "table": "test_insert_replace",
-                "rows": [
-                    {"id": 1, "name": "Row 1 new"},
-                    {"id": 3, "name": "Row 3 new"},
-                ],
-                "pk": "id",
-                "replace": True,
-            },
-            [
-                {"id": 1, "name": "Row 1 new"},
-                {"id": 2, "name": "Row 2"},
-                {"id": 3, "name": "Row 3 new"},
-            ],
-        ),
-    ),
-)
-async def test_create_table_ignore_replace(ds_write, input, expected_rows_after):
-    # Create table with two rows
-    token = write_token(ds_write)
-    first_response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "rows": [{"id": 1, "name": "Row 1"}, {"id": 2, "name": "Row 2"}],
-            "table": "test_insert_replace",
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert first_response.status_code == 201
-
-    ds_write._tracked_events = []
-
-    # Try a second time
-    second_response = await ds_write.client.post(
-        "/data/-/create",
-        json=input,
-        headers=_headers(token),
-    )
-    assert second_response.status_code == 201
-    # Check that the rows are as expected
-    rows = await ds_write.client.get("/data/test_insert_replace.json?_shape=array")
-    assert rows.json() == expected_rows_after
-
-    # Check it fired the right events
-    event_names = [e.name for e in ds_write._tracked_events]
-    assert event_names == ["insert-rows"]
-
-
-@pytest.mark.asyncio
-async def test_create_table_error_if_pk_changed(ds_write):
-    token = write_token(ds_write)
-    first_response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "rows": [{"id": 1, "name": "Row 1"}, {"id": 2, "name": "Row 2"}],
-            "table": "test_insert_replace",
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert first_response.status_code == 201
-    # Try a second time with a different pk
-    second_response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "rows": [{"id": 1, "name": "Row 1"}, {"id": 2, "name": "Row 2"}],
-            "table": "test_insert_replace",
-            "pk": "name",
-            "replace": True,
-        },
-        headers=_headers(token),
-    )
-    assert second_response.status_code == 400
-    assert second_response.json() == {
-        "ok": False,
-        "errors": ["pk cannot be changed for existing table"],
-    }
-
-
-@pytest.mark.asyncio
-async def test_create_table_error_rows_twice_with_duplicates(ds_write):
-    # Error if you don't send ignore: True or replace: True
-    token = write_token(ds_write)
-    input = {
-        "rows": [{"id": 1, "name": "Row 1"}, {"id": 2, "name": "Row 2"}],
-        "table": "test_create_twice",
-        "pk": "id",
-    }
-    first_response = await ds_write.client.post(
-        "/data/-/create",
-        json=input,
-        headers=_headers(token),
-    )
-    assert first_response.status_code == 201
-    second_response = await ds_write.client.post(
-        "/data/-/create",
-        json=input,
-        headers=_headers(token),
-    )
-    assert second_response.status_code == 400
-    assert second_response.json() == {
-        "ok": False,
-        "errors": ["UNIQUE constraint failed: test_create_twice.id"],
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path",
-    (
-        "/data/-/create",
-        "/data/docs/-/drop",
-        "/data/docs/-/insert",
-    ),
-)
-async def test_method_not_allowed(ds_write, path):
-    response = await ds_write.client.get(
-        path,
-        headers={
-            "Content-Type": "application/json",
-        },
-    )
-    assert response.status_code == 405
-    assert response.json() == {
-        "ok": False,
-        "error": "Method not allowed",
-    }
-
-
-@pytest.mark.asyncio
-async def test_create_uses_alter_by_default_for_new_table(ds_write):
-    ds_write._tracked_events = []
-    token = write_token(ds_write)
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "new_table",
-            "rows": [
-                {
-                    "name": "Row 1",
-                }
-            ]
-            * 100
-            + [
-                {"name": "Row 2", "extra": "Extra"},
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-    event_names = [e.name for e in ds_write._tracked_events]
-    assert event_names == ["create-table", "insert-rows"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("has_alter_permission", (True, False))
-async def test_create_using_alter_against_existing_table(
-    ds_write, has_alter_permission
-):
-    token = write_token(
-        ds_write, permissions=["ir", "ct"] + (["at"] if has_alter_permission else [])
-    )
-    # First create the table
-    response = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "new_table",
-            "rows": [
-                {
-                    "name": "Row 1",
-                }
-            ],
-            "pk": "id",
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-    ds_write._tracked_events = []
-    # Now try to insert more rows using /-/create with alter=True
-    response2 = await ds_write.client.post(
-        "/data/-/create",
-        json={
-            "table": "new_table",
-            "rows": [{"name": "Row 2", "extra": "extra"}],
-            "pk": "id",
-            "alter": True,
-        },
-        headers=_headers(token),
-    )
-    if not has_alter_permission:
-        assert response2.status_code == 403
-        assert response2.json() == {
-            "ok": False,
-            "errors": ["Permission denied: need alter-table"],
-        }
-    else:
-        assert response2.status_code == 201
-
-        event_names = [e.name for e in ds_write._tracked_events]
-        assert event_names == ["alter-table", "insert-rows"]
-
-        # It should have altered the table
-        alter_event = ds_write._tracked_events[0]
-        assert alter_event.name == "alter-table"
-        assert "extra" not in alter_event.before_schema
-        assert "extra" in alter_event.after_schema
-
-        insert_rows_event = ds_write._tracked_events[1]
-        assert insert_rows_event.name == "insert-rows"
-        assert insert_rows_event.num_rows == 1
diff --git a/tests/test_auth.py b/tests/test_auth.py
deleted file mode 100644
index 5868a21c..00000000
--- a/tests/test_auth.py
+++ /dev/null
@@ -1,512 +0,0 @@
-from bs4 import BeautifulSoup as Soup
-from .utils import cookie_was_deleted, last_event
-from click.testing import CliRunner
-from datasette.utils import baseconv
-from datasette.cli import cli
-from datasette.resources import (
-    DatabaseResource,
-    TableResource,
-)
-import pytest
-import time
-
-
-@pytest.mark.asyncio
-async def test_auth_token(ds_client):
-    """The /-/auth-token endpoint sets the correct cookie"""
-    assert ds_client.ds._root_token is not None
-    path = f"/-/auth-token?token={ds_client.ds._root_token}"
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert "/" == response.headers["Location"]
-    assert {"a": {"id": "root"}} == ds_client.ds.unsign(
-        response.cookies["ds_actor"], "actor"
-    )
-    # Should have recorded a login event
-    event = last_event(ds_client.ds)
-    assert event.name == "login"
-    assert event.actor == {"id": "root"}
-    # Check that a second with same token fails
-    assert ds_client.ds._root_token is None
-    assert (await ds_client.get(path)).status_code == 403
-    # But attempting with same token while logged in as root should redirect to /
-    response = await ds_client.get(
-        path, cookies={"ds_actor": ds_client.actor_cookie({"id": "root"})}
-    )
-    assert response.status_code == 302
-    assert response.headers["Location"] == "/"
-
-
-@pytest.mark.asyncio
-async def test_actor_cookie(ds_client):
-    """A valid actor cookie sets request.scope['actor']"""
-    cookie = ds_client.actor_cookie({"id": "test"})
-    await ds_client.get("/", cookies={"ds_actor": cookie})
-    assert ds_client.ds._last_request.scope["actor"] == {"id": "test"}
-
-
-@pytest.mark.asyncio
-async def test_actor_cookie_invalid(ds_client):
-    cookie = ds_client.actor_cookie({"id": "test"})
-    # Break the signature
-    await ds_client.get("/", cookies={"ds_actor": cookie[:-1] + "."})
-    assert ds_client.ds._last_request.scope["actor"] is None
-    # Break the cookie format
-    cookie = ds_client.ds.sign({"b": {"id": "test"}}, "actor")
-    await ds_client.get("/", cookies={"ds_actor": cookie})
-    assert ds_client.ds._last_request.scope["actor"] is None
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "offset,expected",
-    [
-        ((24 * 60 * 60), {"id": "test"}),
-        (-(24 * 60 * 60), None),
-    ],
-)
-async def test_actor_cookie_that_expires(ds_client, offset, expected):
-    expires_at = int(time.time()) + offset
-    cookie = ds_client.ds.sign(
-        {"a": {"id": "test"}, "e": baseconv.base62.encode(expires_at)}, "actor"
-    )
-    await ds_client.get("/", cookies={"ds_actor": cookie})
-    assert ds_client.ds._last_request.scope["actor"] == expected
-
-
-def test_logout(app_client):
-    # Keeping app_client for the moment because of csrftoken_from
-    response = app_client.get(
-        "/-/logout", cookies={"ds_actor": app_client.actor_cookie({"id": "test"})}
-    )
-    assert 200 == response.status
-    assert "<p>You are logged in as <strong>test</strong></p>" in response.text
-    # Actors without an id get full serialization
-    response2 = app_client.get(
-        "/-/logout", cookies={"ds_actor": app_client.actor_cookie({"name2": "bob"})}
-    )
-    assert 200 == response2.status
-    assert (
-        "<p>You are logged in as <strong>{'name2': 'bob'}</strong></p>"
-        in response2.text
-    )
-    # If logged out you get a redirect to /
-    response3 = app_client.get("/-/logout")
-    assert 302 == response3.status
-    # A POST to that page should log the user out
-    response4 = app_client.post(
-        "/-/logout",
-        csrftoken_from=True,
-        cookies={"ds_actor": app_client.actor_cookie({"id": "test"})},
-    )
-    # Should have recorded a logout event
-    event = last_event(app_client.ds)
-    assert event.name == "logout"
-    assert event.actor == {"id": "test"}
-    # The ds_actor cookie should have been unset
-    assert cookie_was_deleted(response4, "ds_actor")
-    # Should also have set a message
-    messages = app_client.ds.unsign(response4.cookies["ds_messages"], "messages")
-    assert [["You are now logged out", 2]] == messages
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("path", ["/", "/fixtures", "/fixtures/facetable"])
-async def test_logout_button_in_navigation(ds_client, path):
-    response = await ds_client.get(
-        path, cookies={"ds_actor": ds_client.actor_cookie({"id": "test"})}
-    )
-    anon_response = await ds_client.get(path)
-    for fragment in (
-        "<strong>test</strong>",
-        '<form class="nav-menu-logout" action="/-/logout" method="post">',
-    ):
-        assert fragment in response.text
-        assert fragment not in anon_response.text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("path", ["/", "/fixtures", "/fixtures/facetable"])
-async def test_no_logout_button_in_navigation_if_no_ds_actor_cookie(ds_client, path):
-    response = await ds_client.get(path + "?_bot=1")
-    assert "<strong>bot</strong>" in response.text
-    assert (
-        '<form class="nav-menu-logout" action="/-/logout" method="post">'
-        not in response.text
-    )
-
-
-@pytest.mark.parametrize(
-    "post_data,errors,expected_duration,expected_r",
-    (
-        ({"expire_type": ""}, [], None, None),
-        ({"expire_type": "x"}, ["Invalid expire duration"], None, None),
-        ({"expire_type": "minutes"}, ["Invalid expire duration"], None, None),
-        (
-            {"expire_type": "minutes", "expire_duration": "x"},
-            ["Invalid expire duration"],
-            None,
-            None,
-        ),
-        (
-            {"expire_type": "minutes", "expire_duration": "-1"},
-            ["Invalid expire duration"],
-            None,
-            None,
-        ),
-        (
-            {"expire_type": "minutes", "expire_duration": "0"},
-            ["Invalid expire duration"],
-            None,
-            None,
-        ),
-        ({"expire_type": "minutes", "expire_duration": "10"}, [], 600, None),
-        ({"expire_type": "hours", "expire_duration": "10"}, [], 10 * 60 * 60, None),
-        ({"expire_type": "days", "expire_duration": "3"}, [], 60 * 60 * 24 * 3, None),
-        # Token restrictions
-        ({"all:view-instance": "on"}, [], None, {"a": ["vi"]}),
-        ({"database:fixtures:view-query": "on"}, [], None, {"d": {"fixtures": ["vq"]}}),
-        (
-            {"resource:fixtures:facetable:insert-row": "on"},
-            [],
-            None,
-            {"r": {"fixtures": {"facetable": ["ir"]}}},
-        ),
-    ),
-)
-def test_auth_create_token(
-    app_client, post_data, errors, expected_duration, expected_r
-):
-    assert app_client.get("/-/create-token").status == 403
-    ds_actor = app_client.actor_cookie({"id": "test"})
-    response = app_client.get("/-/create-token", cookies={"ds_actor": ds_actor})
-    assert response.status == 200
-    assert ">Create an API token<" in response.text
-    # Confirm some aspects of expected set of checkboxes
-    soup = Soup(response.text, "html.parser")
-    checkbox_names = {el["name"] for el in soup.select('input[type="checkbox"]')}
-    assert checkbox_names.issuperset(
-        {
-            "all:view-instance",
-            "all:view-query",
-            "database:fixtures:drop-table",
-            "resource:fixtures:foreign_key_references:insert-row",
-            "resource:fixtures:facetable:set-column-type",
-        }
-    )
-    # Now try actually creating one
-    response2 = app_client.post(
-        "/-/create-token",
-        post_data,
-        csrftoken_from=True,
-        cookies={"ds_actor": ds_actor},
-    )
-    assert response2.status == 200
-    if errors:
-        for error in errors:
-            assert '<p class="message-error">{}</p>'.format(error) in response2.text
-    else:
-        # Check create-token event
-        event = last_event(app_client.ds)
-        assert event.name == "create-token"
-        assert event.expires_after == expected_duration
-        assert isinstance(event.restrict_all, list)
-        assert isinstance(event.restrict_database, dict)
-        assert isinstance(event.restrict_resource, dict)
-        # Extract token from page
-        token = response2.text.split('value="dstok_')[1].split('"')[0]
-        details = app_client.ds.unsign(token, "token")
-        if expected_r:
-            r = details.pop("_r")
-            assert r == expected_r
-        assert details.keys() == {"a", "t", "d"} or details.keys() == {"a", "t"}
-        assert details["a"] == "test"
-        if expected_duration is None:
-            assert "d" not in details
-        else:
-            assert details["d"] == expected_duration
-        # And test that token
-        response3 = app_client.get(
-            "/-/actor.json",
-            headers={"Authorization": "Bearer {}".format("dstok_{}".format(token))},
-        )
-        assert response3.status == 200
-        assert response3.json["actor"]["id"] == "test"
-
-
-@pytest.mark.asyncio
-async def test_auth_create_token_not_allowed_for_tokens(ds_client):
-    ds_tok = ds_client.ds.sign({"a": "test", "token": "dstok"}, "token")
-    response = await ds_client.get(
-        "/-/create-token",
-        headers={"Authorization": "Bearer dstok_{}".format(ds_tok)},
-    )
-    assert response.status_code == 403
-
-
-@pytest.mark.asyncio
-async def test_auth_create_token_not_allowed_if_allow_signed_tokens_off(ds_client):
-    ds_client.ds._settings["allow_signed_tokens"] = False
-    try:
-        ds_actor = ds_client.actor_cookie({"id": "test"})
-        response = await ds_client.get(
-            "/-/create-token", cookies={"ds_actor": ds_actor}
-        )
-        assert response.status_code == 403
-    finally:
-        ds_client.ds._settings["allow_signed_tokens"] = True
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "scenario,should_work",
-    (
-        ("allow_signed_tokens_off", False),
-        ("no_token", False),
-        ("no_timestamp", False),
-        ("invalid_token", False),
-        ("expired_token", False),
-        ("valid_unlimited_token", True),
-        ("valid_expiring_token", True),
-    ),
-)
-async def test_auth_with_dstok_token(ds_client, scenario, should_work):
-    token = None
-    _time = int(time.time())
-    if scenario in ("valid_unlimited_token", "allow_signed_tokens_off"):
-        token = ds_client.ds.sign({"a": "test", "t": _time}, "token")
-    elif scenario == "valid_expiring_token":
-        token = ds_client.ds.sign({"a": "test", "t": _time - 50, "d": 1000}, "token")
-    elif scenario == "expired_token":
-        token = ds_client.ds.sign({"a": "test", "t": _time - 2000, "d": 1000}, "token")
-    elif scenario == "no_timestamp":
-        token = ds_client.ds.sign({"a": "test"}, "token")
-    elif scenario == "invalid_token":
-        token = "invalid"
-    if token:
-        token = "dstok_{}".format(token)
-    if scenario == "allow_signed_tokens_off":
-        ds_client.ds._settings["allow_signed_tokens"] = False
-    headers = {}
-    if token:
-        headers["Authorization"] = "Bearer {}".format(token)
-    response = await ds_client.get("/-/actor.json", headers=headers)
-    try:
-        if should_work:
-            data = response.json()
-            assert data.keys() == {"actor"}
-            actor = data["actor"]
-            expected_keys = {"id", "token"}
-            if scenario != "valid_unlimited_token":
-                expected_keys.add("token_expires")
-            assert actor.keys() == expected_keys
-            assert actor["id"] == "test"
-            assert actor["token"] == "dstok"
-            if scenario != "valid_unlimited_token":
-                assert isinstance(actor["token_expires"], int)
-        else:
-            assert response.json() == {"actor": None}
-    finally:
-        ds_client.ds._settings["allow_signed_tokens"] = True
-
-
-@pytest.mark.parametrize("expires", (None, 1000, -1000))
-def test_cli_create_token(app_client, expires):
-    secret = app_client.ds._secret
-    runner = CliRunner()
-    args = ["create-token", "--secret", secret, "test"]
-    if expires:
-        args += ["--expires-after", str(expires)]
-    result = runner.invoke(cli, args)
-    assert result.exit_code == 0
-    token = result.output.strip()
-    assert token.startswith("dstok_")
-    details = app_client.ds.unsign(token[len("dstok_") :], "token")
-    expected_keys = {"a", "t"}
-    if expires:
-        expected_keys.add("d")
-    assert details.keys() == expected_keys
-    assert details["a"] == "test"
-    response = app_client.get(
-        "/-/actor.json", headers={"Authorization": "Bearer {}".format(token)}
-    )
-    if expires is None or expires > 0:
-        expected_actor = {
-            "id": "test",
-            "token": "dstok",
-        }
-        if expires and expires > 0:
-            expected_actor["token_expires"] = details["t"] + expires
-        assert response.json == {"actor": expected_actor}
-    else:
-        expected_actor = None
-    assert response.json == {"actor": expected_actor}
-
-
-@pytest.mark.asyncio
-async def test_root_with_root_enabled_gets_all_permissions(ds_client):
-    """Root user with root_enabled=True gets all permissions"""
-    # Ensure catalog tables are populated
-    await ds_client.ds.invoke_startup()
-    await ds_client.ds._refresh_schemas()
-
-    # Set root_enabled to simulate --root flag
-    ds_client.ds.root_enabled = True
-
-    root_actor = {"id": "root"}
-
-    # Test instance-level permissions (no resource)
-    assert (
-        await ds_client.ds.allowed(action="permissions-debug", actor=root_actor) is True
-    )
-    assert await ds_client.ds.allowed(action="debug-menu", actor=root_actor) is True
-
-    # Test view permissions using the new ds.allowed() method
-    assert await ds_client.ds.allowed(action="view-instance", actor=root_actor) is True
-
-    assert (
-        await ds_client.ds.allowed(
-            action="view-database",
-            resource=DatabaseResource("fixtures"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="view-table",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    # Test write permissions using ds.allowed()
-    assert (
-        await ds_client.ds.allowed(
-            action="insert-row",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="delete-row",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="update-row",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="create-table",
-            resource=DatabaseResource("fixtures"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="alter-table",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="set-column-type",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-    assert (
-        await ds_client.ds.allowed(
-            action="drop-table",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is True
-    )
-
-
-@pytest.mark.asyncio
-async def test_root_without_root_enabled_no_special_permissions(ds_client):
-    """Root user without root_enabled doesn't get automatic permissions"""
-    # Ensure catalog tables are populated
-    await ds_client.ds.invoke_startup()
-    await ds_client.ds._refresh_schemas()
-
-    # Ensure root_enabled is NOT set (or is False)
-    ds_client.ds.root_enabled = False
-
-    root_actor = {"id": "root"}
-
-    # Test permissions that normally require special access
-    # Without root_enabled, root should follow normal permission rules
-
-    # View permissions should still work (default=True)
-    assert (
-        await ds_client.ds.allowed(action="view-instance", actor=root_actor) is True
-    )  # Default permission
-
-    assert (
-        await ds_client.ds.allowed(
-            action="view-database",
-            resource=DatabaseResource("fixtures"),
-            actor=root_actor,
-        )
-        is True
-    )  # Default permission
-
-    # But restricted permissions should NOT automatically be granted
-    # Test with instance-level permission (no resource class)
-    result = await ds_client.ds.allowed(action="permissions-debug", actor=root_actor)
-    assert (
-        result is not True
-    ), "Root without root_enabled should not automatically get permissions-debug"
-
-    # Test with resource-based permissions using ds.allowed()
-    assert (
-        await ds_client.ds.allowed(
-            action="create-table",
-            resource=DatabaseResource("fixtures"),
-            actor=root_actor,
-        )
-        is not True
-    ), "Root without root_enabled should not automatically get create-table"
-
-    assert (
-        await ds_client.ds.allowed(
-            action="drop-table",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is not True
-    ), "Root without root_enabled should not automatically get drop-table"
-
-    assert (
-        await ds_client.ds.allowed(
-            action="set-column-type",
-            resource=TableResource("fixtures", "facetable"),
-            actor=root_actor,
-        )
-        is not True
-    ), "Root without root_enabled should not automatically get set-column-type"
diff --git a/tests/test_autocomplete.py b/tests/test_autocomplete.py
deleted file mode 100644
index 76b9c902..00000000
--- a/tests/test_autocomplete.py
+++ /dev/null
@@ -1,253 +0,0 @@
-import pytest
-
-from datasette.app import Datasette
-from datasette.database import QueryInterrupted
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_single_pk_exact_match_and_label_order():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("autocomplete_single")
-    await db.execute_write_script("""
-        create table people (
-            id integer primary key,
-            name text
-        );
-        insert into people (id, name) values
-            (2, 'Longer non-label pk match'),
-            (20, '2'),
-            (21, '22'),
-            (200, 'A'),
-            (3, 'A label containing 2');
-        """)
-
-    response = await ds.client.get("/autocomplete_single/people/-/autocomplete?q=2")
-
-    assert response.status_code == 200
-    assert response.json() == {
-        "rows": [
-            {"pks": {"id": 2}, "label": "Longer non-label pk match"},
-            {"pks": {"id": 20}, "label": "2"},
-            {"pks": {"id": 21}, "label": "22"},
-            {"pks": {"id": 3}, "label": "A label containing 2"},
-            {"pks": {"id": 200}, "label": "A"},
-        ]
-    }
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_blank_q_returns_no_results():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("autocomplete_blank")
-    await db.execute_write_script("""
-        create table people (
-            id integer primary key,
-            name text
-        );
-        insert into people (id, name) values
-            (1, 'Alice'),
-            (2, 'Bob');
-        """)
-
-    response = await ds.client.get("/autocomplete_blank/people/-/autocomplete?q=")
-
-    assert response.status_code == 200
-    assert response.json() == {"rows": []}
-
-    response = await ds.client.get("/autocomplete_blank/people/-/autocomplete")
-
-    assert response.status_code == 200
-    assert response.json() == {"rows": []}
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_initial_returns_latest_rows():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("autocomplete_initial")
-    await db.execute_write_script("""
-        create table people (
-            id integer primary key,
-            name text
-        );
-        insert into people (id, name) values
-            (1, 'Alice'),
-            (2, 'Bob'),
-            (3, 'Cleo');
-        """)
-
-    response = await ds.client.get(
-        "/autocomplete_initial/people/-/autocomplete?_initial=1"
-    )
-
-    assert response.status_code == 200
-    assert response.json() == {
-        "rows": [
-            {"pks": {"id": 3}, "label": "Cleo"},
-            {"pks": {"id": 2}, "label": "Bob"},
-            {"pks": {"id": 1}, "label": "Alice"},
-        ]
-    }
-
-    response = await ds.client.get(
-        "/autocomplete_initial/people/-/autocomplete?q=&_initial=1"
-    )
-
-    assert response.status_code == 200
-    assert response.json() == {
-        "rows": [
-            {"pks": {"id": 3}, "label": "Cleo"},
-            {"pks": {"id": 2}, "label": "Bob"},
-            {"pks": {"id": 1}, "label": "Alice"},
-        ]
-    }
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_escapes_like_characters():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("autocomplete_escape")
-    await db.execute_write_script("""
-        create table tags (
-            id integer primary key,
-            name text
-        );
-        insert into tags (id, name) values
-            (1, '100% real'),
-            (2, '100X real'),
-            (3, '100 percent real');
-        """)
-
-    response = await ds.client.get("/autocomplete_escape/tags/-/autocomplete?q=100%25")
-
-    assert response.status_code == 200
-    assert response.json() == {
-        "rows": [
-            {"pks": {"id": 1}, "label": "100% real"},
-        ]
-    }
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_compound_pk_searches_all_pk_columns():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("autocomplete_compound")
-    await db.execute_write_script("""
-        create table places (
-            country text,
-            code text,
-            name text,
-            primary key (country, code)
-        );
-        insert into places (country, code, name) values
-            ('us', 'ca', 'California'),
-            ('ca', 'bc', 'British Columbia'),
-            ('mx', 'ca', 'Campeche'),
-            ('zz', 'zz', 'Nothing');
-        """)
-
-    response = await ds.client.get("/autocomplete_compound/places/-/autocomplete?q=ca")
-
-    assert response.status_code == 200
-    assert response.json() == {
-        "rows": [
-            {"pks": {"country": "mx", "code": "ca"}, "label": "Campeche"},
-            {"pks": {"country": "us", "code": "ca"}, "label": "California"},
-            {"pks": {"country": "ca", "code": "bc"}, "label": "British Columbia"},
-        ]
-    }
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_primary_key_called_label():
-    ds = Datasette(
-        memory=True,
-        config={
-            "databases": {
-                "autocomplete_label_pk": {
-                    "tables": {"things": {"label_column": "name"}}
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("autocomplete_label_pk")
-    await db.execute_write_script("""
-        create table things (
-            label text primary key,
-            name text
-        );
-        insert into things (label, name) values
-            ('abc', 'Display value'),
-            ('def', 'Other value');
-        """)
-
-    response = await ds.client.get("/autocomplete_label_pk/things/-/autocomplete?q=abc")
-
-    assert response.status_code == 200
-    assert response.json() == {
-        "rows": [
-            {"pks": {"label": "abc"}, "label": "Display value"},
-        ]
-    }
-
-
-@pytest.mark.asyncio
-async def test_autocomplete_timeout_uses_prefix_fallback(monkeypatch):
-    ds = Datasette(
-        memory=True,
-        config={
-            "databases": {
-                "autocomplete_timeout": {"tables": {"things": {"label_column": "name"}}}
-            }
-        },
-        settings={
-            "num_sql_threads": 1,
-        },
-    )
-    db = ds.add_memory_database("autocomplete_timeout")
-    await db.execute_write_script("""
-        create table things (
-            id text primary key,
-            name text
-        );
-        insert into things (id, name) values
-            ('other-000001', 'item-1999 label-only match');
-        """)
-
-    def insert_rows(conn):
-        conn.executemany(
-            "insert into things (id, name) values (?, ?)",
-            ((f"item-1999{i:02d}", f"name 1999{i:02d}") for i in range(12)),
-        )
-
-    await db.execute_write_fn(insert_rows)
-
-    original_execute = db.execute
-    timeout_was_simulated = False
-
-    async def execute_with_simulated_timeout(sql, params=None, *args, **kwargs):
-        nonlocal timeout_was_simulated
-        if (
-            not timeout_was_simulated
-            and isinstance(params, dict)
-            and params.get("q") == "item-1999"
-            and "prefix_end" not in params
-        ):
-            timeout_was_simulated = True
-            raise QueryInterrupted(Exception("interrupted"), sql, params)
-        return await original_execute(sql, params, *args, **kwargs)
-
-    monkeypatch.setattr(db, "execute", execute_with_simulated_timeout)
-
-    response = await ds.client.get(
-        "/autocomplete_timeout/things/-/autocomplete?q=item-1999"
-    )
-
-    assert response.status_code == 200
-    assert timeout_was_simulated
-    data = response.json()
-    assert data == {
-        "rows": [
-            {"pks": {"id": f"item-1999{i:02d}"}, "label": f"name 1999{i:02d}"}
-            for i in range(10)
-        ]
-    }
diff --git a/tests/test_base_view.py b/tests/test_base_view.py
deleted file mode 100644
index 2cd4d601..00000000
--- a/tests/test_base_view.py
+++ /dev/null
@@ -1,84 +0,0 @@
-from datasette.views.base import View
-from datasette import Request, Response
-from datasette.app import Datasette
-import json
-import pytest
-
-
-class GetView(View):
-    async def get(self, request, datasette):
-        return Response.json(
-            {
-                "absolute_url": datasette.absolute_url(request, "/"),
-                "request_path": request.path,
-            }
-        )
-
-
-class GetAndPostView(GetView):
-    async def post(self, request, datasette):
-        return Response.json(
-            {
-                "method": request.method,
-                "absolute_url": datasette.absolute_url(request, "/"),
-                "request_path": request.path,
-            }
-        )
-
-
-@pytest.mark.asyncio
-async def test_get_view():
-    v = GetView()
-    datasette = Datasette()
-    response = await v(Request.fake("/foo"), datasette)
-    assert json.loads(response.body) == {
-        "absolute_url": "http://localhost/",
-        "request_path": "/foo",
-    }
-    # Try a HEAD request
-    head_response = await v(Request.fake("/foo", method="HEAD"), datasette)
-    assert head_response.body == ""
-    assert head_response.status == 200
-    # And OPTIONS
-    options_response = await v(Request.fake("/foo", method="OPTIONS"), datasette)
-    assert options_response.body == "ok"
-    assert options_response.status == 200
-    assert options_response.headers["allow"] == "HEAD, GET"
-    # And POST
-    post_response = await v(Request.fake("/foo", method="POST"), datasette)
-    assert post_response.body == "Method not allowed"
-    assert post_response.status == 405
-    # And POST with .json extension
-    post_json_response = await v(Request.fake("/foo.json", method="POST"), datasette)
-    assert json.loads(post_json_response.body) == {
-        "ok": False,
-        "error": "Method not allowed",
-    }
-    assert post_json_response.status == 405
-
-
-@pytest.mark.asyncio
-async def test_post_view():
-    v = GetAndPostView()
-    datasette = Datasette()
-    response = await v(Request.fake("/foo"), datasette)
-    assert json.loads(response.body) == {
-        "absolute_url": "http://localhost/",
-        "request_path": "/foo",
-    }
-    # Try a HEAD request
-    head_response = await v(Request.fake("/foo", method="HEAD"), datasette)
-    assert head_response.body == ""
-    assert head_response.status == 200
-    # And OPTIONS
-    options_response = await v(Request.fake("/foo", method="OPTIONS"), datasette)
-    assert options_response.body == "ok"
-    assert options_response.status == 200
-    assert options_response.headers["allow"] == "HEAD, GET, POST"
-    # And POST
-    post_response = await v(Request.fake("/foo", method="POST"), datasette)
-    assert json.loads(post_response.body) == {
-        "method": "POST",
-        "absolute_url": "http://localhost/",
-        "request_path": "/foo",
-    }
diff --git a/tests/test_black.py b/tests/test_black.py
new file mode 100644
index 00000000..d09b2514
--- /dev/null
+++ b/tests/test_black.py
@@ -0,0 +1,13 @@
+import black
+from click.testing import CliRunner
+from pathlib import Path
+import pytest
+import sys
+
+code_root = Path(__file__).parent.parent
+
+
+def test_black():
+    runner = CliRunner()
+    result = runner.invoke(black.main, [str(code_root), "--check"])
+    assert result.exit_code == 0, result.output
diff --git a/tests/test_cli.py b/tests/test_cli.py
index f86d6909..d1ab6522 100644
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -1,22 +1,8 @@
-from .fixtures import (
-    make_app_client,
-    TestClient as _TestClient,
-    EXPECTED_PLUGINS,
-)
-from datasette.app import SETTINGS
-from datasette.plugins import DEFAULT_PLUGINS, pm
-from datasette.cli import cli, serve
-from datasette.version import __version__
-from datasette.utils import tilde_encode
-from datasette.utils.sqlite import sqlite3
+from .fixtures import app_client, make_app_client
+from datasette.cli import cli
 from click.testing import CliRunner
-import io
-import json
 import pathlib
-import pytest
-import sys
-import textwrap
-from unittest import mock
+import json
 
 
 def test_inspect_cli(app_client):
@@ -35,565 +21,28 @@ def test_inspect_cli(app_client):
         assert expected_count == database["tables"][table_name]["count"]
 
 
-def test_inspect_cli_counts_all_rows(tmp_path):
-    db_path = tmp_path / "big.db"
-    conn = sqlite3.connect(db_path)
-    with conn:
-        conn.execute("create table t (id integer primary key)")
-        conn.executemany("insert into t (id) values (?)", ((i,) for i in range(10002)))
-    conn.close()
-
-    runner = CliRunner()
-    result = runner.invoke(cli, ["inspect", str(db_path)])
-    assert result.exit_code == 0, result.output
-    data = json.loads(result.output)
-
-    assert data["big"]["tables"]["t"]["count"] == 10002
-
-
 def test_inspect_cli_writes_to_file(app_client):
     runner = CliRunner()
     result = runner.invoke(
         cli, ["inspect", "fixtures.db", "--inspect-file", "foo.json"]
     )
-    assert result.exit_code == 0, result.output
-    with open("foo.json") as fp:
-        data = json.load(fp)
+    assert 0 == result.exit_code, result.output
+    data = json.load(open("foo.json"))
     assert ["fixtures"] == list(data.keys())
 
 
 def test_serve_with_inspect_file_prepopulates_table_counts_cache():
     inspect_data = {"fixtures": {"tables": {"hithere": {"count": 44}}}}
-    with make_app_client(inspect_data=inspect_data, is_immutable=True) as client:
+    for client in make_app_client(inspect_data=inspect_data, is_immutable=True):
         assert inspect_data == client.ds.inspect_data
         db = client.ds.databases["fixtures"]
         assert {"hithere": 44} == db.cached_table_counts
 
 
-@pytest.mark.parametrize(
-    "spatialite_paths,should_suggest_load_extension",
-    (
-        ([], False),
-        (["/tmp"], True),
-    ),
-)
-def test_spatialite_error_if_attempt_to_open_spatialite(
-    spatialite_paths, should_suggest_load_extension
-):
-    with mock.patch("datasette.utils.SPATIALITE_PATHS", spatialite_paths):
-        runner = CliRunner()
-        result = runner.invoke(
-            cli, ["serve", str(pathlib.Path(__file__).parent / "spatialite.db")]
-        )
-        assert result.exit_code != 0
-        assert "It looks like you're trying to load a SpatiaLite" in result.output
-        suggestion = "--load-extension=spatialite"
-        if should_suggest_load_extension:
-            assert suggestion in result.output
-        else:
-            assert suggestion not in result.output
-
-
-@mock.patch("datasette.utils.SPATIALITE_PATHS", ["/does/not/exist"])
-def test_spatialite_error_if_cannot_find_load_extension_spatialite():
+def test_spatialite_error_if_attempt_to_open_spatialite():
     runner = CliRunner()
     result = runner.invoke(
-        cli,
-        [
-            "serve",
-            str(pathlib.Path(__file__).parent / "spatialite.db"),
-            "--load-extension",
-            "spatialite",
-        ],
+        cli, ["serve", str(pathlib.Path(__file__).parent / "spatialite.db")]
     )
     assert result.exit_code != 0
-    assert "Could not find SpatiaLite extension" in result.output
-
-
-def test_plugins_cli(app_client):
-    runner = CliRunner()
-    result1 = runner.invoke(cli, ["plugins"])
-    actual_plugins = sorted(
-        [p for p in json.loads(result1.output) if p["name"] != "TrackEventPlugin"],
-        key=lambda p: p["name"],
-    )
-    assert actual_plugins == EXPECTED_PLUGINS
-    # Try with --all
-    result2 = runner.invoke(cli, ["plugins", "--all"])
-    names = [p["name"] for p in json.loads(result2.output)]
-    # Should have all the EXPECTED_PLUGINS
-    assert set(names).issuperset({p["name"] for p in EXPECTED_PLUGINS})
-    # And the following too:
-    assert set(names).issuperset(DEFAULT_PLUGINS)
-    # --requirements should be empty because there are no installed non-plugins-dir plugins
-    result3 = runner.invoke(cli, ["plugins", "--requirements"])
-    assert result3.output == ""
-
-
-def test_metadata_yaml():
-    yaml_file = io.StringIO(textwrap.dedent("""
-    title: Hello from YAML
-    """))
-    # Annoyingly we have to provide all default arguments here:
-    ds = serve.callback(
-        [],
-        metadata=yaml_file,
-        immutable=[],
-        host="127.0.0.1",
-        port=8001,
-        uds=None,
-        reload=False,
-        cors=False,
-        sqlite_extensions=[],
-        inspect_file=None,
-        template_dir=None,
-        plugins_dir=None,
-        static=[],
-        memory=False,
-        config=[],
-        settings=[],
-        secret=None,
-        root=False,
-        default_deny=False,
-        token=None,
-        actor=None,
-        version_note=None,
-        get=None,
-        headers=False,
-        help_settings=False,
-        pdb=False,
-        crossdb=False,
-        nolock=False,
-        open_browser=False,
-        create=False,
-        ssl_keyfile=None,
-        ssl_certfile=None,
-        return_instance=True,
-        internal=None,
-    )
-    client = _TestClient(ds)
-    response = client.get("/.json")
-    assert {"title": "Hello from YAML"} == response.json["metadata"]
-
-
-@mock.patch("datasette.cli.run_module")
-def test_install(run_module):
-    runner = CliRunner()
-    runner.invoke(cli, ["install", "datasette-mock-plugin", "datasette-mock-plugin2"])
-    run_module.assert_called_once_with("pip", run_name="__main__")
-    assert sys.argv == [
-        "pip",
-        "install",
-        "datasette-mock-plugin",
-        "datasette-mock-plugin2",
-    ]
-
-
-@pytest.mark.parametrize("flag", ["-U", "--upgrade"])
-@mock.patch("datasette.cli.run_module")
-def test_install_upgrade(run_module, flag):
-    runner = CliRunner()
-    runner.invoke(cli, ["install", flag, "datasette"])
-    run_module.assert_called_once_with("pip", run_name="__main__")
-    assert sys.argv == ["pip", "install", "--upgrade", "datasette"]
-
-
-@mock.patch("datasette.cli.run_module")
-def test_install_requirements(run_module, tmpdir):
-    path = tmpdir.join("requirements.txt")
-    path.write("datasette-mock-plugin\ndatasette-plugin-2")
-    runner = CliRunner()
-    runner.invoke(cli, ["install", "-r", str(path)])
-    run_module.assert_called_once_with("pip", run_name="__main__")
-    assert sys.argv == ["pip", "install", "-r", str(path)]
-
-
-def test_install_error_if_no_packages():
-    runner = CliRunner()
-    result = runner.invoke(cli, ["install"])
-    assert result.exit_code == 2
-    assert "Error: Please specify at least one package to install" in result.output
-
-
-@mock.patch("datasette.cli.run_module")
-def test_uninstall(run_module):
-    runner = CliRunner()
-    runner.invoke(cli, ["uninstall", "datasette-mock-plugin", "-y"])
-    run_module.assert_called_once_with("pip", run_name="__main__")
-    assert sys.argv == ["pip", "uninstall", "datasette-mock-plugin", "-y"]
-
-
-def test_version():
-    runner = CliRunner()
-    result = runner.invoke(cli, ["--version"])
-    assert result.output == f"cli, version {__version__}\n"
-
-
-@pytest.mark.parametrize("invalid_port", ["-1", "0.5", "dog", "65536"])
-def test_serve_invalid_ports(invalid_port):
-    runner = CliRunner()
-    result = runner.invoke(cli, ["--port", invalid_port])
-    assert result.exit_code == 2
-    assert "Invalid value for '-p'" in result.stderr
-
-
-@pytest.mark.parametrize(
-    "args",
-    (
-        ["--setting", "default_page_size", "5"],
-        ["--setting", "settings.default_page_size", "5"],
-        ["-s", "settings.default_page_size", "5"],
-    ),
-)
-def test_setting(args):
-    runner = CliRunner()
-    result = runner.invoke(cli, ["--get", "/-/settings.json"] + args)
-    assert result.exit_code == 0, result.output
-    settings = json.loads(result.output)
-    assert settings["default_page_size"] == 5
-
-
-def test_setting_compatible_with_config(tmp_path):
-    # https://github.com/simonw/datasette/issues/2389
-    runner = CliRunner()
-    config_path = tmp_path / "config.json"
-    config_path.write_text(
-        '{"settings": {"default_page_size": 5, "sql_time_limit_ms": 50}}', "utf-8"
-    )
-    result = runner.invoke(
-        cli,
-        [
-            "--get",
-            "/-/settings.json",
-            "--config",
-            str(config_path),
-            "--setting",
-            "default_page_size",
-            "10",
-        ],
-    )
-    assert result.exit_code == 0, result.output
-    settings = json.loads(result.output)
-    assert settings["default_page_size"] == 10
-    assert settings["sql_time_limit_ms"] == 50
-
-
-def test_plugin_s_overwrite():
-    runner = CliRunner()
-    plugins_dir = str(pathlib.Path(__file__).parent / "plugins")
-
-    result = runner.invoke(
-        cli,
-        [
-            "--plugins-dir",
-            plugins_dir,
-            "--get",
-            "/_memory/-/query.json?sql=select+prepare_connection_args()",
-        ],
-    )
-    assert result.exit_code == 0, result.output
-    assert (
-        json.loads(result.output).get("rows")[0].get("prepare_connection_args()")
-        == 'database=_memory, datasette.plugin_config("name-of-plugin")=None'
-    )
-
-    result = runner.invoke(
-        cli,
-        [
-            "--plugins-dir",
-            plugins_dir,
-            "--get",
-            "/_memory/-/query.json?sql=select+prepare_connection_args()",
-            "-s",
-            "plugins.name-of-plugin",
-            "OVERRIDE",
-        ],
-    )
-    assert result.exit_code == 0, result.output
-    assert (
-        json.loads(result.output).get("rows")[0].get("prepare_connection_args()")
-        == 'database=_memory, datasette.plugin_config("name-of-plugin")=OVERRIDE'
-    )
-
-
-def test_startup_error_from_plugin_is_click_exception(tmp_path):
-    plugins_dir = tmp_path / "plugins"
-    plugins_dir.mkdir()
-    (plugins_dir / "startup_error.py").write_text(
-        "from datasette import hookimpl\n"
-        "from datasette.utils import StartupError\n"
-        "\n"
-        "@hookimpl\n"
-        "def startup(datasette):\n"
-        '    raise StartupError("boom")\n',
-        "utf-8",
-    )
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "--plugins-dir",
-            str(plugins_dir),
-            "--get",
-            "/",
-        ],
-    )
-    try:
-        assert result.exit_code == 1
-        assert "Error: boom" in result.output
-    finally:
-        # Cleanup: Unregister the plugin to avoid test isolation issues
-        to_unregister = [
-            p for p in pm.get_plugins() if p.__name__ == "startup_error.py"
-        ]
-        if to_unregister:
-            pm.unregister(to_unregister[0])
-
-
-def test_setting_type_validation():
-    runner = CliRunner()
-    result = runner.invoke(cli, ["--setting", "default_page_size", "dog"])
-    assert result.exit_code == 2
-    assert '"settings.default_page_size" should be an integer' in result.output
-
-
-def test_setting_boolean_validation_invalid():
-    """Test that invalid boolean values are rejected"""
-    runner = CliRunner()
-    result = runner.invoke(
-        cli, ["--setting", "default_allow_sql", "invalid", "--get", "/-/settings.json"]
-    )
-    assert result.exit_code == 2
-    assert (
-        '"settings.default_allow_sql" should be on/off/true/false/1/0' in result.output
-    )
-
-
-@pytest.mark.parametrize("value", ("off", "false", "0"))
-def test_setting_boolean_validation_false_values(value):
-    """Test that 'off', 'false', '0' work for boolean settings"""
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "--setting",
-            "default_allow_sql",
-            value,
-            "--get",
-            "/_memory/-/query.json?sql=select+1",
-        ],
-    )
-    # Should be forbidden (setting is false)
-    assert result.exit_code == 1, result.output
-    assert "Forbidden" in result.output
-
-
-@pytest.mark.parametrize("value", ("on", "true", "1"))
-def test_setting_boolean_validation_true_values(value):
-    """Test that 'on', 'true', '1' work for boolean settings"""
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "--setting",
-            "default_allow_sql",
-            value,
-            "--get",
-            "/_memory/-/query.json?sql=select+1&_shape=objects",
-        ],
-    )
-    # Should succeed (setting is true)
-    assert result.exit_code == 0, result.output
-    assert json.loads(result.output)["rows"][0] == {"1": 1}
-
-
-@pytest.mark.parametrize("default_allow_sql", (True, False))
-def test_setting_default_allow_sql(default_allow_sql):
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "--setting",
-            "default_allow_sql",
-            "on" if default_allow_sql else "off",
-            "--get",
-            "/_memory/-/query.json?sql=select+21&_shape=objects",
-        ],
-    )
-    if default_allow_sql:
-        assert result.exit_code == 0, result.output
-        assert json.loads(result.output)["rows"][0] == {"21": 21}
-    else:
-        assert result.exit_code == 1, result.output
-        # This isn't JSON at the moment, maybe it should be though
-        assert "Forbidden" in result.output
-
-
-def test_sql_errors_logged_to_stderr():
-    runner = CliRunner()
-    result = runner.invoke(cli, ["--get", "/_memory/-/query.json?sql=select+blah"])
-    assert result.exit_code == 1
-    assert "sql = 'select blah', params = {}: no such column: blah\n" in result.stderr
-
-
-def test_serve_create(tmpdir):
-    runner = CliRunner()
-    db_path = tmpdir / "does_not_exist_yet.db"
-    assert not db_path.exists()
-    result = runner.invoke(
-        cli, [str(db_path), "--create", "--get", "/-/databases.json"]
-    )
-    assert result.exit_code == 0, result.output
-    databases = json.loads(result.output)
-    assert {
-        "name": "does_not_exist_yet",
-        "is_mutable": True,
-        "is_memory": False,
-        "hash": None,
-    }.items() <= databases[0].items()
-    assert db_path.exists()
-
-
-@pytest.mark.parametrize("argument", ("-c", "--config"))
-@pytest.mark.parametrize("format_", ("json", "yaml"))
-def test_serve_config(tmpdir, argument, format_):
-    config_path = tmpdir / "datasette.{}".format(format_)
-    config_path.write_text(
-        (
-            "settings:\n  default_page_size: 5\n"
-            if format_ == "yaml"
-            else '{"settings": {"default_page_size": 5}}'
-        ),
-        "utf-8",
-    )
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            argument,
-            str(config_path),
-            "--get",
-            "/-/settings.json",
-        ],
-    )
-    assert result.exit_code == 0, result.output
-    assert json.loads(result.output)["default_page_size"] == 5
-
-
-def test_serve_duplicate_database_names(tmpdir):
-    "'datasette db.db nested/db.db' should attach two databases, /db and /db_2"
-    runner = CliRunner()
-    db_1_path = str(tmpdir / "db.db")
-    nested = tmpdir / "nested"
-    nested.mkdir()
-    db_2_path = str(tmpdir / "nested" / "db.db")
-    for path in (db_1_path, db_2_path):
-        conn = sqlite3.connect(path)
-        conn.execute("vacuum")
-        conn.close()
-    result = runner.invoke(cli, [db_1_path, db_2_path, "--get", "/-/databases.json"])
-    assert result.exit_code == 0, result.output
-    databases = json.loads(result.output)
-    assert {db["name"] for db in databases} == {"db", "db_2"}
-
-
-@pytest.mark.parametrize(
-    "filename", ["test-database (1).sqlite", "database (1).sqlite"]
-)
-def test_weird_database_names(tmpdir, filename):
-    # https://github.com/simonw/datasette/issues/1181
-    runner = CliRunner()
-    db_path = str(tmpdir / filename)
-    conn = sqlite3.connect(db_path)
-    conn.execute("vacuum")
-    conn.close()
-    result1 = runner.invoke(cli, [db_path, "--get", "/"])
-    assert result1.exit_code == 0, result1.output
-    filename_no_stem = filename.rsplit(".", 1)[0]
-    expected_link = '<a href="/{}">{}</a>'.format(
-        tilde_encode(filename_no_stem), filename_no_stem
-    )
-    assert expected_link in result1.output
-    # Now try hitting that database page
-    result2 = runner.invoke(
-        cli, [db_path, "--get", "/{}".format(tilde_encode(filename_no_stem))]
-    )
-    assert result2.exit_code == 0, result2.output
-
-
-def test_help_settings():
-    runner = CliRunner()
-    result = runner.invoke(cli, ["--help-settings"])
-    for setting in SETTINGS:
-        assert setting.name in result.output
-
-
-def test_internal_db(tmpdir):
-    runner = CliRunner()
-    internal_path = tmpdir / "internal.db"
-    assert not internal_path.exists()
-    result = runner.invoke(
-        cli, ["--memory", "--internal", str(internal_path), "--get", "/"]
-    )
-    assert result.exit_code == 0
-    assert internal_path.exists()
-
-
-def test_duplicate_database_files_error(tmpdir):
-    """Test that passing the same database file multiple times raises an error"""
-    runner = CliRunner()
-    db_path = str(tmpdir / "test.db")
-    conn = sqlite3.connect(db_path)
-    conn.execute("vacuum")
-    conn.close()
-
-    # Test with exact duplicate
-    result = runner.invoke(cli, ["serve", db_path, db_path, "--get", "/"])
-    assert result.exit_code == 1
-    assert "Duplicate database file" in result.output
-    assert "both refer to" in result.output
-
-    # Test with different paths to same file (relative vs absolute)
-    result2 = runner.invoke(
-        cli, ["serve", db_path, str(pathlib.Path(db_path).resolve()), "--get", "/"]
-    )
-    assert result2.exit_code == 1
-    assert "Duplicate database file" in result2.output
-
-    # Test that a file in the config_dir can't also be passed explicitly
-    config_dir = tmpdir / "config"
-    config_dir.mkdir()
-    config_db_path = str(config_dir / "data.db")
-    conn = sqlite3.connect(config_db_path)
-    conn.execute("vacuum")
-    conn.close()
-
-    result3 = runner.invoke(
-        cli, ["serve", config_db_path, str(config_dir), "--get", "/"]
-    )
-    assert result3.exit_code == 1
-    assert "Duplicate database file" in result3.output
-    assert "both refer to" in result3.output
-
-    # Test that mixing a file NOT in the directory with a directory works fine
-    other_db_path = str(tmpdir / "other.db")
-    conn = sqlite3.connect(other_db_path)
-    conn.execute("vacuum")
-    conn.close()
-
-    result4 = runner.invoke(
-        cli, ["serve", other_db_path, str(config_dir), "--get", "/-/databases.json"]
-    )
-    assert result4.exit_code == 0
-    databases = json.loads(result4.output)
-    assert {db["name"] for db in databases} == {"other", "data"}
-
-    # Test that multiple directories raise an error
-    config_dir2 = tmpdir / "config2"
-    config_dir2.mkdir()
-
-    result5 = runner.invoke(
-        cli, ["serve", str(config_dir), str(config_dir2), "--get", "/"]
-    )
-    assert result5.exit_code == 1
-    assert "Cannot pass multiple directories" in result5.output
+    assert "trying to load a SpatiaLite database" in result.output
diff --git a/tests/test_cli_serve_get.py b/tests/test_cli_serve_get.py
deleted file mode 100644
index dc852201..00000000
--- a/tests/test_cli_serve_get.py
+++ /dev/null
@@ -1,137 +0,0 @@
-from datasette.cli import cli
-from datasette.plugins import pm
-from click.testing import CliRunner
-import textwrap
-import json
-
-
-def test_serve_with_get(tmp_path_factory):
-    plugins_dir = tmp_path_factory.mktemp("plugins_for_serve_with_get")
-    (plugins_dir / "init_for_serve_with_get.py").write_text(
-        textwrap.dedent(
-            """
-        from datasette import hookimpl
-
-        @hookimpl
-        def startup(datasette):
-            with open("{}", "w") as fp:
-                fp.write("hello")
-    """.format(str(plugins_dir / "hello.txt")),
-        ),
-        "utf-8",
-    )
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--memory",
-            "--plugins-dir",
-            str(plugins_dir),
-            "--get",
-            "/_memory/-/query.json?sql=select+sqlite_version()",
-        ],
-    )
-    assert result.exit_code == 0, result.output
-    data = json.loads(result.output)
-    # Should have a single row with a single column
-    assert len(data["rows"]) == 1
-    assert list(data["rows"][0].keys()) == ["sqlite_version()"]
-    assert set(data.keys()) == {"rows", "ok", "truncated"}
-
-    # The plugin should have created hello.txt
-    assert (plugins_dir / "hello.txt").read_text() == "hello"
-
-    # Annoyingly that new test plugin stays resident - we need
-    # to manually unregister it to avoid conflict with other tests
-    to_unregister = [
-        p for p in pm.get_plugins() if p.__name__ == "init_for_serve_with_get.py"
-    ][0]
-    pm.unregister(to_unregister)
-
-
-def test_serve_with_get_headers():
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--memory",
-            "--get",
-            "/_memory/",
-            "--headers",
-        ],
-    )
-    # exit_code is 1 because it wasn't a 200 response
-    assert result.exit_code == 1, result.output
-    lines = result.output.splitlines()
-    assert lines and lines[0] == "HTTP/1.1 302"
-    assert "location: /_memory" in lines
-    assert "content-type: text/html; charset=utf-8" in lines
-
-
-def test_serve_with_get_and_token():
-    runner = CliRunner()
-    result1 = runner.invoke(
-        cli,
-        [
-            "create-token",
-            "--secret",
-            "sekrit",
-            "root",
-        ],
-    )
-    token = result1.output.strip()
-    result2 = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--secret",
-            "sekrit",
-            "--get",
-            "/-/actor.json",
-            "--token",
-            token,
-        ],
-    )
-    assert 0 == result2.exit_code, result2.output
-    assert json.loads(result2.output) == {"actor": {"id": "root", "token": "dstok"}}
-
-
-def test_serve_with_get_exit_code_for_error():
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--memory",
-            "--get",
-            "/this-is-404",
-        ],
-        catch_exceptions=False,
-    )
-    assert result.exit_code == 1
-    assert "404" in result.output
-
-
-def test_serve_get_actor():
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--memory",
-            "--get",
-            "/-/actor.json",
-            "--actor",
-            '{"id": "root", "extra": "x"}',
-        ],
-        catch_exceptions=False,
-    )
-    assert result.exit_code == 0
-    assert json.loads(result.output) == {
-        "actor": {
-            "id": "root",
-            "extra": "x",
-        }
-    }
diff --git a/tests/test_cli_serve_server.py b/tests/test_cli_serve_server.py
deleted file mode 100644
index 47f23c08..00000000
--- a/tests/test_cli_serve_server.py
+++ /dev/null
@@ -1,29 +0,0 @@
-import httpx
-import pytest
-import socket
-
-
-@pytest.mark.serial
-def test_serve_localhost_http(ds_localhost_http_server):
-    response = httpx.get("http://localhost:8041/_memory.json")
-    assert {
-        "database": "_memory",
-        "path": "/_memory",
-        "tables": [],
-    }.items() <= response.json().items()
-
-
-@pytest.mark.serial
-@pytest.mark.skipif(
-    not hasattr(socket, "AF_UNIX"), reason="Requires socket.AF_UNIX support"
-)
-def test_serve_unix_domain_socket(ds_unix_domain_socket_server):
-    _, uds = ds_unix_domain_socket_server
-    transport = httpx.HTTPTransport(uds=uds)
-    client = httpx.Client(transport=transport)
-    response = client.get("http://localhost/_memory.json")
-    assert {
-        "database": "_memory",
-        "path": "/_memory",
-        "tables": [],
-    }.items() <= response.json().items()
diff --git a/tests/test_column_types.py b/tests/test_column_types.py
deleted file mode 100644
index 45a9e7d1..00000000
--- a/tests/test_column_types.py
+++ /dev/null
@@ -1,1125 +0,0 @@
-import json
-import logging
-
-from bs4 import BeautifulSoup as Soup
-from datasette.app import Datasette
-from datasette.column_types import (
-    ColumnType,
-    SQLiteType,
-)
-from datasette.hookspecs import hookimpl
-from datasette.plugins import pm
-from datasette.utils import sqlite3
-from datasette.utils import StartupError
-import markupsafe
-import pytest
-import time
-
-
-@pytest.fixture
-def ds_ct(tmp_path_factory):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute(
-        "create table posts (id integer primary key, title text, body text, "
-        "author_email text, website text, metadata text)"
-    )
-    db.execute(
-        "insert into posts values (1, 'Hello', '# World', 'test@example.com', "
-        "'https://example.com', '{\"key\": \"value\"}')"
-    )
-    db.commit()
-    ds = Datasette(
-        [db_path],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "posts": {
-                            "column_types": {
-                                "body": "markdown",
-                                "author_email": "email",
-                                "website": "url",
-                                "metadata": "json",
-                            }
-                        }
-                    }
-                }
-            }
-        },
-    )
-    ds.root_enabled = True
-    yield ds
-    ds.close()
-
-
-@pytest.fixture
-def ds_ct_editor_permission(tmp_path_factory):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute(
-        "create table posts (id integer primary key, title text, body text, "
-        "author_email text, website text, metadata text)"
-    )
-    db.execute(
-        "insert into posts values (1, 'Hello', '# World', 'test@example.com', "
-        "'https://example.com', '{\"key\": \"value\"}')"
-    )
-    db.commit()
-    ds = Datasette(
-        [db_path],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "posts": {
-                            "permissions": {"set-column-type": {"id": "editor"}},
-                            "column_types": {
-                                "body": "markdown",
-                                "author_email": "email",
-                                "website": "url",
-                                "metadata": "json",
-                            },
-                        }
-                    }
-                }
-            }
-        },
-    )
-    ds.root_enabled = True
-    yield ds
-    ds.close()
-
-
-def write_token(ds, actor_id="root", permissions=None):
-    to_sign = {"a": actor_id, "token": "dstok", "t": int(time.time())}
-    if permissions:
-        to_sign["_r"] = {"a": permissions}
-    return "dstok_{}".format(ds.sign(to_sign, namespace="token"))
-
-
-def _headers(token):
-    return {
-        "Authorization": "Bearer {}".format(token),
-        "Content-Type": "application/json",
-    }
-
-
-def _window_data_from_html(html, variable_name):
-    soup = Soup(html, "html.parser")
-    scripts = soup.find_all("script")
-    matching_scripts = [
-        script for script in scripts if variable_name in (script.string or "")
-    ]
-    assert len(matching_scripts) == 1
-    script_text = matching_scripts[0].string.strip()
-    prefix = f"window.{variable_name} = "
-    assert script_text.startswith(prefix)
-    return json.loads(script_text[len(prefix) :].rstrip(";"))
-
-
-# --- Internal DB and config loading ---
-
-
-@pytest.mark.asyncio
-async def test_column_types_table_created(ds_ct):
-    await ds_ct.invoke_startup()
-    internal = ds_ct.get_internal_database()
-    result = await internal.execute(
-        "SELECT name FROM sqlite_master WHERE type='table' AND name='column_types'"
-    )
-    assert len(result.rows) == 1
-
-
-@pytest.mark.asyncio
-async def test_config_loaded_into_internal_db(ds_ct):
-    await ds_ct.invoke_startup()
-    ct_map = await ds_ct.get_column_types("data", "posts")
-    # "markdown" is not a registered type, so it won't appear
-    assert "body" not in ct_map
-    assert ct_map["author_email"].name == "email"
-    assert ct_map["author_email"].config is None
-    assert ct_map["website"].name == "url"
-    assert ct_map["metadata"].name == "json"
-
-
-@pytest.mark.asyncio
-async def test_config_with_type_and_config(tmp_path_factory):
-    class PointColumnType(ColumnType):
-        name = "point"
-        description = "Geographic point"
-
-    class _Plugin:
-        @hookimpl
-        def register_column_types(self, datasette):
-            return [PointColumnType]
-
-    plugin = _Plugin()
-    pm.register(plugin, name="test_point_ct")
-    try:
-        db_directory = tmp_path_factory.mktemp("dbs")
-        db_path = str(db_directory / "data.db")
-        db = sqlite3.connect(str(db_path))
-        db.execute("vacuum")
-        db.execute("create table geo (id integer primary key, location text)")
-        ds = Datasette(
-            [db_path],
-            config={
-                "databases": {
-                    "data": {
-                        "tables": {
-                            "geo": {
-                                "column_types": {
-                                    "location": {
-                                        "type": "point",
-                                        "config": {"srid": 4326},
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
-            },
-        )
-        await ds.invoke_startup()
-        ct = await ds.get_column_type("data", "geo", "location")
-        assert ct.name == "point"
-        assert ct.config == {"srid": 4326}
-        db.close()
-        for database in ds.databases.values():
-            if not database.is_memory:
-                database.close()
-    finally:
-        pm.unregister(plugin, name="test_point_ct")
-
-
-# --- Datasette API methods ---
-
-
-@pytest.mark.asyncio
-async def test_get_column_type(ds_ct):
-    await ds_ct.invoke_startup()
-    ct = await ds_ct.get_column_type("data", "posts", "author_email")
-    assert isinstance(ct, ColumnType)
-    assert ct.name == "email"
-    assert ct.config is None
-
-
-@pytest.mark.asyncio
-async def test_get_column_type_missing(ds_ct):
-    await ds_ct.invoke_startup()
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct is None
-
-
-@pytest.mark.asyncio
-async def test_set_and_remove_column_type(ds_ct):
-    await ds_ct.invoke_startup()
-    await ds_ct.set_column_type("data", "posts", "title", "email")
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct.name == "email"
-    assert ct.config is None
-
-    await ds_ct.remove_column_type("data", "posts", "title")
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct is None
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_with_config(ds_ct):
-    await ds_ct.invoke_startup()
-    await ds_ct.set_column_type("data", "posts", "title", "url", {"max_length": 200})
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct.name == "url"
-    assert ct.config == {"max_length": 200}
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_api(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct, permissions=["sct"])
-    response = await ds_ct.client.post(
-        "/data/posts/-/set-column-type",
-        json={"column": "title", "column_type": {"type": "email"}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 200
-    assert response.json() == {
-        "ok": True,
-        "database": "data",
-        "table": "posts",
-        "column": "title",
-        "column_type": {"type": "email", "config": None},
-    }
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct.name == "email"
-    assert ct.config is None
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_api_with_config(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct, permissions=["sct"])
-    response = await ds_ct.client.post(
-        "/data/posts/-/set-column-type",
-        json={
-            "column": "title",
-            "column_type": {"type": "url", "config": {"max_length": 200}},
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 200
-    assert response.json()["column_type"] == {
-        "type": "url",
-        "config": {"max_length": 200},
-    }
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct.name == "url"
-    assert ct.config == {"max_length": 200}
-
-
-@pytest.mark.asyncio
-async def test_clear_column_type_api(ds_ct):
-    await ds_ct.invoke_startup()
-    await ds_ct.set_column_type("data", "posts", "title", "email")
-    token = write_token(ds_ct, permissions=["sct"])
-    response = await ds_ct.client.post(
-        "/data/posts/-/set-column-type",
-        json={"column": "title", "column_type": None},
-        headers=_headers(token),
-    )
-    assert response.status_code == 200
-    assert response.json() == {
-        "ok": True,
-        "database": "data",
-        "table": "posts",
-        "column": "title",
-        "column_type": None,
-    }
-    ct = await ds_ct.get_column_type("data", "posts", "title")
-    assert ct is None
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "body,special_case,expected_status,expected_errors",
-    (
-        (
-            {"column": "title", "column_type": {"type": "email"}},
-            "no_permission",
-            403,
-            ["Permission denied"],
-        ),
-        (
-            None,
-            "invalid_json",
-            400,
-            [
-                "Invalid JSON: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)"
-            ],
-        ),
-        (
-            {"column": "title", "column_type": {"type": "email"}},
-            "invalid_content_type",
-            400,
-            ["Invalid content-type, must be application/json"],
-        ),
-        (
-            [],
-            None,
-            400,
-            ["JSON must be a dictionary"],
-        ),
-        (
-            {"column_type": {"type": "email"}},
-            None,
-            400,
-            ['"column" is required'],
-        ),
-        (
-            {"column": 1, "column_type": {"type": "email"}},
-            None,
-            400,
-            ['"column" must be a string'],
-        ),
-        (
-            {"column": "not_a_column", "column_type": {"type": "email"}},
-            None,
-            400,
-            ["Column not found: not_a_column"],
-        ),
-        (
-            {"column": "title", "column_type": "email"},
-            None,
-            400,
-            ['"column_type" must be an object or null'],
-        ),
-        (
-            {"column": "title", "column_type": {}},
-            None,
-            400,
-            ['"column_type.type" is required'],
-        ),
-        (
-            {"column": "title", "column_type": {"type": 1}},
-            None,
-            400,
-            ['"column_type.type" must be a string'],
-        ),
-        (
-            {"column": "title", "column_type": {"type": "url", "config": []}},
-            None,
-            400,
-            ['"column_type.config" must be a dictionary'],
-        ),
-        (
-            {"column": "title", "column_type": {"type": "markdown"}},
-            None,
-            400,
-            ["Unknown column type: markdown"],
-        ),
-        (
-            {"column": "id", "column_type": {"type": "json"}},
-            None,
-            400,
-            [
-                "Column type 'json' is only applicable to SQLite types TEXT but data.posts.id has SQLite type INTEGER"
-            ],
-        ),
-        (
-            {
-                "column": "title",
-                "column_type": {"type": "email"},
-                "extra": True,
-            },
-            None,
-            400,
-            ['Invalid parameter: "extra"'],
-        ),
-    ),
-)
-async def test_set_column_type_api_errors(
-    ds_ct, body, special_case, expected_status, expected_errors
-):
-    await ds_ct.invoke_startup()
-    token = write_token(
-        ds_ct,
-        permissions=(["sct"] if special_case != "no_permission" else ["vi"]),
-    )
-    kwargs = {
-        "headers": {
-            "Authorization": f"Bearer {token}",
-            "Content-Type": (
-                "text/plain"
-                if special_case == "invalid_content_type"
-                else "application/json"
-            ),
-        }
-    }
-    if special_case == "invalid_json":
-        kwargs["content"] = "{bad json"
-    else:
-        kwargs["json"] = body
-    response = await ds_ct.client.post("/data/posts/-/set-column-type", **kwargs)
-    assert response.status_code == expected_status
-    assert response.json() == {"ok": False, "errors": expected_errors}
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_api_works_for_immutable_database(tmp_path_factory):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "immutable.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute("create table posts (id integer primary key, title text)")
-    db.commit()
-    ds = Datasette([], immutables=[db_path])
-    ds.root_enabled = True
-    try:
-        await ds.invoke_startup()
-        token = write_token(ds, permissions=["sct"])
-        response = await ds.client.post(
-            "/immutable/posts/-/set-column-type",
-            json={"column": "title", "column_type": {"type": "email"}},
-            headers=_headers(token),
-        )
-        assert response.status_code == 200
-        assert response.json()["column_type"] == {"type": "email", "config": None}
-        ct = await ds.get_column_type("immutable", "posts", "title")
-        assert ct.name == "email"
-    finally:
-        db.close()
-        for database in ds.databases.values():
-            if not database.is_memory:
-                database.close()
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_rejects_incompatible_sqlite_type(ds_ct):
-    await ds_ct.invoke_startup()
-    with pytest.raises(ValueError, match="only applicable to SQLite types TEXT"):
-        await ds_ct.set_column_type("data", "posts", "id", "json")
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_allows_varchar_for_text_only_type(tmp_path_factory):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute("create table links (id integer primary key, url varchar(255))")
-    db.commit()
-    ds = Datasette([db_path])
-    await ds.invoke_startup()
-    await ds.set_column_type("data", "links", "url", "url")
-    ct = await ds.get_column_type("data", "links", "url")
-    assert ct.name == "url"
-    db.close()
-    for database in ds.databases.values():
-        if not database.is_memory:
-            database.close()
-
-
-# --- Plugin registration ---
-
-
-@pytest.mark.asyncio
-async def test_builtin_column_types_registered(ds_ct):
-    """register_column_types returns classes; _column_types stores them by name."""
-    await ds_ct.invoke_startup()
-    assert "url" in ds_ct._column_types
-    assert "email" in ds_ct._column_types
-    assert "json" in ds_ct._column_types
-    assert "textarea" in ds_ct._column_types
-    assert "nonexistent" not in ds_ct._column_types
-
-
-@pytest.mark.asyncio
-async def test_column_type_class_attributes(ds_ct):
-    await ds_ct.invoke_startup()
-    url_cls = ds_ct._column_types["url"]
-    assert url_cls.name == "url"
-    assert url_cls.description == "URL"
-    assert url_cls.sqlite_types == (SQLiteType.TEXT,)
-    email_cls = ds_ct._column_types["email"]
-    assert email_cls.name == "email"
-    assert email_cls.description == "Email address"
-    assert email_cls.sqlite_types == (SQLiteType.TEXT,)
-    json_cls = ds_ct._column_types["json"]
-    assert json_cls.sqlite_types == (SQLiteType.TEXT,)
-    textarea_cls = ds_ct._column_types["textarea"]
-    assert textarea_cls.name == "textarea"
-    assert textarea_cls.description == "Multiline text"
-    assert textarea_cls.sqlite_types == (SQLiteType.TEXT,)
-
-
-def test_sqlite_type_from_declared_type():
-    assert SQLiteType.from_declared_type(None) == SQLiteType.BLOB
-    assert SQLiteType.from_declared_type("text") == SQLiteType.TEXT
-    assert SQLiteType.from_declared_type("varchar(255)") == SQLiteType.TEXT
-    assert SQLiteType.from_declared_type("integer") == SQLiteType.INTEGER
-    assert SQLiteType.from_declared_type("float") == SQLiteType.REAL
-    assert SQLiteType.from_declared_type("blob") == SQLiteType.BLOB
-    assert SQLiteType.from_declared_type("") == SQLiteType.BLOB
-    assert SQLiteType.from_declared_type("numeric") == SQLiteType.NUMERIC
-    assert SQLiteType.from_declared_type("decimal(10,5)") == SQLiteType.NUMERIC
-    assert SQLiteType.from_declared_type("boolean") == SQLiteType.NUMERIC
-    assert SQLiteType.from_declared_type("date") == SQLiteType.NUMERIC
-    assert SQLiteType.from_declared_type("null") == SQLiteType.NUMERIC
-
-
-# --- JSON API ---
-
-
-@pytest.mark.asyncio
-async def test_column_types_extra(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts.json?_extra=column_types")
-    assert response.status_code == 200
-    data = response.json()
-    assert "column_types" in data
-    assert data["column_types"]["author_email"] == {"type": "email", "config": None}
-    assert data["column_types"]["website"] == {"type": "url", "config": None}
-    assert data["column_types"]["metadata"] == {"type": "json", "config": None}
-    # "markdown" is not a registered type, so body should not appear
-    assert "body" not in data["column_types"]
-    # title has no column type, should not appear
-    assert "title" not in data["column_types"]
-
-
-@pytest.mark.asyncio
-async def test_display_columns_include_column_type(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts.json?_extra=display_columns")
-    assert response.status_code == 200
-    data = response.json()
-    cols = {c["name"]: c for c in data["display_columns"]}
-    assert cols["author_email"]["column_type"] == "email"
-    assert cols["author_email"]["column_type_config"] is None
-    assert cols["website"]["column_type"] == "url"
-    assert cols["title"]["column_type"] is None
-
-
-# --- Rendering ---
-
-
-@pytest.mark.asyncio
-async def test_url_render_cell(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts.json?_extra=render_cell")
-    assert response.status_code == 200
-    data = response.json()
-    rendered = data["render_cell"][0]
-    assert "href" in rendered["website"]
-    assert "https://example.com" in rendered["website"]
-
-
-@pytest.mark.asyncio
-async def test_email_render_cell(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts.json?_extra=render_cell")
-    assert response.status_code == 200
-    data = response.json()
-    rendered = data["render_cell"][0]
-    assert "mailto:" in rendered["author_email"]
-    assert "test@example.com" in rendered["author_email"]
-
-
-@pytest.mark.asyncio
-async def test_json_render_cell(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts.json?_extra=render_cell")
-    assert response.status_code == 200
-    data = response.json()
-    rendered = data["render_cell"][0]
-    assert "<pre>" in rendered["metadata"]
-
-
-# --- Validation ---
-
-
-@pytest.mark.asyncio
-async def test_email_validation_on_insert(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/insert",
-        json={"row": {"title": "Test", "author_email": "not-an-email"}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert "author_email" in response.json()["errors"][0]
-
-
-@pytest.mark.asyncio
-async def test_email_validation_passes_valid(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/insert",
-        json={"row": {"title": "Test", "author_email": "valid@example.com"}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-
-@pytest.mark.asyncio
-async def test_url_validation_on_insert(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/insert",
-        json={"row": {"title": "Test", "website": "not-a-url"}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert "website" in response.json()["errors"][0]
-
-
-@pytest.mark.asyncio
-async def test_json_validation_on_insert(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/insert",
-        json={"row": {"title": "Test", "metadata": "not-json{"}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert "metadata" in response.json()["errors"][0]
-
-
-@pytest.mark.asyncio
-async def test_validation_on_update(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/1/-/update",
-        json={"update": {"author_email": "invalid"}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert "author_email" in response.json()["errors"][0]
-
-
-@pytest.mark.asyncio
-async def test_validation_allows_null(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/insert",
-        json={"row": {"title": "Test", "author_email": None}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-
-@pytest.mark.asyncio
-async def test_validation_allows_empty_string(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/insert",
-        json={"row": {"title": "Test", "author_email": ""}},
-        headers=_headers(token),
-    )
-    assert response.status_code == 201
-
-
-# --- ColumnType base class ---
-
-
-@pytest.mark.asyncio
-async def test_column_type_base_defaults():
-    class TestType(ColumnType):
-        name = "test"
-        description = "Test type"
-
-    ct = TestType()
-    assert ct.config is None
-    assert await ct.render_cell("val", "col", "tbl", "db", None, None) is None
-    assert await ct.validate("val", None) is None
-    assert await ct.transform_value("val", None) == "val"
-
-
-# --- render_cell extra with column types ---
-
-
-@pytest.mark.asyncio
-async def test_render_cell_extra_with_column_types(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts.json?_extra=render_cell")
-    assert response.status_code == 200
-    data = response.json()
-    rendered = data["render_cell"][0]
-    assert "mailto:" in rendered["author_email"]
-    assert "href" in rendered["website"]
-
-
-# --- Duplicate column type name ---
-
-
-@pytest.mark.asyncio
-async def test_duplicate_column_type_name_raises_error():
-    class DuplicateUrlType(ColumnType):
-        name = "url"
-        description = "Duplicate URL"
-
-        async def render_cell(self, value, column, table, database, datasette, request):
-            return None
-
-    class _Plugin:
-        @hookimpl
-        def register_column_types(self, datasette):
-            return [DuplicateUrlType]
-
-    plugin = _Plugin()
-    pm.register(plugin, name="test_duplicate_ct")
-    try:
-        ds = Datasette()
-        with pytest.raises(StartupError, match="Duplicate column type name: url"):
-            await ds.invoke_startup()
-    finally:
-        pm.unregister(plugin, name="test_duplicate_ct")
-
-
-# --- Row endpoint ---
-
-
-@pytest.mark.asyncio
-async def test_row_endpoint_render_cell_with_column_types(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts/1.json?_extra=render_cell")
-    assert response.status_code == 200
-    data = response.json()
-    rendered = data["render_cell"][0]
-    assert "mailto:" in rendered["author_email"]
-    assert "href" in rendered["website"]
-
-
-# --- transform_value in JSON output ---
-
-
-@pytest.mark.asyncio
-async def test_transform_value_in_json_output(tmp_path_factory):
-    """A column type with transform_value should modify rows in JSON API."""
-
-    class UpperColumnType(ColumnType):
-        name = "upper"
-        description = "Uppercase"
-
-        async def transform_value(self, value, datasette):
-            if isinstance(value, str):
-                return value.upper()
-            return value
-
-    class _Plugin:
-        @hookimpl
-        def register_column_types(self, datasette):
-            return [UpperColumnType]
-
-    plugin = _Plugin()
-    pm.register(plugin, name="test_transform_ct")
-    try:
-        db_directory = tmp_path_factory.mktemp("dbs")
-        db_path = str(db_directory / "data.db")
-        db = sqlite3.connect(str(db_path))
-        db.execute("vacuum")
-        db.execute("create table t (id integer primary key, name text)")
-        db.execute("insert into t values (1, 'hello')")
-        db.commit()
-        ds = Datasette(
-            [db_path],
-            config={
-                "databases": {
-                    "data": {"tables": {"t": {"column_types": {"name": "upper"}}}}
-                }
-            },
-        )
-        await ds.invoke_startup()
-        response = await ds.client.get("/data/t.json")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["rows"][0]["name"] == "HELLO"
-        db.close()
-        for database in ds.databases.values():
-            if not database.is_memory:
-                database.close()
-    finally:
-        pm.unregister(plugin, name="test_transform_ct")
-
-
-# --- Column type priority over plugins ---
-
-
-@pytest.mark.asyncio
-async def test_column_type_render_cell_has_priority_over_plugins(tmp_path_factory):
-    """Column type render_cell should take priority over render_cell plugin hook."""
-
-    class PriorityColumnType(ColumnType):
-        name = "priority_test"
-        description = "Priority test"
-
-        async def render_cell(self, value, column, table, database, datasette, request):
-            if value is not None:
-                return markupsafe.Markup(
-                    f"<b>COLUMN_TYPE:{markupsafe.escape(value)}</b>"
-                )
-            return None
-
-    class _ColumnTypePlugin:
-        @hookimpl
-        def register_column_types(self, datasette):
-            return [PriorityColumnType]
-
-    class _RenderCellPlugin:
-        @hookimpl
-        def render_cell(
-            self,
-            row,
-            value,
-            column,
-            table,
-            pks,
-            database,
-            datasette,
-            request,
-            column_type,
-        ):
-            if column == "name":
-                return markupsafe.Markup(f"<i>PLUGIN:{markupsafe.escape(value)}</i>")
-
-    ct_plugin = _ColumnTypePlugin()
-    rc_plugin = _RenderCellPlugin()
-    pm.register(ct_plugin, name="test_priority_ct")
-    pm.register(rc_plugin, name="test_priority_render")
-    try:
-        db_directory = tmp_path_factory.mktemp("dbs")
-        db_path = str(db_directory / "data.db")
-        db = sqlite3.connect(str(db_path))
-        db.execute("vacuum")
-        db.execute("create table t (id integer primary key, name text)")
-        db.execute("insert into t values (1, 'hello')")
-        db.commit()
-        ds = Datasette(
-            [db_path],
-            config={
-                "databases": {
-                    "data": {
-                        "tables": {"t": {"column_types": {"name": "priority_test"}}}
-                    }
-                }
-            },
-        )
-        await ds.invoke_startup()
-        response = await ds.client.get("/data/t.json?_extra=render_cell")
-        assert response.status_code == 200
-        data = response.json()
-        rendered = data["render_cell"][0]
-        # Column type should win over the plugin
-        assert "COLUMN_TYPE:" in rendered["name"]
-        assert "PLUGIN:" not in rendered["name"]
-        db.close()
-        for database in ds.databases.values():
-            if not database.is_memory:
-                database.close()
-    finally:
-        pm.unregister(ct_plugin, name="test_priority_ct")
-        pm.unregister(rc_plugin, name="test_priority_render")
-
-
-# --- Row detail page rendering ---
-
-
-@pytest.mark.asyncio
-async def test_row_detail_page_html_rendering(ds_ct):
-    """Row detail HTML page should use column type rendering."""
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts/1")
-    assert response.status_code == 200
-    html = response.text
-    # The email column should be rendered with mailto: link
-    assert "mailto:test@example.com" in html
-    # The url column should be rendered with href
-    assert 'href="https://example.com"' in html
-
-
-# --- HTML table page rendering ---
-
-
-@pytest.mark.asyncio
-async def test_html_table_page_rendering(ds_ct):
-    """HTML table page should use column type rendering."""
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts")
-    assert response.status_code == 200
-    html = response.text
-    assert "mailto:test@example.com" in html
-    assert 'href="https://example.com"' in html
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_ui_data_hidden_without_permission(ds_ct):
-    await ds_ct.invoke_startup()
-    response = await ds_ct.client.get("/data/posts")
-    assert response.status_code == 200
-    assert "window._setColumnTypeData" not in response.text
-
-
-@pytest.mark.asyncio
-async def test_set_column_type_ui_data_includes_applicable_types(
-    ds_ct_editor_permission,
-):
-    await ds_ct_editor_permission.invoke_startup()
-    response = await ds_ct_editor_permission.client.get(
-        "/data/posts",
-        actor={"id": "editor"},
-    )
-    assert response.status_code == 200
-    data = _window_data_from_html(response.text, "_setColumnTypeData")
-    assert data["path"] == "/data/posts/-/set-column-type"
-    assert data["columns"]["id"] == {
-        "current": None,
-        "options": [],
-    }
-    assert data["columns"]["title"] == {
-        "current": None,
-        "options": [
-            {"name": "email", "description": "Email address"},
-            {"name": "json", "description": "JSON data"},
-            {"name": "textarea", "description": "Multiline text"},
-            {"name": "url", "description": "URL"},
-        ],
-    }
-    assert data["columns"]["author_email"] == {
-        "current": {"type": "email", "config": None},
-        "options": [
-            {"name": "email", "description": "Email address"},
-            {"name": "json", "description": "JSON data"},
-            {"name": "textarea", "description": "Multiline text"},
-            {"name": "url", "description": "URL"},
-        ],
-    }
-
-
-# --- Validation on upsert ---
-
-
-@pytest.mark.asyncio
-async def test_validation_on_upsert(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/upsert",
-        json={
-            "rows": [{"id": 1, "title": "Updated", "author_email": "invalid"}],
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 400
-    assert "author_email" in response.json()["errors"][0]
-
-
-@pytest.mark.asyncio
-async def test_validation_on_upsert_passes_valid(ds_ct):
-    await ds_ct.invoke_startup()
-    token = write_token(ds_ct)
-    response = await ds_ct.client.post(
-        "/data/posts/-/upsert",
-        json={
-            "rows": [{"id": 1, "title": "Updated", "author_email": "valid@test.com"}],
-        },
-        headers=_headers(token),
-    )
-    assert response.status_code == 200
-
-
-# --- Unknown type warning logged ---
-
-
-@pytest.mark.asyncio
-async def test_unknown_type_warning_logged(tmp_path_factory, caplog):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute("create table t (id integer primary key, col text)")
-    db.commit()
-    ds = Datasette(
-        [db_path],
-        config={
-            "databases": {
-                "data": {"tables": {"t": {"column_types": {"col": "nonexistent_type"}}}}
-            }
-        },
-    )
-    with caplog.at_level(logging.WARNING):
-        await ds.invoke_startup()
-    assert "unknown type" in caplog.text.lower()
-    assert "nonexistent_type" in caplog.text
-    db.close()
-    for database in ds.databases.values():
-        if not database.is_memory:
-            database.close()
-
-
-@pytest.mark.asyncio
-async def test_incompatible_sqlite_type_warning_logged(tmp_path_factory, caplog):
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute("create table t (id integer primary key, col integer)")
-    db.commit()
-    ds = Datasette(
-        [db_path],
-        config={
-            "databases": {"data": {"tables": {"t": {"column_types": {"col": "json"}}}}}
-        },
-    )
-    with caplog.at_level(logging.WARNING):
-        await ds.invoke_startup()
-    assert "only applicable to sqlite types text" in caplog.text.lower()
-    assert await ds.get_column_type("data", "t", "col") is None
-    db.close()
-    for database in ds.databases.values():
-        if not database.is_memory:
-            database.close()
-
-
-# --- Config overwrites on restart ---
-
-
-@pytest.mark.asyncio
-async def test_config_overwrites_on_restart(tmp_path_factory):
-    """Config values should overwrite any existing column types in internal DB on startup."""
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute("create table t (id integer primary key, col text)")
-    db.commit()
-    ds = Datasette(
-        [db_path],
-        config={
-            "databases": {"data": {"tables": {"t": {"column_types": {"col": "email"}}}}}
-        },
-    )
-    await ds.invoke_startup()
-    ct = await ds.get_column_type("data", "t", "col")
-    assert ct.name == "email"
-
-    # Manually change the column type in the internal DB
-    await ds.set_column_type("data", "t", "col", "url")
-    ct = await ds.get_column_type("data", "t", "col")
-    assert ct.name == "url"
-
-    # Re-apply config (simulating what happens on restart)
-    await ds._apply_column_types_config()
-    ct = await ds.get_column_type("data", "t", "col")
-    assert ct.name == "email"  # Config wins
-
-    db.close()
-    for database in ds.databases.values():
-        if not database.is_memory:
-            database.close()
-
-
-# --- No column_types in config ---
-
-
-@pytest.mark.asyncio
-async def test_no_column_types_in_config(tmp_path_factory):
-    """Datasette should work fine without any column_types configuration."""
-    db_directory = tmp_path_factory.mktemp("dbs")
-    db_path = str(db_directory / "data.db")
-    db = sqlite3.connect(str(db_path))
-    db.execute("vacuum")
-    db.execute("create table t (id integer primary key, col text)")
-    db.execute("insert into t values (1, 'hello')")
-    db.commit()
-    ds = Datasette([db_path])
-    await ds.invoke_startup()
-
-    # No column types assigned
-    ct_map = await ds.get_column_types("data", "t")
-    assert ct_map == {}
-
-    # JSON endpoint should work without column_types extra
-    response = await ds.client.get("/data/t.json")
-    assert response.status_code == 200
-    assert response.json()["rows"][0]["col"] == "hello"
-
-    # column_types extra should return empty
-    response = await ds.client.get("/data/t.json?_extra=column_types")
-    assert response.status_code == 200
-    assert response.json()["column_types"] == {}
-
-    db.close()
-    for database in ds.databases.values():
-        if not database.is_memory:
-            database.close()
diff --git a/tests/test_config_dir.py b/tests/test_config_dir.py
deleted file mode 100644
index 0a9b30d8..00000000
--- a/tests/test_config_dir.py
+++ /dev/null
@@ -1,152 +0,0 @@
-import json
-import pathlib
-import pytest
-
-from datasette.app import Datasette
-from datasette.utils.sqlite import sqlite3
-from datasette.utils import StartupError
-from .fixtures import TestClient as _TestClient
-
-PLUGIN = """
-from datasette import hookimpl
-
-@hookimpl
-def extra_template_vars():
-    return {
-        "from_plugin": "hooray"
-    }
-"""
-METADATA = {"title": "This is from metadata"}
-CONFIG = {
-    "settings": {
-        "default_cache_ttl": 60,
-    }
-}
-CSS = """
-body { margin-top: 3em}
-"""
-
-
-@pytest.fixture(scope="session")
-def config_dir(tmp_path_factory):
-    config_dir = tmp_path_factory.mktemp("config-dir")
-    plugins_dir = config_dir / "plugins"
-    plugins_dir.mkdir()
-    (plugins_dir / "hooray.py").write_text(PLUGIN, "utf-8")
-    (plugins_dir / "non_py_file.txt").write_text(PLUGIN, "utf-8")
-    (plugins_dir / ".mypy_cache").mkdir()
-
-    templates_dir = config_dir / "templates"
-    templates_dir.mkdir()
-    (templates_dir / "row.html").write_text(
-        "Show row here. Plugin says {{ from_plugin }}", "utf-8"
-    )
-
-    static_dir = config_dir / "static"
-    static_dir.mkdir()
-    (static_dir / "hello.css").write_text(CSS, "utf-8")
-
-    (config_dir / "metadata.json").write_text(json.dumps(METADATA), "utf-8")
-    (config_dir / "datasette.json").write_text(json.dumps(CONFIG), "utf-8")
-
-    for dbname in ("demo.db", "immutable.db", "j.sqlite3", "k.sqlite"):
-        db = sqlite3.connect(str(config_dir / dbname))
-        db.executescript("""
-        CREATE TABLE cities (
-            id integer primary key,
-            name text
-        );
-        INSERT INTO cities (id, name) VALUES
-            (1, 'San Francisco')
-        ;
-        """)
-        db.close()
-
-    # Mark "immutable.db" as immutable
-    (config_dir / "inspect-data.json").write_text(
-        json.dumps(
-            {
-                "immutable": {
-                    "hash": "hash",
-                    "size": 8192,
-                    "file": "immutable.db",
-                    "tables": {"cities": {"count": 1}},
-                }
-            }
-        ),
-        "utf-8",
-    )
-    return config_dir
-
-
-def test_invalid_settings(config_dir):
-    previous = (config_dir / "datasette.json").read_text("utf-8")
-    (config_dir / "datasette.json").write_text(
-        json.dumps({"settings": {"invalid": "invalid-setting"}}), "utf-8"
-    )
-    try:
-        with pytest.raises(StartupError) as ex:
-            Datasette([], config_dir=config_dir)
-        assert ex.value.args[0] == "Invalid setting 'invalid' in config file"
-    finally:
-        (config_dir / "datasette.json").write_text(previous, "utf-8")
-
-
-@pytest.fixture(scope="session")
-def config_dir_client(config_dir):
-    ds = Datasette([], config_dir=config_dir)
-    yield _TestClient(ds)
-    for db in ds.databases.values():
-        db.close()
-
-
-def test_settings(config_dir_client):
-    response = config_dir_client.get("/-/settings.json")
-    assert 200 == response.status
-    assert 60 == response.json["default_cache_ttl"]
-
-
-def test_plugins(config_dir_client):
-    response = config_dir_client.get("/-/plugins.json")
-    assert 200 == response.status
-    assert "hooray.py" in {p["name"] for p in response.json}
-    assert "non_py_file.txt" not in {p["name"] for p in response.json}
-    assert "mypy_cache" not in {p["name"] for p in response.json}
-
-
-def test_templates_and_plugin(config_dir_client):
-    response = config_dir_client.get("/demo/cities/1")
-    assert 200 == response.status
-    assert "Show row here. Plugin says hooray" == response.text
-
-
-def test_static(config_dir_client):
-    response = config_dir_client.get("/static/hello.css")
-    assert 200 == response.status
-    assert CSS == response.text
-    assert "text/css" == response.headers["content-type"]
-
-
-def test_static_directory_browsing_not_allowed(config_dir_client):
-    response = config_dir_client.get("/static/")
-    assert 403 == response.status
-    assert "403: Directory listing is not allowed" == response.text
-
-
-def test_databases(config_dir_client):
-    response = config_dir_client.get("/-/databases.json")
-    assert 200 == response.status
-    databases = response.json
-    assert 4 == len(databases)
-    databases.sort(key=lambda d: d["name"])
-    for db, expected_name in zip(databases, ("demo", "immutable", "j", "k")):
-        assert expected_name == db["name"]
-        assert db["is_mutable"] == (expected_name != "immutable")
-
-
-def test_store_config_dir(config_dir_client):
-    ds = config_dir_client.ds
-
-    assert hasattr(ds, "config_dir")
-    assert ds.config_dir is not None
-    assert isinstance(ds.config_dir, pathlib.Path)
diff --git a/tests/test_config_permission_rules.py b/tests/test_config_permission_rules.py
deleted file mode 100644
index 8327ecbf..00000000
--- a/tests/test_config_permission_rules.py
+++ /dev/null
@@ -1,163 +0,0 @@
-import pytest
-
-from datasette.app import Datasette
-from datasette.database import Database
-from datasette.resources import DatabaseResource, TableResource
-
-
-async def setup_datasette(config=None, databases=None):
-    ds = Datasette(memory=True, config=config)
-    for name in databases or []:
-        ds.add_database(Database(ds, memory_name=f"{name}_memory"), name=name)
-    await ds.invoke_startup()
-    await ds.refresh_schemas()
-    return ds
-
-
-@pytest.mark.asyncio
-async def test_root_permissions_allow():
-    config = {"permissions": {"execute-sql": {"id": "alice"}}}
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "bob"},
-    )
-
-
-@pytest.mark.asyncio
-async def test_database_permission():
-    config = {
-        "databases": {
-            "content": {
-                "permissions": {
-                    "insert-row": {"id": "alice"},
-                }
-            }
-        }
-    }
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert await ds.allowed(
-        action="insert-row",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action="insert-row",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "bob"},
-    )
-
-
-@pytest.mark.asyncio
-async def test_table_permission():
-    config = {
-        "databases": {
-            "content": {
-                "tables": {"repos": {"permissions": {"delete-row": {"id": "alice"}}}}
-            }
-        }
-    }
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert await ds.allowed(
-        action="delete-row",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action="delete-row",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "bob"},
-    )
-
-
-@pytest.mark.asyncio
-async def test_view_table_allow_block():
-    config = {
-        "databases": {"content": {"tables": {"repos": {"allow": {"id": "alice"}}}}}
-    }
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert await ds.allowed(
-        action="view-table",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action="view-table",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "bob"},
-    )
-    assert await ds.allowed(
-        action="view-table",
-        resource=TableResource(database="content", table="other"),
-        actor={"id": "bob"},
-    )
-
-
-@pytest.mark.asyncio
-async def test_view_table_allow_false_blocks():
-    config = {"databases": {"content": {"tables": {"repos": {"allow": False}}}}}
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert not await ds.allowed(
-        action="view-table",
-        resource=TableResource(database="content", table="repos"),
-        actor={"id": "alice"},
-    )
-
-
-@pytest.mark.asyncio
-async def test_allow_sql_blocks():
-    config = {"allow_sql": {"id": "alice"}}
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "bob"},
-    )
-
-    config = {"databases": {"content": {"allow_sql": {"id": "bob"}}}}
-    ds = await setup_datasette(config=config, databases=["content"])
-
-    assert await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "bob"},
-    )
-    assert not await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "alice"},
-    )
-
-    config = {"allow_sql": False}
-    ds = await setup_datasette(config=config, databases=["content"])
-    assert not await ds.allowed(
-        action="execute-sql",
-        resource=DatabaseResource(database="content"),
-        actor={"id": "alice"},
-    )
-
-
-@pytest.mark.asyncio
-async def test_view_instance_allow_block():
-    config = {"allow": {"id": "alice"}}
-    ds = await setup_datasette(config=config)
-
-    assert await ds.allowed(action="view-instance", actor={"id": "alice"})
-    assert not await ds.allowed(action="view-instance", actor={"id": "bob"})
diff --git a/tests/test_crossdb.py b/tests/test_crossdb.py
deleted file mode 100644
index 11e53224..00000000
--- a/tests/test_crossdb.py
+++ /dev/null
@@ -1,77 +0,0 @@
-from datasette.cli import cli
-from click.testing import CliRunner
-import urllib
-import sqlite3
-
-
-def test_crossdb_join(app_client_two_attached_databases_crossdb_enabled):
-    app_client = app_client_two_attached_databases_crossdb_enabled
-    sql = """
-    select
-      'extra database' as db,
-      pk,
-      text1,
-      text2
-    from
-      [extra database].searchable
-    union all
-    select
-      'fixtures' as db,
-      pk,
-      text1,
-      text2
-    from
-      fixtures.searchable
-    """
-    response = app_client.get(
-        "/_memory/-/query.json?"
-        + urllib.parse.urlencode({"sql": sql, "_shape": "array"})
-    )
-    assert response.status == 200
-    assert response.json == [
-        {"db": "extra database", "pk": 1, "text1": "barry cat", "text2": "terry dog"},
-        {"db": "extra database", "pk": 2, "text1": "terry dog", "text2": "sara weasel"},
-        {"db": "fixtures", "pk": 1, "text1": "barry cat", "text2": "terry dog"},
-        {"db": "fixtures", "pk": 2, "text1": "terry dog", "text2": "sara weasel"},
-    ]
-
-
-def test_crossdb_warning_if_too_many_databases(tmp_path_factory):
-    db_dir = tmp_path_factory.mktemp("dbs")
-    dbs = []
-    for i in range(11):
-        path = str(db_dir / "db_{}.db".format(i))
-        conn = sqlite3.connect(path)
-        conn.execute("vacuum")
-        conn.close()
-        dbs.append(path)
-    runner = CliRunner()
-    result = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--crossdb",
-            "--get",
-            "/",
-        ]
-        + dbs,
-        catch_exceptions=False,
-    )
-    assert (
-        "Warning: --crossdb only works with the first 10 attached databases"
-        in result.stderr
-    )
-
-
-def test_crossdb_attached_database_list_display(
-    app_client_two_attached_databases_crossdb_enabled,
-):
-    app_client = app_client_two_attached_databases_crossdb_enabled
-    response = app_client.get("/_memory")
-    app_client.get("/")
-    for fragment in (
-        "databases are attached to this connection",
-        "<li><strong>fixtures</strong> - ",
-        '<li><strong>extra database</strong> - <a href="/extra+database/-/query?sql=',
-    ):
-        assert fragment in response.text
diff --git a/tests/test_csrf_middleware.py b/tests/test_csrf_middleware.py
deleted file mode 100644
index 2fcfb216..00000000
--- a/tests/test_csrf_middleware.py
+++ /dev/null
@@ -1,334 +0,0 @@
-"""
-Tests for the header-based CSRF (Cross-Origin) protection middleware.
-
-Datasette uses the Sec-Fetch-Site + Origin header approach described in
-Filippo Valsorda's article (https://words.filippo.io/csrf/) and implemented
-in Go 1.25's http.CrossOriginProtection. This replaces the previous
-token-based asgi-csrf mechanism.
-"""
-
-import pluggy
-import pytest
-
-from datasette import hookimpl
-from datasette.csrf import CrossOriginProtectionMiddleware, _install_legacy_csrftoken
-
-
-async def _post(bare_ds, **kwargs):
-    kwargs.setdefault("data", {"message": "hello", "message_class": "info"})
-    return await bare_ds.client.post("/-/messages", **kwargs)
-
-
-async def _run_middleware(scope):
-    """
-    Run CrossOriginProtectionMiddleware against a scope and return
-    ("allowed",) if the inner app was called, or ("blocked", status)
-    if the middleware sent a response itself.
-    """
-
-    class FakeDs:
-        async def render_template(self, name, ctx):
-            return "BLOCKED"
-
-    inner_called = []
-
-    async def app(scope, receive, send):
-        inner_called.append(True)
-
-    sent = []
-
-    async def send(msg):
-        sent.append(msg)
-
-    mw = CrossOriginProtectionMiddleware(app, FakeDs())
-    await mw(scope, None, send)
-    if inner_called:
-        return ("allowed",)
-    start = [m for m in sent if m["type"] == "http.response.start"][0]
-    return ("blocked", start["status"])
-
-
-def _http_scope(headers, method="POST"):
-    return {
-        "type": "http",
-        "method": method,
-        "headers": [(k.encode(), v.encode()) for k, v in headers.items()],
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("method", ["GET", "HEAD", "OPTIONS"])
-async def test_safe_methods_always_pass(bare_ds, method):
-    # Safe methods bypass CSRF entirely, even with hostile headers
-    response = await bare_ds.client.request(
-        method,
-        "/-/messages",
-        headers={"sec-fetch-site": "cross-site", "origin": "http://evil.example"},
-    )
-    assert response.status_code != 403 or "origin" not in response.text.lower()
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("sec_fetch_site", ["same-origin", "none"])
-async def test_post_with_trusted_sec_fetch_site_allowed(bare_ds, sec_fetch_site):
-    # "same-origin" = first-party; "none" = user-initiated direct navigation
-    response = await _post(bare_ds, headers={"sec-fetch-site": sec_fetch_site})
-    assert response.status_code != 403
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("sec_fetch_site", ["cross-site", "same-site", "cross-origin"])
-async def test_post_with_untrusted_sec_fetch_site_blocked(bare_ds, sec_fetch_site):
-    # same-site is blocked too: different subdomains must not bypass CSRF
-    response = await _post(
-        bare_ds, data={"message": "hi"}, headers={"sec-fetch-site": sec_fetch_site}
-    )
-    assert response.status_code == 403
-    assert response.headers["content-type"].startswith("text/html")
-
-
-@pytest.mark.asyncio
-async def test_post_with_no_browser_headers_allowed(bare_ds):
-    # curl / requests / server-to-server: no Sec-Fetch-Site, no Origin.
-    # CSRF is browser-specific so these pass through.
-    response = await _post(bare_ds)
-    assert response.status_code != 403
-
-
-@pytest.mark.asyncio
-async def test_post_with_matching_origin_allowed(bare_ds):
-    # Fallback for older browsers without Sec-Fetch-Site: Origin must match Host
-    response = await _post(bare_ds, headers={"origin": "http://localhost"})
-    assert response.status_code != 403
-
-
-@pytest.mark.asyncio
-async def test_post_with_mismatched_origin_blocked(bare_ds):
-    response = await _post(
-        bare_ds, data={"message": "hi"}, headers={"origin": "http://evil.example.com"}
-    )
-    assert response.status_code == 403
-
-
-@pytest.mark.asyncio
-async def test_csrf_error_page_renders(bare_ds):
-    response = await _post(
-        bare_ds, data={"message": "hi"}, headers={"sec-fetch-site": "cross-site"}
-    )
-    assert response.status_code == 403
-    assert "origin" in response.text.lower()
-
-
-@pytest.mark.asyncio
-async def test_csrf_error_page_title_has_no_typo(bare_ds):
-    response = await _post(
-        bare_ds, data={"message": "hi"}, headers={"sec-fetch-site": "cross-site"}
-    )
-    assert "<title>CSRF check failed" in response.text
-    assert "CSRF check failed)" not in response.text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("scope_type", ["websocket", "lifespan"])
-async def test_non_http_scope_passes_through(scope_type):
-    called = []
-
-    async def app(scope, receive, send):
-        called.append(scope["type"])
-
-    mw = CrossOriginProtectionMiddleware(app, datasette=None)
-    await mw({"type": scope_type}, None, None)
-    assert called == [scope_type]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "label,headers,expected",
-    [
-        (
-            "plain cross-site blocked",
-            {"sec-fetch-site": "cross-site", "host": "example.com"},
-            ("blocked", 403),
-        ),
-        (
-            "basic auth does not bypass",
-            {
-                "sec-fetch-site": "cross-site",
-                "host": "example.com",
-                "authorization": "Basic dXNlcjpwYXNz",
-            },
-            ("blocked", 403),
-        ),
-        (
-            "bearer auth bypasses",
-            {
-                "sec-fetch-site": "cross-site",
-                "origin": "https://evil.example",
-                "host": "example.com",
-                "authorization": "Bearer dstok_abc",
-            },
-            ("allowed",),
-        ),
-        (
-            "bearer scheme case-insensitive",
-            {
-                "sec-fetch-site": "cross-site",
-                "host": "example.com",
-                "authorization": "bearer dstok_abc",
-            },
-            ("allowed",),
-        ),
-        (
-            "non-browser (no Sec-Fetch-Site, no Origin) allowed",
-            {"host": "example.com"},
-            ("allowed",),
-        ),
-    ],
-)
-async def test_middleware_unit(label, headers, expected):
-    assert await _run_middleware(_http_scope(headers)) == expected
-
-
-def test_legacy_csrftoken_scope_value_nonempty(app_client):
-    # GET /post/ calls request.scope["csrftoken"]() - must not 500
-    response = app_client.get("/post/")
-    assert response.status == 200
-    assert response.text.strip() != ""
-    assert len(response.text.strip()) >= 20
-
-
-def test_legacy_csrftoken_no_ds_csrftoken_cookie(app_client):
-    response = app_client.get("/post/")
-    assert "ds_csrftoken" not in response.cookies
-
-
-def test_legacy_csrftoken_varies_across_requests(app_client):
-    r1 = app_client.get("/post/").text.strip()
-    r2 = app_client.get("/post/").text.strip()
-    assert r1 != r2
-
-
-def test_legacy_csrftoken_stable_within_request():
-    # Two calls in the same request return the same value
-    scope = {}
-    _install_legacy_csrftoken(scope)
-    assert scope["csrftoken"]() == scope["csrftoken"]()
-
-
-@pytest.mark.asyncio
-async def test_cross_site_post_blocked_even_with_ds_csrftoken_cookie(bare_ds):
-    # A stale ds_csrftoken cookie + csrftoken body field must NOT bypass
-    # the header-based CSRF check.
-    response = await _post(
-        bare_ds,
-        data={"message": "hi", "message_class": "info", "csrftoken": "abc"},
-        headers={"sec-fetch-site": "cross-site"},
-        cookies={"ds_csrftoken": "abc"},
-    )
-    assert response.status_code == 403
-
-
-@pytest.mark.asyncio
-async def test_bearer_invalid_token_not_csrf_error(bare_ds):
-    # Cross-site POST with bogus bearer must pass CSRF and be rejected
-    # by auth/permission handling, not by the CSRF middleware.
-    response = await _post(
-        bare_ds,
-        headers={
-            "sec-fetch-site": "cross-site",
-            "authorization": "Bearer totally-invalid-token",
-        },
-    )
-    if response.status_code == 403:
-        assert "origin" not in response.text.lower()
-        assert "sec-fetch-site" not in response.text.lower()
-
-
-@pytest.mark.asyncio
-async def test_cross_site_post_without_auth_still_blocked(bare_ds):
-    response = await _post(
-        bare_ds, data={"message": "hi"}, headers={"sec-fetch-site": "cross-site"}
-    )
-    assert response.status_code == 403
-
-
-@pytest.mark.asyncio
-async def test_bearer_with_cookie_does_not_bypass():
-    # Bearer + Cookie => ambient cookie auth is in play, not exempt.
-    scope = _http_scope(
-        {
-            "sec-fetch-site": "cross-site",
-            "host": "example.com",
-            "authorization": "Bearer dstok_abc",
-            "cookie": "ds_actor=anything",
-        }
-    )
-    assert await _run_middleware(scope) == ("blocked", 403)
-
-
-@pytest.mark.asyncio
-async def test_origin_scheme_must_match():
-    # http Origin against an https request must be blocked even when host matches.
-    scope = _http_scope({"origin": "http://example.com", "host": "example.com"})
-    scope["scheme"] = "https"
-    assert await _run_middleware(scope) == ("blocked", 403)
-
-
-@pytest.mark.asyncio
-async def test_origin_port_must_match():
-    scope = _http_scope({"origin": "http://example.com:8001", "host": "example.com"})
-    scope["scheme"] = "http"
-    assert await _run_middleware(scope) == ("blocked", 403)
-
-
-@pytest.mark.asyncio
-async def test_origin_default_port_normalized():
-    # http://example.com:80 == http://example.com
-    scope = _http_scope({"origin": "http://example.com:80", "host": "example.com"})
-    scope["scheme"] = "http"
-    assert await _run_middleware(scope) == ("allowed",)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "headers",
-    [
-        {"authorization": "   ", "host": "example.com", "origin": "http://evil"},
-        {"origin": "http://example.com:notaport", "host": "example.com"},
-        {"origin": "not-a-url", "host": "example.com"},
-    ],
-)
-async def test_malformed_headers_do_not_500(headers):
-    # Should be a clean 403, not an unhandled exception.
-    result = await _run_middleware(_http_scope(headers))
-    assert result[0] == "blocked"
-    assert result[1] == 403
-
-
-@pytest.mark.asyncio
-async def test_uppercase_header_names_normalized():
-    # ASGI servers should lowercase, but middleware normalizes defensively.
-    scope = {
-        "type": "http",
-        "method": "POST",
-        "headers": [(b"Sec-Fetch-Site", b"same-origin")],
-    }
-    assert await _run_middleware(scope) == ("allowed",)
-
-
-def test_legacy_skip_csrf_hookimpl_does_not_break_loading():
-    # Plugins that still define skip_csrf must load cleanly - pluggy ignores
-    # unknown hook implementations - even though the hook is no longer
-    # consulted by core. Use a throwaway PluginManager so that registering
-    # this hookimpl does not leak a _HookCaller onto the real datasette.pm.
-    class LegacyPlugin:
-        __name__ = "legacy-skip-csrf-plugin"
-
-        @hookimpl
-        def skip_csrf(self, datasette, scope):
-            return True
-
-    throwaway = pluggy.PluginManager("datasette")
-    plugin = LegacyPlugin()
-    throwaway.register(plugin, name=LegacyPlugin.__name__)
-    assert throwaway.is_registered(plugin)
diff --git a/tests/test_csv.py b/tests/test_csv.py
index a2f03776..1030c2bb 100644
--- a/tests/test_csv.py
+++ b/tests/test_csv.py
@@ -1,210 +1,113 @@
-from datasette.app import Datasette
-from bs4 import BeautifulSoup as Soup
-import pytest
-import urllib.parse
+from .fixtures import (  # noqa
+    app_client,
+    app_client_csv_max_mb_one,
+    app_client_with_cors,
+)
 
 EXPECTED_TABLE_CSV = """id,content
 1,hello
 2,world
 3,
 4,RENDER_CELL_DEMO
-5,RENDER_CELL_ASYNC
-""".replace("\n", "\r\n")
+""".replace(
+    "\n", "\r\n"
+)
 
 EXPECTED_CUSTOM_CSV = """content
 hello
 world
-""".replace("\n", "\r\n")
+""".replace(
+    "\n", "\r\n"
+)
 
 EXPECTED_TABLE_WITH_LABELS_CSV = """
-pk,created,planet_int,on_earth,state,_city_id,_city_id_label,_neighborhood,tags,complex_array,distinct_some_null,n
-1,2019-01-14 08:00:00,1,1,CA,1,San Francisco,Mission,"[""tag1"", ""tag2""]","[{""foo"": ""bar""}]",one,n1
-2,2019-01-14 08:00:00,1,1,CA,1,San Francisco,Dogpatch,"[""tag1"", ""tag3""]",[],two,n2
-3,2019-01-14 08:00:00,1,1,CA,1,San Francisco,SOMA,[],[],,
-4,2019-01-14 08:00:00,1,1,CA,1,San Francisco,Tenderloin,[],[],,
-5,2019-01-15 08:00:00,1,1,CA,1,San Francisco,Bernal Heights,[],[],,
-6,2019-01-15 08:00:00,1,1,CA,1,San Francisco,Hayes Valley,[],[],,
-7,2019-01-15 08:00:00,1,1,CA,2,Los Angeles,Hollywood,[],[],,
-8,2019-01-15 08:00:00,1,1,CA,2,Los Angeles,Downtown,[],[],,
-9,2019-01-16 08:00:00,1,1,CA,2,Los Angeles,Los Feliz,[],[],,
-10,2019-01-16 08:00:00,1,1,CA,2,Los Angeles,Koreatown,[],[],,
-11,2019-01-16 08:00:00,1,1,MI,3,Detroit,Downtown,[],[],,
-12,2019-01-17 08:00:00,1,1,MI,3,Detroit,Greektown,[],[],,
-13,2019-01-17 08:00:00,1,1,MI,3,Detroit,Corktown,[],[],,
-14,2019-01-17 08:00:00,1,1,MI,3,Detroit,Mexicantown,[],[],,
-15,2019-01-17 08:00:00,2,0,MC,4,Memnonia,Arcadia Planitia,[],[],,
-""".lstrip().replace("\n", "\r\n")
+pk,created,planet_int,on_earth,state,city_id,city_id_label,neighborhood,tags,complex_array,distinct_some_null
+1,2019-01-14 08:00:00,1,1,CA,1,San Francisco,Mission,"[""tag1"", ""tag2""]","[{""foo"": ""bar""}]",one
+2,2019-01-14 08:00:00,1,1,CA,1,San Francisco,Dogpatch,"[""tag1"", ""tag3""]",[],two
+3,2019-01-14 08:00:00,1,1,CA,1,San Francisco,SOMA,[],[],
+4,2019-01-14 08:00:00,1,1,CA,1,San Francisco,Tenderloin,[],[],
+5,2019-01-15 08:00:00,1,1,CA,1,San Francisco,Bernal Heights,[],[],
+6,2019-01-15 08:00:00,1,1,CA,1,San Francisco,Hayes Valley,[],[],
+7,2019-01-15 08:00:00,1,1,CA,2,Los Angeles,Hollywood,[],[],
+8,2019-01-15 08:00:00,1,1,CA,2,Los Angeles,Downtown,[],[],
+9,2019-01-16 08:00:00,1,1,CA,2,Los Angeles,Los Feliz,[],[],
+10,2019-01-16 08:00:00,1,1,CA,2,Los Angeles,Koreatown,[],[],
+11,2019-01-16 08:00:00,1,1,MI,3,Detroit,Downtown,[],[],
+12,2019-01-17 08:00:00,1,1,MI,3,Detroit,Greektown,[],[],
+13,2019-01-17 08:00:00,1,1,MI,3,Detroit,Corktown,[],[],
+14,2019-01-17 08:00:00,1,1,MI,3,Detroit,Mexicantown,[],[],
+15,2019-01-17 08:00:00,2,0,MC,4,Memnonia,Arcadia Planitia,[],[],
+""".lstrip().replace(
+    "\n", "\r\n"
+)
 
 EXPECTED_TABLE_WITH_NULLABLE_LABELS_CSV = """
-pk,foreign_key_with_label,foreign_key_with_label_label,foreign_key_with_blank_label,foreign_key_with_blank_label_label,foreign_key_with_no_label,foreign_key_with_no_label_label,foreign_key_compound_pk1,foreign_key_compound_pk2
-1,1,hello,3,,1,1,a,b
-2,,,,,,,,
-""".lstrip().replace("\n", "\r\n")
+pk,foreign_key_with_label,foreign_key_with_label_label,foreign_key_with_no_label,foreign_key_with_no_label_label
+1,1,hello,1,1
+2,,,,
+""".lstrip().replace(
+    "\n", "\r\n"
+)
 
 
-@pytest.mark.asyncio
-async def test_table_csv(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.csv?_oh=1")
-    assert response.status_code == 200
+def test_table_csv(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.csv")
+    assert response.status == 200
     assert not response.headers.get("Access-Control-Allow-Origin")
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == EXPECTED_TABLE_CSV
+    assert "text/plain; charset=utf-8" == response.headers["content-type"]
+    assert EXPECTED_TABLE_CSV == response.text
 
 
 def test_table_csv_cors_headers(app_client_with_cors):
     response = app_client_with_cors.get("/fixtures/simple_primary_key.csv")
     assert response.status == 200
-    assert response.headers["Access-Control-Allow-Origin"] == "*"
+    assert "*" == response.headers["Access-Control-Allow-Origin"]
 
 
-@pytest.mark.asyncio
-async def test_table_csv_no_header(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.csv?_header=off")
-    assert response.status_code == 200
-    assert not response.headers.get("Access-Control-Allow-Origin")
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == EXPECTED_TABLE_CSV.split("\r\n", 1)[1]
+def test_table_csv_with_labels(app_client):
+    response = app_client.get("/fixtures/facetable.csv?_labels=1")
+    assert response.status == 200
+    assert "text/plain; charset=utf-8" == response.headers["content-type"]
+    assert EXPECTED_TABLE_WITH_LABELS_CSV == response.text
 
 
-@pytest.mark.asyncio
-async def test_table_csv_with_labels(ds_client):
-    response = await ds_client.get("/fixtures/facetable.csv?_labels=1")
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == EXPECTED_TABLE_WITH_LABELS_CSV
+def test_table_csv_with_nullable_labels(app_client):
+    response = app_client.get("/fixtures/foreign_key_references.csv?_labels=1")
+    assert response.status == 200
+    assert "text/plain; charset=utf-8" == response.headers["content-type"]
+    assert EXPECTED_TABLE_WITH_NULLABLE_LABELS_CSV == response.text
 
 
-@pytest.mark.asyncio
-async def test_table_csv_with_nullable_labels(ds_client):
-    response = await ds_client.get("/fixtures/foreign_key_references.csv?_labels=1")
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == EXPECTED_TABLE_WITH_NULLABLE_LABELS_CSV
-
-
-@pytest.mark.asyncio
-async def test_table_csv_with_invalid_labels():
-    # https://github.com/simonw/datasette/issues/2214
-    ds = Datasette(
-        config={
-            "databases": {
-                "db_2214": {
-                    "tables": {
-                        "t2": {
-                            "label_column": "name",
-                        }
-                    }
-                }
-            }
-        }
+def test_custom_sql_csv(app_client):
+    response = app_client.get(
+        "/fixtures.csv?sql=select+content+from+simple_primary_key+limit+2"
     )
-    await ds.invoke_startup()
-    db = ds.add_memory_database("db_2214")
-    await db.execute_write_script("""
-        create table t1 (id integer primary key, name text);
-        insert into t1 (id, name) values (1, 'one');
-        insert into t1 (id, name) values (2, 'two');
-        create table t2 (textid text primary key, name text);
-        insert into t2 (textid, name) values ('a', 'alpha');
-        insert into t2 (textid, name) values ('b', 'beta');
-        create table if not exists maintable (
-            id integer primary key,
-            fk_integer integer references t1(id),
-            fk_text text references t2(textid)
-        );
-        insert into maintable (id, fk_integer, fk_text) values (1, 1, 'a');
-        insert into maintable (id, fk_integer, fk_text) values (2, 3, 'b'); -- invalid fk_integer
-        insert into maintable (id, fk_integer, fk_text) values (3, 2, 'c'); -- invalid fk_text
-    """)
-    response = await ds.client.get("/db_2214/maintable.csv?_labels=1")
-    assert response.status_code == 200
-    assert response.text == (
-        "id,fk_integer,fk_integer_label,fk_text,fk_text_label\r\n"
-        "1,1,one,a,alpha\r\n"
-        "2,3,,b,beta\r\n"
-        "3,2,two,c,\r\n"
+    assert response.status == 200
+    assert "text/plain; charset=utf-8" == response.headers["content-type"]
+    assert EXPECTED_CUSTOM_CSV == response.text
+
+
+def test_table_csv_download(app_client):
+    response = app_client.get("/fixtures/simple_primary_key.csv?_dl=1")
+    assert response.status == 200
+    assert "text/csv; charset=utf-8" == response.headers["content-type"]
+    expected_disposition = 'attachment; filename="simple_primary_key.csv"'
+    assert expected_disposition == response.headers["Content-Disposition"]
+
+
+def test_csv_with_non_ascii_characters(app_client):
+    response = app_client.get(
+        "/fixtures.csv?sql=select%0D%0A++%27%F0%9D%90%9C%F0%9D%90%A2%F0%9D%90%AD%F0%9D%90%A2%F0%9D%90%9E%F0%9D%90%AC%27+as+text%2C%0D%0A++1+as+number%0D%0Aunion%0D%0Aselect%0D%0A++%27bob%27+as+text%2C%0D%0A++2+as+number%0D%0Aorder+by%0D%0A++number"
     )
+    assert response.status == 200
+    assert "text/plain; charset=utf-8" == response.headers["content-type"]
+    assert "text,number\r\n𝐜𝐢𝐭𝐢𝐞𝐬,1\r\nbob,2\r\n" == response.body.decode("utf8")
 
 
-@pytest.mark.asyncio
-async def test_table_csv_blob_columns(ds_client):
-    response = await ds_client.get("/fixtures/binary_data.csv")
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == (
-        "rowid,data\r\n"
-        "1,http://localhost/fixtures/binary_data/1.blob?_blob_column=data\r\n"
-        "2,http://localhost/fixtures/binary_data/2.blob?_blob_column=data\r\n"
-        "3,\r\n"
-    )
-
-
-@pytest.mark.asyncio
-async def test_custom_sql_csv_blob_columns(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.csv?sql=select+rowid,+data+from+binary_data"
-    )
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == (
-        "rowid,data\r\n"
-        '1,"http://localhost/fixtures/-/query.blob?sql=select+rowid,+data+from+binary_data&_blob_column=data&_blob_hash=f3088978da8f9aea479ffc7f631370b968d2e855eeb172bea7f6c7a04262bb6d"\r\n'
-        '2,"http://localhost/fixtures/-/query.blob?sql=select+rowid,+data+from+binary_data&_blob_column=data&_blob_hash=b835b0483cedb86130b9a2c280880bf5fadc5318ddf8c18d0df5204d40df1724"\r\n'
-        "3,\r\n"
-    )
-
-
-@pytest.mark.asyncio
-async def test_custom_sql_csv(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.csv?sql=select+content+from+simple_primary_key+limit+2"
-    )
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == EXPECTED_CUSTOM_CSV
-
-
-@pytest.mark.asyncio
-async def test_table_csv_download(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.csv?_dl=1")
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/csv; charset=utf-8"
-    assert (
-        response.headers["content-disposition"]
-        == 'attachment; filename="simple_primary_key.csv"'
-    )
-
-
-@pytest.mark.asyncio
-async def test_csv_with_non_ascii_characters(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.csv?sql=select%0D%0A++%27%F0%9D%90%9C%F0%9D%90%A2%F0%9D%90%AD%F0%9D%90%A2%F0%9D%90%9E%F0%9D%90%AC%27+as+text%2C%0D%0A++1+as+number%0D%0Aunion%0D%0Aselect%0D%0A++%27bob%27+as+text%2C%0D%0A++2+as+number%0D%0Aorder+by%0D%0A++number"
-    )
-    assert response.status_code == 200
-    assert response.headers["content-type"] == "text/plain; charset=utf-8"
-    assert response.text == "text,number\r\n𝐜𝐢𝐭𝐢𝐞𝐬,1\r\nbob,2\r\n"
-
-
-@pytest.mark.xfail(reason="Flaky, see https://github.com/simonw/datasette/issues/2355")
 def test_max_csv_mb(app_client_csv_max_mb_one):
-    # This query deliberately generates a really long string
-    # should be 100*100*100*2 = roughly 2MB
     response = app_client_csv_max_mb_one.get(
-        "/fixtures.csv?"
-        + urllib.parse.urlencode(
-            {
-                "sql": """
-            select group_concat('ab', '')
-            from json_each(json_array({lots})),
-                json_each(json_array({lots})),
-                json_each(json_array({lots}))
-            """.format(
-                    lots=", ".join(str(i) for i in range(100))
-                ),
-                "_stream": 1,
-                "_size": "max",
-            }
-        ),
+        "/fixtures.csv?sql=select+randomblob(10000)+"
+        "from+compound_three_primary_keys&_stream=1&_size=max"
     )
     # It's a 200 because we started streaming before we knew the error
     assert response.status == 200
@@ -213,38 +116,10 @@ def test_max_csv_mb(app_client_csv_max_mb_one):
     assert last_line.startswith(b"CSV contains more than")
 
 
-@pytest.mark.asyncio
-async def test_table_csv_stream(ds_client):
+def test_table_csv_stream(app_client):
     # Without _stream should return header + 100 rows:
-    response = await ds_client.get(
-        "/fixtures/compound_three_primary_keys.csv?_size=max"
-    )
-    assert len([b for b in response.content.split(b"\r\n") if b]) == 101
+    response = app_client.get("/fixtures/compound_three_primary_keys.csv?_size=max")
+    assert 101 == len([b for b in response.body.split(b"\r\n") if b])
     # With _stream=1 should return header + 1001 rows
-    response = await ds_client.get(
-        "/fixtures/compound_three_primary_keys.csv?_stream=1"
-    )
-    assert len([b for b in response.content.split(b"\r\n") if b]) == 1002
-
-
-def test_csv_trace(app_client_with_trace):
-    response = app_client_with_trace.get("/fixtures/simple_primary_key.csv?_trace=1")
-    assert response.headers["content-type"] == "text/html; charset=utf-8"
-    soup = Soup(response.text, "html.parser")
-    assert (
-        soup.find("textarea").text
-        == "id,content\r\n1,hello\r\n2,world\r\n3,\r\n4,RENDER_CELL_DEMO\r\n5,RENDER_CELL_ASYNC\r\n"
-    )
-    assert "select id, content from simple_primary_key" in soup.find("pre").text
-
-
-def test_table_csv_stream_does_not_calculate_facets(app_client_with_trace):
-    response = app_client_with_trace.get("/fixtures/simple_primary_key.csv?_trace=1")
-    soup = Soup(response.text, "html.parser")
-    assert "select content, count(*) as n" not in soup.find("pre").text
-
-
-def test_table_csv_stream_does_not_calculate_counts(app_client_with_trace):
-    response = app_client_with_trace.get("/fixtures/simple_primary_key.csv?_trace=1")
-    soup = Soup(response.text, "html.parser")
-    assert "select count(*)" not in soup.find("pre").text
+    response = app_client.get("/fixtures/compound_three_primary_keys.csv?_stream=1")
+    assert 1002 == len([b for b in response.body.split(b"\r\n") if b])
diff --git a/tests/test_custom_pages.py b/tests/test_custom_pages.py
deleted file mode 100644
index 86cdcc6b..00000000
--- a/tests/test_custom_pages.py
+++ /dev/null
@@ -1,127 +0,0 @@
-import pathlib
-import pytest
-from .fixtures import make_app_client
-
-TEST_TEMPLATE_DIRS = str(pathlib.Path(__file__).parent / "test_templates")
-
-
-@pytest.fixture(scope="session")
-def custom_pages_client():
-    with make_app_client(template_dir=TEST_TEMPLATE_DIRS) as client:
-        yield client
-
-
-@pytest.fixture(scope="session")
-def custom_pages_client_with_base_url():
-    with make_app_client(
-        template_dir=TEST_TEMPLATE_DIRS, settings={"base_url": "/prefix/"}
-    ) as client:
-        yield client
-
-
-def test_custom_pages_view_name(custom_pages_client):
-    response = custom_pages_client.get("/about")
-    assert response.status == 200
-    assert response.text == "ABOUT! view_name:page"
-
-
-def test_request_is_available(custom_pages_client):
-    response = custom_pages_client.get("/request")
-    assert response.status == 200
-    assert response.text == "path:/request"
-
-
-def test_custom_pages_with_base_url(custom_pages_client_with_base_url):
-    response = custom_pages_client_with_base_url.get("/prefix/request")
-    assert response.status == 200
-    assert response.text == "path:/prefix/request"
-
-
-def test_custom_pages_nested(custom_pages_client):
-    response = custom_pages_client.get("/nested/nest")
-    assert response.status == 200
-    assert response.text == "Nest!"
-    response = custom_pages_client.get("/nested/nest2")
-    assert response.status == 404
-
-
-def test_custom_status(custom_pages_client):
-    response = custom_pages_client.get("/202")
-    assert response.status == 202
-    assert response.text == "202!"
-
-
-def test_custom_headers(custom_pages_client):
-    response = custom_pages_client.get("/headers")
-    assert response.status == 200
-    assert response.headers["x-this-is-foo"] == "foo"
-    assert response.headers["x-this-is-bar"] == "bar"
-    assert response.text == "FOOBAR"
-
-
-def test_custom_content_type(custom_pages_client):
-    response = custom_pages_client.get("/atom")
-    assert response.status == 200
-    assert response.headers["content-type"] == "application/xml"
-    assert response.text == ""
-
-
-def test_redirect(custom_pages_client):
-    response = custom_pages_client.get("/redirect")
-    assert response.status == 302
-    assert response.headers["Location"] == "/example"
-
-
-def test_redirect2(custom_pages_client):
-    response = custom_pages_client.get("/redirect2")
-    assert response.status == 301
-    assert response.headers["Location"] == "/example"
-
-
-@pytest.mark.parametrize(
-    "path,expected",
-    [
-        ("/route_Sally", "
    Hello from Sally
    "),
-        ("/topic_python", "Topic page for python"),
-        ("/topic_python/info", "Slug: info, Topic: python"),
-    ],
-)
-def test_custom_route_pattern(custom_pages_client, path, expected):
-    response = custom_pages_client.get(path)
-    assert response.status == 200
-    assert response.text.strip() == expected
-
-
-def test_custom_route_pattern_404(custom_pages_client):
-    response = custom_pages_client.get("/route_OhNo")
-    assert response.status == 404
-    assert "
    Error 404
    " in response.text
-    assert ">Oh no/dev/null || true
-(
-    sleep 5
-    if kill -0 $server_pid 2>/dev/null; then
-        kill -9 $server_pid 2>/dev/null || true
-    fi
-) &
-killer_pid=$!
-wait_status=0
-wait $server_pid 2>/dev/null || wait_status=$?
-kill $killer_pid 2>/dev/null || true
-wait $killer_pid 2>/dev/null || true
-if [ $wait_status -eq 137 ]; then
-    echo "$server_pid did not stop after SIGTERM, server failed to stop"
-    cleanup
-    exit 1
-fi
-
-# Clean up the certificates
-cleanup
-
-echo $curl_exit_code
-exit $curl_exit_code
diff --git a/tests/test_debug_autocomplete.py b/tests/test_debug_autocomplete.py
deleted file mode 100644
index f438ace5..00000000
--- a/tests/test_debug_autocomplete.py
+++ /dev/null
@@ -1,91 +0,0 @@
-import pytest
-from bs4 import BeautifulSoup as Soup
-
-from datasette.app import Datasette
-from datasette.database import Database
-
-
-@pytest.mark.asyncio
-async def test_debug_autocomplete_for_table():
-    ds = Datasette(memory=True)
-    db = ds.add_database(
-        Database(ds, memory_name="test_debug_autocomplete_for_table"), name="data"
-    )
-    await db.execute_write_script("""
-        create table authors (
-            id integer primary key,
-            name text
-        );
-        insert into authors (id, name) values
-            (1, 'Ada Lovelace'),
-            (2, 'Grace Hopper');
-    """)
-
-    response = await ds.client.get("/-/debug/autocomplete?database=data&table=authors")
-
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    assert soup.select_one("h1").text == "Debug autocomplete"
-    assert any(
-        "autocomplete.js" in (script.get("src") or "")
-        for script in soup.find_all("script")
-    )
-    autocomplete = soup.select_one("datasette-autocomplete")
-    assert autocomplete is not None
-    assert autocomplete["src"] == "/data/authors/-/autocomplete"
-    assert soup.select_one("input#debug-autocomplete-input") is not None
-    assert "Label column:" in response.text
-    assert "name" in response.text
-
-
-@pytest.mark.asyncio
-async def test_debug_autocomplete_suggests_label_column_tables():
-    ds = Datasette(memory=True)
-    db = ds.add_database(
-        Database(ds, memory_name="test_debug_autocomplete_suggests"), name="data"
-    )
-    await db.execute_write_script("""
-        create table authors (
-            id integer primary key,
-            name text
-        );
-        create table releases (
-            id integer primary key,
-            title text
-        );
-    """)
-
-    response = await ds.client.get("/-/debug/autocomplete")
-
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    links = {a.text: a["href"] for a in soup.select("table.rows-and-columns a")}
-    assert links == {
-        "authors": "/-/debug/autocomplete?database=data&table=authors",
-        "releases": "/-/debug/autocomplete?database=data&table=releases",
-    }
-    assert [code.text for code in soup.select("table.rows-and-columns code")] == [
-        "name",
-        "title",
-    ]
-
-
-@pytest.mark.asyncio
-async def test_debug_autocomplete_scan_limit():
-    ds = Datasette(memory=True)
-    db = ds.add_database(
-        Database(ds, memory_name="test_debug_autocomplete_scan_limit"), name="data"
-    )
-    await db.execute_write_script(
-        "\n".join(
-            f"create table t{i:03d} (id integer primary key);" for i in range(100)
-        )
-        + "\ncreate table z_has_label (id integer primary key, name text);"
-    )
-
-    response = await ds.client.get("/-/debug/autocomplete")
-
-    assert response.status_code == 200
-    assert "No tables with detected label columns found." in response.text
-    assert "Scanned 100 tables; stopped at the 100 table scan limit." in response.text
-    assert "z_has_label" not in response.text
diff --git a/tests/test_default_deny.py b/tests/test_default_deny.py
deleted file mode 100644
index f1e43064..00000000
--- a/tests/test_default_deny.py
+++ /dev/null
@@ -1,149 +0,0 @@
-import pytest
-from datasette.app import Datasette
-from datasette.resources import DatabaseResource, TableResource
-
-
-@pytest.mark.asyncio
-async def test_default_deny_denies_default_permissions():
-    """Test that default_deny=True denies default permissions"""
-    # Without default_deny, anonymous users can view instance/database/tables
-    ds_normal = Datasette()
-    await ds_normal.invoke_startup()
-
-    # Add a test database
-    db = ds_normal.add_memory_database("test_db_normal")
-    await db.execute_write("create table test_table (id integer primary key)")
-    await ds_normal._refresh_schemas()  # Trigger catalog refresh
-
-    # Test default behavior - anonymous user should be able to view
-    response = await ds_normal.client.get("/")
-    assert response.status_code == 200
-
-    response = await ds_normal.client.get("/test_db_normal")
-    assert response.status_code == 200
-
-    response = await ds_normal.client.get("/test_db_normal/test_table")
-    assert response.status_code == 200
-
-    # With default_deny=True, anonymous users should be denied
-    ds_deny = Datasette(default_deny=True)
-    await ds_deny.invoke_startup()
-
-    # Add the same test database
-    db = ds_deny.add_memory_database("test_db_deny")
-    await db.execute_write("create table test_table (id integer primary key)")
-    await ds_deny._refresh_schemas()  # Trigger catalog refresh
-
-    # Anonymous user should be denied
-    response = await ds_deny.client.get("/")
-    assert response.status_code == 403
-
-    response = await ds_deny.client.get("/test_db_deny")
-    assert response.status_code == 403
-
-    response = await ds_deny.client.get("/test_db_deny/test_table")
-    assert response.status_code == 403
-
-
-@pytest.mark.asyncio
-async def test_default_deny_with_root_user():
-    """Test that root user still has access when default_deny=True"""
-    ds = Datasette(default_deny=True)
-    ds.root_enabled = True
-    await ds.invoke_startup()
-
-    root_actor = {"id": "root"}
-
-    # Root user should have all permissions even with default_deny
-    assert await ds.allowed(action="view-instance", actor=root_actor) is True
-    assert (
-        await ds.allowed(
-            action="view-database",
-            actor=root_actor,
-            resource=DatabaseResource("test_db"),
-        )
-        is True
-    )
-    assert (
-        await ds.allowed(
-            action="view-table",
-            actor=root_actor,
-            resource=TableResource("test_db", "test_table"),
-        )
-        is True
-    )
-    assert (
-        await ds.allowed(
-            action="execute-sql", actor=root_actor, resource=DatabaseResource("test_db")
-        )
-        is True
-    )
-
-
-@pytest.mark.asyncio
-async def test_default_deny_with_config_allow():
-    """Test that config allow rules still work with default_deny=True"""
-    ds = Datasette(default_deny=True, config={"allow": {"id": "user1"}})
-    await ds.invoke_startup()
-
-    # Anonymous user should be denied
-    assert await ds.allowed(action="view-instance", actor=None) is False
-
-    # Authenticated user with explicit permission should have access
-    assert await ds.allowed(action="view-instance", actor={"id": "user1"}) is True
-
-    # Different user should be denied
-    assert await ds.allowed(action="view-instance", actor={"id": "user2"}) is False
-
-
-@pytest.mark.asyncio
-async def test_default_deny_basic_permissions():
-    """Test that default_deny=True denies basic permissions"""
-    ds = Datasette(default_deny=True)
-    await ds.invoke_startup()
-
-    # Anonymous user should be denied all default permissions
-    assert await ds.allowed(action="view-instance", actor=None) is False
-    assert (
-        await ds.allowed(
-            action="view-database", actor=None, resource=DatabaseResource("test_db")
-        )
-        is False
-    )
-    assert (
-        await ds.allowed(
-            action="view-table",
-            actor=None,
-            resource=TableResource("test_db", "test_table"),
-        )
-        is False
-    )
-    assert (
-        await ds.allowed(
-            action="execute-sql", actor=None, resource=DatabaseResource("test_db")
-        )
-        is False
-    )
-
-    # Authenticated user without explicit permission should also be denied
-    assert await ds.allowed(action="view-instance", actor={"id": "user"}) is False
-
-
-@pytest.mark.asyncio
-async def test_default_deny_root_no_config_index_does_not_500():
-    # https://github.com/simonw/datasette/issues/2644
-    # --default-deny --root with no config file must not 500 on the index
-    # pages. Rendering those pages computes is_private (include_is_private),
-    # which references the anon_rules CTE - that CTE must still be defined
-    # even when there are no anonymous permission rules at all.
-    ds = Datasette(default_deny=True)
-    ds.root_enabled = True
-    await ds.invoke_startup()
-    db = ds.add_memory_database("test_db_2644")
-    await db.execute_write("create table test_table (id integer primary key)")
-    await ds._refresh_schemas()
-
-    cookie = ds.sign({"a": {"id": "root"}}, "actor")
-    for path in ("/", "/test_db_2644", "/test_db_2644/test_table"):
-        response = await ds.client.get(path, cookies={"ds_actor": cookie})
-        assert response.status_code == 200, f"{path} returned {response.status_code}"
diff --git a/tests/test_docs.py b/tests/test_docs.py
index 13b3a549..d481a633 100644
--- a/tests/test_docs.py
+++ b/tests/test_docs.py
@@ -1,10 +1,9 @@
 """
 Tests to ensure certain things are documented.
 """
-
-from datasette import app, utils
-import datasette.fixtures  # noqa: F401
-from datasette.app import Datasette
+from click.testing import CliRunner
+from datasette import app
+from datasette.cli import cli
 from datasette.filters import Filters
 from pathlib import Path
 import pytest
@@ -14,47 +13,49 @@ docs_path = Path(__file__).parent.parent / "docs"
 label_re = re.compile(r"\.\. _([^\s:]+):")
 
 
-def get_headings(content, underline="-"):
+def get_headings(filename, underline="-"):
+    content = (docs_path / filename).open().read()
     heading_re = re.compile(r"(\w+)(\([^)]*\))?\n\{}+\n".format(underline))
-    return {h[0] for h in heading_re.findall(content)}
+    return set(h[0] for h in heading_re.findall(content))
 
 
 def get_labels(filename):
-    content = (docs_path / filename).read_text()
+    content = (docs_path / filename).open().read()
     return set(label_re.findall(content))
 
 
-@pytest.fixture(scope="session")
-def settings_headings():
-    return get_headings((docs_path / "settings.rst").read_text(), "~")
+@pytest.mark.parametrize("config", app.CONFIG_OPTIONS)
+def test_config_options_are_documented(config):
+    assert config.name in get_headings("config.rst")
 
 
-def test_settings_are_documented(settings_headings, subtests):
-    for setting in app.SETTINGS:
-        with subtests.test(setting=setting.name):
-            assert setting.name in settings_headings
+@pytest.mark.parametrize(
+    "name,filename",
+    (
+        ("serve", "datasette-serve-help.txt"),
+        ("package", "datasette-package-help.txt"),
+        ("publish nowv1", "datasette-publish-nowv1-help.txt"),
+        ("publish heroku", "datasette-publish-heroku-help.txt"),
+        ("publish cloudrun", "datasette-publish-cloudrun-help.txt"),
+    ),
+)
+def test_help_includes(name, filename):
+    expected = open(str(docs_path / filename)).read()
+    runner = CliRunner()
+    result = runner.invoke(cli, name.split() + ["--help"], terminal_width=88)
+    actual = "$ datasette {} --help\n\n{}".format(name, result.output)
+    # actual has "Usage: cli package [OPTIONS] FILES"
+    # because it doesn't know that cli will be aliased to datasette
+    expected = expected.replace("Usage: datasette", "Usage: cli")
+    assert expected == actual
 
 
-@pytest.fixture(scope="session")
-def plugin_hooks_content():
-    return (docs_path / "plugin_hooks.rst").read_text()
-
-
-def test_plugin_hooks_are_documented(plugin_hooks_content, subtests):
-    headings = set()
-    headings.update(get_headings(plugin_hooks_content, "-"))
-    headings.update(get_headings(plugin_hooks_content, "~"))
-    plugins = [name for name in dir(app.pm.hook) if not name.startswith("_")]
-    for plugin in plugins:
-        with subtests.test(plugin=plugin):
-            assert plugin in headings
-            hook_caller = getattr(app.pm.hook, plugin)
-            arg_names = [a for a in hook_caller.spec.argnames if a != "__multicall__"]
-            # Check for plugin_name(arg1, arg2, arg3)
-            expected = f"{plugin}({', '.join(arg_names)})"
-            assert (
-                expected in plugin_hooks_content
-            ), f"Missing from plugin hook documentation: {expected}"
+@pytest.mark.parametrize(
+    "plugin", [name for name in dir(app.pm.hook) if not name.startswith("_")]
+)
+def test_plugin_hooks_are_documented(plugin):
+    headings = [s.split("(")[0] for s in get_headings("plugins.rst", "~")]
+    assert plugin in headings
 
 
 @pytest.fixture(scope="session")
@@ -65,33 +66,12 @@ def documented_views():
             first_word = label.split("_")[0]
             if first_word.endswith("View"):
                 view_labels.add(first_word)
-    # We deliberately don't document these:
-    view_labels.update(
-        (
-            "PatternPortfolioView",
-            "AuthTokenView",
-            "ApiExplorerView",
-            "ExecuteWriteAnalyzeView",
-            "ExecuteWriteView",
-            "GlobalQueryListView",
-            "QueryCreateAnalyzeView",
-            "QueryDeleteView",
-            "QueryDefinitionView",
-            "QueryEditView",
-            "QueryListView",
-            "QueryParametersView",
-            "QueryStoreView",
-            "QueryUpdateView",
-        )
-    )
     return view_labels
 
 
-def test_view_classes_are_documented(documented_views, subtests):
-    view_classes = [v for v in dir(app) if v.endswith("View")]
-    for view_class in view_classes:
-        with subtests.test(view_class=view_class):
-            assert view_class in documented_views
+@pytest.mark.parametrize("view_class", [v for v in dir(app) if v.endswith("View")])
+def test_view_classes_are_documented(documented_views, view_class):
+    assert view_class in documented_views
 
 
 @pytest.fixture(scope="session")
@@ -99,164 +79,13 @@ def documented_table_filters():
     json_api_rst = (docs_path / "json_api.rst").read_text()
     section = json_api_rst.split(".. _table_arguments:")[-1]
     # Lines starting with ``?column__exact= are docs for filters
-    return {
+    return set(
         line.split("__")[1].split("=")[0]
         for line in section.split("\n")
         if line.startswith("``?column__")
-    }
-
-
-def test_table_filters_are_documented(documented_table_filters, subtests):
-    for f in Filters._filters:
-        with subtests.test(filter=f.key):
-            assert f.key in documented_table_filters
-
-
-def test_table_extra_examples_are_documented():
-    from datasette.views.table_extras import CountExtra
-
-    assert CountExtra.example.path == "/fixtures/facetable.json?_extra=count"
-    content = (docs_path / "json_api.rst").read_text()
-    section = content.split(".. _json_api_extra:")[-1].split(".. _table_arguments:")[0]
-    assert "GET /fixtures/facetable.json?_extra=count" in section
-    assert ".. code-block:: json" in section
-
-
-def test_render_cell_extra_example_explains_row_and_column_mapping():
-    content = (docs_path / "json_api.rst").read_text()
-    section = content.split("``render_cell``")[-1].split("``query``")[0]
-    assert "same order as the ``rows`` array" in section
-    assert '"rows": [' in section
-    assert '"render_cell": [' in section
-
-
-def test_debug_and_request_extra_examples_are_documented():
-    content = (docs_path / "json_api.rst").read_text()
-    section = content.split("Table JSON responses")[-1].split("Row JSON responses")[0]
-
-    debug_section = section.split("``debug``")[-1].split("``request``")[0]
-    assert "GET /fixtures/facetable.json?_extra=debug" in debug_section
-    assert '"url_vars": {' in debug_section
-
-    request_section = section.split("``request``")[-1].split("``query``")[0]
-    assert "GET /fixtures/facetable.json?_extra=request" in request_section
-    assert '"full_path":' in request_section
-
-
-def test_row_and_query_extra_sections_are_documented():
-    content = (docs_path / "json_api.rst").read_text()
-    assert "Row JSON responses" in content
-    assert (
-        "``GET /fixtures/simple_primary_key/1.json?_extra=foreign_key_tables``"
-        in content
-    )
-    assert "Query JSON responses" in content
-    assert "``GET /fixtures/-/query.json?sql=select+1+as+one&_extra=query``" in content
-    assert (
-        "``GET /fixtures/neighborhood_search.json?text=town&_extra=query``" in content
     )
 
 
-@pytest.fixture(scope="session")
-def documented_labels():
-    labels = set()
-    for filename in docs_path.glob("*.rst"):
-        labels.update(get_labels(filename.name))
-    return labels
-
-
-def test_functions_marked_with_documented_are_documented(documented_labels, subtests):
-    for fn in utils.functions_marked_as_documented:
-        with subtests.test(fn=fn.__name__):
-            assert fn._datasette_docs_label in documented_labels
-
-
-def test_rst_heading_underlines_match_title_length():
-    """Test that RST heading underlines are the same length as their titles."""
-    # Common RST underline characters
-    underline_chars = ["-", "=", "~", "^", "+", "*", "#"]
-
-    errors = []
-
-    for rst_file in docs_path.glob("*.rst"):
-        content = rst_file.read_text()
-        lines = content.split("\n")
-
-        for i in range(len(lines) - 1):
-            current_line = lines[i]
-            next_line = lines[i + 1]
-
-            # Check if next line is entirely made of a single underline character
-            # and is at least 5 characters long (to avoid false positives)
-            if (
-                next_line
-                and len(next_line) >= 5
-                and len(set(next_line)) == 1
-                and next_line[0] in underline_chars
-            ):
-                # Skip if the previous line is empty (blank line before underline)
-                if not current_line:
-                    continue
-
-                # Check if this is an overline+underline style heading
-                # Look at the line before current_line to see if it's also an underline
-                if i > 0:
-                    prev_line = lines[i - 1]
-                    if (
-                        prev_line
-                        and len(prev_line) >= 5
-                        and len(set(prev_line)) == 1
-                        and prev_line[0] in underline_chars
-                        and len(prev_line) == len(next_line)
-                    ):
-                        # This is overline+underline style, skip it
-                        continue
-
-                # This is a heading underline
-                title_length = len(current_line)
-                underline_length = len(next_line)
-
-                if title_length != underline_length:
-                    errors.append(
-                        f"{rst_file.name}:{i+1}: Title length {title_length} != underline length {underline_length}\n"
-                        f"  Title: {current_line!r}\n"
-                        f"  Underline: {next_line!r}"
-                    )
-
-    if errors:
-        raise AssertionError(
-            f"Found {len(errors)} RST heading(s) with mismatched underline length:\n\n"
-            + "\n\n".join(errors)
-        )
-
-
-# Tests for testing_plugins.rst documentation
-
-# fmt: off
-# -- start test_homepage --
-@pytest.mark.asyncio
-async def test_homepage():
-    ds = Datasette(memory=True)
-    response = await ds.client.get("/")
-    html = response.text
-    assert "
    " in html
-# -- end test_homepage --
-
-
-# -- start test_actor_is_null --
-@pytest.mark.asyncio
-async def test_actor_is_null():
-    ds = Datasette(memory=True)
-    response = await ds.client.get("/-/actor.json")
-    assert response.json() == {"actor": None}
-# -- end test_actor_is_null --
-
-
-# -- start test_signed_cookie_actor --
-@pytest.mark.asyncio
-async def test_signed_cookie_actor():
-    ds = Datasette(memory=True)
-    cookies = {"ds_actor": ds.client.actor_cookie({"id": "root"})}
-    response = await ds.client.get("/-/actor.json", cookies=cookies)
-    assert response.json() == {"actor": {"id": "root"}}
-# -- end test_signed_cookie_actor --
+@pytest.mark.parametrize("filter", [f.key for f in Filters._filters])
+def test_table_filters_are_documented(documented_table_filters, filter):
+    assert filter in documented_table_filters
diff --git a/tests/test_docs_plugins.py b/tests/test_docs_plugins.py
deleted file mode 100644
index 613160ac..00000000
--- a/tests/test_docs_plugins.py
+++ /dev/null
@@ -1,35 +0,0 @@
-# fmt: off
-# -- start datasette_with_plugin_fixture --
-from datasette import hookimpl
-from datasette.app import Datasette
-import pytest
-import pytest_asyncio
-
-
-@pytest_asyncio.fixture
-async def datasette_with_plugin():
-    class TestPlugin:
-        __name__ = "TestPlugin"
-
-        @hookimpl
-        def register_routes(self):
-            return [
-                (r"^/error$", lambda: 1 / 0),
-            ]
-
-    datasette = Datasette()
-    datasette.pm.register(TestPlugin(), name="undo")
-    try:
-        yield datasette
-    finally:
-        datasette.pm.unregister(name="undo")
-        datasette.close()
-# -- end datasette_with_plugin_fixture --
-
-
-# -- start datasette_with_plugin_test --
-@pytest.mark.asyncio
-async def test_error(datasette_with_plugin):
-    response = await datasette_with_plugin.client.get("/error")
-    assert response.status_code == 500
-# -- end datasette_with_plugin_test --
diff --git a/tests/test_extras.py b/tests/test_extras.py
deleted file mode 100644
index 73b4965e..00000000
--- a/tests/test_extras.py
+++ /dev/null
@@ -1,97 +0,0 @@
-import asyncio
-
-import pytest
-
-from datasette.extras import Extra, ExtraRegistry, ExtraScope
-
-
-class SlowValueExtra(Extra):
-    description = "Returns context['value'], optionally slowly"
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context):
-        if context["slow"]:
-            await asyncio.sleep(0.05)
-        return context["value"]
-
-
-class DependentExtra(Extra):
-    description = "Depends on slow_value"
-    scopes = {ExtraScope.TABLE}
-
-    async def resolve(self, context, slow_value):
-        return slow_value + 1
-
-
-class InternalOnlyExtra(Extra):
-    description = "Internal extra for HTML templates only"
-    scopes = {ExtraScope.TABLE}
-    public = False
-
-    async def resolve(self, context):
-        return "internal"
-
-
-def test_internal_classes_for_scope():
-    registry = ExtraRegistry([SlowValueExtra, DependentExtra, InternalOnlyExtra])
-    assert registry.internal_classes_for_scope(ExtraScope.TABLE) == [InternalOnlyExtra]
-    assert registry.public_classes_for_scope(ExtraScope.TABLE) == [
-        SlowValueExtra,
-        DependentExtra,
-    ]
-
-
-def _registered_extra_classes():
-    # Plain Providers are internal dependency plumbing, only Extra
-    # subclasses surface as documented JSON/template keys
-    from datasette.views.table_extras import table_extra_registry
-
-    return [cls for cls in table_extra_registry.classes if issubclass(cls, Extra)]
-
-
-@pytest.mark.parametrize("cls", _registered_extra_classes(), ids=lambda cls: cls.key())
-def test_registered_extras_have_descriptions(cls):
-    # Every registered extra is part of the documented template/JSON contract
-    assert cls.description, "{} is missing a description".format(cls.__name__)
-
-
-def test_registry_is_built_once_per_scope():
-    registry = ExtraRegistry([SlowValueExtra, DependentExtra])
-    first = registry._registry_for_scope(ExtraScope.TABLE)
-    second = registry._registry_for_scope(ExtraScope.TABLE)
-    assert first is second
-
-
-@pytest.mark.asyncio
-async def test_concurrent_resolves_do_not_share_state():
-    # The asyncinject registry is shared across requests - resolved values
-    # must not leak between concurrent resolve() calls with different contexts
-    registry = ExtraRegistry([SlowValueExtra, DependentExtra])
-    slow, fast = await asyncio.gather(
-        registry.resolve(
-            {"slow_value", "dependent"},
-            {"value": 100, "slow": True},
-            ExtraScope.TABLE,
-        ),
-        registry.resolve(
-            {"slow_value", "dependent"},
-            {"value": 200, "slow": False},
-            ExtraScope.TABLE,
-        ),
-    )
-    assert slow == {"slow_value": 100, "dependent": 101}
-    assert fast == {"slow_value": 200, "dependent": 201}
-
-
-@pytest.mark.asyncio
-async def test_table_row_and_query_scopes_use_separate_registries():
-    from datasette.views.table_extras import table_extra_registry
-
-    registries = {
-        scope: table_extra_registry._registry_for_scope(scope) for scope in ExtraScope
-    }
-    assert len(set(map(id, registries.values()))) == 3
-    # Scope-specific extras only registered where they belong
-    assert "count" in registries[ExtraScope.TABLE]._registry
-    assert "count" not in registries[ExtraScope.QUERY]._registry
-    assert "foreign_key_tables" in registries[ExtraScope.ROW]._registry
diff --git a/tests/test_facets.py b/tests/test_facets.py
index 8c22ffce..e3dc3df3 100644
--- a/tests/test_facets.py
+++ b/tests/test_facets.py
@@ -1,18 +1,15 @@
-from datasette.app import Datasette
-from datasette.database import Database
-from datasette.facets import Facet, ColumnFacet, ArrayFacet, DateFacet
-from datasette.utils.asgi import Request
+from datasette.facets import ColumnFacet, ArrayFacet, DateFacet
 from datasette.utils import detect_json1
-from .fixtures import make_app_client
-import json
+from .fixtures import app_client  # noqa
+from .utils import MockRequest
 import pytest
 
 
 @pytest.mark.asyncio
-async def test_column_facet_suggest(ds_client):
+async def test_column_facet_suggest(app_client):
     facet = ColumnFacet(
-        ds_client.ds,
-        Request.fake("/"),
+        app_client.ds,
+        MockRequest("http://localhost/"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
@@ -23,11 +20,8 @@ async def test_column_facet_suggest(ds_client):
         {"name": "planet_int", "toggle_url": "http://localhost/?_facet=planet_int"},
         {"name": "on_earth", "toggle_url": "http://localhost/?_facet=on_earth"},
         {"name": "state", "toggle_url": "http://localhost/?_facet=state"},
-        {"name": "_city_id", "toggle_url": "http://localhost/?_facet=_city_id"},
-        {
-            "name": "_neighborhood",
-            "toggle_url": "http://localhost/?_facet=_neighborhood",
-        },
+        {"name": "city_id", "toggle_url": "http://localhost/?_facet=city_id"},
+        {"name": "neighborhood", "toggle_url": "http://localhost/?_facet=neighborhood"},
         {"name": "tags", "toggle_url": "http://localhost/?_facet=tags"},
         {
             "name": "complex_array",
@@ -37,10 +31,10 @@ async def test_column_facet_suggest(ds_client):
 
 
 @pytest.mark.asyncio
-async def test_column_facet_suggest_skip_if_already_selected(ds_client):
+async def test_column_facet_suggest_skip_if_already_selected(app_client):
     facet = ColumnFacet(
-        ds_client.ds,
-        Request.fake("/?_facet=planet_int&_facet=on_earth"),
+        app_client.ds,
+        MockRequest("http://localhost/?_facet=planet_int&_facet=on_earth"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
@@ -56,12 +50,12 @@ async def test_column_facet_suggest_skip_if_already_selected(ds_client):
             "toggle_url": "http://localhost/?_facet=planet_int&_facet=on_earth&_facet=state",
         },
         {
-            "name": "_city_id",
-            "toggle_url": "http://localhost/?_facet=planet_int&_facet=on_earth&_facet=_city_id",
+            "name": "city_id",
+            "toggle_url": "http://localhost/?_facet=planet_int&_facet=on_earth&_facet=city_id",
         },
         {
-            "name": "_neighborhood",
-            "toggle_url": "http://localhost/?_facet=planet_int&_facet=on_earth&_facet=_neighborhood",
+            "name": "neighborhood",
+            "toggle_url": "http://localhost/?_facet=planet_int&_facet=on_earth&_facet=neighborhood",
         },
         {
             "name": "tags",
@@ -75,14 +69,14 @@ async def test_column_facet_suggest_skip_if_already_selected(ds_client):
 
 
 @pytest.mark.asyncio
-async def test_column_facet_suggest_skip_if_enabled_by_metadata(ds_client):
+async def test_column_facet_suggest_skip_if_enabled_by_metadata(app_client):
     facet = ColumnFacet(
-        ds_client.ds,
-        Request.fake("/"),
+        app_client.ds,
+        MockRequest("http://localhost/"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
-        table_config={"facets": ["_city_id"]},
+        metadata={"facets": ["city_id"]},
     )
     suggestions = [s["name"] for s in await facet.suggest()]
     assert [
@@ -90,26 +84,26 @@ async def test_column_facet_suggest_skip_if_enabled_by_metadata(ds_client):
         "planet_int",
         "on_earth",
         "state",
-        "_neighborhood",
+        "neighborhood",
         "tags",
         "complex_array",
     ] == suggestions
 
 
 @pytest.mark.asyncio
-async def test_column_facet_results(ds_client):
+async def test_column_facet_results(app_client):
     facet = ColumnFacet(
-        ds_client.ds,
-        Request.fake("/?_facet=_city_id"),
+        app_client.ds,
+        MockRequest("http://localhost/?_facet=city_id"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
     )
     buckets, timed_out = await facet.facet_results()
     assert [] == timed_out
-    assert [
-        {
-            "name": "_city_id",
+    assert {
+        "city_id": {
+            "name": "city_id",
             "type": "column",
             "hideable": True,
             "toggle_url": "/",
@@ -118,173 +112,51 @@ async def test_column_facet_results(ds_client):
                     "value": 1,
                     "label": "San Francisco",
                     "count": 6,
-                    "toggle_url": "http://localhost/?_facet=_city_id&_city_id__exact=1",
+                    "toggle_url": "http://localhost/?_facet=city_id&city_id=1",
                     "selected": False,
                 },
                 {
                     "value": 2,
                     "label": "Los Angeles",
                     "count": 4,
-                    "toggle_url": "http://localhost/?_facet=_city_id&_city_id__exact=2",
+                    "toggle_url": "http://localhost/?_facet=city_id&city_id=2",
                     "selected": False,
                 },
                 {
                     "value": 3,
                     "label": "Detroit",
                     "count": 4,
-                    "toggle_url": "http://localhost/?_facet=_city_id&_city_id__exact=3",
+                    "toggle_url": "http://localhost/?_facet=city_id&city_id=3",
                     "selected": False,
                 },
                 {
                     "value": 4,
                     "label": "Memnonia",
                     "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_city_id&_city_id__exact=4",
+                    "toggle_url": "http://localhost/?_facet=city_id&city_id=4",
                     "selected": False,
                 },
             ],
             "truncated": False,
         }
-    ] == buckets
+    } == buckets
 
 
 @pytest.mark.asyncio
-async def test_column_facet_results_column_starts_with_underscore(ds_client):
+async def test_column_facet_from_metadata_cannot_be_hidden(app_client):
     facet = ColumnFacet(
-        ds_client.ds,
-        Request.fake("/?_facet=_neighborhood"),
+        app_client.ds,
+        MockRequest("http://localhost/"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
+        metadata={"facets": ["city_id"]},
     )
     buckets, timed_out = await facet.facet_results()
     assert [] == timed_out
-    assert buckets == [
-        {
-            "name": "_neighborhood",
-            "type": "column",
-            "hideable": True,
-            "toggle_url": "/",
-            "results": [
-                {
-                    "value": "Downtown",
-                    "label": "Downtown",
-                    "count": 2,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Downtown",
-                    "selected": False,
-                },
-                {
-                    "value": "Arcadia Planitia",
-                    "label": "Arcadia Planitia",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Arcadia+Planitia",
-                    "selected": False,
-                },
-                {
-                    "value": "Bernal Heights",
-                    "label": "Bernal Heights",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Bernal+Heights",
-                    "selected": False,
-                },
-                {
-                    "value": "Corktown",
-                    "label": "Corktown",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Corktown",
-                    "selected": False,
-                },
-                {
-                    "value": "Dogpatch",
-                    "label": "Dogpatch",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Dogpatch",
-                    "selected": False,
-                },
-                {
-                    "value": "Greektown",
-                    "label": "Greektown",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Greektown",
-                    "selected": False,
-                },
-                {
-                    "value": "Hayes Valley",
-                    "label": "Hayes Valley",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Hayes+Valley",
-                    "selected": False,
-                },
-                {
-                    "value": "Hollywood",
-                    "label": "Hollywood",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Hollywood",
-                    "selected": False,
-                },
-                {
-                    "value": "Koreatown",
-                    "label": "Koreatown",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Koreatown",
-                    "selected": False,
-                },
-                {
-                    "value": "Los Feliz",
-                    "label": "Los Feliz",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Los+Feliz",
-                    "selected": False,
-                },
-                {
-                    "value": "Mexicantown",
-                    "label": "Mexicantown",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Mexicantown",
-                    "selected": False,
-                },
-                {
-                    "value": "Mission",
-                    "label": "Mission",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Mission",
-                    "selected": False,
-                },
-                {
-                    "value": "SOMA",
-                    "label": "SOMA",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=SOMA",
-                    "selected": False,
-                },
-                {
-                    "value": "Tenderloin",
-                    "label": "Tenderloin",
-                    "count": 1,
-                    "toggle_url": "http://localhost/?_facet=_neighborhood&_neighborhood__exact=Tenderloin",
-                    "selected": False,
-                },
-            ],
-            "truncated": False,
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_column_facet_from_metadata_cannot_be_hidden(ds_client):
-    facet = ColumnFacet(
-        ds_client.ds,
-        Request.fake("/"),
-        database="fixtures",
-        sql="select * from facetable",
-        table="facetable",
-        table_config={"facets": ["_city_id"]},
-    )
-    buckets, timed_out = await facet.facet_results()
-    assert [] == timed_out
-    assert [
-        {
-            "name": "_city_id",
+    assert {
+        "city_id": {
+            "name": "city_id",
             "type": "column",
             "hideable": False,
             "toggle_url": "/",
@@ -293,42 +165,42 @@ async def test_column_facet_from_metadata_cannot_be_hidden(ds_client):
                     "value": 1,
                     "label": "San Francisco",
                     "count": 6,
-                    "toggle_url": "http://localhost/?_city_id__exact=1",
+                    "toggle_url": "http://localhost/?city_id=1",
                     "selected": False,
                 },
                 {
                     "value": 2,
                     "label": "Los Angeles",
                     "count": 4,
-                    "toggle_url": "http://localhost/?_city_id__exact=2",
+                    "toggle_url": "http://localhost/?city_id=2",
                     "selected": False,
                 },
                 {
                     "value": 3,
                     "label": "Detroit",
                     "count": 4,
-                    "toggle_url": "http://localhost/?_city_id__exact=3",
+                    "toggle_url": "http://localhost/?city_id=3",
                     "selected": False,
                 },
                 {
                     "value": 4,
                     "label": "Memnonia",
                     "count": 1,
-                    "toggle_url": "http://localhost/?_city_id__exact=4",
+                    "toggle_url": "http://localhost/?city_id=4",
                     "selected": False,
                 },
             ],
             "truncated": False,
         }
-    ] == buckets
+    } == buckets
 
 
 @pytest.mark.asyncio
 @pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
-async def test_array_facet_suggest(ds_client):
+async def test_array_facet_suggest(app_client):
     facet = ArrayFacet(
-        ds_client.ds,
-        Request.fake("/"),
+        app_client.ds,
+        MockRequest("http://localhost/"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
@@ -345,10 +217,10 @@ async def test_array_facet_suggest(ds_client):
 
 @pytest.mark.asyncio
 @pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
-async def test_array_facet_suggest_not_if_all_empty_arrays(ds_client):
+async def test_array_facet_suggest_not_if_all_empty_arrays(app_client):
     facet = ArrayFacet(
-        ds_client.ds,
-        Request.fake("/"),
+        app_client.ds,
+        MockRequest("http://localhost/"),
         database="fixtures",
         sql="select * from facetable where tags = '[]'",
         table="facetable",
@@ -359,18 +231,18 @@ async def test_array_facet_suggest_not_if_all_empty_arrays(ds_client):
 
 @pytest.mark.asyncio
 @pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
-async def test_array_facet_results(ds_client):
+async def test_array_facet_results(app_client):
     facet = ArrayFacet(
-        ds_client.ds,
-        Request.fake("/?_facet_array=tags"),
+        app_client.ds,
+        MockRequest("http://localhost/?_facet_array=tags"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
     )
     buckets, timed_out = await facet.facet_results()
     assert [] == timed_out
-    assert [
-        {
+    assert {
+        "tags": {
             "name": "tags",
             "type": "array",
             "results": [
@@ -400,77 +272,22 @@ async def test_array_facet_results(ds_client):
             "toggle_url": "/",
             "truncated": False,
         }
-    ] == buckets
+    } == buckets
 
 
 @pytest.mark.asyncio
-@pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
-async def test_array_facet_handle_duplicate_tags():
-    ds = Datasette([], memory=True)
-    db = ds.add_database(Database(ds, memory_name="test_array_facet"))
-    await db.execute_write("create table otters(name text, tags text)")
-    for name, tags in (
-        ("Charles", ["friendly", "cunning", "friendly"]),
-        ("Shaun", ["cunning", "empathetic", "friendly"]),
-        ("Tracy", ["empathetic", "eager"]),
-    ):
-        await db.execute_write(
-            "insert into otters (name, tags) values (?, ?)", [name, json.dumps(tags)]
-        )
-
-    response = await ds.client.get("/test_array_facet/otters.json?_facet_array=tags")
-    assert response.json()["facet_results"]["results"]["tags"] == {
-        "name": "tags",
-        "type": "array",
-        "results": [
-            {
-                "value": "cunning",
-                "label": "cunning",
-                "count": 2,
-                "toggle_url": "http://localhost/test_array_facet/otters.json?_facet_array=tags&tags__arraycontains=cunning",
-                "selected": False,
-            },
-            {
-                "value": "empathetic",
-                "label": "empathetic",
-                "count": 2,
-                "toggle_url": "http://localhost/test_array_facet/otters.json?_facet_array=tags&tags__arraycontains=empathetic",
-                "selected": False,
-            },
-            {
-                "value": "friendly",
-                "label": "friendly",
-                "count": 2,
-                "toggle_url": "http://localhost/test_array_facet/otters.json?_facet_array=tags&tags__arraycontains=friendly",
-                "selected": False,
-            },
-            {
-                "value": "eager",
-                "label": "eager",
-                "count": 1,
-                "toggle_url": "http://localhost/test_array_facet/otters.json?_facet_array=tags&tags__arraycontains=eager",
-                "selected": False,
-            },
-        ],
-        "hideable": True,
-        "toggle_url": "/test_array_facet/otters.json",
-        "truncated": False,
-    }
-
-
-@pytest.mark.asyncio
-async def test_date_facet_results(ds_client):
+async def test_date_facet_results(app_client):
     facet = DateFacet(
-        ds_client.ds,
-        Request.fake("/?_facet_date=created"),
+        app_client.ds,
+        MockRequest("http://localhost/?_facet_date=created"),
         database="fixtures",
         sql="select * from facetable",
         table="facetable",
     )
     buckets, timed_out = await facet.facet_results()
     assert [] == timed_out
-    assert [
-        {
+    assert {
+        "created": {
             "name": "created",
             "type": "date",
             "results": [
@@ -507,230 +324,4 @@ async def test_date_facet_results(ds_client):
             "toggle_url": "/",
             "truncated": False,
         }
-    ] == buckets
-
-
-@pytest.mark.asyncio
-async def test_json_array_with_blanks_and_nulls():
-    ds = Datasette([], memory=True)
-    db = ds.add_database(Database(ds, memory_name="test_json_array"))
-    await db.execute_write("create table foo(json_column text)")
-    for value in ('["a", "b", "c"]', '["a", "b"]', "", None):
-        await db.execute_write("insert into foo (json_column) values (?)", [value])
-    response = await ds.client.get("/test_json_array/foo.json?_extra=suggested_facets")
-    data = response.json()
-    assert data["suggested_facets"] == [
-        {
-            "name": "json_column",
-            "type": "array",
-            "toggle_url": "http://localhost/test_json_array/foo.json?_extra=suggested_facets&_facet_array=json_column",
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_facet_size():
-    ds = Datasette([], memory=True, settings={"max_returned_rows": 50})
-    db = ds.add_database(Database(ds, memory_name="test_facet_size"))
-    await db.execute_write("create table neighbourhoods(city text, neighbourhood text)")
-    for i in range(1, 51):
-        for j in range(1, 4):
-            await db.execute_write(
-                "insert into neighbourhoods (city, neighbourhood) values (?, ?)",
-                ["City {}".format(i), "Neighbourhood {}".format(j)],
-            )
-    response = await ds.client.get(
-        "/test_facet_size/neighbourhoods.json?_extra=suggested_facets"
-    )
-    data = response.json()
-    assert data["suggested_facets"] == [
-        {
-            "name": "neighbourhood",
-            "toggle_url": "http://localhost/test_facet_size/neighbourhoods.json?_extra=suggested_facets&_facet=neighbourhood",
-        }
-    ]
-    # Bump up _facet_size= to suggest city too
-    response2 = await ds.client.get(
-        "/test_facet_size/neighbourhoods.json?_facet_size=50&_extra=suggested_facets"
-    )
-    data2 = response2.json()
-    assert sorted(data2["suggested_facets"], key=lambda f: f["name"]) == [
-        {
-            "name": "city",
-            "toggle_url": "http://localhost/test_facet_size/neighbourhoods.json?_facet_size=50&_extra=suggested_facets&_facet=city",
-        },
-        {
-            "name": "neighbourhood",
-            "toggle_url": "http://localhost/test_facet_size/neighbourhoods.json?_facet_size=50&_extra=suggested_facets&_facet=neighbourhood",
-        },
-    ]
-    # Facet by city should return expected number of results
-    response3 = await ds.client.get(
-        "/test_facet_size/neighbourhoods.json?_facet_size=50&_facet=city"
-    )
-    data3 = response3.json()
-    assert len(data3["facet_results"]["results"]["city"]["results"]) == 50
-    # Reduce max_returned_rows and check that it's respected
-    ds._settings["max_returned_rows"] = 20
-    response4 = await ds.client.get(
-        "/test_facet_size/neighbourhoods.json?_facet_size=50&_facet=city"
-    )
-    data4 = response4.json()
-    assert len(data4["facet_results"]["results"]["city"]["results"]) == 20
-    # Test _facet_size=max
-    response5 = await ds.client.get(
-        "/test_facet_size/neighbourhoods.json?_facet_size=max&_facet=city"
-    )
-    data5 = response5.json()
-    assert len(data5["facet_results"]["results"]["city"]["results"]) == 20
-    # Now try messing with facet_size in the table metadata
-    orig_config = ds.config
-    try:
-        ds.config = {
-            "databases": {
-                "test_facet_size": {"tables": {"neighbourhoods": {"facet_size": 6}}}
-            }
-        }
-        response6 = await ds.client.get(
-            "/test_facet_size/neighbourhoods.json?_facet=city"
-        )
-        data6 = response6.json()
-        assert len(data6["facet_results"]["results"]["city"]["results"]) == 6
-        # Setting it to max bumps it up to 50 again
-        ds.config["databases"]["test_facet_size"]["tables"]["neighbourhoods"][
-            "facet_size"
-        ] = "max"
-        data7 = (
-            await ds.client.get("/test_facet_size/neighbourhoods.json?_facet=city")
-        ).json()
-        assert len(data7["facet_results"]["results"]["city"]["results"]) == 20
-    finally:
-        ds.config = orig_config
-
-
-def test_other_types_of_facet_in_metadata():
-    with make_app_client(
-        metadata={
-            "databases": {
-                "fixtures": {
-                    "tables": {
-                        "facetable": {
-                            "facets": ["state", {"array": "tags"}, {"date": "created"}]
-                        }
-                    }
-                }
-            }
-        }
-    ) as client:
-        response = client.get("/fixtures/facetable")
-        fragments = (
-            "state\n",
-            "tags (array)\n",
-            "created (date)\n",
-        )
-        for fragment in fragments:
-            assert fragment in response.text
-        # Verify they appear in the metadata-defined order
-        positions = [response.text.index(f) for f in fragments]
-        assert positions == sorted(
-            positions
-        ), "Facets should appear in metadata-defined order"
-
-
-def test_metadata_facet_ordering():
-    with make_app_client(
-        metadata={
-            "databases": {
-                "fixtures": {
-                    "tables": {
-                        "facetable": {
-                            "facets": ["state", {"array": "tags"}, {"date": "created"}]
-                        }
-                    }
-                }
-            }
-        }
-    ) as client:
-        # JSON response should have facets in the metadata-defined order
-        response = client.get("/fixtures/facetable.json?_extra=sorted_facet_results")
-        data = response.json
-        facet_names = [f["name"] for f in data["sorted_facet_results"]]
-        assert facet_names == ["state", "tags", "created"]
-
-        # With an additional request-based facet, metadata facets come first
-        # in their defined order, followed by request-based facets
-        response2 = client.get(
-            "/fixtures/facetable.json?_extra=sorted_facet_results&_facet=_city_id"
-        )
-        data2 = response2.json
-        facet_names2 = [f["name"] for f in data2["sorted_facet_results"]]
-        assert facet_names2 == ["state", "tags", "created", "_city_id"]
-
-
-@pytest.mark.asyncio
-async def test_conflicting_facet_names_json(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable.json?_facet=created&_facet_date=created"
-        "&_facet=tags&_facet_array=tags"
-    )
-    assert set(response.json()["facet_results"]["results"].keys()) == {
-        "created",
-        "tags",
-        "created_2",
-        "tags_2",
-    }
-
-
-@pytest.mark.asyncio
-async def test_facet_against_in_memory_database():
-    ds = Datasette()
-    db = ds.add_memory_database("mem")
-    await db.execute_write(
-        "create table t (id integer primary key, name text, name2 text)"
-    )
-    to_insert = [{"name": "one", "name2": "1"} for _ in range(800)] + [
-        {"name": "two", "name2": "2"} for _ in range(300)
-    ]
-    await db.execute_write_many(
-        "insert into t (name, name2) values (:name, :name2)", to_insert
-    )
-    response1 = await ds.client.get("/mem/t")
-    assert response1.status_code == 200
-    response2 = await ds.client.get("/mem/t?_facet=name&_facet=name2")
-    assert response2.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_facet_only_considers_first_x_rows():
-    # This test works by manually fiddling with Facet.suggest_consider
-    ds = Datasette()
-    original_suggest_consider = Facet.suggest_consider
-    try:
-        Facet.suggest_consider = 40
-        db = ds.add_memory_database("test_facet_only_x_rows")
-        await db.execute_write("create table t (id integer primary key, col text)")
-        # First 50 rows make it look like col and col_json should be faceted
-        to_insert = [{"col": "one" if i % 2 else "two"} for i in range(50)]
-        await db.execute_write_many("insert into t (col) values (:col)", to_insert)
-        # Next 50 break that assumption
-        to_insert2 = [{"col": f"x{i}"} for i in range(50)]
-        await db.execute_write_many("insert into t (col) values (:col)", to_insert2)
-        response = await ds.client.get(
-            "/test_facet_only_x_rows/t.json?_extra=suggested_facets"
-        )
-        data = response.json()
-        assert data["suggested_facets"] == [
-            {
-                "name": "col",
-                "toggle_url": "http://localhost/test_facet_only_x_rows/t.json?_extra=suggested_facets&_facet=col",
-            }
-        ]
-        # But if we set suggest_consider to 100 they are not suggested
-        Facet.suggest_consider = 100
-        response2 = await ds.client.get(
-            "/test_facet_only_x_rows/t.json?_extra=suggested_facets"
-        )
-        data2 = response2.json()
-        assert data2["suggested_facets"] == []
-    finally:
-        Facet.suggest_consider = original_suggest_consider
+    } == buckets
diff --git a/tests/test_fd_leak.py b/tests/test_fd_leak.py
deleted file mode 100644
index 926722a1..00000000
--- a/tests/test_fd_leak.py
+++ /dev/null
@@ -1,56 +0,0 @@
-"""
-Regression test for https://github.com/simonw/datasette/issues/2692 —
-confirm that creating and closing Datasette instances in a loop does not
-leak open file descriptors.
-
-Each Datasette() with is_temp_disk internal DB opens a temp file and a
-write thread with its own SQLite connection. Without Datasette.close()
-nothing unwinds this state, and a large pytest run exhausts the process
-FD limit.
-"""
-
-import asyncio
-import threading
-
-import pytest
-
-try:
-    import psutil
-except ImportError:  # pragma: no cover
-    psutil = None
-
-from datasette.app import Datasette
-
-
-def _count_open_files():
-    return len(psutil.Process().open_files())
-
-
-def _count_threads():
-    return threading.active_count()
-
-
-@pytest.mark.skipif(psutil is None, reason="psutil not installed")
-def test_close_releases_file_descriptors():
-    # Warm-up so Python/library caches don't skew the baseline
-    ds = Datasette(memory=True)
-    asyncio.run(ds.invoke_startup())
-    ds.close()
-
-    baseline_fds = _count_open_files()
-    baseline_threads = _count_threads()
-
-    for _ in range(50):
-        ds = Datasette(memory=True)
-        asyncio.run(ds.invoke_startup())
-        ds.close()
-
-    after_fds = _count_open_files()
-    after_threads = _count_threads()
-
-    assert (
-        after_fds - baseline_fds <= 2
-    ), f"Leaked FDs: baseline={baseline_fds}, after=50 iterations={after_fds}"
-    assert (
-        after_threads - baseline_threads <= 2
-    ), f"Leaked threads: baseline={baseline_threads}, after={after_threads}"
diff --git a/tests/test_filters.py b/tests/test_filters.py
index eda9e9a1..8598087f 100644
--- a/tests/test_filters.py
+++ b/tests/test_filters.py
@@ -1,5 +1,4 @@
-from datasette.filters import Filters, through_filters, where_filters, search_filters
-from datasette.utils.asgi import Request
+from datasette.filters import Filters
 import pytest
 
 
@@ -7,11 +6,6 @@ import pytest
     "args,expected_where,expected_params",
     [
         ((("name_english__contains", "foo"),), ['"name_english" like :p0'], ["%foo%"]),
-        (
-            (("name_english__notcontains", "foo"),),
-            ['"name_english" not like :p0'],
-            ["%foo%"],
-        ),
         (
             (("foo", "bar"), ("bar__contains", "baz")),
             ['"bar" like :p0', '"foo" = :p1'],
@@ -38,12 +32,6 @@ import pytest
             ['"foo" like :p0', '"foo" like :p1'],
             ["2%2", "3%3"],
         ),
-        # notlike:
-        (
-            (("foo__notlike", "2%2"),),
-            ['"foo" not like :p0'],
-            ["2%2"],
-        ),
         (
             (("foo__isnull", "1"), ("baz__isnull", "1"), ("bar__gt", "10")),
             ['"bar" > :p0', '"baz" is null', '"foo" is null'],
@@ -62,76 +50,12 @@ import pytest
         # Not in, and JSON array not in
         ((("foo__notin", "1,2,3"),), ["foo not in (:p0, :p1, :p2)"], ["1", "2", "3"]),
         ((("foo__notin", "[1,2,3]"),), ["foo not in (:p0, :p1, :p2)"], [1, 2, 3]),
-        # JSON arraycontains, arraynotcontains
-        (
-            (("Availability+Info__arraycontains", "yes"),),
-            [":p0 in (select value from json_each([table].[Availability+Info]))"],
-            ["yes"],
-        ),
-        (
-            (("Availability+Info__arraynotcontains", "yes"),),
-            [":p0 not in (select value from json_each([table].[Availability+Info]))"],
-            ["yes"],
-        ),
     ],
 )
 def test_build_where(args, expected_where, expected_params):
     f = Filters(sorted(args))
     sql_bits, actual_params = f.build_where_clauses("table")
     assert expected_where == sql_bits
-    assert {f"p{i}": param for i, param in enumerate(expected_params)} == actual_params
-
-
-@pytest.mark.asyncio
-async def test_through_filters_from_request(ds_client):
-    request = Request.fake(
-        '/?_through={"table":"roadside_attraction_characteristics","column":"characteristic_id","value":"1"}'
-    )
-    filter_args = await through_filters(
-        request=request,
-        datasette=ds_client.ds,
-        table="roadside_attractions",
-        database="fixtures",
-    )()
-    assert filter_args.where_clauses == [
-        "pk in (select attraction_id from roadside_attraction_characteristics where characteristic_id = :p0)"
-    ]
-    assert filter_args.params == {"p0": "1"}
-    assert filter_args.human_descriptions == [
-        'roadside_attraction_characteristics.characteristic_id = "1"'
-    ]
-    assert filter_args.extra_context == {}
-
-
-@pytest.mark.asyncio
-async def test_where_filters_from_request(ds_client):
-    await ds_client.ds.invoke_startup()
-    request = Request.fake("/?_where=pk+>+3")
-    filter_args = await where_filters(
-        request=request,
-        datasette=ds_client.ds,
-        database="fixtures",
-    )()
-    assert filter_args.where_clauses == ["pk > 3"]
-    assert filter_args.params == {}
-    assert filter_args.human_descriptions == []
-    assert filter_args.extra_context == {
-        "extra_wheres_for_ui": [{"text": "pk > 3", "remove_url": "/"}]
-    }
-
-
-@pytest.mark.asyncio
-async def test_search_filters_from_request(ds_client):
-    request = Request.fake("/?_search=bobcat")
-    filter_args = await search_filters(
-        request=request,
-        datasette=ds_client.ds,
-        database="fixtures",
-        table="searchable",
-    )()
-    assert filter_args.where_clauses == [
-        "rowid in (select rowid from searchable_fts where searchable_fts match escape_fts(:search))"
-    ]
-    assert filter_args.params == {"search": "bobcat"}
-    assert filter_args.human_descriptions == ['search matches "bobcat"']
-    assert filter_args.extra_context == {"supports_search": True, "search": "bobcat"}
+    assert {
+        "p{}".format(i): param for i, param in enumerate(expected_params)
+    } == actual_params
diff --git a/tests/test_fixtures.py b/tests/test_fixtures.py
deleted file mode 100644
index 45f9854b..00000000
--- a/tests/test_fixtures.py
+++ /dev/null
@@ -1,49 +0,0 @@
-from datasette.fixtures import (
-    populate_extra_database,
-    populate_fixture_database,
-    write_extra_database,
-    write_fixture_database,
-)
-from datasette.utils.sqlite import sqlite3
-
-
-def count(conn, table):
-    return conn.execute(f"select count(*) from [{table}]").fetchone()[0]
-
-
-def test_populate_fixture_database():
-    conn = sqlite3.connect(":memory:")
-    try:
-        populate_fixture_database(conn)
-        assert count(conn, "facetable") == 15
-        assert count(conn, "compound_three_primary_keys") == 1001
-        assert count(conn, "binary_data") == 3
-    finally:
-        conn.close()
-
-
-def test_write_fixture_database(tmp_path):
-    db_path = tmp_path / "fixtures.db"
-    write_fixture_database(db_path)
-    conn = sqlite3.connect(db_path)
-    try:
-        assert count(conn, "sortable") == 201
-    finally:
-        conn.close()
-
-
-def test_extra_database_helpers(tmp_path):
-    conn = sqlite3.connect(":memory:")
-    try:
-        populate_extra_database(conn)
-        assert count(conn, "searchable") == 2
-    finally:
-        conn.close()
-
-    db_path = tmp_path / "extra.db"
-    write_extra_database(db_path)
-    conn = sqlite3.connect(db_path)
-    try:
-        assert count(conn, "searchable") == 2
-    finally:
-        conn.close()
diff --git a/tests/test_html.py b/tests/test_html.py
index 22943300..823d7c9a 100644
--- a/tests/test_html.py
+++ b/tests/test_html.py
@@ -1,10 +1,12 @@
 from bs4 import BeautifulSoup as Soup
-from datasette.app import Datasette
-from datasette.utils import allowed_pragmas
-from .fixtures import make_app_client
-from .utils import assert_footer_links, inner_html
-import copy
-import hashlib
+from .fixtures import (  # noqa
+    app_client,
+    app_client_shorter_time_limit,
+    app_client_two_attached_databases,
+    app_client_with_hash,
+    make_app_client,
+    METADATA,
+)
 import json
 import pathlib
 import pytest
@@ -14,23 +16,21 @@ import urllib.parse
 
 def test_homepage(app_client_two_attached_databases):
     response = app_client_two_attached_databases.get("/")
-    assert response.status_code == 200
+    assert response.status == 200
     assert "text/html; charset=utf-8" == response.headers["content-type"]
-    # Should have a html lang="en" attribute
-    assert '' in response.text
-    soup = Soup(response.content, "html.parser")
+    soup = Soup(response.body, "html.parser")
     assert "Datasette Fixtures" == soup.find("h1").text
     assert (
-        "An example SQLite database demonstrating Datasette. Sign in as root user"
+        "An example SQLite database demonstrating Datasette"
         == soup.select(".metadata-description")[0].text.strip()
     )
     # Should be two attached databases
     assert [
-        {"href": "/extra+database", "text": "extra database"},
         {"href": "/fixtures", "text": "fixtures"},
+        {"href": "/extra database", "text": "extra database"},
     ] == [{"href": a["href"], "text": a.text.strip()} for a in soup.select("h2 a")]
-    # Database should show count text and attached tables
-    h2 = soup.select("h2")[0]
+    # The first attached database should show count text and attached tables
+    h2 = soup.select("h2")[1]
     assert "extra database" == h2.text.strip()
     counts_p, links_p = h2.find_all_next("p")[:2]
     assert (
@@ -38,276 +38,409 @@ def test_homepage(app_client_two_attached_databases):
     )
     # We should only show visible, not hidden tables here:
     table_links = [
-        {"href": a["href"], "text": a.text.strip()} for a in links_p.find_all("a")
+        {"href": a["href"], "text": a.text.strip()} for a in links_p.findAll("a")
     ]
     assert [
-        {"href": r"/extra+database/searchable", "text": "searchable"},
-        {"href": r"/extra+database/searchable_view", "text": "searchable_view"},
+        {"href": "/extra database/searchable", "text": "searchable"},
+        {"href": "/extra database/searchable_view", "text": "searchable_view"},
     ] == table_links
 
 
-@pytest.mark.asyncio
-@pytest.mark.parametrize("path", ("/", "/-/"))
-async def test_homepage_alternative_location(path, tmp_path_factory):
-    template_dir = tmp_path_factory.mktemp("templates")
-    (template_dir / "index.html").write_text("Custom homepage", "utf-8")
-    datasette = Datasette(template_dir=str(template_dir))
-    response = await datasette.client.get(path)
-    assert response.status_code == 200
-    html = response.text
-    if path == "/":
-        assert html == "Custom homepage"
-    else:
-        assert '' in html
+def test_http_head(app_client):
+    response = app_client.get("/", method="HEAD")
+    assert response.status == 200
 
 
-@pytest.mark.asyncio
-async def test_homepage_alternative_redirect(ds_client):
-    response = await ds_client.get("/-")
-    assert response.status_code == 301
-
-
-@pytest.mark.asyncio
-async def test_http_head(ds_client):
-    response = await ds_client.head("/")
-    assert response.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_homepage_options(ds_client):
-    response = await ds_client.options("/")
-    assert response.status_code == 200
-    assert response.text == "ok"
-
-
-@pytest.mark.asyncio
-async def test_favicon(ds_client):
-    response = await ds_client.get("/favicon.ico")
-    assert response.status_code == 200
-    assert response.headers["cache-control"] == "max-age=3600, public"
-    assert int(response.headers["content-length"]) > 100
-    assert response.headers["content-type"] == "image/png"
-
-
-@pytest.mark.asyncio
-async def test_static(ds_client):
-    response = await ds_client.get("/-/static/app2.css")
-    assert response.status_code == 404
-    response = await ds_client.get("/-/static/app.css")
-    assert response.status_code == 200
+def test_static(app_client):
+    response = app_client.get("/-/static/app2.css")
+    assert response.status == 404
+    response = app_client.get("/-/static/app.css")
+    assert response.status == 200
     assert "text/css" == response.headers["content-type"]
-    assert "etag" in response.headers
-    etag = response.headers.get("etag")
-    response = await ds_client.get("/-/static/app.css", headers={"if-none-match": etag})
-    assert response.status_code == 304
-
-
-@pytest.mark.asyncio
-async def test_static_hash_cache_control(ds_client):
-    hashed_url = ds_client.ds.static("app.css")
-    response = await ds_client.get(hashed_url)
-    assert response.status_code == 200
-    assert response.headers["cache-control"] == "max-age=31536000, immutable, public"
-
-    response = await ds_client.get(
-        hashed_url, headers={"if-none-match": response.headers["etag"]}
-    )
-    assert response.status_code == 304
-    assert response.headers["cache-control"] == "max-age=31536000, immutable, public"
-
-    response = await ds_client.get("/-/static/app.css?_hash=incorrect")
-    assert response.status_code == 200
-    assert "cache-control" not in response.headers
 
 
 def test_static_mounts():
-    with make_app_client(
+    for client in make_app_client(
         static_mounts=[("custom-static", str(pathlib.Path(__file__).parent))]
-    ) as client:
+    ):
         response = client.get("/custom-static/test_html.py")
-        assert response.status_code == 200
+        assert response.status == 200
         response = client.get("/custom-static/not_exists.py")
-        assert response.status_code == 404
+        assert response.status == 404
         response = client.get("/custom-static/../LICENSE")
-        assert response.status_code == 404
-
-
-def test_static_mounts_hash_cache_control():
-    mount_path = pathlib.Path(__file__).parent
-    with make_app_client(static_mounts=[("custom-static", str(mount_path))]) as client:
-        response = client.get(client.ds.static("test_html.py", mount="custom-static"))
-        assert response.status_code == 200
-        assert (
-            response.headers["cache-control"] == "max-age=31536000, immutable, public"
-        )
-
-        incorrect_hash = hashlib.sha256(b"incorrect").hexdigest()[:12]
-        response = client.get(
-            "/custom-static/test_html.py?_hash={}".format(incorrect_hash)
-        )
-        assert response.status_code == 200
-        assert "cache-control" not in response.headers
+        assert response.status == 404
 
 
 def test_memory_database_page():
-    with make_app_client(memory=True) as client:
-        response = client.get("/_memory")
-        assert response.status_code == 200
+    for client in make_app_client(memory=True):
+        response = client.get("/:memory:")
+        assert response.status == 200
 
 
-def test_not_allowed_methods():
-    with make_app_client(memory=True) as client:
-        for method in ("post", "put", "patch", "delete"):
-            response = client.request(path="/_memory", method=method.upper())
-            assert response.status_code == 405
+def test_database_page_redirects_with_url_hash(app_client_with_hash):
+    response = app_client_with_hash.get("/fixtures", allow_redirects=False)
+    assert response.status == 302
+    response = app_client_with_hash.get("/fixtures")
+    assert "fixtures" in response.text
 
 
-@pytest.mark.asyncio
-async def test_database_page(ds_client):
-    response = await ds_client.get("/fixtures")
-    soup = Soup(response.text, "html.parser")
-    # Should have a ',
-    ]
-    for expected_html_fragment in expected_html_fragments:
-        assert expected_html_fragment in response.text
+    expected_html_fragment = """
+        sql_time_limit_ms
+    """.strip()
+    assert expected_html_fragment in response.text
+
+
+def test_row_redirects_with_url_hash(app_client_with_hash):
+    response = app_client_with_hash.get(
+        "/fixtures/simple_primary_key/1", allow_redirects=False
+    )
+    assert response.status == 302
+    assert response.headers["Location"].endswith("/1")
+    response = app_client_with_hash.get("/fixtures/simple_primary_key/1")
+    assert response.status == 200
+
+
+def test_row_strange_table_name_with_url_hash(app_client_with_hash):
+    response = app_client_with_hash.get(
+        "/fixtures/table%2Fwith%2Fslashes.csv/3", allow_redirects=False
+    )
+    assert response.status == 302
+    assert response.headers["Location"].endswith("/table%2Fwith%2Fslashes.csv/3")
+    response = app_client_with_hash.get("/fixtures/table%2Fwith%2Fslashes.csv/3")
+    assert response.status == 200
+
+
+@pytest.mark.parametrize(
+    "path,expected_definition_sql",
+    [
+        (
+            "/fixtures/facet_cities",
+            """
+CREATE TABLE facet_cities (
+    id integer primary key,
+    name text
+);
+        """.strip(),
+        ),
+        (
+            "/fixtures/compound_three_primary_keys",
+            """
+CREATE TABLE compound_three_primary_keys (
+  pk1 varchar(30),
+  pk2 varchar(30),
+  pk3 varchar(30),
+  content text,
+  PRIMARY KEY (pk1, pk2, pk3)
+);
+CREATE INDEX idx_compound_three_primary_keys_content ON compound_three_primary_keys(content);
+            """.strip(),
+        ),
+    ],
+)
+def test_definition_sql(path, expected_definition_sql, app_client):
+    response = app_client.get(path)
+    pre = Soup(response.body, "html.parser").select_one("pre.wrapped-sql")
+    assert expected_definition_sql == pre.string
+
+
+def test_table_cell_truncation():
+    for client in make_app_client(config={"truncate_cells_html": 5}):
+        response = client.get("/fixtures/facetable")
+        assert response.status == 200
+        table = Soup(response.body, "html.parser").find("table")
+        assert table["class"] == ["rows-and-columns"]
+        assert [
+            "Missi…",
+            "Dogpa…",
+            "SOMA",
+            "Tende…",
+            "Berna…",
+            "Hayes…",
+            "Holly…",
+            "Downt…",
+            "Los F…",
+            "Korea…",
+            "Downt…",
+            "Greek…",
+            "Corkt…",
+            "Mexic…",
+            "Arcad…",
+        ] == [td.string for td in table.findAll("td", {"class": "col-neighborhood"})]
 
 
 def test_row_page_does_not_truncate():
-    with make_app_client(settings={"truncate_cells_html": 5}) as client:
+    for client in make_app_client(config={"truncate_cells_html": 5}):
         response = client.get("/fixtures/facetable/1")
-        assert response.status_code == 200
-        table = Soup(response.content, "html.parser").find("table")
+        assert response.status == 200
+        table = Soup(response.body, "html.parser").find("table")
         assert table["class"] == ["rows-and-columns"]
         assert ["Mission"] == [
-            td.string
-            for td in table.find_all("td", {"class": "col-neighborhood-b352a7"})
+            td.string for td in table.findAll("td", {"class": "col-neighborhood"})
         ]
 
 
-def test_query_page_truncates():
-    with make_app_client(settings={"truncate_cells_html": 5}) as client:
-        response = client.get(
-            "/fixtures/-/query?"
-            + urllib.parse.urlencode(
-                {
-                    "sql": "select 'this is longer than 5' as a, 'https://example.com/' as b"
-                }
-            )
+def test_add_filter_redirects(app_client):
+    filter_args = urllib.parse.urlencode(
+        {"_filter_column": "content", "_filter_op": "startswith", "_filter_value": "x"}
+    )
+    path_base = "/fixtures/simple_primary_key"
+    path = path_base + "?" + filter_args
+    response = app_client.get(path, allow_redirects=False)
+    assert response.status == 302
+    assert response.headers["Location"].endswith("?content__startswith=x")
+
+    # Adding a redirect to an existing querystring:
+    path = path_base + "?foo=bar&" + filter_args
+    response = app_client.get(path, allow_redirects=False)
+    assert response.status == 302
+    assert response.headers["Location"].endswith("?foo=bar&content__startswith=x")
+
+    # Test that op with a __x suffix overrides the filter value
+    path = (
+        path_base
+        + "?"
+        + urllib.parse.urlencode(
+            {
+                "_filter_column": "content",
+                "_filter_op": "isnull__5",
+                "_filter_value": "x",
+            }
         )
-        assert response.status_code == 200
-        table = Soup(response.content, "html.parser").find("table")
-        tds = table.find_all("td")
-        assert [str(td) for td in tds] == [
-            '
    ',
-            '',
-        ]
+    )
+    response = app_client.get(path, allow_redirects=False)
+    assert response.status == 302
+    assert response.headers["Location"].endswith("?content__isnull=5")
 
 
-@pytest.mark.asyncio
-async def test_query_page_with_no_sql(ds_client):
-    # https://github.com/simonw/datasette/issues/2743
-    response = await ds_client.get("/fixtures/-/query")
-    assert response.status_code == 200
-    assert '" in html
-    assert "0 results" not in html
-
-
 def test_config_template_debug_on():
-    with make_app_client(settings={"template_debug": True}) as client:
+    for client in make_app_client(config={"template_debug": True}):
         response = client.get("/fixtures/facetable?_context=1")
-        assert response.status_code == 200
+        assert response.status == 200
         assert response.text.startswith("
    {")
 
 
-@pytest.mark.asyncio
-async def test_config_template_debug_off(ds_client):
-    response = await ds_client.get("/fixtures/facetable?_context=1")
-    assert response.status_code == 200
+def test_config_template_debug_off(app_client):
+    response = app_client.get("/fixtures/facetable?_context=1")
+    assert response.status == 200
     assert not response.text.startswith("
    {")
-
-
-def test_debug_context_includes_extra_template_vars():
-    # https://github.com/simonw/datasette/issues/693
-    with make_app_client(settings={"template_debug": True}) as client:
-        response = client.get("/fixtures/facetable?_context=1")
-        # scope_path is added by PLUGIN1
-        assert "scope_path" in response.text
-
-
-@pytest.mark.parametrize(
-    "path",
-    [
-        "/",
-        "/fixtures",
-        "/fixtures/compound_three_primary_keys",
-        "/fixtures/compound_three_primary_keys/a,a,a",
-        "/fixtures/paginated_view",
-        "/fixtures/facetable",
-        "/fixtures/facetable?_facet=state",
-        "/fixtures/-/query?sql=select+1",
-        "/-/api",
-        "/-/patterns",
-    ],
-)
-@pytest.mark.parametrize("use_prefix", (True, False))
-def test_base_url_config(app_client_base_url_prefix, path, use_prefix):
-    client = app_client_base_url_prefix
-    path_to_get = path
-    if use_prefix:
-        path_to_get = "/prefix/" + path.lstrip("/")
-    response = client.get(path_to_get)
-    soup = Soup(response.content, "html.parser")
-    for form in soup.select("form"):
-        action = form.get("action")
-        if action is None:
-            assert form.get("method") == "dialog", json.dumps(
-                {
-                    "path": path,
-                    "path_to_get": path_to_get,
-                    "form": str(form),
-                },
-                indent=4,
-                default=repr,
-            )
-            continue
-        assert action.startswith("/prefix"), json.dumps(
-            {
-                "path": path,
-                "path_to_get": path_to_get,
-                "action": action,
-                "form": str(form),
-            },
-            indent=4,
-            default=repr,
-        )
-    for el in soup.find_all(["a", "link", "script"]):
-        if "href" in el.attrs:
-            href = el["href"]
-        elif "src" in el.attrs:
-            href = el["src"]
-        else:
-            continue  # Could be a 
-        if (
-            not href.startswith("#")
-            and href
-            not in {
-                "https://datasette.io/",
-                "https://github.com/simonw/datasette",
-                "https://github.com/simonw/datasette/blob/main/LICENSE",
-                "https://github.com/simonw/datasette/blob/main/tests/fixtures.py",
-                "/login-as-root",  # Only used for the latest.datasette.io demo
-            }
-            and not href.startswith("https://plugin-example.datasette.io/")
-        ):
-            # If this has been made absolute it may start http://localhost/
-            if href.startswith("http://localhost/"):
-                href = href[len("http://localhost") :]
-            elif href.startswith(("http://", "https://")):
-                continue
-            assert href.startswith("/prefix/"), json.dumps(
-                {
-                    "path": path,
-                    "path_to_get": path_to_get,
-                    "href_or_src": href,
-                    "element_parent": str(el.parent),
-                },
-                indent=4,
-                default=repr,
-            )
-    for el in soup.find_all("navigation-search"):
-        assert el["url"] == "/prefix/-/jump", json.dumps(
-            {
-                "path": path,
-                "path_to_get": path_to_get,
-                "url": el["url"],
-                "element": str(el),
-            },
-            indent=4,
-            default=repr,
-        )
-
-
-def test_base_url_affects_filter_redirects(app_client_base_url_prefix):
-    path = "/fixtures/binary_data?_filter_column=rowid&_filter_op=exact&_filter_value=1&_sort=rowid"
-    response = app_client_base_url_prefix.get(path)
-    assert response.status_code == 302
-    assert (
-        response.headers["location"]
-        == "/prefix/fixtures/binary_data?_sort=rowid&rowid__exact=1"
-    )
-
-
-def test_base_url_affects_database_sql_redirect(app_client_base_url_prefix):
-    response = app_client_base_url_prefix.get(
-        "/prefix/fixtures?sql=select+1", follow_redirects=False
-    )
-    assert response.status_code == 302
-    assert response.headers["location"] == "/prefix/fixtures/-/query?sql=select+1"
-
-
-def test_base_url_affects_permanent_redirects():
-    with make_app_client(memory=True, settings={"base_url": "/prefix/"}) as client:
-        response = client.get("/prefix/-", follow_redirects=False)
-        assert response.status_code == 301
-        assert response.headers["location"] == "/prefix/-/"
-
-        response2 = client.get("/prefix/:memory:", follow_redirects=False)
-        assert response2.status_code == 301
-        assert response2.headers["location"] == "/prefix/_memory"
-
-
-def test_base_url_affects_metadata_extra_css_urls(app_client_base_url_prefix):
-    html = app_client_base_url_prefix.get("/").text
-    assert '' in html
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected",
-    [
-        (
-            "/fixtures/neighborhood_search",
-            "/fixtures/-/query?sql=%0Aselect+_neighborhood%2C+facet_cities.name%2C+state%0Afrom+facetable%0A++++join+facet_cities%0A++++++++on+facetable._city_id+%3D+facet_cities.id%0Awhere+_neighborhood+like+%27%25%27+%7C%7C+%3Atext+%7C%7C+%27%25%27%0Aorder+by+_neighborhood%3B%0A&text=",
-        ),
-        (
-            "/fixtures/neighborhood_search?text=ber",
-            "/fixtures/-/query?sql=%0Aselect+_neighborhood%2C+facet_cities.name%2C+state%0Afrom+facetable%0A++++join+facet_cities%0A++++++++on+facetable._city_id+%3D+facet_cities.id%0Awhere+_neighborhood+like+%27%25%27+%7C%7C+%3Atext+%7C%7C+%27%25%27%0Aorder+by+_neighborhood%3B%0A&text=ber",
-        ),
-        ("/fixtures/pragma_cache_size", None),
-        (
-            # /fixtures/𝐜𝐢𝐭𝐢𝐞𝐬
-            "/fixtures/~F0~9D~90~9C~F0~9D~90~A2~F0~9D~90~AD~F0~9D~90~A2~F0~9D~90~9E~F0~9D~90~AC",
-            "/fixtures/-/query?sql=select+id%2C+name+from+facet_cities+order+by+id+limit+1%3B",
-        ),
-        ("/fixtures/magic_parameters", None),
-    ],
-)
-async def test_edit_sql_link_on_stored_queries(ds_client, path, expected):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    expected_link = f'Edit SQL'
-    if expected:
-        assert expected_link in response.text
-    else:
-        assert "Edit SQL" not in response.text
-
-
-@pytest.mark.parametrize(
-    "has_permission",
-    [
-        pytest.param(
-            True,
-        ),
-        False,
-    ],
-)
-def test_edit_sql_link_not_shown_if_user_lacks_permission(has_permission):
-    with make_app_client(
-        config={
-            "allow_sql": None if has_permission else {"id": "not-you"},
-            "databases": {"fixtures": {"queries": {"simple": "select 1 + 1"}}},
-        }
-    ) as client:
-        response = client.get("/fixtures/simple")
-        if has_permission:
-            assert "Edit SQL" in response.text
-        else:
-            assert "Edit SQL" not in response.text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "actor_id,should_have_links,should_not_have_links",
-    [
-        (None, None, None),
-        ("test", None, ["/-/permissions"]),
-        ("root", None, ["/-/permissions", "/-/allow-debug"]),
-    ],
-)
-async def test_navigation_menu_links(
-    ds_client, actor_id, should_have_links, should_not_have_links
-):
-    # Enable root user if testing with root actor
-    if actor_id == "root":
-        ds_client.ds.root_enabled = True
-    kwargs = {}
-    if actor_id:
-        kwargs["actor"] = {"id": actor_id}
-    html = (await ds_client.get("/", **kwargs)).text
-    soup = Soup(html, "html.parser")
-    details = soup.find("nav").find("details", {"class": "nav-menu"})
-    assert details is not None
-    search_button = details.find("button", {"data-navigation-search-open": True})
-    assert search_button is not None
-    assert search_button.text.strip() == "Jump to... /"
-    assert search_button.find("kbd", {"class": "keyboard-shortcut"}).text == "/"
-    assert search_button.find("kbd")["aria-hidden"] == "true"
-    assert (
-        search_button.find("kbd")["title"]
-        == "Keyboard shortcut: press / to open Jump to"
-    )
-    navigation_search_script = soup.find(
-        "script", {"src": re.compile(r"navigation-search\.js")}
-    )
-    assert navigation_search_script["src"] == ds_client.ds.static(
-        "navigation-search.js"
-    )
-    assert details.find("li").find("button") == search_button
-    if not actor_id:
-        # The app menu is always visible, but anonymous users do not see logout
-        # or debug links.
-        assert details.find("form") is None
-        return
-    # They are logged in: should show a menu
-    assert details is not None
-    # And a logout form
-    assert details.find("form") is not None
-    if should_have_links:
-        for link in should_have_links:
-            assert (
-                details.find("a", {"href": link}) is not None
-            ), f"{link} expected but missing from nav menu"
-
-    if should_not_have_links:
-        for link in should_not_have_links:
-            assert (
-                details.find("a", {"href": link}) is None
-            ), f"{link} found but should not have been in nav menu"
-
-
-@pytest.mark.asyncio
-async def test_trace_correctly_escaped(ds_client):
-    response = await ds_client.get("/fixtures/-/query?sql=select+'
    Hello'&_trace=1")
-    assert "select '
    Hello" not in response.text
-    assert "select '<h1>Hello" in response.text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected",
-    (
-        # Instance index page
-        ("/", "http://localhost/.json"),
-        # Table page
-        ("/fixtures/facetable", "http://localhost/fixtures/facetable.json"),
-        (
-            "/fixtures/table~2Fwith~2Fslashes~2Ecsv",
-            "http://localhost/fixtures/table~2Fwith~2Fslashes~2Ecsv.json",
-        ),
-        # Row page
-        (
-            "/fixtures/no_primary_key/1",
-            "http://localhost/fixtures/no_primary_key/1.json",
-        ),
-        # Database index page
-        (
-            "/fixtures",
-            "http://localhost/fixtures.json",
-        ),
-        # Custom query page
-        (
-            "/fixtures/-/query?sql=select+*+from+facetable",
-            "http://localhost/fixtures/-/query.json?sql=select+*+from+facetable",
-        ),
-        # Stored query page
-        (
-            "/fixtures/neighborhood_search?text=town",
-            "http://localhost/fixtures/neighborhood_search.json?text=town",
-        ),
-        # /-/ pages
-        (
-            "/-/plugins",
-            "http://localhost/-/plugins.json",
-        ),
-    ),
-)
-async def test_alternate_url_json(ds_client, path, expected):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    link = response.headers["link"]
-    assert link == '<{}>; rel="alternate"; type="application/json+datasette"'.format(
-        expected
-    )
-    assert (
-        ''.format(
-            expected
-        )
-        in response.text
-    )
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path",
-    ("/-/patterns", "/-/messages", "/-/allow-debug", "/fixtures.db"),
-)
-async def test_no_alternate_url_json(ds_client, path):
-    response = await ds_client.get(path)
-    assert "link" not in response.headers
-    assert (
-        'Name" in response.text
-        assert "view-instance" in response.text
-        assert "view-database" in response.text
-    finally:
-        ds_client.ds.root_enabled = original_root_enabled
-
-
-@pytest.mark.asyncio
-async def test_actions_page_does_not_display_none_string(ds_client):
-    """Ensure the Resource column doesn't display the string 'None' for null values."""
-    # https://github.com/simonw/datasette/issues/2599
-    original_root_enabled = ds_client.ds.root_enabled
-    try:
-        ds_client.ds.root_enabled = True
-        response = await ds_client.get("/-/actions", actor={"id": "root"})
-        assert response.status_code == 200
-        assert "None" not in response.text
-    finally:
-        ds_client.ds.root_enabled = original_root_enabled
-
-
-@pytest.mark.asyncio
-async def test_permission_debug_tabs_with_query_string(ds_client):
-    """Test that navigation tabs persist query strings across Check, Allowed, and Rules pages"""
-    original_root_enabled = ds_client.ds.root_enabled
-    try:
-        ds_client.ds.root_enabled = True
-        actor = {"id": "root"}
-
-        # Test /-/allowed with query string
-        response = await ds_client.get(
-            "/-/allowed?action=view-table&page_size=50", actor=actor
-        )
-        assert response.status_code == 200
-        # Check that Rules and Check tabs have the query string
-        assert 'href="/-/rules?action=view-table&page_size=50"' in response.text
-        assert 'href="/-/check?action=view-table&page_size=50"' in response.text
-        # Playground and Actions should not have query string
-        assert 'href="/-/permissions"' in response.text
-        assert 'href="/-/actions"' in response.text
-
-        # Test /-/rules with query string
-        response = await ds_client.get(
-            "/-/rules?action=view-database&parent=test", actor=actor
-        )
-        assert response.status_code == 200
-        # Check that Allowed and Check tabs have the query string
-        assert 'href="/-/allowed?action=view-database&parent=test"' in response.text
-        assert 'href="/-/check?action=view-database&parent=test"' in response.text
-
-        # Test /-/check with query string
-        response = await ds_client.get("/-/check?action=execute-sql", actor=actor)
-        assert response.status_code == 200
-        # Check that Allowed and Rules tabs have the query string
-        assert 'href="/-/allowed?action=execute-sql"' in response.text
-        assert 'href="/-/rules?action=execute-sql"' in response.text
-    finally:
-        ds_client.ds.root_enabled = original_root_enabled
diff --git a/tests/test_internal_db.py b/tests/test_internal_db.py
deleted file mode 100644
index 26d63a92..00000000
--- a/tests/test_internal_db.py
+++ /dev/null
@@ -1,234 +0,0 @@
-import pytest
-import sqlite_utils
-
-
-# ensure refresh_schemas() gets called before interacting with internal_db
-async def ensure_internal(ds_client):
-    await ds_client.get("/fixtures.json?sql=select+1")
-    return ds_client.ds.get_internal_database()
-
-
-@pytest.mark.asyncio
-async def test_internal_databases(ds_client):
-    internal_db = await ensure_internal(ds_client)
-    databases = await internal_db.execute("select * from catalog_databases")
-    assert len(databases) == 1
-    assert databases.rows[0]["database_name"] == "fixtures"
-
-
-@pytest.mark.asyncio
-async def test_internal_tables(ds_client):
-    internal_db = await ensure_internal(ds_client)
-    tables = await internal_db.execute("select * from catalog_tables")
-    assert len(tables) > 5
-    table = tables.rows[0]
-    assert set(table.keys()) == {"rootpage", "table_name", "database_name", "sql"}
-
-
-@pytest.mark.asyncio
-async def test_internal_views(ds_client):
-    internal_db = await ensure_internal(ds_client)
-    views = await internal_db.execute("select * from catalog_views")
-    assert len(views) >= 4
-    view = views.rows[0]
-    assert set(view.keys()) == {"rootpage", "view_name", "database_name", "sql"}
-
-
-@pytest.mark.asyncio
-async def test_internal_indexes(ds_client):
-    internal_db = await ensure_internal(ds_client)
-    indexes = await internal_db.execute("select * from catalog_indexes")
-    assert len(indexes) > 5
-    index = indexes.rows[0]
-    assert set(index.keys()) == {
-        "partial",
-        "name",
-        "table_name",
-        "unique",
-        "seq",
-        "database_name",
-        "origin",
-    }
-
-
-@pytest.mark.asyncio
-async def test_internal_foreign_keys(ds_client):
-    internal_db = await ensure_internal(ds_client)
-    foreign_keys = await internal_db.execute("select * from catalog_foreign_keys")
-    assert len(foreign_keys) > 5
-    foreign_key = foreign_keys.rows[0]
-    assert set(foreign_key.keys()) == {
-        "table",
-        "seq",
-        "on_update",
-        "on_delete",
-        "to",
-        "id",
-        "match",
-        "database_name",
-        "table_name",
-        "from",
-    }
-
-
-@pytest.mark.asyncio
-async def test_internal_foreign_key_references(ds_client):
-    internal_db = await ensure_internal(ds_client)
-
-    def inner(conn):
-        db = sqlite_utils.Database(conn)
-        table_names = db.table_names()
-        for table in db.tables:
-            for fk in table.foreign_keys:
-                other_table = fk.other_table
-                other_column = fk.other_column
-                message = 'Column "{}.{}" references other column "{}.{}" which does not exist'.format(
-                    table.name, fk.column, other_table, other_column
-                )
-                assert other_table in table_names, message + " (bad table)"
-                assert other_column in db[other_table].columns_dict, (
-                    message + " (bad column)"
-                )
-
-    await internal_db.execute_fn(inner)
-
-
-@pytest.mark.asyncio
-async def test_stale_catalog_entry_database_fix(tmp_path):
-    """
-    Test for https://github.com/simonw/datasette/issues/2605
-
-    When the internal database persists across restarts and has entries in
-    catalog_databases for databases that no longer exist, accessing the
-    index page should not cause a 500 error (KeyError).
-    """
-    from datasette.app import Datasette
-
-    internal_db_path = str(tmp_path / "internal.db")
-    data_db_path = str(tmp_path / "data.db")
-
-    # Create a data database file
-    import sqlite3
-
-    conn = sqlite3.connect(data_db_path)
-    conn.execute("CREATE TABLE test_table (id INTEGER PRIMARY KEY)")
-    conn.close()
-
-    # First Datasette instance: with the data database and persistent internal db
-    ds1 = Datasette(files=[data_db_path], internal=internal_db_path)
-    await ds1.invoke_startup()
-
-    # Access the index page to populate the internal catalog
-    response = await ds1.client.get("/")
-    assert "data" in ds1.databases
-    assert response.status_code == 200
-
-    # Second Datasette instance: reusing internal.db but WITHOUT the data database
-    # This simulates restarting Datasette after removing a database
-    ds2 = Datasette(internal=internal_db_path)
-    await ds2.invoke_startup()
-
-    # The database is not in ds2.databases
-    assert "data" not in ds2.databases
-
-    # Accessing the index page should NOT cause a 500 error
-    # This is the bug: it currently raises KeyError when trying to
-    # access ds.databases["data"] for the stale catalog entry
-    response = await ds2.client.get("/")
-    assert response.status_code == 200, (
-        f"Index page should return 200, not {response.status_code}. "
-        "This fails due to stale catalog entries causing KeyError."
-    )
-
-
-@pytest.mark.asyncio
-async def test_stale_catalog_child_entries_removed_for_missing_database(tmp_path):
-    from datasette.app import Datasette
-
-    import sqlite3
-
-    internal_db_path = str(tmp_path / "internal.db")
-    alpha_db_path = str(tmp_path / "alpha.db")
-    bravo_db_path = str(tmp_path / "bravo.db")
-
-    for db_path, table_name in (
-        (alpha_db_path, "alpha_table"),
-        (bravo_db_path, "bravo_table"),
-        (bravo_db_path, "bravo_table_2"),
-    ):
-        conn = sqlite3.connect(db_path)
-        conn.execute(f"CREATE TABLE {table_name} (id INTEGER PRIMARY KEY)")
-        conn.close()
-
-    ds1 = Datasette(files=[alpha_db_path, bravo_db_path], internal=internal_db_path)
-    await ds1.invoke_startup()
-
-    catalog_tables = await ds1.get_internal_database().execute("""
-        SELECT database_name, table_name
-        FROM catalog_tables
-        ORDER BY database_name, table_name
-        """)
-    assert [tuple(row) for row in catalog_tables.rows] == [
-        ("alpha", "alpha_table"),
-        ("bravo", "bravo_table"),
-        ("bravo", "bravo_table_2"),
-    ]
-
-    ds1.close()
-
-    ds2 = Datasette(files=[alpha_db_path], internal=internal_db_path)
-    await ds2.invoke_startup()
-
-    catalog_tables = await ds2.get_internal_database().execute("""
-        SELECT database_name, table_name
-        FROM catalog_tables
-        ORDER BY database_name, table_name
-        """)
-    assert [tuple(row) for row in catalog_tables.rows] == [("alpha", "alpha_table")]
-
-    ds2.close()
-
-
-@pytest.mark.asyncio
-async def test_orphan_stale_catalog_child_entries_removed(tmp_path):
-    from datasette.app import Datasette
-
-    import sqlite3
-
-    internal_db_path = str(tmp_path / "internal.db")
-    alpha_db_path = str(tmp_path / "alpha.db")
-
-    conn = sqlite3.connect(alpha_db_path)
-    conn.execute("CREATE TABLE alpha_table (id INTEGER PRIMARY KEY)")
-    conn.close()
-
-    ds1 = Datasette(files=[alpha_db_path], internal=internal_db_path)
-    await ds1.invoke_startup()
-    ds1.close()
-
-    # Simulate the state left behind by old cleanup code: the parent database
-    # row was deleted, but child catalog rows survived because foreign key
-    # enforcement is not enabled for these internal catalog writes.
-    conn = sqlite3.connect(internal_db_path)
-    conn.execute("DELETE FROM catalog_databases WHERE database_name = 'fixtures'")
-    conn.execute("""
-        INSERT INTO catalog_tables (database_name, table_name, rootpage, sql)
-        VALUES ('fixtures', 'stale_table', 1, 'CREATE TABLE stale_table (id INTEGER)')
-    """)
-    conn.commit()
-    conn.close()
-
-    ds2 = Datasette(files=[alpha_db_path], internal=internal_db_path)
-    await ds2.invoke_startup()
-
-    catalog_tables = await ds2.get_internal_database().execute("""
-        SELECT database_name, table_name
-        FROM catalog_tables
-        ORDER BY database_name, table_name
-        """)
-    assert [tuple(row) for row in catalog_tables.rows] == [("alpha", "alpha_table")]
-
-    response = await ds2.client.get("/-/jump.json")
-    assert response.status_code == 200
-
-    ds2.close()
diff --git a/tests/test_internals_database.py b/tests/test_internals_database.py
deleted file mode 100644
index bad4e8ca..00000000
--- a/tests/test_internals_database.py
+++ /dev/null
@@ -1,1180 +0,0 @@
-"""
-Tests for the datasette.database.Database class
-"""
-
-import asyncio
-from types import SimpleNamespace
-from datasette.app import Datasette
-from datasette.database import Database, ExecuteWriteResult, Results, MultipleValues
-from datasette.database import DatasetteClosedError
-from datasette.database import _deliver_write_result
-from datasette.utils.sqlite import sqlite3, supports_returning
-from datasette.utils import Column
-import pytest
-import time
-import uuid
-
-requires_sqlite_returning = pytest.mark.skipif(
-    not supports_returning(), reason="SQLite does not support RETURNING"
-)
-
-
-@pytest.fixture
-def db(app_client):
-    return app_client.ds.get_database("fixtures")
-
-
-@pytest.mark.asyncio
-async def test_execute(db):
-    results = await db.execute("select * from facetable")
-    assert isinstance(results, Results)
-    assert 15 == len(results)
-
-
-@pytest.mark.asyncio
-async def test_results_first(db):
-    assert None is (await db.execute("select * from facetable where pk > 100")).first()
-    results = await db.execute("select * from facetable")
-    row = results.first()
-    assert isinstance(row, sqlite3.Row)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("expected", (True, False))
-async def test_results_bool(db, expected):
-    where = "" if expected else "where pk = 0"
-    results = await db.execute("select * from facetable {}".format(where))
-    assert bool(results) is expected
-
-
-@pytest.mark.asyncio
-async def test_results_dicts(db):
-    results = await db.execute("select pk, name from roadside_attractions")
-    assert results.dicts() == [
-        {"pk": 1, "name": "The Mystery Spot"},
-        {"pk": 2, "name": "Winchester Mystery House"},
-        {"pk": 3, "name": "Burlingame Museum of PEZ Memorabilia"},
-        {"pk": 4, "name": "Bigfoot Discovery Museum"},
-    ]
-
-
-@pytest.mark.parametrize(
-    "query,expected",
-    [
-        ("select 1", 1),
-        ("select 1, 2", None),
-        ("select 1 as num union select 2 as num", None),
-    ],
-)
-@pytest.mark.asyncio
-async def test_results_single_value(db, query, expected):
-    results = await db.execute(query)
-    if expected:
-        assert expected == results.single_value()
-    else:
-        with pytest.raises(MultipleValues):
-            results.single_value()
-
-
-@pytest.mark.asyncio
-async def test_execute_fn(db):
-    def get_1_plus_1(conn):
-        return conn.execute("select 1 + 1").fetchall()[0][0]
-
-    assert 2 == await db.execute_fn(get_1_plus_1)
-
-
-@pytest.mark.asyncio
-async def test_execute_fn_transaction_false():
-    datasette = Datasette(memory=True)
-    db = datasette.add_memory_database("test_execute_fn_transaction_false")
-
-    def run(conn):
-        try:
-            with conn:
-                conn.execute("create table foo (id integer primary key)")
-                conn.execute("insert into foo (id) values (44)")
-                # Table should exist
-                assert (
-                    conn.execute(
-                        'select count(*) from sqlite_master where name = "foo"'
-                    ).fetchone()[0]
-                    == 1
-                )
-                assert conn.execute("select id from foo").fetchall()[0][0] == 44
-                raise ValueError("Cancel commit")
-        except ValueError:
-            pass
-        # Row should NOT exist
-        assert conn.execute("select count(*) from foo").fetchone()[0] == 0
-
-    await db.execute_write_fn(run, transaction=False)
-
-
-@pytest.mark.parametrize(
-    "tables,exists",
-    (
-        (["facetable", "searchable", "tags", "searchable_tags"], True),
-        (["foo", "bar", "baz"], False),
-    ),
-)
-@pytest.mark.asyncio
-async def test_table_exists(db, tables, exists):
-    for table in tables:
-        actual = await db.table_exists(table)
-        assert exists == actual
-
-
-@pytest.mark.parametrize(
-    "view,expected",
-    (
-        ("not_a_view", False),
-        ("paginated_view", True),
-    ),
-)
-@pytest.mark.asyncio
-async def test_view_exists(db, view, expected):
-    actual = await db.view_exists(view)
-    assert actual == expected
-
-
-@pytest.mark.parametrize(
-    "table,expected",
-    (
-        (
-            "facetable",
-            [
-                "pk",
-                "created",
-                "planet_int",
-                "on_earth",
-                "state",
-                "_city_id",
-                "_neighborhood",
-                "tags",
-                "complex_array",
-                "distinct_some_null",
-                "n",
-            ],
-        ),
-        (
-            "sortable",
-            [
-                "pk1",
-                "pk2",
-                "content",
-                "sortable",
-                "sortable_with_nulls",
-                "sortable_with_nulls_2",
-                "text",
-            ],
-        ),
-    ),
-)
-@pytest.mark.asyncio
-async def test_table_columns(db, table, expected):
-    columns = await db.table_columns(table)
-    assert columns == expected
-
-
-@pytest.mark.parametrize(
-    "table,expected",
-    (
-        (
-            "facetable",
-            [
-                Column(
-                    cid=0,
-                    name="pk",
-                    type="integer",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=1,
-                    hidden=0,
-                ),
-                Column(
-                    cid=1,
-                    name="created",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=2,
-                    name="planet_int",
-                    type="integer",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=3,
-                    name="on_earth",
-                    type="integer",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=4,
-                    name="state",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=5,
-                    name="_city_id",
-                    type="integer",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=6,
-                    name="_neighborhood",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=7,
-                    name="tags",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=8,
-                    name="complex_array",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=9,
-                    name="distinct_some_null",
-                    type="",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=10,
-                    name="n",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-            ],
-        ),
-        (
-            "sortable",
-            [
-                Column(
-                    cid=0,
-                    name="pk1",
-                    type="varchar(30)",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=1,
-                    hidden=0,
-                ),
-                Column(
-                    cid=1,
-                    name="pk2",
-                    type="varchar(30)",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=2,
-                    hidden=0,
-                ),
-                Column(
-                    cid=2,
-                    name="content",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=3,
-                    name="sortable",
-                    type="integer",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=4,
-                    name="sortable_with_nulls",
-                    type="real",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=5,
-                    name="sortable_with_nulls_2",
-                    type="real",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-                Column(
-                    cid=6,
-                    name="text",
-                    type="text",
-                    notnull=0,
-                    default_value=None,
-                    is_pk=0,
-                    hidden=0,
-                ),
-            ],
-        ),
-    ),
-)
-@pytest.mark.asyncio
-async def test_table_column_details(db, table, expected):
-    columns = await db.table_column_details(table)
-    # Convert "type" to lowercase before comparison
-    # https://github.com/simonw/datasette/issues/1647
-    compare_columns = [
-        Column(
-            c.cid, c.name, c.type.lower(), c.notnull, c.default_value, c.is_pk, c.hidden
-        )
-        for c in columns
-    ]
-    assert compare_columns == expected
-
-
-@pytest.mark.asyncio
-async def test_get_all_foreign_keys(db):
-    all_foreign_keys = await db.get_all_foreign_keys()
-    assert all_foreign_keys["roadside_attraction_characteristics"] == {
-        "incoming": [],
-        "outgoing": [
-            {
-                "other_table": "attraction_characteristic",
-                "column": "characteristic_id",
-                "other_column": "pk",
-            },
-            {
-                "other_table": "roadside_attractions",
-                "column": "attraction_id",
-                "other_column": "pk",
-            },
-        ],
-    }
-    assert all_foreign_keys["attraction_characteristic"] == {
-        "incoming": [
-            {
-                "other_table": "roadside_attraction_characteristics",
-                "column": "pk",
-                "other_column": "characteristic_id",
-            }
-        ],
-        "outgoing": [],
-    }
-    assert all_foreign_keys["compound_primary_key"] == {
-        # No incoming because these are compound foreign keys, which we currently ignore
-        "incoming": [],
-        "outgoing": [],
-    }
-    assert all_foreign_keys["foreign_key_references"] == {
-        "incoming": [],
-        "outgoing": [
-            {
-                "other_table": "primary_key_multiple_columns",
-                "column": "foreign_key_with_no_label",
-                "other_column": "id",
-            },
-            {
-                "other_table": "simple_primary_key",
-                "column": "foreign_key_with_blank_label",
-                "other_column": "id",
-            },
-            {
-                "other_table": "simple_primary_key",
-                "column": "foreign_key_with_label",
-                "other_column": "id",
-            },
-        ],
-    }
-
-
-@pytest.mark.asyncio
-async def test_table_names(db):
-    table_names = await db.table_names()
-    # Tables are sorted alphabetically by name
-    assert table_names == [
-        "123_starts_with_digits",
-        "Table With Space In Name",
-        "attraction_characteristic",
-        "binary_data",
-        "complex_foreign_keys",
-        "compound_primary_key",
-        "compound_three_primary_keys",
-        "custom_foreign_key_label",
-        "facet_cities",
-        "facetable",
-        "foreign_key_references",
-        "infinity",
-        "no_primary_key",
-        "primary_key_multiple_columns",
-        "primary_key_multiple_columns_explicit_label",
-        "roadside_attraction_characteristics",
-        "roadside_attractions",
-        "searchable",
-        "searchable_fts",
-        "searchable_fts_config",
-        "searchable_fts_data",
-        "searchable_fts_docsize",
-        "searchable_fts_idx",
-        "searchable_tags",
-        "select",
-        "simple_primary_key",
-        "sortable",
-        "table/with/slashes.csv",
-        "tags",
-    ]
-
-
-@pytest.mark.asyncio
-async def test_view_names(db):
-    view_names = await db.view_names()
-    assert view_names == [
-        "paginated_view",
-        "simple_view",
-        "searchable_view",
-        "searchable_view_configured_by_metadata",
-    ]
-
-
-@pytest.mark.asyncio
-async def test_execute_write_block_true(db):
-    result = await db.execute_write(
-        "update roadside_attractions set name = ? where pk = ?", ["Mystery!", 1]
-    )
-    rows = await db.execute("select name from roadside_attractions where pk = 1")
-    assert result.rowcount == 1
-    assert result.description is None
-    assert result.truncated is False
-    assert result.fetchall() == []
-    assert "Mystery!" == rows.rows[0][0]
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning(db):
-    await db.execute_write(
-        "create table write_returning (id integer primary key, name text)"
-    )
-    result = await db.execute_write(
-        "insert into write_returning (name) values (?) returning id, name",
-        ["Cleo"],
-    )
-
-    assert result.rowcount == 1
-    assert result.lastrowid == 1
-    assert [column[0] for column in result.description] == ["id", "name"]
-    assert result.truncated is False
-    assert [dict(row) for row in result.fetchall()] == [{"id": 1, "name": "Cleo"}]
-    assert result.fetchall() == []
-    assert (await db.execute("select id, name from write_returning")).dicts() == [
-        {"id": 1, "name": "Cleo"}
-    ]
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning_default_limit(db):
-    await db.execute_write(
-        "create table write_returning_limit (id integer primary key)"
-    )
-    await db.execute_write_many(
-        "insert into write_returning_limit (id) values (?)",
-        [(i,) for i in range(1, 21)],
-    )
-
-    result = await db.execute_write(
-        "update write_returning_limit set id = id returning id"
-    )
-
-    assert result.rowcount == -1
-    assert result.truncated is True
-    assert len(result.fetchall()) == 10
-    assert (
-        await db.execute("select count(*) from write_returning_limit")
-    ).single_value() == 20
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning_custom_limit(db):
-    await db.execute_write(
-        "create table write_returning_custom (id integer primary key)"
-    )
-    await db.execute_write_many(
-        "insert into write_returning_custom (id) values (?)",
-        [(i,) for i in range(1, 6)],
-    )
-
-    result = await db.execute_write(
-        "update write_returning_custom set id = id returning id",
-        returning_limit=2,
-    )
-
-    assert result.rowcount == -1
-    assert result.truncated is True
-    assert [row["id"] for row in result.fetchall()] == [1, 2]
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning_exact_default_limit(db):
-    await db.execute_write(
-        "create table write_returning_exact_limit (id integer primary key)"
-    )
-    await db.execute_write_many(
-        "insert into write_returning_exact_limit (id) values (?)",
-        [(i,) for i in range(1, 11)],
-    )
-
-    result = await db.execute_write(
-        "update write_returning_exact_limit set id = id returning id"
-    )
-
-    assert result.rowcount == 10
-    assert result.truncated is False
-    assert len(result.fetchall()) == 10
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning_one_more_than_default_limit(db):
-    await db.execute_write(
-        "create table write_returning_one_more (id integer primary key)"
-    )
-    await db.execute_write_many(
-        "insert into write_returning_one_more (id) values (?)",
-        [(i,) for i in range(1, 12)],
-    )
-
-    result = await db.execute_write(
-        "update write_returning_one_more set id = id returning id"
-    )
-
-    assert result.rowcount == -1
-    assert result.truncated is True
-    assert len(result.fetchall()) == 10
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning_return_all(db):
-    await db.execute_write("create table write_returning_all (id integer primary key)")
-    await db.execute_write_many(
-        "insert into write_returning_all (id) values (?)",
-        [(i,) for i in range(1, 21)],
-    )
-
-    result = await db.execute_write(
-        "update write_returning_all set id = id returning id",
-        return_all=True,
-    )
-
-    assert result.rowcount == 20
-    assert result.truncated is False
-    assert [row["id"] for row in result.fetchall()] == list(range(1, 21))
-
-
-@pytest.mark.asyncio
-async def test_execute_write_block_false(db):
-    await db.execute_write(
-        "update roadside_attractions set name = ? where pk = ?",
-        ["Mystery!", 1],
-    )
-    time.sleep(0.1)
-    rows = await db.execute("select name from roadside_attractions where pk = 1")
-    assert "Mystery!" == rows.rows[0][0]
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_with_returning_block_false(db):
-    await db.execute_write(
-        "create table write_returning_block_false (id integer primary key, name text)"
-    )
-    task_id = await db.execute_write(
-        "insert into write_returning_block_false (name) values (?) returning id",
-        ["Cleo"],
-        block=False,
-    )
-
-    assert isinstance(task_id, uuid.UUID)
-    time.sleep(0.1)
-    assert (
-        await db.execute("select name from write_returning_block_false")
-    ).single_value() == "Cleo"
-
-
-def test_execute_write_result_closes_cursor_on_fetch_error():
-    class Cursor:
-        description = (("id", None, None, None, None, None, None),)
-        lastrowid = 1
-        rowcount = 0
-
-        def __init__(self):
-            self.closed = False
-
-        def fetchmany(self, size):
-            raise sqlite3.DatabaseError("fetch failed")
-
-        def close(self):
-            self.closed = True
-
-    cursor = Cursor()
-
-    with pytest.raises(sqlite3.DatabaseError):
-        ExecuteWriteResult.from_cursor(cursor)
-
-    assert cursor.closed is True
-
-
-@pytest.mark.asyncio
-async def test_execute_write_script(db):
-    await db.execute_write_script(
-        "create table foo (id integer primary key); create table bar (id integer primary key);"
-    )
-    table_names = await db.table_names()
-    assert {"foo", "bar"}.issubset(table_names)
-
-
-@pytest.mark.asyncio
-async def test_execute_write_many(db):
-    await db.execute_write_script("create table foomany (id integer primary key)")
-    await db.execute_write_many(
-        "insert into foomany (id) values (?)", [(1,), (10,), (100,)]
-    )
-    result = await db.execute("select * from foomany")
-    assert [r[0] for r in result.rows] == [1, 10, 100]
-
-
-@pytest.mark.asyncio
-async def test_execute_write_has_correctly_prepared_connection(db):
-    # The sleep() function is only available if ds._prepare_connection() was called
-    await db.execute_write("select sleep(0.01)")
-
-
-@pytest.mark.asyncio
-async def test_execute_write_fn_block_false(db):
-    def write_fn(conn):
-        conn.execute("delete from roadside_attractions where pk = 1;")
-        row = conn.execute("select count(*) from roadside_attractions").fetchone()
-        return row[0]
-
-    task_id = await db.execute_write_fn(write_fn, block=False)
-    assert isinstance(task_id, uuid.UUID)
-
-
-@pytest.mark.asyncio
-async def test_execute_write_fn_block_true(db):
-    def write_fn(conn):
-        conn.execute("delete from roadside_attractions where pk = 1;")
-        row = conn.execute("select count(*) from roadside_attractions").fetchone()
-        return row[0]
-
-    new_count = await db.execute_write_fn(write_fn)
-    assert 3 == new_count
-
-
-@pytest.mark.asyncio
-async def test_execute_write_fn_exception(db):
-    def write_fn(conn):
-        assert False
-
-    with pytest.raises(AssertionError):
-        await db.execute_write_fn(write_fn)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("param_name", ["conn", "connection", "db", "c"])
-async def test_execute_write_fn_accepts_any_single_param_name(db, param_name):
-    # Plugins historically relied on the fact that the callback was invoked
-    # positionally, so any parameter name worked. Preserve that contract.
-    scope = {}
-    exec(
-        "def write_fn({0}):\n"
-        "    return {0}.execute('select 1 + 1').fetchone()[0]".format(param_name),
-        scope,
-    )
-    write_fn = scope["write_fn"]
-    result = await db.execute_write_fn(write_fn)
-    assert result == 2
-
-
-@pytest.mark.asyncio
-async def test_execute_write_fn_with_track_event(db):
-    # When the callback declares track_event it still receives both args
-    # via dependency injection.
-    seen = []
-
-    def write_fn(conn, track_event):
-        seen.append(track_event)
-        return conn.execute("select 1 + 1").fetchone()[0]
-
-    result = await db.execute_write_fn(write_fn)
-    assert result == 2
-    assert len(seen) == 1 and callable(seen[0])
-
-
-@pytest.mark.asyncio
-@pytest.mark.timeout(1)
-async def test_execute_write_fn_connection_exception(tmpdir, app_client):
-    path = str(tmpdir / "immutable.db")
-    conn = sqlite3.connect(path)
-    conn.execute("vacuum")
-    conn.close()
-    db = Database(app_client.ds, path=path, is_mutable=False)
-    app_client.ds.add_database(db, name="immutable-db")
-
-    def write_fn(conn):
-        assert False
-
-    with pytest.raises(AssertionError):
-        await db.execute_write_fn(write_fn)
-
-    app_client.ds.remove_database("immutable-db")
-
-
-@pytest.mark.asyncio
-async def test_deliver_write_result_leaves_done_future_alone():
-    loop = asyncio.get_running_loop()
-    reply_future = loop.create_future()
-    reply_future.set_result("original")
-    task = SimpleNamespace(loop=loop, reply_future=reply_future)
-
-    # The write thread can finish after the caller has stopped waiting for the
-    # result. Delivery should notice that the future is already resolved and
-    # leave the caller's outcome alone instead of raising InvalidStateError.
-    _deliver_write_result(task, "replacement", None)
-    await asyncio.sleep(0)
-
-    assert reply_future.result() == "original"
-
-
-@pytest.mark.asyncio
-async def test_deliver_write_result_ignores_closed_loop():
-    closed_loop = asyncio.new_event_loop()
-    closed_loop.close()
-    reply_future = asyncio.get_running_loop().create_future()
-    task = SimpleNamespace(loop=closed_loop, reply_future=reply_future)
-
-    # If the event loop that submitted the write has gone away, the write
-    # thread should drop the result rather than crash while reporting back to
-    # that closed loop.
-    _deliver_write_result(task, "result", None)
-
-    assert not reply_future.done()
-
-
-def table_exists(conn, name):
-    return bool(
-        conn.execute(
-            """
-        with all_tables as (
-            select name from sqlite_master where type = 'table'
-                     union all
-            select name from temp.sqlite_master where type = 'table'
-        )
-        select 1 from all_tables where name = ?
-        """,
-            (name,),
-        ).fetchall(),
-    )
-
-
-def table_exists_checker(name):
-    def inner(conn):
-        return table_exists(conn, name)
-
-    return inner
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("disable_threads", (False, True))
-async def test_execute_isolated(db, disable_threads):
-    if disable_threads:
-        ds = Datasette(memory=True, settings={"num_sql_threads": 0})
-        db = ds.add_database(Database(ds, memory_name="test_num_sql_threads_zero"))
-
-    # Create temporary table in write
-    await db.execute_write(
-        "create temporary table created_by_write (id integer primary key)"
-    )
-    # Should stay visible to write connection
-    assert await db.execute_write_fn(table_exists_checker("created_by_write"))
-
-    def create_shared_table(conn):
-        conn.execute("create table shared (id integer primary key)")
-        # And a temporary table that should not continue to exist
-        conn.execute(
-            "create temporary table created_by_isolated (id integer primary key)"
-        )
-        assert table_exists(conn, "created_by_isolated")
-        # Also confirm that created_by_write does not exist
-        return table_exists(conn, "created_by_write")
-
-    # shared should not exist
-    assert not await db.execute_fn(table_exists_checker("shared"))
-
-    # Create it using isolated
-    created_by_write_exists = await db.execute_isolated_fn(create_shared_table)
-    assert not created_by_write_exists
-
-    # shared SHOULD exist now
-    assert await db.execute_fn(table_exists_checker("shared"))
-
-    # created_by_isolated should not exist, even in write connection
-    assert not await db.execute_write_fn(table_exists_checker("created_by_isolated"))
-
-    # ... and a second call to isolated should not see that connection either
-    assert not await db.execute_isolated_fn(table_exists_checker("created_by_isolated"))
-
-
-@pytest.mark.asyncio
-async def test_execute_isolated_connect_failure_does_not_kill_write_thread():
-    # A connect() failure for an isolated task should be returned to the
-    # caller as an exception, not crash the write thread
-    class ConnectError(Exception):
-        pass
-
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("test_isolated_connect_failure")
-    # Start the write thread with a healthy dedicated write connection
-    await db.execute_write("create table dogs (id integer primary key)")
-
-    original_connect = db.connect
-
-    def broken_connect(write=False):
-        raise ConnectError("Could not connect")
-
-    db.connect = broken_connect
-    try:
-        with pytest.raises(ConnectError):
-            await asyncio.wait_for(db.execute_isolated_fn(lambda conn: None), timeout=2)
-    finally:
-        db.connect = original_connect
-
-    # Write thread should still be alive and processing tasks
-    assert db._write_thread.is_alive()
-    await db.execute_write("insert into dogs (id) values (1)")
-    count = await db.execute_isolated_fn(
-        lambda conn: conn.execute("select count(*) from dogs").fetchone()[0]
-    )
-    assert count == 1
-
-
-@pytest.mark.asyncio
-async def test_analyze_sql():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("test_analyze_sql", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-
-    analysis = await db.analyze_sql("select name from dogs where id = ?", (1,))
-
-    assert [
-        (
-            operation.operation,
-            operation.database,
-            operation.sqlite_schema,
-            operation.table,
-            operation.columns,
-            operation.source,
-        )
-        for operation in analysis.operations
-        if operation.target_type == "table"
-        and operation.operation in {"read", "insert", "update", "delete"}
-        and not operation.internal
-    ] == [
-        ("read", "data", "main", "dogs", ("id", "name"), None),
-    ]
-
-
-@pytest.mark.asyncio
-async def test_analyze_sql_insert_select():
-    ds = Datasette(memory=True)
-    db = ds.add_memory_database("test_analyze_sql_insert_select", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await db.execute_write("create table cats (id integer primary key, name text)")
-
-    analysis = await db.analyze_sql("insert into dogs (name) select name from cats")
-
-    assert {
-        (
-            operation.operation,
-            operation.database,
-            operation.sqlite_schema,
-            operation.table,
-            operation.columns,
-            operation.source,
-        )
-        for operation in analysis.operations
-        if operation.target_type == "table"
-        and operation.operation in {"read", "insert", "update", "delete"}
-        and not operation.internal
-    } == {
-        ("insert", "data", "main", "dogs", (), None),
-        ("read", "data", "main", "cats", ("name",), None),
-    }
-
-
-@pytest.mark.asyncio
-async def test_mtime_ns(db):
-    assert isinstance(db.mtime_ns, int)
-
-
-def test_mtime_ns_is_none_for_memory(app_client):
-    memory_db = Database(app_client.ds, is_memory=True)
-    assert memory_db.is_memory is True
-    assert None is memory_db.mtime_ns
-
-
-def test_is_mutable(app_client):
-    assert Database(app_client.ds, is_memory=True).is_mutable is True
-    assert Database(app_client.ds, is_memory=True, is_mutable=True).is_mutable is True
-    assert Database(app_client.ds, is_memory=True, is_mutable=False).is_mutable is False
-
-
-@pytest.mark.asyncio
-async def test_attached_databases(app_client_two_attached_databases_crossdb_enabled):
-    database = app_client_two_attached_databases_crossdb_enabled.ds.get_database(
-        "_memory"
-    )
-    attached = await database.attached_databases()
-    assert {a.name for a in attached} == {"extra database", "fixtures"}
-
-
-@pytest.mark.asyncio
-async def test_database_memory_name(app_client):
-    ds = app_client.ds
-    foo1 = ds.add_database(Database(ds, memory_name="foo"))
-    foo2 = ds.add_memory_database("foo")
-    bar1 = ds.add_database(Database(ds, memory_name="bar"))
-    bar2 = ds.add_memory_database("bar")
-    for db in (foo1, foo2, bar1, bar2):
-        table_names = await db.table_names()
-        assert table_names == []
-    # Now create a table in foo
-    await foo1.execute_write("create table foo (t text)")
-    assert await foo1.table_names() == ["foo"]
-    assert await foo2.table_names() == ["foo"]
-    assert await bar1.table_names() == []
-    assert await bar2.table_names() == []
-
-
-@pytest.mark.asyncio
-async def test_in_memory_databases_forbid_writes(app_client):
-    ds = app_client.ds
-    db = ds.add_database(Database(ds, memory_name="test"))
-    with pytest.raises(sqlite3.OperationalError):
-        await db.execute("create table foo (t text)")
-    assert await db.table_names() == []
-    # Using db.execute_write() should work:
-    await db.execute_write("create table foo (t text)")
-    assert await db.table_names() == ["foo"]
-
-
-@pytest.mark.asyncio
-async def test_hidden_tables(app_client):
-    ds = app_client.ds
-    db = ds.add_database(Database(ds, is_memory=True, is_mutable=True))
-    assert await db.hidden_table_names() == []
-    await db.execute("create virtual table f using fts5(a)")
-    assert await db.hidden_table_names() == [
-        "f_config",
-        "f_content",
-        "f_data",
-        "f_docsize",
-        "f_idx",
-    ]
-
-    await db.execute("create virtual table r using rtree(id, amin, amax)")
-    assert await db.hidden_table_names() == [
-        "f_config",
-        "f_content",
-        "f_data",
-        "f_docsize",
-        "f_idx",
-        "r_node",
-        "r_parent",
-        "r_rowid",
-    ]
-
-    await db.execute("create table _hideme(_)")
-    assert await db.hidden_table_names() == [
-        "_hideme",
-        "f_config",
-        "f_content",
-        "f_data",
-        "f_docsize",
-        "f_idx",
-        "r_node",
-        "r_parent",
-        "r_rowid",
-    ]
-
-    # A fts virtual table with a content table should be hidden too
-    await db.execute("create virtual table f2_fts using fts5(a, content='f')")
-    assert await db.hidden_table_names() == [
-        "_hideme",
-        "f2_fts_config",
-        "f2_fts_data",
-        "f2_fts_docsize",
-        "f2_fts_idx",
-        "f_config",
-        "f_content",
-        "f_data",
-        "f_docsize",
-        "f_idx",
-        "r_node",
-        "r_parent",
-        "r_rowid",
-        "f2_fts",
-    ]
-
-
-@pytest.mark.asyncio
-async def test_replace_database(tmpdir):
-    path1 = str(tmpdir / "data1.db")
-    (tmpdir / "two").mkdir()
-    path2 = str(tmpdir / "two" / "data1.db")
-    conn1 = sqlite3.connect(path1)
-    conn1.executescript("""
-        create table t (id integer primary key);
-        insert into t (id) values (1);
-        insert into t (id) values (2);
-    """)
-    conn1.close()
-    conn2 = sqlite3.connect(path2)
-    conn2.executescript("""
-        create table t (id integer primary key);
-        insert into t (id) values (1);
-    """)
-    conn2.close()
-    datasette = Datasette([path1])
-    db = datasette.get_database("data1")
-    count = (await db.execute("select count(*) from t")).first()[0]
-    assert count == 2
-    # Now replace that database
-    datasette.get_database("data1").close()
-    datasette.remove_database("data1")
-    datasette.add_database(Database(datasette, path2), "data1")
-    db2 = datasette.get_database("data1")
-    count = (await db2.execute("select count(*) from t")).first()[0]
-    assert count == 1
-
-
-@pytest.mark.parametrize(
-    "kwargs,expected_repr",
-    [
-        ({"is_memory": True}, ""),
-        ({"memory_name": "my_mem"}, ""),
-        (
-            {"is_memory": True, "is_mutable": False},
-            "",
-        ),
-    ],
-    ids=["memory", "named_memory", "immutable_memory"],
-)
-def test_repr(app_client, kwargs, expected_repr):
-    db = Database(app_client.ds, **kwargs)
-    db.name = "test_db"
-    assert repr(db) == expected_repr
-
-
-def test_repr_temp_disk(app_client):
-    db = Database(app_client.ds, is_temp_disk=True)
-    db.name = "test_db"
-    r = repr(db)
-    assert r.startswith("")
-    assert isinstance(db.size, int)
-    assert isinstance(db.mtime_ns, int)
-    db.close()
-
-
-@pytest.mark.asyncio
-async def test_database_close_shuts_down_write_thread(tmpdir):
-    path = str(tmpdir / "dbclose.db")
-    conn = sqlite3.connect(path)
-    conn.execute("create table t (id integer primary key)")
-    conn.close()
-    ds = Datasette([path])
-    db = ds.get_database("dbclose")
-    # Trigger write thread creation
-    await db.execute_write("insert into t (id) values (1)")
-    assert db._write_thread is not None
-    assert db._write_thread.is_alive()
-    db.close()
-    # Wait briefly for the thread to exit — the sentinel should cause it to return.
-    db._write_thread.join(timeout=5)
-    assert not db._write_thread.is_alive()
-    ds._internal_database.close()
-
-
-@pytest.mark.asyncio
-async def test_database_close_raises_on_further_use(tmpdir):
-    path = str(tmpdir / "closed.db")
-    conn = sqlite3.connect(path)
-    conn.execute("create table t (id integer primary key)")
-    conn.close()
-    ds = Datasette([path])
-    db = ds.get_database("closed")
-    await db.execute("select 1")
-    db.close()
-    with pytest.raises(DatasetteClosedError):
-        await db.execute("select 1")
-    with pytest.raises(DatasetteClosedError):
-        await db.execute_write("insert into t (id) values (1)")
-    with pytest.raises(DatasetteClosedError):
-        await db.execute_fn(lambda conn: conn.execute("select 1").fetchone())
-    with pytest.raises(DatasetteClosedError):
-        await db.execute_write_fn(lambda conn: conn.execute("select 1"))
-    ds._internal_database.close()
-
-
-@pytest.mark.asyncio
-async def test_database_close_is_idempotent(tmpdir):
-    path = str(tmpdir / "idemp.db")
-    conn = sqlite3.connect(path)
-    conn.execute("create table t (id integer primary key)")
-    conn.close()
-    ds = Datasette([path])
-    db = ds.get_database("idemp")
-    await db.execute_write("insert into t (id) values (1)")
-    db.close()
-    # Second call should be a no-op, not raise
-    db.close()
-    ds._internal_database.close()
diff --git a/tests/test_internals_datasette.py b/tests/test_internals_datasette.py
deleted file mode 100644
index 2eaee3f9..00000000
--- a/tests/test_internals_datasette.py
+++ /dev/null
@@ -1,479 +0,0 @@
-"""
-Tests for the datasette.app.Datasette class
-"""
-
-import asyncio
-import dataclasses
-import hashlib
-import importlib
-import os
-import sqlite3
-import time
-from datasette import Context
-from datasette.app import Datasette, Database, ResourcesSQL
-from datasette.database import DatasetteClosedError
-from datasette.resources import DatabaseResource
-from datasette.utils import PrefixedUrlString
-from itsdangerous import BadSignature
-import pytest
-
-
-@pytest.fixture
-def datasette(ds_client):
-    return ds_client.ds
-
-
-def test_get_database(datasette):
-    db = datasette.get_database("fixtures")
-    assert "fixtures" == db.name
-    with pytest.raises(KeyError):
-        datasette.get_database("missing")
-
-
-def test_get_database_no_argument(datasette):
-    # Returns the first available database:
-    db = datasette.get_database()
-    assert "fixtures" == db.name
-
-
-@pytest.mark.parametrize("value", ["hello", 123, {"key": "value"}])
-@pytest.mark.parametrize("namespace", [None, "two"])
-def test_sign_unsign(datasette, value, namespace):
-    extra_args = [namespace] if namespace else []
-    signed = datasette.sign(value, *extra_args)
-    assert value != signed
-    assert value == datasette.unsign(signed, *extra_args)
-    with pytest.raises(BadSignature):
-        datasette.unsign(signed[:-1] + ("!" if signed[-1] != "!" else ":"))
-
-
-@pytest.mark.parametrize(
-    "setting,expected",
-    (
-        ("base_url", "/"),
-        ("max_csv_mb", 100),
-        ("allow_csv_stream", True),
-    ),
-)
-def test_datasette_setting(datasette, setting, expected):
-    assert datasette.setting(setting) == expected
-
-
-def _setup_static_app_root(tmp_path, monkeypatch, filename, content):
-    app_module = importlib.import_module("datasette.app")
-    app_root = tmp_path / "app-root"
-    static_path = app_root / "datasette" / "static"
-    static_path.mkdir(parents=True)
-    asset_path = static_path / filename
-    asset_path.write_bytes(content)
-    monkeypatch.setattr(app_module, "app_root", app_root)
-    return asset_path
-
-
-@pytest.mark.asyncio
-async def test_static_template_function_hashes_core_asset(tmp_path, monkeypatch):
-    _setup_static_app_root(tmp_path, monkeypatch, "demo.js", b"const demo = true;")
-    ds = Datasette()
-    template = ds.get_jinja_environment().from_string("{{ static('demo.js') }}")
-    expected_hash = hashlib.sha256(b"const demo = true;").hexdigest()[:12]
-
-    assert await template.render_async() == "/-/static/demo.js?_hash={}".format(
-        expected_hash
-    )
-    assert isinstance(ds.static("demo.js"), PrefixedUrlString)
-
-
-def test_static_hash_cached_when_cache_headers_enabled(tmp_path, monkeypatch):
-    asset_path = _setup_static_app_root(tmp_path, monkeypatch, "demo.js", b"let a = 1;")
-    ds = Datasette(cache_headers=True)
-    first_url = ds.static("demo.js")
-
-    asset_path.write_bytes(b"let a = 2;")
-
-    assert ds.static("demo.js") == first_url
-
-
-def test_static_hash_recalculated_when_cache_headers_disabled(tmp_path, monkeypatch):
-    asset_path = _setup_static_app_root(tmp_path, monkeypatch, "demo.js", b"let a = 1;")
-    ds = Datasette(cache_headers=False)
-    first_url = ds.static("demo.js")
-
-    asset_path.write_bytes(b"let a = 2;")
-
-    expected_hash = hashlib.sha256(b"let a = 2;").hexdigest()[:12]
-    assert ds.static("demo.js") == "/-/static/demo.js?_hash={}".format(expected_hash)
-    assert ds.static("demo.js") != first_url
-
-
-def test_static_hashes_mounted_static_file(tmp_path):
-    static_path = tmp_path / "static-files"
-    static_path.mkdir()
-    asset_path = static_path / "styles.css"
-    asset_path.write_bytes(b"body { color: black; }")
-    ds = Datasette(static_mounts=[("assets", str(static_path))])
-    expected_hash = hashlib.sha256(b"body { color: black; }").hexdigest()[:12]
-
-    assert ds.static("styles.css", mount="assets") == (
-        "/assets/styles.css?_hash={}".format(expected_hash)
-    )
-
-    ds._settings["base_url"] = "/prefix/"
-    assert ds.static("styles.css", mount="assets") == (
-        "/prefix/assets/styles.css?_hash={}".format(expected_hash)
-    )
-
-
-def test_static_hashes_plugin_static_file(tmp_path, monkeypatch):
-    plugin_static_path = tmp_path / "plugin-static"
-    plugin_static_path.mkdir()
-    asset_path = plugin_static_path / "plugin.js"
-    asset_path.write_bytes(b"console.log('plugin');")
-    app_module = importlib.import_module("datasette.app")
-    monkeypatch.setattr(
-        app_module,
-        "get_plugins",
-        lambda: [
-            {
-                "name": "datasette-cluster-map",
-                "static_path": str(plugin_static_path),
-                "templates_path": None,
-            }
-        ],
-    )
-    ds = Datasette()
-    expected_hash = hashlib.sha256(b"console.log('plugin');").hexdigest()[:12]
-
-    assert ds.static("plugin.js", plugin="datasette_cluster_map") == (
-        "/-/static-plugins/datasette_cluster_map/plugin.js?_hash={}".format(
-            expected_hash
-        )
-    )
-
-
-def test_static_rejects_plugin_and_mount():
-    ds = Datasette()
-    with pytest.raises(ValueError):
-        ds.static("styles.css", plugin="datasette_cluster_map", mount="assets")
-
-
-def test_static_rejects_path_traversal(tmp_path, monkeypatch):
-    _setup_static_app_root(tmp_path, monkeypatch, "demo.js", b"")
-    ds = Datasette()
-
-    with pytest.raises(ValueError, match="cannot escape static root"):
-        ds.static("../secret.js")
-
-
-@pytest.mark.asyncio
-async def test_datasette_constructor():
-    ds = Datasette()
-    databases = (await ds.client.get("/-/databases.json")).json()
-    assert databases == [
-        {
-            "name": "_memory",
-            "route": "_memory",
-            "path": None,
-            "size": 0,
-            "is_mutable": False,
-            "is_memory": True,
-            "hash": None,
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_num_sql_threads_zero():
-    ds = Datasette([], memory=True, settings={"num_sql_threads": 0})
-    db = ds.add_database(Database(ds, memory_name="test_num_sql_threads_zero"))
-    await db.execute_write("create table t(id integer primary key)")
-    await db.execute_write("insert into t (id) values (1)")
-    response = await ds.client.get("/-/threads.json")
-    assert response.json() == {"num_threads": 0, "threads": []}
-    response2 = await ds.client.get("/test_num_sql_threads_zero/t.json?_shape=array")
-    assert response2.json() == [{"id": 1}]
-
-
-ROOT = {"id": "root"}
-ALLOW_ROOT = {"allow": {"id": "root"}}
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "actor,config,action,resource,should_allow,expected_private",
-    (
-        (None, ALLOW_ROOT, "view-instance", None, False, False),
-        (ROOT, ALLOW_ROOT, "view-instance", None, True, True),
-        (
-            None,
-            {"databases": {"_memory": ALLOW_ROOT}},
-            "view-database",
-            DatabaseResource(database="_memory"),
-            False,
-            False,
-        ),
-        (
-            ROOT,
-            {"databases": {"_memory": ALLOW_ROOT}},
-            "view-database",
-            DatabaseResource(database="_memory"),
-            True,
-            True,
-        ),
-        # Check private is false for non-protected instance check
-        (
-            ROOT,
-            {"allow": True},
-            "view-instance",
-            None,
-            True,
-            False,
-        ),
-    ),
-)
-async def test_datasette_check_visibility(
-    actor, config, action, resource, should_allow, expected_private
-):
-    ds = Datasette([], memory=True, config=config)
-    await ds.invoke_startup()
-    visible, private = await ds.check_visibility(
-        actor, action=action, resource=resource
-    )
-    assert visible == should_allow
-    assert private == expected_private
-
-
-@pytest.mark.asyncio
-async def test_datasette_render_template_no_request():
-    # https://github.com/simonw/datasette/issues/1849
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    rendered = await ds.render_template("error.html")
-    assert "Error " in rendered
-
-
-@pytest.mark.asyncio
-async def test_datasette_render_template_with_dataclass():
-    @dataclasses.dataclass
-    class ExampleContext(Context):
-        title: str
-        status: int
-        error: str
-
-    context = ExampleContext(title="Hello", status=200, error="Error message")
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    rendered = await ds.render_template("error.html", context)
-    assert "
    Hello
    " in rendered
-    assert "Error message" in rendered
-
-
-def test_datasette_error_if_string_not_list(tmpdir):
-    # https://github.com/simonw/datasette/issues/1985
-    db_path = str(tmpdir / "data.db")
-    with pytest.raises(ValueError):
-        Datasette(db_path)
-
-
-@pytest.mark.asyncio
-async def test_get_action(ds_client):
-    ds = ds_client.ds
-    for name_or_abbr in (
-        "vi",
-        "view-instance",
-        "vt",
-        "view-table",
-        "sct",
-        "set-column-type",
-    ):
-        action = ds.get_action(name_or_abbr)
-        if "-" in name_or_abbr:
-            assert action.name == name_or_abbr
-        else:
-            assert action.abbr == name_or_abbr
-    # And test None return for missing action
-    assert ds.get_action("missing-permission") is None
-
-
-@pytest.mark.asyncio
-async def test_apply_metadata_json():
-    ds = Datasette(
-        metadata={
-            "databases": {
-                "legislators": {
-                    "tables": {"offices": {"summary": "office address or sumtin"}},
-                    "queries": {
-                        "millennial_representatives": {
-                            "summary": "Social media accounts for current legislators"
-                        }
-                    },
-                }
-            },
-            "weird_instance_value": {"nested": [1, 2, 3]},
-        },
-    )
-    await ds.invoke_startup()
-    assert (await ds.client.get("/")).status_code == 200
-    value = (await ds.get_instance_metadata()).get("weird_instance_value")
-    assert value == '{"nested": [1, 2, 3]}'
-
-
-@pytest.mark.asyncio
-async def test_allowed_resources_sql(datasette):
-    result = await datasette.allowed_resources_sql(
-        action="view-table",
-        actor=None,
-    )
-    assert isinstance(result, ResourcesSQL)
-    assert "all_rules AS" in result.sql
-    assert result.params["action"] == "view-table"
-
-
-@pytest.mark.asyncio
-async def test_datasette_close_closes_all_databases_and_executor():
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    # Confirm internal DB has write machinery running
-    assert ds._internal_database._write_thread is not None
-    assert ds._internal_database._write_thread.is_alive()
-    temp_path = ds._internal_database.path
-    assert os.path.exists(temp_path)
-    executor = ds.executor
-    ds.close()
-    # Executor is shut down
-    assert executor._shutdown
-    # All attached Database instances are closed
-    for db in ds.databases.values():
-        assert db._closed
-    assert ds._internal_database._closed
-    # Temp internal DB file is unlinked
-    assert not os.path.exists(temp_path)
-
-
-@pytest.mark.asyncio
-async def test_datasette_close_is_idempotent():
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    ds.close()
-    # Second call should be a no-op
-    ds.close()
-
-
-@pytest.mark.asyncio
-async def test_datasette_close_raises_on_use():
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    ds.close()
-    with pytest.raises(DatasetteClosedError):
-        await ds.get_internal_database().execute("select 1")
-
-
-async def _datasette_with_sleeping_execute(tmp_path, sleep_ms=200):
-    db_path = tmp_path / "data.db"
-    internal_path = tmp_path / "internal.db"
-    sqlite3.connect(db_path).close()
-    ds = Datasette([str(db_path)], internal=str(internal_path))
-    loop = asyncio.get_running_loop()
-    sql_started = asyncio.Event()
-    original_prepare_connection = ds._prepare_connection
-
-    def prepare_connection(conn, name):
-        original_prepare_connection(conn, name)
-
-        def sleep_ms(ms):
-            loop.call_soon_threadsafe(sql_started.set)
-            time.sleep(ms / 1000)
-            return ms
-
-        conn.create_function("sleep_ms", 1, sleep_ms)
-
-    ds._prepare_connection = prepare_connection
-    task = asyncio.create_task(
-        ds.get_database().execute(
-            f"select sleep_ms({sleep_ms})", custom_time_limit=1000
-        )
-    )
-    await asyncio.wait_for(sql_started.wait(), timeout=5)
-    return ds, task
-
-
-@pytest.mark.asyncio
-async def test_datasette_close_waits_for_in_flight_execute(tmp_path):
-    ds, task = await _datasette_with_sleeping_execute(tmp_path)
-    ds.close()
-    results = await task
-    assert [tuple(row) for row in results.rows] == [(200,)]
-
-
-@pytest.mark.asyncio
-async def test_datasette_close_waits_for_cancelled_in_flight_execute(tmp_path):
-    ds, task = await _datasette_with_sleeping_execute(tmp_path)
-    task.cancel()
-    with pytest.raises(asyncio.CancelledError):
-        await task
-    ds.close()
-
-
-@pytest.mark.asyncio
-async def test_asgi_lifespan_shutdown_closes_datasette():
-    ds = Datasette(memory=True)
-    app = ds.app()
-    # Drive an ASGI lifespan: startup, then shutdown.
-    messages_sent = []
-    inbox = [
-        {"type": "lifespan.startup"},
-        {"type": "lifespan.shutdown"},
-    ]
-
-    async def receive():
-        return inbox.pop(0)
-
-    async def send(message):
-        messages_sent.append(message)
-
-    await app({"type": "lifespan"}, receive, send)
-    assert {"type": "lifespan.startup.complete"} in messages_sent
-    assert {"type": "lifespan.shutdown.complete"} in messages_sent
-    assert ds._closed
-
-
-@pytest.mark.asyncio
-async def test_datasette_close_continues_past_db_error():
-    # If one Database raises during close(), the others still get closed.
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-
-    class Boom(Database):
-        def close(self):
-            raise RuntimeError("boom")
-
-    ds.add_database(Boom(ds, is_memory=True), name="bad")
-    good = ds.add_database(Database(ds, is_memory=True), name="good")
-    with pytest.raises(RuntimeError, match="boom"):
-        ds.close()
-    assert good._closed
-    assert ds._internal_database._closed
-
-
-@pytest.mark.asyncio
-async def test_datasette_render_template_dataclass_values_not_deep_copied():
-    # display_rows can contain values like sqlite3.Row that cannot be
-    # deep-copied, so render_template must convert Context dataclasses
-    # shallowly - https://github.com/simonw/datasette/issues/2127
-    class RefusesDeepCopy:
-        def __deepcopy__(self, memo):
-            raise RuntimeError("deepcopy not supported")
-
-        def __str__(self):
-            return "shallow-copied-value"
-
-    @dataclasses.dataclass
-    class ExampleContext(Context):
-        title: str
-        status: int
-        error: RefusesDeepCopy
-
-    context = ExampleContext(title="Hello", status=200, error=RefusesDeepCopy())
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    rendered = await ds.render_template("error.html", context)
-    assert "shallow-copied-value" in rendered
diff --git a/tests/test_internals_datasette_client.py b/tests/test_internals_datasette_client.py
deleted file mode 100644
index 543077a5..00000000
--- a/tests/test_internals_datasette_client.py
+++ /dev/null
@@ -1,386 +0,0 @@
-import httpx
-import pytest
-import pytest_asyncio
-from datasette.app import Datasette
-
-
-@pytest_asyncio.fixture
-async def datasette(ds_client):
-    await ds_client.ds.invoke_startup()
-    return ds_client.ds
-
-
-@pytest_asyncio.fixture
-async def datasette_with_permissions():
-    """A datasette instance with permission restrictions for testing"""
-    ds = Datasette(config={"databases": {"test_db": {"allow": {"id": "admin"}}}})
-    await ds.invoke_startup()
-    db = ds.add_memory_database("test_datasette_with_permissions", name="test_db")
-    await db.execute_write(
-        "create table if not exists test_table (id integer primary key, name text)"
-    )
-    await db.execute_write(
-        "insert or ignore into test_table (id, name) values (1, 'Alice')"
-    )
-    # Trigger catalog refresh
-    await ds.client.get("/")
-    return ds
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "method,path,expected_status",
-    [
-        ("get", "/", 200),
-        ("options", "/", 200),
-        ("head", "/", 200),
-        ("put", "/", 405),
-        ("patch", "/", 405),
-        ("delete", "/", 405),
-    ],
-)
-async def test_client_methods(datasette, method, path, expected_status):
-    client_method = getattr(datasette.client, method)
-    response = await client_method(path)
-    assert isinstance(response, httpx.Response)
-    assert response.status_code == expected_status
-    # Try that again using datasette.client.request
-    response2 = await datasette.client.request(method, path)
-    assert response2.status_code == expected_status
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("prefix", [None, "/prefix/"])
-async def test_client_post(datasette, prefix):
-    original_base_url = datasette._settings["base_url"]
-    try:
-        if prefix is not None:
-            datasette._settings["base_url"] = prefix
-        response = await datasette.client.post(
-            "/-/messages",
-            data={
-                "message": "A message",
-            },
-        )
-        assert isinstance(response, httpx.Response)
-        assert response.status_code == 302
-        assert "ds_messages" in response.cookies
-    finally:
-        datasette._settings["base_url"] = original_base_url
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "prefix,expected_path", [(None, "/asgi-scope"), ("/prefix/", "/prefix/asgi-scope")]
-)
-async def test_client_path(datasette, prefix, expected_path):
-    original_base_url = datasette._settings["base_url"]
-    try:
-        if prefix is not None:
-            datasette._settings["base_url"] = prefix
-        response = await datasette.client.get("/asgi-scope")
-        path = response.json()["path"]
-        assert path == expected_path
-    finally:
-        datasette._settings["base_url"] = original_base_url
-
-
-@pytest.mark.asyncio
-async def test_skip_permission_checks_allows_forbidden_access(
-    datasette_with_permissions,
-):
-    """Test that skip_permission_checks=True bypasses permission checks"""
-    ds = datasette_with_permissions
-
-    # Without skip_permission_checks, anonymous user should get 403 for protected database
-    response = await ds.client.get("/test_db.json")
-    assert response.status_code == 403
-
-    # With skip_permission_checks=True, should get 200
-    response = await ds.client.get("/test_db.json", skip_permission_checks=True)
-    assert response.status_code == 200
-    data = response.json()
-    assert data["database"] == "test_db"
-
-
-@pytest.mark.asyncio
-async def test_skip_permission_checks_on_table(datasette_with_permissions):
-    """Test skip_permission_checks works for table access"""
-    ds = datasette_with_permissions
-
-    # Without skip_permission_checks, should get 403
-    response = await ds.client.get("/test_db/test_table.json")
-    assert response.status_code == 403
-
-    # With skip_permission_checks=True, should get table data
-    response = await ds.client.get(
-        "/test_db/test_table.json", skip_permission_checks=True
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["rows"] == [{"id": 1, "name": "Alice"}]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "method", ["get", "post", "put", "patch", "delete", "options", "head"]
-)
-async def test_skip_permission_checks_all_methods(datasette_with_permissions, method):
-    """Test that skip_permission_checks works with all HTTP methods"""
-    ds = datasette_with_permissions
-
-    # All methods should work with skip_permission_checks=True
-    client_method = getattr(ds.client, method)
-    response = await client_method("/test_db.json", skip_permission_checks=True)
-    # We don't check status code since some methods might not be allowed,
-    # but we verify the request doesn't fail due to permissions
-    assert isinstance(response, httpx.Response)
-
-
-@pytest.mark.asyncio
-async def test_skip_permission_checks_request_method(datasette_with_permissions):
-    """Test that skip_permission_checks works with client.request()"""
-    ds = datasette_with_permissions
-
-    # Without skip_permission_checks
-    response = await ds.client.request("GET", "/test_db.json")
-    assert response.status_code == 403
-
-    # With skip_permission_checks=True
-    response = await ds.client.request(
-        "GET", "/test_db.json", skip_permission_checks=True
-    )
-    assert response.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_skip_permission_checks_isolated_to_request(datasette_with_permissions):
-    """Test that skip_permission_checks doesn't affect other concurrent requests"""
-    ds = datasette_with_permissions
-
-    # First request with skip_permission_checks=True should succeed
-    response1 = await ds.client.get("/test_db.json", skip_permission_checks=True)
-    assert response1.status_code == 200
-
-    # Subsequent request without it should still get 403
-    response2 = await ds.client.get("/test_db.json")
-    assert response2.status_code == 403
-
-    # And another with skip should succeed again
-    response3 = await ds.client.get("/test_db.json", skip_permission_checks=True)
-    assert response3.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_skip_permission_checks_with_admin_actor(datasette_with_permissions):
-    """Test that skip_permission_checks works even when actor is provided"""
-    ds = datasette_with_permissions
-
-    # Admin actor should normally have access
-    admin_cookies = {"ds_actor": ds.client.actor_cookie({"id": "admin"})}
-    response = await ds.client.get("/test_db.json", cookies=admin_cookies)
-    assert response.status_code == 200
-
-    # Non-admin actor should get 403
-    user_cookies = {"ds_actor": ds.client.actor_cookie({"id": "user"})}
-    response = await ds.client.get("/test_db.json", cookies=user_cookies)
-    assert response.status_code == 403
-
-    # Non-admin actor with skip_permission_checks=True should get 200
-    response = await ds.client.get(
-        "/test_db.json", cookies=user_cookies, skip_permission_checks=True
-    )
-    assert response.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_skip_permission_checks_shows_denied_tables():
-    """Test that skip_permission_checks=True shows tables from denied databases in /-/jump.json"""
-    ds = Datasette(
-        config={
-            "databases": {
-                "fixtures": {"allow": False}  # Deny all access to this database
-            }
-        }
-    )
-    await ds.invoke_startup()
-    db = ds.add_memory_database("fixtures")
-    await db.execute_write(
-        "CREATE TABLE test_table (id INTEGER PRIMARY KEY, name TEXT)"
-    )
-    await db.execute_write("INSERT INTO test_table (id, name) VALUES (1, 'Alice')")
-    await ds._refresh_schemas()
-
-    # Without skip_permission_checks, tables from denied database should not appear in /-/jump.json
-    response = await ds.client.get("/-/jump.json")
-    assert response.status_code == 200
-    data = response.json()
-    table_names = [match["name"] for match in data["matches"]]
-    # Should not see any fixtures tables since access is denied
-    fixtures_tables = [name for name in table_names if name.startswith("fixtures:")]
-    assert len(fixtures_tables) == 0
-
-    # With skip_permission_checks=True, tables from denied database SHOULD appear
-    response = await ds.client.get("/-/jump.json", skip_permission_checks=True)
-    assert response.status_code == 200
-    data = response.json()
-    table_names = [match["name"] for match in data["matches"]]
-    # Should see fixtures tables when permission checks are skipped
-    assert "fixtures: test_table" in table_names
-
-
-@pytest.mark.asyncio
-async def test_in_client_returns_false_outside_request(datasette):
-    """Test that datasette.in_client() returns False outside of a client request"""
-    assert datasette.in_client() is False
-
-
-@pytest.mark.asyncio
-async def test_in_client_returns_true_inside_request():
-    """Test that datasette.in_client() returns True inside a client request"""
-    from datasette import hookimpl, Response
-
-    class TestPlugin:
-        __name__ = "test_in_client_plugin"
-
-        @hookimpl
-        def register_routes(self):
-            async def test_view(datasette):
-                # Assert in_client() returns True within the view
-                assert datasette.in_client() is True
-                return Response.json({"in_client": datasette.in_client()})
-
-            return [
-                (r"^/-/test-in-client$", test_view),
-            ]
-
-    ds = Datasette()
-    await ds.invoke_startup()
-    ds.pm.register(TestPlugin(), name="test_in_client_plugin")
-    try:
-
-        # Outside of a client request, should be False
-        assert ds.in_client() is False
-
-        # Make a request via datasette.client
-        response = await ds.client.get("/-/test-in-client")
-        assert response.status_code == 200
-        assert response.json()["in_client"] is True
-
-        # After the request, should be False again
-        assert ds.in_client() is False
-    finally:
-        ds.pm.unregister(name="test_in_client_plugin")
-
-
-@pytest.mark.asyncio
-async def test_in_client_with_skip_permission_checks():
-    """Test that in_client() works regardless of skip_permission_checks value"""
-    from datasette import hookimpl
-    from datasette.utils.asgi import Response
-
-    in_client_values = []
-
-    class TestPlugin:
-        __name__ = "test_in_client_skip_plugin"
-
-        @hookimpl
-        def register_routes(self):
-            async def test_view(datasette):
-                in_client_values.append(datasette.in_client())
-                return Response.json({"in_client": datasette.in_client()})
-
-            return [
-                (r"^/-/test-in-client$", test_view),
-            ]
-
-    ds = Datasette(config={"databases": {"test_db": {"allow": {"id": "admin"}}}})
-    await ds.invoke_startup()
-    ds.pm.register(TestPlugin(), name="test_in_client_skip_plugin")
-    try:
-
-        # Request without skip_permission_checks
-        await ds.client.get("/-/test-in-client")
-        # Request with skip_permission_checks=True
-        await ds.client.get("/-/test-in-client", skip_permission_checks=True)
-
-        # Both should have detected in_client as True
-        assert (
-            len(in_client_values) == 2
-        ), f"Expected 2 values, got {len(in_client_values)}"
-        assert all(in_client_values), f"Expected all True, got {in_client_values}"
-    finally:
-        ds.pm.unregister(name="test_in_client_skip_plugin")
-
-
-@pytest.mark.asyncio
-async def test_actor_parameter_sets_cookie(datasette):
-    """Passing actor= should sign a ds_actor cookie and authenticate the request."""
-    response = await datasette.client.get("/-/actor.json", actor={"id": "root"})
-    assert response.status_code == 200
-    assert response.json() == {"actor": {"id": "root"}}
-
-
-@pytest.mark.asyncio
-async def test_actor_parameter_works_with_request_method(datasette):
-    response = await datasette.client.request(
-        "GET", "/-/actor.json", actor={"id": "root"}
-    )
-    assert response.status_code == 200
-    assert response.json() == {"actor": {"id": "root"}}
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "method", ["get", "post", "options", "head", "put", "patch", "delete"]
-)
-async def test_actor_parameter_all_http_methods(datasette, method):
-    """actor= should not cause errors on any HTTP verb wrapper."""
-    client_method = getattr(datasette.client, method)
-    # Just verify no TypeError about unexpected 'actor' kwarg
-    response = await client_method("/", actor={"id": "root"})
-    assert isinstance(response, httpx.Response)
-
-
-@pytest.mark.asyncio
-async def test_actor_parameter_conflicts_with_ds_actor_cookie(datasette):
-    """Passing both actor= and a ds_actor cookie should raise TypeError."""
-    with pytest.raises(TypeError, match="actor"):
-        await datasette.client.get(
-            "/-/actor.json",
-            actor={"id": "root"},
-            cookies={"ds_actor": datasette.client.actor_cookie({"id": "other"})},
-        )
-
-
-@pytest.mark.asyncio
-async def test_actor_parameter_merges_with_other_cookies(datasette):
-    """actor= should coexist with unrelated cookies."""
-    response = await datasette.client.get(
-        "/-/actor.json",
-        actor={"id": "root"},
-        cookies={"unrelated": "value"},
-    )
-    assert response.status_code == 200
-    assert response.json() == {"actor": {"id": "root"}}
-
-
-@pytest.mark.asyncio
-async def test_actor_parameter_with_skip_permission_checks(
-    datasette_with_permissions,
-):
-    """actor= should be compatible with skip_permission_checks."""
-    ds = datasette_with_permissions
-    # Non-admin actor with skip_permission_checks=True should get 200
-    response = await ds.client.get(
-        "/test_db.json",
-        actor={"id": "user"},
-        skip_permission_checks=True,
-    )
-    assert response.status_code == 200
-    # Admin actor on its own should also get 200
-    response = await ds.client.get("/test_db.json", actor={"id": "admin"})
-    assert response.status_code == 200
-    # Non-admin actor should get 403
-    response = await ds.client.get("/test_db.json", actor={"id": "user"})
-    assert response.status_code == 403
diff --git a/tests/test_internals_request.py b/tests/test_internals_request.py
deleted file mode 100644
index 9c448186..00000000
--- a/tests/test_internals_request.py
+++ /dev/null
@@ -1,199 +0,0 @@
-from datasette.utils.asgi import Request
-import json
-import pytest
-
-
-@pytest.mark.asyncio
-async def test_request_post_vars():
-    scope = {
-        "http_version": "1.1",
-        "method": "POST",
-        "path": "/",
-        "raw_path": b"/",
-        "query_string": b"",
-        "scheme": "http",
-        "type": "http",
-        "headers": [[b"content-type", b"application/x-www-form-urlencoded"]],
-    }
-
-    async def receive():
-        return {
-            "type": "http.request",
-            "body": b"foo=bar&baz=1&empty=",
-            "more_body": False,
-        }
-
-    request = Request(scope, receive)
-    assert {"foo": "bar", "baz": "1", "empty": ""} == await request.post_vars()
-
-
-@pytest.mark.asyncio
-async def test_request_post_body():
-    scope = {
-        "http_version": "1.1",
-        "method": "POST",
-        "path": "/",
-        "raw_path": b"/",
-        "query_string": b"",
-        "scheme": "http",
-        "type": "http",
-        "headers": [[b"content-type", b"application/json"]],
-    }
-
-    data = {"hello": "world"}
-
-    async def receive():
-        return {
-            "type": "http.request",
-            "body": json.dumps(data, indent=4).encode("utf-8"),
-            "more_body": False,
-        }
-
-    request = Request(scope, receive)
-    body = await request.post_body()
-    assert isinstance(body, bytes)
-    assert data == json.loads(body)
-
-
-@pytest.mark.asyncio
-async def test_request_json():
-    scope = {
-        "http_version": "1.1",
-        "method": "POST",
-        "path": "/",
-        "raw_path": b"/",
-        "query_string": b"",
-        "scheme": "http",
-        "type": "http",
-        "headers": [[b"content-type", b"application/json"]],
-    }
-
-    data = {"hello": "world", "items": [1, 2, 3]}
-
-    async def receive():
-        return {
-            "type": "http.request",
-            "body": json.dumps(data).encode("utf-8"),
-            "more_body": False,
-        }
-
-    request = Request(scope, receive)
-    assert data == await request.json()
-
-
-@pytest.mark.asyncio
-async def test_request_json_invalid():
-    scope = {
-        "http_version": "1.1",
-        "method": "POST",
-        "path": "/",
-        "raw_path": b"/",
-        "query_string": b"",
-        "scheme": "http",
-        "type": "http",
-        "headers": [[b"content-type", b"application/json"]],
-    }
-
-    async def receive():
-        return {
-            "type": "http.request",
-            "body": b"this is not JSON",
-            "more_body": False,
-        }
-
-    request = Request(scope, receive)
-    with pytest.raises(json.JSONDecodeError):
-        await request.json()
-
-
-def test_request_args():
-    request = Request.fake("/foo?multi=1&multi=2&single=3")
-    assert "1" == request.args.get("multi")
-    assert "3" == request.args.get("single")
-    assert "1" == request.args["multi"]
-    assert "3" == request.args["single"]
-    assert ["1", "2"] == request.args.getlist("multi")
-    assert [] == request.args.getlist("missing")
-    assert "multi" in request.args
-    assert "single" in request.args
-    assert "missing" not in request.args
-    expected = ["multi", "single"]
-    assert expected == list(request.args.keys())
-    for i, key in enumerate(request.args):
-        assert expected[i] == key
-    assert 2 == len(request.args)
-    with pytest.raises(KeyError):
-        request.args["missing"]
-
-
-def test_request_fake_url_vars():
-    request = Request.fake("/")
-    assert request.url_vars == {}
-    request = Request.fake("/", url_vars={"database": "fixtures"})
-    assert request.url_vars == {"database": "fixtures"}
-
-
-def test_request_repr():
-    request = Request.fake("/foo?multi=1&multi=2&single=3")
-    assert (
-        repr(request)
-        == ''
-    )
-
-
-def test_request_url_vars():
-    scope = {
-        "http_version": "1.1",
-        "method": "POST",
-        "path": "/",
-        "raw_path": b"/",
-        "query_string": b"",
-        "scheme": "http",
-        "type": "http",
-        "headers": [[b"content-type", b"application/x-www-form-urlencoded"]],
-    }
-    assert {} == Request(scope, None).url_vars
-    assert {"name": "cleo"} == Request(
-        dict(scope, url_route={"kwargs": {"name": "cleo"}}), None
-    ).url_vars
-
-
-@pytest.mark.parametrize(
-    "path,query_string,expected_full_path",
-    [("/", "", "/"), ("/", "foo=bar", "/?foo=bar"), ("/foo", "bar", "/foo?bar")],
-)
-def test_request_properties(path, query_string, expected_full_path):
-    path_with_query_string = path
-    if query_string:
-        path_with_query_string += "?" + query_string
-    scope = {
-        "http_version": "1.1",
-        "method": "POST",
-        "path": path,
-        "raw_path": path_with_query_string.encode("latin-1"),
-        "query_string": query_string.encode("latin-1"),
-        "scheme": "http",
-        "type": "http",
-    }
-    request = Request(scope, None)
-    assert request.path == path
-    assert request.query_string == query_string
-    assert request.full_path == expected_full_path
-
-
-def test_request_blank_values():
-    request = Request.fake("/?a=b&foo=bar&foo=bar2&baz=")
-    assert request.args._data == {"a": ["b"], "foo": ["bar", "bar2"], "baz": [""]}
-
-
-def test_json_in_query_string_name():
-    query_string = (
-        '?_through.["roadside_attraction_characteristics"%2C"characteristic_id"]=1'
-    )
-    request = Request.fake("/" + query_string)
-    assert (
-        request.args[
-            '_through.["roadside_attraction_characteristics","characteristic_id"]'
-        ]
-        == "1"
-    )
diff --git a/tests/test_internals_response.py b/tests/test_internals_response.py
deleted file mode 100644
index 820b20b2..00000000
--- a/tests/test_internals_response.py
+++ /dev/null
@@ -1,54 +0,0 @@
-from datasette.utils.asgi import Response
-import pytest
-
-
-def test_response_html():
-    response = Response.html("Hello from HTML")
-    assert 200 == response.status
-    assert "Hello from HTML" == response.body
-    assert "text/html; charset=utf-8" == response.content_type
-
-
-def test_response_text():
-    response = Response.text("Hello from text")
-    assert 200 == response.status
-    assert "Hello from text" == response.body
-    assert "text/plain; charset=utf-8" == response.content_type
-
-
-def test_response_json():
-    response = Response.json({"this_is": "json"})
-    assert 200 == response.status
-    assert '{"this_is": "json"}' == response.body
-    assert "application/json; charset=utf-8" == response.content_type
-
-
-def test_response_redirect():
-    response = Response.redirect("/foo")
-    assert 302 == response.status
-    assert "/foo" == response.headers["Location"]
-
-
-@pytest.mark.asyncio
-async def test_response_set_cookie():
-    events = []
-
-    async def send(event):
-        events.append(event)
-
-    response = Response.redirect("/foo")
-    response.set_cookie("foo", "bar", max_age=10, httponly=True)
-    await response.asgi_send(send)
-
-    assert [
-        {
-            "type": "http.response.start",
-            "status": 302,
-            "headers": [
-                [b"Location", b"/foo"],
-                [b"content-type", b"text/plain"],
-                [b"set-cookie", b"foo=bar; HttpOnly; Max-Age=10; Path=/; SameSite=lax"],
-            ],
-        },
-        {"type": "http.response.body", "body": b""},
-    ] == events
diff --git a/tests/test_internals_urls.py b/tests/test_internals_urls.py
deleted file mode 100644
index 24fa745d..00000000
--- a/tests/test_internals_urls.py
+++ /dev/null
@@ -1,150 +0,0 @@
-from datasette.app import Datasette
-from datasette.utils import PrefixedUrlString
-import pytest
-
-
-@pytest.fixture(scope="module")
-def ds():
-    return Datasette([], memory=True)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,path,expected",
-    [
-        ("/", "/", "/"),
-        ("/", "/foo", "/foo"),
-        ("/prefix/", "/", "/prefix/"),
-        ("/prefix/", "/foo", "/prefix/foo"),
-        ("/prefix/", "foo", "/prefix/foo"),
-        ("/data/", "/data", "/data/data"),
-        ("/data/", "/data/foo", "/data/data/foo"),
-    ],
-)
-def test_path(ds, ds_base_url, path, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.path(path)
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
-
-
-def test_path_applied_twice_does_not_double_prefix(ds):
-    ds._settings["base_url"] = "/prefix/"
-    path = ds.urls.path("/")
-    assert path == "/prefix/"
-    path = ds.urls.path(path)
-    assert path == "/prefix/"
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,expected",
-    [
-        ("/", "/"),
-        ("/prefix/", "/prefix/"),
-    ],
-)
-def test_instance(ds, ds_base_url, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.instance()
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,file,expected",
-    [
-        ("/", "foo.js", "/-/static/foo.js"),
-        ("/prefix/", "foo.js", "/prefix/-/static/foo.js"),
-    ],
-)
-def test_static(ds, ds_base_url, file, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.static(file)
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,plugin,file,expected",
-    [
-        (
-            "/",
-            "datasette_cluster_map",
-            "datasette-cluster-map.js",
-            "/-/static-plugins/datasette_cluster_map/datasette-cluster-map.js",
-        ),
-        (
-            "/prefix/",
-            "datasette_cluster_map",
-            "datasette-cluster-map.js",
-            "/prefix/-/static-plugins/datasette_cluster_map/datasette-cluster-map.js",
-        ),
-    ],
-)
-def test_static_plugins(ds, ds_base_url, plugin, file, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.static_plugins(plugin, file)
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,expected",
-    [
-        ("/", "/-/logout"),
-        ("/prefix/", "/prefix/-/logout"),
-    ],
-)
-def test_logout(ds, ds_base_url, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.logout()
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,format,expected",
-    [
-        ("/", None, "/_memory"),
-        ("/prefix/", None, "/prefix/_memory"),
-        ("/", "json", "/_memory.json"),
-    ],
-)
-def test_database(ds, ds_base_url, format, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.database("_memory", format=format)
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,name,format,expected",
-    [
-        ("/", "name", None, "/_memory/name"),
-        ("/prefix/", "name", None, "/prefix/_memory/name"),
-        ("/", "name", "json", "/_memory/name.json"),
-        ("/", "name.json", "json", "/_memory/name~2Ejson.json"),
-    ],
-)
-def test_table_and_query(ds, ds_base_url, name, format, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual1 = ds.urls.table("_memory", name, format=format)
-    assert actual1 == expected
-    assert isinstance(actual1, PrefixedUrlString)
-    actual2 = ds.urls.query("_memory", name, format=format)
-    assert actual2 == expected
-    assert isinstance(actual2, PrefixedUrlString)
-
-
-@pytest.mark.parametrize(
-    "ds_base_url,format,expected",
-    [
-        ("/", None, "/_memory/facetable/1"),
-        ("/prefix/", None, "/prefix/_memory/facetable/1"),
-        ("/", "json", "/_memory/facetable/1.json"),
-    ],
-)
-def test_row(ds, ds_base_url, format, expected):
-    ds._settings["base_url"] = ds_base_url
-    actual = ds.urls.row("_memory", "facetable", "1", format=format)
-    assert actual == expected
-    assert isinstance(actual, PrefixedUrlString)
diff --git a/tests/test_jump.py b/tests/test_jump.py
deleted file mode 100644
index 0fb6a552..00000000
--- a/tests/test_jump.py
+++ /dev/null
@@ -1,466 +0,0 @@
-import pytest
-import pytest_asyncio
-
-from datasette import hookimpl
-from datasette.app import Datasette
-from datasette.jump import JumpSQL
-from datasette.plugins import pm
-from datasette.views.special import JumpView
-
-
-@pytest_asyncio.fixture
-async def ds_for_jump():
-    ds = Datasette(
-        config={
-            "databases": {
-                "content": {
-                    "allow": {"id": "*"},
-                    "tables": {
-                        "articles": {"allow": {"id": "editor"}},
-                        "comments": {"allow": True},
-                    },
-                    "queries": {
-                        "recent_comments": {
-                            "sql": "select * from comments",
-                            "allow": {"id": "*"},
-                            "title": "Recent comments",
-                        },
-                        "release_notes": {
-                            "sql": "select 1",
-                            "allow": {"id": "*"},
-                            "title": "Recent Datasette releases",
-                        },
-                        "editor_report": {
-                            "sql": "select * from articles",
-                            "allow": {"id": "editor"},
-                        },
-                    },
-                },
-                "private": {
-                    "allow": False,
-                    "queries": {
-                        "private_report": "select 1",
-                    },
-                },
-            }
-        }
-    )
-    await ds.invoke_startup()
-
-    content_db = ds.add_memory_database("jump_test_content", name="content")
-    await content_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS articles (id INTEGER PRIMARY KEY, title TEXT)"
-    )
-    await content_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS comments (id INTEGER PRIMARY KEY, body TEXT)"
-    )
-    await content_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT)"
-    )
-    await content_db.execute_write(
-        "CREATE VIEW IF NOT EXISTS comment_summary AS SELECT body FROM comments"
-    )
-
-    private_db = ds.add_memory_database("jump_test_private", name="private")
-    await private_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS secrets (id INTEGER PRIMARY KEY, data TEXT)"
-    )
-
-    public_db = ds.add_memory_database("jump_test_public", name="public")
-    await public_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS articles (id INTEGER PRIMARY KEY, content TEXT)"
-    )
-
-    await ds._refresh_schemas()
-    return ds
-
-
-@pytest.mark.asyncio
-async def test_jump_searches_tables_databases_views_and_stored_queries(ds_for_jump):
-    response = await ds_for_jump.client.get(
-        "/-/jump.json?q=content", actor={"id": "user"}
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    matches_by_type_and_name = {
-        (match["type"], match["name"]): match for match in data["matches"]
-    }
-    assert ("database", "content") in matches_by_type_and_name
-    assert ("table", "content: comments") in matches_by_type_and_name
-    assert ("view", "content: comment_summary") in matches_by_type_and_name
-    assert ("query", "content: recent_comments") in matches_by_type_and_name
-    assert matches_by_type_and_name[("database", "content")]["url"] == "/content"
-    assert (
-        matches_by_type_and_name[("query", "content: recent_comments")]["url"]
-        == "/content/recent_comments"
-    )
-
-
-@pytest.mark.asyncio
-async def test_jump_uses_stored_query_names_not_titles(ds_for_jump):
-    response = await ds_for_jump.client.get(
-        "/-/jump.json?q=datasette", actor={"id": "user"}
-    )
-    assert response.status_code == 200
-    assert response.json()["matches"] == []
-
-    response = await ds_for_jump.client.get(
-        "/-/jump.json?q=release", actor={"id": "user"}
-    )
-    assert response.status_code == 200
-    assert response.json()["matches"] == [
-        {
-            "name": "content: release_notes",
-            "url": "/content/release_notes",
-            "type": "query",
-            "description": None,
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_jump_respects_resource_permissions(ds_for_jump):
-    regular = await ds_for_jump.client.get(
-        "/-/jump.json?q=articles", actor={"id": "regular"}
-    )
-    editor = await ds_for_jump.client.get(
-        "/-/jump.json?q=articles", actor={"id": "editor"}
-    )
-    private = await ds_for_jump.client.get(
-        "/-/jump.json?q=secrets", actor={"id": "editor"}
-    )
-
-    assert {match["name"] for match in regular.json()["matches"]} == {
-        "public: articles"
-    }
-    assert {match["name"] for match in editor.json()["matches"]} == {
-        "content: articles",
-        "public: articles",
-    }
-    assert private.json()["matches"] == []
-
-
-@pytest.mark.asyncio
-async def test_jump_sql_menu_item_helper(ds_for_jump):
-    assert JumpSQL("SELECT 1").database is None
-    assert JumpSQL("SELECT 1", database="content").database == "content"
-    assert JumpSQL("SELECT 1", None, "content").database == "content"
-
-    fragment = JumpSQL.menu_item(
-        label="Plugin dashboard",
-        url="/-/plugin-dashboard",
-        description="Plugin tool",
-        search_text="dashboard plugin",
-        display_name="Plugin Dashboard",
-        item_type="plugin",
-    )
-    result = await ds_for_jump.get_internal_database().execute(
-        fragment.sql, fragment.params
-    )
-    assert dict(result.first()) == {
-        "type": "plugin",
-        "label": "Plugin dashboard",
-        "description": "Plugin tool",
-        "url": "/-/plugin-dashboard",
-        "search_text": "dashboard plugin",
-        "display_name": "Plugin Dashboard",
-    }
-
-
-@pytest.mark.asyncio
-async def test_debug_menu_items_are_in_jump_for_debug_menu_permission():
-    ds = Datasette(
-        config={
-            "permissions": {
-                "debug-menu": {"id": "debugger"},
-            }
-        }
-    )
-    await ds.invoke_startup()
-    response = await ds.client.get("/-/jump.json?q=debug", actor={"id": "debugger"})
-    assert response.status_code == 200
-    debug_matches = [
-        match for match in response.json()["matches"] if match["type"] == "debug"
-    ]
-    assert {match["name"]: match["url"] for match in debug_matches} == {
-        "Databases": "/-/databases",
-        "Installed plugins": "/-/plugins",
-        "Version info": "/-/versions",
-        "Settings": "/-/settings",
-        "Debug permissions": "/-/permissions",
-        "Debug messages": "/-/messages",
-        "Debug allow rules": "/-/allow-debug",
-        "Debug autocomplete": "/-/debug/autocomplete",
-        "Debug threads": "/-/threads",
-        "Debug actor": "/-/actor",
-        "Pattern portfolio": "/-/patterns",
-    }
-    descriptions_by_name = {
-        match["name"]: match["description"] for match in debug_matches
-    }
-    assert all(descriptions_by_name.values())
-    assert descriptions_by_name["Databases"] == (
-        "List of databases known to this Datasette instance."
-    )
-
-
-@pytest.mark.asyncio
-async def test_debug_menu_items_are_hidden_without_debug_menu_permission():
-    ds = Datasette()
-    await ds.invoke_startup()
-    response = await ds.client.get("/-/jump.json?q=debug", actor={"id": "regular"})
-    assert response.status_code == 200
-    assert [
-        match for match in response.json()["matches"] if match["type"] == "debug"
-    ] == []
-
-
-@pytest.mark.asyncio
-async def test_jump_uses_plugin_sql_with_namespaced_parameters(ds_for_jump):
-    class JumpPlugin:
-        @hookimpl
-        def jump_items_sql(self, datasette, actor, request):
-            return JumpSQL(
-                sql="""
-                SELECT
-                    'plugin' AS type,
-                    'plugin-dashboard: ' || :actor_id AS label,
-                    'Plugin supplied item' AS description,
-                    '/-/plugin-dashboard' AS url,
-                    'plugin dashboard ' || :actor_id AS search_text,
-                    'Plugin dashboard for ' || :actor_id AS display_name
-                """,
-                params={"actor_id": actor["id"] if actor else "anonymous"},
-            )
-
-    plugin = JumpPlugin()
-    pm.register(plugin, name="test-jump-plugin")
-    try:
-        response = await ds_for_jump.client.get(
-            "/-/jump.json?q=dashboard", actor={"id": "alice"}
-        )
-    finally:
-        pm.unregister(name="test-jump-plugin")
-
-    assert response.status_code == 200
-    plugin_matches = [
-        match for match in response.json()["matches"] if match["type"] == "plugin"
-    ]
-    assert plugin_matches == [
-        {
-            "name": "plugin-dashboard: alice",
-            "display_name": "Plugin dashboard for alice",
-            "url": "/-/plugin-dashboard",
-            "type": "plugin",
-            "description": "Plugin supplied item",
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_jump_sql_unions_fragments_by_database(ds_for_jump, monkeypatch):
-    class JumpPlugin:
-        @hookimpl
-        def jump_items_sql(self, datasette, actor, request):
-            return [
-                JumpSQL(sql="""
-                    SELECT
-                        'plugin' AS type,
-                        'first-unioned-item' AS label,
-                        NULL AS description,
-                        '/-/first-unioned-item' AS url,
-                        'unioned item' AS search_text,
-                        NULL AS display_name
-                    """),
-                JumpSQL(sql="""
-                    SELECT
-                        'plugin' AS type,
-                        'second-unioned-item' AS label,
-                        NULL AS description,
-                        '/-/second-unioned-item' AS url,
-                        'unioned item' AS search_text,
-                        NULL AS display_name
-                    """),
-                JumpSQL(
-                    """
-                    SELECT
-                        'plugin' AS type,
-                        'content-first-unioned-item' AS label,
-                        NULL AS description,
-                        '/-/content-first-unioned-item' AS url,
-                        'unioned item' AS search_text,
-                        NULL AS display_name
-                    """,
-                    None,
-                    "content",
-                ),
-                JumpSQL(
-                    database="content",
-                    sql="""
-                    SELECT
-                        'plugin' AS type,
-                        'content-second-unioned-item' AS label,
-                        NULL AS description,
-                        '/-/content-second-unioned-item' AS url,
-                        'unioned item' AS search_text,
-                        NULL AS display_name
-                    """,
-                ),
-            ]
-
-    internal_db = ds_for_jump.get_internal_database()
-    original_execute = internal_db.execute
-    internal_jump_query_sql = []
-
-    async def internal_execute_with_recording(sql, *args, **kwargs):
-        if "unioned-item" in sql:
-            internal_jump_query_sql.append(sql)
-        return await original_execute(sql, *args, **kwargs)
-
-    monkeypatch.setattr(internal_db, "execute", internal_execute_with_recording)
-
-    content_db = ds_for_jump.get_database("content")
-    original_content_execute = content_db.execute
-    content_jump_query_sql = []
-
-    async def content_execute_with_recording(sql, *args, **kwargs):
-        if "unioned-item" in sql:
-            content_jump_query_sql.append(sql)
-        return await original_content_execute(sql, *args, **kwargs)
-
-    monkeypatch.setattr(content_db, "execute", content_execute_with_recording)
-
-    plugin = JumpPlugin()
-    pm.register(plugin, name="test-jump-union-plugin")
-    try:
-        response = await ds_for_jump.client.get(
-            "/-/jump.json?q=unioned", actor={"id": "alice"}
-        )
-    finally:
-        pm.unregister(name="test-jump-union-plugin")
-
-    assert response.status_code == 200
-    assert len(internal_jump_query_sql) == 1
-    assert " UNION ALL " in internal_jump_query_sql[0]
-    assert len(content_jump_query_sql) == 1
-    assert " UNION ALL " in content_jump_query_sql[0]
-    assert {match["name"] for match in response.json()["matches"]} == {
-        "content-first-unioned-item",
-        "content-second-unioned-item",
-        "first-unioned-item",
-        "second-unioned-item",
-    }
-
-
-@pytest.mark.asyncio
-async def test_jump_sql_can_query_named_database(ds_for_jump):
-    content_db = ds_for_jump.get_database("content")
-    await content_db.execute_write(
-        "INSERT INTO comments (id, body) VALUES (1001, 'Named database jump target')"
-    )
-
-    class JumpPlugin:
-        @hookimpl
-        def jump_items_sql(self, datasette, actor, request):
-            return JumpSQL(
-                database="content",
-                sql="""
-                SELECT
-                    'comment' AS type,
-                    body AS label,
-                    'Comment from content database' AS description,
-                    json_object(
-                        'method', 'table',
-                        'database', 'content',
-                        'table', 'comments'
-                    ) AS url,
-                    body AS search_text,
-                    body AS display_name
-                FROM comments
-                WHERE id = :comment_id
-                """,
-                params={"comment_id": 1001},
-            )
-
-    plugin = JumpPlugin()
-    pm.register(plugin, name="test-jump-content-db-plugin")
-    try:
-        response = await ds_for_jump.client.get(
-            "/-/jump.json?q=named+database", actor={"id": "alice"}
-        )
-    finally:
-        pm.unregister(name="test-jump-content-db-plugin")
-
-    assert response.status_code == 200
-    plugin_matches = [
-        match for match in response.json()["matches"] if match["type"] == "comment"
-    ]
-    assert plugin_matches == [
-        {
-            "name": "Named database jump target",
-            "display_name": "Named database jump target",
-            "url": "/content/comments",
-            "type": "comment",
-            "description": "Comment from content database",
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_jump_resolves_url_descriptors_from_sql(ds_for_jump):
-    class JumpPlugin:
-        @hookimpl
-        def jump_items_sql(self, datasette, actor, request):
-            return JumpSQL(sql="""
-                SELECT
-                    'plugin' AS type,
-                    'Table descriptor' AS label,
-                    NULL AS description,
-                    json_object(
-                        'method', 'table',
-                        'database', 'content',
-                        'table', 'comments'
-                    ) AS url,
-                    'table descriptor comments' AS search_text,
-                    NULL AS display_name
-                """)
-
-    plugin = JumpPlugin()
-    pm.register(plugin, name="test-jump-url-descriptor-plugin")
-    try:
-        response = await ds_for_jump.client.get(
-            "/-/jump.json?q=descriptor", actor={"id": "alice"}
-        )
-    finally:
-        pm.unregister(name="test-jump-url-descriptor-plugin")
-
-    assert response.status_code == 200
-    plugin_matches = [
-        match for match in response.json()["matches"] if match["type"] == "plugin"
-    ]
-    assert plugin_matches == [
-        {
-            "name": "Table descriptor",
-            "url": "/content/comments",
-            "type": "plugin",
-            "description": None,
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_jump_url_descriptor_errors(ds_for_jump):
-    view = JumpView(ds_for_jump)
-    with pytest.raises(AttributeError):
-        view._resolve_url('{"method": "not_a_url_method"}')
-    with pytest.raises(TypeError):
-        view._resolve_url(
-            '{"method": "table", "database_name": "content", "table_name": "comments"}'
-        )
-
-
-@pytest.mark.asyncio
-async def test_tables_endpoint_removed(ds_for_jump):
-    response = await ds_for_jump.client.get("/-/tables.json")
-    assert response.status_code == 404
diff --git a/tests/test_label_column_for_table.py b/tests/test_label_column_for_table.py
deleted file mode 100644
index 7667b595..00000000
--- a/tests/test_label_column_for_table.py
+++ /dev/null
@@ -1,97 +0,0 @@
-import pytest
-from datasette.database import Database
-from datasette.app import Datasette
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "create_sql,table_name,config,expected_label_column",
-    [
-        # Explicit label_column
-        (
-            "create table t1 (id integer primary key, name text, title text);",
-            "t1",
-            {"t1": {"label_column": "title"}},
-            "title",
-        ),
-        # Single unique text column
-        (
-            "create table t2 (id integer primary key, name2 text unique, title text);",
-            "t2",
-            {},
-            "name2",
-        ),
-        (
-            "create table t3 (id integer primary key, title2 text unique, name text);",
-            "t3",
-            {},
-            "title2",
-        ),
-        # Two unique text columns means it cannot decide on one
-        (
-            "create table t3x (id integer primary key, name2 text unique, title2 text unique);",
-            "t3x",
-            {},
-            None,
-        ),
-        # Name or title column
-        (
-            "create table t4 (id integer primary key, name text);",
-            "t4",
-            {},
-            "name",
-        ),
-        (
-            "create table t5 (id integer primary key, title text);",
-            "t5",
-            {},
-            "title",
-        ),
-        # But not if there are multiple non-unique text that are not called title
-        (
-            "create table t5x (id integer primary key, other1 text, other2 text);",
-            "t5x",
-            {},
-            None,
-        ),
-        (
-            "create table t6 (id integer primary key, Name text);",
-            "t6",
-            {},
-            "Name",
-        ),
-        (
-            "create table t7 (id integer primary key, Title text);",
-            "t7",
-            {},
-            "Title",
-        ),
-        # Two columns, one of which is id
-        (
-            "create table t8 (id integer primary key, content text);",
-            "t8",
-            {},
-            "content",
-        ),
-        (
-            "create table t9 (pk integer primary key, content text);",
-            "t9",
-            {},
-            "content",
-        ),
-    ],
-)
-async def test_label_column_for_table(
-    create_sql, table_name, config, expected_label_column
-):
-    """Test cases for label_column_for_table method"""
-    ds = Datasette()
-    db = ds.add_database(Database(ds, memory_name="test_label_column_for_table"))
-    await db.execute_write_script(create_sql)
-    if config:
-        ds.config = {"databases": {"test_label_column_for_table": {"tables": config}}}
-    actual_label_column = await db.label_column_for_table(table_name)
-    if expected_label_column is None:
-        assert actual_label_column is None
-    else:
-        assert actual_label_column == expected_label_column
diff --git a/tests/test_load_extensions.py b/tests/test_load_extensions.py
deleted file mode 100644
index cdadb091..00000000
--- a/tests/test_load_extensions.py
+++ /dev/null
@@ -1,64 +0,0 @@
-from datasette.app import Datasette
-import pytest
-from pathlib import Path
-
-# not necessarily a full path - the full compiled path looks like "ext.dylib"
-# or another suffix, but sqlite will, under the hood, decide which file
-# extension to use based on the operating system (apple=dylib, windows=dll etc)
-# this resolves to "./ext", which is enough for SQLite to calculate the rest
-COMPILED_EXTENSION_PATH = str(Path(__file__).parent / "ext")
-
-
-# See if ext.c has been compiled, based off the different possible suffixes.
-def has_compiled_ext():
-    for ext in ["dylib", "so", "dll"]:
-        path = Path(__file__).parent / f"ext.{ext}"
-        if path.is_file():
-            return True
-    return False
-
-
-@pytest.mark.asyncio
-@pytest.mark.skipif(not has_compiled_ext(), reason="Requires compiled ext.c")
-async def test_load_extension_default_entrypoint():
-    # The default entrypoint only loads a() and NOT b() or c(), so those
-    # should fail.
-    ds = Datasette(sqlite_extensions=[COMPILED_EXTENSION_PATH])
-
-    response = await ds.client.get("/_memory/-/query.json?_shape=arrays&sql=select+a()")
-    assert response.status_code == 200
-    assert response.json()["rows"][0][0] == "a"
-
-    response = await ds.client.get("/_memory/-/query.json?_shape=arrays&sql=select+b()")
-    assert response.status_code == 400
-    assert response.json()["error"] == "no such function: b"
-
-    response = await ds.client.get("/_memory/-/query.json?_shape=arrays&sql=select+c()")
-    assert response.status_code == 400
-    assert response.json()["error"] == "no such function: c"
-
-
-@pytest.mark.asyncio
-@pytest.mark.skipif(not has_compiled_ext(), reason="Requires compiled ext.c")
-async def test_load_extension_multiple_entrypoints():
-    # Load in the default entrypoint and the other 2 custom entrypoints, now
-    # all a(), b(), and c() should run successfully.
-    ds = Datasette(
-        sqlite_extensions=[
-            COMPILED_EXTENSION_PATH,
-            (COMPILED_EXTENSION_PATH, "sqlite3_ext_b_init"),
-            (COMPILED_EXTENSION_PATH, "sqlite3_ext_c_init"),
-        ]
-    )
-
-    response = await ds.client.get("/_memory/-/query.json?_shape=arrays&sql=select+a()")
-    assert response.status_code == 200
-    assert response.json()["rows"][0][0] == "a"
-
-    response = await ds.client.get("/_memory/-/query.json?_shape=arrays&sql=select+b()")
-    assert response.status_code == 200
-    assert response.json()["rows"][0][0] == "b"
-
-    response = await ds.client.get("/_memory/-/query.json?_shape=arrays&sql=select+c()")
-    assert response.status_code == 200
-    assert response.json()["rows"][0][0] == "c"
diff --git a/tests/test_messages.py b/tests/test_messages.py
deleted file mode 100644
index 62d9f647..00000000
--- a/tests/test_messages.py
+++ /dev/null
@@ -1,32 +0,0 @@
-from .utils import cookie_was_deleted
-import pytest
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "qs,expected",
-    [
-        ("add_msg=added-message", [["added-message", 1]]),
-        ("add_msg=added-warning&type=WARNING", [["added-warning", 2]]),
-        ("add_msg=added-error&type=ERROR", [["added-error", 3]]),
-    ],
-)
-async def test_add_message_sets_cookie(ds_client, qs, expected):
-    response = await ds_client.get(f"/fixtures/-/query.message?sql=select+1&{qs}")
-    signed = response.cookies["ds_messages"]
-    decoded = ds_client.ds.unsign(signed, "messages")
-    assert expected == decoded
-
-
-@pytest.mark.asyncio
-async def test_messages_are_displayed_and_cleared(ds_client):
-    # First set the message cookie
-    set_msg_response = await ds_client.get(
-        "/fixtures/-/query.message?sql=select+1&add_msg=xmessagex"
-    )
-    # Now access a page that displays messages
-    response = await ds_client.get("/", cookies=set_msg_response.cookies)
-    # Messages should be in that HTML
-    assert "xmessagex" in response.text
-    # Cookie should have been set that clears messages
-    assert cookie_was_deleted(response, "ds_messages")
diff --git a/tests/test_multipart.py b/tests/test_multipart.py
deleted file mode 100644
index 0dc3ecd7..00000000
--- a/tests/test_multipart.py
+++ /dev/null
@@ -1,1152 +0,0 @@
-"""
-Tests for request.form() multipart form data parsing.
-
-Uses TDD approach - these tests are written first, then implementation follows.
-"""
-
-import base64
-import json
-import pytest
-from collections import namedtuple
-
-from multipart_form_data_conformance import get_tests_dir
-
-from datasette.utils.asgi import Request, BadRequest
-
-
-def make_receive(body: bytes):
-    """Create an async receive callable that yields body in chunks."""
-    consumed = False
-
-    async def receive():
-        nonlocal consumed
-        if consumed:
-            return {"type": "http.request", "body": b"", "more_body": False}
-        consumed = True
-        return {"type": "http.request", "body": body, "more_body": False}
-
-    return receive
-
-
-def make_chunked_receive(body: bytes, chunk_size: int = 64):
-    """Create an async receive callable that yields body in small chunks."""
-    offset = 0
-
-    async def receive():
-        nonlocal offset
-        chunk = body[offset : offset + chunk_size]
-        offset += chunk_size
-        more_body = offset < len(body)
-        return {"type": "http.request", "body": chunk, "more_body": more_body}
-
-    return receive
-
-
-def make_receive_with_noise(body: bytes):
-    """
-    Create an async receive callable that includes an unexpected ASGI message.
-
-    The parser should ignore the unknown message type and continue.
-    """
-    messages = [
-        {"type": "http.response.start", "status": 200, "headers": []},
-        {"type": "http.request", "body": body, "more_body": False},
-    ]
-    index = 0
-
-    async def receive():
-        nonlocal index
-        if index >= len(messages):
-            return {"type": "http.request", "body": b"", "more_body": False}
-        message = messages[index]
-        index += 1
-        return message
-
-    return receive
-
-
-def make_disconnect_receive(body: bytes, chunk_size: int = 64):
-    """
-    Create an async receive callable that disconnects mid-request.
-
-    The parser should raise on the disconnect.
-    """
-    offset = 0
-    disconnected = False
-
-    async def receive():
-        nonlocal offset, disconnected
-        if disconnected:
-            return {"type": "http.disconnect"}
-        chunk = body[offset : offset + chunk_size]
-        offset += chunk_size
-        more_body = offset < len(body)
-        if more_body:
-            disconnected = True
-        return {"type": "http.request", "body": chunk, "more_body": more_body}
-
-    return receive
-
-
-class TestFormUrlEncoded:
-    """Test request.form() with application/x-www-form-urlencoded data."""
-
-    @pytest.mark.asyncio
-    async def test_basic_form_fields(self):
-        """Basic URL-encoded form should be parseable via request.form()."""
-        body = b"username=john&password=secret"
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"application/x-www-form-urlencoded"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-
-        assert form["username"] == "john"
-        assert form["password"] == "secret"
-
-    @pytest.mark.asyncio
-    async def test_form_with_multiple_values(self):
-        """Multiple values for same key should be accessible via getlist()."""
-        body = b"tag=python&tag=web&tag=api"
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"application/x-www-form-urlencoded"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-
-        assert form["tag"] == "python"  # First value
-        assert form.getlist("tag") == ["python", "web", "api"]
-
-    @pytest.mark.asyncio
-    async def test_empty_form(self):
-        """Empty form should return empty FormData."""
-        body = b""
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"application/x-www-form-urlencoded"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-
-        assert len(form) == 0
-
-    @pytest.mark.asyncio
-    async def test_form_with_special_characters(self):
-        """URL-encoded special characters should be decoded properly."""
-        body = b"message=hello%20world&emoji=%F0%9F%91%8B"
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"application/x-www-form-urlencoded"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-
-        assert form["message"] == "hello world"
-        assert form["emoji"] == "👋"
-
-
-class TestMultipartBasic:
-    """Test request.form() with multipart/form-data (fields only, no files)."""
-
-    @pytest.mark.asyncio
-    async def test_single_text_field(self):
-        """Single text field in multipart should be parseable."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="username"\r\n'
-            b"\r\n"
-            b"john_doe\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-
-        assert form["username"] == "john_doe"
-
-    @pytest.mark.asyncio
-    async def test_multiple_text_fields(self):
-        """Multiple text fields in multipart should all be accessible."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="first_name"\r\n'
-            b"\r\n"
-            b"John\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="last_name"\r\n'
-            b"\r\n"
-            b"Doe\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-
-        assert form["first_name"] == "John"
-        assert form["last_name"] == "Doe"
-
-    @pytest.mark.asyncio
-    async def test_file_discarded_when_files_false(self):
-        """File content should be discarded when files=False (default)."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="title"\r\n'
-            b"\r\n"
-            b"My Document\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="doc.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"File content here\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="description"\r\n'
-            b"\r\n"
-            b"A sample document\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()  # files=False is default
-
-        # Text fields should be present
-        assert form["title"] == "My Document"
-        assert form["description"] == "A sample document"
-        # File should NOT be present
-        assert "file" not in form
-
-    @pytest.mark.asyncio
-    async def test_chunked_body_parsing(self):
-        """Multipart should work when body arrives in small chunks."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="username"\r\n'
-            b"\r\n"
-            b"john_doe\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        # Use small chunks to test streaming parser
-        request = Request(scope, make_chunked_receive(body, chunk_size=16))
-
-        form = await request.form()
-
-        assert form["username"] == "john_doe"
-
-
-class TestMultipartWithFiles:
-    """Test request.form(files=True) for file uploads."""
-
-    @pytest.mark.asyncio
-    async def test_single_file_upload(self):
-        """Single file upload should create UploadedFile object."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="document"; filename="test.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"Hello, World!\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-
-        uploaded_file = form["document"]
-        assert uploaded_file.filename == "test.txt"
-        assert uploaded_file.content_type == "text/plain"
-        assert await uploaded_file.read() == b"Hello, World!"
-        assert uploaded_file.size == 13
-
-    @pytest.mark.asyncio
-    async def test_mixed_fields_and_files(self):
-        """Mixed form fields and files should all be accessible."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="title"\r\n'
-            b"\r\n"
-            b"My Document\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="doc.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"Document content\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="description"\r\n'
-            b"\r\n"
-            b"A sample\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-
-        # Text fields
-        assert form["title"] == "My Document"
-        assert form["description"] == "A sample"
-        # File
-        uploaded_file = form["file"]
-        assert uploaded_file.filename == "doc.txt"
-        assert await uploaded_file.read() == b"Document content"
-
-    @pytest.mark.asyncio
-    async def test_multiple_files_same_name(self):
-        """Multiple files with same name should be accessible via getlist()."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="files"; filename="a.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"File A\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="files"; filename="b.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"File B\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-
-        files = form.getlist("files")
-        assert len(files) == 2
-        assert files[0].filename == "a.txt"
-        assert files[1].filename == "b.txt"
-
-    @pytest.mark.asyncio
-    async def test_large_file_spills_to_disk(self):
-        """Files larger than threshold should spill to temp file."""
-        boundary = "----TestBoundary123"
-        # Create a body larger than the in-memory threshold (1MB)
-        large_content = b"x" * (2 * 1024 * 1024)  # 2MB
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="bigfile"; filename="large.bin"\r\n'
-            b"Content-Type: application/octet-stream\r\n"
-            b"\r\n" + large_content + b"\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-
-        uploaded_file = form["bigfile"]
-        assert uploaded_file.size == len(large_content)
-        # Content should still be readable
-        content = await uploaded_file.read()
-        assert content == large_content
-
-    @pytest.mark.asyncio
-    async def test_uploaded_file_seek_and_read(self):
-        """UploadedFile should support seek and multiple reads."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="test.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"Hello, World!\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-        uploaded_file = form["file"]
-
-        # First read
-        content1 = await uploaded_file.read()
-        assert content1 == b"Hello, World!"
-
-        # Seek back to start
-        await uploaded_file.seek(0)
-
-        # Second read
-        content2 = await uploaded_file.read()
-        assert content2 == b"Hello, World!"
-
-
-class TestMultipartCleanup:
-    """Test deterministic cleanup of uploaded files."""
-
-    @pytest.mark.asyncio
-    async def test_formdata_close_closes_uploaded_files(self):
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="test.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"Hello\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-        form = await request.form(files=True)
-        uploaded_file = form["file"]
-
-        form.close()
-
-        with pytest.raises(ValueError):
-            await uploaded_file.read()
-
-    @pytest.mark.asyncio
-    async def test_formdata_async_context_manager_closes_files(self):
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="test.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"Hello\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-        form = await request.form(files=True)
-        uploaded_file = form["file"]
-
-        async with form:
-            pass
-
-        with pytest.raises(ValueError):
-            await uploaded_file.read()
-
-
-class TestMultipartEdgeCases:
-    """Test edge cases in multipart parsing."""
-
-    @pytest.mark.asyncio
-    async def test_empty_file_upload(self):
-        """Empty file (filename but no content) should be handled."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="empty.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-
-        uploaded_file = form["file"]
-        assert uploaded_file.filename == "empty.txt"
-        assert uploaded_file.size == 0
-        assert await uploaded_file.read() == b""
-
-    @pytest.mark.asyncio
-    async def test_filename_with_path(self):
-        """Filename containing path should extract just the filename."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="C:\\Users\\test\\doc.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"content\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form(files=True)
-
-        # Should extract just the filename, not the full path
-        uploaded_file = form["file"]
-        assert uploaded_file.filename == "doc.txt"
-
-    @pytest.mark.asyncio
-    async def test_missing_content_type_header(self):
-        """Missing content-type in request should raise BadRequest."""
-        body = b"some body"
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest):
-            await request.form()
-
-    @pytest.mark.asyncio
-    async def test_invalid_content_type(self):
-        """Non-form content-type should raise BadRequest."""
-        body = b'{"key": "value"}'
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"application/json"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest):
-            await request.form()
-
-    @pytest.mark.asyncio
-    async def test_missing_boundary(self):
-        """Multipart without boundary should raise BadRequest."""
-        body = b"some body"
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"multipart/form-data"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest):
-            await request.form()
-
-
-class TestSecurityLimits:
-    """Test security limits on form parsing."""
-
-    @pytest.mark.asyncio
-    async def test_max_fields_limit(self):
-        """Should reject requests with too many fields."""
-        boundary = "----TestBoundary123"
-        # Create body with many fields
-        parts = []
-        for i in range(1001):  # Default max is 1000
-            parts.append(
-                f"------TestBoundary123\r\n"
-                f'Content-Disposition: form-data; name="field{i}"\r\n'
-                f"\r\n"
-                f"value{i}\r\n"
-            )
-        parts.append("------TestBoundary123--\r\n")
-        body = "".join(parts).encode()
-
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="(?i)too many"):
-            await request.form(max_fields=1000)
-
-    @pytest.mark.asyncio
-    async def test_max_file_size_limit(self):
-        """Should reject files exceeding size limit."""
-        boundary = "----TestBoundary123"
-        large_content = b"x" * (11 * 1024 * 1024)  # 11MB
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="big.bin"\r\n'
-            b"Content-Type: application/octet-stream\r\n"
-            b"\r\n" + large_content + b"\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="(?i)file.*too large|too large"):
-            await request.form(files=True, max_file_size=10 * 1024 * 1024)
-
-    @pytest.mark.asyncio
-    async def test_max_request_size_limit(self):
-        """Should reject requests exceeding total size limit."""
-        boundary = "----TestBoundary123"
-        large_content = b"x" * (6 * 1024 * 1024)  # 6MB
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="big.bin"\r\n'
-            b"Content-Type: application/octet-stream\r\n"
-            b"\r\n" + large_content + b"\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="(?i)too large|request.*too large"):
-            await request.form(files=True, max_request_size=5 * 1024 * 1024)
-
-
-class TestMultipartStrictnessAndLimits:
-    """Tests that enforce stricter ASGI and multipart behaviors."""
-
-    @pytest.mark.asyncio
-    async def test_multipart_truncated_body_is_error(self):
-        """Truncated multipart without closing boundary should raise."""
-        boundary = "----TestBoundary123"
-        # Missing the final closing boundary line
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="field"\r\n'
-            b"\r\n"
-            b"value\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="Truncated multipart body"):
-            await request.form()
-
-    @pytest.mark.asyncio
-    async def test_disconnect_mid_body_is_error(self):
-        """Client disconnect during body streaming should raise."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="field"\r\n'
-            b"\r\n"
-            b"value\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_disconnect_receive(body, chunk_size=16))
-
-        with pytest.raises(BadRequest, match="disconnected"):
-            await request.form()
-
-    @pytest.mark.asyncio
-    async def test_unknown_asgi_message_type_is_ignored(self):
-        """Unexpected ASGI message types should be ignored."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="field"\r\n'
-            b"\r\n"
-            b"value\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive_with_noise(body))
-
-        form = await request.form()
-        assert form["field"] == "value"
-
-    @pytest.mark.asyncio
-    async def test_max_files_enforced_even_when_files_false(self):
-        """File count limits should apply even when file handling is disabled."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="f1"; filename="a.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"a\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="f2"; filename="b.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"b\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="Too many files"):
-            await request.form(files=False, max_files=1)
-
-    @pytest.mark.asyncio
-    async def test_max_parts_limit(self):
-        """Total part count should be bounded."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="a"\r\n'
-            b"\r\n"
-            b"1\r\n"
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="b"\r\n'
-            b"\r\n"
-            b"2\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="Too many parts"):
-            await request.form(max_parts=1)
-
-    @pytest.mark.asyncio
-    async def test_max_file_size_enforced_even_when_files_false(self):
-        """File size limits should apply even when file handling is disabled."""
-        boundary = "----TestBoundary123"
-        big_content = b"x" * 2048
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="big.bin"\r\n'
-            b"Content-Type: application/octet-stream\r\n"
-            b"\r\n" + big_content + b"\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="File too large"):
-            await request.form(files=False, max_file_size=1024)
-
-    @pytest.mark.asyncio
-    async def test_part_header_limits(self):
-        """Overly large part headers should be rejected."""
-        boundary = "----TestBoundary123"
-        huge_header_value = "x" * 5000
-        body = (
-            b"------TestBoundary123\r\n"
-            + f'Content-Disposition: form-data; name="field"; foo="{huge_header_value}"\r\n'.encode()
-            + b"\r\n"
-            + b"value\r\n"
-            + b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="headers too large"):
-            await request.form(max_part_header_bytes=1024)
-
-    @pytest.mark.asyncio
-    async def test_insufficient_disk_space_rejects_upload(self, monkeypatch):
-        """Uploads should be rejected when free disk is below the floor."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="file"; filename="test.txt"\r\n'
-            b"Content-Type: text/plain\r\n"
-            b"\r\n"
-            b"Hello\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-
-        DiskUsage = namedtuple("DiskUsage", ("total", "used", "free"))
-        monkeypatch.setattr(
-            "datasette.utils.multipart.shutil.disk_usage",
-            lambda path: DiskUsage(total=100, used=95, free=5),
-        )
-
-        request = Request(scope, make_receive(body))
-        with pytest.raises(BadRequest, match="Insufficient disk space"):
-            await request.form(files=True, min_free_disk_bytes=50)
-
-    @pytest.mark.asyncio
-    async def test_low_disk_space_does_not_block_field_only_forms(self, monkeypatch):
-        """Low disk space should not reject multipart forms with no file parts."""
-        boundary = "----TestBoundary123"
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="field"\r\n'
-            b"\r\n"
-            b"value\r\n"
-            b"------TestBoundary123--\r\n"
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-
-        DiskUsage = namedtuple("DiskUsage", ("total", "used", "free"))
-        monkeypatch.setattr(
-            "datasette.utils.multipart.shutil.disk_usage",
-            lambda path: DiskUsage(total=100, used=99, free=1),
-        )
-
-        request = Request(scope, make_receive(body))
-        form = await request.form(files=True, min_free_disk_bytes=50)
-        assert form["field"] == "value"
-
-    @pytest.mark.asyncio
-    async def test_headers_without_newline_hit_header_byte_limit(self):
-        """Headers that never terminate should still hit the header byte limit."""
-        boundary = "----TestBoundary123"
-        huge = b"x" * 5000
-        # No CRLF is included after the header line
-        body = (
-            b"------TestBoundary123\r\n"
-            b'Content-Disposition: form-data; name="field"; foo="' + huge + b'"'
-        )
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", f"multipart/form-data; boundary={boundary}".encode()),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        with pytest.raises(BadRequest, match="headers too large"):
-            await request.form(max_part_header_bytes=1024)
-
-
-class TestFormDataLenSemantics:
-    """Test that FormData.__len__ reflects number of items, not unique keys."""
-
-    @pytest.mark.asyncio
-    async def test_len_counts_items(self):
-        body = b"tag=python&tag=web&tag=api"
-        scope = {
-            "type": "http",
-            "method": "POST",
-            "headers": [
-                (b"content-type", b"application/x-www-form-urlencoded"),
-            ],
-        }
-        request = Request(scope, make_receive(body))
-
-        form = await request.form()
-        assert len(form) == 3
-
-
-# Conformance test suite using multipart-form-data-conformance
-
-# Tests where our parser intentionally differs from strict spec for security/practicality
-# Our parser sanitizes filenames (strips paths) while the conformance suite expects raw
-FILENAME_SANITIZATION_TESTS = {
-    "026-filename-with-backslash",  # We preserve backslashes but they test expects raw
-    "029-filename-path-traversal",  # We strip path components for security
-}
-
-# Tests for optional/lenient features we don't implement
-OPTIONAL_TESTS = {
-    "085-header-folding",  # Obsolete header folding feature
-}
-
-# Tests for malformed input where we're lenient instead of erroring
-LENIENT_PARSING_TESTS = {
-    "203-missing-content-disposition",
-    "204-invalid-content-disposition",
-}
-
-
-def load_conformance_test_cases():
-    """Load all test cases from multipart-form-data-conformance."""
-    tests_dir = get_tests_dir()
-    test_cases = []
-
-    for category_dir in sorted(tests_dir.iterdir()):
-        if not category_dir.is_dir():
-            continue
-        for test_dir in sorted(category_dir.iterdir()):
-            if not test_dir.is_dir():
-                continue
-            test_json = test_dir / "test.json"
-            headers_json = test_dir / "headers.json"
-            input_raw = test_dir / "input.raw"
-
-            if not all(f.exists() for f in [test_json, headers_json, input_raw]):
-                continue
-
-            with open(test_json) as f:
-                test_spec = json.load(f)
-            with open(headers_json) as f:
-                headers = json.load(f)
-            with open(input_raw, "rb") as f:
-                body = f.read()
-
-            test_id = test_spec["id"]
-
-            # Add marks for tests we handle differently
-            marks = []
-            if test_id in FILENAME_SANITIZATION_TESTS:
-                marks.append(
-                    pytest.mark.xfail(reason="Parser sanitizes filenames for security")
-                )
-            elif test_id in OPTIONAL_TESTS:
-                marks.append(
-                    pytest.mark.xfail(reason="Optional feature not implemented")
-                )
-            elif test_id in LENIENT_PARSING_TESTS:
-                marks.append(
-                    pytest.mark.xfail(reason="Parser is lenient with malformed input")
-                )
-
-            test_cases.append(
-                pytest.param(
-                    test_spec,
-                    headers,
-                    body,
-                    id=test_id,
-                    marks=marks,
-                )
-            )
-
-    return test_cases
-
-
-CONFORMANCE_TEST_CASES = load_conformance_test_cases()
-
-
-@pytest.mark.parametrize("test_spec,headers,body", CONFORMANCE_TEST_CASES)
-@pytest.mark.asyncio
-async def test_conformance(test_spec, headers, body):
-    """
-    Run conformance test cases from multipart-form-data-conformance.
-
-    Each test case specifies:
-    - headers: HTTP headers including Content-Type with boundary
-    - body: Raw multipart body bytes
-    - expected: Expected parse result (valid/invalid, parts list)
-    """
-    scope = {
-        "type": "http",
-        "method": "POST",
-        "headers": [(k.encode(), v.encode()) for k, v in headers.items()],
-    }
-    request = Request(scope, make_receive(body))
-
-    expected = test_spec["expected"]
-
-    if not expected["valid"]:
-        # Should raise an error for invalid input
-        with pytest.raises((BadRequest, ValueError)):
-            await request.form(files=True)
-        return
-
-    # Parse form data
-    form = await request.form(files=True)
-
-    # Verify each expected part
-    for i, expected_part in enumerate(expected["parts"]):
-        name = expected_part["name"]
-
-        # Get value(s) for this name
-        values = form.getlist(name)
-
-        # Find the value at the correct index for this name
-        # (handles multiple values with same name)
-        same_name_count = sum(1 for p in expected["parts"][:i] if p["name"] == name)
-
-        if same_name_count >= len(values):
-            pytest.fail(
-                f"Expected part {name} at index {same_name_count} but only {len(values)} found"
-            )
-
-        value = values[same_name_count]
-
-        # Determine expected content
-        if "body_base64" in expected_part:
-            expected_content = base64.b64decode(expected_part["body_base64"])
-        elif "body_text" in expected_part:
-            expected_content = expected_part["body_text"].encode("utf-8")
-        else:
-            expected_content = None
-
-        # Check for file vs field
-        # A part is a file if it has a filename OR filename_star
-        is_file = (
-            expected_part.get("filename") is not None
-            or expected_part.get("filename_star") is not None
-        )
-
-        if is_file:
-            # It's a file
-            assert hasattr(value, "filename"), f"Expected file for {name}"
-
-            # Check filename - use filename_star if present, else filename
-            expected_filename = expected_part.get("filename_star") or expected_part.get(
-                "filename"
-            )
-            if expected_filename:
-                assert (
-                    value.filename == expected_filename
-                ), f"Filename mismatch: expected {expected_filename!r}, got {value.filename!r}"
-
-            if expected_part.get("content_type"):
-                assert value.content_type == expected_part["content_type"]
-
-            content = await value.read()
-            assert (
-                len(content) == expected_part["body_size"]
-            ), f"Size mismatch: expected {expected_part['body_size']}, got {len(content)}"
-            if expected_content is not None:
-                assert content == expected_content
-        else:
-            # It's a text field
-            if hasattr(value, "filename"):
-                pytest.fail(f"Expected text field for {name}, got file")
-
-            if expected_content is not None:
-                # For text fields, value is a string
-                try:
-                    expected_text = expected_content.decode("utf-8")
-                except UnicodeDecodeError:
-                    expected_text = expected_content.decode("latin-1")
-                assert (
-                    value == expected_text
-                ), f"Value mismatch: expected {expected_text!r}, got {value!r}"
diff --git a/tests/test_package.py b/tests/test_package.py
index f05f3ece..f0cbe88f 100644
--- a/tests/test_package.py
+++ b/tests/test_package.py
@@ -1,9 +1,8 @@
 from click.testing import CliRunner
 from datasette import cli
 from unittest import mock
-import os
 import pathlib
-import pytest
+import json
 
 
 class CaptureDockerfile:
@@ -12,11 +11,11 @@ class CaptureDockerfile:
 
 
 EXPECTED_DOCKERFILE = """
-FROM python:3.11.0-slim-bullseye
+FROM python:3.8
 COPY . /app
 WORKDIR /app
 
-ENV DATASETTE_SECRET 'sekrit'
+
 RUN pip install -U datasette
 RUN datasette inspect test.db --inspect-file inspect-data.json
 ENV PORT {port}
@@ -25,35 +24,30 @@ CMD datasette serve --host 0.0.0.0 -i test.db --cors --inspect-file inspect-data
 """.strip()
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.cli.call")
-def test_package(mock_call, mock_which, tmp_path_factory):
+def test_package(mock_call, mock_which):
     mock_which.return_value = True
     runner = CliRunner()
     capture = CaptureDockerfile()
     mock_call.side_effect = capture
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(cli.cli, ["package", "test.db", "--secret", "sekrit"])
-    assert 0 == result.exit_code
-    mock_call.assert_has_calls([mock.call(["docker", "build", "."])])
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["package", "test.db"])
+        assert 0 == result.exit_code
+        mock_call.assert_has_calls([mock.call(["docker", "build", "."])])
     assert EXPECTED_DOCKERFILE.format(port=8001) == capture.captured
 
 
 @mock.patch("shutil.which")
 @mock.patch("datasette.cli.call")
-def test_package_with_port(mock_call, mock_which, tmp_path_factory):
+def test_package_with_port(mock_call, mock_which):
     mock_which.return_value = True
     capture = CaptureDockerfile()
     mock_call.side_effect = capture
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(
-        cli.cli, ["package", "test.db", "-p", "8080", "--secret", "sekrit"]
-    )
-    assert 0 == result.exit_code
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["package", "test.db", "-p", "8080"])
+        assert 0 == result.exit_code
     assert EXPECTED_DOCKERFILE.format(port=8080) == capture.captured
diff --git a/tests/test_permission_endpoints.py b/tests/test_permission_endpoints.py
deleted file mode 100644
index e25be23e..00000000
--- a/tests/test_permission_endpoints.py
+++ /dev/null
@@ -1,499 +0,0 @@
-"""
-Tests for permission endpoints:
-- /-/allowed.json
-- /-/rules.json
-"""
-
-import pytest
-import pytest_asyncio
-from datasette.app import Datasette
-
-
-@pytest_asyncio.fixture
-async def ds_with_permissions():
-    """Create a Datasette instance with test data and permissions."""
-    ds = Datasette()
-    ds.root_enabled = True
-    await ds.invoke_startup()
-
-    # Add some test databases and tables
-    db = ds.add_memory_database("analytics")
-    await db.execute_write(
-        "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT, email TEXT)"
-    )
-    await db.execute_write(
-        "CREATE TABLE IF NOT EXISTS events (id INTEGER PRIMARY KEY, event_type TEXT, user_id INTEGER)"
-    )
-
-    db2 = ds.add_memory_database("production")
-    await db2.execute_write(
-        "CREATE TABLE IF NOT EXISTS orders (id INTEGER PRIMARY KEY, total REAL)"
-    )
-    await db2.execute_write(
-        "CREATE TABLE IF NOT EXISTS customers (id INTEGER PRIMARY KEY, name TEXT)"
-    )
-
-    await ds.refresh_schemas()
-
-    return ds
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_status,expected_keys",
-    [
-        # Instance level permission
-        (
-            "/-/allowed.json?action=view-instance",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        # Database level permission
-        (
-            "/-/allowed.json?action=view-database",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        # Table level permission
-        (
-            "/-/allowed.json?action=view-table",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        (
-            "/-/allowed.json?action=execute-sql",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        # Missing action parameter
-        ("/-/allowed.json", 400, {"error"}),
-        # Invalid action
-        ("/-/allowed.json?action=nonexistent", 404, {"error"}),
-        # Any valid action works, even if no permission rules exist for it
-        (
-            "/-/allowed.json?action=insert-row",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-    ],
-)
-async def test_allowed_json_basic(
-    ds_with_permissions, path, expected_status, expected_keys
-):
-    response = await ds_with_permissions.client.get(path)
-    assert response.status_code == expected_status
-    data = response.json()
-    assert expected_keys.issubset(data.keys())
-
-
-@pytest.mark.asyncio
-async def test_allowed_json_response_structure(ds_with_permissions):
-    """Test that /-/allowed.json returns the expected structure."""
-    response = await ds_with_permissions.client.get(
-        "/-/allowed.json?action=view-instance"
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Check required fields
-    assert "action" in data
-    assert "actor_id" in data
-    assert "page" in data
-    assert "page_size" in data
-    assert "total" in data
-    assert "items" in data
-
-    # Check items structure
-    assert isinstance(data["items"], list)
-    if data["items"]:
-        item = data["items"][0]
-        assert "parent" in item
-        assert "child" in item
-        assert "resource" in item
-
-
-@pytest.mark.asyncio
-async def test_allowed_json_with_actor(ds_with_permissions):
-    """Test /-/allowed.json includes actor information."""
-    response = await ds_with_permissions.client.get(
-        "/-/allowed.json?action=view-table",
-        actor={"id": "test_user"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["actor_id"] == "test_user"
-
-
-@pytest.mark.asyncio
-async def test_allowed_json_pagination():
-    """Test that /-/allowed.json pagination works."""
-    ds = Datasette()
-    await ds.invoke_startup()
-
-    # Create many tables to test pagination
-    db = ds.add_memory_database("test")
-    for i in range(30):
-        await db.execute_write(f"CREATE TABLE table{i:02d} (id INTEGER PRIMARY KEY)")
-    await ds.refresh_schemas()
-
-    # Test page 1
-    response = await ds.client.get(
-        "/-/allowed.json?action=view-table&page_size=10&page=1"
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["page"] == 1
-    assert data["page_size"] == 10
-    assert len(data["items"]) == 10
-
-    # Test page 2
-    response = await ds.client.get(
-        "/-/allowed.json?action=view-table&page_size=10&page=2"
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["page"] == 2
-    assert len(data["items"]) == 10
-
-    # Verify items are different between pages
-    response1 = await ds.client.get(
-        "/-/allowed.json?action=view-table&page_size=10&page=1"
-    )
-    response2 = await ds.client.get(
-        "/-/allowed.json?action=view-table&page_size=10&page=2"
-    )
-    items1 = {(item["parent"], item["child"]) for item in response1.json()["items"]}
-    items2 = {(item["parent"], item["child"]) for item in response2.json()["items"]}
-    assert items1 != items2
-
-
-@pytest.mark.asyncio
-async def test_allowed_json_total_count(tmp_path_factory):
-    """Test that /-/allowed.json returns correct total count."""
-    from datasette.database import Database
-
-    # Use temporary file databases to avoid leakage from other tests
-    tmp_dir = tmp_path_factory.mktemp("test_allowed_json_total_count")
-
-    ds = Datasette()
-    await ds.invoke_startup()
-
-    # Create test databases with tables
-    analytics_db = ds.add_database(
-        Database(ds, path=str(tmp_dir / "analytics.db")), name="analytics"
-    )
-    await analytics_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT, email TEXT)"
-    )
-    await analytics_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS events (id INTEGER PRIMARY KEY, event_type TEXT, user_id INTEGER)"
-    )
-
-    production_db = ds.add_database(
-        Database(ds, path=str(tmp_dir / "production.db")), name="production"
-    )
-    await production_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS orders (id INTEGER PRIMARY KEY, total REAL)"
-    )
-    await production_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS customers (id INTEGER PRIMARY KEY, name TEXT)"
-    )
-
-    await ds.refresh_schemas()
-
-    response = await ds.client.get("/-/allowed.json?action=view-table")
-    assert response.status_code == 200
-    data = response.json()
-
-    # We created 4 tables total (2 in analytics, 2 in production)
-    import json
-
-    assert (
-        data["total"] == 4
-    ), f"Expected total=4, got: {json.dumps(data, separators=(',', ':'))}"
-
-
-# /-/rules.json tests
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_status,expected_keys",
-    [
-        # Instance level rules
-        (
-            "/-/rules.json?action=view-instance",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        # Database level rules
-        (
-            "/-/rules.json?action=view-database",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        # Table level rules
-        (
-            "/-/rules.json?action=view-table",
-            200,
-            {"action", "items", "total", "page"},
-        ),
-        # Missing action parameter
-        ("/-/rules.json", 400, {"error"}),
-        # Invalid action
-        ("/-/rules.json?action=nonexistent", 404, {"error"}),
-    ],
-)
-async def test_rules_json_basic(
-    ds_with_permissions, path, expected_status, expected_keys
-):
-    # Use root actor for rules endpoint (requires permissions-debug)
-    response = await ds_with_permissions.client.get(
-        path,
-        actor={"id": "root"},
-    )
-    assert response.status_code == expected_status
-    data = response.json()
-    assert expected_keys.issubset(data.keys())
-
-
-@pytest.mark.asyncio
-async def test_rules_json_response_structure(ds_with_permissions):
-    """Test that /-/rules.json returns the expected structure."""
-    response = await ds_with_permissions.client.get(
-        "/-/rules.json?action=view-instance",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Check required fields
-    assert "action" in data
-    assert "actor_id" in data
-    assert "page" in data
-    assert "page_size" in data
-    assert "total" in data
-    assert "items" in data
-
-    # Check items structure
-    assert isinstance(data["items"], list)
-    if data["items"]:
-        item = data["items"][0]
-        assert "parent" in item
-        assert "child" in item
-        assert "resource" in item
-        assert "allow" in item
-        assert "reason" in item
-
-
-@pytest.mark.asyncio
-async def test_rules_json_includes_all_rules(ds_with_permissions):
-    """Test that /-/rules.json includes both allowed and denied resources."""
-    # Root user should see rules for everything
-    response = await ds_with_permissions.client.get(
-        "/-/rules.json?action=view-table",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Should have items (root has global allow)
-    assert len(data["items"]) > 0
-
-    # Each item should have allow field (0 or 1)
-    for item in data["items"]:
-        assert "allow" in item
-        assert item["allow"] in [0, 1]
-
-
-@pytest.mark.asyncio
-async def test_rules_json_pagination():
-    """Test that /-/rules.json pagination works."""
-    ds = Datasette()
-    ds.root_enabled = True
-    await ds.invoke_startup()
-
-    # Create some tables
-    db = ds.add_memory_database("test")
-    for i in range(5):
-        await db.execute_write(
-            f"CREATE TABLE IF NOT EXISTS table{i:02d} (id INTEGER PRIMARY KEY)"
-        )
-    await ds.refresh_schemas()
-
-    # Test basic pagination structure - just verify it returns paginated results
-    response = await ds.client.get(
-        "/-/rules.json?action=view-table&page_size=2&page=1",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["page"] == 1
-    assert data["page_size"] == 2
-    # Verify items is a list (may have fewer items than page_size if there aren't many rules)
-    assert isinstance(data["items"], list)
-    assert "total" in data
-
-
-@pytest.mark.asyncio
-async def test_rules_json_with_actor(ds_with_permissions):
-    """Test /-/rules.json includes actor information."""
-    # Use root actor (rules endpoint requires permissions-debug)
-    response = await ds_with_permissions.client.get(
-        "/-/rules.json?action=view-table",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["actor_id"] == "root"
-
-
-@pytest.mark.asyncio
-async def test_root_user_respects_settings_deny():
-    """
-    Test for issue #2509: Settings-based deny rules should override root user privileges.
-
-    When a database has `allow: false` in settings, the root user should NOT see
-    that database in /-/allowed.json?action=view-database.
-    """
-    ds = Datasette(
-        config={
-            "databases": {
-                "content": {
-                    "allow": False,  # Deny everyone, including root
-                }
-            }
-        }
-    )
-    ds.root_enabled = True
-    await ds.invoke_startup()
-    ds.add_memory_database("content")
-
-    # Root user should NOT see the denied database
-    response = await ds.client.get(
-        "/-/allowed.json?action=view-database",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Check that content database is NOT in the allowed list
-    allowed_databases = [item["parent"] for item in data["items"]]
-    assert "content" not in allowed_databases, (
-        f"Root user should not see 'content' database when settings deny it, "
-        f"but found it in: {allowed_databases}"
-    )
-
-
-@pytest.mark.asyncio
-async def test_root_user_respects_settings_deny_tables():
-    """
-    Test for issue #2509: Settings-based deny rules should override root for tables too.
-
-    When a database has `allow: false` in settings, the root user should NOT see
-    tables from that database in /-/allowed.json?action=view-table.
-    """
-    ds = Datasette(
-        config={
-            "databases": {
-                "content": {
-                    "allow": False,  # Deny everyone, including root
-                }
-            }
-        }
-    )
-    ds.root_enabled = True
-    await ds.invoke_startup()
-
-    # Add a database with a table
-    db = ds.add_memory_database("content")
-    await db.execute_write("CREATE TABLE repos (id INTEGER PRIMARY KEY, name TEXT)")
-    await ds.refresh_schemas()
-
-    # Root user should NOT see tables from the content database
-    response = await ds.client.get(
-        "/-/allowed.json?action=view-table",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Check that content.repos table is NOT in the allowed list
-    content_tables = [
-        item["child"] for item in data["items"] if item["parent"] == "content"
-    ]
-    assert "repos" not in content_tables, (
-        f"Root user should not see tables from 'content' database when settings deny it, "
-        f"but found: {content_tables}"
-    )
-
-
-@pytest.mark.asyncio
-async def test_execute_sql_requires_view_database():
-    """
-    Test for issue #2527: execute-sql permission should require view-database permission.
-
-    A user who has execute-sql permission but not view-database permission should not
-    be able to execute SQL on that database.
-    """
-    from datasette.permissions import PermissionSQL
-    from datasette import hookimpl
-
-    class TestPermissionPlugin:
-        __name__ = "TestPermissionPlugin"
-
-        @hookimpl
-        def permission_resources_sql(self, datasette, actor, action):
-            if actor is None or actor.get("id") != "test_user":
-                return []
-
-            if action == "execute-sql":
-                # Grant execute-sql on the "secret" database
-                return PermissionSQL(
-                    sql="SELECT 'secret' AS parent, NULL AS child, 1 AS allow, 'can execute sql' AS reason",
-                )
-            elif action == "view-database":
-                # Deny view-database on the "secret" database
-                return PermissionSQL(
-                    sql="SELECT 'secret' AS parent, NULL AS child, 0 AS allow, 'cannot view db' AS reason",
-                )
-
-            return []
-
-    plugin = TestPermissionPlugin()
-
-    ds = Datasette()
-    await ds.invoke_startup()
-    ds.pm.register(plugin, name="test_plugin")
-
-    try:
-        ds.add_memory_database("secret")
-        await ds.refresh_schemas()
-
-        # User should NOT have execute-sql permission because view-database is denied
-        response = await ds.client.get(
-            "/-/allowed.json?action=execute-sql",
-            actor={"id": "test_user"},
-        )
-        assert response.status_code == 200
-        data = response.json()
-
-        # The "secret" database should NOT be in the allowed list for execute-sql
-        allowed_databases = [item["parent"] for item in data["items"]]
-        assert "secret" not in allowed_databases, (
-            f"User should not have execute-sql permission without view-database, "
-            f"but found 'secret' in: {allowed_databases}"
-        )
-
-        # Also verify that attempting to execute SQL on the database is denied
-        # (may be 403 or 302 redirect to login/error page depending on middleware)
-        response = await ds.client.get(
-            "/secret?sql=SELECT+1",
-            actor={"id": "test_user"},
-        )
-        assert response.status_code in (302, 403), (
-            f"Expected 302 or 403 when trying to execute SQL without view-database permission, "
-            f"but got {response.status_code}"
-        )
-    finally:
-        ds.pm.unregister(plugin)
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
deleted file mode 100644
index 8323fe92..00000000
--- a/tests/test_permissions.py
+++ /dev/null
@@ -1,1801 +0,0 @@
-import collections
-from asgiref.sync import async_to_sync
-from datasette.app import Datasette
-from datasette.cli import cli
-from datasette.default_permissions import restrictions_allow_action
-from .fixtures import assert_permissions_checked, make_app_client
-from click.testing import CliRunner
-from bs4 import BeautifulSoup as Soup
-import copy
-import json
-from pprint import pprint
-import pytest_asyncio
-import pytest
-import re
-import time
-import urllib
-
-
-@pytest.fixture(scope="module")
-def padlock_client():
-    with make_app_client(
-        config={
-            "databases": {
-                "fixtures": {
-                    "queries": {"two": {"sql": "select 1 + 1"}},
-                }
-            }
-        }
-    ) as client:
-        yield client
-
-
-@pytest_asyncio.fixture
-async def perms_ds():
-    ds = Datasette()
-    await ds.invoke_startup()
-    one = ds.add_memory_database("perms_ds_one")
-    two = ds.add_memory_database("perms_ds_two")
-    await one.execute_write("create table if not exists t1 (id integer primary key)")
-    await one.execute_write("insert or ignore into t1 (id) values (1)")
-    await one.execute_write("create view if not exists v1 as select * from t1")
-    await one.execute_write("create table if not exists t2 (id integer primary key)")
-    await two.execute_write("create table if not exists t1 (id integer primary key)")
-    # Trigger catalog refresh so allowed_resources() can be called
-    await ds.client.get("/")
-    return ds
-
-
-@pytest.mark.parametrize(
-    "allow,expected_anon,expected_auth",
-    [
-        (None, 200, 200),
-        ({}, 403, 403),
-        ({"id": "root"}, 403, 200),
-    ],
-)
-@pytest.mark.parametrize(
-    "path",
-    (
-        "/",
-        "/fixtures",
-        "/-/api",
-        "/fixtures/compound_three_primary_keys",
-        "/fixtures/compound_three_primary_keys/a,a,a",
-        pytest.param(
-            "/fixtures/two",
-            marks=pytest.mark.xfail(
-                reason="view-query not yet migrated to new permission system"
-            ),
-        ),  # Query
-    ),
-)
-def test_view_padlock(allow, expected_anon, expected_auth, path, padlock_client):
-    padlock_client.ds.config["allow"] = allow
-    fragment = "🔒
    "
-    anon_response = padlock_client.get(path)
-    assert expected_anon == anon_response.status
-    if allow and anon_response.status == 200:
-        # Should be no padlock
-        assert fragment not in anon_response.text
-    auth_response = padlock_client.get(
-        path,
-        cookies={"ds_actor": padlock_client.actor_cookie({"id": "root"})},
-    )
-    assert expected_auth == auth_response.status
-    # Check for the padlock
-    if allow and expected_anon == 403 and expected_auth == 200:
-        assert fragment in auth_response.text
-    del padlock_client.ds.config["allow"]
-
-
-@pytest.mark.parametrize(
-    "allow,expected_anon,expected_auth",
-    [
-        (None, 200, 200),
-        ({}, 403, 403),
-        ({"id": "root"}, 403, 200),
-    ],
-)
-@pytest.mark.parametrize("use_metadata", (True, False))
-def test_view_database(allow, expected_anon, expected_auth, use_metadata):
-    key = "metadata" if use_metadata else "config"
-    kwargs = {key: {"databases": {"fixtures": {"allow": allow}}}}
-    with make_app_client(**kwargs) as client:
-        for path in (
-            "/fixtures",
-            "/fixtures/compound_three_primary_keys",
-            "/fixtures/compound_three_primary_keys/a,a,a",
-        ):
-            anon_response = client.get(path)
-            assert expected_anon == anon_response.status, path
-            if allow and path == "/fixtures" and anon_response.status == 200:
-                # Should be no padlock
-                assert ">fixtures 🔒" not in anon_response.text
-            auth_response = client.get(
-                path,
-                cookies={"ds_actor": client.actor_cookie({"id": "root"})},
-            )
-            assert expected_auth == auth_response.status
-            if (
-                allow
-                and path == "/fixtures"
-                and expected_anon == 403
-                and expected_auth == 200
-            ):
-                assert ">fixtures 🔒" in auth_response.text
-
-
-def test_database_list_respects_view_database():
-    with make_app_client(
-        config={"databases": {"fixtures": {"allow": {"id": "root"}}}},
-        extra_databases={"data.db": "create table names (name text)"},
-    ) as client:
-        anon_response = client.get("/")
-        assert 'data' in anon_response.text
-        assert 'fixtures' not in anon_response.text
-        auth_response = client.get(
-            "/",
-            cookies={"ds_actor": client.actor_cookie({"id": "root"})},
-        )
-        assert 'data' in auth_response.text
-        assert 'fixtures 🔒' in auth_response.text
-
-
-def test_database_list_respects_view_table():
-    with make_app_client(
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "names": {"allow": {"id": "root"}},
-                        "v": {"allow": {"id": "root"}},
-                    }
-                }
-            }
-        },
-        extra_databases={
-            "data.db": "create table names (name text); create view v as select * from names"
-        },
-    ) as client:
-        html_fragments = [
-            ">names 🔒",
-            ">v 🔒",
-        ]
-        anon_response_text = client.get("/").text
-        assert "0 rows in 0 tables" in anon_response_text
-        for html_fragment in html_fragments:
-            assert html_fragment not in anon_response_text
-        auth_response_text = client.get(
-            "/",
-            cookies={"ds_actor": client.actor_cookie({"id": "root"})},
-        ).text
-        for html_fragment in html_fragments:
-            assert html_fragment in auth_response_text
-
-
-@pytest.mark.parametrize(
-    "allow,expected_anon,expected_auth",
-    [
-        (None, 200, 200),
-        ({}, 403, 403),
-        ({"id": "root"}, 403, 200),
-    ],
-)
-@pytest.mark.parametrize("use_metadata", (True, False))
-def test_view_table(allow, expected_anon, expected_auth, use_metadata):
-    key = "metadata" if use_metadata else "config"
-    kwargs = {
-        key: {
-            "databases": {
-                "fixtures": {
-                    "tables": {"compound_three_primary_keys": {"allow": allow}}
-                }
-            }
-        }
-    }
-    with make_app_client(**kwargs) as client:
-        anon_response = client.get("/fixtures/compound_three_primary_keys")
-        assert expected_anon == anon_response.status
-        if allow and anon_response.status == 200:
-            # Should be no padlock
-            assert ">compound_three_primary_keys 🔒" not in anon_response.text
-        auth_response = client.get(
-            "/fixtures/compound_three_primary_keys",
-            cookies={"ds_actor": client.actor_cookie({"id": "root"})},
-        )
-        assert expected_auth == auth_response.status
-        if allow and expected_anon == 403 and expected_auth == 200:
-            assert ">compound_three_primary_keys 🔒" in auth_response.text
-
-
-def test_table_list_respects_view_table():
-    with make_app_client(
-        config={
-            "databases": {
-                "fixtures": {
-                    "tables": {
-                        "compound_three_primary_keys": {"allow": {"id": "root"}},
-                        # And a SQL view too:
-                        "paginated_view": {"allow": {"id": "root"}},
-                    }
-                }
-            }
-        }
-    ) as client:
-        html_fragments = [
-            ">compound_three_primary_keys 🔒",
-            ">paginated_view 🔒",
-        ]
-        anon_response = client.get("/fixtures")
-        for html_fragment in html_fragments:
-            assert html_fragment not in anon_response.text
-        auth_response = client.get(
-            "/fixtures", cookies={"ds_actor": client.actor_cookie({"id": "root"})}
-        )
-        for html_fragment in html_fragments:
-            assert html_fragment in auth_response.text
-
-
-@pytest.mark.parametrize(
-    "allow,expected_anon,expected_auth",
-    [
-        (None, 200, 200),
-        ({}, 403, 403),
-        ({"id": "root"}, 403, 200),
-    ],
-)
-def test_view_query(allow, expected_anon, expected_auth):
-    with make_app_client(
-        config={
-            "databases": {
-                "fixtures": {"queries": {"q": {"sql": "select 1 + 1", "allow": allow}}}
-            }
-        }
-    ) as client:
-        anon_response = client.get("/fixtures/q")
-        assert expected_anon == anon_response.status
-        if allow and anon_response.status == 200:
-            # Should be no padlock
-            assert "🔒" not in anon_response.text
-        auth_response = client.get(
-            "/fixtures/q", cookies={"ds_actor": client.actor_cookie({"id": "root"})}
-        )
-        assert expected_auth == auth_response.status
-        if allow and expected_anon == 403 and expected_auth == 200:
-            assert ">fixtures: q 🔒" in auth_response.text
-
-
-@pytest.mark.parametrize(
-    "config",
-    [
-        {"allow_sql": {"id": "root"}},
-        {"databases": {"fixtures": {"allow_sql": {"id": "root"}}}},
-    ],
-)
-def test_execute_sql(config):
-    schema_re = re.compile("const schema = ({.*?});", re.DOTALL)
-    with make_app_client(config=config) as client:
-        form_fragment = '',
-        '',
-        '',
-    ):
-        assert fragment in response.text
-    # Should show one failure and one success
-    soup = Soup(response.text, "html.parser")
-    table = soup.find("table", {"id": "permission-checks-table"})
-    rows = table.find("tbody").find_all("tr")
-    checks = []
-    for row in rows:
-        cells = row.find_all("td")
-        result_cell = cells[5]
-        if result_cell.select_one(".check-result-true"):
-            result = True
-        elif result_cell.select_one(".check-result-false"):
-            result = False
-        else:
-            result = None
-        actor_code = cells[4].find("code")
-        actor = json.loads(actor_code.text) if actor_code else None
-        checks.append(
-            {
-                "action": cells[1].text.strip(),
-                "result": result,
-                "actor": actor,
-            }
-        )
-    expected_checks = [
-        {
-            "action": "permissions-debug",
-            "result": True,
-            "actor": {"id": "root"},
-        },
-        {
-            "action": "view-instance",
-            "result": True,
-            "actor": {"id": "root"},
-        },
-        {
-            "action": "view-instance",
-            "result": True,
-            "actor": None,
-        },
-        {
-            "action": "permissions-debug",
-            "result": False,
-            "actor": None,
-        },
-        {
-            "action": "view-instance",
-            "result": True,
-            "actor": None,
-        },
-    ]
-    if filter_ == "only-yours":
-        expected_checks = [
-            check for check in expected_checks if check["actor"] is not None
-        ]
-    elif filter_ == "exclude-yours":
-        expected_checks = [check for check in expected_checks if check["actor"] is None]
-    assert checks == expected_checks
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "actor,allow,expected_fragment",
-    [
-        ('{"id":"root"}', "{}", "Result: deny"),
-        ('{"id":"root"}', '{"id": "*"}', "Result: allow"),
-        ('{"', '{"id": "*"}', "Actor JSON error"),
-        ('{"id":"root"}', '"*"}', "Allow JSON error"),
-    ],
-)
-async def test_allow_debug(ds_client, actor, allow, expected_fragment):
-    response = await ds_client.get(
-        "/-/allow-debug?" + urllib.parse.urlencode({"actor": actor, "allow": allow})
-    )
-    assert response.status_code == 200
-    assert expected_fragment in response.text
-
-
-@pytest.mark.parametrize(
-    "allow,expected",
-    [
-        ({"id": "root"}, 403),
-        ({"id": "root", "unauthenticated": True}, 200),
-    ],
-)
-def test_allow_unauthenticated(allow, expected):
-    with make_app_client(config={"allow": allow}) as client:
-        assert expected == client.get("/").status
-
-
-@pytest.fixture(scope="session")
-def view_instance_client():
-    with make_app_client(config={"allow": {}}) as client:
-        yield client
-
-
-@pytest.mark.parametrize(
-    "path",
-    [
-        "/",
-        "/fixtures",
-        "/fixtures/facetable",
-        "/-/versions",
-        "/-/plugins",
-        "/-/settings",
-        "/-/threads",
-        "/-/databases",
-        "/-/permissions",
-        "/-/messages",
-        "/-/patterns",
-    ],
-)
-def test_view_instance(path, view_instance_client):
-    assert 403 == view_instance_client.get(path).status
-    if path not in ("/-/permissions", "/-/messages", "/-/patterns"):
-        assert 403 == view_instance_client.get(path + ".json").status
-
-
-@pytest.fixture(scope="session")
-def cascade_app_client():
-    with make_app_client(is_immutable=True) as client:
-        yield client
-
-
-@pytest.mark.parametrize(
-    "path,permissions,expected_status",
-    [
-        ("/", [], 403),
-        ("/", ["instance"], 200),
-        # Can view table even if not allowed database or instance
-        ("/fixtures/binary_data", [], 403),
-        ("/fixtures/binary_data", ["database"], 403),
-        ("/fixtures/binary_data", ["instance"], 403),
-        ("/fixtures/binary_data", ["table"], 200),
-        ("/fixtures/binary_data", ["table", "database"], 200),
-        ("/fixtures/binary_data", ["table", "database", "instance"], 200),
-        # ... same for row
-        ("/fixtures/binary_data/1", [], 403),
-        ("/fixtures/binary_data/1", ["database"], 403),
-        ("/fixtures/binary_data/1", ["instance"], 403),
-        ("/fixtures/binary_data/1", ["table"], 200),
-        ("/fixtures/binary_data/1", ["table", "database"], 200),
-        ("/fixtures/binary_data/1", ["table", "database", "instance"], 200),
-        # Can view query even if not allowed database or instance
-        ("/fixtures/magic_parameters", [], 403),
-        ("/fixtures/magic_parameters", ["database"], 403),
-        ("/fixtures/magic_parameters", ["instance"], 403),
-        ("/fixtures/magic_parameters", ["query"], 200),
-        ("/fixtures/magic_parameters", ["query", "database"], 200),
-        ("/fixtures/magic_parameters", ["query", "database", "instance"], 200),
-        # Can view database even if not allowed instance
-        ("/fixtures", [], 403),
-        ("/fixtures", ["instance"], 403),
-        ("/fixtures", ["database"], 200),
-        # Downloading the fixtures.db file
-        ("/fixtures.db", [], 403),
-        ("/fixtures.db", ["instance"], 403),
-        ("/fixtures.db", ["database"], 200),
-        ("/fixtures.db", ["download"], 200),
-    ],
-)
-def test_permissions_cascade(cascade_app_client, path, permissions, expected_status):
-    """Test that e.g. having view-table but NOT view-database lets you view table page, etc"""
-    allow = {"id": "*"}
-    deny = {}
-    previous_config = cascade_app_client.ds.config
-    updated_config = copy.deepcopy(previous_config)
-    actor = {"id": "test"}
-    if "download" in permissions:
-        actor["can_download"] = 1
-    try:
-        # Set up the different allow blocks
-        updated_config["allow"] = allow if "instance" in permissions else deny
-        # Note: download permission also needs database access (via plugin granting both)
-        # so we don't set a deny rule when download is in permissions
-        updated_config["databases"]["fixtures"]["allow"] = (
-            allow if ("database" in permissions or "download" in permissions) else deny
-        )
-        updated_config["databases"]["fixtures"]["tables"]["binary_data"] = {
-            "allow": (allow if "table" in permissions else deny)
-        }
-        updated_config["databases"]["fixtures"]["queries"]["magic_parameters"][
-            "allow"
-        ] = (allow if "query" in permissions else deny)
-        cascade_app_client.ds.config = updated_config
-        response = cascade_app_client.get(
-            path,
-            cookies={"ds_actor": cascade_app_client.actor_cookie(actor)},
-        )
-        assert (
-            response.status == expected_status
-        ), "path: {}, permissions: {}, expected_status: {}, status: {}".format(
-            path, permissions, expected_status, response.status
-        )
-    finally:
-        cascade_app_client.ds.config = previous_config
-
-
-def test_padlocks_on_database_page(cascade_app_client):
-    config = {
-        "databases": {
-            "fixtures": {
-                "allow": {"id": "test"},
-                "tables": {
-                    "123_starts_with_digits": {"allow": True},
-                    "simple_view": {"allow": True},
-                },
-                "queries": {"query_two": {"allow": True, "sql": "select 2"}},
-            }
-        }
-    }
-    previous_config = cascade_app_client.ds.config
-    try:
-        cascade_app_client.ds.config = config
-        async_to_sync(cascade_app_client.ds.invoke_startup)()
-        async_to_sync(cascade_app_client.ds.add_query)(
-            "fixtures", "query_two", "select 2", source="config"
-        )
-        response = cascade_app_client.get(
-            "/fixtures",
-            cookies={"ds_actor": cascade_app_client.actor_cookie({"id": "test"})},
-        )
-        # Tables
-        assert ">123_starts_with_digits" in response.text
-        assert ">Table With Space In Name 🔒" in response.text
-        # Queries
-        assert ">query_two" in response.text
-        # Views
-        assert ">paginated_view 🔒" in response.text
-        assert ">simple_view" in response.text
-    finally:
-        cascade_app_client.ds.config = previous_config
-        async_to_sync(cascade_app_client.ds.remove_query)("fixtures", "query_two")
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "actor,permission,resource_1,resource_2,expected_result",
-    (
-        # Without restrictions the defaults apply
-        ({"id": "t"}, "view-instance", None, None, True),
-        ({"id": "t"}, "view-database", "one", None, True),
-        ({"id": "t"}, "view-table", "one", "t1", True),
-        # If there is an _r block, everything gets denied unless explicitly allowed
-        ({"id": "t", "_r": {}}, "view-instance", None, None, False),
-        ({"id": "t", "_r": {}}, "view-database", "one", None, False),
-        ({"id": "t", "_r": {}}, "view-table", "one", "t1", False),
-        # Explicit allowing works at the "a" for all level:
-        ({"id": "t", "_r": {"a": ["vi"]}}, "view-instance", None, None, True),
-        ({"id": "t", "_r": {"a": ["vd"]}}, "view-database", "one", None, True),
-        ({"id": "t", "_r": {"a": ["vt"]}}, "view-table", "one", "t1", True),
-        # But not if it's the wrong permission
-        ({"id": "t", "_r": {"a": ["vi"]}}, "view-database", "one", None, False),
-        ({"id": "t", "_r": {"a": ["vd"]}}, "view-table", "one", "t1", False),
-        # Works at the "d" for database level:
-        ({"id": "t", "_r": {"d": {"one": ["vd"]}}}, "view-database", "one", None, True),
-        (
-            # view-database-download requires view-database too (also_requires)
-            {"id": "t", "_r": {"d": {"one": ["vdd", "vd"]}}},
-            "view-database-download",
-            "one",
-            None,
-            True,
-        ),
-        (
-            # execute-sql requires view-database too (also_requires)
-            {"id": "t", "_r": {"d": {"one": ["es", "vd"]}}},
-            "execute-sql",
-            "one",
-            None,
-            True,
-        ),
-        # Works at the "r" for table level:
-        (
-            {"id": "t", "_r": {"r": {"one": {"t1": ["vt"]}}}},
-            "view-table",
-            "one",
-            "t1",
-            True,
-        ),
-        (
-            {"id": "t", "_r": {"r": {"one": {"t1": ["vt"]}}}},
-            "view-table",
-            "one",
-            "t2",
-            False,
-        ),
-        # non-abbreviations should work too
-        (
-            {"id": "t", "_r": {"a": ["view-instance"]}},
-            "view-instance",
-            None,
-            None,
-            True,
-        ),
-        (
-            {"id": "t", "_r": {"d": {"one": ["view-database"]}}},
-            "view-database",
-            "one",
-            None,
-            True,
-        ),
-        (
-            {"id": "t", "_r": {"r": {"one": {"t1": ["view-table"]}}}},
-            "view-table",
-            "one",
-            "t1",
-            True,
-        ),
-        # view-database does NOT grant view-instance (no upward cascading)
-        ({"id": "t", "_r": {"a": ["vd"]}}, "view-instance", None, None, False),
-    ),
-)
-async def test_actor_restricted_permissions(
-    perms_ds, actor, permission, resource_1, resource_2, expected_result
-):
-    perms_ds.pdb = True
-    perms_ds.root_enabled = True  # Allow root actor to access /-/permissions
-    cookies = {"ds_actor": perms_ds.sign({"a": {"id": "root"}}, "actor")}
-    response = await perms_ds.client.post(
-        "/-/permissions",
-        data={
-            "actor": json.dumps(actor),
-            "permission": permission,
-            "resource_1": resource_1,
-            "resource_2": resource_2,
-        },
-        cookies=cookies,
-    )
-    # Response mirrors /-/check JSON structure
-    if resource_1 is None:
-        expected_path = "/"
-    elif resource_2 is None:
-        expected_path = f"/{resource_1}"
-    else:
-        expected_path = f"/{resource_1}/{resource_2}"
-
-    expected_resource = {
-        "parent": resource_1,
-        "child": resource_2,
-        "path": expected_path,
-    }
-    expected = {
-        "action": permission,
-        "allowed": expected_result,
-        "resource": expected_resource,
-    }
-    if actor.get("id"):
-        expected["actor_id"] = actor["id"]
-    assert response.json() == expected
-
-
-PermConfigTestCase = collections.namedtuple(
-    "PermConfigTestCase",
-    "config,actor,action,resource,expected_result",
-)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "config,actor,action,resource,expected_result",
-    (
-        # Simple view-instance default=True example
-        PermConfigTestCase(
-            config={},
-            actor=None,
-            action="view-instance",
-            resource=None,
-            expected_result=True,
-        ),
-        # debug-menu on root
-        PermConfigTestCase(
-            config={"permissions": {"debug-menu": {"id": "user"}}},
-            actor={"id": "user"},
-            action="debug-menu",
-            resource=None,
-            expected_result=True,
-        ),
-        # debug-menu on root, wrong actor
-        PermConfigTestCase(
-            config={"permissions": {"debug-menu": {"id": "user"}}},
-            actor={"id": "user2"},
-            action="debug-menu",
-            resource=None,
-            expected_result=False,
-        ),
-        # create-table on root
-        PermConfigTestCase(
-            config={"permissions": {"create-table": {"id": "user"}}},
-            actor={"id": "user"},
-            action="create-table",
-            resource=None,
-            expected_result=True,
-        ),
-        # create-table on database - no resource specified
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {"permissions": {"create-table": {"id": "user"}}}
-                }
-            },
-            actor={"id": "user"},
-            action="create-table",
-            resource=None,
-            expected_result=False,
-        ),
-        # create-table on database
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {"permissions": {"create-table": {"id": "user"}}}
-                }
-            },
-            actor={"id": "user"},
-            action="create-table",
-            resource="perms_ds_one",
-            expected_result=True,
-        ),
-        # insert-row on root, wrong actor
-        PermConfigTestCase(
-            config={"permissions": {"insert-row": {"id": "user"}}},
-            actor={"id": "user2"},
-            action="insert-row",
-            resource=("perms_ds_one", "t1"),
-            expected_result=False,
-        ),
-        # insert-row on root, right actor
-        PermConfigTestCase(
-            config={"permissions": {"insert-row": {"id": "user"}}},
-            actor={"id": "user"},
-            action="insert-row",
-            resource=("perms_ds_one", "t1"),
-            expected_result=True,
-        ),
-        # set-column-type on specific table
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {
-                        "tables": {
-                            "t1": {"permissions": {"set-column-type": {"id": "user"}}}
-                        }
-                    }
-                }
-            },
-            actor={"id": "user"},
-            action="set-column-type",
-            resource=("perms_ds_one", "t1"),
-            expected_result=True,
-        ),
-        # insert-row on database
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {"permissions": {"insert-row": {"id": "user"}}}
-                }
-            },
-            actor={"id": "user"},
-            action="insert-row",
-            resource="perms_ds_one",
-            expected_result=True,
-        ),
-        # insert-row on table, wrong table
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {
-                        "tables": {
-                            "t1": {"permissions": {"insert-row": {"id": "user"}}}
-                        }
-                    }
-                }
-            },
-            actor={"id": "user"},
-            action="insert-row",
-            resource=("perms_ds_one", "t2"),
-            expected_result=False,
-        ),
-        # insert-row on table, right table
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {
-                        "tables": {
-                            "t1": {"permissions": {"insert-row": {"id": "user"}}}
-                        }
-                    }
-                }
-            },
-            actor={"id": "user"},
-            action="insert-row",
-            resource=("perms_ds_one", "t1"),
-            expected_result=True,
-        ),
-        # view-query on stored query, wrong actor
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {
-                        "queries": {
-                            "q1": {
-                                "sql": "select 1 + 1",
-                                "permissions": {"view-query": {"id": "user"}},
-                            }
-                        }
-                    }
-                }
-            },
-            actor={"id": "user2"},
-            action="view-query",
-            resource=("perms_ds_one", "q1"),
-            expected_result=False,
-        ),
-        # view-query on stored query, right actor
-        PermConfigTestCase(
-            config={
-                "databases": {
-                    "perms_ds_one": {
-                        "queries": {
-                            "q1": {
-                                "sql": "select 1 + 1",
-                                "permissions": {"view-query": {"id": "user"}},
-                            }
-                        }
-                    }
-                }
-            },
-            actor={"id": "user"},
-            action="view-query",
-            resource=("perms_ds_one", "q1"),
-            expected_result=True,
-        ),
-    ),
-)
-async def test_permissions_in_config(
-    perms_ds, config, actor, action, resource, expected_result
-):
-    previous_config = perms_ds.config
-    updated_config = copy.deepcopy(previous_config)
-    updated_config.update(config)
-    perms_ds.config = updated_config
-    await perms_ds._save_queries_from_config()
-    try:
-        # Convert old-style resource to Resource object
-        from datasette.resources import DatabaseResource, QueryResource, TableResource
-
-        resource_obj = None
-        if resource:
-            if isinstance(resource, str):
-                resource_obj = DatabaseResource(database=resource)
-            elif isinstance(resource, tuple) and len(resource) == 2:
-                if action == "view-query":
-                    resource_obj = QueryResource(
-                        database=resource[0], query=resource[1]
-                    )
-                else:
-                    resource_obj = TableResource(
-                        database=resource[0], table=resource[1]
-                    )
-
-        result = await perms_ds.allowed(
-            action=action, resource=resource_obj, actor=actor
-        )
-        if result != expected_result:
-            pprint(perms_ds._permission_checks)
-            assert result == expected_result
-    finally:
-        perms_ds.config = previous_config
-        await perms_ds._save_queries_from_config()
-
-
-@pytest.mark.asyncio
-async def test_allowed_resources_view_query_includes_actor_specific_query_permissions():
-    from datasette import hookimpl
-    from datasette.permissions import PermissionSQL
-    from datasette.resources import QueryResource
-
-    class ActorSpecificQueryPermissionPlugin:
-        __name__ = "ActorSpecificQueryPermissionPlugin"
-
-        @hookimpl
-        def permission_resources_sql(self, datasette, actor, action):
-            if action == "view-query" and actor and actor.get("id") == "alice":
-                return PermissionSQL(sql="""
-                        SELECT 'testdb' AS parent, 'user_only' AS child, 1 AS allow,
-                               'alice can view this query' AS reason
-                    """)
-            return None
-
-    ds = Datasette(default_deny=True)
-    await ds.invoke_startup()
-    ds.add_memory_database("testdb")
-    await ds._refresh_schemas()
-    await ds.add_query("testdb", "user_only", "select 1 as n")
-
-    plugin = ActorSpecificQueryPermissionPlugin()
-    ds.pm.register(plugin, name="actor_specific_query_permission_plugin")
-
-    try:
-        actor = {"id": "alice"}
-
-        assert await ds.allowed(
-            action="view-query",
-            resource=QueryResource("testdb", "user_only"),
-            actor=actor,
-        )
-
-        page = await ds.allowed_resources("view-query", actor)
-        assert [(resource.parent, resource.child) for resource in page.resources] == [
-            ("testdb", "user_only")
-        ]
-    finally:
-        ds.pm.unregister(name="actor_specific_query_permission_plugin")
-
-
-@pytest.mark.asyncio
-async def test_actor_endpoint_allows_any_token():
-    ds = Datasette()
-    token = ds.sign(
-        {
-            "a": "root",
-            "token": "dstok",
-            "t": int(time.time()),
-            "_r": {"a": ["debug-menu"]},
-        },
-        namespace="token",
-    )
-    response = await ds.client.get(
-        "/-/actor.json", headers={"Authorization": f"Bearer dstok_{token}"}
-    )
-    assert response.status_code == 200
-    assert response.json()["actor"] == {
-        "id": "root",
-        "token": "dstok",
-        "_r": {"a": ["debug-menu"]},
-    }
-
-
-@pytest.mark.serial
-@pytest.mark.parametrize(
-    "options,expected",
-    (
-        ([], {"id": "root", "token": "dstok"}),
-        (
-            ["--all", "debug-menu"],
-            {"_r": {"a": ["dm"]}, "id": "root", "token": "dstok"},
-        ),
-        (
-            ["-a", "debug-menu", "--all", "create-table"],
-            {"_r": {"a": ["dm", "ct"]}, "id": "root", "token": "dstok"},
-        ),
-        (
-            ["-r", "db1", "t1", "insert-row"],
-            {"_r": {"r": {"db1": {"t1": ["ir"]}}}, "id": "root", "token": "dstok"},
-        ),
-        (
-            ["-d", "db1", "create-table"],
-            {"_r": {"d": {"db1": ["ct"]}}, "id": "root", "token": "dstok"},
-        ),
-        # And one with all of them multiple times using all the names
-        (
-            [
-                "-a",
-                "debug-menu",
-                "--all",
-                "create-table",
-                "-r",
-                "db1",
-                "t1",
-                "insert-row",
-                "--resource",
-                "db1",
-                "t2",
-                "update-row",
-                "-d",
-                "db1",
-                "create-table",
-                "--database",
-                "db2",
-                "drop-table",
-            ],
-            {
-                "_r": {
-                    "a": ["dm", "ct"],
-                    "d": {"db1": ["ct"], "db2": ["dt"]},
-                    "r": {"db1": {"t1": ["ir"], "t2": ["ur"]}},
-                },
-                "id": "root",
-                "token": "dstok",
-            },
-        ),
-    ),
-)
-def test_cli_create_token(options, expected):
-    runner = CliRunner()
-    result1 = runner.invoke(
-        cli,
-        [
-            "create-token",
-            "--secret",
-            "sekrit",
-            "root",
-        ]
-        + options,
-    )
-    token = result1.output.strip()
-    result2 = runner.invoke(
-        cli,
-        [
-            "serve",
-            "--secret",
-            "sekrit",
-            "--get",
-            "/-/actor.json",
-            "--token",
-            token,
-        ],
-    )
-    assert 0 == result2.exit_code, result2.output
-    assert json.loads(result2.output) == {"actor": expected}
-
-
-_visible_tables_re = re.compile(r">\/((\w+)\/(\w+))\.json<\/a> - Get rows for")
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "is_logged_in,config,expected_visible_tables",
-    (
-        # Unprotected instance logged out user sees everything:
-        (
-            False,
-            None,
-            ["perms_ds_one/t1", "perms_ds_one/t2", "perms_ds_two/t1"],
-        ),
-        # Fully protected instance logged out user sees nothing
-        (False, {"allow": {"id": "user"}}, None),
-        # User with visibility of just perms_ds_one sees both tables there
-        (
-            True,
-            {
-                "databases": {
-                    "perms_ds_one": {"allow": {"id": "user"}},
-                    "perms_ds_two": {"allow": False},
-                }
-            },
-            ["perms_ds_one/t1", "perms_ds_one/t2"],
-        ),
-        # User with visibility of only table perms_ds_one/t1 sees just that one
-        (
-            True,
-            {
-                "databases": {
-                    "perms_ds_one": {
-                        "allow": {"id": "user"},
-                        "tables": {"t2": {"allow": False}},
-                    },
-                    "perms_ds_two": {"allow": False},
-                }
-            },
-            ["perms_ds_one/t1"],
-        ),
-    ),
-)
-async def test_api_explorer_visibility(
-    perms_ds, is_logged_in, config, expected_visible_tables
-):
-    try:
-        prev_config = perms_ds.config
-        perms_ds.config = config or {}
-        kwargs = {}
-        if is_logged_in:
-            kwargs["actor"] = {"id": "user"}
-        response = await perms_ds.client.get("/-/api", **kwargs)
-        if expected_visible_tables:
-            assert response.status_code == 200
-            # Search HTML for stuff matching:
-            # '>/perms_ds_one/t2.json - Get rows for'
-            visible_tables = [
-                match[0] for match in _visible_tables_re.findall(response.text)
-            ]
-            assert visible_tables == expected_visible_tables
-        else:
-            assert response.status_code == 403
-    finally:
-        perms_ds.config = prev_config
-
-
-@pytest.mark.asyncio
-async def test_view_table_token_cannot_gain_access_without_base_permission(perms_ds):
-    # Only allow a different actor to view this table
-    previous_config = perms_ds.config
-    perms_ds.config = {
-        "databases": {
-            "perms_ds_two": {
-                # Only someone-else can see anything in this database
-                "allow": {"id": "someone-else"},
-            }
-        }
-    }
-    try:
-        actor = {
-            "id": "restricted-token",
-            "token": "dstok",
-            # Restricted token claims access to perms_ds_two/t1 only
-            "_r": {"r": {"perms_ds_two": {"t1": ["vt"]}}},
-        }
-        response = await perms_ds.client.get("/perms_ds_two/t1.json", actor=actor)
-        assert response.status_code == 403
-    finally:
-        perms_ds.config = previous_config
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "restrictions,verb,path,body,expected_status",
-    (
-        # No restrictions
-        (None, "get", "/.json", None, 200),
-        (None, "get", "/perms_ds_one.json", None, 200),
-        (None, "get", "/perms_ds_one/t1.json", None, 200),
-        (None, "get", "/perms_ds_one/t1/1.json", None, 200),
-        (None, "get", "/perms_ds_one/v1.json", None, 200),
-        # Restricted to just view-instance
-        ({"a": ["vi"]}, "get", "/.json", None, 200),
-        ({"a": ["vi"]}, "get", "/perms_ds_one.json", None, 403),
-        ({"a": ["vi"]}, "get", "/perms_ds_one/t1.json", None, 403),
-        ({"a": ["vi"]}, "get", "/perms_ds_one/t1/1.json", None, 403),
-        ({"a": ["vi"]}, "get", "/perms_ds_one/v1.json", None, 403),
-        # Restricted to just view-database
-        (
-            {"a": ["vd"]},
-            "get",
-            "/.json",
-            None,
-            403,
-        ),  # Cannot see instance (no upward cascading)
-        ({"a": ["vd"]}, "get", "/perms_ds_one.json", None, 200),
-        ({"a": ["vd"]}, "get", "/perms_ds_one/t1.json", None, 403),
-        ({"a": ["vd"]}, "get", "/perms_ds_one/t1/1.json", None, 403),
-        ({"a": ["vd"]}, "get", "/perms_ds_one/v1.json", None, 403),
-        # Restricted to just view-table for specific database
-        (
-            {"d": {"perms_ds_one": ["vt"]}},
-            "get",
-            "/.json",
-            None,
-            403,
-        ),  # Cannot see instance (no upward cascading)
-        (
-            {"d": {"perms_ds_one": ["vt"]}},
-            "get",
-            "/perms_ds_one.json",
-            None,
-            403,
-        ),  # Cannot see database page (no upward cascading)
-        (
-            {"d": {"perms_ds_one": ["vt"]}},
-            "get",
-            "/perms_ds_two.json",
-            None,
-            403,
-        ),  # But not this one
-        (
-            # Can see the table
-            {"d": {"perms_ds_one": ["vt"]}},
-            "get",
-            "/perms_ds_one/t1.json",
-            None,
-            200,
-        ),
-        (
-            # And the view
-            {"d": {"perms_ds_one": ["vt"]}},
-            "get",
-            "/perms_ds_one/v1.json",
-            None,
-            200,
-        ),
-        # view-table access to a specific table
-        (
-            {"r": {"perms_ds_one": {"t1": ["vt"]}}},
-            "get",
-            "/.json",
-            None,
-            403,
-        ),  # Cannot see instance (no upward cascading)
-        (
-            {"r": {"perms_ds_one": {"t1": ["vt"]}}},
-            "get",
-            "/perms_ds_one.json",
-            None,
-            403,
-        ),  # Cannot see database page (no upward cascading)
-        (
-            {"r": {"perms_ds_one": {"t1": ["vt"]}}},
-            "get",
-            "/perms_ds_one/t1.json",
-            None,
-            200,
-        ),
-        # But cannot see the other table
-        (
-            {"r": {"perms_ds_one": {"t1": ["vt"]}}},
-            "get",
-            "/perms_ds_one/t2.json",
-            None,
-            403,
-        ),
-        # Or the view
-        (
-            {"r": {"perms_ds_one": {"t1": ["vt"]}}},
-            "get",
-            "/perms_ds_one/v1.json",
-            None,
-            403,
-        ),
-    ),
-)
-async def test_actor_restrictions(
-    perms_ds, restrictions, verb, path, body, expected_status
-):
-    actor = {"id": "user"}
-    if restrictions:
-        actor["_r"] = restrictions
-    method = getattr(perms_ds.client, verb)
-    kwargs = {"actor": actor}
-    if body:
-        kwargs["json"] = body
-    perms_ds._permission_checks.clear()
-    response = await method(path, **kwargs)
-    assert response.status_code == expected_status, json.dumps(
-        {
-            "verb": verb,
-            "path": path,
-            "body": body,
-            "restrictions": restrictions,
-            "expected_status": expected_status,
-            "response_status": response.status_code,
-            "checks": [
-                {
-                    "action": check.action,
-                    "parent": check.parent,
-                    "child": check.child,
-                    "result": check.result,
-                }
-                for check in perms_ds._permission_checks
-            ],
-        },
-        indent=2,
-    )
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "restrictions,action,resource,expected",
-    (
-        # Exact match: view-instance restriction allows view-instance action
-        ({"a": ["view-instance"]}, "view-instance", None, True),
-        # No implication: view-table does NOT imply view-instance
-        ({"a": ["view-table"]}, "view-instance", None, False),
-        ({"a": ["view-database"]}, "view-instance", None, False),
-        # update-row does not imply view-instance
-        ({"a": ["update-row"]}, "view-instance", None, False),
-        # view-table on a resource does NOT imply view-instance
-        ({"r": {"db1": {"t1": ["view-table"]}}}, "view-instance", None, False),
-        # execute-sql on a database does NOT imply view-instance or view-database
-        ({"d": {"db1": ["es"]}}, "view-instance", None, False),
-        ({"d": {"db1": ["es"]}}, "view-database", "db1", False),
-        ({"d": {"db1": ["es"]}}, "view-database", "db2", False),
-        # But execute-sql abbreviation DOES allow execute-sql action on that database
-        ({"d": {"db1": ["es"]}}, "execute-sql", "db1", True),
-        # update-row on a resource does not imply view-instance
-        ({"r": {"db1": {"t1": ["update-row"]}}}, "view-instance", None, False),
-        # view-database on a database does NOT imply view-instance
-        ({"d": {"db1": ["view-database"]}}, "view-instance", None, False),
-        # But it DOES allow view-database on that specific database
-        ({"d": {"db1": ["view-database"]}}, "view-database", "db1", True),
-        # Having view-table on "a" allows access to any specific table
-        ({"a": ["view-table"]}, "view-table", ("dbname", "tablename"), True),
-        # Having view-table on a database allows access to tables in that database
-        (
-            {"d": {"dbname": ["view-table"]}},
-            "view-table",
-            ("dbname", "tablename"),
-            True,
-        ),
-        # But not if it's allowed on a different database
-        (
-            {"d": {"dbname": ["view-table"]}},
-            "view-table",
-            ("dbname2", "tablename"),
-            False,
-        ),
-        # Table-level restriction allows access to that specific table
-        (
-            {"r": {"dbname": {"tablename": ["view-table"]}}},
-            "view-table",
-            ("dbname", "tablename"),
-            True,
-        ),
-        # But not to a different table in the same database
-        (
-            {"r": {"dbname": {"tablename": ["view-table"]}}},
-            "view-table",
-            ("dbname", "other_table"),
-            False,
-        ),
-    ),
-)
-async def test_restrictions_allow_action(restrictions, action, resource, expected):
-    ds = Datasette()
-    await ds.invoke_startup()
-    actual = restrictions_allow_action(ds, restrictions, action, resource)
-    assert actual == expected
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_filters_allowed_resources(perms_ds):
-    """Test that allowed_resources() respects actor restrictions - issue #2534"""
-
-    # Actor restricted to just perms_ds_one/t1
-    actor = {"id": "user", "_r": {"r": {"perms_ds_one": {"t1": ["vt"]}}}}
-
-    # Should only return t1
-    page = await perms_ds.allowed_resources("view-table", actor)
-    assert len(page.resources) == 1
-    assert page.resources[0].parent == "perms_ds_one"
-    assert page.resources[0].child == "t1"
-
-    # Database listing should be empty (no view-database permission)
-    db_page = await perms_ds.allowed_resources("view-database", actor)
-    assert len(db_page.resources) == 0
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_do_not_expand_allowed_resources(perms_ds):
-    """Restrictions cannot grant access not already allowed to the actor."""
-
-    previous_config = perms_ds.config
-    perms_ds.config = {
-        "databases": {
-            "perms_ds_one": {
-                "allow": {"id": "someone-else"},
-            }
-        }
-    }
-    try:
-        actor = {"id": "user", "_r": {"r": {"perms_ds_one": {"t1": ["vt"]}}}}
-
-        # Base actor is not allowed to see t1, so restrictions should not change that
-        page = await perms_ds.allowed_resources("view-table", actor)
-        assert len(page.resources) == 0
-
-        # And explicit permission checks should still deny
-        response = await perms_ds.client.get(
-            "/perms_ds_one/t1.json",
-            actor=actor,
-        )
-        assert response.status_code == 403
-    finally:
-        perms_ds.config = previous_config
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_database_level(perms_ds):
-    """Test database-level restrictions allow all tables in database - issue #2534"""
-
-    actor = {"id": "user", "_r": {"d": {"perms_ds_one": ["vt"]}}}
-
-    page = await perms_ds.allowed_resources("view-table", actor, parent="perms_ds_one")
-
-    # Should return all tables in perms_ds_one
-    table_names = {r.child for r in page.resources}
-    assert "t1" in table_names
-    assert "t2" in table_names
-    assert "v1" in table_names  # views too
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_global_level(perms_ds):
-    """Test global-level restrictions allow all resources - issue #2534"""
-
-    actor = {"id": "user", "_r": {"a": ["vt"]}}
-
-    page = await perms_ds.allowed_resources("view-table", actor)
-
-    # Should return all tables in all databases
-    assert len(page.resources) > 0
-    dbs = {r.parent for r in page.resources}
-    assert "perms_ds_one" in dbs
-    assert "perms_ds_two" in dbs
-
-
-@pytest.mark.asyncio
-async def test_restrictions_gate_before_config(perms_ds):
-    """Test that restrictions act as gating filter before config permissions - issue #2534"""
-    from datasette.resources import TableResource
-
-    # Actor restricted to just t1 (not t2)
-    actor = {"id": "user", "_r": {"r": {"perms_ds_one": {"t1": ["vt"]}}}}
-
-    # Config doesn't matter - restrictions gate what's checked
-    # t2 is not in restriction allowlist, so should be DENIED
-    result = await perms_ds.allowed(
-        action="view-table",
-        resource=TableResource("perms_ds_one", "t2"),
-        actor=actor,
-    )
-    assert result is False
-
-    # t1 is in restrictions AND passes normal permission check - should be ALLOWED
-    result = await perms_ds.allowed(
-        action="view-table",
-        resource=TableResource("perms_ds_one", "t1"),
-        actor=actor,
-    )
-    assert result is True
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_json_endpoints_show_filtered_listings(perms_ds):
-    """Test that /.json and /db.json show correct filtered listings - issue #2534"""
-
-    actor = {"id": "user", "_r": {"r": {"perms_ds_one": {"t1": ["vt"]}}}}
-
-    # /.json should be 403 (no view-instance permission)
-    response = await perms_ds.client.get("/.json", actor=actor)
-    assert response.status_code == 403
-
-    # /perms_ds_one.json should be 403 (no view-database permission)
-    response = await perms_ds.client.get("/perms_ds_one.json", actor=actor)
-    assert response.status_code == 403
-
-    # /perms_ds_one/t1.json should be 200
-    response = await perms_ds.client.get("/perms_ds_one/t1.json", actor=actor)
-    assert response.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_view_instance_only(perms_ds):
-    """Test actor restricted to view-instance only - issue #2534"""
-
-    actor = {"id": "user", "_r": {"a": ["vi"]}}
-
-    # /.json should be 200 (has view-instance permission)
-    response = await perms_ds.client.get("/.json", actor=actor)
-    assert response.status_code == 200
-
-    # But no databases should be visible (no view-database permission)
-    # The instance is visible but databases list should be empty or minimal
-    # Actually, let's check via allowed_resources
-    page = await perms_ds.allowed_resources("view-database", actor)
-    assert len(page.resources) == 0
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_empty_allowlist(perms_ds):
-    """Test actor with empty restrictions allowlist denies everything - issue #2534"""
-
-    actor = {"id": "user", "_r": {}}
-
-    # No actions in allowlist, so everything should be denied
-    page1 = await perms_ds.allowed_resources("view-table", actor)
-    assert len(page1.resources) == 0
-
-    page2 = await perms_ds.allowed_resources("view-database", actor)
-    assert len(page2.resources) == 0
-
-    result = await perms_ds.allowed(action="view-instance", actor=actor)
-    assert result is False
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_cannot_be_overridden_by_config():
-    """Test that config permissions cannot override actor restrictions - issue #2534"""
-    from datasette.app import Datasette
-    from datasette.resources import TableResource
-
-    # Create datasette with config that allows user to access both t1 AND t2
-    config = {
-        "databases": {
-            "test_db": {
-                "tables": {
-                    "t1": {"allow": {"id": "user"}},
-                    "t2": {"allow": {"id": "user"}},
-                }
-            }
-        }
-    }
-
-    ds = Datasette(config=config)
-    await ds.invoke_startup()
-    db = ds.add_memory_database("test_db")
-    await db.execute_write("create table t1 (id integer primary key)")
-    await db.execute_write("create table t2 (id integer primary key)")
-
-    # Actor restricted to ONLY t1 (not t2)
-    # Even though config allows t2, restrictions should deny it
-    actor = {"id": "user", "_r": {"r": {"test_db": {"t1": ["vt"]}}}}
-
-    # t1 should be allowed (in restrictions AND config allows)
-    result = await ds.allowed(
-        action="view-table", resource=TableResource("test_db", "t1"), actor=actor
-    )
-    assert result is True, "t1 should be allowed - in restriction allowlist"
-
-    # t2 should be DENIED (not in restrictions, even though config allows)
-    result = await ds.allowed(
-        action="view-table", resource=TableResource("test_db", "t2"), actor=actor
-    )
-    assert (
-        result is False
-    ), "t2 should be denied - NOT in restriction allowlist, config cannot override"
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_with_database_level_config(perms_ds):
-    """Test database-level restrictions with table-level config - issue #2534"""
-    from datasette.resources import TableResource
-
-    # Config allows specific tables only
-    perms_ds._config = {
-        "databases": {
-            "perms_ds_one": {
-                "tables": {
-                    "t1": {"allow": {"id": "user"}},
-                    "t2": {"allow": {"id": "user"}},
-                }
-            }
-        }
-    }
-
-    # Actor has database-level restriction (all tables in perms_ds_one)
-    # Should only access tables that pass BOTH restrictions AND config
-    actor = {"id": "user", "_r": {"d": {"perms_ds_one": ["vt"]}}}
-
-    # t1 - in restrictions (all tables) AND config allows
-    result = await perms_ds.allowed(
-        action="view-table", resource=TableResource("perms_ds_one", "t1"), actor=actor
-    )
-    assert result is True
-
-    # t2 - in restrictions (all tables) AND config allows
-    result = await perms_ds.allowed(
-        action="view-table", resource=TableResource("perms_ds_one", "t2"), actor=actor
-    )
-    assert result is True
-
-    # v1 (view) - in restrictions (all tables) AND config doesn't mention it
-    # Since actor has database-level restriction allowing all tables, v1 is allowed
-    # Config is additive, not restrictive - it doesn't create implicit denies
-    result = await perms_ds.allowed(
-        action="view-table", resource=TableResource("perms_ds_one", "v1"), actor=actor
-    )
-    assert result is True, "v1 should be allowed - actor has db-level restriction"
-
-    # Clean up
-    perms_ds._config = None
-
-
-@pytest.mark.asyncio
-async def test_actor_restrictions_parent_deny_blocks_config_child_allow(perms_ds):
-    """
-    Test that table-level restrictions add parent-level deny to block
-    other tables in the same database, even if config allows them
-    """
-    from datasette.resources import TableResource
-
-    # Config allows both t1 and t2
-    perms_ds._config = {
-        "databases": {
-            "perms_ds_one": {
-                "tables": {
-                    "t1": {"allow": {"id": "user"}},
-                    "t2": {"allow": {"id": "user"}},
-                }
-            }
-        }
-    }
-
-    # Restriction allows ONLY t1 in perms_ds_one
-    # This should add:
-    # - parent-level DENY for perms_ds_one (to block other tables)
-    # - child-level ALLOW for t1
-    actor = {"id": "user", "_r": {"r": {"perms_ds_one": {"t1": ["vt"]}}}}
-
-    # t1 should work (child-level allow beats parent-level deny)
-    result = await perms_ds.allowed(
-        action="view-table", resource=TableResource("perms_ds_one", "t1"), actor=actor
-    )
-    assert result is True
-
-    # t2 should be DENIED by parent-level deny from restrictions
-    # even though config has child-level allow
-    # Because restrictions should run first
-    result = await perms_ds.allowed(
-        action="view-table", resource=TableResource("perms_ds_one", "t2"), actor=actor
-    )
-    assert (
-        result is False
-    ), "t2 should be denied - restriction parent deny should beat config child allow"
-
-    # Clean up
-    perms_ds._config = None
-
-
-@pytest.mark.asyncio
-async def test_permission_check_view_requires_debug_permission():
-    """Test that /-/check requires permissions-debug permission"""
-    # Anonymous user should be denied
-    ds = Datasette()
-    response = await ds.client.get("/-/check.json?action=view-instance")
-    assert response.status_code == 403
-    assert "permissions-debug" in response.text
-
-    # User without permissions-debug should be denied
-    response = await ds.client.get(
-        "/-/check.json?action=view-instance",
-        cookies={"ds_actor": ds.sign({"id": "user"}, "actor")},
-    )
-    assert response.status_code == 403
-
-    # Root user should have access (root has all permissions)
-    ds_with_root = Datasette()
-    ds_with_root.root_enabled = True
-    root_token = await ds_with_root.create_token("root", handler="signed")
-    response = await ds_with_root.client.get(
-        "/-/check.json?action=view-instance",
-        headers={"Authorization": f"Bearer {root_token}"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["action"] == "view-instance"
-    assert data["allowed"] is True
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("action", ("view-query", "update-query", "delete-query"))
-async def test_permission_check_view_query_actions(action):
-    # https://github.com/simonw/datasette/issues/2756
-    # QueryResource takes a "query" argument, not "table", so /-/check must
-    # not assume every child resource class accepts table=
-    ds = Datasette()
-    ds.root_enabled = True
-    root_token = await ds.create_token("root", handler="signed")
-    response = await ds.client.get(
-        f"/-/check.json?action={action}&parent=mydb&child=myquery",
-        headers={"Authorization": f"Bearer {root_token}"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["action"] == action
-    assert data["resource"] == {
-        "parent": "mydb",
-        "child": "myquery",
-        "path": "/mydb/myquery",
-    }
-
-
-@pytest.mark.asyncio
-async def test_root_allow_block_with_table_restricted_actor():
-    """
-    Test that root-level allow: blocks are processed for actors with
-    table-level restrictions.
-
-    This covers the case in config.py is_in_restriction_allowlist() where
-    parent=None, child=None and actor has table restrictions but not global.
-    """
-    from datasette.resources import TableResource
-
-    # Config with root-level allow block that denies non-admin users
-    ds = Datasette(
-        config={
-            "allow": {"id": "admin"},  # Root-level allow block
-        }
-    )
-    await ds.invoke_startup()
-    db = ds.add_memory_database("mydb")
-    await db.execute_write("create table t1 (id integer primary key)")
-    await ds.client.get("/")  # Trigger catalog refresh
-
-    # Actor with table-level restrictions only (not global)
-    actor = {"id": "user", "_r": {"r": {"mydb": {"t1": ["view-table"]}}}}
-
-    # The root-level allow: {id: admin} should be processed and deny this user
-    # because they're not "admin", even though they have table restrictions
-    result = await ds.allowed(
-        action="view-table",
-        resource=TableResource("mydb", "t1"),
-        actor=actor,
-    )
-    # Should be False because root allow: {id: admin} denies non-admin users
-    assert result is False
-
-    # But admin with same restrictions should be allowed
-    admin_actor = {"id": "admin", "_r": {"r": {"mydb": {"t1": ["view-table"]}}}}
-    result = await ds.allowed(
-        action="view-table",
-        resource=TableResource("mydb", "t1"),
-        actor=admin_actor,
-    )
-    assert result is True
diff --git a/tests/test_playwright.py b/tests/test_playwright.py
deleted file mode 100644
index ee396de5..00000000
--- a/tests/test_playwright.py
+++ /dev/null
@@ -1,892 +0,0 @@
-import json
-import socket
-import subprocess
-import sys
-import time
-
-import httpx
-import pytest
-
-from datasette.fixtures import write_fixture_database
-from datasette.utils.sqlite import sqlite3
-
-
-def find_free_port():
-    with socket.socket() as sock:
-        sock.bind(("127.0.0.1", 0))
-        return sock.getsockname()[1]
-
-
-def wait_for_server(process, url, timeout=10):
-    deadline = time.monotonic() + timeout
-    last_error = None
-    while time.monotonic() < deadline:
-        if process.poll() is not None:
-            stdout, stderr = process.communicate()
-            raise AssertionError(
-                "Datasette server exited early\n"
-                f"stdout:\n{stdout}\n"
-                f"stderr:\n{stderr}"
-            )
-        try:
-            response = httpx.get(url, timeout=1.0)
-            if response.status_code < 500:
-                return
-            last_error = f"HTTP {response.status_code}: {response.text[:200]}"
-        except httpx.HTTPError as ex:
-            last_error = repr(ex)
-        time.sleep(0.1)
-    raise AssertionError(f"Timed out waiting for {url}: {last_error}")
-
-
-@pytest.fixture
-def datasette_server(tmp_path):
-    fixtures_db_path = tmp_path / "fixtures.db"
-    write_fixture_database(str(fixtures_db_path))
-    data_db_path = tmp_path / "data.db"
-    write_playwright_database(str(data_db_path))
-    config_path = tmp_path / "datasette.json"
-    write_playwright_config(config_path)
-    plugins_dir = tmp_path / "plugins"
-    write_playwright_plugin(plugins_dir)
-    port = find_free_port()
-    process = subprocess.Popen(
-        [
-            sys.executable,
-            "-m",
-            "datasette",
-            str(fixtures_db_path),
-            str(data_db_path),
-            "--config",
-            str(config_path),
-            "--plugins-dir",
-            str(plugins_dir),
-            "--host",
-            "127.0.0.1",
-            "--port",
-            str(port),
-            "--setting",
-            "num_sql_threads",
-            "1",
-        ],
-        stdout=subprocess.PIPE,
-        stderr=subprocess.PIPE,
-        text=True,
-    )
-    url = f"http://127.0.0.1:{port}/"
-    try:
-        wait_for_server(process, url)
-        yield url
-    finally:
-        process.terminate()
-        try:
-            process.wait(timeout=5)
-        except subprocess.TimeoutExpired:
-            process.kill()
-            process.wait()
-
-
-def write_playwright_database(db_path):
-    conn = sqlite3.connect(db_path)
-    try:
-        conn.executescript("""
-        create table projects (
-            id integer primary key,
-            title text not null,
-            metadata text,
-            logo text,
-            notes text,
-            score integer default 5
-        );
-        create table defaults_demo (
-            id integer primary key,
-            created_ms integer default (CAST((julianday('now') - 2440587.5) * 86400000 AS INTEGER))
-        );
-        insert into projects (title, metadata, logo, notes, score) values
-            (
-                'Build Datasette',
-                '{"ok": true}',
-                'asset-original',
-                'Initial notes',
-                5
-            );
-        """)
-    finally:
-        conn.close()
-
-
-def write_playwright_config(config_path):
-    config_path.write_text(
-        json.dumps(
-            {
-                "databases": {
-                    "data": {
-                        "permissions": {
-                            "create-table": True,
-                            "set-column-type": True,
-                        },
-                        "tables": {
-                            "projects": {
-                                "label_column": "title",
-                                "column_types": {
-                                    "metadata": "json",
-                                    "logo": "asset",
-                                    "notes": "textarea",
-                                },
-                                "permissions": {
-                                    "alter-table": True,
-                                    "insert-row": True,
-                                    "update-row": True,
-                                    "delete-row": True,
-                                },
-                            },
-                            "defaults_demo": {
-                                "permissions": {
-                                    "alter-table": True,
-                                },
-                            },
-                        },
-                    },
-                },
-            }
-        ),
-        "utf-8",
-    )
-
-
-def write_playwright_plugin(plugins_dir):
-    plugins_dir.mkdir()
-    (plugins_dir / "playwright_plugin.py").write_text(
-        '''
-from datasette import hookimpl
-from datasette.column_types import ColumnType, SQLiteType
-
-
-class AssetColumnType(ColumnType):
-    name = "asset"
-    description = "Demo asset picker"
-    sqlite_types = (SQLiteType.TEXT,)
-
-
-@hookimpl
-def register_column_types(datasette):
-    return [AssetColumnType]
-
-
-@hookimpl
-def extra_body_script():
-    return {
-        "module": True,
-        "script": """
-document.addEventListener("datasette_init", function (event) {
-  event.detail.registerPlugin("playwright-jump-section", {
-    version: "0.1",
-    makeJumpSections() {
-      return [
-        {
-          id: "agent-chat",
-          render(node, context) {
-            if (!context.navigationSearch || !context.input) {
-              throw new Error("Expected navigation search context");
-            }
-            node.innerHTML = [
-              '
    ',
-              '',
-              '
    ',
-            ].join("");
-            node.querySelector("button").addEventListener("click", function () {
-              window.location.href = "/-/playwright-agent";
-            });
-          },
-        },
-      ];
-    },
-  });
-
-  event.detail.registerPlugin("playwright-asset-field", {
-    version: "0.1",
-    makeColumnField(context) {
-      if (!context.columnType || context.columnType.type !== "asset") {
-        return;
-      }
-      return {
-        render(field) {
-          const wrapper = document.createElement("div");
-          wrapper.className = "playwright-asset-picker";
-          wrapper.dataset.column = field.context.column;
-          wrapper.dataset.database = field.context.database || "";
-          wrapper.dataset.table = field.context.table || "";
-          wrapper.dataset.tableUrl = field.context.tableUrl || "";
-          wrapper.dataset.mode = field.context.mode || "";
-          wrapper.dataset.columnType = field.context.columnType.type;
-
-          field.input.type = "hidden";
-          const value = document.createElement("span");
-          value.className = "playwright-asset-value";
-          const button = document.createElement("button");
-          button.type = "button";
-          button.className = "playwright-asset-select";
-          button.textContent = "Use demo asset";
-
-          function sync() {
-            value.textContent = field.getValue() || "No asset selected";
-          }
-
-          button.addEventListener("click", function () {
-            field.setValue("asset-from-plugin");
-            sync();
-          });
-
-          wrapper.appendChild(field.input);
-          wrapper.appendChild(value);
-          wrapper.appendChild(button);
-          sync();
-          return wrapper;
-        },
-        focus(field) {
-          const button = field.root.querySelector(".playwright-asset-select");
-          if (button) {
-            button.focus();
-          }
-        },
-      };
-    },
-  });
-});
-""",
-    }
-''',
-        "utf-8",
-    )
-
-
-def project_rows(datasette_server, **filters):
-    params = {
-        "_shape": "objects",
-        **{key: str(value) for key, value in filters.items()},
-    }
-    response = httpx.get(f"{datasette_server}data/projects.json", params=params)
-    response.raise_for_status()
-    return response.json()["rows"]
-
-
-def project_row(datasette_server, pk):
-    rows = project_rows(datasette_server, id=pk)
-    assert len(rows) == 1
-    return rows[0]
-
-
-def open_jump_menu(page):
-    page.keyboard.press("/")
-    page.locator("navigation-search .search-input").wait_for()
-
-
-@pytest.mark.playwright
-def test_datasette_homepage_contains_datasette(page, datasette_server):
-    page.goto(datasette_server)
-    assert "Datasette" in page.locator("body").inner_text()
-
-
-@pytest.mark.playwright
-def test_create_table_flow(page, datasette_server):
-    page.goto(f"{datasette_server}data")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-database-action="create-table"]').click()
-
-    dialog = page.locator("#table-create-dialog")
-    dialog.wait_for()
-    assert dialog.locator(".modal-title").inner_text() == "Create a table in data"
-    placeholder_select = dialog.locator(".table-create-custom-column-type").nth(0)
-    assert placeholder_select.input_value() == ""
-    assert (
-        placeholder_select.locator("option:checked").inner_text() == "- custom type -"
-    )
-    assert "table-create-input-placeholder" in placeholder_select.get_attribute("class")
-    assert (
-        dialog.locator(".table-create-column-name").nth(0).get_attribute("placeholder")
-        == "column name"
-    )
-    assert dialog.locator(".table-create-column-main").first.evaluate("""node => {
-            const inputHeight = node.querySelector(
-                ".table-create-column-name"
-            ).getBoundingClientRect().height;
-            const selectHeight = node.querySelector(
-                ".table-create-column-type"
-            ).getBoundingClientRect().height;
-            return Math.abs(inputHeight - selectHeight) <= 1;
-        }""")
-    dialog.locator('input[name="table"]').fill("playwright_created")
-    dialog.locator(".table-create-column-name").nth(1).fill("title")
-    dialog.locator(".table-create-more-options").nth(1).click()
-    dialog.locator(".table-create-not-null-input").nth(1).check()
-    title_defaults = dialog.locator(".table-create-default-options").nth(1)
-    assert title_defaults.locator("summary").inner_text() == "Set a default value"
-    title_defaults.locator("summary").click()
-    assert "or default to a specific value" in title_defaults.inner_text()
-    title_default_expr = title_defaults.locator(".table-create-default-expr")
-    title_default_input = title_defaults.locator(".table-create-default")
-    assert (
-        "Current timestamp in UTC, e.g. 2026-05-01 13:34:00"
-        in title_default_expr.locator("option").nth(1).inner_text()
-    )
-    title_default_expr.select_option("current_timestamp")
-    assert title_default_input.is_enabled()
-    title_default_input.fill("Untitled")
-    assert title_default_expr.input_value() == ""
-    dialog.locator(".table-create-add-column").click()
-    dialog.locator(".table-create-column-name").nth(2).fill("score")
-    dialog.locator(".table-create-column-type").nth(2).select_option("integer")
-    dialog.locator(".table-create-add-column").click()
-    dialog.locator(".table-create-column-name").nth(3).fill("metadata")
-    dialog.locator(".table-create-column-type").nth(3).select_option("integer")
-    dialog.locator(".table-create-more-options").nth(3).click()
-    dialog.locator(".table-create-custom-column-type").nth(3).select_option("json")
-    assert dialog.locator(".table-create-column-type").nth(3).input_value() == "text"
-    assert "table-create-input-placeholder" not in dialog.locator(
-        ".table-create-custom-column-type"
-    ).nth(3).get_attribute("class")
-
-    dialog.locator(".table-create-save").click()
-    page.wait_for_url("**/data/playwright_created")
-    assert "playwright_created" in page.locator("h1").inner_text()
-
-    response = httpx.get(
-        f"{datasette_server}data/playwright_created.json?_extra=columns,column_types"
-    )
-    response.raise_for_status()
-    data = response.json()
-    assert data["columns"] == [
-        "id",
-        "title",
-        "score",
-        "metadata",
-    ]
-    assert data["column_types"] == {
-        "metadata": {"type": "json", "config": None},
-    }
-    schema_response = httpx.get(
-        f"{datasette_server}data/-/query.json",
-        params={
-            "sql": (
-                "select sql from sqlite_master where type = 'table' "
-                "and name = 'playwright_created'"
-            )
-        },
-    )
-    schema_response.raise_for_status()
-    schema = schema_response.json()["rows"][0]["sql"]
-    assert "title" in schema
-    assert "NOT NULL DEFAULT 'Untitled'" in schema
-
-
-@pytest.mark.playwright
-def test_create_table_foreign_key_selection_updates_column_type(page, datasette_server):
-    page.goto(f"{datasette_server}data")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-database-action="create-table"]').click()
-
-    dialog = page.locator("#table-create-dialog")
-    dialog.wait_for()
-    dialog.locator(".table-create-more-options").nth(1).click()
-
-    column_name = dialog.locator(".table-create-column-name").nth(1)
-    type_select = dialog.locator(".table-create-column-type").nth(1)
-    foreign_key_select = dialog.locator(".table-create-foreign-key-target").nth(1)
-    assert column_name.input_value() == ""
-    assert type_select.input_value() == "text"
-
-    foreign_key_select.select_option("projects\u001fid")
-    assert column_name.input_value() == "projects_id"
-    assert type_select.input_value() == "integer"
-    assert foreign_key_select.input_value() == "projects\u001fid"
-
-
-@pytest.mark.playwright
-def test_create_table_unix_default_expression_updates_column_type(
-    page, datasette_server
-):
-    page.goto(f"{datasette_server}data")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-database-action="create-table"]').click()
-
-    dialog = page.locator("#table-create-dialog")
-    dialog.wait_for()
-    row = dialog.locator(".table-create-column-row").nth(1)
-    row.locator(".table-create-more-options").click()
-    row.locator(".table-create-default-options summary").click()
-
-    type_select = row.locator(".table-create-column-type")
-    default_expr = row.locator(".table-create-default-expr")
-    assert type_select.input_value() == "text"
-    assert (
-        "Current Unix time, integer milliseconds since the epoch"
-        in default_expr.locator("option").last.inner_text()
-    )
-
-    default_expr.select_option("current_unixtime_ms")
-    assert type_select.input_value() == "integer"
-
-
-@pytest.mark.playwright
-def test_alter_table_foreign_key_selection_updates_blank_column(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    dialog.locator(".table-alter-add-column").click()
-
-    column_name = dialog.locator(".table-alter-column-name").last
-    type_select = dialog.locator(".table-alter-column-type").last
-    foreign_key_select = dialog.locator(".table-alter-foreign-key-target").last
-    assert column_name.input_value() == ""
-    assert type_select.input_value() == "text"
-
-    foreign_key_select.select_option("projects\u001fid")
-    assert column_name.input_value() == "projects_id"
-    assert type_select.input_value() == "integer"
-    assert foreign_key_select.input_value() == "projects\u001fid"
-
-
-@pytest.mark.playwright
-def test_alter_table_unix_default_expression_updates_column_type(
-    page, datasette_server
-):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    dialog.locator(".table-alter-add-column").click()
-    row = dialog.locator(".table-alter-column-row").last
-    row.locator(".table-alter-default-options summary").click()
-
-    type_select = row.locator(".table-alter-column-type")
-    default_expr = row.locator(".table-alter-default-expr")
-    assert type_select.input_value() == "text"
-    assert (
-        "Current Unix time, integer seconds since the epoch"
-        in default_expr.locator("option").all_inner_texts()
-    )
-
-    default_expr.select_option("current_unixtime")
-    assert type_select.input_value() == "integer"
-
-
-@pytest.mark.playwright
-def test_alter_table_existing_default_expression_populates_select(
-    page, datasette_server
-):
-    page.goto(f"{datasette_server}data/defaults_demo")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    row = dialog.locator(".table-alter-column-row").nth(1)
-    row.locator(".table-alter-more-options").click()
-    row.locator(".table-alter-default-options summary").click()
-
-    assert row.locator(".table-alter-default-expr").input_value() == (
-        "current_unixtime_ms"
-    )
-    assert row.locator(".table-alter-default").input_value() == ""
-
-
-@pytest.mark.playwright
-def test_alter_table_flow(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    assert dialog.locator(".modal-title").inner_text() == "Alter table projects"
-    assert dialog.locator(".table-alter-save").is_disabled()
-    assert (
-        dialog.locator(".table-alter-column-name").first.get_attribute("placeholder")
-        == "column name"
-    )
-    assert dialog.locator(".table-alter-column-main").first.evaluate("""node => {
-            const inputHeight = node.querySelector(
-                ".table-alter-column-name"
-            ).getBoundingClientRect().height;
-            const selectHeight = node.querySelector(
-                ".table-alter-column-type"
-            ).getBoundingClientRect().height;
-            return Math.abs(inputHeight - selectHeight) <= 1;
-        }""")
-    type_options = dialog.locator(".table-alter-column-type").first.locator("option")
-    assert type_options.all_inner_texts() == [
-        "text",
-        "integer",
-        "floating point number",
-        "blob - binary data",
-    ]
-    first_more_options = dialog.locator(".table-alter-more-options").first
-    assert first_more_options.inner_text() == "> Advanced options"
-    first_more_options.click()
-    assert first_more_options.inner_text() == "v Hide options"
-    expanded_options_text = dialog.locator(
-        ".table-alter-column-details"
-    ).first.inner_text()
-    assert dialog.locator(".table-alter-fields").evaluate(
-        "node => node.scrollWidth <= node.clientWidth + 1"
-    )
-    assert "Not null" in expanded_options_text
-    assert "This value cannot be left unset" in expanded_options_text
-    assert "Set a default value" in expanded_options_text
-    assert "Primary key" in expanded_options_text
-    assert "This ID uniquely identifies the record" in expanded_options_text
-    assert "Foreign key" in expanded_options_text
-    first_defaults = dialog.locator(".table-alter-default-options").first
-    first_defaults.locator("summary").click()
-    assert "or default to a specific value" in first_defaults.inner_text()
-    first_default_expr = first_defaults.locator(".table-alter-default-expr")
-    first_default_input = first_defaults.locator(".table-alter-default")
-    assert (
-        "Current timestamp in UTC, e.g. 2026-05-01 13:34:00"
-        in first_default_expr.locator("option").nth(1).inner_text()
-    )
-    first_default_expr.select_option("current_timestamp")
-    assert first_default_input.is_enabled()
-    first_default_input.fill("manual")
-    assert first_default_expr.input_value() == ""
-
-    dialog.locator(".table-alter-add-column").click()
-    assert dialog.locator(".table-alter-save").is_enabled()
-    dialog.locator(".table-alter-column-name").last.fill("status")
-    dialog.locator(".table-alter-column-type").last.select_option("text")
-    dialog.locator(".table-alter-default-options").last.locator("summary").click()
-    dialog.locator(".table-alter-default").last.fill("planned")
-    dialog.locator(".table-alter-save").click()
-    review = dialog.locator(".table-alter-review")
-    review.wait_for()
-    assert not dialog.locator(".table-alter-column-list").is_visible()
-    review_text = review.inner_text()
-    assert "Add column status as text, with default value planned." in review_text
-    assert "Set column order to" not in review_text
-    assert dialog.locator(".table-alter-back").is_visible()
-    assert dialog.locator(".table-alter-save").inner_text() == "Apply changes"
-    dialog.locator(".table-alter-save").click()
-
-    columns = []
-    for _ in range(20):
-        response = httpx.get(f"{datasette_server}data/projects.json?_extra=columns")
-        response.raise_for_status()
-        columns = response.json()["columns"]
-        if "status" in columns:
-            break
-        time.sleep(0.1)
-    assert "status" in columns
-
-
-@pytest.mark.playwright
-def test_alter_table_primary_key_columns_stay_at_top(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    rows = dialog.locator(".table-alter-column-row")
-    assert rows.nth(0).locator(".table-alter-column-name").input_value() == "id"
-    first_row_move_buttons = rows.nth(0).locator(".table-alter-move-controls button")
-    for i in range(first_row_move_buttons.count()):
-        assert first_row_move_buttons.nth(i).is_disabled()
-        assert (
-            first_row_move_buttons.nth(i).get_attribute("title")
-            == "Primary key columns are always listed first"
-        )
-
-    assert rows.nth(1).locator(".table-alter-move-up").is_disabled()
-    assert rows.nth(1).locator(".table-alter-move-top").get_attribute("title") == (
-        "Primary key columns are always listed first"
-    )
-    assert rows.nth(1).locator(".table-alter-move-up").get_attribute("title") == (
-        "Primary key columns are always listed first"
-    )
-    last_row = rows.nth(rows.count() - 1)
-    assert last_row.locator(".table-alter-column-name").input_value() == "score"
-    last_row.locator(".table-alter-move-top").click()
-    assert rows.nth(0).locator(".table-alter-column-name").input_value() == "id"
-    assert rows.nth(1).locator(".table-alter-column-name").input_value() == "score"
-
-
-@pytest.mark.playwright
-def test_alter_table_review_rename_primary_key_column(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    save = dialog.locator(".table-alter-save")
-    assert save.is_disabled()
-    dialog.locator(".table-alter-column-name").first.fill("id3")
-    assert save.is_enabled()
-    save.click()
-
-    review = dialog.locator(".table-alter-review")
-    review.wait_for()
-    review_text = review.inner_text()
-    assert "Rename column id to id3." in review_text
-    assert "Set primary key to" not in review_text
-    assert dialog.locator(".table-alter-review-name").all_inner_texts() == [
-        "id",
-        "id3",
-    ]
-
-
-@pytest.mark.playwright
-def test_alter_table_review_rename_table(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    save = dialog.locator(".table-alter-save")
-    rename_details = dialog.locator(".table-alter-table-options")
-    assert rename_details.locator("summary").inner_text() == "Rename table"
-    assert not dialog.locator(".table-alter-table-name").is_visible()
-    assert save.is_disabled()
-
-    rename_details.locator("summary").click()
-    table_name = dialog.locator(".table-alter-table-name")
-    assert table_name.input_value() == "projects"
-    assert table_name.get_attribute("placeholder") == "table name"
-    table_name.fill("projects_archive")
-    assert save.is_enabled()
-    save.click()
-
-    review = dialog.locator(".table-alter-review")
-    review.wait_for()
-    assert "Rename table to projects_archive." in review.inner_text()
-    assert dialog.locator(".table-alter-review-name").all_inner_texts() == [
-        "projects_archive",
-    ]
-
-
-@pytest.mark.playwright
-def test_alter_table_review_not_null_wording(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    dialog.locator(".table-alter-more-options").first.click()
-    dialog.locator(".table-alter-not-null-input").first.check()
-    dialog.locator(".table-alter-save").click()
-
-    review = dialog.locator(".table-alter-review")
-    review.wait_for()
-    assert "Change column id: not null (require values)." in review.inner_text()
-
-
-@pytest.mark.playwright
-def test_alter_table_review_warns_when_dropping_column(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator("details.actions-menu-links summary").click()
-    page.locator('button[data-table-action="alter-table"]').click()
-
-    dialog = page.locator("#table-alter-dialog")
-    dialog.wait_for()
-    remove_buttons = dialog.locator(".table-alter-remove-column")
-    remove_buttons.nth(remove_buttons.count() - 1).click()
-    dialog.locator(".table-alter-save").click()
-
-    review = dialog.locator(".table-alter-review")
-    review.wait_for()
-    assert not dialog.locator(".table-alter-column-list").is_visible()
-    review_text = review.inner_text()
-    assert "Warning: data in dropped columns will be permanently lost." in review_text
-    assert "Drop column score." in review_text
-    assert "Set column order to" not in review_text
-    assert dialog.locator(".table-alter-review-damaging").inner_text() == (
-        "Drop column score."
-    )
-
-    dialog.locator(".table-alter-back").click()
-    assert dialog.locator(".table-alter-column-list").is_visible()
-    assert dialog.locator(".table-alter-save").inner_text() == "Review changes"
-
-
-@pytest.mark.playwright
-def test_alter_table_cancel_skips_discard_prompt(page, datasette_server):
-    def open_alter_dialog():
-        page.locator("details.actions-menu-links").evaluate("node => node.open = true")
-        page.locator('button[data-table-action="alter-table"]').click()
-        dialog = page.locator("#table-alter-dialog")
-        dialog.wait_for()
-        return dialog
-
-    page.goto(f"{datasette_server}data/projects")
-    page.evaluate("""
-        () => {
-            window.__discardConfirmMessages = [];
-            window.confirm = (message) => {
-                window.__discardConfirmMessages.push(message);
-                return false;
-            };
-        }
-        """)
-
-    dialog = open_alter_dialog()
-    dialog.locator(".table-alter-add-column").click()
-    dialog.locator(".table-alter-column-name").last.fill("cancel_me")
-    dialog.locator(".table-alter-cancel").click()
-    assert dialog.evaluate("node => node.open") is False
-    assert page.evaluate("() => window.__discardConfirmMessages") == []
-
-    dialog = open_alter_dialog()
-    dialog.locator(".table-alter-add-column").click()
-    dialog.locator(".table-alter-column-name").last.fill("escape_me")
-    page.keyboard.press("Escape")
-    assert page.evaluate("() => window.__discardConfirmMessages") == [
-        "Discard table changes?"
-    ]
-    assert dialog.evaluate("node => node.open") is True
-
-    page.evaluate("() => window.__discardConfirmMessages = []")
-    dialog.evaluate(
-        """node => node.dispatchEvent(new MouseEvent("click", {bubbles: true}))"""
-    )
-    assert page.evaluate("() => window.__discardConfirmMessages") == [
-        "Discard table changes?"
-    ]
-    assert dialog.evaluate("node => node.open") is True
-
-
-@pytest.mark.playwright
-def test_navigation_search_tracks_and_renders_recent_items(page, datasette_server):
-    page.goto(datasette_server)
-    open_jump_menu(page)
-    search = page.locator("navigation-search .search-input")
-    search.fill("projects")
-    result = page.locator("navigation-search .result-item", has_text="projects").first
-    result.wait_for()
-    result.click()
-    page.wait_for_url("**/data/projects")
-
-    page.goto(datasette_server)
-    open_jump_menu(page)
-    results = page.locator("navigation-search .results-container")
-    results.locator(".results-heading", has_text="Recent").wait_for()
-    assert "projects" in results.inner_text()
-
-    page.locator("navigation-search [data-clear-recent-items]").click()
-    page.locator("navigation-search .results-container", has_text="Recent").wait_for(
-        state="detached"
-    )
-
-
-@pytest.mark.playwright
-def test_navigation_search_renders_jump_sections_from_javascript_plugins(
-    page, datasette_server
-):
-    page.goto(datasette_server)
-    open_jump_menu(page)
-    button = page.locator("navigation-search [data-playwright-agent-chat]")
-    button.wait_for()
-    assert button.inner_text() == "Start a new agent chat"
-    button.click()
-    page.wait_for_url("**/-/playwright-agent")
-
-
-@pytest.mark.playwright
-def test_insert_row_flow_uses_custom_column_field(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator('button[data-table-action="insert-row"]').click()
-
-    dialog = page.locator("#row-edit-dialog")
-    dialog.wait_for()
-    dialog.locator('input[name="title"]').fill("Launch Datasette Cloud")
-    dialog.locator('textarea[name="metadata"]').fill(
-        '{"ok": false, "source": "playwright"}'
-    )
-    dialog.locator('textarea[name="notes"]').fill("Inserted from Playwright")
-
-    asset = dialog.locator(".playwright-asset-picker")
-    asset.wait_for()
-    assert asset.get_attribute("data-column") == "logo"
-    assert asset.get_attribute("data-database") == "data"
-    assert asset.get_attribute("data-table") == "projects"
-    assert asset.get_attribute("data-mode") == "insert"
-    asset.locator(".playwright-asset-select").click()
-    assert asset.locator(".playwright-asset-value").inner_text() == "asset-from-plugin"
-
-    dialog.locator(".row-edit-save").click()
-    page.locator(".row-mutation-status", has_text="Inserted row 2").wait_for()
-    row = page.locator('tr[data-row="2"]')
-    row.wait_for()
-    assert "Launch Datasette Cloud" in row.inner_text()
-
-    data = project_row(datasette_server, 2)
-    assert data["title"] == "Launch Datasette Cloud"
-    assert data["metadata"] == '{"ok": false, "source": "playwright"}'
-    assert data["logo"] == "asset-from-plugin"
-    assert data["notes"] == "Inserted from Playwright"
-    assert data["score"] == 5
-
-
-@pytest.mark.playwright
-def test_edit_row_flow_validates_json_and_saves_changes(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator('tr[data-row="1"] button[data-row-action="edit"]').click()
-
-    dialog = page.locator("#row-edit-dialog")
-    dialog.wait_for()
-    title = dialog.locator('input[name="title"]')
-    title.wait_for()
-    title.fill("Build Datasette, edited")
-
-    metadata = dialog.locator('textarea[name="metadata"]')
-    metadata.fill("{")
-    dialog.locator(
-        ".row-edit-field-validation-error", has_text="Invalid JSON"
-    ).wait_for()
-    dialog.locator(".row-edit-save").click()
-    assert dialog.evaluate("node => node.open")
-    assert project_row(datasette_server, 1)["title"] == "Build Datasette"
-
-    metadata.fill('{"ok": true, "edited": true}')
-    dialog.locator(
-        ".row-edit-field-validation-error", has_text="Invalid JSON"
-    ).wait_for(state="hidden")
-    dialog.locator('textarea[name="notes"]').fill("Edited from Playwright")
-    asset = dialog.locator(".playwright-asset-picker")
-    asset.wait_for()
-    assert asset.get_attribute("data-mode") == "edit"
-    asset.locator(".playwright-asset-select").click()
-
-    dialog.locator(".row-edit-save").click()
-    page.locator(".row-mutation-status", has_text="Updated row 1").wait_for()
-    row = page.locator('tr[data-row="1"]')
-    assert "Build Datasette, edited" in row.inner_text()
-
-    data = project_row(datasette_server, 1)
-    assert data["title"] == "Build Datasette, edited"
-    assert data["metadata"] == '{"ok": true, "edited": true}'
-    assert data["logo"] == "asset-from-plugin"
-    assert data["notes"] == "Edited from Playwright"
-
-
-@pytest.mark.playwright
-def test_delete_row_flow_removes_row(page, datasette_server):
-    page.goto(f"{datasette_server}data/projects")
-    page.locator('tr[data-row="1"] button[data-row-action="delete"]').click()
-
-    dialog = page.locator("#row-delete-dialog")
-    dialog.wait_for()
-    assert "Delete row 1" in dialog.inner_text()
-    dialog.locator(".row-delete-confirm").click()
-
-    page.locator(".row-mutation-status", has_text="Deleted row 1").wait_for()
-    page.locator('tr[data-row="1"]').wait_for(state="detached")
-    assert project_rows(datasette_server, id=1) == []
diff --git a/tests/test_plugins.py b/tests/test_plugins.py
index da14c714..44ac0b8e 100644
--- a/tests/test_plugins.py
+++ b/tests/test_plugins.py
@@ -1,195 +1,106 @@
 from bs4 import BeautifulSoup as Soup
-from .fixtures import (
-    make_app_client,
-    TEMP_PLUGIN_SECRET_FILE,
-    PLUGINS_DIR,
-    TestClient as _TestClient,
-)  # noqa
-from click.testing import CliRunner
-from datasette.app import Datasette
-from datasette import cli, hookimpl
-from datasette.fixtures import TABLES
-from datasette.filters import FilterArguments
-from datasette.plugins import get_plugins, DEFAULT_PLUGINS, pm
-from datasette.permissions import PermissionSQL, Action
-from datasette.resources import DatabaseResource
-from datasette.utils.sqlite import sqlite3
-from datasette.utils import StartupError, await_me_maybe
-from jinja2 import ChoiceLoader, FileSystemLoader
+from .fixtures import app_client, make_app_client, TEMP_PLUGIN_SECRET_FILE  # noqa
+from datasette.utils import sqlite3
 import base64
-import datetime
-import importlib
 import json
 import os
 import pathlib
 import re
-import textwrap
 import pytest
 import urllib
 
-at_memory_re = re.compile(r" at 0x\w+")
 
-
-@pytest.mark.parametrize(
-    "plugin_hook", [name for name in dir(pm.hook) if not name.startswith("_")]
-)
-def test_plugin_hooks_have_tests(plugin_hook):
-    """Every plugin hook should be referenced in this test module"""
-    tests_in_this_module = [t for t in globals().keys() if t.startswith("test_hook_")]
-    ok = False
-    for test in tests_in_this_module:
-        if plugin_hook in test:
-            ok = True
-    assert ok, f"Plugin hook is missing tests: {plugin_hook}"
-
-
-def test_hook_jump_items_sql():
-    # Detailed behavior is covered in tests/test_jump.py.
-    assert "jump_items_sql" in dir(pm.hook)
-
-
-@pytest.mark.asyncio
-async def test_hook_plugins_dir_plugin_prepare_connection(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?_shape=arrayfirst&sql=select+convert_units(100%2C+'m'%2C+'ft')"
+def test_plugins_dir_plugin_prepare_connection(app_client):
+    response = app_client.get(
+        "/fixtures.json?sql=select+convert_units(100%2C+'m'%2C+'ft')"
     )
-    assert response.json()[0] == pytest.approx(328.0839)
+    assert pytest.approx(328.0839) == response.json["rows"][0][0]
 
 
-@pytest.mark.asyncio
-async def test_hook_plugin_prepare_connection_arguments(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?sql=select+prepare_connection_args()&_shape=arrayfirst"
+def test_plugin_prepare_connection_arguments(app_client):
+    response = app_client.get(
+        "/fixtures.json?sql=select+prepare_connection_args()&_shape=arrayfirst"
     )
     assert [
         "database=fixtures, datasette.plugin_config(\"name-of-plugin\")={'depth': 'root'}"
-    ] == response.json()
-
-    # Function should not be available on the internal database
-    db = ds_client.ds.get_internal_database()
-    with pytest.raises(sqlite3.OperationalError):
-        await db.execute("select prepare_connection_args()")
+    ] == response.json
 
 
-@pytest.mark.asyncio
 @pytest.mark.parametrize(
     "path,expected_decoded_object",
     [
+        ("/", {"template": "index.html", "database": None, "table": None}),
         (
-            "/",
-            {
-                "template": "index.html",
-                "database": None,
-                "table": None,
-                "view_name": "index",
-                "request_path": "/",
-                "added": 15,
-                "columns": None,
-            },
-        ),
-        (
-            "/fixtures",
-            {
-                "template": "database.html",
-                "database": "fixtures",
-                "table": None,
-                "view_name": "database",
-                "request_path": "/fixtures",
-                "added": 15,
-                "columns": None,
-            },
+            "/fixtures/",
+            {"template": "database.html", "database": "fixtures", "table": None},
         ),
         (
             "/fixtures/sortable",
-            {
-                "template": "table.html",
-                "database": "fixtures",
-                "table": "sortable",
-                "view_name": "table",
-                "request_path": "/fixtures/sortable",
-                "added": 15,
-                "columns": [
-                    "pk1",
-                    "pk2",
-                    "content",
-                    "sortable",
-                    "sortable_with_nulls",
-                    "sortable_with_nulls_2",
-                    "text",
-                ],
-            },
+            {"template": "table.html", "database": "fixtures", "table": "sortable"},
         ),
     ],
 )
-async def test_hook_extra_css_urls(ds_client, path, expected_decoded_object):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    links = Soup(response.text, "html.parser").find_all("link")
+def test_plugin_extra_css_urls(app_client, path, expected_decoded_object):
+    response = app_client.get(path)
+    links = Soup(response.body, "html.parser").findAll("link")
     special_href = [
-        link
-        for link in links
-        if link.attrs["href"].endswith("/extra-css-urls-demo.css")
+        l for l in links if l.attrs["href"].endswith("/extra-css-urls-demo.css")
     ][0]["href"]
     # This link has a base64-encoded JSON blob in it
     encoded = special_href.split("/")[3]
-    actual_decoded_object = json.loads(base64.b64decode(encoded).decode("utf8"))
-    assert expected_decoded_object == actual_decoded_object
+    assert expected_decoded_object == json.loads(
+        base64.b64decode(encoded).decode("utf8")
+    )
 
 
-@pytest.mark.asyncio
-async def test_hook_extra_js_urls(ds_client):
-    response = await ds_client.get("/")
-    scripts = Soup(response.text, "html.parser").find_all("script")
-    script_attrs = [s.attrs for s in scripts]
-    for attrs in [
-        {
+def test_plugin_extra_js_urls(app_client):
+    response = app_client.get("/")
+    scripts = Soup(response.body, "html.parser").findAll("script")
+    assert [
+        s
+        for s in scripts
+        if s.attrs
+        == {
             "integrity": "SRIHASH",
             "crossorigin": "anonymous",
-            "src": "https://plugin-example.datasette.io/jquery.js",
-        },
-        {
-            "src": "https://plugin-example.datasette.io/plugin.module.js",
-            "type": "module",
-        },
-    ]:
-        assert any(s == attrs for s in script_attrs), "Expected: {}".format(attrs)
+            "src": "https://example.com/jquery.js",
+        }
+    ]
 
 
-@pytest.mark.asyncio
-async def test_plugins_with_duplicate_js_urls(ds_client):
+def test_plugins_with_duplicate_js_urls(app_client):
     # If two plugins both require jQuery, jQuery should be loaded only once
-    response = await ds_client.get("/fixtures")
+    response = app_client.get("/fixtures")
     # This test is a little tricky, as if the user has any other plugins in
     # their current virtual environment those may affect what comes back too.
-    # What matters is that https://plugin-example.datasette.io/jquery.js is only there once
+    # What matters is that https://example.com/jquery.js is only there once
     # and it comes before plugin1.js and plugin2.js which could be in either
     # order
-    scripts = Soup(response.text, "html.parser").find_all("script")
+    scripts = Soup(response.body, "html.parser").findAll("script")
     srcs = [s["src"] for s in scripts if s.get("src")]
     # No duplicates allowed:
     assert len(srcs) == len(set(srcs))
     # jquery.js loaded once:
-    assert 1 == srcs.count("https://plugin-example.datasette.io/jquery.js")
+    assert 1 == srcs.count("https://example.com/jquery.js")
     # plugin1.js and plugin2.js are both there:
-    assert 1 == srcs.count("https://plugin-example.datasette.io/plugin1.js")
-    assert 1 == srcs.count("https://plugin-example.datasette.io/plugin2.js")
+    assert 1 == srcs.count("https://example.com/plugin1.js")
+    assert 1 == srcs.count("https://example.com/plugin2.js")
     # jquery comes before them both
-    assert srcs.index("https://plugin-example.datasette.io/jquery.js") < srcs.index(
-        "https://plugin-example.datasette.io/plugin1.js"
+    assert srcs.index("https://example.com/jquery.js") < srcs.index(
+        "https://example.com/plugin1.js"
     )
-    assert srcs.index("https://plugin-example.datasette.io/jquery.js") < srcs.index(
-        "https://plugin-example.datasette.io/plugin2.js"
+    assert srcs.index("https://example.com/jquery.js") < srcs.index(
+        "https://example.com/plugin2.js"
     )
 
 
-@pytest.mark.asyncio
-async def test_hook_render_cell_link_from_json(ds_client):
+def test_plugins_render_cell_link_from_json(app_client):
     sql = """
         select '{"href": "http://example.com/", "label":"Example"}'
     """.strip()
-    path = "/fixtures/-/query?" + urllib.parse.urlencode({"sql": sql})
-    response = await ds_client.get(path)
-    td = Soup(response.text, "html.parser").find("table").find("tbody").find("td")
+    path = "/fixtures?" + urllib.parse.urlencode({"sql": sql})
+    response = app_client.get(path)
+    td = Soup(response.body, "html.parser").find("table").find("tbody").find("td")
     a = td.find("a")
     assert a is not None, str(a)
     assert a.attrs["href"] == "http://example.com/"
@@ -197,127 +108,52 @@ async def test_hook_render_cell_link_from_json(ds_client):
     assert a.text == "Example"
 
 
-@pytest.mark.asyncio
-async def test_hook_render_cell_demo(ds_client):
-    response = await ds_client.get(
-        "/fixtures/simple_primary_key?id=4&_render_cell_extra=1"
-    )
-    soup = Soup(response.text, "html.parser")
+def test_plugins_render_cell_demo(app_client):
+    response = app_client.get("/fixtures/simple_primary_key?id=4")
+    soup = Soup(response.body, "html.parser")
     td = soup.find("td", {"class": "col-content"})
-    assert json.loads(td.string) == {
-        "row": {"id": 4, "content": "RENDER_CELL_DEMO"},
+    assert {
         "column": "content",
         "table": "simple_primary_key",
         "database": "fixtures",
-        "pks": ["id"],
         "config": {"depth": "table", "special": "this-is-simple_primary_key"},
-        "render_cell_extra": 1,
-    }
+    } == json.loads(td.string)
 
 
-@pytest.mark.asyncio
-async def test_hook_render_cell_pks_single_pk(ds_client):
-    """pks should be ["id"] for a table with a single primary key"""
-    response = await ds_client.get("/fixtures/simple_primary_key?id=4")
-    soup = Soup(response.text, "html.parser")
-    td = soup.find("td", {"class": "col-content"})
-    data = json.loads(td.string)
-    assert data["pks"] == ["id"]
-
-
-@pytest.mark.asyncio
-async def test_hook_render_cell_pks_compound_pk(ds_client):
-    """pks should list all primary key columns for a compound pk table"""
-    response = await ds_client.get("/fixtures/compound_primary_key?pk1=d&pk2=e")
-    soup = Soup(response.text, "html.parser")
-    td = soup.find("td", {"class": "col-content"})
-    data = json.loads(td.string)
-    assert data["pks"] == ["pk1", "pk2"]
-
-
-@pytest.mark.asyncio
-async def test_hook_render_cell_pks_rowid_table(ds_client):
-    """pks should be ["rowid"] for a table with no explicit primary key"""
-    response = await ds_client.get("/fixtures/no_primary_key?content=RENDER_CELL_DEMO")
-    soup = Soup(response.text, "html.parser")
-    td = soup.find("td", {"class": "col-content"})
-    data = json.loads(td.string)
-    assert data["pks"] == ["rowid"]
-
-
-@pytest.mark.asyncio
-async def test_hook_render_cell_pks_custom_sql(ds_client):
-    """pks should be [] for custom SQL queries"""
-    response = await ds_client.get(
-        "/fixtures/-/query?sql=select+'RENDER_CELL_DEMO'+as+content"
-    )
-    soup = Soup(response.text, "html.parser")
-    td = soup.find("td", {"class": "col-content"})
-    data = json.loads(td.string)
-    assert data["pks"] == []
-    assert data["table"] is None
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path",
-    (
-        "/fixtures/-/query?sql=select+'RENDER_CELL_ASYNC'",
-        "/fixtures/simple_primary_key",
-    ),
-)
-async def test_hook_render_cell_async(ds_client, path):
-    response = await ds_client.get(path)
-    assert b"RENDER_CELL_ASYNC_RESULT" in response.content
-
-
-@pytest.mark.asyncio
-async def test_plugin_config(ds_client):
-    assert {"depth": "table"} == ds_client.ds.plugin_config(
+def test_plugin_config(app_client):
+    assert {"depth": "table"} == app_client.ds.plugin_config(
         "name-of-plugin", database="fixtures", table="sortable"
     )
-    assert {"depth": "database"} == ds_client.ds.plugin_config(
+    assert {"depth": "database"} == app_client.ds.plugin_config(
         "name-of-plugin", database="fixtures", table="unknown_table"
     )
-    assert {"depth": "database"} == ds_client.ds.plugin_config(
+    assert {"depth": "database"} == app_client.ds.plugin_config(
         "name-of-plugin", database="fixtures"
     )
-    assert {"depth": "root"} == ds_client.ds.plugin_config(
+    assert {"depth": "root"} == app_client.ds.plugin_config(
         "name-of-plugin", database="unknown_database"
     )
-    assert {"depth": "root"} == ds_client.ds.plugin_config("name-of-plugin")
-    assert None is ds_client.ds.plugin_config("unknown-plugin")
+    assert {"depth": "root"} == app_client.ds.plugin_config("name-of-plugin")
+    assert None is app_client.ds.plugin_config("unknown-plugin")
 
 
-@pytest.mark.asyncio
-async def test_plugin_config_env(ds_client, monkeypatch):
-    monkeypatch.setenv("FOO_ENV", "FROM_ENVIRONMENT")
-    assert ds_client.ds.plugin_config("env-plugin") == {"foo": "FROM_ENVIRONMENT"}
-
-
-@pytest.mark.asyncio
-async def test_plugin_config_env_from_config(monkeypatch):
-    monkeypatch.setenv("FOO_ENV", "FROM_ENVIRONMENT_2")
-    datasette = Datasette(
-        config={"plugins": {"env-plugin": {"setting": {"$env": "FOO_ENV"}}}}
-    )
-    assert datasette.plugin_config("env-plugin") == {"setting": "FROM_ENVIRONMENT_2"}
-
-
-@pytest.mark.asyncio
-async def test_plugin_config_env_from_list(ds_client):
+def test_plugin_config_env(app_client):
     os.environ["FOO_ENV"] = "FROM_ENVIRONMENT"
-    assert [{"in_a_list": "FROM_ENVIRONMENT"}] == ds_client.ds.plugin_config(
-        "env-plugin-list"
-    )
+    assert {"foo": "FROM_ENVIRONMENT"} == app_client.ds.plugin_config("env-plugin")
+    # Ensure secrets aren't visible in /-/metadata.json
+    metadata = app_client.get("/-/metadata.json")
+    assert {"foo": {"$env": "FOO_ENV"}} == metadata.json["plugins"]["env-plugin"]
     del os.environ["FOO_ENV"]
 
 
-@pytest.mark.asyncio
-async def test_plugin_config_file(ds_client):
-    with open(TEMP_PLUGIN_SECRET_FILE, "w") as fp:
-        fp.write("FROM_FILE")
-    assert {"foo": "FROM_FILE"} == ds_client.ds.plugin_config("file-plugin")
+def test_plugin_config_file(app_client):
+    open(TEMP_PLUGIN_SECRET_FILE, "w").write("FROM_FILE")
+    assert {"foo": "FROM_FILE"} == app_client.ds.plugin_config("file-plugin")
+    # Ensure secrets aren't visible in /-/metadata.json
+    metadata = app_client.get("/-/metadata.json")
+    assert {"foo": {"$file": TEMP_PLUGIN_SECRET_FILE}} == metadata.json["plugins"][
+        "file-plugin"
+    ]
     os.remove(TEMP_PLUGIN_SECRET_FILE)
 
 
@@ -331,23 +167,15 @@ async def test_plugin_config_file(ds_client):
                 "database": None,
                 "table": None,
                 "config": {"depth": "root"},
-                "view_name": "index",
-                "request_path": "/",
-                "added": 15,
-                "columns": None,
             },
         ),
         (
-            "/fixtures",
+            "/fixtures/",
             {
                 "template": "database.html",
                 "database": "fixtures",
                 "table": None,
                 "config": {"depth": "database"},
-                "view_name": "database",
-                "request_path": "/fixtures",
-                "added": 15,
-                "columns": None,
             },
         ),
         (
@@ -357,1680 +185,59 @@ async def test_plugin_config_file(ds_client):
                 "database": "fixtures",
                 "table": "sortable",
                 "config": {"depth": "table"},
-                "view_name": "table",
-                "request_path": "/fixtures/sortable",
-                "added": 15,
-                "columns": [
-                    "pk1",
-                    "pk2",
-                    "content",
-                    "sortable",
-                    "sortable_with_nulls",
-                    "sortable_with_nulls_2",
-                    "text",
-                ],
             },
         ),
     ],
 )
-def test_hook_extra_body_script(app_client, path, expected_extra_body_script):
-    r = re.compile(r"")
-    response = app_client.get(path)
-    assert response.status_code == 200, response.text
-    match = r.search(response.text)
-    assert match is not None, "No extra_body_script found in HTML"
-    json_data = match.group(1)
+def test_plugins_extra_body_script(app_client, path, expected_extra_body_script):
+    r = re.compile(r"")
+    json_data = r.search(app_client.get(path).body.decode("utf8")).group(1)
     actual_data = json.loads(json_data)
     assert expected_extra_body_script == actual_data
 
 
-@pytest.mark.asyncio
-async def test_hook_asgi_wrapper(ds_client):
-    response = await ds_client.get("/fixtures")
+def test_plugins_asgi_wrapper(app_client):
+    response = app_client.get("/fixtures")
     assert "fixtures" == response.headers["x-databases"]
 
 
-def test_hook_extra_template_vars(restore_working_directory):
-    with make_app_client(
+def test_plugins_extra_template_vars(restore_working_directory):
+    for client in make_app_client(
         template_dir=str(pathlib.Path(__file__).parent / "test_templates")
-    ) as client:
-        response = client.get("/-/versions")
-        assert response.status_code == 200
+    ):
+        response = client.get("/-/metadata")
+        assert response.status == 200
         extra_template_vars = json.loads(
-            Soup(response.text, "html.parser").select("pre.extra_template_vars")[0].text
+            Soup(response.body, "html.parser").select("pre.extra_template_vars")[0].text
         )
         assert {
             "template": "show_json.html",
-            "scope_path": "/-/versions",
-            "columns": None,
+            "scope_path": "/-/metadata",
         } == extra_template_vars
         extra_template_vars_from_awaitable = json.loads(
-            Soup(response.text, "html.parser")
+            Soup(response.body, "html.parser")
             .select("pre.extra_template_vars_from_awaitable")[0]
             .text
         )
         assert {
             "template": "show_json.html",
             "awaitable": True,
-            "scope_path": "/-/versions",
+            "scope_path": "/-/metadata",
         } == extra_template_vars_from_awaitable
 
 
 def test_plugins_async_template_function(restore_working_directory):
-    with make_app_client(
+    for client in make_app_client(
         template_dir=str(pathlib.Path(__file__).parent / "test_templates")
-    ) as client:
-        response = client.get("/-/versions")
-        assert response.status_code == 200
+    ):
+        response = client.get("/-/metadata")
+        assert response.status == 200
         extra_from_awaitable_function = (
-            Soup(response.text, "html.parser")
+            Soup(response.body, "html.parser")
             .select("pre.extra_from_awaitable_function")[0]
             .text
         )
-        conn = sqlite3.connect(":memory:")
-        expected = conn.execute("select sqlite_version()").fetchone()[0]
-        conn.close()
+        expected = (
+            sqlite3.connect(":memory:").execute("select sqlite_version()").fetchone()[0]
+        )
         assert expected == extra_from_awaitable_function
-
-
-def test_default_plugins_have_no_templates_path_or_static_path():
-    # The default plugins that ship with Datasette should have their static_path and
-    # templates_path all set to None
-    plugins = get_plugins()
-    for plugin in plugins:
-        if plugin["name"] in DEFAULT_PLUGINS:
-            assert None is plugin["static_path"]
-            assert None is plugin["templates_path"]
-
-
-@pytest.fixture(scope="session")
-def view_names_client(tmp_path_factory):
-    tmpdir = tmp_path_factory.mktemp("test-view-names")
-    templates = tmpdir / "templates"
-    templates.mkdir()
-    plugins = tmpdir / "plugins"
-    plugins.mkdir()
-    for template in (
-        "index.html",
-        "database.html",
-        "table.html",
-        "row.html",
-        "show_json.html",
-        "query.html",
-    ):
-        (templates / template).write_text("view_name:{{ view_name }}", "utf-8")
-    (plugins / "extra_vars.py").write_text(
-        textwrap.dedent("""
-        from datasette import hookimpl
-        @hookimpl
-        def extra_template_vars(view_name):
-            return {"view_name": view_name}
-    """),
-        "utf-8",
-    )
-    db_path = str(tmpdir / "fixtures.db")
-    conn = sqlite3.connect(db_path)
-    conn.executescript(TABLES)
-    conn.close()
-    return _TestClient(
-        Datasette([db_path], template_dir=str(templates), plugins_dir=str(plugins))
-    )
-
-
-@pytest.mark.parametrize(
-    "path,view_name",
-    (
-        ("/", "index"),
-        ("/fixtures", "database"),
-        ("/fixtures/facetable", "table"),
-        ("/fixtures/facetable/1", "row"),
-        ("/-/versions", "json_data"),
-        ("/fixtures/-/query?sql=select+1", "database"),
-    ),
-)
-def test_view_names(view_names_client, path, view_name):
-    response = view_names_client.get(path)
-    assert response.status_code == 200
-    assert f"view_name:{view_name}" == response.text
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_no_parameters(ds_client):
-    response = await ds_client.get("/fixtures/facetable.testnone")
-    assert response.status_code == 200
-    assert b"Hello" == response.content
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_all_parameters(ds_client):
-    response = await ds_client.get("/fixtures/facetable.testall")
-    assert response.status_code == 200
-    # Lots of 'at 0x103a4a690' in here - replace those so we can do
-    # an easy comparison
-    body = at_memory_re.sub(" at 0xXXX", response.text)
-    assert json.loads(body) == {
-        "datasette": "",
-        "columns": [
-            "pk",
-            "created",
-            "planet_int",
-            "on_earth",
-            "state",
-            "_city_id",
-            "_neighborhood",
-            "tags",
-            "complex_array",
-            "distinct_some_null",
-            "n",
-        ],
-        "rows": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-        ],
-        "sql": "select pk, created, planet_int, on_earth, state, _city_id, _neighborhood, tags, complex_array, distinct_some_null, n from facetable order by pk limit 51",
-        "query_name": None,
-        "database": "fixtures",
-        "table": "facetable",
-        "request": '',
-        "view_name": "table",
-        "1+1": 2,
-    }
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_custom_status_code(ds_client):
-    response = await ds_client.get(
-        "/fixtures/pragma_cache_size.testall?status_code=202"
-    )
-    assert response.status_code == 202
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_custom_content_type(ds_client):
-    response = await ds_client.get(
-        "/fixtures/pragma_cache_size.testall?content_type=text/blah"
-    )
-    assert "text/blah" == response.headers["content-type"]
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_custom_headers(ds_client):
-    response = await ds_client.get(
-        "/fixtures/pragma_cache_size.testall?header=x-wow:1&header=x-gosh:2"
-    )
-    assert "1" == response.headers["x-wow"]
-    assert "2" == response.headers["x-gosh"]
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_returning_response(ds_client):
-    response = await ds_client.get("/fixtures/facetable.testresponse")
-    assert response.status_code == 200
-    assert response.json() == {"this_is": "json"}
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_returning_broken_value(ds_client):
-    response = await ds_client.get("/fixtures/facetable.testresponse?_broken=1")
-    assert response.status_code == 500
-    assert "this should break should be dict or Response" in response.text
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_can_render(ds_client):
-    response = await ds_client.get("/fixtures/facetable?_no_can_render=1")
-    assert response.status_code == 200
-    links = (
-        Soup(response.text, "html.parser")
-        .find("p", {"class": "export-links"})
-        .find_all("a")
-    )
-    actual = [link["href"] for link in links]
-    # Should not be present because we sent ?_no_can_render=1
-    assert "/fixtures/facetable.testall?_labels=on" not in actual
-    # Check that it was passed the values we expected
-    assert hasattr(ds_client.ds, "_can_render_saw")
-    assert {
-        "datasette": ds_client.ds,
-        "columns": [
-            "pk",
-            "created",
-            "planet_int",
-            "on_earth",
-            "state",
-            "_city_id",
-            "_neighborhood",
-            "tags",
-            "complex_array",
-            "distinct_some_null",
-            "n",
-        ],
-        "sql": "select pk, created, planet_int, on_earth, state, _city_id, _neighborhood, tags, complex_array, distinct_some_null, n from facetable order by pk limit 51",
-        "query_name": None,
-        "database": "fixtures",
-        "table": "facetable",
-        "view_name": "table",
-    }.items() <= ds_client.ds._can_render_saw.items()
-
-
-@pytest.mark.asyncio
-async def test_hook_register_output_renderer_can_render_canned_query(ds_client):
-    # https://github.com/simonw/datasette/issues/2711
-    # can_render for a canned query must be passed the query's columns, rows
-    # and SQL - previously it received an empty data dict, so renderers that
-    # depend on the columns (datasette-atom, datasette-ics) never showed up.
-    response = await ds_client.get("/fixtures/pragma_cache_size")
-    assert response.status_code == 200
-    saw = ds_client.ds._can_render_saw
-    assert saw["columns"] == ["cache_size"]
-    assert len(saw["rows"]) == 1
-    assert saw["sql"] == "PRAGMA cache_size;"
-    assert saw["query_name"] == "pragma_cache_size"
-    # The renderer's export link should therefore be offered
-    links = (
-        Soup(response.text, "html.parser")
-        .find("p", {"class": "export-links"})
-        .find_all("a")
-    )
-    actual = [link["href"] for link in links]
-    assert any(
-        href.startswith("/fixtures/pragma_cache_size.testall") for href in actual
-    )
-
-
-@pytest.mark.asyncio
-async def test_hook_prepare_jinja2_environment(ds_client):
-    ds_client.ds._HELLO = "HI"
-    await ds_client.ds.invoke_startup()
-    environment = ds_client.ds.get_jinja_environment(None)
-    template = environment.from_string(
-        "Hello there, {{ a|format_numeric }}, {{ a|to_hello }}, {{ b|select_times_three }}",
-        {"a": 3412341, "b": 5},
-    )
-    rendered = await ds_client.ds.render_template(template)
-    assert "Hello there, 3,412,341, HI, 15" == rendered
-
-
-def test_hook_publish_subcommand():
-    # This is hard to test properly, because publish subcommand plugins
-    # cannot be loaded using the --plugins-dir mechanism - they need
-    # to be installed using "pip install". So I'm cheating and taking
-    # advantage of the fact that cloudrun/heroku use the plugin hook
-    # to register themselves as default plugins.
-    assert ["cloudrun", "heroku"] == cli.publish.list_commands({})
-
-
-@pytest.mark.asyncio
-async def test_hook_register_facet_classes(ds_client):
-    response = await ds_client.get(
-        "/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets"
-    )
-    assert response.json()["suggested_facets"] == [
-        {
-            "name": "pk1",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet_dummy=pk1",
-            "type": "dummy",
-        },
-        {
-            "name": "pk2",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet_dummy=pk2",
-            "type": "dummy",
-        },
-        {
-            "name": "pk3",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet_dummy=pk3",
-            "type": "dummy",
-        },
-        {
-            "name": "content",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet_dummy=content",
-            "type": "dummy",
-        },
-        {
-            "name": "pk1",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet=pk1",
-        },
-        {
-            "name": "pk2",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet=pk2",
-        },
-        {
-            "name": "pk3",
-            "toggle_url": "http://localhost/fixtures/compound_three_primary_keys.json?_dummy_facet=1&_extra=suggested_facets&_facet=pk3",
-        },
-    ]
-
-
-@pytest.mark.asyncio
-async def test_hook_actor_from_request(ds_client):
-    await ds_client.get("/")
-    # Should have no actor
-    assert ds_client.ds._last_request.scope["actor"] is None
-    await ds_client.get("/?_bot=1")
-    # Should have bot actor
-    assert ds_client.ds._last_request.scope["actor"] == {"id": "bot"}
-
-
-@pytest.mark.asyncio
-async def test_hook_actor_from_request_async(ds_client):
-    await ds_client.get("/")
-    # Should have no actor
-    assert ds_client.ds._last_request.scope["actor"] is None
-    await ds_client.get("/?_bot2=1")
-    # Should have bot2 actor
-    assert ds_client.ds._last_request.scope["actor"] == {"id": "bot2", "1+1": 2}
-
-
-@pytest.mark.asyncio
-async def test_existing_scope_actor_respected(ds_client):
-    await ds_client.get("/?_actor_in_scope=1")
-    assert ds_client.ds._last_request.scope["actor"] == {"id": "from-scope"}
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "action,expected",
-    [
-        ("this_is_allowed", True),
-        ("this_is_denied", False),
-        ("this_is_allowed_async", True),
-        ("this_is_denied_async", False),
-    ],
-)
-async def test_hook_custom_allowed(action, expected):
-    # Test actions and permission logic are defined in tests/plugins/my_plugin.py
-    ds = Datasette(plugins_dir=PLUGINS_DIR)
-    await ds.invoke_startup()
-    actual = await ds.allowed(action=action, actor={"id": "actor"})
-    assert expected == actual
-
-
-@pytest.mark.asyncio
-async def test_hook_permission_resources_sql():
-    ds = Datasette()
-    await ds.invoke_startup()
-
-    collected = []
-    for block in ds.pm.hook.permission_resources_sql(
-        datasette=ds,
-        actor={"id": "alice"},
-        action="view-table",
-    ):
-        block = await await_me_maybe(block)
-        if block is None:
-            continue
-        if isinstance(block, (list, tuple)):
-            collected.extend(block)
-        else:
-            collected.append(block)
-
-    assert collected
-    assert all(isinstance(item, PermissionSQL) for item in collected)
-
-
-@pytest.mark.asyncio
-async def test_actor_json(ds_client):
-    assert (await ds_client.get("/-/actor.json")).json() == {"actor": None}
-    assert (await ds_client.get("/-/actor.json?_bot2=1")).json() == {
-        "actor": {"id": "bot2", "1+1": 2}
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,body",
-    [
-        ("/one/", "2"),
-        ("/two/Ray?greeting=Hail", "Hail Ray"),
-        ("/not-async/", "This was not async"),
-    ],
-)
-async def test_hook_register_routes(ds_client, path, body):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    assert response.text == body
-
-
-@pytest.mark.parametrize("configured_path", ("path1", "path2"))
-def test_hook_register_routes_with_datasette(configured_path):
-    with make_app_client(
-        config={
-            "plugins": {
-                "register-route-demo": {
-                    "path": configured_path,
-                }
-            }
-        }
-    ) as client:
-        response = client.get(f"/{configured_path}/")
-        assert response.status_code == 200
-        assert configured_path.upper() == response.text
-        # Other one should 404
-        other_path = [p for p in ("path1", "path2") if configured_path != p][0]
-        assert client.get(f"/{other_path}/", follow_redirects=True).status_code == 404
-
-
-def test_hook_register_routes_override():
-    "Plugins can over-ride default paths such as /db/table"
-    with make_app_client(
-        config={
-            "plugins": {
-                "register-route-demo": {
-                    "path": "blah",
-                }
-            }
-        }
-    ) as client:
-        response = client.get("/db/table")
-        assert response.status_code == 200
-        assert (
-            response.text
-            == "/db/table: [('db_name', 'db'), ('table_and_format', 'table')]"
-        )
-
-
-def test_hook_register_routes_post(app_client):
-    response = app_client.post("/post/", {"this is": "post data"})
-    assert response.status_code == 200
-    assert response.json["this is"] == "post data"
-
-
-def test_hook_register_routes_csrftoken(restore_working_directory, tmpdir_factory):
-    # csrftoken() is a legacy compatibility shim that returns a
-    # per-request random value - it is no longer used for CSRF enforcement.
-    templates = tmpdir_factory.mktemp("templates")
-    (templates / "csrftoken_form.html").write_text(
-        "CSRFTOKEN:{{ csrftoken() }}:END", "utf-8"
-    )
-    with make_app_client(template_dir=templates) as client:
-        response = client.get("/csrftoken-form/")
-        assert response.text.startswith("CSRFTOKEN:")
-        assert response.text.endswith(":END")
-        token = response.text[len("CSRFTOKEN:") : -len(":END")]
-        assert len(token) >= 20
-        assert "ds_csrftoken" not in response.cookies
-
-
-@pytest.mark.asyncio
-async def test_hook_register_routes_asgi(ds_client):
-    response = await ds_client.get("/three/")
-    assert {"hello": "world"} == response.json()
-    assert "1" == response.headers["x-three"]
-
-
-@pytest.mark.asyncio
-async def test_hook_register_routes_add_message(ds_client):
-    response = await ds_client.get("/add-message/")
-    assert response.status_code == 200
-    assert response.text == "Added message"
-    decoded = ds_client.ds.unsign(response.cookies["ds_messages"], "messages")
-    assert decoded == [["Hello from messages", 1]]
-
-
-def test_hook_register_routes_render_message(restore_working_directory, tmpdir_factory):
-    templates = tmpdir_factory.mktemp("templates")
-    (templates / "render_message.html").write_text('{% extends "base.html" %}', "utf-8")
-    with make_app_client(template_dir=templates) as client:
-        response1 = client.get("/add-message/")
-        response2 = client.get("/render-message/", cookies=response1.cookies)
-        assert 200 == response2.status
-        assert "Hello from messages" in response2.text
-
-
-@pytest.mark.asyncio
-async def test_hook_startup(ds_client):
-    await ds_client.ds.invoke_startup()
-    assert ds_client.ds._startup_hook_fired
-    assert 2 == ds_client.ds._startup_hook_calculation
-
-
-@pytest.mark.asyncio
-async def test_hook_startup_metadata_available(ds_client):
-    # Metadata from metadata.yaml should be populated before startup() fires
-    assert "title" in ds_client.ds._startup_metadata_keys
-
-
-@pytest.mark.asyncio
-async def test_hook_startup_catalog_populated(ds_client):
-    # Internal catalog tables should be populated before startup() fires
-    assert "fixtures" in ds_client.ds._startup_catalog_databases
-
-
-@pytest.mark.asyncio
-async def test_plugin_startup_can_add_queries():
-    ds = Datasette(memory=True)
-    ds.add_memory_database("plugin_startup_queries", name="data")
-
-    class AddQueriesPlugin:
-        __name__ = "AddQueriesPlugin"
-
-        @hookimpl
-        def startup(self, datasette):
-            async def inner():
-                result = await datasette.get_database("data").execute("select 1 + 1")
-                await datasette.add_query(
-                    "data",
-                    "from_startup",
-                    "select {}".format(result.first()[0]),
-                    source="plugin",
-                )
-
-            return inner
-
-    ds.pm.register(AddQueriesPlugin(), name="add_queries_plugin")
-    try:
-        response = await ds.client.get("/data.json")
-    finally:
-        ds.pm.unregister(name="add_queries_plugin")
-
-    queries = response.json()["queries"]
-    queries_by_name = {q["name"]: q for q in queries}
-    assert queries_by_name["from_startup"]["sql"] == "select 2"
-    assert queries_by_name["from_startup"]["private"] is False
-
-
-@pytest.mark.asyncio
-async def test_plugin_startup_query_can_execute():
-    ds = Datasette(memory=True)
-    ds.add_memory_database("plugin_startup_query_execute", name="data")
-
-    class AddQueryPlugin:
-        __name__ = "AddQueryPlugin"
-
-        @hookimpl
-        def startup(self, datasette):
-            async def inner():
-                await datasette.add_query(
-                    "data", "from_startup", "select 2", source="plugin"
-                )
-
-            return inner
-
-    ds.pm.register(AddQueryPlugin(), name="add_query_plugin")
-    try:
-        response = await ds.client.get("/data/from_startup.json?_shape=array")
-    finally:
-        ds.pm.unregister(name="add_query_plugin")
-
-    assert [{"2": 2}] == response.json()
-
-
-def test_hook_register_magic_parameters(restore_working_directory):
-    with make_app_client(
-        extra_databases={"data.db": "create table logs (line text)"},
-        config={
-            "databases": {
-                "data": {
-                    "queries": {
-                        "runme": {
-                            "sql": "insert into logs (line) values (:_request_http_version)",
-                            "write": True,
-                        },
-                        "get_uuid": {
-                            "sql": "select :_uuid_new",
-                        },
-                        "asyncrequest": {
-                            "sql": "select :_asyncrequest_key",
-                        },
-                    }
-                }
-            }
-        },
-    ) as client:
-        response = client.post("/data/runme", {}, csrftoken_from=True)
-        assert response.status_code == 302
-        actual = client.get("/data/logs.json?_sort_desc=rowid&_shape=array").json
-        assert [{"rowid": 1, "line": "1.1"}] == actual
-        # Now try the GET request against get_uuid
-        response_get = client.get("/data/get_uuid.json?_shape=array")
-        assert 200 == response_get.status
-        new_uuid = response_get.json[0][":_uuid_new"]
-        assert 4 == new_uuid.count("-")
-        # And test the async one
-        response_async = client.get("/data/asyncrequest.json?_shape=array")
-        assert 200 == response_async.status
-        assert response_async.json[0][":_asyncrequest_key"] == "key"
-
-
-def test_hook_forbidden(restore_working_directory):
-    with make_app_client(
-        extra_databases={"data2.db": "create table logs (line text)"},
-        config={"allow": {}},
-    ) as client:
-        response = client.get("/")
-        assert response.status_code == 403
-        response2 = client.get("/data2")
-        assert 302 == response2.status
-        assert (
-            response2.headers["Location"]
-            == "/login?message=You do not have permission to view this database"
-        )
-        assert (
-            client.ds._last_forbidden_message
-            == "You do not have permission to view this database"
-        )
-
-
-@pytest.mark.asyncio
-async def test_hook_handle_exception(ds_client):
-    await ds_client.get("/trigger-error?x=123")
-    assert hasattr(ds_client.ds, "_exception_hook_fired")
-    request, exception = ds_client.ds._exception_hook_fired
-    assert request.url == "http://localhost/trigger-error?x=123"
-    assert isinstance(exception, ZeroDivisionError)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("param", ("_custom_error", "_custom_error_async"))
-async def test_hook_handle_exception_custom_response(ds_client, param):
-    response = await ds_client.get("/trigger-error?{}=1".format(param))
-    assert response.text == param
-
-
-@pytest.mark.asyncio
-async def test_hook_menu_links(ds_client):
-    def get_menu_links(html):
-        soup = Soup(html, "html.parser")
-        return [
-            {"label": a.text, "href": a["href"]} for a in soup.select(".nav-menu a")
-        ]
-
-    response = await ds_client.get("/")
-    assert get_menu_links(response.text) == []
-
-    response_2 = await ds_client.get("/?_bot=1&_hello=BOB")
-    assert get_menu_links(response_2.text) == [
-        {"label": "Hello, BOB", "href": "/"},
-        {"label": "Hello 2", "href": "/"},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_hook_table_actions(ds_client):
-    response = await ds_client.get("/fixtures/facetable")
-    assert get_actions_links(response.text) == []
-    assert get_actions_buttons(response.text) == []
-    response_2 = await ds_client.get("/fixtures/facetable?_bot=1&_hello=BOB")
-    assert ">Table actions<" in response_2.text
-    assert sorted(
-        get_actions_links(response_2.text), key=lambda link: link["label"]
-    ) == [
-        {"label": "Database: fixtures", "href": "/", "description": None},
-        {"label": "From async BOB", "href": "/", "description": None},
-        {"label": "Table: facetable", "href": "/", "description": None},
-    ]
-    response_3 = await ds_client.get("/fixtures/facetable?_bot=1&_button=1")
-    assert get_actions_buttons(response_3.text) == [
-        {
-            "label": "Plugin button",
-            "description": "Runs JavaScript from a plugin",
-            "attrs": {
-                "aria-label": "Plugin button for facetable",
-                "class": ["button-as-link", "action-menu-button"],
-                "data-database": "fixtures",
-                "data-plugin-action": "plugin-button",
-                "data-table": "facetable",
-                "role": "menuitem",
-                "tabindex": "-1",
-                "type": "button",
-            },
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_hook_view_actions(ds_client):
-    response = await ds_client.get("/fixtures/simple_view")
-    assert get_actions_links(response.text) == []
-    response_2 = await ds_client.get(
-        "/fixtures/simple_view",
-        actor={"id": "bob"},
-    )
-    assert ">View actions<" in response_2.text
-    assert sorted(
-        get_actions_links(response_2.text), key=lambda link: link["label"]
-    ) == [
-        {"label": "Database: fixtures", "href": "/", "description": None},
-        {"label": "View: simple_view", "href": "/", "description": None},
-    ]
-
-
-def get_actions_links(html):
-    soup = Soup(html, "html.parser")
-    details = soup.find("details", {"class": "actions-menu-links"})
-    if details is None:
-        return []
-    links = []
-    for a_el in details.select("a"):
-        description = None
-        description_el = a_el.find(class_="dropdown-description")
-        if description_el is not None:
-            description = description_el.text.strip()
-            description_el.extract()
-        label = a_el.text.strip()
-        href = a_el["href"]
-        links.append({"label": label, "href": href, "description": description})
-    return links
-
-
-def get_actions_buttons(html):
-    soup = Soup(html, "html.parser")
-    details = soup.find("details", {"class": "actions-menu-links"})
-    if details is None:
-        return []
-    buttons = []
-    for button_el in details.select("button.action-menu-button"):
-        description = None
-        description_el = button_el.find(class_="dropdown-description")
-        if description_el is not None:
-            description = description_el.text.strip()
-            description_el.extract()
-        buttons.append(
-            {
-                "label": button_el.text.strip(),
-                "description": description,
-                "attrs": dict(button_el.attrs),
-            }
-        )
-    return buttons
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_url",
-    (
-        ("/fixtures/-/query?sql=select+1", "/fixtures/-/query?sql=explain+select+1"),
-        pytest.param(
-            "/fixtures/pragma_cache_size",
-            "/fixtures/-/query?sql=explain+PRAGMA+cache_size%3B",
-        ),
-        # Don't attempt to explain an explain
-        ("/fixtures/-/query?sql=explain+select+1", None),
-    ),
-)
-async def test_hook_query_actions(ds_client, path, expected_url):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    links = get_actions_links(response.text)
-    if expected_url is None:
-        assert links == []
-    else:
-        assert links == [
-            {
-                "label": "Explain this query",
-                "href": expected_url,
-                "description": "Runs a SQLite explain",
-            }
-        ]
-
-
-@pytest.mark.asyncio
-async def test_hook_row_actions(ds_client):
-    response = await ds_client.get("/fixtures/facet_cities/1")
-    assert get_actions_links(response.text) == []
-
-    response_2 = await ds_client.get(
-        "/fixtures/facet_cities/1",
-        actor={"id": "sam"},
-    )
-    assert get_actions_links(response_2.text) == [
-        {
-            "label": "Row details for sam",
-            "href": "/",
-            "description": '{"id": 1, "name": "San Francisco"}',
-        }
-    ]
-
-
-@pytest.mark.asyncio
-async def test_hook_database_actions(ds_client):
-    response = await ds_client.get("/fixtures")
-    assert get_actions_links(response.text) == []
-
-    response_2 = await ds_client.get("/fixtures?_bot=1&_hello=BOB")
-    assert get_actions_links(response_2.text) == [
-        {"label": "Database: fixtures - BOB", "href": "/", "description": None},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_hook_homepage_actions(ds_client):
-    response = await ds_client.get("/")
-    # No button for anonymous users
-    assert "Homepage actions" not in response.text
-    # Signed in user gets an action
-    response2 = await ds_client.get("/", actor={"id": "troy"})
-    assert "Homepage actions" in response2.text
-    assert get_actions_links(response2.text) == [
-        {
-            "label": "Custom homepage for: troy",
-            "href": "/-/custom-homepage",
-            "description": None,
-        },
-    ]
-
-
-def _extract_commands(output):
-    lines = output.split("Commands:\n", 1)[1].split("\n")
-    return {line.split()[0].replace("*", "") for line in lines if line.strip()}
-
-
-def test_hook_register_commands():
-    # Without the plugin should have seven commands
-    runner = CliRunner()
-    result = runner.invoke(cli.cli, "--help")
-    commands = _extract_commands(result.output)
-    assert commands == {
-        "serve",
-        "inspect",
-        "install",
-        "package",
-        "plugins",
-        "publish",
-        "uninstall",
-        "create-token",
-    }
-
-    # Now install a plugin
-    class VerifyPlugin:
-        __name__ = "VerifyPlugin"
-
-        @hookimpl
-        def register_commands(self, cli):
-            @cli.command()
-            def verify():
-                pass
-
-            @cli.command()
-            def unverify():
-                pass
-
-    pm.register(VerifyPlugin(), name="verify")
-    importlib.reload(cli)
-    result2 = runner.invoke(cli.cli, "--help")
-    commands2 = _extract_commands(result2.output)
-    assert commands2 == {
-        "serve",
-        "inspect",
-        "install",
-        "package",
-        "plugins",
-        "publish",
-        "uninstall",
-        "verify",
-        "unverify",
-        "create-token",
-    }
-    pm.unregister(name="verify")
-    importlib.reload(cli)
-
-
-@pytest.mark.asyncio
-async def test_hook_filters_from_request(ds_client):
-    class ReturnNothingPlugin:
-        __name__ = "ReturnNothingPlugin"
-
-        @hookimpl
-        def filters_from_request(self, request):
-            if request.args.get("_nothing"):
-                return FilterArguments(["1 = 0"], human_descriptions=["NOTHING"])
-
-    ds_client.ds.pm.register(ReturnNothingPlugin(), name="ReturnNothingPlugin")
-    response = await ds_client.get("/fixtures/facetable?_nothing=1")
-    assert "0 rows\n        where NOTHING" in response.text
-    json_response = await ds_client.get("/fixtures/facetable.json?_nothing=1")
-    assert json_response.json()["rows"] == []
-    ds_client.ds.pm.unregister(name="ReturnNothingPlugin")
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("extra_metadata", (False, True))
-async def test_hook_register_actions(extra_metadata):
-
-    ds = Datasette(
-        config=(
-            {
-                "plugins": {
-                    "datasette-register-actions": {
-                        "actions": [
-                            {
-                                "name": "extra-from-metadata",
-                                "abbr": "efm",
-                                "description": "Extra from metadata",
-                            }
-                        ]
-                    }
-                }
-            }
-            if extra_metadata
-            else None
-        ),
-        plugins_dir=PLUGINS_DIR,
-    )
-    await ds.invoke_startup()
-    assert ds.actions["action-from-plugin"] == Action(
-        name="action-from-plugin",
-        abbr="ap",
-        description="New action added by a plugin",
-        resource_class=DatabaseResource,
-    )
-    if extra_metadata:
-        assert ds.actions["extra-from-metadata"] == Action(
-            name="extra-from-metadata",
-            abbr="efm",
-            description="Extra from metadata",
-        )
-    else:
-        assert "extra-from-metadata" not in ds.actions
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("duplicate", ("name", "abbr"))
-async def test_hook_register_actions_no_duplicates(duplicate):
-    name1, name2 = "name1", "name2"
-    abbr1, abbr2 = "abbr1", "abbr2"
-    if duplicate == "name":
-        name2 = "name1"
-    if duplicate == "abbr":
-        abbr2 = "abbr1"
-    ds = Datasette(
-        config={
-            "plugins": {
-                "datasette-register-actions": {
-                    "actions": [
-                        {
-                            "name": name1,
-                            "abbr": abbr1,
-                            "description": None,
-                        },
-                        {
-                            "name": name2,
-                            "abbr": abbr2,
-                            "description": None,
-                        },
-                    ]
-                }
-            }
-        },
-        plugins_dir=PLUGINS_DIR,
-    )
-    # This should error:
-    with pytest.raises(StartupError) as ex:
-        await ds.invoke_startup()
-        assert "Duplicate action {}".format(duplicate) in str(ex.value)
-
-
-@pytest.mark.asyncio
-async def test_hook_register_actions_allows_identical_duplicates():
-    ds = Datasette(
-        config={
-            "plugins": {
-                "datasette-register-actions": {
-                    "actions": [
-                        {
-                            "name": "name1",
-                            "abbr": "abbr1",
-                            "description": None,
-                        },
-                        {
-                            "name": "name1",
-                            "abbr": "abbr1",
-                            "description": None,
-                        },
-                    ]
-                }
-            }
-        },
-        plugins_dir=PLUGINS_DIR,
-    )
-    await ds.invoke_startup()
-    # Check that ds.actions has only one of each
-    assert len([p for p in ds.actions.values() if p.abbr == "abbr1"]) == 1
-
-
-@pytest.mark.asyncio
-async def test_hook_actors_from_ids():
-    # Without the hook should return default {"id": id} list
-    ds = Datasette()
-    await ds.invoke_startup()
-    db = ds.add_memory_database("actors_from_ids")
-    await db.execute_write(
-        "create table actors (id text primary key, name text, age int)"
-    )
-    await db.execute_write(
-        "insert into actors (id, name, age) values ('3', 'Cate Blanchett', 52)"
-    )
-    await db.execute_write(
-        "insert into actors (id, name, age) values ('5', 'Rooney Mara', 36)"
-    )
-    await db.execute_write(
-        "insert into actors (id, name, age) values ('7', 'Sarah Paulson', 46)"
-    )
-    await db.execute_write(
-        "insert into actors (id, name, age) values ('9', 'Helena Bonham Carter', 55)"
-    )
-    table_names = await db.table_names()
-    assert table_names == ["actors"]
-    actors1 = await ds.actors_from_ids(["3", "5", "7"])
-    assert actors1 == {
-        "3": {"id": "3"},
-        "5": {"id": "5"},
-        "7": {"id": "7"},
-    }
-
-    class ActorsFromIdsPlugin:
-        __name__ = "ActorsFromIdsPlugin"
-
-        @hookimpl
-        def actors_from_ids(self, datasette, actor_ids):
-            db = datasette.get_database("actors_from_ids")
-
-            async def inner():
-                sql = "select id, name from actors where id in ({})".format(
-                    ", ".join("?" for _ in actor_ids)
-                )
-                actors = {}
-                result = await db.execute(sql, actor_ids)
-                for row in result.rows:
-                    actor = dict(row)
-                    actors[actor["id"]] = actor
-                return actors
-
-            return inner
-
-    try:
-        ds.pm.register(ActorsFromIdsPlugin(), name="ActorsFromIdsPlugin")
-        actors2 = await ds.actors_from_ids(["3", "5", "7"])
-        assert actors2 == {
-            "3": {"id": "3", "name": "Cate Blanchett"},
-            "5": {"id": "5", "name": "Rooney Mara"},
-            "7": {"id": "7", "name": "Sarah Paulson"},
-        }
-    finally:
-        ds.pm.unregister(name="ReturnNothingPlugin")
-
-
-@pytest.mark.asyncio
-async def test_plugin_is_installed():
-    datasette = Datasette(memory=True)
-
-    class DummyPlugin:
-        __name__ = "DummyPlugin"
-
-        @hookimpl
-        def actors_from_ids(self, datasette, actor_ids):
-            return {}
-
-    try:
-        datasette.pm.register(DummyPlugin(), name="DummyPlugin")
-        response = await datasette.client.get("/-/plugins.json")
-        assert response.status_code == 200
-        installed_plugins = {p["name"] for p in response.json()}
-        assert "DummyPlugin" in installed_plugins
-
-    finally:
-        datasette.pm.unregister(name="DummyPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_jinja2_environment_from_request(tmpdir):
-    templates = pathlib.Path(tmpdir / "templates")
-    templates.mkdir()
-    (templates / "index.html").write_text("Hello museums!", "utf-8")
-
-    class EnvironmentPlugin:
-        @hookimpl
-        def jinja2_environment_from_request(self, request, env):
-            if request and request.host == "www.niche-museums.com":
-                return env.overlay(
-                    loader=ChoiceLoader(
-                        [
-                            FileSystemLoader(str(templates)),
-                            env.loader,
-                        ]
-                    ),
-                    enable_async=True,
-                )
-            return env
-
-    datasette = Datasette(memory=True)
-
-    try:
-        datasette.pm.register(EnvironmentPlugin(), name="EnvironmentPlugin")
-        response = await datasette.client.get("/")
-        assert response.status_code == 200
-        assert "Hello museums!" not in response.text
-        # Try again with the hostname
-        response2 = await datasette.client.get(
-            "/", headers={"host": "www.niche-museums.com"}
-        )
-        assert response2.status_code == 200
-        assert "Hello museums!" in response2.text
-    finally:
-        datasette.pm.unregister(name="EnvironmentPlugin")
-
-
-class SlotPlugin:
-    __name__ = "SlotPlugin"
-
-    @hookimpl
-    def top_homepage(self, request):
-        return "Xtop_homepage:" + request.args["z"]
-
-    @hookimpl
-    def top_database(self, request, database):
-        async def inner():
-            return "Xtop_database:{}:{}".format(database, request.args["z"])
-
-        return inner
-
-    @hookimpl
-    def top_table(self, request, database, table):
-        return "Xtop_table:{}:{}:{}".format(database, table, request.args["z"])
-
-    @hookimpl
-    def top_row(self, request, database, table, row):
-        return "Xtop_row:{}:{}:{}:{}".format(
-            database, table, row["name"], request.args["z"]
-        )
-
-    @hookimpl
-    def top_query(self, request, database, sql):
-        return "Xtop_query:{}:{}:{}".format(database, sql, request.args["z"])
-
-    @hookimpl
-    def top_stored_query(self, request, database, query_name):
-        return "Xtop_stored_query:{}:{}:{}".format(
-            database, query_name, request.args["z"]
-        )
-
-
-@pytest.mark.asyncio
-async def test_hook_top_homepage():
-    datasette = Datasette(memory=True)
-    try:
-        datasette.pm.register(SlotPlugin(), name="SlotPlugin")
-        response = await datasette.client.get("/?z=foo")
-        assert response.status_code == 200
-        assert "Xtop_homepage:foo" in response.text
-    finally:
-        datasette.pm.unregister(name="SlotPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_top_database():
-    datasette = Datasette(memory=True)
-    try:
-        datasette.pm.register(SlotPlugin(), name="SlotPlugin")
-        response = await datasette.client.get("/_memory?z=bar")
-        assert response.status_code == 200
-        assert "Xtop_database:_memory:bar" in response.text
-    finally:
-        datasette.pm.unregister(name="SlotPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_top_table(ds_client):
-    try:
-        ds_client.ds.pm.register(SlotPlugin(), name="SlotPlugin")
-        response = await ds_client.get("/fixtures/facetable?z=baz")
-        assert response.status_code == 200
-        assert "Xtop_table:fixtures:facetable:baz" in response.text
-    finally:
-        ds_client.ds.pm.unregister(name="SlotPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_top_row(ds_client):
-    try:
-        ds_client.ds.pm.register(SlotPlugin(), name="SlotPlugin")
-        response = await ds_client.get("/fixtures/facet_cities/1?z=bax")
-        assert response.status_code == 200
-        assert "Xtop_row:fixtures:facet_cities:San Francisco:bax" in response.text
-    finally:
-        ds_client.ds.pm.unregister(name="SlotPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_top_query(ds_client):
-    try:
-        pm.register(SlotPlugin(), name="SlotPlugin")
-        response = await ds_client.get("/fixtures/-/query?sql=select+1&z=x")
-        assert response.status_code == 200
-        assert "Xtop_query:fixtures:select 1:x" in response.text
-    finally:
-        pm.unregister(name="SlotPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_top_stored_query(ds_client):
-    try:
-        pm.register(SlotPlugin(), name="SlotPlugin")
-        response = await ds_client.get("/fixtures/magic_parameters?z=xyz")
-        assert response.status_code == 200
-        assert "Xtop_stored_query:fixtures:magic_parameters:xyz" in response.text
-    finally:
-        pm.unregister(name="SlotPlugin")
-
-
-@pytest.mark.asyncio
-async def test_hook_track_event():
-    datasette = Datasette(memory=True)
-    from .conftest import TrackEventPlugin
-
-    await datasette.invoke_startup()
-    await datasette.track_event(
-        TrackEventPlugin.OneEvent(actor=None, extra="extra extra")
-    )
-    assert len(datasette._tracked_events) == 1
-    assert isinstance(datasette._tracked_events[0], TrackEventPlugin.OneEvent)
-    event = datasette._tracked_events[0]
-    assert event.name == "one"
-    assert event.properties() == {"extra": "extra extra"}
-    # Should have a recent created as well
-    created = event.created
-    assert isinstance(created, datetime.datetime)
-    assert created.tzinfo == datetime.timezone.utc
-
-
-@pytest.mark.asyncio
-async def test_hook_register_events():
-    datasette = Datasette(memory=True)
-    await datasette.invoke_startup()
-    assert any(k.__name__ == "OneEvent" for k in datasette.event_classes)
-
-
-@pytest.mark.asyncio
-async def test_hook_register_token_handler(ds_client):
-    handlers = ds_client.ds._token_handlers()
-    handler_names = [h.name for h in handlers]
-    # Both the default signed handler and the test hardcoded handler
-    assert "signed" in handler_names
-    assert "hardcoded" in handler_names
-
-    # Create a token using the hardcoded handler (first registered from plugins dir)
-    token = await ds_client.ds.create_token("test-user")
-    assert token.startswith("dstok_hardcoded_token_")
-
-    # Verify it
-    actor = await ds_client.ds.verify_token(token)
-    assert actor["id"] == "hardcoded-actor"
-    assert actor["token"] == "hardcoded"
-
-    # Create a token by explicitly requesting the hardcoded handler by name
-    token2 = await ds_client.ds.create_token("test-user", handler="hardcoded")
-    assert token2.startswith("dstok_hardcoded_token_")
-    actor2 = await ds_client.ds.verify_token(token2)
-    assert actor2["id"] == "hardcoded-actor"
-
-    # Create a token by explicitly requesting the signed handler by name
-    signed_token = await ds_client.ds.create_token("test-user", handler="signed")
-    assert signed_token.startswith("dstok_")
-    assert not signed_token.startswith("dstok_hardcoded_token_")
-    signed_actor = await ds_client.ds.verify_token(signed_token)
-    assert signed_actor["id"] == "test-user"
-    assert signed_actor["token"] == "dstok"
-
-
-@pytest.mark.asyncio
-async def test_hook_write_wrapper():
-    datasette = Datasette(memory=True)
-    log = []
-
-    class WrapWritePlugin:
-        __name__ = "WrapWritePlugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            if database != "_memory":
-                return None
-
-            def wrapper(conn):
-                log.append("before")
-                yield
-                log.append("after")
-
-            return wrapper
-
-    pm.register(WrapWritePlugin(), name="WrapWritePluginTest")
-    try:
-        db = datasette.get_database("_memory")
-        await db.execute_write("create table t (id integer primary key)")
-        assert log == ["before", "after"]
-    finally:
-        pm.unregister(name="WrapWritePluginTest")
-
-
-@pytest.mark.asyncio
-async def test_hook_register_actions_view_collection():
-    datasette = Datasette(memory=True, plugins_dir=PLUGINS_DIR)
-    await datasette.invoke_startup()
-    # Check that the custom action from my_plugin.py is registered
-    assert "view-collection" in datasette.actions
-    action = datasette.actions["view-collection"]
-    assert action.abbr == "vc"
-    assert action.description == "View a collection"
-
-
-@pytest.mark.asyncio
-async def test_hook_register_actions_with_custom_resources():
-    """
-    Test registering actions with custom Resource classes:
-    - A global action (no resource)
-    - A parent-level action (DocumentCollectionResource)
-    - A child-level action (DocumentResource)
-    """
-    from datasette.permissions import Resource
-
-    # Define custom Resource classes
-    class DocumentCollectionResource(Resource):
-        """A collection of documents."""
-
-        name = "document_collection"
-        parent_class = None  # Top-level resource
-
-        def __init__(self, collection: str):
-            super().__init__(parent=collection, child=None)
-
-        @classmethod
-        async def resources_sql(cls, datasette, actor=None) -> str:
-            return """
-                SELECT 'collection1' AS parent, NULL AS child
-                UNION ALL
-                SELECT 'collection2' AS parent, NULL AS child
-            """
-
-    class DocumentResource(Resource):
-        """A document in a collection."""
-
-        name = "document"
-        parent_class = DocumentCollectionResource  # Child of DocumentCollectionResource
-
-        def __init__(self, collection: str, document: str):
-            super().__init__(parent=collection, child=document)
-
-        @classmethod
-        async def resources_sql(cls, datasette, actor=None) -> str:
-            return """
-                SELECT 'collection1' AS parent, 'doc1' AS child
-                UNION ALL
-                SELECT 'collection1' AS parent, 'doc2' AS child
-                UNION ALL
-                SELECT 'collection2' AS parent, 'doc3' AS child
-            """
-
-    # Define a test plugin that registers these actions
-    class TestPlugin:
-        __name__ = "test_custom_resources_plugin"
-
-        @hookimpl
-        def register_actions(self, datasette):
-            return [
-                # Global action - no resource_class
-                Action(
-                    name="manage-documents",
-                    abbr="md",
-                    description="Manage the document system",
-                ),
-                # Parent-level action - collection only
-                Action(
-                    name="view-document-collection",
-                    description="View a document collection",
-                    resource_class=DocumentCollectionResource,
-                ),
-                # Child-level action - collection + document
-                Action(
-                    name="view-document",
-                    abbr="vdoc",
-                    description="View a document",
-                    resource_class=DocumentResource,
-                ),
-            ]
-
-        @hookimpl
-        def permission_resources_sql(self, datasette, actor, action):
-            from datasette.permissions import PermissionSQL
-
-            # Grant user2 access to manage-documents globally
-            if actor and actor.get("id") == "user2" and action == "manage-documents":
-                return PermissionSQL.allow(reason="user2 granted manage-documents")
-
-            # Grant user2 access to view-document-collection globally
-            if (
-                actor
-                and actor.get("id") == "user2"
-                and action == "view-document-collection"
-            ):
-                return PermissionSQL.allow(
-                    reason="user2 granted view-document-collection"
-                )
-
-            # Default allow for view-document-collection (like other view-* actions)
-            if action == "view-document-collection":
-                return PermissionSQL.allow(
-                    reason="default allow for view-document-collection"
-                )
-
-            # Default allow for view-document (like other view-* actions)
-            if action == "view-document":
-                return PermissionSQL.allow(reason="default allow for view-document")
-
-    # Register the plugin temporarily
-    plugin = TestPlugin()
-    pm.register(plugin, name="test_custom_resources_plugin")
-
-    try:
-        # Create datasette instance and invoke startup
-        datasette = Datasette(memory=True)
-        await datasette.invoke_startup()
-
-        # Test global action
-        manage_docs = datasette.actions["manage-documents"]
-        assert manage_docs.name == "manage-documents"
-        assert manage_docs.abbr == "md"
-        assert manage_docs.resource_class is None
-        assert manage_docs.takes_parent is False
-        assert manage_docs.takes_child is False
-
-        # Test parent-level action
-        view_collection = datasette.actions["view-document-collection"]
-        assert view_collection.name == "view-document-collection"
-        assert view_collection.abbr is None
-        assert view_collection.resource_class is DocumentCollectionResource
-        assert view_collection.takes_parent is True
-        assert view_collection.takes_child is False
-
-        # Test child-level action
-        view_doc = datasette.actions["view-document"]
-        assert view_doc.name == "view-document"
-        assert view_doc.abbr == "vdoc"
-        assert view_doc.resource_class is DocumentResource
-        assert view_doc.takes_parent is True
-        assert view_doc.takes_child is True
-
-        # Verify the resource classes have correct hierarchy
-        assert DocumentCollectionResource.parent_class is None
-        assert DocumentResource.parent_class is DocumentCollectionResource
-
-        # Test that resources can be instantiated correctly
-        collection_resource = DocumentCollectionResource(collection="collection1")
-        assert collection_resource.parent == "collection1"
-        assert collection_resource.child is None
-
-        doc_resource = DocumentResource(collection="collection1", document="doc1")
-        assert doc_resource.parent == "collection1"
-        assert doc_resource.child == "doc1"
-
-        # Test permission checks with restricted actors
-
-        # Test 1: Global action - no restrictions (custom actions default to deny)
-        unrestricted_actor = {"id": "user1"}
-        allowed = await datasette.allowed(
-            action="manage-documents",
-            actor=unrestricted_actor,
-        )
-        assert allowed is False  # Custom actions have no default allow
-
-        # Test 2: Global action - user2 has explicit permission via plugin hook
-        restricted_global = {"id": "user2", "_r": {"a": ["md"]}}
-        allowed = await datasette.allowed(
-            action="manage-documents",
-            actor=restricted_global,
-        )
-        assert allowed is True  # Granted by plugin hook for user2
-
-        # Test 3: Global action - restricted but not in allowlist
-        restricted_no_access = {"id": "user3", "_r": {"a": ["vdc"]}}
-        allowed = await datasette.allowed(
-            action="manage-documents",
-            actor=restricted_no_access,
-        )
-        assert allowed is False  # Not in allowlist
-
-        # Test 4: Collection-level action - allowed for specific collection
-        collection_resource = DocumentCollectionResource(collection="collection1")
-        # This one does not have an abbreviation:
-        restricted_collection = {
-            "id": "user4",
-            "_r": {"d": {"collection1": ["view-document-collection"]}},
-        }
-        allowed = await datasette.allowed(
-            action="view-document-collection",
-            resource=collection_resource,
-            actor=restricted_collection,
-        )
-        assert allowed is True  # Allowed for collection1
-
-        # Test 5: Collection-level action - denied for different collection
-        collection2_resource = DocumentCollectionResource(collection="collection2")
-        allowed = await datasette.allowed(
-            action="view-document-collection",
-            resource=collection2_resource,
-            actor=restricted_collection,
-        )
-        assert allowed is False  # Not allowed for collection2
-
-        # Test 6: Document-level action - allowed for specific document
-        doc1_resource = DocumentResource(collection="collection1", document="doc1")
-        restricted_document = {
-            "id": "user5",
-            "_r": {"r": {"collection1": {"doc1": ["vdoc"]}}},
-        }
-        allowed = await datasette.allowed(
-            action="view-document",
-            resource=doc1_resource,
-            actor=restricted_document,
-        )
-        assert allowed is True  # Allowed for collection1/doc1
-
-        # Test 7: Document-level action - denied for different document
-        doc2_resource = DocumentResource(collection="collection1", document="doc2")
-        allowed = await datasette.allowed(
-            action="view-document",
-            resource=doc2_resource,
-            actor=restricted_document,
-        )
-        assert allowed is False  # Not allowed for collection1/doc2
-
-        # Test 8: Document-level action - globally allowed
-        doc_resource = DocumentResource(collection="collection2", document="doc3")
-        restricted_all_docs = {"id": "user6", "_r": {"a": ["vdoc"]}}
-        allowed = await datasette.allowed(
-            action="view-document",
-            resource=doc_resource,
-            actor=restricted_all_docs,
-        )
-        assert allowed is True  # Globally allowed for all documents
-
-        # Test 9: Verify hierarchy - collection access doesn't grant document access
-        collection_only_actor = {"id": "user7", "_r": {"d": {"collection1": ["vdc"]}}}
-        doc_resource = DocumentResource(collection="collection1", document="doc1")
-        allowed = await datasette.allowed(
-            action="view-document",
-            resource=doc_resource,
-            actor=collection_only_actor,
-        )
-        assert (
-            allowed is False
-        )  # Collection permission doesn't grant document permission
-
-    finally:
-        # Unregister the plugin
-        pm.unregister(plugin)
-
-
-@pytest.mark.skip(reason="TODO")
-@pytest.mark.parametrize(
-    "metadata,config,expected_metadata,expected_config",
-    (
-        (
-            # Instance level
-            {"plugins": {"datasette-foo": "bar"}},
-            {},
-            {},
-            {"plugins": {"datasette-foo": "bar"}},
-        ),
-        (
-            # Database level
-            {"databases": {"foo": {"plugins": {"datasette-foo": "bar"}}}},
-            {},
-            {},
-            {"databases": {"foo": {"plugins": {"datasette-foo": "bar"}}}},
-        ),
-        (
-            # Table level
-            {
-                "databases": {
-                    "foo": {"tables": {"bar": {"plugins": {"datasette-foo": "bar"}}}}
-                }
-            },
-            {},
-            {},
-            {
-                "databases": {
-                    "foo": {"tables": {"bar": {"plugins": {"datasette-foo": "bar"}}}}
-                }
-            },
-        ),
-        (
-            # Keep other keys
-            {"plugins": {"datasette-foo": "bar"}, "other": "key"},
-            {"original_config": "original"},
-            {"other": "key"},
-            {"original_config": "original", "plugins": {"datasette-foo": "bar"}},
-        ),
-    ),
-)
-def test_metadata_plugin_config_treated_as_config(
-    metadata, config, expected_metadata, expected_config
-):
-    ds = Datasette(metadata=metadata, config=config)
-    actual_metadata = ds.metadata()
-    assert "plugins" not in actual_metadata
-    assert actual_metadata == expected_metadata
-    assert ds.config == expected_config
-
-
-@pytest.mark.asyncio
-async def test_hook_register_column_types():
-    ds = Datasette()
-    await ds.invoke_startup()
-    # Built-in column types should be registered
-    assert "url" in ds._column_types
-    assert "email" in ds._column_types
-    assert "json" in ds._column_types
-    assert "nonexistent" not in ds._column_types
diff --git a/tests/test_publish_cloudrun.py b/tests/test_publish_cloudrun.py
index 6617bc77..b035ca86 100644
--- a/tests/test_publish_cloudrun.py
+++ b/tests/test_publish_cloudrun.py
@@ -2,22 +2,17 @@ from click.testing import CliRunner
 from datasette import cli
 from unittest import mock
 import json
-import os
-import pytest
-import textwrap
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
-def test_publish_cloudrun_requires_gcloud(mock_which, tmp_path_factory):
+def test_publish_cloudrun_requires_gcloud(mock_which):
     mock_which.return_value = False
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(cli.cli, ["publish", "cloudrun", "test.db"])
-    assert result.exit_code == 1
-    assert "Publishing to Google Cloud requires gcloud" in result.output
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["publish", "cloudrun", "test.db"])
+        assert result.exit_code == 1
+        assert "Publishing to Google Cloud requires gcloud" in result.output
 
 
 @mock.patch("shutil.which")
@@ -26,16 +21,15 @@ def test_publish_cloudrun_invalid_database(mock_which):
     runner = CliRunner()
     result = runner.invoke(cli.cli, ["publish", "cloudrun", "woop.db"])
     assert result.exit_code == 2
-    assert "Path 'woop.db' does not exist" in result.output
+    assert 'Path "woop.db" does not exist' in result.output
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.publish.cloudrun.check_output")
 @mock.patch("datasette.publish.cloudrun.check_call")
 @mock.patch("datasette.publish.cloudrun.get_existing_services")
 def test_publish_cloudrun_prompts_for_service(
-    mock_get_existing_services, mock_call, mock_output, mock_which, tmp_path_factory
+    mock_get_existing_services, mock_call, mock_output, mock_which
 ):
     mock_get_existing_services.return_value = [
         {"name": "existing", "created": "2019-01-01", "url": "http://www.example.com/"}
@@ -43,360 +37,117 @@ def test_publish_cloudrun_prompts_for_service(
     mock_output.return_value = "myproject"
     mock_which.return_value = True
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(
-        cli.cli, ["publish", "cloudrun", "test.db"], input="input-service"
-    )
-    assert (
-        "Please provide a service name for this deployment\n\n"
-        "Using an existing service name will over-write it\n\n"
-        "Your existing services:\n\n"
-        "  existing - created 2019-01-01 - http://www.example.com/\n\n"
-        "Service name: input-service"
-    ) == result.output.strip()
-    assert 0 == result.exit_code
-    tag = "us-docker.pkg.dev/myproject/datasette/datasette-input-service"
-    mock_call.assert_has_calls(
-        [
-            mock.call(
-                "gcloud services enable artifactregistry.googleapis.com --project myproject --quiet",
-                shell=True,
-            ),
-            mock.call(
-                "gcloud artifacts repositories describe datasette --project myproject --location us --quiet",
-                shell=True,
-            ),
-            mock.call(f"gcloud builds submit --tag {tag}", shell=True),
-            mock.call(
-                "gcloud run deploy --allow-unauthenticated --platform=managed --image {} input-service --max-instances 1".format(
-                    tag
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli, ["publish", "cloudrun", "test.db"], input="input-service"
+        )
+        assert (
+            """
+Please provide a service name for this deployment
+
+Using an existing service name will over-write it
+
+Your existing services:
+
+  existing - created 2019-01-01 - http://www.example.com/
+
+Service name: input-service
+""".strip()
+            == result.output.strip()
+        )
+        assert 0 == result.exit_code
+        tag = "gcr.io/myproject/datasette"
+        mock_call.assert_has_calls(
+            [
+                mock.call("gcloud builds submit --tag {}".format(tag), shell=True),
+                mock.call(
+                    "gcloud run deploy --allow-unauthenticated --platform=managed --image {} input-service".format(
+                        tag
+                    ),
+                    shell=True,
                 ),
-                shell=True,
-            ),
-        ]
-    )
+            ]
+        )
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.publish.cloudrun.check_output")
 @mock.patch("datasette.publish.cloudrun.check_call")
-def test_publish_cloudrun(mock_call, mock_output, mock_which, tmp_path_factory):
+def test_publish_cloudrun(mock_call, mock_output, mock_which):
     mock_output.return_value = "myproject"
     mock_which.return_value = True
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(
-        cli.cli, ["publish", "cloudrun", "test.db", "--service", "test"]
-    )
-    assert 0 == result.exit_code
-    tag = f"us-docker.pkg.dev/{mock_output.return_value}/datasette/datasette-test"
-    mock_call.assert_has_calls(
-        [
-            mock.call(
-                f"gcloud services enable artifactregistry.googleapis.com --project {mock_output.return_value} --quiet",
-                shell=True,
-            ),
-            mock.call(
-                f"gcloud artifacts repositories describe datasette --project {mock_output.return_value} --location us --quiet",
-                shell=True,
-            ),
-            mock.call(f"gcloud builds submit --tag {tag}", shell=True),
-            mock.call(
-                "gcloud run deploy --allow-unauthenticated --platform=managed --image {} test --max-instances 1".format(
-                    tag
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli, ["publish", "cloudrun", "test.db", "--service", "test"]
+        )
+        assert 0 == result.exit_code
+        tag = "gcr.io/{}/datasette".format(mock_output.return_value)
+        mock_call.assert_has_calls(
+            [
+                mock.call("gcloud builds submit --tag {}".format(tag), shell=True),
+                mock.call(
+                    "gcloud run deploy --allow-unauthenticated --platform=managed --image {} test".format(
+                        tag
+                    ),
+                    shell=True,
                 ),
-                shell=True,
-            ),
-        ]
-    )
+            ]
+        )
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.publish.cloudrun.check_output")
 @mock.patch("datasette.publish.cloudrun.check_call")
-@pytest.mark.parametrize(
-    "memory,cpu,timeout,min_instances,max_instances,expected_gcloud_args",
-    [
-        ["1Gi", None, None, None, None, "--memory 1Gi"],
-        ["2G", None, None, None, None, "--memory 2G"],
-        ["256Mi", None, None, None, None, "--memory 256Mi"],
-        [
-            "4",
-            None,
-            None,
-            None,
-            None,
-            None,
-        ],
-        [
-            "GB",
-            None,
-            None,
-            None,
-            None,
-            None,
-        ],
-        [None, 1, None, None, None, "--cpu 1"],
-        [None, 2, None, None, None, "--cpu 2"],
-        [None, 3, None, None, None, None],
-        [None, 4, None, None, None, "--cpu 4"],
-        ["2G", 4, None, None, None, "--memory 2G --cpu 4"],
-        [None, None, 1800, None, None, "--timeout 1800"],
-        [None, None, None, 2, None, "--min-instances 2"],
-        [None, None, None, 2, 4, "--min-instances 2 --max-instances 4"],
-        [None, 2, None, None, 4, "--cpu 2 --max-instances 4"],
-    ],
-)
-def test_publish_cloudrun_memory_cpu(
-    mock_call,
-    mock_output,
-    mock_which,
-    memory,
-    cpu,
-    timeout,
-    min_instances,
-    max_instances,
-    expected_gcloud_args,
-    tmp_path_factory,
-):
-    mock_output.return_value = "myproject"
-    mock_which.return_value = True
-    runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    args = ["publish", "cloudrun", "test.db", "--service", "test"]
-    if memory:
-        args.extend(["--memory", memory])
-    if cpu:
-        args.extend(["--cpu", str(cpu)])
-    if timeout:
-        args.extend(["--timeout", str(timeout)])
-    result = runner.invoke(cli.cli, args)
-    if expected_gcloud_args is None:
-        assert 2 == result.exit_code
-        return
-    assert 0 == result.exit_code
-    tag = f"us-docker.pkg.dev/{mock_output.return_value}/datasette/datasette-test"
-    expected_call = (
-        "gcloud run deploy --allow-unauthenticated --platform=managed"
-        " --image {} test".format(tag)
-    )
-    expected_build_call = f"gcloud builds submit --tag {tag}"
-    if memory:
-        expected_call += " --memory {}".format(memory)
-    if cpu:
-        expected_call += " --cpu {}".format(cpu)
-    if timeout:
-        expected_build_call += f" --timeout {timeout}"
-    # max_instances defaults to 1
-    expected_call += " --max-instances 1"
-    mock_call.assert_has_calls(
-        [
-            mock.call(
-                f"gcloud services enable artifactregistry.googleapis.com --project {mock_output.return_value} --quiet",
-                shell=True,
-            ),
-            mock.call(
-                f"gcloud artifacts repositories describe datasette --project {mock_output.return_value} --location us --quiet",
-                shell=True,
-            ),
-            mock.call(expected_build_call, shell=True),
-            mock.call(
-                expected_call,
-                shell=True,
-            ),
-        ]
-    )
-
-
-@pytest.mark.serial
-@mock.patch("shutil.which")
-@mock.patch("datasette.publish.cloudrun.check_output")
-@mock.patch("datasette.publish.cloudrun.check_call")
-def test_publish_cloudrun_plugin_secrets(
-    mock_call, mock_output, mock_which, tmp_path_factory
-):
+def test_publish_cloudrun_plugin_secrets(mock_call, mock_output, mock_which):
     mock_which.return_value = True
     mock_output.return_value = "myproject"
 
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    with open("metadata.yml", "w") as fp:
-        fp.write(textwrap.dedent("""
-            title: Hello from metadata YAML
-            plugins:
-              datasette-auth-github:
-                foo: bar
-            """).strip())
-    result = runner.invoke(
-        cli.cli,
-        [
-            "publish",
-            "cloudrun",
-            "test.db",
-            "--metadata",
-            "metadata.yml",
-            "--service",
-            "datasette",
-            "--plugin-secret",
-            "datasette-auth-github",
-            "client_id",
-            "x-client-id",
-            "--show-files",
-            "--secret",
-            "x-secret",
-        ],
-    )
-    assert result.exit_code == 0
-    dockerfile = (
-        result.output.split("==== Dockerfile ====\n")[1]
-        .split("\n====================\n")[0]
-        .strip()
-    )
-    expected = textwrap.dedent(
-        r"""
-    FROM python:3.11.0-slim-bullseye
-    COPY . /app
-    WORKDIR /app
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli,
+            [
+                "publish",
+                "cloudrun",
+                "test.db",
+                "--service",
+                "datasette",
+                "--plugin-secret",
+                "datasette-auth-github",
+                "client_id",
+                "x-client-id",
+                "--show-files",
+            ],
+        )
+        dockerfile = (
+            result.output.split("==== Dockerfile ====\n")[1]
+            .split("\n====================\n")[0]
+            .strip()
+        )
+        expected = """FROM python:3.8
+COPY . /app
+WORKDIR /app
 
-    ENV DATASETTE_AUTH_GITHUB_CLIENT_ID 'x-client-id'
-    ENV DATASETTE_SECRET 'x-secret'
-    RUN pip install -U datasette
-    RUN datasette inspect test.db --inspect-file inspect-data.json
-    ENV PORT 8001
-    EXPOSE 8001
-    CMD datasette serve --host 0.0.0.0 -i test.db --cors --inspect-file inspect-data.json --metadata metadata.json --setting force_https_urls on --port $PORT"""
-    ).strip()
-    assert expected == dockerfile
-    metadata = (
-        result.output.split("=== metadata.json ===\n")[1]
-        .split("\n==== Dockerfile ====\n")[0]
-        .strip()
-    )
-    assert {
-        "title": "Hello from metadata YAML",
-        "plugins": {
-            "datasette-auth-github": {
-                "client_id": {"$env": "DATASETTE_AUTH_GITHUB_CLIENT_ID"},
-                "foo": "bar",
-            },
-        },
-    } == json.loads(metadata)
-
-
-@pytest.mark.serial
-@mock.patch("shutil.which")
-@mock.patch("datasette.publish.cloudrun.check_output")
-@mock.patch("datasette.publish.cloudrun.check_call")
-def test_publish_cloudrun_apt_get_install(
-    mock_call, mock_output, mock_which, tmp_path_factory
-):
-    mock_which.return_value = True
-    mock_output.return_value = "myproject"
-
-    runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(
-        cli.cli,
-        [
-            "publish",
-            "cloudrun",
-            "test.db",
-            "--service",
-            "datasette",
-            "--show-files",
-            "--secret",
-            "x-secret",
-            "--apt-get-install",
-            "ripgrep",
-            "--spatialite",
-        ],
-    )
-    assert result.exit_code == 0
-    dockerfile = (
-        result.output.split("==== Dockerfile ====\n")[1]
-        .split("\n====================\n")[0]
-        .strip()
-    )
-    expected = textwrap.dedent(r"""
-    FROM python:3.11.0-slim-bullseye
-    COPY . /app
-    WORKDIR /app
-
-    RUN apt-get update && \
-        apt-get install -y ripgrep python3-dev gcc libsqlite3-mod-spatialite && \
-        rm -rf /var/lib/apt/lists/*
-
-    ENV DATASETTE_SECRET 'x-secret'
-    ENV SQLITE_EXTENSIONS '/usr/lib/x86_64-linux-gnu/mod_spatialite.so'
-    RUN pip install -U datasette
-    RUN datasette inspect test.db --inspect-file inspect-data.json
-    ENV PORT 8001
-    EXPOSE 8001
-    CMD datasette serve --host 0.0.0.0 -i test.db --cors --inspect-file inspect-data.json --setting force_https_urls on --port $PORT
-    """).strip()
-    assert expected == dockerfile
-
-
-@pytest.mark.serial
-@mock.patch("shutil.which")
-@mock.patch("datasette.publish.cloudrun.check_output")
-@mock.patch("datasette.publish.cloudrun.check_call")
-@pytest.mark.parametrize(
-    "extra_options,expected",
-    [
-        ("", "--setting force_https_urls on"),
-        (
-            "--setting base_url /foo",
-            "--setting base_url /foo --setting force_https_urls on",
-        ),
-        ("--setting force_https_urls off", "--setting force_https_urls off"),
-    ],
-)
-def test_publish_cloudrun_extra_options(
-    mock_call, mock_output, mock_which, extra_options, expected, tmp_path_factory
-):
-    mock_which.return_value = True
-    mock_output.return_value = "myproject"
-
-    runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(
-        cli.cli,
-        [
-            "publish",
-            "cloudrun",
-            "test.db",
-            "--service",
-            "datasette",
-            "--show-files",
-            "--extra-options",
-            extra_options,
-        ],
-    )
-    assert result.exit_code == 0
-    dockerfile = (
-        result.output.split("==== Dockerfile ====\n")[1]
-        .split("\n====================\n")[0]
-        .strip()
-    )
-    last_line = dockerfile.split("\n")[-1]
-    extra_options = (
-        last_line.split("--inspect-file inspect-data.json")[1]
-        .split("--port")[0]
-        .strip()
-    )
-    assert extra_options == expected
+ENV DATASETTE_AUTH_GITHUB_CLIENT_ID 'x-client-id'
+RUN pip install -U datasette
+RUN datasette inspect test.db --inspect-file inspect-data.json
+ENV PORT 8001
+EXPOSE 8001
+CMD datasette serve --host 0.0.0.0 -i test.db --cors --inspect-file inspect-data.json --metadata metadata.json --port $PORT""".strip()
+        assert expected == dockerfile
+        metadata = (
+            result.output.split("=== metadata.json ===\n")[1]
+            .split("\n==== Dockerfile ====\n")[0]
+            .strip()
+        )
+        assert {
+            "plugins": {
+                "datasette-auth-github": {
+                    "client_id": {"$env": "DATASETTE_AUTH_GITHUB_CLIENT_ID"}
+                }
+            }
+        } == json.loads(metadata)
diff --git a/tests/test_publish_heroku.py b/tests/test_publish_heroku.py
index cab83654..87386e93 100644
--- a/tests/test_publish_heroku.py
+++ b/tests/test_publish_heroku.py
@@ -1,39 +1,30 @@
 from click.testing import CliRunner
 from datasette import cli
 from unittest import mock
-import os
-import pathlib
-import pytest
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
-def test_publish_heroku_requires_heroku(mock_which, tmp_path_factory):
+def test_publish_heroku_requires_heroku(mock_which):
     mock_which.return_value = False
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(cli.cli, ["publish", "heroku", "test.db"])
-    assert result.exit_code == 1
-    assert "Publishing to Heroku requires heroku" in result.output
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["publish", "heroku", "test.db"])
+        assert result.exit_code == 1
+        assert "Publishing to Heroku requires heroku" in result.output
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.publish.heroku.check_output")
 @mock.patch("datasette.publish.heroku.call")
-def test_publish_heroku_installs_plugin(
-    mock_call, mock_check_output, mock_which, tmp_path_factory
-):
+def test_publish_heroku_installs_plugin(mock_call, mock_check_output, mock_which):
     mock_which.return_value = True
     mock_check_output.side_effect = lambda s: {"['heroku', 'plugins']": b""}[repr(s)]
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("t.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(cli.cli, ["publish", "heroku", "t.db"], input="y\n")
-    assert 0 != result.exit_code
+    with runner.isolated_filesystem():
+        open("t.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["publish", "heroku", "t.db"], input="y\n")
+        assert 0 != result.exit_code
     mock_check_output.assert_has_calls(
         [mock.call(["heroku", "plugins"]), mock.call(["heroku", "apps:list", "--json"])]
     )
@@ -48,14 +39,13 @@ def test_publish_heroku_invalid_database(mock_which):
     runner = CliRunner()
     result = runner.invoke(cli.cli, ["publish", "heroku", "woop.db"])
     assert result.exit_code == 2
-    assert "Path 'woop.db' does not exist" in result.output
+    assert 'Path "woop.db" does not exist' in result.output
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.publish.heroku.check_output")
 @mock.patch("datasette.publish.heroku.call")
-def test_publish_heroku(mock_call, mock_check_output, mock_which, tmp_path_factory):
+def test_publish_heroku(mock_call, mock_check_output, mock_which):
     mock_which.return_value = True
     mock_check_output.side_effect = lambda s: {
         "['heroku', 'plugins']": b"heroku-builds",
@@ -63,35 +53,24 @@ def test_publish_heroku(mock_call, mock_check_output, mock_which, tmp_path_facto
         "['heroku', 'apps:create', 'datasette', '--json']": b'{"name": "f"}',
     }[repr(s)]
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(cli.cli, ["publish", "heroku", "test.db", "--tar", "gtar"])
-    assert 0 == result.exit_code, result.output
-    mock_call.assert_has_calls(
-        [
-            mock.call(
-                [
-                    "heroku",
-                    "builds:create",
-                    "-a",
-                    "f",
-                    "--include-vcs-ignore",
-                    "--tar",
-                    "gtar",
-                ]
-            ),
-        ]
-    )
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["publish", "heroku", "test.db"])
+        assert 0 == result.exit_code, result.output
+        mock_call.assert_has_calls(
+            [
+                mock.call(["heroku", "config:set", "-a", "f", "WEB_CONCURRENCY=1",]),
+                mock.call(
+                    ["heroku", "builds:create", "-a", "f", "--include-vcs-ignore"]
+                ),
+            ]
+        )
 
 
-@pytest.mark.serial
 @mock.patch("shutil.which")
 @mock.patch("datasette.publish.heroku.check_output")
 @mock.patch("datasette.publish.heroku.call")
-def test_publish_heroku_plugin_secrets(
-    mock_call, mock_check_output, mock_which, tmp_path_factory
-):
+def test_publish_heroku_plugin_secrets(mock_call, mock_check_output, mock_which):
     mock_which.return_value = True
     mock_check_output.side_effect = lambda s: {
         "['heroku', 'plugins']": b"heroku-builds",
@@ -99,85 +78,34 @@ def test_publish_heroku_plugin_secrets(
         "['heroku', 'apps:create', 'datasette', '--json']": b'{"name": "f"}',
     }[repr(s)]
     runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    result = runner.invoke(
-        cli.cli,
-        [
-            "publish",
-            "heroku",
-            "test.db",
-            "--plugin-secret",
-            "datasette-auth-github",
-            "client_id",
-            "x-client-id",
-        ],
-    )
-    assert 0 == result.exit_code, result.output
-    mock_call.assert_has_calls(
-        [
-            mock.call(
-                [
-                    "heroku",
-                    "config:set",
-                    "-a",
-                    "f",
-                    "DATASETTE_AUTH_GITHUB_CLIENT_ID=x-client-id",
-                ]
-            ),
-            mock.call(["heroku", "builds:create", "-a", "f", "--include-vcs-ignore"]),
-        ]
-    )
-
-
-@pytest.mark.serial
-@mock.patch("shutil.which")
-@mock.patch("datasette.publish.heroku.check_output")
-@mock.patch("datasette.publish.heroku.call")
-def test_publish_heroku_generate_dir(
-    mock_call, mock_check_output, mock_which, tmp_path_factory
-):
-    mock_which.return_value = True
-    mock_check_output.side_effect = lambda s: {
-        "['heroku', 'plugins']": b"heroku-builds",
-    }[repr(s)]
-    runner = CliRunner()
-    os.chdir(tmp_path_factory.mktemp("runner"))
-    with open("test.db", "w") as fp:
-        fp.write("data")
-    output = str(tmp_path_factory.mktemp("generate_dir") / "output")
-    result = runner.invoke(
-        cli.cli,
-        [
-            "publish",
-            "heroku",
-            "test.db",
-            "--generate-dir",
-            output,
-        ],
-    )
-    assert result.exit_code == 0
-    path = pathlib.Path(output)
-    assert path.exists()
-    file_names = {str(r.relative_to(path)) for r in path.glob("*")}
-    assert file_names == {
-        "requirements.txt",
-        "bin",
-        "runtime.txt",
-        "Procfile",
-        "test.db",
-    }
-    for name, expected in (
-        ("requirements.txt", "datasette"),
-        ("runtime.txt", "python-3.11.0"),
-        (
-            "Procfile",
-            (
-                "web: datasette serve --host 0.0.0.0 -i test.db "
-                "--cors --port $PORT --inspect-file inspect-data.json"
-            ),
-        ),
-    ):
-        with open(path / name) as fp:
-            assert fp.read().strip() == expected
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli,
+            [
+                "publish",
+                "heroku",
+                "test.db",
+                "--plugin-secret",
+                "datasette-auth-github",
+                "client_id",
+                "x-client-id",
+            ],
+        )
+        assert 0 == result.exit_code, result.output
+        mock_call.assert_has_calls(
+            [
+                mock.call(
+                    [
+                        "heroku",
+                        "config:set",
+                        "-a",
+                        "f",
+                        "DATASETTE_AUTH_GITHUB_CLIENT_ID=x-client-id",
+                    ]
+                ),
+                mock.call(
+                    ["heroku", "builds:create", "-a", "f", "--include-vcs-ignore"]
+                ),
+            ]
+        )
diff --git a/tests/test_publish_now.py b/tests/test_publish_now.py
new file mode 100644
index 00000000..27fd1245
--- /dev/null
+++ b/tests/test_publish_now.py
@@ -0,0 +1,163 @@
+from click.testing import CliRunner
+from datasette import cli
+from unittest import mock
+import json
+import subprocess
+
+
+@mock.patch("shutil.which")
+def test_publish_now_requires_now(mock_which):
+    mock_which.return_value = False
+    runner = CliRunner()
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["publish", "nowv1", "test.db"])
+        assert result.exit_code == 1
+        assert "Publishing to Zeit Now requires now" in result.output
+
+
+@mock.patch("shutil.which")
+def test_publish_now_invalid_database(mock_which):
+    mock_which.return_value = True
+    runner = CliRunner()
+    result = runner.invoke(cli.cli, ["publish", "nowv1", "woop.db"])
+    assert result.exit_code == 2
+    assert 'Path "woop.db" does not exist' in result.output
+
+
+@mock.patch("shutil.which")
+def test_publish_now_using_now_alias(mock_which):
+    mock_which.return_value = True
+    result = CliRunner().invoke(cli.cli, ["publish", "now", "woop.db"])
+    assert result.exit_code == 2
+
+
+@mock.patch("shutil.which")
+@mock.patch("datasette.publish.now.run")
+def test_publish_now(mock_run, mock_which):
+    mock_which.return_value = True
+    runner = CliRunner()
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(cli.cli, ["publish", "nowv1", "test.db"])
+        assert 0 == result.exit_code
+        mock_run.assert_called_once_with("now", stdout=subprocess.PIPE)
+
+
+@mock.patch("shutil.which")
+@mock.patch("datasette.publish.now.run")
+def test_publish_now_force_token(mock_run, mock_which):
+    mock_which.return_value = True
+    runner = CliRunner()
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli, ["publish", "nowv1", "test.db", "--force", "--token=X"]
+        )
+        assert 0 == result.exit_code
+        mock_run.assert_called_once_with(
+            ["now", "--force", "--token=X"], stdout=subprocess.PIPE
+        )
+
+
+@mock.patch("shutil.which")
+@mock.patch("datasette.publish.now.run")
+def test_publish_now_multiple_aliases(mock_run, mock_which):
+    mock_which.return_value = True
+    mock_run.return_value = mock.Mock(0)
+    mock_run.return_value.stdout = b"https://demo.example.com/"
+    runner = CliRunner()
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        runner.invoke(
+            cli.cli,
+            [
+                "publish",
+                "now",
+                "test.db",
+                "--token",
+                "XXX",
+                "--alias",
+                "alias1",
+                "--alias",
+                "alias2",
+            ],
+        )
+        mock_run.assert_has_calls(
+            [
+                mock.call(["now", "--token=XXX"], stdout=subprocess.PIPE),
+                mock.call(
+                    [
+                        "now",
+                        "alias",
+                        b"https://demo.example.com/",
+                        "alias1",
+                        "--token=XXX",
+                    ]
+                ),
+                mock.call(
+                    [
+                        "now",
+                        "alias",
+                        b"https://demo.example.com/",
+                        "alias2",
+                        "--token=XXX",
+                    ]
+                ),
+            ]
+        )
+
+
+@mock.patch("shutil.which")
+@mock.patch("datasette.publish.now.run")
+def test_publish_now_plugin_secrets(mock_run, mock_which):
+    mock_which.return_value = True
+    mock_run.return_value = mock.Mock(0)
+    mock_run.return_value.stdout = b"https://demo.example.com/"
+
+    runner = CliRunner()
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli,
+            [
+                "publish",
+                "now",
+                "test.db",
+                "--token",
+                "XXX",
+                "--plugin-secret",
+                "datasette-auth-github",
+                "client_id",
+                "x-client-id",
+                "--show-files",
+            ],
+        )
+        dockerfile = (
+            result.output.split("==== Dockerfile ====\n")[1]
+            .split("\n====================\n")[0]
+            .strip()
+        )
+        expected = """FROM python:3.8
+COPY . /app
+WORKDIR /app
+
+ENV DATASETTE_AUTH_GITHUB_CLIENT_ID 'x-client-id'
+RUN pip install -U datasette
+RUN datasette inspect test.db --inspect-file inspect-data.json
+ENV PORT 8001
+EXPOSE 8001
+CMD datasette serve --host 0.0.0.0 -i test.db --cors --inspect-file inspect-data.json --metadata metadata.json --config force_https_urls:on --port $PORT""".strip()
+        assert expected == dockerfile
+        metadata = (
+            result.output.split("=== metadata.json ===\n")[1]
+            .split("\n==== Dockerfile ====\n")[0]
+            .strip()
+        )
+        assert {
+            "plugins": {
+                "datasette-auth-github": {
+                    "client_id": {"$env": "DATASETTE_AUTH_GITHUB_CLIENT_ID"}
+                }
+            }
+        } == json.loads(metadata)
diff --git a/tests/test_pytest_autoclose_plugin.py b/tests/test_pytest_autoclose_plugin.py
deleted file mode 100644
index 3af1aace..00000000
--- a/tests/test_pytest_autoclose_plugin.py
+++ /dev/null
@@ -1,91 +0,0 @@
-"""
-Tests for datasette._pytest_plugin — the pytest plugin that auto-closes
-Datasette instances constructed inside test bodies.
-
-These tests drive a real pytest session in a subprocess so the plugin
-operates exactly as it would for a downstream consumer.
-"""
-
-import subprocess
-import sys
-import textwrap
-from pathlib import Path
-
-REPO_ROOT = Path(__file__).parent.parent
-
-
-def _run_pytest(tmp_path: Path) -> subprocess.CompletedProcess:
-    return subprocess.run(
-        [sys.executable, "-m", "pytest", "-v", str(tmp_path)],
-        cwd=str(tmp_path),
-        capture_output=True,
-        text=True,
-    )
-
-
-def test_auto_close_of_instances_made_in_test_body(tmp_path):
-    # Two ordered tests:
-    #   test_a makes a Datasette() and stashes a hard reference
-    #   test_b asserts that the hard-reffed instance was closed by the plugin
-    (tmp_path / "test_sample.py").write_text(textwrap.dedent("""
-            from datasette.app import Datasette
-
-            _stash = {}
-
-            def test_a():
-                ds = Datasette(memory=True)
-                _stash["ds"] = ds
-                assert ds._closed is False
-
-            def test_b():
-                assert _stash["ds"]._closed is True
-            """))
-    result = _run_pytest(tmp_path)
-    assert result.returncode == 0, result.stdout + result.stderr
-
-
-def test_fixture_scoped_instance_is_not_closed(tmp_path):
-    # A module-scoped fixture instance must survive across tests in the module.
-    (tmp_path / "test_fixture.py").write_text(textwrap.dedent("""
-            import pytest
-            from datasette.app import Datasette
-
-            @pytest.fixture(scope="module")
-            def ds():
-                return Datasette(memory=True)
-
-            def test_first(ds):
-                assert ds._closed is False
-
-            def test_second(ds):
-                # Still alive because the plugin only tracks instances
-                # constructed during pytest_runtest_call, not during fixture
-                # setup.
-                assert ds._closed is False
-            """))
-    result = _run_pytest(tmp_path)
-    assert result.returncode == 0, result.stdout + result.stderr
-
-
-def test_opt_out_via_ini(tmp_path):
-    # datasette_autoclose = false should leave instances untouched.
-    (tmp_path / "pytest.ini").write_text(textwrap.dedent("""
-            [pytest]
-            datasette_autoclose = false
-            """).strip())
-    (tmp_path / "test_optout.py").write_text(textwrap.dedent("""
-            from datasette.app import Datasette
-
-            _stash = {}
-
-            def test_a():
-                ds = Datasette(memory=True)
-                _stash["ds"] = ds
-
-            def test_b():
-                # Opt-out: plugin must not have closed it.
-                assert _stash["ds"]._closed is False
-                _stash["ds"].close()
-            """))
-    result = _run_pytest(tmp_path)
-    assert result.returncode == 0, result.stdout + result.stderr
diff --git a/tests/test_queries.py b/tests/test_queries.py
deleted file mode 100644
index b757f221..00000000
--- a/tests/test_queries.py
+++ /dev/null
@@ -1,3596 +0,0 @@
-import json
-import re
-from html import unescape
-
-import pytest
-from bs4 import BeautifulSoup as Soup
-
-from datasette.app import Datasette
-from datasette.resources import DatabaseResource, QueryResource
-from datasette.stored_queries import StoredQuery, StoredQueryPage
-from datasette.utils.asgi import Forbidden
-from datasette.utils.sqlite import sqlite3, supports_returning
-
-requires_sqlite_returning = pytest.mark.skipif(
-    not supports_returning(), reason="SQLite does not support RETURNING"
-)
-EXPECTED_CREATE_TABLE_TEMPLATE_SQL = "\n".join(
-    (
-        "create table new_table (",
-        "  id integer primary key,",
-        "  name text",
-        "  -- created text default (datetime('now'))",
-        ")",
-    )
-)
-
-
-def _template_option_attributes(html, table):
-    match = re.search(r'
    ' in flags_response.text
-    assert '' in flags_response.text
-    assert '' not in flags_response.text
-    assert 'class="query-list-owner">root' in flags_response.text
-    assert 'class="query-list-pill">Read-only' in flags_response.text
-    assert (
-        'class="query-list-pill query-list-pill-write">Writable'
-        in flags_response.text
-    )
-    assert (
-        'class="query-list-pill query-list-pill-private">Private'
-        in flags_response.text
-    )
-    assert (
-        'class="query-list-pill query-list-pill-trusted">Trusted'
-        in flags_response.text
-    )
-    assert (
-        'href="/data/-/queries?is_write=0">Read-only5'
-        in flags_response.text
-    )
-    assert (
-        'href="/data/-/queries?is_write=1">Writable1'
-        in flags_response.text
-    )
-    assert (
-        'href="/data/-/queries?is_private=0">Not private5'
-        in flags_response.text
-    )
-    assert (
-        'href="/data/-/queries?is_private=1">Private1'
-        in flags_response.text
-    )
-    assert "Only the owning actor can view this query." in flags_response.text
-    assert (
-        "Execution skips the usual SQL and write permission checks"
-        in flags_response.text
-    )
-    assert json_response.json()["queries"][0]["name"] == "demo_query_02"
-    assert [query["name"] for query in filtered_response.json()["queries"]] == [
-        "private_query"
-    ]
-    assert "Writable query" in filtered_write_response.text
-    assert "Demo query 01" not in filtered_write_response.text
-    assert (
-        'query-list-facet-link query-list-facet-link-active" href="/data/-/queries"'
-        in filtered_write_response.text
-    )
-    assert (
-        'Read-only0'
-        not in filtered_write_response.text
-    )
-    assert (
-        'href="/data/-/queries?is_write=1&is_private=0">Not private1'
-        in filtered_write_response.text
-    )
-    assert (
-        'Private0'
-        not in filtered_write_response.text
-    )
-    assert "Private query" in filtered_private_response.text
-    assert "Demo query 01" not in filtered_private_response.text
-    assert (
-        'href="/data/-/queries?is_private=1&is_write=0">Read-only1'
-        in filtered_private_response.text
-    )
-    assert (
-        'Writable0'
-        not in filtered_private_response.text
-    )
-    assert (
-        'Not private0'
-        not in filtered_private_response.text
-    )
-    assert no_results_response.status_code == 200
-    assert "No queries found." in no_results_response.text
-    assert 'class="query-list-filters core"' not in no_results_response.text
-    assert 'id="query-search"' not in no_results_response.text
-    assert 'class="query-list-facets"' not in no_results_response.text
-    assert "
    Mode
    " not in no_results_response.text
-    assert "
    Visibility
    " not in no_results_response.text
-
-
-@pytest.mark.asyncio
-async def test_query_list_html_defaults_to_twenty_and_shows_pagination():
-    ds = Datasette(memory=True)
-    ds.root_enabled = True
-    ds.add_memory_database("query_list_html_pagination", name="data")
-    await ds.invoke_startup()
-    await add_numbered_queries(ds, "data", 25)
-
-    response = await ds.client.get("/data/-/queries", actor={"id": "root"})
-    json_response = await ds.client.get("/data/-/queries.json", actor={"id": "root"})
-
-    assert response.status_code == 200
-    assert response.text.count('aria-label="Query pagination"') == 1
-    assert "Demo query 20" in response.text
-    assert "Demo query 21" not in response.text
-    assert 'href="/data/-/queries?_next=' in response.text
-    assert len(json_response.json()["queries"]) == 25
-
-
-@pytest.mark.asyncio
-async def test_global_query_list_api_and_html():
-    ds = Datasette(memory=True)
-    ds.root_enabled = True
-    ds.add_memory_database("query_list_global_alpha", name="alpha")
-    ds.add_memory_database("query_list_global_beta", name="beta")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "alpha",
-        "alpha_first",
-        "select 1",
-        title="Alpha first",
-        source="user",
-        owner_id="root",
-    )
-    await ds.add_query(
-        "alpha",
-        "alpha_second",
-        "select 2",
-        title="Alpha second",
-        source="user",
-        owner_id="root",
-    )
-    await ds.add_query(
-        "beta",
-        "beta_first",
-        "select 3",
-        title="Beta first",
-        source="user",
-        owner_id="root",
-    )
-
-    list_response = await ds.client.get(
-        "/-/queries.json?_size=2",
-        actor={"id": "root"},
-    )
-    next_response = await ds.client.get(
-        "/-/queries.json?_size=2&_next={}".format(list_response.json()["next"]),
-        actor={"id": "root"},
-    )
-    html_response = await ds.client.get(
-        "/-/queries?q=Beta",
-        actor={"id": "root"},
-    )
-
-    assert list_response.status_code == 200
-    assert [
-        (query["database"], query["name"]) for query in list_response.json()["queries"]
-    ] == [
-        ("alpha", "alpha_first"),
-        ("alpha", "alpha_second"),
-    ]
-    assert list_response.json()["next"]
-    assert [
-        (query["database"], query["name"]) for query in next_response.json()["queries"]
-    ] == [
-        ("beta", "beta_first"),
-    ]
-    assert html_response.status_code == 200
-    assert '    ' in html_response.text
-    assert 'class="query-list-database" href="/beta">beta' in html_response.text
-    assert "Beta first" in html_response.text
-    assert "Alpha first" not in html_response.text
-
-
-@pytest.mark.asyncio
-async def test_query_store_api_rejects_is_trusted():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-sql": {"id": "writer"},
-                        "store-query": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    ds.add_memory_database("query_trusted_api", name="data")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/queries/store",
-        actor={"id": "writer"},
-        json={"query": {"name": "trusted", "sql": "select 1", "is_trusted": True}},
-    )
-
-    assert response.status_code == 400
-    assert response.json()["errors"] == ["Invalid keys: is_trusted"]
-
-
-@pytest.mark.asyncio
-async def test_query_store_rejects_config_only_fields():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    ds.add_memory_database("query_config_only_fields_api", name="data")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/queries/store",
-        actor={"id": "root"},
-        json={
-            "query": {
-                "name": "unsafe",
-                "sql": "select 1",
-                "description_html": "",
-                "on_success_message_sql": "select 'secret'",
-            }
-        },
-    )
-    form_response = await ds.client.post(
-        "/data/-/queries/store",
-        actor={"id": "root"},
-        data={
-            "name": "unsafe_form",
-            "sql": "select 1",
-            "description_html": "",
-        },
-    )
-
-    assert response.status_code == 400
-    assert response.json()["errors"] == [
-        "Invalid keys: description_html, on_success_message_sql"
-    ]
-    assert form_response.status_code == 400
-    assert "Invalid keys: description_html" in form_response.text
-    assert await ds.get_query("data", "unsafe") is None
-    assert await ds.get_query("data", "unsafe_form") is None
-
-
-@pytest.mark.asyncio
-async def test_query_store_api_creates_writable_query():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("query_write_api", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/queries/store",
-        actor={"id": "root"},
-        json={
-            "query": {
-                "name": "insert_dog",
-                "sql": "insert into dogs (name) values (:name)",
-            }
-        },
-    )
-
-    assert response.status_code == 201
-    query = response.json()["query"]
-    assert query["is_write"] is True
-    assert query["is_private"] is True
-    assert query["is_trusted"] is False
-    assert query["parameters"] == ["name"]
-
-
-@pytest.mark.asyncio
-async def test_query_update_and_delete_api():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    ds.add_memory_database("query_update_api", name="data")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "editable",
-        "select 1",
-        title="Original",
-        source="user",
-        owner_id="root",
-    )
-
-    update_response = await ds.client.post(
-        "/data/editable/-/update",
-        actor={"id": "root"},
-        json={
-            "update": {
-                "title": "Updated",
-                "description": "Fresh",
-                "on_success_redirect": None,
-            },
-            "return": True,
-        },
-    )
-
-    assert update_response.status_code == 200
-    updated = update_response.json()["query"]
-    assert updated["title"] == "Updated"
-    assert updated["description"] == "Fresh"
-    assert updated["on_success_redirect"] is None
-
-    delete_response = await ds.client.post(
-        "/data/editable/-/delete",
-        actor={"id": "root"},
-        json={},
-    )
-
-    assert delete_response.status_code == 200
-    assert delete_response.json() == {"ok": True}
-    assert await ds.get_query("data", "editable") is None
-
-
-@pytest.mark.asyncio
-async def test_query_update_api_rejects_config_only_fields():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("query_update_config_only_fields", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "editable",
-        "insert into dogs (name) values (:name)",
-        is_write=True,
-        source="user",
-        owner_id="root",
-    )
-
-    response = await ds.client.post(
-        "/data/editable/-/update",
-        actor={"id": "root"},
-        json={
-            "update": {
-                "description_html": "",
-                "on_success_message_sql": "select 'secret'",
-            }
-        },
-    )
-
-    assert response.status_code == 400
-    assert response.json()["errors"] == [
-        "Invalid keys: description_html, on_success_message_sql"
-    ]
-    query = await ds.get_query("data", "editable")
-    assert query.description_html is None
-    assert query.on_success_message_sql is None
-
-
-@pytest.mark.asyncio
-async def test_query_update_api_rejects_trusted_queries_but_internal_update_allowed():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "execute-sql": {"id": "editor"},
-                        "update-query": {"id": "editor"},
-                    },
-                    "queries": {
-                        "trusted_report": {
-                            "sql": "select 1 as one",
-                            "title": "Original",
-                        },
-                    },
-                }
-            }
-        },
-    )
-    ds.add_memory_database("query_update_trusted_api", name="data")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/trusted_report/-/update",
-        actor={"id": "editor"},
-        json={"update": {"sql": "select 2 as two", "title": "Edited"}},
-    )
-
-    assert response.status_code == 403
-    assert response.json()["errors"] == [
-        "Trusted queries cannot be updated using the API"
-    ]
-    query = await ds.get_query("data", "trusted_report")
-    assert query.is_trusted is True
-    assert query.sql == "select 1 as one"
-    assert query.title == "Original"
-
-    await ds.update_query(
-        "data",
-        "trusted_report",
-        sql="select 3 as three",
-        title="Internal",
-    )
-    query = await ds.get_query("data", "trusted_report")
-    assert query.is_trusted is True
-    assert query.sql == "select 3 as three"
-    assert query.title == "Internal"
-
-
-async def _make_ds_with_user_query(name, *, is_private=False, owner_id="owner"):
-    ds = Datasette(memory=True, settings={"default_allow_sql": True})
-    db = ds.add_memory_database(name, name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "saved",
-        "select * from dogs",
-        title="Saved query",
-        description="A saved query",
-        source="user",
-        owner_id=owner_id,
-        is_private=is_private,
-    )
-    return ds
-
-
-@pytest.mark.asyncio
-async def test_query_edit_form_renders_and_updates_for_owner():
-    ds = await _make_ds_with_user_query("query_edit_owner")
-    actor = {"id": "owner"}
-
-    # GET renders the form pre-filled with existing values
-    get_response = await ds.client.get("/data/saved/-/edit", actor=actor)
-    assert get_response.status_code == 200
-    assert 'value="Saved query"' in get_response.text
-    assert ">A saved query" in get_response.text
-    assert "select * from dogs" in get_response.text
-    # URL slug is shown but not editable
-    assert 'name="name"' not in get_response.text
-
-    # POST updates the query and redirects back to the query page
-    post_response = await ds.client.post(
-        "/data/saved/-/edit",
-        actor=actor,
-        data={
-            "title": "Updated title",
-            "description": "Updated description",
-            "sql": "select id from dogs",
-            "is_private": "1",
-        },
-    )
-    assert post_response.status_code == 302
-    assert post_response.headers["location"] == "/data/saved"
-
-    query = await ds.get_query("data", "saved")
-    assert query.title == "Updated title"
-    assert query.description == "Updated description"
-    assert query.sql == "select id from dogs"
-    assert query.is_private is True
-
-
-@pytest.mark.asyncio
-async def test_query_edit_metadata_only_does_not_require_execute_sql():
-    # An owner who can no longer execute SQL can still edit title/description
-    ds = await _make_ds_with_user_query("query_edit_metadata_only")
-    actor = {"id": "owner"}
-
-    post_response = await ds.client.post(
-        "/data/saved/-/edit",
-        actor=actor,
-        data={
-            "title": "Renamed",
-            "description": "A saved query",
-            "sql": "select * from dogs",
-        },
-    )
-    assert post_response.status_code == 302
-    query = await ds.get_query("data", "saved")
-    assert query.title == "Renamed"
-
-
-@pytest.mark.asyncio
-async def test_private_query_edit_delete_restricted_to_owner():
-    ds = await _make_ds_with_user_query(
-        "query_edit_private", is_private=True, owner_id="owner"
-    )
-
-    # A different actor cannot view, edit or delete the private query
-    other = {"id": "intruder"}
-    assert (await ds.client.get("/data/saved/-/edit", actor=other)).status_code == 403
-    assert (await ds.client.get("/data/saved/-/delete", actor=other)).status_code == 403
-    delete_attempt = await ds.client.post(
-        "/data/saved/-/delete",
-        actor=other,
-        data={},
-    )
-    assert delete_attempt.status_code == 403
-    assert await ds.get_query("data", "saved") is not None
-
-    # The owner can edit and delete
-    owner = {"id": "owner"}
-    assert (await ds.client.get("/data/saved/-/edit", actor=owner)).status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_non_private_query_editable_by_permitted_non_owner():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "execute-sql": {"id": "editor"},
-                        "update-query": {"id": "editor"},
-                        "delete-query": {"id": "editor"},
-                    }
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("query_non_private_editor", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "saved",
-        "select * from dogs",
-        title="Shared",
-        source="user",
-        owner_id="owner",
-        is_private=False,
-    )
-
-    editor = {"id": "editor"}
-    # Editor (not the owner) can edit because the query is not private
-    post_response = await ds.client.post(
-        "/data/saved/-/edit",
-        actor=editor,
-        data={
-            "title": "Edited by editor",
-            "description": "",
-            "sql": "select * from dogs",
-        },
-    )
-    assert post_response.status_code == 302
-    query = await ds.get_query("data", "saved")
-    assert query.title == "Edited by editor"
-
-    # Editor can also delete it
-    delete_response = await ds.client.post(
-        "/data/saved/-/delete",
-        actor=editor,
-        data={},
-    )
-    assert delete_response.status_code == 302
-    assert await ds.get_query("data", "saved") is None
-
-
-@pytest.mark.asyncio
-async def test_query_delete_confirmation_and_form_delete():
-    ds = await _make_ds_with_user_query("query_delete_form")
-    actor = {"id": "owner"}
-
-    get_response = await ds.client.get("/data/saved/-/delete", actor=actor)
-    assert get_response.status_code == 200
-    assert "Are you sure" in get_response.text
-    assert "select * from dogs" in get_response.text
-    soup = Soup(get_response.text, "html.parser")
-    form = soup.select_one("form.query-delete-form")
-    assert form is not None
-    assert "core" in form["class"]
-    assert form.select_one('input[type="submit"][value="Delete query"]') is not None
-
-    post_response = await ds.client.post(
-        "/data/saved/-/delete",
-        actor=actor,
-        data={},
-    )
-    assert post_response.status_code == 302
-    assert post_response.headers["location"] == "/data"
-    assert await ds.get_query("data", "saved") is None
-
-
-@pytest.mark.asyncio
-async def test_query_action_menu_shows_edit_and_delete_for_owner():
-    ds = await _make_ds_with_user_query("query_action_menu")
-
-    owner_response = await ds.client.get("/data/saved", actor={"id": "owner"})
-    assert owner_response.status_code == 200
-    assert "/data/saved/-/edit" in owner_response.text
-    assert "/data/saved/-/delete" in owner_response.text
-
-    # A different actor (the query is public) cannot edit/delete by default
-    other_response = await ds.client.get("/data/saved", actor={"id": "stranger"})
-    assert other_response.status_code == 200
-    assert "/data/saved/-/edit" not in other_response.text
-    assert "/data/saved/-/delete" not in other_response.text
-
-
-@pytest.mark.asyncio
-async def test_query_edit_rejected_for_trusted_query():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "execute-sql": {"id": "editor"},
-                        "update-query": {"id": "editor"},
-                    },
-                    "queries": {"trusted_report": {"sql": "select 1 as one"}},
-                }
-            }
-        },
-    )
-    ds.add_memory_database("query_edit_trusted", name="data")
-    await ds.invoke_startup()
-
-    response = await ds.client.get(
-        "/data/trusted_report/-/edit", actor={"id": "editor"}
-    )
-    assert response.status_code == 403
-    # Edit/delete links should not appear on a trusted/config query page
-    page = await ds.client.get("/data/trusted_report", actor={"id": "editor"})
-    assert "/data/trusted_report/-/edit" not in page.text
-
-
-@pytest.mark.asyncio
-async def test_query_store_api_rejects_magic_parameters():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    ds.add_memory_database("query_magic_api", name="data")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/queries/store",
-        actor={"id": "root"},
-        json={"query": {"name": "magic", "sql": "select :_actor_id"}},
-    )
-
-    assert response.status_code == 400
-    assert response.json()["errors"] == ["Magic parameters are not allowed"]
-
-
-@pytest.mark.asyncio
-async def test_create_query_ui_and_arbitrary_sql_save_link():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("query_create_ui", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-
-    create_response = await ds.client.get(
-        "/data/-/queries/store?sql=select+*+from+dogs",
-        actor={"id": "root"},
-    )
-    write_create_response = await ds.client.get(
-        "/data/-/queries/store?sql=insert+into+dogs+(name)+values+('Cleo')",
-        actor={"id": "root"},
-    )
-    blank_create_response = await ds.client.get(
-        "/data/-/queries/store",
-        actor={"id": "root"},
-    )
-    old_insert_response = await ds.client.get(
-        "/data/-/queries/insert?sql=select+*+from+dogs",
-        actor={"id": "root"},
-    )
-    old_create_response = await ds.client.get(
-        "/data/-/queries/-/create?sql=select+*+from+dogs",
-        actor={"id": "root"},
-    )
-    query_response = await ds.client.get(
-        "/data/-/query?sql=select+*+from+dogs",
-        actor={"id": "root"},
-    )
-
-    assert create_response.status_code == 200
-    assert "Create query" in create_response.text
-    assert 'type="radio"' not in create_response.text
-    assert 'name="parameters"' not in create_response.text
-    assert 'id="query-parameters"' not in create_response.text
-    assert 'class="query-create-field"' in create_response.text
-    assert '' not in create_response.text
-    assert '' in create_response.text
-    assert '' in create_response.text
-    assert '/data/' in create_response.text
-    assert (
-        ''
-        in create_response.text
-    )
-    assert "function slugify(value)" in create_response.text
-    assert 'data-analyze-url="/data/-/queries/analyze"' in create_response.text
-    assert "setupSqlParameterRefresh" in create_response.text
-    assert "renderParameters: false" in create_response.text
-    assert "datasetteSqlAnalysis.renderAnalysis" in create_response.text
-    assert "data-query-create-submit" in create_response.text
-    assert "data-query-create-writable" not in create_response.text
-    assert "data-query-create-sql-type" not in create_response.text
-    assert "data-query-create-analysis-note" in create_response.text
-    assert "SQL type:" not in create_response.text
-    assert (
-        'This is a read-only query.'
-        in create_response.text
-    )
-    assert "disabled> Writable" not in create_response.text
-    assert (
-        "Queries marked private can only be seen by you, their creator."
-        in create_response.text
-    )
-    assert create_response.text.index(
-        "This is a read-only query."
-    ) < create_response.text.index('')
-    assert "
    Query operations
    " in create_response.text
-    assert '
    this …http…OwnerFlagsModeDatabase
    ' in create_response.text
-    assert '' in create_response.text
-    assert '' not in create_response.text
-    assert "" in create_response.text
-    assert "" in create_response.text
-    assert (
-        ''
-        not in create_response.text
-    )
-    assert create_response.text.index(
-        'value="Save query"'
-    ) < create_response.text.index("
    Query operations
    ")
-    assert blank_create_response.status_code == 200
-    assert (
-        '    ' in response.text
-    assert "" in response.text
-    assert "" in response.text
-    assert "" in response.text
-    assert "" in response.text
-    assert 'action="/data/-/execute-write"' in response.text
-    assert "insert into dogs (name) values ('Cleo')" in response.text
-    assert (await db.execute("select count(*) from dogs")).first()[0] == 0
-
-    empty_response = await ds.client.get(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-    )
-    assert '
    ' in empty_response.text
-    assert '' in empty_response.text
-    assert "min-height: calc(5.6em + 8px);" in empty_response.text
-    assert 'executeWriteSqlInput.value = "\\n\\n\\n";' not in empty_response.text
-    assert "Enter writable SQL before executing." in empty_response.text
-    assert 'data-save-query-base-url="/data/-/queries/store"' in empty_response.text
-    assert ''
-    ) in read_only_response.text
-    assert 'data-save-query-base-url="/data/-/queries/store"' in read_only_response.text
-    assert ''
-    ) in response.text
-    assert (
-        ''
-        "You do not have permission for every operation listed above."
-    ) in response.text
-    assert 'no' in response.text
-    assert 'data-save-query-base-url="/data/-/queries/store"' in response.text
-    assert 'Start with a template" in writer_response.text
-    assert "You don't currently have permission" not in writer_response.text
-    assert '
    Start with a template" in creator_response.text
-    assert _template_button_sql(creator_response.text, "create") == (
-        EXPECTED_CREATE_TABLE_TEMPLATE_SQL
-    )
-    assert "There are no tables that you can currently edit." not in (
-        creator_response.text
-    )
-    assert 'id="execute-write-template-table"' not in creator_response.text
-    assert 'data-sql-template="insert"' not in creator_response.text
-    assert 'data-sql-template="update"' not in creator_response.text
-    assert 'data-sql-template="delete"' not in creator_response.text
-
-    assert editor_response.status_code == 200
-    assert 'data-sql-template="create"' not in editor_response.text
-    assert '' in (
-        editor_response.text
-    )
-    assert 'data-sql-template="insert"' in editor_response.text
-    assert 'data-sql-template="update"' in editor_response.text
-    assert 'data-sql-template="delete"' in editor_response.text
-
-    assert both_response.status_code == 200
-    assert _template_button_sql(both_response.text, "create") == (
-        EXPECTED_CREATE_TABLE_TEMPLATE_SQL
-    )
-    assert '' in (
-        both_response.text
-    )
-    assert 'data-sql-template="insert"' in both_response.text
-    assert 'data-sql-template="update"' in both_response.text
-    assert 'data-sql-template="delete"' in both_response.text
-
-
-@pytest.mark.asyncio
-async def test_execute_write_create_table_refreshes_template_tables():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("execute_write_create_template_refresh", name="data")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        data={"sql": "create table selectable (id integer primary key, name text)"},
-    )
-
-    assert response.status_code == 200
-    assert "Query executed" in response.text
-    assert '
    Required permissionSourcereadview-tablen/aRequired permissioninsertupdatereadview-table
    ' in response.text
-    assert '' in response.text
-    assert '' in response.text
-    assert '' in response.text
-    assert '' in response.text
-
-    assert non_returning_response.status_code == 200
-    assert "Query executed, 1 row affected" in non_returning_response.text
-    assert "
    Returned rows
    " not in non_returning_response.text
-    assert '
    0 results
    ' not in non_returning_response.text
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_execute_write_html_returning_rows_can_be_truncated():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("execute_write_returning_html_truncated", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    for index in range(1, 12):
-        await db.execute_write(
-            "insert into dogs (name) values (?)", ["Dog {}".format(index)]
-        )
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        data={"sql": "update dogs set name = name || '!' returning id, name"},
-    )
-
-    assert response.status_code == 200
-    assert "
    Returned rows
    " in response.text
-    assert "Only the first 10 returned rows are shown." in response.text
-    assert '    ' in response.text
-    assert '' in response.text
-    assert '' in response.text
-    assert '' in response.text
-    assert '' not in response.text
-    assert '' not in response.text
-
-
-@pytest.mark.parametrize(
-    "database_name, sql",
-    (
-        (
-            "execute_write_insert_or_replace",
-            "insert or replace into users(id, email) values (3, 'b@example.com')",
-        ),
-        (
-            "execute_write_update_or_replace",
-            "update or replace users set email = 'b@example.com' where id = 1",
-        ),
-    ),
-    ids=("insert-or-replace", "update-or-replace"),
-)
-@pytest.mark.asyncio
-async def test_execute_write_replace_requires_delete_row_permission(database_name, sql):
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    },
-                    "tables": {
-                        "users": {
-                            "permissions": {
-                                "insert-row": {"id": "writer"},
-                                "update-row": {"id": "writer"},
-                                "view-table": {"id": "writer"},
-                            }
-                        }
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database(database_name, name="data")
-    await db.execute_write(
-        "create table users (id integer primary key, email text unique)"
-    )
-    await db.execute_write(
-        "insert into users (id, email) values "
-        "(1, 'a@example.com'), (2, 'b@example.com')"
-    )
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        json={"sql": sql},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [
-        "Permission denied: need delete-row on data/users"
-    ]
-    assert (await db.execute("select id, email from users order by id")).dicts() == [
-        {"id": 1, "email": "a@example.com"},
-        {"id": 2, "email": "b@example.com"},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_execute_write_update_requires_insert_row_permission():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    },
-                    "tables": {
-                        "users": {
-                            "permissions": {
-                                "update-row": {"id": "writer"},
-                                "delete-row": {"id": "writer"},
-                                "view-table": {"id": "writer"},
-                            }
-                        }
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("execute_write_update_requires_insert", name="data")
-    await db.execute_write("create table users (id integer primary key, name text)")
-    await db.execute_write("insert into users (id, name) values (1, 'Alice')")
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        json={"sql": "update users set name = 'Alicia' where id = 1"},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [
-        "Permission denied: need insert-row on data/users"
-    ]
-    assert (await db.execute("select name from users where id = 1")).first()[
-        0
-    ] == "Alice"
-
-
-@pytest.mark.asyncio
-async def test_execute_write_insert_select_requires_view_table_on_source():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    },
-                    "tables": {
-                        "secret": {
-                            "permissions": {"view-table": {"id": "someone-else"}}
-                        },
-                        "public_log": {
-                            "permissions": {
-                                "insert-row": {"id": "writer"},
-                                "update-row": {"id": "writer"},
-                                "delete-row": {"id": "writer"},
-                            }
-                        },
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("execute_write_insert_select_source", name="data")
-    await db.execute_write("create table secret (value text)")
-    await db.execute_write("create table public_log (value text)")
-    await db.execute_write("insert into secret values ('sensitive')")
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        json={"sql": "insert into public_log(value) select value from secret"},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [
-        "Permission denied: need view-table on data/secret"
-    ]
-    assert (await db.execute("select value from public_log")).dicts() == []
-
-
-@pytest.mark.asyncio
-async def test_execute_write_rejects_sqlite_master_reads():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    },
-                    "tables": {
-                        "secret": {
-                            "permissions": {"view-table": {"id": "someone-else"}}
-                        },
-                        "log": {
-                            "permissions": {
-                                "insert-row": {"id": "writer"},
-                                "update-row": {"id": "writer"},
-                                "delete-row": {"id": "writer"},
-                            }
-                        },
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("execute_write_sqlite_master_read", name="data")
-    await db.execute_write("create table secret (value text)")
-    await db.execute_write("create table log (value text)")
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        json={
-            "sql": (
-                "insert into log " "select sql from sqlite_master where name = 'secret'"
-            )
-        },
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [
-        "Unsupported SQL operation: read schema"
-    ]
-    assert (await db.execute("select value from log")).dicts() == []
-
-
-@pytest.mark.asyncio
-async def test_execute_write_create_table_as_select_requires_view_table_on_source():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "creator"},
-                        "execute-write-sql": {"id": "creator"},
-                        "create-table": {"id": "creator"},
-                    },
-                    "tables": {
-                        "secret": {
-                            "permissions": {"view-table": {"id": "someone-else"}}
-                        }
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("execute_write_create_as_select_source", name="data")
-    await db.execute_write("create table secret (value text)")
-    await db.execute_write("insert into secret values ('sensitive')")
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "creator"},
-        json={"sql": "create table copied_secret as select value from secret"},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [
-        "Permission denied: need view-table on data/secret"
-    ]
-    assert not await db.table_exists("copied_secret")
-
-
-@pytest.mark.asyncio
-async def test_execute_write_allows_function_operations():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    },
-                    "tables": {
-                        "dogs": {
-                            "permissions": {
-                                "insert-row": {"id": "writer"},
-                                "update-row": {"id": "writer"},
-                                "delete-row": {"id": "writer"},
-                            }
-                        }
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("execute_write_function_operation", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        json={"sql": "insert into dogs (name) values (upper('cleo'))"},
-    )
-
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-    assert (await db.execute("select name from dogs")).dicts() == [{"name": "CLEO"}]
-
-
-@pytest.mark.asyncio
-async def test_untrusted_stored_write_query_allows_function_operations():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "view-query": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    },
-                    "tables": {
-                        "dogs": {
-                            "permissions": {
-                                "insert-row": {"id": "writer"},
-                                "update-row": {"id": "writer"},
-                                "delete-row": {"id": "writer"},
-                            }
-                        }
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("stored_query_function_operation", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "insert_dog",
-        "insert into dogs (name) values (upper(:name))",
-        is_write=True,
-        is_trusted=False,
-        source="user",
-        owner_id="writer",
-    )
-
-    response = await ds.client.post(
-        "/data/insert_dog?_json=1",
-        actor={"id": "writer"},
-        data={"name": "cleo"},
-    )
-
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-    assert (await db.execute("select name from dogs")).dicts() == [{"name": "CLEO"}]
-
-
-@pytest.mark.asyncio
-async def test_execute_write_rejects_vacuum_operation():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    ds.add_memory_database("execute_write_vacuum_operation", name="data")
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        json={"sql": "vacuum"},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [
-        "VACUUM is not allowed in user-supplied SQL"
-    ]
-
-
-@pytest.mark.asyncio
-async def test_execute_write_form_rejects_vacuum_operation_with_flash_error():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    ds.add_memory_database("execute_write_vacuum_operation_form", name="data")
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "writer"},
-        data={"sql": "vacuum"},
-    )
-
-    assert denied_response.status_code == 403
-    assert (
-        '
    VACUUM is not allowed in user-supplied SQL
    '
-        in denied_response.text
-    )
-    assert denied_response.text.count("VACUUM is not allowed in user-supplied SQL") == 1
-
-
-@pytest.mark.asyncio
-async def test_untrusted_stored_write_query_rejects_vacuum_operation():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "view-query": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    ds.add_memory_database("stored_query_vacuum_operation", name="data")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "vacuum_db",
-        "vacuum",
-        is_write=True,
-        is_trusted=False,
-        source="user",
-        owner_id="writer",
-    )
-
-    denied_response = await ds.client.post(
-        "/data/vacuum_db?_json=1",
-        actor={"id": "writer"},
-        data={},
-    )
-
-    assert denied_response.status_code == 403
-    assert "VACUUM is not allowed in user-supplied SQL" in denied_response.text
-
-
-@pytest.mark.asyncio
-async def test_untrusted_stored_write_query_rejects_vacuum_operation_with_flash_error():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "view-query": {"id": "writer"},
-                        "execute-write-sql": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    ds.add_memory_database("stored_query_vacuum_operation_form", name="data")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "vacuum_db",
-        "vacuum",
-        is_write=True,
-        is_trusted=False,
-        source="user",
-        owner_id="writer",
-    )
-
-    denied_response = await ds.client.post(
-        "/data/vacuum_db",
-        actor={"id": "writer"},
-        data={},
-    )
-
-    assert denied_response.status_code == 302
-    assert denied_response.headers["location"] == "/data/vacuum_db"
-    assert ds.unsign(denied_response.cookies["ds_messages"], "messages") == [
-        ["VACUUM is not allowed in user-supplied SQL", ds.ERROR]
-    ]
-
-
-@pytest.mark.asyncio
-async def test_trusted_stored_write_query_skips_vacuum_filtering():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "view-query": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    ds.add_memory_database("trusted_stored_query_vacuum", name="data")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "trusted_vacuum",
-        "vacuum",
-        is_write=True,
-        is_trusted=True,
-        source="config",
-    )
-
-    response = await ds.client.post(
-        "/data/trusted_vacuum?_json=1",
-        actor={"id": "writer"},
-        data={},
-    )
-
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-
-
-@pytest.mark.parametrize(
-    (
-        "database_name",
-        "setup_sqls",
-        "write_sql",
-        "expected_error",
-        "verification_sql",
-        "expected_count",
-    ),
-    (
-        (
-            "execute_write_virtual_table_control",
-            (
-                "create virtual table docs using fts5(title, body, content='')",
-                "insert into docs(rowid, title, body) values (1, 'hello', 'world')",
-            ),
-            "insert into docs(docs) values('delete-all')",
-            "Writes to virtual tables are not allowed in user-supplied SQL",
-            "select count(*) from docs where docs match 'hello'",
-            1,
-        ),
-        (
-            "execute_write_virtual_table_insert",
-            ("create virtual table docs using fts5(title, body)",),
-            "insert into docs(rowid, title, body) values (1, 'a', 'b')",
-            "Writes to virtual tables are not allowed in user-supplied SQL",
-            "select count(*) from docs",
-            0,
-        ),
-        (
-            "execute_write_shadow_table_insert",
-            ("create virtual table docs using fts5(title, body)",),
-            "insert into docs_config(k, v) values ('x', 1)",
-            "Writes to shadow tables are not allowed in user-supplied SQL",
-            "select count(*) from docs_config",
-            1,
-        ),
-    ),
-    ids=("control-insert", "virtual-table", "shadow-table"),
-)
-@pytest.mark.asyncio
-async def test_execute_write_rejects_virtual_and_shadow_table_writes(
-    database_name,
-    setup_sqls,
-    write_sql,
-    expected_error,
-    verification_sql,
-    expected_count,
-):
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database(database_name, name="data")
-    for setup_sql in setup_sqls:
-        await db.execute_write(setup_sql)
-    await ds.invoke_startup()
-
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        json={"sql": write_sql},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [expected_error]
-    assert (await db.execute(verification_sql)).first()[0] == expected_count
-
-
-@pytest.mark.asyncio
-async def test_untrusted_stored_write_query_rejects_virtual_table_control_insert():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("stored_query_virtual_table_control", name="data")
-    await db.execute_write("""
-        create virtual table docs using fts5(title, body, content='')
-    """)
-    await db.execute_write("""
-        insert into docs(rowid, title, body) values (1, 'hello', 'world')
-    """)
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "delete_all_docs",
-        "insert into docs(docs) values('delete-all')",
-        is_write=True,
-        is_trusted=False,
-        source="user",
-        owner_id="root",
-    )
-
-    denied_response = await ds.client.post(
-        "/data/delete_all_docs?_json=1",
-        actor={"id": "root"},
-        data={},
-    )
-
-    assert denied_response.status_code == 403
-    assert denied_response.json()["message"] == (
-        "Writes to virtual tables are not allowed in user-supplied SQL"
-    )
-    assert (
-        await db.execute("select count(*) from docs where docs match 'hello'")
-    ).first()[0] == 1
-
-
-@pytest.mark.asyncio
-async def test_trusted_stored_write_query_can_write_virtual_table():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": "writer"},
-                        "view-query": {"id": "writer"},
-                    }
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("trusted_stored_query_virtual_table", name="data")
-    await db.execute_write("""
-        create virtual table docs using fts5(title, body, content='')
-    """)
-    await db.execute_write("""
-        insert into docs(rowid, title, body) values (1, 'hello', 'world')
-    """)
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "trusted_delete_all",
-        "insert into docs(docs) values('delete-all')",
-        is_write=True,
-        is_trusted=True,
-        source="config",
-    )
-
-    response = await ds.client.post(
-        "/data/trusted_delete_all?_json=1",
-        actor={"id": "writer"},
-        data={},
-    )
-
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-    assert (
-        await db.execute("select count(*) from docs where docs match 'hello'")
-    ).first()[0] == 0
-
-
-@pytest.mark.asyncio
-async def test_execute_write_create_table_uses_create_table_permission():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "permissions": {
-                "insert-row": {"id": "row-writer"},
-                "update-row": {"id": "row-writer"},
-            },
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": ["creator", "row-writer"]},
-                        "execute-write-sql": {"id": ["creator", "row-writer"]},
-                        "create-table": {"id": "creator"},
-                    }
-                }
-            },
-        },
-    )
-    db = ds.add_memory_database("execute_write_create_table", name="data")
-    await ds.invoke_startup()
-
-    analysis_response = await ds.client.get(
-        "/data/-/execute-write/analyze",
-        actor={"id": "creator"},
-        params={"sql": "create table foobar (id integer primary key, name text)"},
-    )
-    allowed_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "creator"},
-        json={"sql": "create table foobar (id integer primary key, name text)"},
-    )
-    row_permission_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "row-writer"},
-        json={"sql": "create table should_not_exist (id integer primary key)"},
-    )
-
-    assert analysis_response.status_code == 200
-    analysis_data = analysis_response.json()
-    assert analysis_data["ok"] is True
-    assert analysis_data["execute_disabled"] is False
-    assert analysis_data["analysis_rows"] == [
-        {
-            "operation": "create",
-            "database": "data",
-            "table": "foobar",
-            "required_permission": "create-table",
-            "source": None,
-            "allowed": True,
-        }
-    ]
-
-    assert allowed_response.status_code == 200
-    assert allowed_response.json()["ok"] is True
-    assert allowed_response.json()["message"] == "Query executed"
-    assert await db.table_exists("foobar")
-
-    assert row_permission_response.status_code == 403
-    assert row_permission_response.json()["errors"] == [
-        "Permission denied: need create-table on data"
-    ]
-    assert not await db.table_exists("should_not_exist")
-
-
-@pytest.mark.parametrize(
-    (
-        "database_name",
-        "allowed_actor",
-        "allowed_sql",
-        "denied_sql",
-        "expected_error",
-        "setup_sqls",
-        "expected_state",
-    ),
-    (
-        (
-            "execute_write_alter_table",
-            "alterer",
-            "alter table dogs add column age integer",
-            "alter table cats add column age integer",
-            "Permission denied: need alter-table on data/cats",
-            (),
-            "alter-table",
-        ),
-        (
-            "execute_write_create_index",
-            "alterer",
-            "create index idx_dogs_name on dogs(name)",
-            "create index idx_cats_name on cats(name)",
-            "Permission denied: need alter-table on data/cats",
-            (),
-            "create-index",
-        ),
-        (
-            "execute_write_drop_index",
-            "alterer",
-            "drop index idx_dogs_name",
-            "drop index idx_cats_name",
-            "Permission denied: need alter-table on data/cats",
-            (
-                "create index idx_dogs_name on dogs(name)",
-                "create index idx_cats_name on cats(name)",
-            ),
-            "drop-index",
-        ),
-        (
-            "execute_write_drop_table",
-            "dropper",
-            "drop table dogs",
-            "drop table cats",
-            "Permission denied: need drop-table on data/cats",
-            (),
-            "drop-table",
-        ),
-    ),
-    ids=("alter-table", "create-index", "drop-index", "drop-table"),
-)
-@pytest.mark.asyncio
-async def test_execute_write_schema_operations_use_schema_permissions(
-    database_name,
-    allowed_actor,
-    allowed_sql,
-    denied_sql,
-    expected_error,
-    setup_sqls,
-    expected_state,
-):
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "permissions": {
-                "delete-row": {"id": "row-writer"},
-                "update-row": {"id": "row-writer"},
-            },
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": ["alterer", "dropper", "row-writer"]},
-                        "execute-write-sql": {
-                            "id": ["alterer", "dropper", "row-writer"]
-                        },
-                    },
-                    "tables": {
-                        "dogs": {
-                            "permissions": {
-                                "alter-table": {"id": "alterer"},
-                                "drop-table": {"id": "dropper"},
-                                "view-table": {"id": "alterer"},
-                            }
-                        }
-                    },
-                }
-            },
-        },
-    )
-    db = ds.add_memory_database(database_name, name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await db.execute_write("create table cats (id integer primary key, name text)")
-    for setup_sql in setup_sqls:
-        await db.execute_write(setup_sql)
-    await ds.invoke_startup()
-
-    async def index_exists(index_name):
-        row = (
-            await db.execute(
-                "select 1 from sqlite_master where type = 'index' and name = ?",
-                [index_name],
-            )
-        ).first()
-        return row is not None
-
-    allowed_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": allowed_actor},
-        json={"sql": allowed_sql},
-    )
-    denied_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "row-writer"},
-        json={"sql": denied_sql},
-    )
-
-    assert allowed_response.status_code == 200
-    assert denied_response.status_code == 403
-    assert denied_response.json()["errors"] == [expected_error]
-
-    if expected_state == "alter-table":
-        assert "age" in [
-            column.name for column in await db.table_column_details("dogs")
-        ]
-        assert "age" not in [
-            column.name for column in await db.table_column_details("cats")
-        ]
-    elif expected_state == "create-index":
-        assert await index_exists("idx_dogs_name")
-        assert not await index_exists("idx_cats_name")
-    elif expected_state == "drop-index":
-        assert not await index_exists("idx_dogs_name")
-        assert await index_exists("idx_cats_name")
-    elif expected_state == "drop-table":
-        assert not await db.table_exists("dogs")
-        assert await db.table_exists("cats")
-
-
-@pytest.mark.asyncio
-async def test_execute_write_insert_links_to_inserted_row():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("execute_write_insert_link", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await db.execute_write("create table log (id integer primary key, message text)")
-    await db.execute_write("insert into log (message) values ('existing')")
-    await db.execute_write("""
-        create trigger dogs_after_insert after insert on dogs begin
-            insert into log (message) values (new.name);
-        end
-    """)
-    await ds.invoke_startup()
-
-    insert_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        data={
-            "sql": "insert into dogs (name) values (:name)",
-            "name": "Cleo",
-        },
-    )
-    update_response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        data={
-            "sql": "update dogs set name = :name where id = :id",
-            "name": "Cleo 2",
-            "id": "1",
-        },
-    )
-
-    assert insert_response.status_code == 200
-    assert "Query executed, 1 row affected" in insert_response.text
-    assert '    View row' in insert_response.text
-    assert "/data/log/2" not in insert_response.text
-    assert update_response.status_code == 200
-    assert "Query executed, 1 row affected" in update_response.text
-    assert "View row" not in update_response.text
-
-
-@pytest.mark.asyncio
-async def test_execute_write_post_rejects_read_only_sql():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("execute_write_read_only", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-
-    response = await ds.client.post(
-        "/data/-/execute-write",
-        actor={"id": "root"},
-        json={"sql": "select * from dogs"},
-    )
-
-    assert response.status_code == 400
-    assert response.json()["errors"] == [
-        "Use /-/query for read-only SQL; this endpoint only executes writes"
-    ]
-
-
-@pytest.mark.parametrize("action", ("view-query", "update-query", "delete-query"))
-@pytest.mark.asyncio
-async def test_query_owner_gets_update_delete_and_writable_view_defaults(action):
-    ds = Datasette(memory=True, default_deny=True)
-    ds.add_memory_database("query_owner_defaults", name="data")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "insert_dog",
-        "insert into dogs (name) values (:name)",
-        is_write=True,
-        source="user",
-        owner_id="alice",
-    )
-
-    assert await ds.allowed(
-        action=action,
-        resource=QueryResource("data", "insert_dog"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action=action,
-        resource=QueryResource("data", "insert_dog"),
-        actor={"id": "bob"},
-    )
-
-
-@pytest.mark.parametrize(
-    "action, path_suffix, request_json, expected_public_title",
-    (
-        (
-            "update-query",
-            "-/update",
-            {"update": {"title": "Bob can edit public queries"}},
-            "Bob can edit public queries",
-        ),
-        ("delete-query", "-/delete", {}, None),
-    ),
-    ids=("update-query", "delete-query"),
-)
-@pytest.mark.asyncio
-async def test_private_query_restricts_broad_update_delete_permissions(
-    action, path_suffix, request_json, expected_public_title
-):
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "update-query": {"id": "bob"},
-                        "delete-query": {"id": "bob"},
-                    },
-                },
-            },
-        },
-    )
-    ds.add_memory_database("query_broad_update_delete", name="data")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "alice_private",
-        "select 1",
-        is_private=True,
-        source="user",
-        owner_id="alice",
-    )
-    await ds.add_query(
-        "data",
-        "alice_public",
-        "select 2",
-        is_private=False,
-        source="user",
-        owner_id="alice",
-    )
-
-    assert await ds.allowed(
-        action=action,
-        resource=QueryResource("data", "alice_private"),
-        actor={"id": "alice"},
-    )
-    assert not await ds.allowed(
-        action=action,
-        resource=QueryResource("data", "alice_private"),
-        actor={"id": "bob"},
-    )
-    assert await ds.allowed(
-        action=action,
-        resource=QueryResource("data", "alice_public"),
-        actor={"id": "bob"},
-    )
-
-    private_response = await ds.client.post(
-        "/data/alice_private/{}".format(path_suffix),
-        actor={"id": "bob"},
-        json=request_json,
-    )
-    public_response = await ds.client.post(
-        "/data/alice_public/{}".format(path_suffix),
-        actor={"id": "bob"},
-        json=request_json,
-    )
-
-    assert private_response.status_code == 403
-    assert public_response.status_code == 200
-    assert await ds.get_query("data", "alice_private") is not None
-    public_query = await ds.get_query("data", "alice_public")
-    if expected_public_title is None:
-        assert public_query is None
-    else:
-        assert public_query.title == expected_public_title
-
-
-@pytest.mark.asyncio
-async def test_user_writable_query_execution_rechecks_table_permissions():
-    ds = Datasette(
-        memory=True,
-        default_deny=True,
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "view-database": {"id": ["alice", "bob"]},
-                        "execute-write-sql": {"id": ["alice", "bob"]},
-                    },
-                    "tables": {
-                        "dogs": {
-                            "permissions": {
-                                "insert-row": {"id": "alice"},
-                                "update-row": {"id": "alice"},
-                                "delete-row": {"id": "alice"},
-                            }
-                        }
-                    },
-                }
-            }
-        },
-    )
-    db = ds.add_memory_database("query_write_execution", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "insert_dog",
-        "insert into dogs (name) values (:name)",
-        is_write=True,
-        source="user",
-        owner_id="alice",
-    )
-    await ds.add_query(
-        "data",
-        "insert_cat",
-        "insert into dogs (name) values (:name)",
-        is_write=True,
-        source="user",
-        owner_id="bob",
-    )
-
-    allowed_response = await ds.client.post(
-        "/data/insert_dog?_json=1",
-        actor={"id": "alice"},
-        data={"name": "Cleo"},
-    )
-    denied_response = await ds.client.post(
-        "/data/insert_cat?_json=1",
-        actor={"id": "bob"},
-        data={"name": "Milo"},
-    )
-
-    assert allowed_response.status_code == 200
-    assert allowed_response.json()["ok"] is True
-    assert denied_response.status_code == 403
-    rows = (await db.execute("select name from dogs")).dicts()
-    assert rows == [{"name": "Cleo"}]
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_stored_write_query_with_returning():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("query_write_returning", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "insert_dog",
-        "insert into dogs (name) values (:name) returning id, name",
-        is_write=True,
-        source="user",
-        owner_id="root",
-    )
-
-    response = await ds.client.post(
-        "/data/insert_dog?_json=1",
-        actor={"id": "root"},
-        data={"name": "Cleo"},
-    )
-
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-    assert (await db.execute("select id, name from dogs")).dicts() == [
-        {"id": 1, "name": "Cleo"}
-    ]
-
-
-@pytest.mark.asyncio
-@requires_sqlite_returning
-async def test_stored_write_query_with_truncated_returning_message():
-    ds = Datasette(memory=True, default_deny=True)
-    ds.root_enabled = True
-    db = ds.add_memory_database("query_write_truncated_returning", name="data")
-    await db.execute_write("create table dogs (id integer primary key, name text)")
-    await db.execute_write_many(
-        "insert into dogs (name) values (?)",
-        [("Cleo",) for _ in range(20)],
-    )
-    await ds.invoke_startup()
-    await ds.add_query(
-        "data",
-        "update_dogs",
-        "update dogs set name = name returning id",
-        is_write=True,
-        source="user",
-        owner_id="root",
-    )
-
-    response = await ds.client.post(
-        "/data/update_dogs?_json=1",
-        actor={"id": "root"},
-        data={},
-    )
-
-    assert response.status_code == 200
-    assert response.json()["ok"] is True
-    assert response.json()["message"] == "Query executed"
diff --git a/tests/test_restriction_sql.py b/tests/test_restriction_sql.py
deleted file mode 100644
index df6abd29..00000000
--- a/tests/test_restriction_sql.py
+++ /dev/null
@@ -1,315 +0,0 @@
-import pytest
-from datasette.app import Datasette
-from datasette.permissions import PermissionSQL
-from datasette.resources import TableResource
-
-
-@pytest.mark.asyncio
-async def test_multiple_restriction_sources_intersect():
-    """
-    Test that when multiple plugins return restriction_sql, they are INTERSECTed.
-
-    This tests the case where both actor _r restrictions AND a plugin
-    provide restriction_sql - both must pass for access to be granted.
-    """
-    from datasette import hookimpl
-
-    class RestrictivePlugin:
-        __name__ = "RestrictivePlugin"
-
-        @hookimpl
-        def permission_resources_sql(self, datasette, actor, action):
-            # Plugin adds additional restriction: only db1_multi_intersect allowed
-            if action == "view-table":
-                return PermissionSQL(
-                    restriction_sql="SELECT 'db1_multi_intersect' AS parent, NULL AS child",
-                    params={},
-                )
-            return None
-
-    plugin = RestrictivePlugin()
-
-    ds = Datasette()
-    await ds.invoke_startup()
-    ds.pm.register(plugin, name="restrictive_plugin")
-
-    try:
-        db1 = ds.add_memory_database("db1_multi_intersect")
-        db2 = ds.add_memory_database("db2_multi_intersect")
-        await db1.execute_write("CREATE TABLE t1 (id INTEGER)")
-        await db2.execute_write("CREATE TABLE t1 (id INTEGER)")
-        await ds._refresh_schemas()  # Populate catalog tables
-
-        # Actor has restrictions allowing both databases
-        # But plugin only allows db1_multi_intersect
-        # INTERSECT means only db1_multi_intersect/t1 should pass
-        actor = {
-            "id": "user",
-            "_r": {"d": {"db1_multi_intersect": ["vt"], "db2_multi_intersect": ["vt"]}},
-        }
-
-        page = await ds.allowed_resources("view-table", actor)
-        resources = {(r.parent, r.child) for r in page.resources}
-
-        # Should only see db1_multi_intersect/t1 (intersection of actor restrictions and plugin restrictions)
-        assert ("db1_multi_intersect", "t1") in resources
-        assert ("db2_multi_intersect", "t1") not in resources
-    finally:
-        ds.pm.unregister(name="restrictive_plugin")
-
-
-@pytest.mark.asyncio
-async def test_restriction_sql_with_overlapping_databases_and_tables():
-    """
-    Test actor with both database-level and table-level restrictions for same database.
-
-    When actor has:
-    - Database-level: db1_overlapping allowed (all tables)
-    - Table-level: db1_overlapping/t1 allowed
-
-    Both entries are UNION'd (OR'ed) within the actor's restrictions.
-    Database-level restriction allows ALL tables, so table-level is redundant.
-    """
-    ds = Datasette()
-    await ds.invoke_startup()
-    db = ds.add_memory_database("db1_overlapping")
-    await db.execute_write("CREATE TABLE t1 (id INTEGER)")
-    await db.execute_write("CREATE TABLE t2 (id INTEGER)")
-    await ds._refresh_schemas()
-
-    # Actor has BOTH database-level (db1_overlapping all tables) AND table-level (db1_overlapping/t1 only)
-    actor = {
-        "id": "user",
-        "_r": {
-            "d": {
-                "db1_overlapping": ["vt"]
-            },  # Database-level: all tables in db1_overlapping
-            "r": {
-                "db1_overlapping": {"t1": ["vt"]}
-            },  # Table-level: only t1 in db1_overlapping
-        },
-    }
-
-    # Within actor restrictions, entries are UNION'd (OR'ed):
-    # - Database level allows: (db1_overlapping, NULL) → matches all tables via hierarchical matching
-    # - Table level allows: (db1_overlapping, t1) → redundant, already covered by database level
-    # Result: Both tables are allowed
-    page = await ds.allowed_resources("view-table", actor)
-    resources = {(r.parent, r.child) for r in page.resources}
-
-    assert ("db1_overlapping", "t1") in resources
-    # Database-level restriction allows all tables, so t2 is also allowed
-    assert ("db1_overlapping", "t2") in resources
-
-
-@pytest.mark.asyncio
-async def test_restriction_sql_empty_allowlist_query():
-    """
-    Test the specific SQL query generated when action is not in allowlist.
-
-    actor_restrictions_sql() returns "SELECT NULL AS parent, NULL AS child WHERE 0"
-    Verify this produces an empty result set.
-    """
-    ds = Datasette()
-    await ds.invoke_startup()
-    db = ds.add_memory_database("db1_empty_allowlist")
-    await db.execute_write("CREATE TABLE t1 (id INTEGER)")
-    await ds._refresh_schemas()
-
-    # Actor has restrictions but action not in allowlist
-    actor = {"id": "user", "_r": {"r": {"db1_empty_allowlist": {"t1": ["vt"]}}}}
-
-    # Try to view-database (only view-table is in allowlist)
-    page = await ds.allowed_resources("view-database", actor)
-
-    # Should be empty
-    assert len(page.resources) == 0
-
-
-@pytest.mark.asyncio
-async def test_restriction_sql_with_pagination():
-    """
-    Test that restrictions work correctly with keyset pagination.
-    """
-    ds = Datasette()
-    await ds.invoke_startup()
-    db = ds.add_memory_database("db1_pagination")
-
-    # Create many tables
-    for i in range(10):
-        await db.execute_write(f"CREATE TABLE t{i:02d} (id INTEGER)")
-    await ds._refresh_schemas()
-
-    # Actor restricted to only odd-numbered tables
-    restrictions = {"r": {"db1_pagination": {}}}
-    for i in range(10):
-        if i % 2 == 1:  # Only odd tables
-            restrictions["r"]["db1_pagination"][f"t{i:02d}"] = ["vt"]
-
-    actor = {"id": "user", "_r": restrictions}
-
-    # Get first page with small limit
-    page1 = await ds.allowed_resources(
-        "view-table", actor, parent="db1_pagination", limit=2
-    )
-    assert len(page1.resources) == 2
-    assert page1.next is not None
-
-    # Get second page using next token
-    page2 = await ds.allowed_resources(
-        "view-table", actor, parent="db1_pagination", limit=2, next=page1.next
-    )
-    assert len(page2.resources) == 2
-
-    # Should have no overlap
-    page1_ids = {r.child for r in page1.resources}
-    page2_ids = {r.child for r in page2.resources}
-    assert page1_ids.isdisjoint(page2_ids)
-
-    # All should be odd-numbered tables
-    all_ids = page1_ids | page2_ids
-    for table_id in all_ids:
-        table_num = int(table_id[1:])  # Extract number from "t01", "t03", etc.
-        assert table_num % 2 == 1, f"Table {table_id} should be odd-numbered"
-
-
-@pytest.mark.asyncio
-async def test_also_requires_with_restrictions():
-    """
-    Test that also_requires actions properly respect restrictions.
-
-    execute-sql requires view-database. With restrictions, both must pass.
-    """
-    ds = Datasette()
-    await ds.invoke_startup()
-    ds.add_memory_database("db1_also_requires")
-    ds.add_memory_database("db2_also_requires")
-    await ds._refresh_schemas()
-
-    # Actor restricted to only db1_also_requires for view-database
-    # execute-sql requires view-database, so should only work on db1_also_requires
-    actor = {
-        "id": "user",
-        "_r": {
-            "d": {
-                "db1_also_requires": ["vd", "es"],
-                "db2_also_requires": [
-                    "es"
-                ],  # They have execute-sql but not view-database
-            }
-        },
-    }
-
-    # db1_also_requires should allow execute-sql
-    result = await ds.allowed(
-        action="execute-sql",
-        resource=TableResource("db1_also_requires", None),
-        actor=actor,
-    )
-    assert result is True
-
-    # db2_also_requires should not (they have execute-sql but not view-database)
-    result = await ds.allowed(
-        action="execute-sql",
-        resource=TableResource("db2_also_requires", None),
-        actor=actor,
-    )
-    assert result is False
-
-
-@pytest.mark.asyncio
-async def test_restriction_abbreviations_and_full_names():
-    """
-    Test that both abbreviations and full action names work in restrictions.
-    """
-    ds = Datasette()
-    await ds.invoke_startup()
-    db = ds.add_memory_database("db1_abbrev")
-    await db.execute_write("CREATE TABLE t1 (id INTEGER)")
-    await ds._refresh_schemas()
-
-    # Test with abbreviation
-    actor_abbr = {"id": "user", "_r": {"r": {"db1_abbrev": {"t1": ["vt"]}}}}
-    result = await ds.allowed(
-        action="view-table",
-        resource=TableResource("db1_abbrev", "t1"),
-        actor=actor_abbr,
-    )
-    assert result is True
-
-    # Test with full name
-    actor_full = {"id": "user", "_r": {"r": {"db1_abbrev": {"t1": ["view-table"]}}}}
-    result = await ds.allowed(
-        action="view-table",
-        resource=TableResource("db1_abbrev", "t1"),
-        actor=actor_full,
-    )
-    assert result is True
-
-    # Test with mixed
-    actor_mixed = {"id": "user", "_r": {"d": {"db1_abbrev": ["view-database", "vt"]}}}
-    result = await ds.allowed(
-        action="view-table",
-        resource=TableResource("db1_abbrev", "t1"),
-        actor=actor_mixed,
-    )
-    assert result is True
-
-
-@pytest.mark.asyncio
-async def test_permission_resources_sql_multiple_restriction_sources_intersect():
-    """
-    Test that when multiple plugins return restriction_sql, they are INTERSECTed.
-
-    This tests the case where both actor _r restrictions AND a plugin
-    provide restriction_sql - both must pass for access to be granted.
-    """
-    from datasette import hookimpl
-
-    class RestrictivePlugin:
-        __name__ = "RestrictivePlugin"
-
-        @hookimpl
-        def permission_resources_sql(self, datasette, actor, action):
-            # Plugin adds additional restriction: only db1_multi_restrictions allowed
-            if action == "view-table":
-                return PermissionSQL(
-                    restriction_sql="SELECT 'db1_multi_restrictions' AS parent, NULL AS child",
-                    params={},
-                )
-            return None
-
-    plugin = RestrictivePlugin()
-
-    ds = Datasette()
-    await ds.invoke_startup()
-    ds.pm.register(plugin, name="restrictive_plugin")
-
-    try:
-        db1 = ds.add_memory_database("db1_multi_restrictions")
-        db2 = ds.add_memory_database("db2_multi_restrictions")
-        await db1.execute_write("CREATE TABLE t1 (id INTEGER)")
-        await db2.execute_write("CREATE TABLE t1 (id INTEGER)")
-        await ds._refresh_schemas()  # Populate catalog tables
-
-        # Actor has restrictions allowing both databases
-        # But plugin only allows db1
-        # INTERSECT means only db1/t1 should pass
-        actor = {
-            "id": "user",
-            "_r": {
-                "d": {
-                    "db1_multi_restrictions": ["vt"],
-                    "db2_multi_restrictions": ["vt"],
-                }
-            },
-        }
-
-        page = await ds.allowed_resources("view-table", actor)
-        resources = {(r.parent, r.child) for r in page.resources}
-
-        # Should only see db1/t1 (intersection of actor restrictions and plugin restrictions)
-        assert ("db1_multi_restrictions", "t1") in resources
-        assert ("db2_multi_restrictions", "t1") not in resources
-    finally:
-        ds.pm.unregister(name="restrictive_plugin")
diff --git a/tests/test_routes.py b/tests/test_routes.py
deleted file mode 100644
index 24c702fc..00000000
--- a/tests/test_routes.py
+++ /dev/null
@@ -1,109 +0,0 @@
-from datasette.app import Datasette, Database
-from datasette.utils import resolve_routes
-import pytest
-import pytest_asyncio
-
-
-@pytest.fixture(scope="session")
-def routes():
-    ds = Datasette()
-    return ds._routes()
-
-
-@pytest.mark.parametrize(
-    "path,expected_name,expected_matches",
-    (
-        ("/", "IndexView", {"format": None}),
-        ("/foo", "DatabaseView", {"format": None, "database": "foo"}),
-        ("/foo.csv", "DatabaseView", {"format": "csv", "database": "foo"}),
-        ("/foo.json", "DatabaseView", {"format": "json", "database": "foo"}),
-        ("/foo.humbug", "DatabaseView", {"format": "humbug", "database": "foo"}),
-        (
-            "/foo/humbug",
-            "table_view",
-            {"database": "foo", "table": "humbug", "format": None},
-        ),
-        (
-            "/foo/humbug.json",
-            "table_view",
-            {"database": "foo", "table": "humbug", "format": "json"},
-        ),
-        (
-            "/foo/humbug.blah",
-            "table_view",
-            {"database": "foo", "table": "humbug", "format": "blah"},
-        ),
-        (
-            "/foo/humbug/1",
-            "RowView",
-            {"format": None, "database": "foo", "pks": "1", "table": "humbug"},
-        ),
-        (
-            "/foo/humbug/1.json",
-            "RowView",
-            {"format": "json", "database": "foo", "pks": "1", "table": "humbug"},
-        ),
-    ),
-)
-def test_routes(routes, path, expected_name, expected_matches):
-    match, view = resolve_routes(routes, path)
-    if expected_name is None:
-        assert match is None
-    else:
-        assert (
-            view.__name__ == expected_name or view.view_class.__name__ == expected_name
-        )
-        assert match.groupdict() == expected_matches
-
-
-@pytest_asyncio.fixture
-async def ds_with_route():
-    ds = Datasette()
-    await ds.invoke_startup()
-    ds.remove_database("_memory")
-    db = Database(ds, is_memory=True, memory_name="route-name-db")
-    ds.add_database(db, name="original-name", route="custom-route-name")
-    await db.execute_write_script("""
-        create table if not exists t (id integer primary key);
-        insert or replace into t (id) values (1);
-    """)
-    return ds
-
-
-@pytest.mark.asyncio
-async def test_db_with_route_databases(ds_with_route):
-    response = await ds_with_route.client.get("/-/databases.json")
-    assert response.json()[0] == {
-        "name": "original-name",
-        "route": "custom-route-name",
-        "path": None,
-        "size": 0,
-        "is_mutable": True,
-        "is_memory": True,
-        "hash": None,
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_status",
-    (
-        ("/", 200),
-        ("/original-name", 404),
-        ("/original-name/t", 404),
-        ("/original-name/t/1", 404),
-        ("/custom-route-name", 200),
-        ("/custom-route-name/-/query?sql=select+id+from+t", 200),
-        ("/custom-route-name/t", 200),
-        ("/custom-route-name/t/1", 200),
-    ),
-)
-async def test_db_with_route_that_does_not_match_name(
-    ds_with_route, path, expected_status
-):
-    response = await ds_with_route.client.get(path)
-    assert response.status_code == expected_status
-    # There should be links to custom-route-name but none to original-name
-    if response.status_code == 200:
-        assert "/custom-route-name" in response.text
-        assert "/original-name" not in response.text
diff --git a/tests/test_schema_endpoints.py b/tests/test_schema_endpoints.py
deleted file mode 100644
index c95d8614..00000000
--- a/tests/test_schema_endpoints.py
+++ /dev/null
@@ -1,247 +0,0 @@
-import pytest
-import pytest_asyncio
-from datasette.app import Datasette
-
-
-@pytest_asyncio.fixture(scope="module")
-async def schema_ds():
-    """Create a Datasette instance with test databases and permission config."""
-    ds = Datasette(
-        config={
-            "databases": {
-                "schema_private_db": {"allow": {"id": "root"}},
-            }
-        }
-    )
-
-    # Create public database with multiple tables
-    public_db = ds.add_memory_database("schema_public_db")
-    await public_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT)"
-    )
-    await public_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS posts (id INTEGER PRIMARY KEY, title TEXT)"
-    )
-    await public_db.execute_write(
-        "CREATE VIEW IF NOT EXISTS recent_posts AS SELECT * FROM posts ORDER BY id DESC"
-    )
-
-    # Create a database with restricted access (requires root permission)
-    private_db = ds.add_memory_database("schema_private_db")
-    await private_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS secret_data (id INTEGER PRIMARY KEY, value TEXT)"
-    )
-
-    # Create an empty database
-    ds.add_memory_database("schema_empty_db")
-
-    return ds
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "format_ext,expected_in_content",
-    [
-        ("json", None),
-        ("md", ["# Schema for", "```sql"]),
-        ("", ["Schema for", "CREATE TABLE"]),
-    ],
-)
-async def test_database_schema_formats(schema_ds, format_ext, expected_in_content):
-    """Test /database/-/schema endpoint in different formats."""
-    url = "/schema_public_db/-/schema"
-    if format_ext:
-        url += f".{format_ext}"
-    response = await schema_ds.client.get(url)
-    assert response.status_code == 200
-
-    if format_ext == "json":
-        data = response.json()
-        assert "database" in data
-        assert data["database"] == "schema_public_db"
-        assert "schema" in data
-        assert "CREATE TABLE users" in data["schema"]
-    else:
-        content = response.text
-        for expected in expected_in_content:
-            assert expected in content
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "format_ext,expected_in_content",
-    [
-        ("json", None),
-        ("md", ["# Schema for", "```sql"]),
-        ("", ["Schema for all databases"]),
-    ],
-)
-async def test_instance_schema_formats(schema_ds, format_ext, expected_in_content):
-    """Test /-/schema endpoint in different formats."""
-    url = "/-/schema"
-    if format_ext:
-        url += f".{format_ext}"
-    response = await schema_ds.client.get(url)
-    assert response.status_code == 200
-
-    if format_ext == "json":
-        data = response.json()
-        assert "schemas" in data
-        assert isinstance(data["schemas"], list)
-        db_names = [item["database"] for item in data["schemas"]]
-        # Should see schema_public_db and schema_empty_db, but not schema_private_db (anonymous user)
-        assert "schema_public_db" in db_names
-        assert "schema_empty_db" in db_names
-        assert "schema_private_db" not in db_names
-        # Check schemas are present
-        for item in data["schemas"]:
-            if item["database"] == "schema_public_db":
-                assert "CREATE TABLE users" in item["schema"]
-    else:
-        content = response.text
-        for expected in expected_in_content:
-            assert expected in content
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "format_ext,expected_in_content",
-    [
-        ("json", None),
-        ("md", ["# Schema for", "```sql"]),
-        ("", ["Schema for users"]),
-    ],
-)
-async def test_table_schema_formats(schema_ds, format_ext, expected_in_content):
-    """Test /database/table/-/schema endpoint in different formats."""
-    url = "/schema_public_db/users/-/schema"
-    if format_ext:
-        url += f".{format_ext}"
-    response = await schema_ds.client.get(url)
-    assert response.status_code == 200
-
-    if format_ext == "json":
-        data = response.json()
-        assert "database" in data
-        assert data["database"] == "schema_public_db"
-        assert "table" in data
-        assert data["table"] == "users"
-        assert "schema" in data
-        assert "CREATE TABLE users" in data["schema"]
-    else:
-        content = response.text
-        for expected in expected_in_content:
-            assert expected in content
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "url",
-    [
-        "/schema_private_db/-/schema.json",
-        "/schema_private_db/secret_data/-/schema.json",
-    ],
-)
-async def test_schema_permission_enforcement(schema_ds, url):
-    """Test that permissions are enforced for schema endpoints."""
-    # Anonymous user should get 403
-    response = await schema_ds.client.get(url)
-    assert response.status_code == 403
-
-    # Authenticated user with permission should succeed
-    response = await schema_ds.client.get(
-        url,
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_instance_schema_respects_database_permissions(schema_ds):
-    """Test that /-/schema only shows databases the user can view."""
-    # Anonymous user should only see public databases
-    response = await schema_ds.client.get("/-/schema.json")
-    assert response.status_code == 200
-    data = response.json()
-    db_names = [item["database"] for item in data["schemas"]]
-    assert "schema_public_db" in db_names
-    assert "schema_empty_db" in db_names
-    assert "schema_private_db" not in db_names
-
-    # Authenticated user should see all databases
-    response = await schema_ds.client.get(
-        "/-/schema.json",
-        actor={"id": "root"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-    db_names = [item["database"] for item in data["schemas"]]
-    assert "schema_public_db" in db_names
-    assert "schema_empty_db" in db_names
-    assert "schema_private_db" in db_names
-
-
-@pytest.mark.asyncio
-async def test_database_schema_with_multiple_tables(schema_ds):
-    """Test schema with multiple tables in a database."""
-    response = await schema_ds.client.get("/schema_public_db/-/schema.json")
-    assert response.status_code == 200
-    data = response.json()
-    schema = data["schema"]
-
-    # All objects should be in the schema
-    assert "CREATE TABLE users" in schema
-    assert "CREATE TABLE posts" in schema
-    assert "CREATE VIEW recent_posts" in schema
-
-
-@pytest.mark.asyncio
-async def test_empty_database_schema(schema_ds):
-    """Test schema for an empty database."""
-    response = await schema_ds.client.get("/schema_empty_db/-/schema.json")
-    assert response.status_code == 200
-    data = response.json()
-    assert data["database"] == "schema_empty_db"
-    assert data["schema"] == ""
-
-
-@pytest.mark.asyncio
-async def test_database_not_exists(schema_ds):
-    """Test schema for a non-existent database returns 404."""
-    # Test JSON format
-    response = await schema_ds.client.get("/nonexistent_db/-/schema.json")
-    assert response.status_code == 404
-    data = response.json()
-    assert data["ok"] is False
-    assert "not found" in data["error"].lower()
-
-    # Test HTML format (returns text)
-    response = await schema_ds.client.get("/nonexistent_db/-/schema")
-    assert response.status_code == 404
-    assert "not found" in response.text.lower()
-
-    # Test Markdown format (returns text)
-    response = await schema_ds.client.get("/nonexistent_db/-/schema.md")
-    assert response.status_code == 404
-    assert "not found" in response.text.lower()
-
-
-@pytest.mark.asyncio
-async def test_table_not_exists(schema_ds):
-    """Test schema for a non-existent table returns 404."""
-    # Test JSON format
-    response = await schema_ds.client.get("/schema_public_db/nonexistent/-/schema.json")
-    assert response.status_code == 404
-    data = response.json()
-    assert data["ok"] is False
-    assert "not found" in data["error"].lower()
-
-    # Test HTML format (returns text)
-    response = await schema_ds.client.get("/schema_public_db/nonexistent/-/schema")
-    assert response.status_code == 404
-    assert "not found" in response.text.lower()
-
-    # Test Markdown format (returns text)
-    response = await schema_ds.client.get("/schema_public_db/nonexistent/-/schema.md")
-    assert response.status_code == 404
-    assert "not found" in response.text.lower()
diff --git a/tests/test_search_tables.py b/tests/test_search_tables.py
deleted file mode 100644
index ce774327..00000000
--- a/tests/test_search_tables.py
+++ /dev/null
@@ -1,169 +0,0 @@
-"""
-Tests for special endpoints in datasette/views/special.py
-"""
-
-import pytest
-import pytest_asyncio
-from datasette.app import Datasette
-
-
-@pytest_asyncio.fixture
-async def ds_with_tables():
-    """Create a Datasette instance with some tables for searching."""
-    ds = Datasette(
-        config={
-            "databases": {
-                "content": {
-                    "allow": {"id": "*"},  # Allow all authenticated users
-                    "tables": {
-                        "articles": {
-                            "allow": {"id": "editor"},  # Only editor can view
-                        },
-                        "comments": {
-                            "allow": True,  # Everyone can view
-                        },
-                    },
-                },
-                "private": {
-                    "allow": False,  # Deny everyone
-                },
-            }
-        }
-    )
-    await ds.invoke_startup()
-
-    # Add content database with some tables
-    content_db = ds.add_memory_database("search_tables_content", name="content")
-    await content_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS articles (id INTEGER PRIMARY KEY, title TEXT)"
-    )
-    await content_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS comments (id INTEGER PRIMARY KEY, body TEXT)"
-    )
-    await content_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT)"
-    )
-
-    # Add private database with a table
-    private_db = ds.add_memory_database("search_tables_private", name="private")
-    await private_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS secrets (id INTEGER PRIMARY KEY, data TEXT)"
-    )
-
-    # Add another public database
-    public_db = ds.add_memory_database("search_tables_public", name="public")
-    await public_db.execute_write(
-        "CREATE TABLE IF NOT EXISTS articles (id INTEGER PRIMARY KEY, content TEXT)"
-    )
-    await ds._refresh_schemas()
-
-    return ds
-
-
-# /-/jump.json table search tests
-@pytest.mark.asyncio
-async def test_tables_basic_search(ds_with_tables):
-    """Test basic table search functionality."""
-    # Search for "articles" - should find it in both content and public databases
-    # but only return public.articles for anonymous user (content.articles requires auth)
-    response = await ds_with_tables.client.get("/-/jump.json?q=articles")
-    assert response.status_code == 200
-    data = response.json()
-
-    # Should only see public.articles (content.articles restricted to authenticated users)
-    assert "matches" in data
-    assert len(data["matches"]) == 1
-
-    match = data["matches"][0]
-    assert "url" in match
-    assert "name" in match
-    assert match["name"] == "public: articles"
-    assert "/public/articles" in match["url"]
-
-
-@pytest.mark.asyncio
-async def test_tables_search_with_auth(ds_with_tables):
-    """Test that authenticated users see more tables."""
-    # Editor user should see content.articles
-    response = await ds_with_tables.client.get(
-        "/-/jump.json?q=articles",
-        actor={"id": "editor"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Should see both content.articles and public.articles
-    assert len(data["matches"]) == 2
-
-    names = {match["name"] for match in data["matches"]}
-    assert names == {"content: articles", "public: articles"}
-
-
-@pytest.mark.asyncio
-async def test_tables_search_partial_match(ds_with_tables):
-    """Test that search matches partial table names."""
-    # Search for "com" should match "comments"
-    response = await ds_with_tables.client.get(
-        "/-/jump.json?q=com",
-        actor={"id": "user"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    assert len(data["matches"]) == 1
-    assert data["matches"][0]["name"] == "content: comments"
-
-
-@pytest.mark.asyncio
-async def test_tables_search_respects_database_permissions(ds_with_tables):
-    """Test that tables from denied databases are not shown."""
-    # Search for "secrets" which is in the private database
-    # Even authenticated users shouldn't see it because database is denied
-    response = await ds_with_tables.client.get(
-        "/-/jump.json?q=secrets",
-        actor={"id": "user"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Should not see secrets table from private database
-    assert len(data["matches"]) == 0
-
-
-@pytest.mark.asyncio
-async def test_tables_search_respects_table_permissions(ds_with_tables):
-    """Test that tables with specific permissions are filtered correctly."""
-    # Regular authenticated user searching for "users"
-    response = await ds_with_tables.client.get(
-        "/-/jump.json?q=users",
-        actor={"id": "regular"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    # Should see content.users (authenticated users can view content database)
-    assert len(data["matches"]) == 1
-    assert data["matches"][0]["name"] == "content: users"
-
-
-@pytest.mark.asyncio
-async def test_tables_search_response_structure(ds_with_tables):
-    """Test that response has correct structure."""
-    response = await ds_with_tables.client.get(
-        "/-/jump.json?q=users",
-        actor={"id": "user"},
-    )
-    assert response.status_code == 200
-    data = response.json()
-
-    assert "matches" in data
-    assert isinstance(data["matches"], list)
-
-    if data["matches"]:
-        match = data["matches"][0]
-        assert "url" in match
-        assert "name" in match
-        assert isinstance(match["url"], str)
-        assert isinstance(match["name"], str)
-        # Name should be in format "database: table"
-        assert ": " in match["name"]
diff --git a/tests/test_spatialite.py b/tests/test_spatialite.py
deleted file mode 100644
index c07a30e8..00000000
--- a/tests/test_spatialite.py
+++ /dev/null
@@ -1,23 +0,0 @@
-from datasette.app import Datasette
-from datasette.utils import find_spatialite, SpatialiteNotFound, SPATIALITE_FUNCTIONS
-from .utils import has_load_extension
-import pytest
-
-
-def has_spatialite():
-    try:
-        find_spatialite()
-        return True
-    except SpatialiteNotFound:
-        return False
-
-
-@pytest.mark.asyncio
-@pytest.mark.skipif(not has_spatialite(), reason="Requires SpatiaLite")
-@pytest.mark.skipif(not has_load_extension(), reason="Requires enable_load_extension")
-async def test_spatialite_version_info():
-    ds = Datasette(sqlite_extensions=["spatialite"])
-    response = await ds.client.get("/-/versions.json")
-    assert response.status_code == 200
-    spatialite = response.json()["sqlite"]["extensions"]["spatialite"]
-    assert set(SPATIALITE_FUNCTIONS) == set(spatialite)
diff --git a/tests/test_stored_queries.py b/tests/test_stored_queries.py
deleted file mode 100644
index 46420749..00000000
--- a/tests/test_stored_queries.py
+++ /dev/null
@@ -1,473 +0,0 @@
-from bs4 import BeautifulSoup as Soup
-from asgiref.sync import async_to_sync
-import json
-import pytest
-import re
-from .fixtures import make_app_client
-
-
-def update_query(client, name, **kwargs):
-    async_to_sync(client.ds.invoke_startup)()
-    async_to_sync(client.ds.update_query)("data", name, **kwargs)
-
-
-@pytest.fixture
-def stored_write_client(tmpdir):
-    template_dir = tmpdir / "stored_write_templates"
-    template_dir.mkdir()
-    (template_dir / "query-data-update_name.html").write_text(
-        """
-    {% extends "query.html" %}
-    {% block content %}!!!CUSTOM_UPDATE_NAME_TEMPLATE!!!{{ super() }}{% endblock %}
-    """,
-        "utf-8",
-    )
-    with make_app_client(
-        extra_databases={"data.db": "create table names (name text)"},
-        template_dir=str(template_dir),
-        config={
-            "databases": {
-                "data": {
-                    "queries": {
-                        "stored_read": {"sql": "select * from names"},
-                        "add_name": {
-                            "sql": "insert into names (name) values (:name)",
-                            "write": True,
-                            "on_success_redirect": "/data/add_name?success",
-                        },
-                        "add_name_specify_id": {
-                            "sql": "insert into names (rowid, name) values (:rowid, :name)",
-                            "on_success_message_sql": "select 'Name added: ' || :name || ' with rowid ' || :rowid",
-                            "write": True,
-                            "on_error_redirect": "/data/add_name_specify_id?error",
-                        },
-                        "add_name_specify_id_with_error_in_on_success_message_sql": {
-                            "sql": "insert into names (rowid, name) values (:rowid, :name)",
-                            "on_success_message_sql": "select this is bad SQL",
-                            "write": True,
-                        },
-                        "delete_name": {
-                            "sql": "delete from names where rowid = :rowid",
-                            "write": True,
-                            "on_success_message": "Name deleted",
-                            "allow": {"id": "root"},
-                        },
-                        "update_name": {
-                            "sql": "update names set name = :name where rowid = :rowid",
-                            "params": ["rowid", "name", "extra"],
-                            "write": True,
-                        },
-                    }
-                }
-            }
-        },
-    ) as client:
-        yield client
-
-
-@pytest.fixture
-def stored_write_immutable_client():
-    with make_app_client(
-        is_immutable=True,
-        config={
-            "databases": {
-                "fixtures": {
-                    "queries": {
-                        "add": {
-                            "sql": "insert into sortable (text) values (:text)",
-                            "write": True,
-                        },
-                    }
-                }
-            }
-        },
-    ) as client:
-        yield client
-
-
-@pytest.mark.asyncio
-async def test_stored_query_with_named_parameter(ds_client):
-    response = await ds_client.get(
-        "/fixtures/neighborhood_search.json?text=town&_shape=arrays"
-    )
-    assert response.json()["rows"] == [
-        ["Corktown", "Detroit", "MI"],
-        ["Downtown", "Los Angeles", "CA"],
-        ["Downtown", "Detroit", "MI"],
-        ["Greektown", "Detroit", "MI"],
-        ["Koreatown", "Los Angeles", "CA"],
-        ["Mexicantown", "Detroit", "MI"],
-    ]
-
-
-def test_insert(stored_write_client):
-    response = stored_write_client.post(
-        "/data/add_name",
-        {"name": "Hello"},
-        csrftoken_from=True,
-        cookies={"foo": "bar"},
-    )
-    messages = stored_write_client.ds.unsign(
-        response.cookies["ds_messages"], "messages"
-    )
-    assert messages == [["Query executed, 1 row affected", 1]]
-    assert response.status == 302
-    assert response.headers["Location"] == "/data/add_name?success"
-
-
-def test_insert_blocked_cross_site(stored_write_client):
-    # A cross-site POST (browser-originated) must be blocked
-    response = stored_write_client.post(
-        "/data/add_name",
-        {"name": "Hello"},
-        headers={"sec-fetch-site": "cross-site"},
-    )
-    assert 403 == response.status
-
-
-def test_insert_no_cookies_no_csrf(stored_write_client):
-    response = stored_write_client.post("/data/add_name", {"name": "Hello"})
-    assert 302 == response.status
-    assert "/data/add_name?success" == response.headers["Location"]
-
-
-def test_custom_success_message(stored_write_client):
-    response = stored_write_client.post(
-        "/data/delete_name",
-        {"rowid": 1},
-        cookies={"ds_actor": stored_write_client.actor_cookie({"id": "root"})},
-        csrftoken_from=True,
-    )
-    assert 302 == response.status
-    messages = stored_write_client.ds.unsign(
-        response.cookies["ds_messages"], "messages"
-    )
-    assert [["Name deleted", 1]] == messages
-
-
-def test_insert_error(stored_write_client):
-    stored_write_client.post("/data/add_name", {"name": "Hello"}, csrftoken_from=True)
-    response = stored_write_client.post(
-        "/data/add_name_specify_id",
-        {"rowid": 1, "name": "Should fail"},
-        csrftoken_from=True,
-    )
-    assert 302 == response.status
-    assert "/data/add_name_specify_id?error" == response.headers["Location"]
-    messages = stored_write_client.ds.unsign(
-        response.cookies["ds_messages"], "messages"
-    )
-    assert [["UNIQUE constraint failed: names.rowid", 3]] == messages
-    # How about with a custom error message?
-    update_query(stored_write_client, "add_name_specify_id", on_error_message="ERROR")
-    response = stored_write_client.post(
-        "/data/add_name_specify_id",
-        {"rowid": 1, "name": "Should fail"},
-        csrftoken_from=True,
-    )
-    assert [["ERROR", 3]] == stored_write_client.ds.unsign(
-        response.cookies["ds_messages"], "messages"
-    )
-
-
-def test_on_success_message_sql(stored_write_client):
-    response = stored_write_client.post(
-        "/data/add_name_specify_id",
-        {"rowid": 5, "name": "Should be OK"},
-        csrftoken_from=True,
-    )
-    assert response.status == 302
-    assert response.headers["Location"] == "/data/add_name_specify_id"
-    messages = stored_write_client.ds.unsign(
-        response.cookies["ds_messages"], "messages"
-    )
-    assert messages == [["Name added: Should be OK with rowid 5", 1]]
-
-
-def test_error_in_on_success_message_sql(stored_write_client):
-    response = stored_write_client.post(
-        "/data/add_name_specify_id_with_error_in_on_success_message_sql",
-        {"rowid": 1, "name": "Should fail"},
-        csrftoken_from=True,
-    )
-    messages = stored_write_client.ds.unsign(
-        response.cookies["ds_messages"], "messages"
-    )
-    assert messages == [
-        ["Error running on_success_message_sql: no such column: bad", 3]
-    ]
-
-
-def test_custom_params(stored_write_client):
-    response = stored_write_client.get("/data/update_name?extra=foo")
-    assert (
-        ''
-        in response.text
-    )
-
-
-def test_stored_query_pages_no_vary_header(stored_write_client):
-    # These pages no longer embed per-cookie CSRF tokens, so they must not
-    # set Vary: Cookie - they should be cacheable across users.
-    assert "vary" not in stored_write_client.get("/data").headers
-    assert "vary" not in stored_write_client.get("/data/update_name").headers
-
-
-def test_json_post_body(stored_write_client):
-    response = stored_write_client.post(
-        "/data/add_name",
-        body=json.dumps({"name": ["Hello", "there"]}),
-    )
-    assert 302 == response.status
-    assert "/data/add_name?success" == response.headers["Location"]
-    rows = stored_write_client.get("/data/names.json?_shape=array").json
-    assert rows == [{"rowid": 1, "name": "['Hello', 'there']"}]
-
-
-@pytest.mark.parametrize(
-    "headers,body,querystring",
-    (
-        (None, "name=NameGoesHere", "?_json=1"),
-        ({"Accept": "application/json"}, "name=NameGoesHere", None),
-        (None, "name=NameGoesHere&_json=1", None),
-        (None, '{"name": "NameGoesHere", "_json": 1}', None),
-    ),
-)
-def test_json_response(stored_write_client, headers, body, querystring):
-    response = stored_write_client.post(
-        "/data/add_name" + (querystring or ""),
-        body=body,
-        headers=headers,
-    )
-    assert 200 == response.status
-    assert response.headers["content-type"] == "application/json; charset=utf-8"
-    assert response.json == {
-        "ok": True,
-        "message": "Query executed, 1 row affected",
-        "redirect": "/data/add_name?success",
-    }
-    rows = stored_write_client.get("/data/names.json?_shape=array").json
-    assert rows == [{"rowid": 1, "name": "NameGoesHere"}]
-
-
-def test_stored_query_permissions_on_database_page(stored_write_client):
-    # Without auth shows the five public queries
-    anon_response = stored_write_client.get("/data.json")
-    query_names = {q["name"] for q in anon_response.json["queries"]}
-    assert query_names == {
-        "add_name_specify_id_with_error_in_on_success_message_sql",
-        "update_name",
-        "add_name_specify_id",
-        "stored_read",
-        "add_name",
-    }
-    assert anon_response.json["queries_more"] is False
-
-    # With auth the database page preview shows the first five queries
-    response = stored_write_client.get(
-        "/data.json",
-        cookies={"ds_actor": stored_write_client.actor_cookie({"id": "root"})},
-    )
-    assert response.status == 200
-    query_names_and_private = sorted(
-        [
-            {"name": q["name"], "private": q["private"]}
-            for q in response.json["queries"]
-        ],
-        key=lambda q: q["name"],
-    )
-    assert query_names_and_private == [
-        {"name": "add_name", "private": False},
-        {"name": "add_name_specify_id", "private": False},
-        {
-            "name": "add_name_specify_id_with_error_in_on_success_message_sql",
-            "private": False,
-        },
-        {"name": "delete_name", "private": True},
-        {"name": "stored_read", "private": False},
-    ]
-    assert response.json["queries_more"] is True
-
-    # The full query list endpoint includes the remaining query
-    response = stored_write_client.get(
-        "/data/-/queries.json?_size=10",
-        cookies={"ds_actor": stored_write_client.actor_cookie({"id": "root"})},
-    )
-    assert response.status == 200
-    query_names_and_private = sorted(
-        [
-            {"name": q["name"], "private": q["private"]}
-            for q in response.json["queries"]
-        ],
-        key=lambda q: q["name"],
-    )
-    assert query_names_and_private == [
-        {"name": "add_name", "private": False},
-        {"name": "add_name_specify_id", "private": False},
-        {
-            "name": "add_name_specify_id_with_error_in_on_success_message_sql",
-            "private": False,
-        },
-        {"name": "delete_name", "private": True},
-        {"name": "stored_read", "private": False},
-        {"name": "update_name", "private": False},
-    ]
-
-
-def test_stored_query_permissions(stored_write_client):
-    assert 403 == stored_write_client.get("/data/delete_name").status
-    assert 200 == stored_write_client.get("/data/update_name").status
-    cookies = {"ds_actor": stored_write_client.actor_cookie({"id": "root"})}
-    assert 200 == stored_write_client.get("/data/delete_name", cookies=cookies).status
-    assert 200 == stored_write_client.get("/data/update_name", cookies=cookies).status
-
-
-@pytest.fixture(scope="session")
-def magic_parameters_client():
-    with make_app_client(
-        extra_databases={"data.db": "create table logs (line text)"},
-        config={
-            "databases": {
-                "data": {
-                    "queries": {
-                        "runme_post": {"sql": "", "write": True},
-                        "runme_get": {"sql": ""},
-                    }
-                }
-            }
-        },
-    ) as client:
-        yield client
-
-
-@pytest.mark.parametrize(
-    "magic_parameter,expected_re",
-    [
-        ("_actor_id", "root"),
-        ("_header_host", "localhost"),
-        ("_header_not_a_thing", ""),
-        ("_cookie_foo", "bar"),
-        ("_now_epoch", r"^\d+$"),
-        ("_now_date_utc", r"^\d{4}-\d{2}-\d{2}$"),
-        ("_now_datetime_utc", r"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$"),
-        ("_random_chars_1", r"^\w$"),
-        ("_random_chars_10", r"^\w{10}$"),
-    ],
-)
-def test_magic_parameters(magic_parameters_client, magic_parameter, expected_re):
-    update_query(
-        magic_parameters_client,
-        "runme_post",
-        sql=f"insert into logs (line) values (:{magic_parameter})",
-    )
-    update_query(
-        magic_parameters_client,
-        "runme_get",
-        sql=f"select :{magic_parameter} as result",
-    )
-    cookies = {
-        "ds_actor": magic_parameters_client.actor_cookie({"id": "root"}),
-        "foo": "bar",
-    }
-    # Test the GET version
-    get_response = magic_parameters_client.get(
-        "/data/runme_get.json?_shape=array", cookies=cookies
-    )
-    get_actual = get_response.json[0]["result"]
-    assert re.match(expected_re, str(get_actual))
-    # Test the form
-    form_response = magic_parameters_client.get("/data/runme_post")
-    soup = Soup(form_response.body, "html.parser")
-    # The magic parameter should not be represented as a form field
-    assert None is soup.find("input", {"name": magic_parameter})
-    # Submit the form to create a log line
-    response = magic_parameters_client.post(
-        "/data/runme_post?_json=1", {}, csrftoken_from=True, cookies=cookies
-    )
-    assert response.json == {
-        "ok": True,
-        "message": "Query executed, 1 row affected",
-        "redirect": None,
-    }
-    post_actual = magic_parameters_client.get(
-        "/data/logs.json?_sort_desc=rowid&_shape=array"
-    ).json[0]["line"]
-    assert re.match(expected_re, post_actual)
-
-
-@pytest.mark.parametrize("use_csrf", [True, False])
-@pytest.mark.parametrize("return_json", [True, False])
-def test_magic_parameters_csrf_json(magic_parameters_client, use_csrf, return_json):
-    update_query(
-        magic_parameters_client,
-        "runme_post",
-        sql="insert into logs (line) values (:_header_host)",
-    )
-    qs = ""
-    if return_json:
-        qs = "?_json=1"
-    response = magic_parameters_client.post(
-        f"/data/runme_post{qs}",
-        {},
-        csrftoken_from=use_csrf or None,
-    )
-    if return_json:
-        assert response.status == 200
-        assert response.json["ok"], response.json
-    else:
-        assert response.status == 302
-        messages = magic_parameters_client.ds.unsign(
-            response.cookies["ds_messages"], "messages"
-        )
-        assert [["Query executed, 1 row affected", 1]] == messages
-    post_actual = magic_parameters_client.get(
-        "/data/logs.json?_sort_desc=rowid&_shape=array"
-    ).json[0]["line"]
-    assert post_actual == "localhost"
-
-
-def test_magic_parameters_cannot_be_used_in_arbitrary_queries(magic_parameters_client):
-    response = magic_parameters_client.get(
-        "/data/-/query.json?sql=select+:_header_host&_shape=array"
-    )
-    assert 400 == response.status
-    assert response.json["error"].startswith("You did not supply a value for binding")
-
-
-def test_stored_write_custom_template(stored_write_client):
-    response = stored_write_client.get("/data/update_name")
-    assert response.status == 200
-    assert "!!!CUSTOM_UPDATE_NAME_TEMPLATE!!!" in response.text
-    assert (
-        ""
-        in response.text
-    )
-    # And test for link rel=alternate while we're here:
-    assert (
-        ''
-        in response.text
-    )
-    assert (
-        response.headers["link"]
-        == '; rel="alternate"; type="application/json+datasette"'
-    )
-
-
-def test_stored_write_query_disabled_for_immutable_database(
-    stored_write_immutable_client,
-):
-    response = stored_write_immutable_client.get("/fixtures/add")
-    assert response.status == 200
-    assert (
-        "This query cannot be executed because the database is immutable."
-        in response.text
-    )
-    assert '' in response.text
-    # Submitting form should get a forbidden error
-    response = stored_write_immutable_client.post(
-        "/fixtures/add",
-        {"text": "text"},
-        csrftoken_from=True,
-    )
-    assert response.status == 403
-    assert "Database is immutable" in response.text
diff --git a/tests/test_table_api.py b/tests/test_table_api.py
deleted file mode 100644
index 272e39e3..00000000
--- a/tests/test_table_api.py
+++ /dev/null
@@ -1,1590 +0,0 @@
-from datasette.utils import detect_json1
-from datasette.utils.sqlite import sqlite_version
-from datasette.fixtures import generate_compound_rows, generate_sortable_rows
-from .fixtures import make_app_client
-import json
-import pytest
-import urllib
-
-
-@pytest.mark.asyncio
-async def test_table_json(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.json?_extra=query")
-    assert response.status_code == 200
-    data = response.json()
-    assert (
-        data["query"]["sql"]
-        == "select id, content from simple_primary_key order by id limit 51"
-    )
-    assert data["query"]["params"] == {}
-    assert data["rows"] == [
-        {"id": 1, "content": "hello"},
-        {"id": 2, "content": "world"},
-        {"id": 3, "content": ""},
-        {"id": 4, "content": "RENDER_CELL_DEMO"},
-        {"id": 5, "content": "RENDER_CELL_ASYNC"},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_not_exists_json(ds_client):
-    assert (await ds_client.get("/fixtures/blah.json")).json() == {
-        "ok": False,
-        "error": "Table not found",
-        "status": 404,
-        "title": None,
-    }
-
-
-@pytest.mark.asyncio
-async def test_table_shape_arrays(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.json?_shape=arrays")
-    assert response.json()["rows"] == [
-        [1, "hello"],
-        [2, "world"],
-        [3, ""],
-        [4, "RENDER_CELL_DEMO"],
-        [5, "RENDER_CELL_ASYNC"],
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_shape_arrayfirst(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?"
-        + urllib.parse.urlencode(
-            {
-                "sql": "select content from simple_primary_key order by id",
-                "_shape": "arrayfirst",
-            }
-        )
-    )
-    assert response.json() == [
-        "hello",
-        "world",
-        "",
-        "RENDER_CELL_DEMO",
-        "RENDER_CELL_ASYNC",
-    ]
-
-
-@pytest.mark.asyncio
-async def test_query_extras_for_arbitrary_sql(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?"
-        + urllib.parse.urlencode(
-            {
-                "sql": "select 1 as one",
-                "_extra": "columns,database,query,request,debug",
-            }
-        )
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["rows"] == [{"one": 1}]
-    assert data["columns"] == ["one"]
-    assert data["database"] == "fixtures"
-    assert data["query"]["sql"] == "select 1 as one"
-    assert data["request"]["path"] == "/fixtures/-/query.json"
-    assert data["debug"]["url_vars"] == {
-        "database": "fixtures",
-        "format": "json",
-    }
-
-
-@pytest.mark.asyncio
-async def test_query_extras_for_stored_query(ds_client):
-    response = await ds_client.get(
-        "/fixtures/neighborhood_search.json?"
-        + urllib.parse.urlencode(
-            {
-                "text": "town",
-                "_extra": "columns,database,query,request,debug",
-            }
-        )
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["columns"] == ["_neighborhood", "name", "state"]
-    assert data["database"] == "fixtures"
-    assert data["query"]["sql"].strip().startswith("select _neighborhood")
-    assert data["query"]["params"]["text"] == "town"
-    assert data["request"]["path"] == "/fixtures/neighborhood_search.json"
-    assert data["debug"]["url_vars"] == {
-        "database": "fixtures",
-        "table": "neighborhood_search",
-        "format": "json",
-    }
-
-
-@pytest.mark.parametrize("extra", ["filters", "actions", "display_rows"])
-@pytest.mark.asyncio
-async def test_html_only_extras_are_not_available_via_json(ds_client, extra):
-    # These extras exist for the HTML view; their values are not JSON
-    # serializable so they are internal, not part of the JSON API
-    response = await ds_client.get(f"/fixtures/facetable.json?_extra={extra}")
-    assert response.status_code == 200
-    assert extra not in response.json()
-
-
-@pytest.mark.asyncio
-async def test_html_only_extras_are_not_advertised(ds_client):
-    response = await ds_client.get("/fixtures/facetable.json?_extra=extras")
-    assert response.status_code == 200
-    names = {e["name"] for e in response.json()["extras"]}
-    assert {"filters", "actions", "display_rows"}.isdisjoint(names)
-
-
-def test_query_extra_private_for_arbitrary_sql():
-    with make_app_client(config={"allow_sql": {"id": "root"}}) as client:
-        cookies = {"ds_actor": client.actor_cookie({"id": "root"})}
-        response = client.get(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=private",
-            cookies=cookies,
-        )
-        assert response.status == 200
-        assert response.json["private"] is True
-        # Anonymous users cannot execute SQL at all here
-        anon = client.get("/fixtures/-/query.json?sql=select+1+as+one")
-        assert anon.status == 403
-
-
-def test_query_extra_query_reports_bound_params():
-    config = {
-        "databases": {
-            "fixtures": {
-                "queries": {
-                    "declared_params": {
-                        "sql": "select 1 as one",
-                        "params": ["foo"],
-                    },
-                    "magic_host": {
-                        "sql": "select :_header_host as h",
-                    },
-                }
-            }
-        }
-    }
-    with make_app_client(config=config) as client:
-        # Declared parameters are reported even when the regex cannot find them
-        response = client.get("/fixtures/declared_params.json?foo=bar&_extra=query")
-        assert response.status == 200
-        assert response.json["query"]["params"] == {"foo": "bar"}
-        # Magic parameters are bound internally and should not be reported,
-        # especially not as a value taken from the querystring
-        response = client.get(
-            "/fixtures/magic_host.json?_extra=query&_header_host=spoofed"
-        )
-        assert response.status == 200
-        assert response.json["rows"] == [{"h": "localhost"}]
-        assert response.json["query"]["params"] == {}
-
-
-def test_query_extra_query_does_not_echo_querystring_without_sql():
-    with make_app_client() as client:
-        response = client.get("/fixtures/-/query.json?_extra=query&foo=bar")
-        assert response.status == 200
-        assert response.json["query"]["params"] == {}
-
-
-def test_query_extra_private_false_when_sql_is_public():
-    with make_app_client() as client:
-        response = client.get(
-            "/fixtures/-/query.json?sql=select+1+as+one&_extra=private"
-        )
-        assert response.status == 200
-        assert response.json["private"] is False
-
-
-@pytest.mark.asyncio
-async def test_table_shape_objects(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.json?_shape=objects")
-    assert response.json()["rows"] == [
-        {"id": 1, "content": "hello"},
-        {"id": 2, "content": "world"},
-        {"id": 3, "content": ""},
-        {"id": 4, "content": "RENDER_CELL_DEMO"},
-        {"id": 5, "content": "RENDER_CELL_ASYNC"},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_shape_array(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.json?_shape=array")
-    assert response.json() == [
-        {"id": 1, "content": "hello"},
-        {"id": 2, "content": "world"},
-        {"id": 3, "content": ""},
-        {"id": 4, "content": "RENDER_CELL_DEMO"},
-        {"id": 5, "content": "RENDER_CELL_ASYNC"},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_shape_array_nl(ds_client):
-    response = await ds_client.get(
-        "/fixtures/simple_primary_key.json?_shape=array&_nl=on"
-    )
-    lines = response.text.split("\n")
-    results = [json.loads(line) for line in lines]
-    assert [
-        {"id": 1, "content": "hello"},
-        {"id": 2, "content": "world"},
-        {"id": 3, "content": ""},
-        {"id": 4, "content": "RENDER_CELL_DEMO"},
-        {"id": 5, "content": "RENDER_CELL_ASYNC"},
-    ] == results
-
-
-@pytest.mark.asyncio
-async def test_table_shape_invalid(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.json?_shape=invalid")
-    assert response.json() == {
-        "ok": False,
-        "error": "Invalid _shape: invalid",
-        "status": 400,
-        "title": None,
-    }
-
-
-@pytest.mark.asyncio
-async def test_table_shape_object(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key.json?_shape=object")
-    assert response.json() == {
-        "1": {"id": 1, "content": "hello"},
-        "2": {"id": 2, "content": "world"},
-        "3": {"id": 3, "content": ""},
-        "4": {"id": 4, "content": "RENDER_CELL_DEMO"},
-        "5": {"id": 5, "content": "RENDER_CELL_ASYNC"},
-    }
-
-
-@pytest.mark.asyncio
-async def test_table_shape_object_compound_primary_key(ds_client):
-    response = await ds_client.get("/fixtures/compound_primary_key.json?_shape=object")
-    assert response.json() == {
-        "a,b": {"pk1": "a", "pk2": "b", "content": "c"},
-        "a~2Fb,~2Ec-d": {"pk1": "a/b", "pk2": ".c-d", "content": "c"},
-        "d,e": {"pk1": "d", "pk2": "e", "content": "RENDER_CELL_DEMO"},
-    }
-
-
-@pytest.mark.asyncio
-async def test_table_with_slashes_in_name(ds_client):
-    response = await ds_client.get(
-        "/fixtures/table~2Fwith~2Fslashes~2Ecsv.json?_shape=objects"
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["rows"] == [{"pk": "3", "content": "hey"}]
-
-
-@pytest.mark.asyncio
-async def test_table_with_reserved_word_name(ds_client):
-    response = await ds_client.get("/fixtures/select.json?_shape=objects")
-    assert response.status_code == 200
-    data = response.json()
-    assert data["rows"] == [
-        {
-            "rowid": 1,
-            "group": "group",
-            "having": "having",
-            "and": "and",
-            "json": '{"href": "http://example.com/", "label":"Example"}',
-        }
-    ]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_rows,expected_pages",
-    [
-        ("/fixtures/no_primary_key.json", 202, 5),
-        ("/fixtures/paginated_view.json", 202, 9),
-        ("/fixtures/no_primary_key.json?_size=25", 202, 9),
-        ("/fixtures/paginated_view.json?_size=50", 202, 5),
-        ("/fixtures/paginated_view.json?_size=max", 202, 3),
-        ("/fixtures/123_starts_with_digits.json", 0, 1),
-        # Ensure faceting doesn't break pagination:
-        ("/fixtures/compound_three_primary_keys.json?_facet=pk1", 1001, 21),
-        # Paginating while sorted by an expanded foreign key should work
-        (
-            "/fixtures/roadside_attraction_characteristics.json?_size=2&_sort=attraction_id&_labels=on",
-            5,
-            3,
-        ),
-    ],
-)
-async def test_paginate_tables_and_views(
-    ds_client, path, expected_rows, expected_pages
-):
-    fetched = []
-    count = 0
-    while path:
-        if "?" in path:
-            path += "&_extra=next_url"
-        else:
-            path += "?_extra=next_url"
-        response = await ds_client.get(path)
-        assert response.status_code == 200
-        count += 1
-        fetched.extend(response.json()["rows"])
-        path = response.json()["next_url"]
-        if path:
-            assert urllib.parse.urlencode({"_next": response.json()["next"]}) in path
-            path = path.replace("http://localhost", "")
-        assert count < 30, "Possible infinite loop detected"
-
-    assert expected_rows == len(fetched)
-    assert expected_pages == count
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_error",
-    [
-        ("/fixtures/no_primary_key.json?_size=-4", "_size must be a positive integer"),
-        ("/fixtures/no_primary_key.json?_size=dog", "_size must be a positive integer"),
-        ("/fixtures/no_primary_key.json?_size=1001", "_size must be <= 100"),
-    ],
-)
-async def test_validate_page_size(ds_client, path, expected_error):
-    response = await ds_client.get(path)
-    assert expected_error == response.json()["error"]
-    assert response.status_code == 400
-
-
-@pytest.mark.asyncio
-async def test_page_size_zero(ds_client):
-    """For _size=0 we return the counts, empty rows and no continuation token"""
-    response = await ds_client.get(
-        "/fixtures/no_primary_key.json?_size=0&_extra=count,next_url"
-    )
-    assert response.status_code == 200
-    assert [] == response.json()["rows"]
-    assert 202 == response.json()["count"]
-    assert None is response.json()["next"]
-    assert None is response.json()["next_url"]
-
-
-@pytest.mark.asyncio
-async def test_paginate_compound_keys(ds_client):
-    fetched = []
-    path = "/fixtures/compound_three_primary_keys.json?_shape=objects&_extra=next_url"
-    page = 0
-    while path:
-        page += 1
-        response = await ds_client.get(path)
-        fetched.extend(response.json()["rows"])
-        path = response.json()["next_url"]
-        if path:
-            path = path.replace("http://localhost", "")
-        assert page < 100
-    assert 1001 == len(fetched)
-    assert 21 == page
-    # Should be correctly ordered
-    contents = [f["content"] for f in fetched]
-    expected = [r[3] for r in generate_compound_rows(1001)]
-    assert expected == contents
-
-
-@pytest.mark.asyncio
-async def test_paginate_compound_keys_with_extra_filters(ds_client):
-    fetched = []
-    path = "/fixtures/compound_three_primary_keys.json?content__contains=d&_shape=objects&_extra=next_url"
-    page = 0
-    while path:
-        page += 1
-        assert page < 100
-        response = await ds_client.get(path)
-        fetched.extend(response.json()["rows"])
-        path = response.json()["next_url"]
-        if path:
-            path = path.replace("http://localhost", "")
-    assert 2 == page
-    expected = [r[3] for r in generate_compound_rows(1001) if "d" in r[3]]
-    assert expected == [f["content"] for f in fetched]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "query_string,sort_key,human_description_en",
-    [
-        ("_sort=sortable", lambda row: row["sortable"], "sorted by sortable"),
-        (
-            "_sort_desc=sortable",
-            lambda row: -row["sortable"],
-            "sorted by sortable descending",
-        ),
-        (
-            "_sort=sortable_with_nulls",
-            lambda row: (
-                1 if row["sortable_with_nulls"] is not None else 0,
-                row["sortable_with_nulls"],
-            ),
-            "sorted by sortable_with_nulls",
-        ),
-        (
-            "_sort_desc=sortable_with_nulls",
-            lambda row: (
-                1 if row["sortable_with_nulls"] is None else 0,
-                (
-                    -row["sortable_with_nulls"]
-                    if row["sortable_with_nulls"] is not None
-                    else 0
-                ),
-                row["content"],
-            ),
-            "sorted by sortable_with_nulls descending",
-        ),
-        # text column contains '$null' - ensure it doesn't confuse pagination:
-        ("_sort=text", lambda row: row["text"], "sorted by text"),
-        # Still works if sort column removed using _col=
-        ("_sort=text&_col=content", lambda row: row["text"], "sorted by text"),
-    ],
-)
-async def test_sortable(ds_client, query_string, sort_key, human_description_en):
-    path = f"/fixtures/sortable.json?_shape=objects&_extra=human_description_en,next_url&{query_string}"
-    fetched = []
-    page = 0
-    while path:
-        page += 1
-        assert page < 100
-        response = await ds_client.get(path)
-        assert human_description_en == response.json()["human_description_en"]
-        fetched.extend(response.json()["rows"])
-        path = response.json()["next_url"]
-        if path:
-            path = path.replace("http://localhost", "")
-    assert page == 5
-    expected = list(generate_sortable_rows(201))
-    expected.sort(key=sort_key)
-    assert [r["content"] for r in expected] == [r["content"] for r in fetched]
-
-
-@pytest.mark.asyncio
-async def test_sortable_and_filtered(ds_client):
-    path = (
-        "/fixtures/sortable.json"
-        "?content__contains=d&_sort_desc=sortable&_shape=objects"
-        "&_extra=human_description_en,count"
-    )
-    response = await ds_client.get(path)
-    fetched = response.json()["rows"]
-    assert (
-        'where content contains "d" sorted by sortable descending'
-        == response.json()["human_description_en"]
-    )
-    expected = [row for row in generate_sortable_rows(201) if "d" in row["content"]]
-    assert len(expected) == response.json()["count"]
-    expected.sort(key=lambda row: -row["sortable"])
-    assert [r["content"] for r in expected] == [r["content"] for r in fetched]
-
-
-@pytest.mark.asyncio
-async def test_sortable_argument_errors(ds_client):
-    response = await ds_client.get("/fixtures/sortable.json?_sort=badcolumn")
-    assert "Cannot sort table by badcolumn" == response.json()["error"]
-    response = await ds_client.get("/fixtures/sortable.json?_sort_desc=badcolumn2")
-    assert "Cannot sort table by badcolumn2" == response.json()["error"]
-    response = await ds_client.get(
-        "/fixtures/sortable.json?_sort=sortable_with_nulls&_sort_desc=sortable"
-    )
-    assert (
-        "Cannot use _sort and _sort_desc at the same time" == response.json()["error"]
-    )
-
-
-@pytest.mark.asyncio
-async def test_sortable_columns_metadata(ds_client):
-    response = await ds_client.get("/fixtures/sortable.json?_sort=content")
-    assert "Cannot sort table by content" == response.json()["error"]
-    # no_primary_key has ALL sort options disabled
-    for column in ("content", "a", "b", "c"):
-        response = await ds_client.get(f"/fixtures/sortable.json?_sort={column}")
-        assert f"Cannot sort table by {column}" == response.json()["error"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.xfail
-@pytest.mark.parametrize(
-    "path,expected_rows",
-    [
-        (
-            "/fixtures/searchable.json?_shape=arrays&_search=dog",
-            [
-                [1, "barry cat", "terry dog", "panther"],
-                [2, "terry dog", "sara weasel", "puma"],
-            ],
-        ),
-        (
-            # Special keyword shouldn't break FTS query
-            "/fixtures/searchable.json?_shape=arrays&_search=AND",
-            [],
-        ),
-        (
-            # Without _searchmode=raw this should return no results
-            "/fixtures/searchable.json?_shape=arrays&_search=te*+AND+do*",
-            [],
-        ),
-        (
-            # _searchmode=raw
-            "/fixtures/searchable.json?_shape=arrays&_search=te*+AND+do*&_searchmode=raw",
-            [
-                [1, "barry cat", "terry dog", "panther"],
-                [2, "terry dog", "sara weasel", "puma"],
-            ],
-        ),
-        (
-            # _searchmode=raw combined with _search_COLUMN
-            "/fixtures/searchable.json?_shape=arrays&_search_text2=te*&_searchmode=raw",
-            [
-                [1, "barry cat", "terry dog", "panther"],
-            ],
-        ),
-        (
-            "/fixtures/searchable.json?_shape=arrays&_search=weasel",
-            [[2, "terry dog", "sara weasel", "puma"]],
-        ),
-        (
-            "/fixtures/searchable.json?_shape=arrays&_search_text2=dog",
-            [[1, "barry cat", "terry dog", "panther"]],
-        ),
-        (
-            "/fixtures/searchable.json?_shape=arrays&_search_name%20with%20.%20and%20spaces=panther",
-            [[1, "barry cat", "terry dog", "panther"]],
-        ),
-    ],
-)
-async def test_searchable(ds_client, path, expected_rows):
-    response = await ds_client.get(path)
-    assert expected_rows == response.json()["rows"]
-
-
-_SEARCHMODE_RAW_RESULTS = [
-    [1, "barry cat", "terry dog", "panther"],
-    [2, "terry dog", "sara weasel", "puma"],
-]
-
-
-@pytest.mark.parametrize(
-    "table_metadata,querystring,expected_rows",
-    [
-        (
-            {},
-            "_search=te*+AND+do*",
-            [],
-        ),
-        (
-            {"searchmode": "raw"},
-            "_search=te*+AND+do*",
-            _SEARCHMODE_RAW_RESULTS,
-        ),
-        (
-            {},
-            "_search=te*+AND+do*&_searchmode=raw",
-            _SEARCHMODE_RAW_RESULTS,
-        ),
-        # Can be over-ridden with _searchmode=escaped
-        (
-            {"searchmode": "raw"},
-            "_search=te*+AND+do*&_searchmode=escaped",
-            [],
-        ),
-    ],
-)
-def test_searchmode(table_metadata, querystring, expected_rows):
-    with make_app_client(
-        metadata={"databases": {"fixtures": {"tables": {"searchable": table_metadata}}}}
-    ) as client:
-        response = client.get("/fixtures/searchable.json?_shape=arrays&" + querystring)
-        assert expected_rows == response.json["rows"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_rows",
-    [
-        (
-            "/fixtures/searchable_view_configured_by_metadata.json?_shape=arrays&_search=weasel",
-            [[2, "terry dog", "sara weasel", "puma"]],
-        ),
-        # This should return all results because search is not configured:
-        (
-            "/fixtures/searchable_view.json?_shape=arrays&_search=weasel",
-            [
-                [1, "barry cat", "terry dog", "panther"],
-                [2, "terry dog", "sara weasel", "puma"],
-            ],
-        ),
-        (
-            "/fixtures/searchable_view.json?_shape=arrays&_search=weasel&_fts_table=searchable_fts&_fts_pk=pk",
-            [[2, "terry dog", "sara weasel", "puma"]],
-        ),
-    ],
-)
-async def test_searchable_views(ds_client, path, expected_rows):
-    response = await ds_client.get(path)
-    assert response.json()["rows"] == expected_rows
-
-
-@pytest.mark.asyncio
-async def test_searchable_invalid_column(ds_client):
-    response = await ds_client.get("/fixtures/searchable.json?_search_invalid=x")
-    assert response.status_code == 400
-    assert response.json() == {
-        "ok": False,
-        "error": "Cannot search by that column",
-        "status": 400,
-        "title": None,
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_rows",
-    [
-        (
-            "/fixtures/simple_primary_key.json?_shape=arrays&content=hello",
-            [[1, "hello"]],
-        ),
-        (
-            "/fixtures/simple_primary_key.json?_shape=arrays&content__contains=o",
-            [
-                [1, "hello"],
-                [2, "world"],
-                [4, "RENDER_CELL_DEMO"],
-            ],
-        ),
-        (
-            "/fixtures/simple_primary_key.json?_shape=arrays&content__exact=",
-            [[3, ""]],
-        ),
-        (
-            "/fixtures/simple_primary_key.json?_shape=arrays&content__not=world",
-            [
-                [1, "hello"],
-                [3, ""],
-                [4, "RENDER_CELL_DEMO"],
-                [5, "RENDER_CELL_ASYNC"],
-            ],
-        ),
-    ],
-)
-async def test_table_filter_queries(ds_client, path, expected_rows):
-    response = await ds_client.get(path)
-    assert response.json()["rows"] == expected_rows
-
-
-@pytest.mark.asyncio
-async def test_table_filter_queries_multiple_of_same_type(ds_client):
-    response = await ds_client.get(
-        "/fixtures/simple_primary_key.json?_shape=arrays&content__not=world&content__not=hello"
-    )
-    assert [
-        [3, ""],
-        [4, "RENDER_CELL_DEMO"],
-        [5, "RENDER_CELL_ASYNC"],
-    ] == response.json()["rows"]
-
-
-@pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
-@pytest.mark.asyncio
-async def test_table_filter_json_arraycontains(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable.json?_shape=arrays&tags__arraycontains=tag1"
-    )
-    assert response.json()["rows"] == [
-        [
-            1,
-            "2019-01-14 08:00:00",
-            1,
-            1,
-            "CA",
-            1,
-            "Mission",
-            '["tag1", "tag2"]',
-            '[{"foo": "bar"}]',
-            "one",
-            "n1",
-        ],
-        [
-            2,
-            "2019-01-14 08:00:00",
-            1,
-            1,
-            "CA",
-            1,
-            "Dogpatch",
-            '["tag1", "tag3"]',
-            "[]",
-            "two",
-            "n2",
-        ],
-    ]
-
-
-@pytest.mark.skipif(not detect_json1(), reason="Requires the SQLite json1 module")
-@pytest.mark.asyncio
-async def test_table_filter_json_arraynotcontains(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable.json?_shape=arrays&tags__arraynotcontains=tag3&tags__not=[]"
-    )
-    assert response.json()["rows"] == [
-        [
-            1,
-            "2019-01-14 08:00:00",
-            1,
-            1,
-            "CA",
-            1,
-            "Mission",
-            '["tag1", "tag2"]',
-            '[{"foo": "bar"}]',
-            "one",
-            "n1",
-        ]
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_filter_extra_where(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable.json?_shape=arrays&_where=_neighborhood='Dogpatch'"
-    )
-    assert [
-        [
-            2,
-            "2019-01-14 08:00:00",
-            1,
-            1,
-            "CA",
-            1,
-            "Dogpatch",
-            '["tag1", "tag3"]',
-            "[]",
-            "two",
-            "n2",
-        ]
-    ] == response.json()["rows"]
-
-
-@pytest.mark.asyncio
-async def test_table_filter_extra_where_invalid(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable.json?_where=_neighborhood=Dogpatch'"
-    )
-    assert response.status_code == 400
-    assert "Invalid SQL" == response.json()["title"]
-
-
-def test_table_filter_extra_where_disabled_if_no_sql_allowed():
-    with make_app_client(config={"allow_sql": {}}) as client:
-        response = client.get(
-            "/fixtures/facetable.json?_where=_neighborhood='Dogpatch'"
-        )
-        assert response.status_code == 403
-        assert "_where= is not allowed" == response.json["error"]
-
-
-@pytest.mark.asyncio
-async def test_table_through(ds_client):
-    # Just the museums:
-    response = await ds_client.get(
-        "/fixtures/roadside_attractions.json?_shape=arrays"
-        '&_through={"table":"roadside_attraction_characteristics","column":"characteristic_id","value":"1"}'
-        "&_extra=human_description_en"
-    )
-    assert response.json()["rows"] == [
-        [
-            3,
-            "Burlingame Museum of PEZ Memorabilia",
-            "214 California Drive, Burlingame, CA 94010",
-            None,
-            37.5793,
-            -122.3442,
-        ],
-        [
-            4,
-            "Bigfoot Discovery Museum",
-            "5497 Highway 9, Felton, CA 95018",
-            "https://www.bigfootdiscoveryproject.com/",
-            37.0414,
-            -122.0725,
-        ],
-    ]
-
-    assert (
-        response.json()["human_description_en"]
-        == 'where roadside_attraction_characteristics.characteristic_id = "1"'
-    )
-
-
-@pytest.mark.asyncio
-async def test_max_returned_rows(ds_client):
-    response = await ds_client.get(
-        "/fixtures/-/query.json?sql=select+content+from+no_primary_key"
-    )
-    data = response.json()
-    assert data["truncated"]
-    assert 100 == len(data["rows"])
-
-
-@pytest.mark.asyncio
-async def test_view(ds_client):
-    response = await ds_client.get("/fixtures/simple_view.json?_shape=objects")
-    assert response.status_code == 200
-    data = response.json()
-    assert data["rows"] == [
-        {"upper_content": "HELLO", "content": "hello"},
-        {"upper_content": "WORLD", "content": "world"},
-        {"upper_content": "", "content": ""},
-        {"upper_content": "RENDER_CELL_DEMO", "content": "RENDER_CELL_DEMO"},
-        {"upper_content": "RENDER_CELL_ASYNC", "content": "RENDER_CELL_ASYNC"},
-    ]
-
-
-def test_page_size_matching_max_returned_rows(
-    app_client_returned_rows_matches_page_size,
-):
-    fetched = []
-    path = "/fixtures/no_primary_key.json?_extra=next_url"
-    while path:
-        response = app_client_returned_rows_matches_page_size.get(path)
-        fetched.extend(response.json["rows"])
-        assert len(response.json["rows"]) in (2, 50)
-        path = response.json["next_url"]
-        if path:
-            path = path.replace("http://localhost", "")
-    assert len(fetched) == 202
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_facet_results",
-    [
-        (
-            "/fixtures/facetable.json?_facet=state&_facet=_city_id",
-            {
-                "state": {
-                    "name": "state",
-                    "hideable": True,
-                    "type": "column",
-                    "toggle_url": "/fixtures/facetable.json?_facet=_city_id",
-                    "results": [
-                        {
-                            "value": "CA",
-                            "label": "CA",
-                            "count": 10,
-                            "toggle_url": "_facet=state&_facet=_city_id&state=CA",
-                            "selected": False,
-                        },
-                        {
-                            "value": "MI",
-                            "label": "MI",
-                            "count": 4,
-                            "toggle_url": "_facet=state&_facet=_city_id&state=MI",
-                            "selected": False,
-                        },
-                        {
-                            "value": "MC",
-                            "label": "MC",
-                            "count": 1,
-                            "toggle_url": "_facet=state&_facet=_city_id&state=MC",
-                            "selected": False,
-                        },
-                    ],
-                    "truncated": False,
-                },
-                "_city_id": {
-                    "name": "_city_id",
-                    "hideable": True,
-                    "type": "column",
-                    "toggle_url": "/fixtures/facetable.json?_facet=state",
-                    "results": [
-                        {
-                            "value": 1,
-                            "label": "San Francisco",
-                            "count": 6,
-                            "toggle_url": "_facet=state&_facet=_city_id&_city_id__exact=1",
-                            "selected": False,
-                        },
-                        {
-                            "value": 2,
-                            "label": "Los Angeles",
-                            "count": 4,
-                            "toggle_url": "_facet=state&_facet=_city_id&_city_id__exact=2",
-                            "selected": False,
-                        },
-                        {
-                            "value": 3,
-                            "label": "Detroit",
-                            "count": 4,
-                            "toggle_url": "_facet=state&_facet=_city_id&_city_id__exact=3",
-                            "selected": False,
-                        },
-                        {
-                            "value": 4,
-                            "label": "Memnonia",
-                            "count": 1,
-                            "toggle_url": "_facet=state&_facet=_city_id&_city_id__exact=4",
-                            "selected": False,
-                        },
-                    ],
-                    "truncated": False,
-                },
-            },
-        ),
-        (
-            "/fixtures/facetable.json?_facet=state&_facet=_city_id&state=MI",
-            {
-                "state": {
-                    "name": "state",
-                    "hideable": True,
-                    "type": "column",
-                    "toggle_url": "/fixtures/facetable.json?_facet=_city_id&state=MI",
-                    "results": [
-                        {
-                            "value": "MI",
-                            "label": "MI",
-                            "count": 4,
-                            "selected": True,
-                            "toggle_url": "_facet=state&_facet=_city_id",
-                        }
-                    ],
-                    "truncated": False,
-                },
-                "_city_id": {
-                    "name": "_city_id",
-                    "hideable": True,
-                    "type": "column",
-                    "toggle_url": "/fixtures/facetable.json?_facet=state&state=MI",
-                    "results": [
-                        {
-                            "value": 3,
-                            "label": "Detroit",
-                            "count": 4,
-                            "selected": False,
-                            "toggle_url": "_facet=state&_facet=_city_id&state=MI&_city_id__exact=3",
-                        }
-                    ],
-                    "truncated": False,
-                },
-            },
-        ),
-        (
-            "/fixtures/facetable.json?_facet=planet_int",
-            {
-                "planet_int": {
-                    "name": "planet_int",
-                    "hideable": True,
-                    "type": "column",
-                    "toggle_url": "/fixtures/facetable.json",
-                    "results": [
-                        {
-                            "value": 1,
-                            "label": 1,
-                            "count": 14,
-                            "selected": False,
-                            "toggle_url": "_facet=planet_int&planet_int=1",
-                        },
-                        {
-                            "value": 2,
-                            "label": 2,
-                            "count": 1,
-                            "selected": False,
-                            "toggle_url": "_facet=planet_int&planet_int=2",
-                        },
-                    ],
-                    "truncated": False,
-                }
-            },
-        ),
-        (
-            # planet_int is an integer field:
-            "/fixtures/facetable.json?_facet=planet_int&planet_int=1",
-            {
-                "planet_int": {
-                    "name": "planet_int",
-                    "hideable": True,
-                    "type": "column",
-                    "toggle_url": "/fixtures/facetable.json?planet_int=1",
-                    "results": [
-                        {
-                            "value": 1,
-                            "label": 1,
-                            "count": 14,
-                            "selected": True,
-                            "toggle_url": "_facet=planet_int",
-                        }
-                    ],
-                    "truncated": False,
-                }
-            },
-        ),
-    ],
-)
-async def test_facets(ds_client, path, expected_facet_results):
-    response = await ds_client.get(path)
-    facet_results = response.json()["facet_results"]
-    # We only compare the querystring portion of the taggle_url
-    for facet_name, facet_info in facet_results["results"].items():
-        assert facet_name == facet_info["name"]
-        assert False is facet_info["truncated"]
-        for facet_value in facet_info["results"]:
-            facet_value["toggle_url"] = facet_value["toggle_url"].split("?")[1]
-    assert expected_facet_results == facet_results["results"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.skipif(not detect_json1(), reason="requires JSON1 extension")
-async def test_facets_array(ds_client):
-    response = await ds_client.get("/fixtures/facetable.json?_facet_array=tags")
-    facet_results = response.json()["facet_results"]
-    assert facet_results["results"]["tags"]["results"] == [
-        {
-            "value": "tag1",
-            "label": "tag1",
-            "count": 2,
-            "toggle_url": "http://localhost/fixtures/facetable.json?_facet_array=tags&tags__arraycontains=tag1",
-            "selected": False,
-        },
-        {
-            "value": "tag2",
-            "label": "tag2",
-            "count": 1,
-            "toggle_url": "http://localhost/fixtures/facetable.json?_facet_array=tags&tags__arraycontains=tag2",
-            "selected": False,
-        },
-        {
-            "value": "tag3",
-            "label": "tag3",
-            "count": 1,
-            "toggle_url": "http://localhost/fixtures/facetable.json?_facet_array=tags&tags__arraycontains=tag3",
-            "selected": False,
-        },
-    ]
-
-
-@pytest.mark.asyncio
-async def test_suggested_facets(ds_client):
-    suggestions = [
-        {
-            "name": suggestion["name"],
-            "querystring": suggestion["toggle_url"].split("?")[-1],
-        }
-        for suggestion in (
-            await ds_client.get("/fixtures/facetable.json?_extra=suggested_facets")
-        ).json()["suggested_facets"]
-    ]
-    expected = [
-        {"name": "created", "querystring": "_extra=suggested_facets&_facet=created"},
-        {
-            "name": "planet_int",
-            "querystring": "_extra=suggested_facets&_facet=planet_int",
-        },
-        {"name": "on_earth", "querystring": "_extra=suggested_facets&_facet=on_earth"},
-        {"name": "state", "querystring": "_extra=suggested_facets&_facet=state"},
-        {"name": "_city_id", "querystring": "_extra=suggested_facets&_facet=_city_id"},
-        {
-            "name": "_neighborhood",
-            "querystring": "_extra=suggested_facets&_facet=_neighborhood",
-        },
-        {"name": "tags", "querystring": "_extra=suggested_facets&_facet=tags"},
-        {
-            "name": "complex_array",
-            "querystring": "_extra=suggested_facets&_facet=complex_array",
-        },
-        {
-            "name": "created",
-            "querystring": "_extra=suggested_facets&_facet_date=created",
-        },
-    ]
-    if detect_json1():
-        expected.append(
-            {"name": "tags", "querystring": "_extra=suggested_facets&_facet_array=tags"}
-        )
-    assert expected == suggestions
-
-
-def test_allow_facet_off():
-    with make_app_client(settings={"allow_facet": False}) as client:
-        assert (
-            client.get(
-                "/fixtures/facetable.json?_facet=planet_int&_extra=suggested_facets"
-            ).status
-            == 400
-        )
-        data = client.get("/fixtures/facetable.json?_extra=suggested_facets").json
-        # Should not suggest any facets either:
-        assert [] == data["suggested_facets"]
-
-
-def test_suggest_facets_off():
-    with make_app_client(settings={"suggest_facets": False}) as client:
-        # Now suggested_facets should be []
-        assert (
-            []
-            == client.get("/fixtures/facetable.json?_extra=suggested_facets").json[
-                "suggested_facets"
-            ]
-        )
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("nofacet", (True, False))
-async def test_nofacet(ds_client, nofacet):
-    path = "/fixtures/facetable.json?_facet=state&_extra=suggested_facets"
-    if nofacet:
-        path += "&_nofacet=1"
-    response = await ds_client.get(path)
-    if nofacet:
-        assert response.json()["suggested_facets"] == []
-        assert response.json()["facet_results"]["results"] == {}
-    else:
-        assert response.json()["suggested_facets"] != []
-        assert response.json()["facet_results"]["results"] != {}
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("nosuggest", (True, False))
-async def test_nosuggest(ds_client, nosuggest):
-    path = "/fixtures/facetable.json?_facet=state&_extra=suggested_facets"
-    if nosuggest:
-        path += "&_nosuggest=1"
-    response = await ds_client.get(path)
-    if nosuggest:
-        assert response.json()["suggested_facets"] == []
-        # But facets should still be returned:
-        assert response.json()["facet_results"] != {}
-    else:
-        assert response.json()["suggested_facets"] != []
-        assert response.json()["facet_results"] != {}
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("nocount,expected_count", ((True, None), (False, 15)))
-async def test_nocount(ds_client, nocount, expected_count):
-    path = "/fixtures/facetable.json?_extra=count"
-    if nocount:
-        path += "&_nocount=1"
-    response = await ds_client.get(path)
-    assert response.json()["count"] == expected_count
-
-
-def test_nocount_nofacet_if_shape_is_object(app_client_with_trace):
-    response = app_client_with_trace.get(
-        "/fixtures/facetable.json?_trace=1&_shape=object"
-    )
-    assert "count(*)" not in response.text
-
-
-@pytest.mark.asyncio
-async def test_expand_labels(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable.json?_shape=object&_labels=1&_size=2"
-        "&_neighborhood__contains=c"
-    )
-    assert response.json() == {
-        "2": {
-            "pk": 2,
-            "created": "2019-01-14 08:00:00",
-            "planet_int": 1,
-            "on_earth": 1,
-            "state": "CA",
-            "_city_id": {"value": 1, "label": "San Francisco"},
-            "_neighborhood": "Dogpatch",
-            "tags": '["tag1", "tag3"]',
-            "complex_array": "[]",
-            "distinct_some_null": "two",
-            "n": "n2",
-        },
-        "13": {
-            "pk": 13,
-            "created": "2019-01-17 08:00:00",
-            "planet_int": 1,
-            "on_earth": 1,
-            "state": "MI",
-            "_city_id": {"value": 3, "label": "Detroit"},
-            "_neighborhood": "Corktown",
-            "tags": "[]",
-            "complex_array": "[]",
-            "distinct_some_null": None,
-            "n": None,
-        },
-    }
-
-
-@pytest.mark.asyncio
-async def test_expand_label(ds_client):
-    response = await ds_client.get(
-        "/fixtures/foreign_key_references.json?_shape=object"
-        "&_label=foreign_key_with_label&_size=1"
-    )
-    assert response.json() == {
-        "1": {
-            "pk": "1",
-            "foreign_key_with_label": {"value": 1, "label": "hello"},
-            "foreign_key_with_blank_label": 3,
-            "foreign_key_with_no_label": "1",
-            "foreign_key_compound_pk1": "a",
-            "foreign_key_compound_pk2": "b",
-        }
-    }
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_cache_control",
-    [
-        ("/fixtures/facetable.json", "max-age=5"),
-        ("/fixtures/facetable.json?_ttl=invalid", "max-age=5"),
-        ("/fixtures/facetable.json?_ttl=10", "max-age=10"),
-        ("/fixtures/facetable.json?_ttl=0", "no-cache"),
-    ],
-)
-async def test_ttl_parameter(ds_client, path, expected_cache_control):
-    response = await ds_client.get(path)
-    assert response.headers["Cache-Control"] == expected_cache_control
-
-
-@pytest.mark.asyncio
-async def test_infinity_returned_as_null(ds_client):
-    response = await ds_client.get("/fixtures/infinity.json?_shape=array")
-    assert response.json() == [
-        {"rowid": 1, "value": None},
-        {"rowid": 2, "value": None},
-        {"rowid": 3, "value": 1.5},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_infinity_returned_as_invalid_json_if_requested(ds_client):
-    response = await ds_client.get(
-        "/fixtures/infinity.json?_shape=array&_json_infinity=1"
-    )
-    assert response.json() == [
-        {"rowid": 1, "value": float("inf")},
-        {"rowid": 2, "value": float("-inf")},
-        {"rowid": 3, "value": 1.5},
-    ]
-
-
-@pytest.mark.asyncio
-async def test_custom_query_with_unicode_characters(ds_client):
-    # /fixtures/𝐜𝐢𝐭𝐢𝐞𝐬.json
-    response = await ds_client.get(
-        "/fixtures/~F0~9D~90~9C~F0~9D~90~A2~F0~9D~90~AD~F0~9D~90~A2~F0~9D~90~9E~F0~9D~90~AC.json?_shape=array"
-    )
-    assert response.json() == [{"id": 1, "name": "San Francisco"}]
-
-
-@pytest.mark.asyncio
-async def test_null_and_compound_foreign_keys_are_not_expanded(ds_client):
-    response = await ds_client.get(
-        "/fixtures/foreign_key_references.json?_shape=array&_labels=on"
-    )
-    assert response.json() == [
-        {
-            "pk": "1",
-            "foreign_key_with_label": {"value": 1, "label": "hello"},
-            "foreign_key_with_blank_label": {"value": 3, "label": ""},
-            "foreign_key_with_no_label": {"value": "1", "label": "1"},
-            "foreign_key_compound_pk1": "a",
-            "foreign_key_compound_pk2": "b",
-        },
-        {
-            "pk": "2",
-            "foreign_key_with_label": None,
-            "foreign_key_with_blank_label": None,
-            "foreign_key_with_no_label": None,
-            "foreign_key_compound_pk1": None,
-            "foreign_key_compound_pk2": None,
-        },
-    ]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_json,expected_text",
-    [
-        (
-            "/fixtures/binary_data.json?_shape=array",
-            [
-                {"rowid": 1, "data": {"$base64": True, "encoded": "FRwCx60F/g=="}},
-                {"rowid": 2, "data": {"$base64": True, "encoded": "FRwDx60F/g=="}},
-                {"rowid": 3, "data": None},
-            ],
-            None,
-        ),
-        (
-            "/fixtures/binary_data.json?_shape=array&_nl=on",
-            None,
-            (
-                '{"rowid": 1, "data": {"$base64": true, "encoded": "FRwCx60F/g=="}}\n'
-                '{"rowid": 2, "data": {"$base64": true, "encoded": "FRwDx60F/g=="}}\n'
-                '{"rowid": 3, "data": null}'
-            ),
-        ),
-    ],
-)
-async def test_binary_data_in_json(ds_client, path, expected_json, expected_text):
-    response = await ds_client.get(path)
-    if expected_json:
-        assert response.json() == expected_json
-    else:
-        assert response.text == expected_text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "qs",
-    [
-        "",
-        "?_shape=arrays",
-        "?_shape=arrayfirst",
-        "?_shape=object",
-        "?_shape=objects",
-        "?_shape=array",
-        "?_shape=array&_nl=on",
-    ],
-)
-async def test_paginate_using_link_header(ds_client, qs):
-    path = f"/fixtures/compound_three_primary_keys.json{qs}"
-    num_pages = 0
-    while path:
-        response = await ds_client.get(path)
-        assert response.status_code == 200
-        num_pages += 1
-        link = response.headers.get("link")
-        if link:
-            assert link.startswith("<")
-            assert link.endswith('>; rel="next"')
-            path = link[1:].split(">")[0]
-            path = path.replace("http://localhost", "")
-        else:
-            path = None
-    assert num_pages == 21
-
-
-@pytest.mark.skipif(
-    sqlite_version() < (3, 31, 0),
-    reason="generated columns were added in SQLite 3.31.0",
-)
-def test_generated_columns_are_visible_in_datasette():
-    with make_app_client(extra_databases={"generated.db": """
-                CREATE TABLE generated_columns (
-                    body TEXT,
-                    id INT GENERATED ALWAYS AS (json_extract(body, '$.number')) STORED,
-                    consideration INT GENERATED ALWAYS AS (json_extract(body, '$.string')) STORED
-                );
-                INSERT INTO generated_columns (body) VALUES (
-                    '{"number": 1, "string": "This is a string"}'
-                );"""}) as client:
-        response = client.get("/generated/generated_columns.json?_shape=array")
-        assert response.json == [
-            {
-                "rowid": 1,
-                "body": '{"number": 1, "string": "This is a string"}',
-                "id": 1,
-                "consideration": "This is a string",
-            }
-        ]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_columns",
-    (
-        ("/fixtures/facetable.json?_col=created", ["pk", "created"]),
-        (
-            "/fixtures/facetable.json?_nocol=created",
-            [
-                "pk",
-                "planet_int",
-                "on_earth",
-                "state",
-                "_city_id",
-                "_neighborhood",
-                "tags",
-                "complex_array",
-                "distinct_some_null",
-                "n",
-            ],
-        ),
-        (
-            "/fixtures/facetable.json?_col=state&_col=created",
-            ["pk", "state", "created"],
-        ),
-        (
-            "/fixtures/facetable.json?_col=state&_col=state",
-            ["pk", "state"],
-        ),
-        (
-            # https://github.com/simonw/datasette/issues/1975
-            "/fixtures/facetable.json?_col=pk&_col=state",
-            ["pk", "state"],
-        ),
-        (
-            # https://github.com/simonw/datasette/issues/1975
-            "/fixtures/facetable.json?_col=pk",
-            ["pk"],
-        ),
-        (
-            "/fixtures/facetable.json?_col=state&_col=created&_nocol=created",
-            ["pk", "state"],
-        ),
-        (
-            # Ensure faceting doesn't break, https://github.com/simonw/datasette/issues/1345
-            "/fixtures/facetable.json?_nocol=state&_facet=state",
-            [
-                "pk",
-                "created",
-                "planet_int",
-                "on_earth",
-                "_city_id",
-                "_neighborhood",
-                "tags",
-                "complex_array",
-                "distinct_some_null",
-                "n",
-            ],
-        ),
-        (
-            "/fixtures/simple_view.json?_nocol=content",
-            ["upper_content"],
-        ),
-        ("/fixtures/simple_view.json?_col=content", ["content"]),
-    ),
-)
-async def test_col_nocol(ds_client, path, expected_columns):
-    response = await ds_client.get(path + "&_extra=columns")
-    assert response.status_code == 200
-    columns = response.json()["columns"]
-    assert columns == expected_columns
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_error",
-    (
-        ("/fixtures/facetable.json?_col=bad", "_col=bad - invalid columns"),
-        ("/fixtures/facetable.json?_nocol=bad", "_nocol=bad - invalid columns"),
-        ("/fixtures/facetable.json?_nocol=pk", "_nocol=pk - invalid columns"),
-        ("/fixtures/simple_view.json?_col=bad", "_col=bad - invalid columns"),
-    ),
-)
-async def test_col_nocol_errors(ds_client, path, expected_error):
-    response = await ds_client.get(path)
-    assert response.status_code == 400
-    assert response.json()["error"] == expected_error
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "extra,expected_json",
-    (
-        (
-            "columns",
-            {
-                "ok": True,
-                "next": None,
-                "columns": ["id", "content", "content2"],
-                "rows": [{"id": "1", "content": "hey", "content2": "world"}],
-                "truncated": False,
-            },
-        ),
-        (
-            "count",
-            {
-                "ok": True,
-                "next": None,
-                "rows": [{"id": "1", "content": "hey", "content2": "world"}],
-                "truncated": False,
-                "count": 1,
-            },
-        ),
-    ),
-)
-async def test_table_extras(ds_client, extra, expected_json):
-    response = await ds_client.get(
-        "/fixtures/primary_key_multiple_columns.json?_extra=" + extra
-    )
-    assert response.status_code == 200
-    assert response.json() == expected_json
-
-
-@pytest.mark.asyncio
-async def test_table_extra_columns_can_be_comma_separated(ds_client):
-    response = await ds_client.get(
-        "/fixtures/primary_key_multiple_columns.json?_extra=columns,count"
-    )
-    assert response.status_code == 200
-    data = response.json()
-    assert data["columns"] == ["id", "content", "content2"]
-    assert data["count"] == 1
-
-
-@pytest.mark.asyncio
-async def test_extra_render_cell():
-    """Test that _extra=render_cell returns rendered HTML from render_cell plugin hook"""
-    from datasette import hookimpl
-    from datasette.app import Datasette
-
-    class TestRenderCellPlugin:
-        __name__ = "TestRenderCellPlugin"
-
-        @hookimpl
-        def render_cell(self, value, column, table, database):
-            # Only modify cells in our test table
-            if table == "test_render" and column == "name":
-                return f"{value}"
-            return None
-
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    db = ds.add_memory_database("test_table_render")
-    await db.execute_write(
-        "create table test_render (id integer primary key, name text)"
-    )
-    await db.execute_write("insert into test_render values (1, 'Alice')")
-    await db.execute_write("insert into test_render values (2, 'Bob')")
-
-    # Register our test plugin
-    ds.pm.register(TestRenderCellPlugin(), name="TestRenderCellPlugin")
-
-    try:
-        # Request with _extra=render_cell
-        response = await ds.client.get(
-            "/test_table_render/test_render.json?_extra=render_cell"
-        )
-        assert response.status_code == 200
-        data = response.json()
-
-        # Verify the response structure
-        assert "render_cell" in data
-        assert "rows" in data
-
-        # render_cell should be a list of rows, each row being a dict of column -> rendered HTML
-        # Only columns modified by plugins are included (sparse output)
-        render_cell = data["render_cell"]
-        assert len(render_cell) == 2
-
-        # First row: id=1, name='Alice'
-        # The 'name' column should be rendered by our plugin as Alice
-        assert render_cell[0]["name"] == "Alice"
-        # The 'id' column is not included since no plugin modified it
-        assert "id" not in render_cell[0]
-
-        # Second row: id=2, name='Bob'
-        assert render_cell[1]["name"] == "Bob"
-        assert "id" not in render_cell[1]
-
-        # The regular rows should still contain raw values
-        assert data["rows"] == [
-            {"id": 1, "name": "Alice"},
-            {"id": 2, "name": "Bob"},
-        ]
-
-    finally:
-        ds.pm.unregister(name="TestRenderCellPlugin")
diff --git a/tests/test_table_html.py b/tests/test_table_html.py
deleted file mode 100644
index 3af2bb08..00000000
--- a/tests/test_table_html.py
+++ /dev/null
@@ -1,2331 +0,0 @@
-from datasette.app import Datasette
-from datasette.database import Database
-from bs4 import BeautifulSoup as Soup
-from .fixtures import make_app_client
-import pathlib
-import pytest
-import urllib.parse
-from .utils import inner_html
-
-
-def table_data_from_soup(soup):
-    import json
-    import re
-
-    table_script = [
-        s for s in soup.find_all("script") if "_datasetteTableData" in (s.string or "")
-    ][0]
-    match = re.search(
-        r"window\._datasetteTableData\s*=\s*({.*?});",
-        table_script.string,
-        re.DOTALL,
-    )
-    return json.loads(match.group(1))
-
-
-def database_data_from_soup(soup):
-    import json
-    import re
-
-    database_script = [
-        s
-        for s in soup.find_all("script")
-        if "_datasetteDatabaseData" in (s.string or "")
-    ][0]
-    match = re.search(
-        r"window\._datasetteDatabaseData\s*=\s*({.*?});",
-        database_script.string,
-        re.DOTALL,
-    )
-    return json.loads(match.group(1))
-
-
-DEFAULT_EXPRESSION_OPTIONS = [
-    {
-        "value": "current_timestamp",
-        "label": "Current timestamp in UTC, e.g. 2026-05-01 13:34:00",
-        "sqliteType": "text",
-    },
-    {
-        "value": "current_date",
-        "label": "Current date in UTC, e.g. 2026-05-01",
-        "sqliteType": "text",
-    },
-    {
-        "value": "current_time",
-        "label": "Current time in UTC, e.g. 13:34:00",
-        "sqliteType": "text",
-    },
-    {
-        "value": "current_unixtime",
-        "label": "Current Unix time, integer seconds since the epoch",
-        "sqliteType": "integer",
-    },
-    {
-        "value": "current_unixtime_ms",
-        "label": "Current Unix time, integer milliseconds since the epoch",
-        "sqliteType": "integer",
-    },
-]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_definition_sql",
-    [
-        (
-            "/fixtures/facet_cities",
-            """
-CREATE TABLE facet_cities (
-    id integer primary key,
-    name text
-);
-        """.strip(),
-        ),
-        (
-            "/fixtures/compound_three_primary_keys",
-            """
-CREATE TABLE compound_three_primary_keys (
-  pk1 varchar(30),
-  pk2 varchar(30),
-  pk3 varchar(30),
-  content text,
-  PRIMARY KEY (pk1, pk2, pk3)
-);
-CREATE INDEX idx_compound_three_primary_keys_content ON compound_three_primary_keys(content);
-            """.strip(),
-        ),
-    ],
-)
-async def test_table_definition_sql(path, expected_definition_sql, ds_client):
-    response = await ds_client.get(path)
-    pre = Soup(response.text, "html.parser").select_one("pre.wrapped-sql")
-    assert expected_definition_sql == pre.string
-
-
-def test_table_cell_truncation():
-    with make_app_client(settings={"truncate_cells_html": 5}) as client:
-        response = client.get("/fixtures/facetable")
-        assert response.status == 200
-        table = Soup(response.body, "html.parser").find("table")
-        assert table["class"] == ["rows-and-columns"]
-        assert [
-            "Missi…",
-            "Dogpa…",
-            "SOMA",
-            "Tende…",
-            "Berna…",
-            "Hayes…",
-            "Holly…",
-            "Downt…",
-            "Los F…",
-            "Korea…",
-            "Downt…",
-            "Greek…",
-            "Corkt…",
-            "Mexic…",
-            "Arcad…",
-        ] == [
-            td.string
-            for td in table.find_all("td", {"class": "col-neighborhood-b352a7"})
-        ]
-        # URLs should be truncated too
-        response2 = client.get("/fixtures/roadside_attractions")
-        assert response2.status == 200
-        table = Soup(response2.body, "html.parser").find("table")
-        tds = table.find_all("td", {"class": "col-url"})
-        assert [str(td) for td in tds] == [
-            '    ',
-            '',
-            '',
-            '',
-        ]
-
-
-@pytest.mark.asyncio
-async def test_add_filter_redirects(ds_client):
-    filter_args = urllib.parse.urlencode(
-        {"_filter_column": "content", "_filter_op": "startswith", "_filter_value": "x"}
-    )
-    path_base = "/fixtures/simple_primary_key"
-    path = path_base + "?" + filter_args
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert response.headers["Location"].endswith("?content__startswith=x")
-
-    # Adding a redirect to an existing query string:
-    path = path_base + "?foo=bar&" + filter_args
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert response.headers["Location"].endswith("?foo=bar&content__startswith=x")
-
-    # Test that op with a __x suffix overrides the filter value
-    path = (
-        path_base
-        + "?"
-        + urllib.parse.urlencode(
-            {
-                "_filter_column": "content",
-                "_filter_op": "isnull__5",
-                "_filter_value": "x",
-            }
-        )
-    )
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert response.headers["Location"].endswith("?content__isnull=5")
-
-
-@pytest.mark.asyncio
-async def test_existing_filter_redirects(ds_client):
-    filter_args = {
-        "_filter_column_1": "name",
-        "_filter_op_1": "contains",
-        "_filter_value_1": "hello",
-        "_filter_column_2": "age",
-        "_filter_op_2": "gte",
-        "_filter_value_2": "22",
-        "_filter_column_3": "age",
-        "_filter_op_3": "lt",
-        "_filter_value_3": "30",
-        "_filter_column_4": "name",
-        "_filter_op_4": "contains",
-        "_filter_value_4": "world",
-    }
-    path_base = "/fixtures/simple_primary_key"
-    path = path_base + "?" + urllib.parse.urlencode(filter_args)
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert_querystring_equal(
-        "name__contains=hello&age__gte=22&age__lt=30&name__contains=world",
-        response.headers["Location"].split("?")[1],
-    )
-
-    # Setting _filter_column_3 to empty string should remove *_3 entirely
-    filter_args["_filter_column_3"] = ""
-    path = path_base + "?" + urllib.parse.urlencode(filter_args)
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert_querystring_equal(
-        "name__contains=hello&age__gte=22&name__contains=world",
-        response.headers["Location"].split("?")[1],
-    )
-
-    # ?_filter_op=exact should be removed if unaccompanied by _fiter_column
-    response = await ds_client.get(path_base + "?_filter_op=exact")
-    assert response.status_code == 302
-    assert "?" not in response.headers["Location"]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "qs,expected_hidden",
-    (
-        # Things that should be reflected in hidden form fields:
-        ("_facet=_neighborhood", {"_facet": "_neighborhood"}),
-        ("_where=1+=+1&_col=_city_id", {"_where": "1 = 1", "_col": "_city_id"}),
-        # Things that should NOT be reflected in hidden form fields:
-        (
-            "_facet=_neighborhood&_neighborhood__exact=Downtown",
-            {"_facet": "_neighborhood"},
-        ),
-        ("_facet=_neighborhood&_city_id__gt=1", {"_facet": "_neighborhood"}),
-    ),
-)
-async def test_reflected_hidden_form_fields(ds_client, qs, expected_hidden):
-    # https://github.com/simonw/datasette/issues/1527
-    response = await ds_client.get("/fixtures/facetable?{}".format(qs))
-    # In this case we should NOT have a hidden _neighborhood__exact=Downtown field
-    form = Soup(response.text, "html.parser").find("form")
-    hidden_inputs = {
-        input["name"]: input["value"] for input in form.select("input[type=hidden]")
-    }
-    assert hidden_inputs == expected_hidden
-
-
-@pytest.mark.asyncio
-async def test_empty_search_parameter_gets_removed(ds_client):
-    path_base = "/fixtures/simple_primary_key"
-    path = (
-        path_base
-        + "?"
-        + urllib.parse.urlencode(
-            {
-                "_search": "",
-                "_filter_column": "name",
-                "_filter_op": "exact",
-                "_filter_value": "chidi",
-            }
-        )
-    )
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert response.headers["Location"].endswith("?name__exact=chidi")
-
-
-@pytest.mark.asyncio
-async def test_searchable_view_persists_fts_table(ds_client):
-    # The search form should persist ?_fts_table as a hidden field
-    response = await ds_client.get(
-        "/fixtures/searchable_view?_fts_table=searchable_fts&_fts_pk=pk"
-    )
-    inputs = Soup(response.text, "html.parser").find("form").find_all("input")
-    hiddens = [i for i in inputs if i["type"] == "hidden"]
-    assert [("_fts_table", "searchable_fts"), ("_fts_pk", "pk")] == [
-        (hidden["name"], hidden["value"]) for hidden in hiddens
-    ]
-
-
-@pytest.mark.asyncio
-async def test_sort_by_desc_redirects(ds_client):
-    path_base = "/fixtures/sortable"
-    path = (
-        path_base
-        + "?"
-        + urllib.parse.urlencode({"_sort": "sortable", "_sort_by_desc": "1"})
-    )
-    response = await ds_client.get(path)
-    assert response.status_code == 302
-    assert response.headers["Location"].endswith("?_sort_desc=sortable")
-
-
-@pytest.mark.asyncio
-async def test_sort_links(ds_client):
-    response = await ds_client.get("/fixtures/sortable?_sort=sortable")
-    assert response.status_code == 200
-    ths = Soup(response.text, "html.parser").find_all("th")
-    attrs_and_link_attrs = [
-        {
-            "attrs": th.attrs,
-            "a_href": (th.find("a")["href"] if th.find("a") else None),
-        }
-        for th in ths
-    ]
-    assert attrs_and_link_attrs == [
-        {
-            "attrs": {
-                "class": ["col-Link"],
-                "scope": "col",
-                "data-column": "Link",
-                "data-column-type": "",
-                "data-column-not-null": "0",
-                "data-is-pk": "0",
-                "data-is-link-column": "1",
-            },
-            "a_href": None,
-        },
-        {
-            "attrs": {
-                "class": ["col-pk1"],
-                "scope": "col",
-                "data-column": "pk1",
-                "data-column-type": "varchar(30)",
-                "data-column-not-null": "0",
-                "data-is-pk": "1",
-            },
-            "a_href": None,
-        },
-        {
-            "attrs": {
-                "class": ["col-pk2"],
-                "scope": "col",
-                "data-column": "pk2",
-                "data-column-type": "varchar(30)",
-                "data-column-not-null": "0",
-                "data-is-pk": "1",
-            },
-            "a_href": None,
-        },
-        {
-            "attrs": {
-                "class": ["col-content"],
-                "scope": "col",
-                "data-column": "content",
-                "data-column-type": "text",
-                "data-column-not-null": "0",
-                "data-is-pk": "0",
-            },
-            "a_href": None,
-        },
-        {
-            "attrs": {
-                "class": ["col-sortable"],
-                "scope": "col",
-                "data-column": "sortable",
-                "data-column-type": "integer",
-                "data-column-not-null": "0",
-                "data-is-pk": "0",
-            },
-            "a_href": "/fixtures/sortable?_sort_desc=sortable",
-        },
-        {
-            "attrs": {
-                "class": ["col-sortable_with_nulls"],
-                "scope": "col",
-                "data-column": "sortable_with_nulls",
-                "data-column-type": "real",
-                "data-column-not-null": "0",
-                "data-is-pk": "0",
-            },
-            "a_href": "/fixtures/sortable?_sort=sortable_with_nulls",
-        },
-        {
-            "attrs": {
-                "class": ["col-sortable_with_nulls_2"],
-                "scope": "col",
-                "data-column": "sortable_with_nulls_2",
-                "data-column-type": "real",
-                "data-column-not-null": "0",
-                "data-is-pk": "0",
-            },
-            "a_href": "/fixtures/sortable?_sort=sortable_with_nulls_2",
-        },
-        {
-            "attrs": {
-                "class": ["col-text"],
-                "scope": "col",
-                "data-column": "text",
-                "data-column-type": "text",
-                "data-column-not-null": "0",
-                "data-is-pk": "0",
-            },
-            "a_href": "/fixtures/sortable?_sort=text",
-        },
-    ]
-
-
-@pytest.mark.asyncio
-async def test_facet_display(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable?_facet=planet_int&_facet=_city_id&_facet=on_earth"
-    )
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    divs = soup.find("div", {"class": "facet-results"}).find_all("div")
-    actual = []
-    for div in divs:
-        actual.append(
-            {
-                "name": div.find("strong").text.split()[0],
-                "items": [
-                    {
-                        "name": a.text,
-                        "qs": a["href"].split("?")[-1],
-                        "count": int(
-                            a.parent.find(
-                                "span", {"class": "facet-count"}
-                            ).text.replace(",", "")
-                        ),
-                    }
-                    for a in div.find("ul").find_all("a")
-                ],
-            }
-        )
-    assert actual == [
-        {
-            "name": "_city_id",
-            "items": [
-                {
-                    "name": "San Francisco",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&_city_id__exact=1",
-                    "count": 6,
-                },
-                {
-                    "name": "Los Angeles",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&_city_id__exact=2",
-                    "count": 4,
-                },
-                {
-                    "name": "Detroit",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&_city_id__exact=3",
-                    "count": 4,
-                },
-                {
-                    "name": "Memnonia",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&_city_id__exact=4",
-                    "count": 1,
-                },
-            ],
-        },
-        {
-            "name": "planet_int",
-            "items": [
-                {
-                    "name": "1",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&planet_int=1",
-                    "count": 14,
-                },
-                {
-                    "name": "2",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&planet_int=2",
-                    "count": 1,
-                },
-            ],
-        },
-        {
-            "name": "on_earth",
-            "items": [
-                {
-                    "name": "1",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&on_earth=1",
-                    "count": 14,
-                },
-                {
-                    "name": "0",
-                    "qs": "_facet=planet_int&_facet=_city_id&_facet=on_earth&on_earth=0",
-                    "count": 1,
-                },
-            ],
-        },
-    ]
-
-
-@pytest.mark.asyncio
-async def test_facets_persist_through_filter_form(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable?_facet=planet_int&_facet=_city_id&_facet_array=tags"
-    )
-    assert response.status_code == 200
-    inputs = Soup(response.text, "html.parser").find("form").find_all("input")
-    hiddens = [i for i in inputs if i["type"] == "hidden"]
-    assert [(hidden["name"], hidden["value"]) for hidden in hiddens] == [
-        ("_facet", "planet_int"),
-        ("_facet", "_city_id"),
-        ("_facet_array", "tags"),
-    ]
-
-
-@pytest.mark.asyncio
-async def test_next_does_not_persist_in_hidden_field(ds_client):
-    response = await ds_client.get("/fixtures/searchable?_size=1&_next=1")
-    assert response.status_code == 200
-    inputs = Soup(response.text, "html.parser").find("form").find_all("input")
-    hiddens = [i for i in inputs if i["type"] == "hidden"]
-    assert [(hidden["name"], hidden["value"]) for hidden in hiddens] == [
-        ("_size", "1"),
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_html_simple_primary_key(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key?_size=3")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    assert table["class"] == ["rows-and-columns"]
-    ths = table.find_all("th")
-    assert "id\xa0▼" == ths[0].find("a").string.strip()
-    for expected_col, th in zip(("content",), ths[1:]):
-        a = th.find("a")
-        assert expected_col == a.string
-        assert a["href"].endswith(f"/simple_primary_key?_size=3&_sort={expected_col}")
-        assert ["nofollow"] == a["rel"]
-    assert [
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-    ] == [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-
-
-@pytest.mark.asyncio
-async def test_table_csv_json_export_interface(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key?id__gt=2")
-    assert response.status_code == 200
-    # The links at the top of the page
-    links = (
-        Soup(response.text, "html.parser")
-        .find("p", {"class": "export-links"})
-        .find_all("a")
-    )
-    actual = [link["href"] for link in links]
-    expected = [
-        "/fixtures/simple_primary_key.json?id__gt=2",
-        "/fixtures/simple_primary_key.testall?id__gt=2",
-        "/fixtures/simple_primary_key.testnone?id__gt=2",
-        "/fixtures/simple_primary_key.testresponse?id__gt=2",
-        "/fixtures/simple_primary_key.csv?id__gt=2&_size=max",
-        "#export",
-    ]
-    assert expected == actual
-    # And the advanced export box at the bottom:
-    div = Soup(response.text, "html.parser").find("div", {"class": "advanced-export"})
-    json_links = [a["href"] for a in div.find("p").find_all("a")]
-    assert [
-        "/fixtures/simple_primary_key.json?id__gt=2",
-        "/fixtures/simple_primary_key.json?id__gt=2&_shape=array",
-        "/fixtures/simple_primary_key.json?id__gt=2&_shape=array&_nl=on",
-        "/fixtures/simple_primary_key.json?id__gt=2&_shape=object",
-    ] == json_links
-    # And the CSV form
-    form = div.find("form")
-    assert form["action"].endswith("/simple_primary_key.csv")
-    inputs = [str(input) for input in form.find_all("input")]
-    assert [
-        '',
-        '',
-        '',
-        '',
-    ] == inputs
-
-
-def test_base_url_export_links_are_not_double_prefixed(app_client_base_url_prefix):
-    for path, expected_json, expected_csv in (
-        (
-            "/prefix/fixtures/simple_primary_key?id__gt=2",
-            "/prefix/fixtures/simple_primary_key.json?id__gt=2",
-            "/prefix/fixtures/simple_primary_key.csv?id__gt=2&_size=max",
-        ),
-        (
-            "/prefix/fixtures/simple_primary_key/1",
-            "/prefix/fixtures/simple_primary_key/1.json",
-            None,
-        ),
-        (
-            "/prefix/fixtures/-/query?sql=select+1",
-            "/prefix/fixtures/-/query.json?sql=select+1",
-            "/prefix/fixtures/-/query.csv?sql=select+1&_size=max",
-        ),
-    ):
-        response = app_client_base_url_prefix.get(path)
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-        export_links = soup.find("p", {"class": "export-links"}) or next(
-            p for p in soup.find_all("p") if "This data as" in p.get_text()
-        )
-        hrefs = [a["href"] for a in export_links.find_all("a", href=True)]
-        assert expected_json in hrefs
-        if expected_csv:
-            assert expected_csv in hrefs
-        assert not [href for href in hrefs if href.startswith("/prefix/prefix/")]
-        assert response.headers["link"] == (
-            f"; "
-            'rel="alternate"; type="application/json+datasette"'
-        )
-
-
-def test_base_url_export_links_when_database_matches_prefix():
-    with make_app_client(settings={"base_url": "/data/"}, filename="data.db") as client:
-        response = client.get("/data/data/simple_primary_key?id__gt=2")
-        assert response.status_code == 200
-        export_links = Soup(response.text, "html.parser").find(
-            "p", {"class": "export-links"}
-        )
-        hrefs = [a["href"] for a in export_links.find_all("a", href=True)]
-        assert "/data/data/simple_primary_key.json?id__gt=2" in hrefs
-        assert "/data/data/simple_primary_key.csv?id__gt=2&_size=max" in hrefs
-        assert response.headers["link"] == (
-            "; "
-            'rel="alternate"; type="application/json+datasette"'
-        )
-
-
-@pytest.mark.asyncio
-async def test_csv_json_export_links_include_labels_if_foreign_keys(ds_client):
-    response = await ds_client.get("/fixtures/facetable")
-    assert response.status_code == 200
-    links = (
-        Soup(response.text, "html.parser")
-        .find("p", {"class": "export-links"})
-        .find_all("a")
-    )
-    actual = [link["href"] for link in links]
-    expected = [
-        "/fixtures/facetable.json?_labels=on",
-        "/fixtures/facetable.testall?_labels=on",
-        "/fixtures/facetable.testnone?_labels=on",
-        "/fixtures/facetable.testresponse?_labels=on",
-        "/fixtures/facetable.csv?_labels=on&_size=max",
-        "#export",
-    ]
-    assert expected == actual
-
-
-@pytest.mark.asyncio
-async def test_table_not_exists(ds_client):
-    assert "Table not found" in (await ds_client.get("/fixtures/blah")).text
-
-
-@pytest.mark.asyncio
-async def test_table_html_no_primary_key(ds_client):
-    response = await ds_client.get("/fixtures/no_primary_key")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    # We have disabled sorting for this table using metadata.json
-    assert ["content", "a", "b", "c"] == [
-        th.string.strip() for th in table.select("thead th")[2:]
-    ]
-    expected = [
-        [
-            ''.format(
-                i, i
-            ),
-            f'',
-            f'',
-            f'',
-            f'',
-            f'',
-        ]
-        for i in range(1, 51)
-    ]
-    assert expected == [
-        [str(td) for td in tr.select("td")] for tr in table.select("tbody tr")
-    ]
-
-
-@pytest.mark.asyncio
-async def test_rowid_sortable_no_primary_key(ds_client):
-    response = await ds_client.get("/fixtures/no_primary_key")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    assert table["class"] == ["rows-and-columns"]
-    ths = table.find_all("th")
-    assert "rowid\xa0▼" == ths[1].find("a").string.strip()
-
-
-@pytest.mark.asyncio
-async def test_table_html_compound_primary_key(ds_client):
-    response = await ds_client.get("/fixtures/compound_primary_key")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    ths = table.find_all("th")
-    assert "Link" == ths[0].string.strip()
-    for expected_col, th in zip(("pk1", "pk2", "content"), ths[1:]):
-        a = th.find("a")
-        assert expected_col == a.string
-        assert th["class"] == [f"col-{expected_col}"]
-        assert a["href"].endswith(f"/compound_primary_key?_sort={expected_col}")
-    expected = [
-        [
-            '',
-            '',
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-            '',
-            '',
-        ],
-    ]
-    assert [
-        [str(td) for td in tr.select("td")] for tr in table.select("tbody tr")
-    ] == expected
-    rows = table.select("tbody tr")
-    assert rows[0]["data-row"] == "a,b"
-    assert "data-row-pk-path" not in rows[0].attrs
-    assert "data-row-label" not in rows[0].attrs
-    assert rows[1]["data-row"] == "a~2Fb,~2Ec-d"
-    assert "data-row-pk-path" not in rows[1].attrs
-    assert "data-row-label" not in rows[1].attrs
-
-
-@pytest.mark.asyncio
-async def test_table_html_foreign_key_links(ds_client):
-    response = await ds_client.get("/fixtures/foreign_key_references")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    actual = [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-    assert actual == [
-        [
-            '',
-            '',
-            '',
-            '',
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-            '',
-            '',
-            '',
-            '',
-        ],
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_html_foreign_key_facets(ds_client):
-    response = await ds_client.get(
-        "/fixtures/foreign_key_references?_facet=foreign_key_with_blank_label"
-    )
-    assert response.status_code == 200
-    assert (
-        '
  • - 1
    • '
-    ) in response.text
-
-
-@pytest.mark.asyncio
-async def test_table_html_disable_foreign_key_links_with_labels(ds_client):
-    response = await ds_client.get(
-        "/fixtures/foreign_key_references?_labels=off&_size=1"
-    )
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    actual = [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-    assert actual == [
-        [
-            '    ',
-            '',
-            '',
-            '',
-            '',
-            '',
-        ]
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_html_foreign_key_custom_label_column(ds_client):
-    response = await ds_client.get("/fixtures/custom_foreign_key_label")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    expected = [
-        [
-            '',
-            '',
-        ]
-    ]
-    assert expected == [
-        [str(td) for td in tr.select("td")] for tr in table.select("tbody tr")
-    ]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_column_options",
-    [
-        ("/fixtures/infinity", ["- column -", "rowid", "value"]),
-        (
-            "/fixtures/primary_key_multiple_columns",
-            ["- column -", "id", "content", "content2"],
-        ),
-        ("/fixtures/compound_primary_key", ["- column -", "pk1", "pk2", "content"]),
-    ],
-)
-async def test_table_html_filter_form_column_options(
-    path, expected_column_options, ds_client
-):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    form = Soup(response.text, "html.parser").find("form")
-    column_options = [
-        o.attrs.get("value") or o.string
-        for o in form.select("select[name=_filter_column] option")
-    ]
-    assert expected_column_options == column_options
-
-
-@pytest.mark.asyncio
-async def test_table_html_filter_form_still_shows_nocol_columns(ds_client):
-    # https://github.com/simonw/datasette/issues/1503
-    response = await ds_client.get("/fixtures/sortable?_nocol=sortable")
-    assert response.status_code == 200
-    form = Soup(response.text, "html.parser").find("form")
-    assert [
-        o.string
-        for o in form.select("select[name='_filter_column']")[0].select("option")
-    ] == [
-        "- column -",
-        "pk1",
-        "pk2",
-        "content",
-        "sortable_with_nulls",
-        "sortable_with_nulls_2",
-        "text",
-        # Moved to the end because it is no longer returned by the query:
-        "sortable",
-    ]
-
-
-@pytest.mark.asyncio
-async def test_column_chooser_present(ds_client):
-    response = await ds_client.get("/fixtures/facetable")
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    # Web component should be present
-    chooser = soup.find("column-chooser")
-    assert chooser is not None
-    # Script block should contain column data as JSON
-
-    scripts = soup.find_all("script")
-    chooser_script = [s for s in scripts if "_columnChooserData" in (s.string or "")]
-    assert len(chooser_script) == 1
-    script_text = chooser_script[0].string
-    # Extract the JSON data
-    assert "allColumns" in script_text
-    assert "selectedColumns" in script_text
-    assert "primaryKeys" in script_text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path", ["/fixtures/facetable", "/fixtures/123_starts_with_digits"]
-)
-async def test_mobile_column_actions_present(ds_client, path):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    button = soup.select_one("button.column-actions-mobile.small-screen-only")
-    assert button is not None
-    assert button.text.strip() == "Column actions"
-    assert button.find("svg") is not None
-    assert any(
-        "mobile-column-actions.js" in (script.get("src") or "")
-        for script in soup.find_all("script")
-    )
-    # mobile-column-actions.js builds its dialog from ',
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-            '',
-        ],
-    ]
-    assert expected == [
-        [str(td) for td in tr.select("td")] for tr in table.select("tbody tr")
-    ]
-
-
-@pytest.mark.asyncio
-async def test_view_html(ds_client):
-    response = await ds_client.get("/fixtures/simple_view?_size=3")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    ths = table.select("thead th")
-    assert 2 == len(ths)
-    assert ths[0].find("a") is not None
-    assert ths[0].find("a")["href"].endswith("/simple_view?_size=3&_sort=content")
-    assert ths[0].find("a").string.strip() == "content"
-    assert ths[1].find("a") is None
-    assert ths[1].string.strip() == "upper_content"
-    expected = [
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-    ]
-    assert expected == [
-        [str(td) for td in tr.select("td")] for tr in table.select("tbody tr")
-    ]
-
-
-@pytest.mark.asyncio
-async def test_table_metadata(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key")
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    # Page title should be custom and should be HTML escaped
-    assert "This <em>HTML</em> is escaped" == inner_html(soup.find("h1"))
-    # Description should be custom and NOT escaped (we used description_html)
-    assert "Simple primary key" == inner_html(
-        soup.find("div", {"class": "metadata-description"})
-    )
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,has_object,has_stream,has_expand",
-    [
-        ("/fixtures/no_primary_key", False, True, False),
-        ("/fixtures/complex_foreign_keys", True, False, True),
-    ],
-)
-async def test_advanced_export_box(ds_client, path, has_object, has_stream, has_expand):
-    response = await ds_client.get(path)
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    # JSON shape options
-    expected_json_shapes = ["default", "array", "newline-delimited"]
-    if has_object:
-        expected_json_shapes.append("object")
-    div = soup.find("div", {"class": "advanced-export"})
-    assert expected_json_shapes == [a.text for a in div.find("p").find_all("a")]
-    # "stream all rows" option
-    if has_stream:
-        assert "stream all rows" in str(div)
-    # "expand labels" option
-    if has_expand:
-        assert "expand labels" in str(div)
-
-
-@pytest.mark.asyncio
-async def test_extra_where_clauses(ds_client):
-    response = await ds_client.get(
-        "/fixtures/facetable?_where=_neighborhood='Dogpatch'&_where=_city_id=1"
-    )
-    soup = Soup(response.text, "html.parser")
-    div = soup.select(".extra-wheres")[0]
-    assert "2 extra where clauses" == div.find("h3").text
-    hrefs = [a["href"] for a in div.find_all("a")]
-    assert [
-        "/fixtures/facetable?_where=_city_id%3D1",
-        "/fixtures/facetable?_where=_neighborhood%3D%27Dogpatch%27",
-    ] == hrefs
-    # These should also be persisted as hidden fields
-    inputs = soup.find("form").find_all("input")
-    hiddens = [i for i in inputs if i["type"] == "hidden"]
-    assert [("_where", "_neighborhood='Dogpatch'"), ("_where", "_city_id=1")] == [
-        (hidden["name"], hidden["value"]) for hidden in hiddens
-    ]
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_hidden",
-    [
-        ("/fixtures/facetable?_size=10", [("_size", "10")]),
-        (
-            "/fixtures/facetable?_size=10&_ignore=1&_ignore=2",
-            [
-                ("_size", "10"),
-                ("_ignore", "1"),
-                ("_ignore", "2"),
-            ],
-        ),
-    ],
-)
-async def test_other_hidden_form_fields(ds_client, path, expected_hidden):
-    response = await ds_client.get(path)
-    soup = Soup(response.text, "html.parser")
-    inputs = soup.find("form").find_all("input")
-    hiddens = [i for i in inputs if i["type"] == "hidden"]
-    assert [(hidden["name"], hidden["value"]) for hidden in hiddens] == expected_hidden
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected_hidden",
-    [
-        ("/fixtures/searchable?_search=terry", []),
-        ("/fixtures/searchable?_sort=text2", []),
-        ("/fixtures/searchable?_sort_desc=text2", []),
-        ("/fixtures/searchable?_sort=text2&_where=1", [("_where", "1")]),
-    ],
-)
-async def test_search_and_sort_fields_not_duplicated(ds_client, path, expected_hidden):
-    # https://github.com/simonw/datasette/issues/1214
-    response = await ds_client.get(path)
-    soup = Soup(response.text, "html.parser")
-    inputs = soup.find("form").find_all("input")
-    hiddens = [i for i in inputs if i["type"] == "hidden"]
-    assert [(hidden["name"], hidden["value"]) for hidden in hiddens] == expected_hidden
-
-
-@pytest.mark.asyncio
-async def test_binary_data_display_in_table(ds_client):
-    response = await ds_client.get("/fixtures/binary_data")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    expected_tds = [
-        [
-            '',
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-            '',
-        ],
-    ]
-    assert expected_tds == [
-        [str(td) for td in tr.select("td")] for tr in table.select("tbody tr")
-    ]
-
-
-def test_custom_table_include():
-    with make_app_client(
-        template_dir=str(pathlib.Path(__file__).parent / "test_templates")
-    ) as client:
-        response = client.get("/fixtures/complex_foreign_keys")
-        assert response.status == 200
-        assert (
-            '
    '
-            '1 - 2 - hello 1'
-            "
    "
-        ) == str(Soup(response.text, "html.parser").select_one("div.custom-table-row"))
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize("json", (True, False))
-@pytest.mark.parametrize(
-    "params,error",
-    (
-        ("?_sort=bad", "Cannot sort table by bad"),
-        ("?_sort_desc=bad", "Cannot sort table by bad"),
-        (
-            "?_sort=state&_sort_desc=state",
-            "Cannot use _sort and _sort_desc at the same time",
-        ),
-    ),
-)
-async def test_sort_errors(ds_client, json, params, error):
-    path = "/fixtures/facetable{}{}".format(
-        ".json" if json else "",
-        params,
-    )
-    response = await ds_client.get(path)
-    assert response.status_code == 400
-    if json:
-        assert response.json() == {
-            "ok": False,
-            "error": error,
-            "status": 400,
-            "title": None,
-        }
-    else:
-        assert error in response.text
-
-
-@pytest.mark.asyncio
-async def test_metadata_sort(ds_client):
-    response = await ds_client.get("/fixtures/facet_cities")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    assert table["class"] == ["rows-and-columns"]
-    ths = table.find_all("th")
-    assert ["id", "name\xa0▼"] == [th.find("a").string.strip() for th in ths]
-    rows = [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-    expected = [
-        [
-            '    ',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-    ]
-    assert expected == rows
-    # Make sure you can reverse that sort order
-    response = await ds_client.get("/fixtures/facet_cities?_sort_desc=name")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    rows = [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-    assert list(reversed(expected)) == rows
-
-
-@pytest.mark.asyncio
-async def test_metadata_sort_desc(ds_client):
-    response = await ds_client.get("/fixtures/attraction_characteristic")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    assert table["class"] == ["rows-and-columns"]
-    ths = table.find_all("th")
-    assert ["pk\xa0▲", "name"] == [th.find("a").string.strip() for th in ths]
-    rows = [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-    expected = [
-        [
-            '',
-            '',
-        ],
-        [
-            '',
-            '',
-        ],
-    ]
-    assert expected == rows
-    # Make sure you can reverse that sort order
-    response = await ds_client.get("/fixtures/attraction_characteristic?_sort=pk")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    rows = [[str(td) for td in tr.select("td")] for tr in table.select("tbody tr")]
-    assert list(reversed(expected)) == rows
-
-
-@pytest.mark.parametrize(
-    "max_returned_rows,path,expected_num_facets,expected_ellipses,expected_ellipses_url",
-    (
-        (
-            5,
-            # Default should show 2 facets
-            "/fixtures/facetable?_facet=_neighborhood",
-            2,
-            True,
-            "/fixtures/facetable?_facet=_neighborhood&_facet_size=max",
-        ),
-        # _facet_size above max_returned_rows should show max_returned_rows (5)
-        (
-            5,
-            "/fixtures/facetable?_facet=_neighborhood&_facet_size=50",
-            5,
-            True,
-            "/fixtures/facetable?_facet=_neighborhood&_facet_size=max",
-        ),
-        # If max_returned_rows is high enough, should return all
-        (
-            20,
-            "/fixtures/facetable?_facet=_neighborhood&_facet_size=max",
-            14,
-            False,
-            None,
-        ),
-        # If num facets > max_returned_rows, show ... without a link
-        # _facet_size above max_returned_rows should show max_returned_rows (5)
-        (
-            5,
-            "/fixtures/facetable?_facet=_neighborhood&_facet_size=max",
-            5,
-            True,
-            None,
-        ),
-    ),
-)
-def test_facet_more_links(
-    max_returned_rows,
-    path,
-    expected_num_facets,
-    expected_ellipses,
-    expected_ellipses_url,
-):
-    with make_app_client(
-        settings={"max_returned_rows": max_returned_rows, "default_facet_size": 2}
-    ) as client:
-        response = client.get(path)
-        soup = Soup(response.body, "html.parser")
-        lis = soup.select("#facet-neighborhood-b352a7 ul li:not(.facet-truncated)")
-        facet_truncated = soup.select_one(".facet-truncated")
-        assert len(lis) == expected_num_facets
-        if not expected_ellipses:
-            assert facet_truncated is None
-        else:
-            if expected_ellipses_url:
-                assert facet_truncated.find("a")["href"] == expected_ellipses_url
-            else:
-                assert facet_truncated.find("a") is None
-
-
-def test_unavailable_table_does_not_break_sort_relationships():
-    # https://github.com/simonw/datasette/issues/1305
-    with make_app_client(
-        config={
-            "databases": {
-                "fixtures": {"tables": {"foreign_key_references": {"allow": False}}}
-            }
-        }
-    ) as client:
-        response = client.get("/?_sort=relationships")
-        assert response.status == 200
-
-
-@pytest.mark.asyncio
-async def test_column_metadata(ds_client):
-    response = await ds_client.get("/fixtures/roadside_attractions")
-    soup = Soup(response.text, "html.parser")
-    dl = soup.find("dl")
-    assert [(dt.text, dt.next_sibling.text) for dt in dl.find_all("dt")] == [
-        ("address", "The street address for the attraction"),
-        ("name", "The name of the attraction"),
-    ]
-    assert (
-        soup.select("th[data-column=name]")[0]["data-column-description"]
-        == "The name of the attraction"
-    )
-    assert (
-        soup.select("th[data-column=address]")[0]["data-column-description"]
-        == "The street address for the attraction"
-    )
-
-
-def test_facet_total():
-    # https://github.com/simonw/datasette/issues/1423
-    # https://github.com/simonw/datasette/issues/1556
-    with make_app_client(settings={"max_returned_rows": 100}) as client:
-        path = "/fixtures/sortable?_facet=content&_facet=pk1"
-        response = client.get(path)
-        assert response.status == 200
-    fragments = (
-        '>30',
-        '8',
-    )
-    for fragment in fragments:
-        assert fragment in response.text
-
-
-@pytest.mark.asyncio
-async def test_sort_rowid_with_next(ds_client):
-    # https://github.com/simonw/datasette/issues/1470
-    response = await ds_client.get("/fixtures/binary_data?_size=1&_next=1&_sort=rowid")
-    assert response.status_code == 200
-
-
-def assert_querystring_equal(expected, actual):
-    assert sorted(expected.split("&")) == sorted(actual.split("&"))
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "path,expected",
-    (
-        (
-            "/fixtures/facetable",
-            "fixtures: facetable: 15 rows",
-        ),
-        (
-            "/fixtures/facetable?on_earth__exact=1",
-            "fixtures: facetable: 14 rows where on_earth = 1",
-        ),
-    ),
-)
-async def test_table_page_title(ds_client, path, expected):
-    response = await ds_client.get(path)
-    title = Soup(response.text, "html.parser").find("title").text
-    assert title == expected
-
-
-@pytest.mark.asyncio
-async def test_table_post_method_not_allowed(ds_client):
-    response = await ds_client.post("/fixtures/facetable")
-    assert response.status_code == 405
-    assert "Method not allowed" in response.text
-
-
-@pytest.mark.parametrize("allow_facet", (True, False))
-def test_allow_facet_off(allow_facet):
-    with make_app_client(settings={"allow_facet": allow_facet}) as client:
-        response = client.get("/fixtures/facetable")
-        expected = "DATASETTE_ALLOW_FACET = {};".format(
-            "true" if allow_facet else "false"
-        )
-        assert expected in response.text
-        if allow_facet:
-            assert "Suggested facets" in response.text
-        else:
-            assert "Suggested facets" not in response.text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "size,title,length_bytes",
-    (
-        (2000, ' title="2.0 KB"', "2,000"),
-        (20000, ' title="19.5 KB"', "20,000"),
-        (20, "", "20"),
-    ),
-)
-async def test_format_of_binary_links(size, title, length_bytes):
-    ds = Datasette()
-    db_name = "binary-links-{}".format(size)
-    db = ds.add_memory_database(db_name)
-    sql = "select zeroblob({}) as blob".format(size)
-    await db.execute_write("create table blobs as {}".format(sql))
-    response = await ds.client.get("/{}/blobs".format(db_name))
-    assert response.status_code == 200
-    expected = "{}><Binary: {} bytes>".format(title, length_bytes)
-    assert expected in response.text
-    # And test with arbitrary SQL query too
-    sql_response = await ds.client.get(
-        "{}/-/query".format(db_name), params={"sql": sql}
-    )
-    assert sql_response.status_code == 200
-    assert expected in sql_response.text
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "config",
-    (
-        # Blocked at table level
-        {
-            "databases": {
-                "foreign_key_labels": {
-                    "tables": {
-                        # Table a is only visible to root
-                        "a": {"allow": {"id": "root"}},
-                    }
-                }
-            }
-        },
-        # Blocked at database level
-        {
-            "databases": {
-                "foreign_key_labels": {
-                    # Only root can view this database
-                    "allow": {"id": "root"},
-                    "tables": {
-                        # But table b is visible to everyone
-                        "b": {"allow": True},
-                    },
-                }
-            }
-        },
-        # Blocked at the instance level
-        {
-            "allow": {"id": "root"},
-            "databases": {
-                "foreign_key_labels": {
-                    "tables": {
-                        # Table b is visible to everyone
-                        "b": {"allow": True},
-                    }
-                }
-            },
-        },
-    ),
-)
-async def test_foreign_key_labels_obey_permissions(config):
-    ds = Datasette(config=config)
-    db = ds.add_memory_database("foreign_key_labels")
-    await db.execute_write(
-        "create table if not exists a(id integer primary key, name text)"
-    )
-    await db.execute_write("insert or replace into a (id, name) values (1, 'hello')")
-    await db.execute_write(
-        "create table if not exists b(id integer primary key, name text, a_id integer references a(id))"
-    )
-    await db.execute_write(
-        "insert or replace into b (id, name, a_id) values (1, 'world', 1)"
-    )
-    # Anonymous user can see table b but not table a
-    await ds.client.get("/foreign_key_labels.json")
-    anon_a = await ds.client.get("/foreign_key_labels/a.json?_labels=on")
-    assert anon_a.status_code == 403
-    anon_b = await ds.client.get("/foreign_key_labels/b.json?_labels=on")
-    assert anon_b.status_code == 200
-    # root user can see both
-    cookies = {"ds_actor": ds.sign({"a": {"id": "root"}}, "actor")}
-    root_a = await ds.client.get(
-        "/foreign_key_labels/a.json?_labels=on", cookies=cookies
-    )
-    assert root_a.status_code == 200
-    root_b = await ds.client.get(
-        "/foreign_key_labels/b.json?_labels=on", cookies=cookies
-    )
-    assert root_b.status_code == 200
-    # Labels should have been expanded for root
-    assert root_b.json() == {
-        "ok": True,
-        "next": None,
-        "rows": [{"id": 1, "name": "world", "a_id": {"value": 1, "label": "hello"}}],
-        "truncated": False,
-    }
-    # But not for anon
-    assert anon_b.json() == {
-        "ok": True,
-        "next": None,
-        "rows": [{"id": 1, "name": "world", "a_id": 1}],
-        "truncated": False,
-    }
-
-
-def test_foreign_keys_special_character_in_database_name(app_client_with_dot):
-    # https://github.com/simonw/datasette/pull/2476
-    response = app_client_with_dot.get("/fixtures~2Edot/complex_foreign_keys")
-    assert 'world' in response.text
diff --git a/tests/test_template_context.py b/tests/test_template_context.py
deleted file mode 100644
index 7923d0e7..00000000
--- a/tests/test_template_context.py
+++ /dev/null
@@ -1,215 +0,0 @@
-"""
-Tests for the documented template context - the contract that custom
-template authors can rely on for Datasette 1.0.
-"""
-
-import html
-import json
-import pathlib
-from dataclasses import dataclass, field
-
-import pytest
-
-from datasette.app import Datasette, TEMPLATE_BASE_CONTEXT
-from datasette.extras import ExtraScope
-from datasette.fixtures import write_fixture_database
-from datasette.template_contexts import PAGES, documented_context_keys
-from datasette.views import Context
-
-
-def test_documented_fields():
-    @dataclass
-    class DemoNested:
-        name: str
-
-    @dataclass
-    class DemoContext(Context):
-        name: str = field(metadata={"help": "The name"})
-        _internal: str = field()
-        count: int = field(metadata={"help": "How many there are"})
-        items: list[DemoNested] = field(metadata={"help": "Nested items"})
-
-    fields = DemoContext.documented_fields()
-    assert [(f.name, f.type_name, f.help) for f in fields] == [
-        ("name", "str", "The name"),
-        ("count", "int", "How many there are"),
-        ("items", "list[DemoNested]", "Nested items"),
-    ]
-
-
-@pytest.mark.parametrize("klass", PAGES.values(), ids=lambda klass: klass.__name__)
-def test_context_class_fields_all_have_help(klass):
-    for context_field in klass.documented_fields():
-        assert context_field.help, "{}.{} is missing documentation".format(
-            klass.__name__, context_field.name
-        )
-
-
-@pytest.mark.parametrize("klass", PAGES.values(), ids=lambda klass: klass.__name__)
-def test_context_class_has_docstring_and_documented_template(klass):
-    assert klass.__doc__, "{} is missing a docstring".format(klass.__name__)
-    assert klass.documented_template, "{} is missing a documented_template".format(
-        klass.__name__
-    )
-
-
-def test_from_extra_documentation_comes_from_the_extra_class():
-    from datasette.views import from_extra
-    from datasette.views.table_extras import CountExtra
-
-    @dataclass
-    class DemoContext(Context):
-        extras_scope = ExtraScope.TABLE
-
-        count: int = from_extra()
-        name: str = field(metadata={"help": "The name"})
-
-    fields = {f.name: f for f in DemoContext.documented_fields()}
-    assert fields["count"].help == CountExtra.description
-    assert fields["count"].from_extra
-    assert fields["name"].help == "The name"
-    assert not fields["name"].from_extra
-
-
-def test_from_extra_must_match_a_registered_extra():
-    from datasette.views import from_extra
-
-    @dataclass
-    class BadContext(Context):
-        extras_scope = ExtraScope.TABLE
-
-        not_a_real_extra: str = from_extra()
-
-    with pytest.raises(KeyError):
-        BadContext.documented_fields()
-
-
-def test_from_extra_must_be_available_for_the_scope():
-    from datasette.views import from_extra
-
-    @dataclass
-    class WrongScopeContext(Context):
-        extras_scope = ExtraScope.ROW
-
-        # count is a TABLE-scope extra, not available for ROW
-        count: int = from_extra()
-
-    with pytest.raises(ValueError):
-        WrongScopeContext.documented_fields()
-
-
-@pytest.fixture
-def isolate_extra_template_vars_plugins():
-    # Datasette instances created with plugins_dir (e.g. the session-scoped
-    # ds_client fixture) register their plugins on the global plugin manager
-    # for the rest of the process. The contract documents plugin-free
-    # Datasette core, so unregister any non-default plugin that adds
-    # template variables via the extra_template_vars hook
-    from datasette.plugins import pm, DEFAULT_PLUGINS
-
-    hook_plugins = {impl.plugin for impl in pm.hook.extra_template_vars.get_hookimpls()}
-    removed = []
-    for plugin in list(pm.get_plugins()):
-        name = pm.get_name(plugin)
-        if name not in DEFAULT_PLUGINS and plugin in hook_plugins:
-            pm.unregister(plugin)
-            removed.append((plugin, name))
-    yield
-    for plugin, name in removed:
-        pm.register(plugin, name)
-
-
-@pytest.fixture(scope="module")
-def context_ds(tmp_path_factory):
-    db_path = tmp_path_factory.mktemp("template-context") / "fixtures.db"
-    write_fixture_database(db_path)
-    ds = Datasette(
-        [str(db_path)],
-        settings={"num_sql_threads": 1, "template_debug": True},
-        config={
-            "databases": {
-                "fixtures": {
-                    "queries": {
-                        "neighborhood_search": {
-                            "sql": (
-                                "select _neighborhood from facetable "
-                                "where _neighborhood like '%' || :text || '%'"
-                            ),
-                            "title": "Search neighborhoods",
-                        }
-                    }
-                }
-            }
-        },
-    )
-    yield ds
-    for db in ds.databases.values():
-        if not db.is_memory:
-            db.close()
-
-
-async def get_template_context(ds, path):
-    sep = "&" if "?" in path else "?"
-    response = await ds.client.get(path + sep + "_context=1")
-    assert response.status_code == 200, path
-    body = html.unescape(response.text.removeprefix("
    ").removesuffix("
    "))
-    return json.loads(body)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "page_name,path",
-    (
-        ("database", "/fixtures"),
-        ("table", "/fixtures/facetable"),
-        ("table", "/fixtures/facetable?_city_id__exact=1"),
-        ("row", "/fixtures/facetable/1"),
-        ("query", "/fixtures/-/query?sql=select+*+from+facetable"),
-        ("query", "/fixtures/neighborhood_search?text=cork"),
-    ),
-)
-async def test_template_context_matches_documented_contract(
-    context_ds, isolate_extra_template_vars_plugins, page_name, path
-):
-    # The full contract: every key in the rendered template context is
-    # documented, and every documented key is present in the context
-    documented = documented_context_keys(page_name)
-    actual = {
-        key
-        for key in await get_template_context(context_ds, path)
-        if not key.startswith("_")
-    }
-    undocumented = actual - documented
-    no_longer_present = documented - actual
-    assert not undocumented, (
-        "Undocumented keys in {} template context: {} - add them to the "
-        "page's Context class".format(page_name, sorted(undocumented))
-    )
-    assert not no_longer_present, (
-        "Documented keys missing from {} template context: {} - this would "
-        "break custom templates".format(page_name, sorted(no_longer_present))
-    )
-
-
-def test_base_context_keys_all_have_docs():
-    for name, doc in TEMPLATE_BASE_CONTEXT.items():
-        assert doc, "Base context key {} is missing docs".format(name)
-
-
-def test_template_context_docs_cover_every_documented_key():
-    docs_path = pathlib.Path(__file__).parent.parent / "docs" / "template_context.rst"
-    assert docs_path.exists(), "docs/template_context.rst is missing"
-    docs = docs_path.read_text()
-    for name in TEMPLATE_BASE_CONTEXT:
-        assert "``{}``".format(name) in docs, name
-    for page_name, klass in PAGES.items():
-        title = "{} page".format(klass.__name__.removesuffix("Context"))
-        assert title in docs, title
-        for context_field in klass.documented_fields():
-            assert "``{}``".format(context_field.name) in docs, "{} ({} page)".format(
-                context_field.name, page_name
-            )
-            assert (
-                "``{}`` - ``{}``".format(context_field.name, context_field.type_name)
-                in docs
-            ), "{} type ({} page)".format(context_field.name, page_name)
diff --git a/tests/test_templates/pages/202.html b/tests/test_templates/pages/202.html
deleted file mode 100644
index 43a313b2..00000000
--- a/tests/test_templates/pages/202.html
+++ /dev/null
@@ -1 +0,0 @@
-{{ custom_status(202) }}202!
\ No newline at end of file
diff --git a/tests/test_templates/pages/about.html b/tests/test_templates/pages/about.html
deleted file mode 100644
index 11d78862..00000000
--- a/tests/test_templates/pages/about.html
+++ /dev/null
@@ -1 +0,0 @@
-ABOUT! view_name:{{ view_name }}
\ No newline at end of file
diff --git a/tests/test_templates/pages/atom.html b/tests/test_templates/pages/atom.html
deleted file mode 100644
index 1c7faafd..00000000
--- a/tests/test_templates/pages/atom.html
+++ /dev/null
@@ -1 +0,0 @@
-{{ custom_header("content-type", "application/xml") }}
\ No newline at end of file
diff --git a/tests/test_templates/pages/headers.html b/tests/test_templates/pages/headers.html
deleted file mode 100644
index 8a59d4aa..00000000
--- a/tests/test_templates/pages/headers.html
+++ /dev/null
@@ -1 +0,0 @@
-{{ custom_header("x-this-is-foo", "foo") }}FOO{{ custom_header("x-this-is-bar", "bar") }}BAR
\ No newline at end of file
diff --git a/tests/test_templates/pages/nested/nest.html b/tests/test_templates/pages/nested/nest.html
deleted file mode 100644
index 5510f99e..00000000
--- a/tests/test_templates/pages/nested/nest.html
+++ /dev/null
@@ -1 +0,0 @@
-Nest!
\ No newline at end of file
diff --git a/tests/test_templates/pages/redirect.html b/tests/test_templates/pages/redirect.html
deleted file mode 100644
index 36a71554..00000000
--- a/tests/test_templates/pages/redirect.html
+++ /dev/null
@@ -1 +0,0 @@
-{{ custom_redirect("/example") }}
\ No newline at end of file
diff --git a/tests/test_templates/pages/redirect2.html b/tests/test_templates/pages/redirect2.html
deleted file mode 100644
index b7ae092a..00000000
--- a/tests/test_templates/pages/redirect2.html
+++ /dev/null
@@ -1 +0,0 @@
-{{ custom_redirect("/example", 301) }}
\ No newline at end of file
diff --git a/tests/test_templates/pages/request.html b/tests/test_templates/pages/request.html
deleted file mode 100644
index aa8e0b62..00000000
--- a/tests/test_templates/pages/request.html
+++ /dev/null
@@ -1 +0,0 @@
-path:{{ request.path }}
\ No newline at end of file
diff --git a/tests/test_templates/pages/route_{name}.html b/tests/test_templates/pages/route_{name}.html
deleted file mode 100644
index 42bd1e04..00000000
--- a/tests/test_templates/pages/route_{name}.html
+++ /dev/null
@@ -1,2 +0,0 @@
-{% if name == "OhNo" %}{{ raise_404("Oh no") }}{% endif %}
-
    Hello from {{ name }}
    
\ No newline at end of file
diff --git a/tests/test_templates/pages/topic_{topic}.html b/tests/test_templates/pages/topic_{topic}.html
deleted file mode 100644
index f07b6b07..00000000
--- a/tests/test_templates/pages/topic_{topic}.html
+++ /dev/null
@@ -1 +0,0 @@
-Topic page for {{ topic }}
\ No newline at end of file
diff --git a/tests/test_templates/pages/topic_{topic}/{slug}.html b/tests/test_templates/pages/topic_{topic}/{slug}.html
deleted file mode 100644
index cbe5344f..00000000
--- a/tests/test_templates/pages/topic_{topic}/{slug}.html
+++ /dev/null
@@ -1 +0,0 @@
-Slug: {{ slug }}, Topic: {{ topic }}
\ No newline at end of file
diff --git a/tests/test_token_handler.py b/tests/test_token_handler.py
deleted file mode 100644
index 5c87f577..00000000
--- a/tests/test_token_handler.py
+++ /dev/null
@@ -1,338 +0,0 @@
-"""
-Tests for the register_token_handler plugin hook.
-"""
-
-from datasette.app import Datasette
-from datasette.hookspecs import hookimpl
-from datasette.plugins import pm
-from datasette.tokens import TokenHandler, TokenRestrictions, SignedTokenHandler
-import pytest
-
-
-@pytest.fixture
-def datasette():
-    return Datasette()
-
-
-@pytest.mark.asyncio
-async def test_default_signed_handler_registered(datasette):
-    """The default SignedTokenHandler should be registered automatically."""
-    handlers = datasette._token_handlers()
-    assert len(handlers) >= 1
-    assert any(isinstance(h, SignedTokenHandler) for h in handlers)
-    assert any(h.name == "signed" for h in handlers)
-
-
-@pytest.mark.asyncio
-async def test_create_token_default(datasette):
-    """create_token() with handler='signed' should create a signed token."""
-    token = await datasette.create_token("test_actor", handler="signed")
-    assert token.startswith("dstok_")
-
-
-@pytest.mark.asyncio
-async def test_create_token_with_restrictions(datasette):
-    """create_token() should handle restriction parameters."""
-    token = await datasette.create_token(
-        "test_actor",
-        handler="signed",
-        expires_after=3600,
-        restrictions=TokenRestrictions().allow_all("view-instance"),
-    )
-    assert token.startswith("dstok_")
-    # Verify the token contains the expected data
-    decoded = datasette.unsign(token[len("dstok_") :], namespace="token")
-    assert decoded["a"] == "test_actor"
-    assert decoded["d"] == 3600
-    assert "_r" in decoded
-    assert "a" in decoded["_r"]
-
-
-@pytest.mark.asyncio
-async def test_verify_token_default(datasette):
-    """verify_token() should verify signed tokens."""
-    token = await datasette.create_token("test_actor", handler="signed")
-    actor = await datasette.verify_token(token)
-    assert actor is not None
-    assert actor["id"] == "test_actor"
-    assert actor["token"] == "dstok"
-
-
-@pytest.mark.asyncio
-async def test_verify_token_unknown_returns_none(datasette):
-    """verify_token() should return None for unrecognized tokens."""
-    result = await datasette.verify_token("unknown_token_format_xyz")
-    assert result is None
-
-
-@pytest.mark.asyncio
-async def test_verify_token_bad_signature_returns_none(datasette):
-    """verify_token() should return None for tokens with bad signatures."""
-    result = await datasette.verify_token("dstok_tampered_data_here")
-    assert result is None
-
-
-@pytest.mark.asyncio
-async def test_create_token_with_named_handler(datasette):
-    """create_token(handler='signed') should select the signed handler."""
-    token = await datasette.create_token("test_actor", handler="signed")
-    assert token.startswith("dstok_")
-
-
-@pytest.mark.asyncio
-async def test_create_token_unknown_handler_raises(datasette):
-    """create_token(handler='nonexistent') should raise ValueError."""
-    with pytest.raises(ValueError, match="Token handler 'nonexistent' not found"):
-        await datasette.create_token("test_actor", handler="nonexistent")
-
-
-@pytest.mark.asyncio
-async def test_custom_token_handler(datasette):
-    """A custom token handler should be usable for both create and verify."""
-
-    class CustomHandler(TokenHandler):
-        name = "custom"
-
-        async def create_token(self, datasette, actor_id, **kwargs):
-            return f"custom_{actor_id}"
-
-        async def verify_token(self, datasette, token):
-            if token.startswith("custom_"):
-                return {"id": token[len("custom_") :], "token": "custom"}
-            return None
-
-    class Plugin:
-        __name__ = "CustomTokenPlugin"
-
-        @staticmethod
-        @hookimpl
-        def register_token_handler(datasette):
-            return CustomHandler()
-
-    pm.register(Plugin(), name="test_custom_handler")
-    try:
-        handlers = datasette._token_handlers()
-        assert any(h.name == "custom" for h in handlers)
-
-        # Create with custom handler
-        token = await datasette.create_token("alice", handler="custom")
-        assert token == "custom_alice"
-
-        # Verify custom token
-        actor = await datasette.verify_token("custom_alice")
-        assert actor is not None
-        assert actor["id"] == "alice"
-        assert actor["token"] == "custom"
-
-        # Signed tokens should still work
-        signed_token = await datasette.create_token("bob", handler="signed")
-        assert signed_token.startswith("dstok_")
-        actor = await datasette.verify_token(signed_token)
-        assert actor["id"] == "bob"
-    finally:
-        pm.unregister(name="test_custom_handler")
-
-
-@pytest.mark.asyncio
-async def test_verify_token_tries_all_handlers(datasette):
-    """verify_token() should try each handler until one matches."""
-
-    class HandlerA(TokenHandler):
-        name = "handler_a"
-
-        async def create_token(self, datasette, actor_id, **kwargs):
-            return f"a_{actor_id}"
-
-        async def verify_token(self, datasette, token):
-            if token.startswith("a_"):
-                return {"id": token[2:], "token": "handler_a"}
-            return None
-
-    class HandlerB(TokenHandler):
-        name = "handler_b"
-
-        async def create_token(self, datasette, actor_id, **kwargs):
-            return f"b_{actor_id}"
-
-        async def verify_token(self, datasette, token):
-            if token.startswith("b_"):
-                return {"id": token[2:], "token": "handler_b"}
-            return None
-
-    class PluginA:
-        __name__ = "PluginA"
-
-        @staticmethod
-        @hookimpl
-        def register_token_handler(datasette):
-            return HandlerA()
-
-    class PluginB:
-        __name__ = "PluginB"
-
-        @staticmethod
-        @hookimpl
-        def register_token_handler(datasette):
-            return HandlerB()
-
-    pm.register(PluginA(), name="test_handler_a")
-    pm.register(PluginB(), name="test_handler_b")
-    try:
-        # Both handler tokens should verify
-        actor_a = await datasette.verify_token("a_alice")
-        assert actor_a is not None
-        assert actor_a["id"] == "alice"
-        assert actor_a["token"] == "handler_a"
-
-        actor_b = await datasette.verify_token("b_bob")
-        assert actor_b is not None
-        assert actor_b["id"] == "bob"
-        assert actor_b["token"] == "handler_b"
-
-        # Unknown token should return None
-        assert await datasette.verify_token("c_charlie") is None
-    finally:
-        pm.unregister(name="test_handler_a")
-        pm.unregister(name="test_handler_b")
-
-
-@pytest.mark.asyncio
-async def test_token_handler_via_http(datasette):
-    """Default signed tokens should work through HTTP auth."""
-    token = await datasette.create_token("http_user", handler="signed")
-    response = await datasette.client.get(
-        "/-/actor.json",
-        headers={"Authorization": f"Bearer {token}"},
-    )
-    assert response.status_code == 200
-    actor = response.json()["actor"]
-    assert actor["id"] == "http_user"
-    assert actor["token"] == "dstok"
-
-
-@pytest.mark.asyncio
-async def test_custom_handler_via_http(datasette):
-    """Custom handler tokens should work through HTTP auth."""
-
-    class CustomHandler(TokenHandler):
-        name = "custom_http"
-
-        async def create_token(self, datasette, actor_id, **kwargs):
-            return f"chttp_{actor_id}"
-
-        async def verify_token(self, datasette, token):
-            if token.startswith("chttp_"):
-                return {"id": token[len("chttp_") :], "token": "custom_http"}
-            return None
-
-    class Plugin:
-        __name__ = "CustomHTTPPlugin"
-
-        @staticmethod
-        @hookimpl
-        def register_token_handler(datasette):
-            return CustomHandler()
-
-    pm.register(Plugin(), name="test_custom_http")
-    try:
-        token = await datasette.create_token("web_user", handler="custom_http")
-        response = await datasette.client.get(
-            "/-/actor.json",
-            headers={"Authorization": f"Bearer {token}"},
-        )
-        assert response.status_code == 200
-        actor = response.json()["actor"]
-        assert actor["id"] == "web_user"
-        assert actor["token"] == "custom_http"
-    finally:
-        pm.unregister(name="test_custom_http")
-
-
-@pytest.mark.asyncio
-async def test_token_handler_base_class_raises():
-    """TokenHandler base class methods should raise NotImplementedError."""
-    handler = TokenHandler()
-    ds = Datasette()
-    with pytest.raises(NotImplementedError):
-        await handler.create_token(ds, "test")
-    with pytest.raises(NotImplementedError):
-        await handler.verify_token(ds, "test")
-
-
-@pytest.mark.asyncio
-async def test_restrictions_round_trip(datasette):
-    """Tokens with database/resource restrictions should round-trip correctly."""
-    restrictions = (
-        TokenRestrictions()
-        .allow_all("view-instance")
-        .allow_database("docs", "view-query")
-        .allow_resource("docs", "attachments", "insert-row")
-    )
-    token = await datasette.create_token(
-        "test_actor", handler="signed", restrictions=restrictions
-    )
-    actor = await datasette.verify_token(token)
-    assert actor is not None
-    assert actor["id"] == "test_actor"
-    assert actor["_r"]["a"] == ["view-instance"]
-    assert actor["_r"]["d"] == {"docs": ["view-query"]}
-    assert actor["_r"]["r"] == {"docs": {"attachments": ["insert-row"]}}
-
-
-@pytest.mark.asyncio
-async def test_expires_after_round_trip(datasette):
-    """Tokens with expires_after should include token_expires in the actor."""
-    token = await datasette.create_token(
-        "test_actor", handler="signed", expires_after=3600
-    )
-    actor = await datasette.verify_token(token)
-    assert actor is not None
-    assert actor["id"] == "test_actor"
-    assert "token_expires" in actor
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "build_restrictions,expected",
-    [
-        (lambda r: r, None),
-        (lambda r: r.allow_all("view-instance"), {"a": ["vi"]}),
-        (
-            lambda r: r.allow_database("docs", "view-query"),
-            {"d": {"docs": ["vq"]}},
-        ),
-        (
-            lambda r: r.allow_resource("docs", "attachments", "insert-row"),
-            {"r": {"docs": {"attachments": ["ir"]}}},
-        ),
-        (
-            lambda r: r.allow_all("view-instance")
-            .allow_database("docs", "view-query")
-            .allow_resource("docs", "attachments", "insert-row"),
-            {
-                "a": ["vi"],
-                "d": {"docs": ["vq"]},
-                "r": {"docs": {"attachments": ["ir"]}},
-            },
-        ),
-        (
-            lambda r: r.allow_all("not-a-real-action"),
-            {"a": ["not-a-real-action"]},
-        ),
-    ],
-    ids=["empty", "all", "database", "resource", "combined", "unknown_action"],
-)
-async def test_token_restrictions_abbreviated(datasette, build_restrictions, expected):
-    await datasette.invoke_startup()
-    restrictions = build_restrictions(TokenRestrictions())
-    assert restrictions.abbreviated(datasette) == expected
-
-
-@pytest.mark.asyncio
-async def test_signed_tokens_disabled():
-    """create_token and verify_token should fail/skip when signed tokens are disabled."""
-    ds = Datasette(settings={"allow_signed_tokens": False})
-    with pytest.raises(ValueError, match="Signed tokens are not enabled"):
-        await ds.create_token("test_actor", handler="signed")
-    # verify_token should return None rather than raising
-    assert await ds.verify_token("dstok_anything") is None
diff --git a/tests/test_tracer.py b/tests/test_tracer.py
deleted file mode 100644
index 9db211d3..00000000
--- a/tests/test_tracer.py
+++ /dev/null
@@ -1,98 +0,0 @@
-import pytest
-from .fixtures import make_app_client
-
-
-@pytest.mark.parametrize("trace_debug", (True, False))
-def test_trace(trace_debug):
-    with make_app_client(settings={"trace_debug": trace_debug}) as client:
-        response = client.get("/fixtures/simple_primary_key.json?_trace=1")
-        assert response.status == 200
-
-    data = response.json
-    if not trace_debug:
-        assert "_trace" not in data
-        return
-
-    assert "_trace" in data
-    trace_info = data["_trace"]
-    assert isinstance(trace_info["request_duration_ms"], float)
-    assert isinstance(trace_info["sum_trace_duration_ms"], float)
-    assert isinstance(trace_info["num_traces"], int)
-    assert isinstance(trace_info["traces"], list)
-    traces = trace_info["traces"]
-    assert len(traces) == trace_info["num_traces"]
-    for trace in traces:
-        assert isinstance(trace["type"], str)
-        assert isinstance(trace["start"], float)
-        assert isinstance(trace["end"], float)
-        assert trace["duration_ms"] == (trace["end"] - trace["start"]) * 1000
-        assert isinstance(trace["traceback"], list)
-        assert isinstance(trace["database"], str)
-        assert isinstance(trace["sql"], str)
-        assert isinstance(trace.get("params"), (list, dict, None.__class__))
-
-    sqls = [trace["sql"] for trace in traces if "sql" in trace]
-    # There should be SQL statements from request handling in the trace.
-    # Note: CREATE TABLE, INSERT OR REPLACE, executescript, and executemany
-    # are not expected here because internal tables are now created and
-    # populated during invoke_startup(), before the request is traced.
-    assert any(sql.startswith("select ") for sql in sqls), "No select statements traced"
-
-
-def test_trace_silently_fails_for_large_page():
-    # Max HTML size is 256KB
-    with make_app_client(settings={"trace_debug": True}) as client:
-        # Small response should have trace
-        small_response = client.get("/fixtures/simple_primary_key.json?_trace=1")
-        assert small_response.status == 200
-        assert "_trace" in small_response.json
-
-        # Big response should not
-        big_response = client.get(
-            "/fixtures/-/query.json",
-            params={"_trace": 1, "sql": "select zeroblob(1024 * 256)"},
-        )
-        assert big_response.status == 200
-        assert "_trace" not in big_response.json
-
-
-def test_trace_query_errors():
-    with make_app_client(settings={"trace_debug": True}) as client:
-        response = client.get(
-            "/fixtures/-/query.json",
-            params={"_trace": 1, "sql": "select * from non_existent_table"},
-        )
-        assert response.status == 400
-
-    data = response.json
-    assert "_trace" in data
-    trace_info = data["_trace"]
-    assert trace_info["traces"][-1]["error"] == "no such table: non_existent_table"
-
-
-@pytest.mark.asyncio
-async def test_trace_child_tasks_resets_contextvar_on_exception():
-    from datasette import tracer
-
-    before = tracer.trace_task_id.get()
-    with pytest.raises(ValueError):
-        with tracer.trace_child_tasks():
-            assert tracer.trace_task_id.get() is not None
-            raise ValueError("simulated error")
-    # The contextvar must be reset even though the block raised
-    assert tracer.trace_task_id.get() == before
-
-
-def test_trace_parallel_queries():
-    with make_app_client(settings={"trace_debug": True}) as client:
-        response = client.get("/parallel-queries?_trace=1")
-        assert response.status == 200
-
-    data = response.json
-    assert data["one"] == 1
-    assert data["two"] == 2
-    trace_info = data["_trace"]
-    traces = [trace for trace in trace_info["traces"] if "sql" in trace]
-    one, two = traces
-    # "two" should have started before "one" ended
-    assert two["start"] < one["end"]
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 38ebb51e..df42ea5a 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -2,20 +2,14 @@
 Tests for various datasette helper functions.
 """
 
-from datasette.app import Datasette
 from datasette import utils
 from datasette.utils.asgi import Request
-from datasette.utils.sqlite import (
-    sqlite3,
-    sqlite_hidden_table_names,
-    sqlite_table_type,
-    supports_returning,
-)
-import hashlib
+from datasette.filters import Filters
 import json
 import os
 import pathlib
 import pytest
+import sqlite3
 import tempfile
 from unittest.mock import patch
 
@@ -26,8 +20,8 @@ from unittest.mock import patch
         ("foo", ["foo"]),
         ("foo,bar", ["foo", "bar"]),
         ("123,433,112", ["123", "433", "112"]),
-        ("123~2C433,112", ["123,433", "112"]),
-        ("123~2F433~2F112", ["123/433/112"]),
+        ("123%2C433,112", ["123,433", "112"]),
+        ("123%2F433%2F112", ["123/433/112"]),
     ],
 )
 def test_urlsafe_components(path, expected):
@@ -100,7 +94,7 @@ def test_path_with_replaced_args(path, args, expected):
     "row,pks,expected_path",
     [
         ({"A": "foo", "B": "bar"}, ["A", "B"], "foo,bar"),
-        ({"A": "f,o", "B": "bar"}, ["A", "B"], "f~2Co,bar"),
+        ({"A": "f,o", "B": "bar"}, ["A", "B"], "f%2Co,bar"),
         ({"A": 123}, ["A"], "123"),
         (
             utils.CustomRow(
@@ -146,10 +140,7 @@ def test_custom_json_encoder(obj, expected):
         "update blah;",
         "-- sql comment to skip\nupdate blah;",
         "update blah set some_column='# Hello there\n\n* This is a list\n* of items\n--\n[And a link](https://github.com/simonw/datasette-render-markdown).'\nas demo_markdown",
-        "PRAGMA case_sensitive_like = true",
-        "SELECT * FROM pragma_not_on_allow_list('idx52')",
-        "/* This comment is not valid. select 1",
-        "/**/\nupdate foo set bar = 1\n/* test */ select 1",
+        "PRAGMA case_sensitive_like = true" "SELECT * FROM pragma_index_info('idx52')",
     ],
 )
 def test_validate_sql_select_bad(bad_sql):
@@ -166,22 +157,11 @@ def test_validate_sql_select_bad(bad_sql):
         "select '# Hello there\n\n* This is a list\n* of items\n--\n[And a link](https://github.com/simonw/datasette-render-markdown).'\nas demo_markdown",
         "select 1 + 1",
         "explain select 1 + 1",
-        "explain\nselect 1 + 1",
         "explain query plan select 1 + 1",
-        "explain  query  plan\nselect 1 + 1",
         "SELECT\nblah FROM foo",
         "WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
         "explain WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
         "explain query plan WITH RECURSIVE cnt(x) AS (SELECT 1 UNION ALL SELECT x+1 FROM cnt LIMIT 10) SELECT x FROM cnt;",
-        "SELECT * FROM pragma_index_info('idx52')",
-        "select * from pragma_table_xinfo('table')",
-        # Various types of comment
-        "-- comment\nselect 1",
-        "-- one line\n  -- two line\nselect 1",
-        "  /* comment */\nselect 1",
-        "  /* comment */select 1",
-        "/* comment */\n -- another\n /* one more */ select 1",
-        "/* This comment \n has multiple lines */\nselect 1",
     ],
 )
 def test_validate_sql_select_good(good_sql):
@@ -207,160 +187,15 @@ def test_detect_fts(open_quote, close_quote):
     CREATE VIEW Test_View AS SELECT * FROM Dumb_Table;
     CREATE VIRTUAL TABLE {open}Street_Tree_List_fts{close} USING FTS4 ("qAddress", "qCaretaker", "qSpecies", content={open}Street_Tree_List{close});
     CREATE VIRTUAL TABLE r USING rtree(a, b, c);
-    """.format(open=open_quote, close=close_quote)
+    """.format(
+        open=open_quote, close=close_quote
+    )
     conn = utils.sqlite3.connect(":memory:")
     conn.executescript(sql)
     assert None is utils.detect_fts(conn, "Dumb_Table")
     assert None is utils.detect_fts(conn, "Test_View")
     assert None is utils.detect_fts(conn, "r")
     assert "Street_Tree_List_fts" == utils.detect_fts(conn, "Street_Tree_List")
-    conn.close()
-
-
-@pytest.mark.parametrize(
-    "identifier,expected",
-    (
-        ("plain", "plain"),
-        ("select", '"select"'),
-        ("has space", '"has space"'),
-        ("has'quote", '"has\'quote"'),
-        ('has"dquote', '"has""dquote"'),
-        ("has]bracket", '"has]bracket"'),
-        ('has"dquote]', '"has""dquote]"'),
-    ),
-)
-def test_escape_sqlite(identifier, expected):
-    assert utils.escape_sqlite(identifier) == expected
-
-
-def test_escape_sqlite_double_quotes_work_in_query():
-    conn = utils.sqlite3.connect(":memory:")
-    table = 'table with "double quotes"'
-    column = "select"
-    escaped_table = utils.escape_sqlite(table)
-    escaped_column = utils.escape_sqlite(column)
-    conn.execute(f"CREATE TABLE {escaped_table} ({escaped_column} TEXT)")
-    create_sql = conn.execute(
-        "SELECT sql FROM sqlite_master WHERE type = 'table' AND name = ?", (table,)
-    ).fetchone()[0]
-    assert create_sql == 'CREATE TABLE "table with ""double quotes""" ("select" TEXT)'
-    conn.execute(
-        f"INSERT INTO {escaped_table} ({escaped_column}) VALUES (?)", ("hello",)
-    )
-    results = conn.execute(f"SELECT {escaped_column} FROM {escaped_table}").fetchall()
-    conn.close()
-    assert results == [("hello",)]
-
-
-def test_escape_sqlite_prevents_injection():
-    # https://github.com/simonw/datasette/issues/2677
-    conn = utils.sqlite3.connect(":memory:")
-    conn.execute("CREATE TABLE users (id INTEGER, password TEXT)")
-    conn.execute("INSERT INTO users VALUES (1, 'super_secret_password')")
-    malicious = "users] UNION SELECT password FROM users--"
-    conn.execute('CREATE TABLE "{}" (id INTEGER)'.format(malicious))
-    sql = "select count(*) from {}".format(utils.escape_sqlite(malicious))
-    results = conn.execute(sql).fetchall()
-    conn.close()
-    # The injected UNION must not execute - only the empty malicious table
-    # is queried, so we get a single count row and no leaked password
-    assert results == [(0,)]
-
-
-@pytest.mark.parametrize("table", ("regular", "has'single quote"))
-def test_detect_fts_different_table_names(table):
-    sql = """
-    CREATE TABLE [{table}] (
-      "TreeID" INTEGER,
-      "qSpecies" TEXT
-    );
-    CREATE VIRTUAL TABLE [{table}_fts] USING FTS4 ("qSpecies", content="{table}");
-    """.format(table=table)
-    conn = utils.sqlite3.connect(":memory:")
-    conn.executescript(sql)
-    assert "{table}_fts".format(table=table) == utils.detect_fts(conn, table)
-    conn.close()
-
-
-def test_supports_returning():
-    conn = utils.sqlite3.connect(":memory:")
-    try:
-        conn.execute("create table t (id integer primary key)")
-        conn.execute("insert into t default values returning id").fetchone()
-        expected = True
-    except sqlite3.DatabaseError:
-        expected = False
-    finally:
-        conn.close()
-
-    assert supports_returning() is expected
-
-
-@pytest.mark.parametrize("use_fallback", (False, True))
-def test_sqlite_table_type_detects_virtual_and_shadow_tables(monkeypatch, use_fallback):
-    if use_fallback:
-        monkeypatch.setattr("datasette.utils.sqlite.sqlite_version", lambda: (3, 25, 0))
-    conn = utils.sqlite3.connect(":memory:")
-    try:
-        conn.executescript("""
-            create table dogs(id integer primary key, name text);
-            create view dog_names as select name from dogs;
-            create virtual table search_index using fts5(title, body);
-            create virtual table boxes using rtree(id, minx, maxx, miny, maxy);
-        """)
-
-        assert sqlite_table_type(conn, "dogs") == "table"
-        assert sqlite_table_type(conn, "dog_names") == "view"
-        assert sqlite_table_type(conn, "search_index") == "virtual"
-        assert sqlite_table_type(conn, "search_index_config") == "shadow"
-        assert sqlite_table_type(conn, "boxes") == "virtual"
-        assert sqlite_table_type(conn, "boxes_node") == "shadow"
-        assert sqlite_table_type(conn, "missing") is None
-        assert sqlite_hidden_table_names(conn) == [
-            "boxes_node",
-            "boxes_parent",
-            "boxes_rowid",
-            "search_index_config",
-            "search_index_content",
-            "search_index_data",
-            "search_index_docsize",
-            "search_index_idx",
-        ]
-    finally:
-        conn.close()
-
-
-@pytest.mark.parametrize("use_fallback", (False, True))
-def test_sqlite_table_type_detects_attached_database_tables(monkeypatch, use_fallback):
-    if use_fallback:
-        monkeypatch.setattr("datasette.utils.sqlite.sqlite_version", lambda: (3, 25, 0))
-    conn = utils.sqlite3.connect(":memory:")
-    try:
-        conn.executescript("""
-            attach database ':memory:' as extra;
-            create table extra.cats(id integer primary key, name text);
-            create virtual table extra.cat_search using fts5(name);
-        """)
-
-        assert sqlite_table_type(conn, "cats", schema="extra") == "table"
-        assert sqlite_table_type(conn, "cat_search", schema="extra") == "virtual"
-        assert sqlite_table_type(conn, "cat_search_data", schema="extra") == "shadow"
-    finally:
-        conn.close()
-
-
-def test_sqlite_hidden_table_names_hides_multiline_content_fts_table():
-    conn = utils.sqlite3.connect(":memory:")
-    try:
-        conn.executescript("""
-            create table searchable(id integer primary key, body text);
-            create virtual table searchable_fts
-                using fts5(body, content='searchable', content_rowid='id');
-        """)
-
-        assert "searchable_fts" in sqlite_hidden_table_names(conn)
-    finally:
-        conn.close()
 
 
 @pytest.mark.parametrize(
@@ -395,8 +230,7 @@ def test_to_css_class(s, expected):
 def test_temporary_docker_directory_uses_hard_link():
     with tempfile.TemporaryDirectory() as td:
         os.chdir(td)
-        with open("hello", "w") as fp:
-            fp.write("world")
+        open("hello", "w").write("world")
         # Default usage of this should use symlink
         with utils.temporary_docker_directory(
             files=["hello"],
@@ -410,11 +244,9 @@ def test_temporary_docker_directory_uses_hard_link():
             install=[],
             spatialite=False,
             version_note=None,
-            secret="secret",
         ) as temp_docker:
             hello = os.path.join(temp_docker, "hello")
-            with open(hello) as fp:
-                assert "world" == fp.read()
+            assert "world" == open(hello).read()
             # It should be a hard link
             assert 2 == os.stat(hello).st_nlink
 
@@ -425,8 +257,7 @@ def test_temporary_docker_directory_uses_copy_if_hard_link_fails(mock_link):
     mock_link.side_effect = OSError
     with tempfile.TemporaryDirectory() as td:
         os.chdir(td)
-        with open("hello", "w") as fp:
-            fp.write("world")
+        open("hello", "w").write("world")
         # Default usage of this should use symlink
         with utils.temporary_docker_directory(
             files=["hello"],
@@ -440,11 +271,9 @@ def test_temporary_docker_directory_uses_copy_if_hard_link_fails(mock_link):
             install=[],
             spatialite=False,
             version_note=None,
-            secret=None,
         ) as temp_docker:
             hello = os.path.join(temp_docker, "hello")
-            with open(hello) as fp:
-                assert "world" == fp.read()
+            assert "world" == open(hello).read()
             # It should be a copy, not a hard link
             assert 1 == os.stat(hello).st_nlink
 
@@ -452,8 +281,7 @@ def test_temporary_docker_directory_uses_copy_if_hard_link_fails(mock_link):
 def test_temporary_docker_directory_quotes_args():
     with tempfile.TemporaryDirectory() as td:
         os.chdir(td)
-        with open("hello", "w") as fp:
-            fp.write("world")
+        open("hello", "w").write("world")
         with utils.temporary_docker_directory(
             files=["hello"],
             name="t",
@@ -466,14 +294,11 @@ def test_temporary_docker_directory_quotes_args():
             install=[],
             spatialite=False,
             version_note="$PWD",
-            secret="secret",
         ) as temp_docker:
             df = os.path.join(temp_docker, "Dockerfile")
-            with open(df) as fp:
-                df_contents = fp.read()
+            df_contents = open(df).read()
             assert "'$PWD'" in df_contents
             assert "'--$HOME'" in df_contents
-            assert "ENV DATASETTE_SECRET 'secret'" in df_contents
 
 
 def test_compound_keys_after_sql():
@@ -482,23 +307,53 @@ def test_compound_keys_after_sql():
 ((a > :p0)
   or
 (a = :p0 and b > :p1))
-    """.strip() == utils.compound_keys_after_sql(["a", "b"])
+    """.strip() == utils.compound_keys_after_sql(
+        ["a", "b"]
+    )
     assert """
 ((a > :p0)
   or
 (a = :p0 and b > :p1)
   or
 (a = :p0 and b = :p1 and c > :p2))
-    """.strip() == utils.compound_keys_after_sql(["a", "b", "c"])
+    """.strip() == utils.compound_keys_after_sql(
+        ["a", "b", "c"]
+    )
+
+
+async def table_exists(table):
+    return table == "exists.csv"
+
+
+@pytest.mark.asyncio
+@pytest.mark.parametrize(
+    "table_and_format,expected_table,expected_format",
+    [
+        ("blah", "blah", None),
+        ("blah.csv", "blah", "csv"),
+        ("blah.json", "blah", "json"),
+        ("blah.baz", "blah.baz", None),
+        ("exists.csv", "exists.csv", None),
+    ],
+)
+async def test_resolve_table_and_format(
+    table_and_format, expected_table, expected_format
+):
+    actual_table, actual_format = await utils.resolve_table_and_format(
+        table_and_format, table_exists, ["json"]
+    )
+    assert expected_table == actual_table
+    assert expected_format == actual_format
 
 
 def test_table_columns():
     conn = sqlite3.connect(":memory:")
-    conn.executescript("""
+    conn.executescript(
+        """
     create table places (id integer primary key, name text, bob integer)
-    """)
+    """
+    )
     assert ["id", "name", "bob"] == utils.table_columns(conn, "places")
-    conn.close()
 
 
 @pytest.mark.parametrize(
@@ -508,7 +363,9 @@ def test_table_columns():
         ("/foo?sql=select+1", "json", {}, "/foo.json?sql=select+1"),
         ("/foo/bar", "json", {}, "/foo/bar.json"),
         ("/foo/bar", "csv", {}, "/foo/bar.csv"),
+        ("/foo/bar.csv", "json", {}, "/foo/bar.csv?_format=json"),
         ("/foo/bar", "csv", {"_dl": 1}, "/foo/bar.csv?_dl=1"),
+        ("/foo/b.csv", "json", {"_dl": 1}, "/foo/b.csv?_dl=1&_format=json"),
         (
             "/sf-trees/Street_Tree_List?_search=cherry&_size=1000",
             "csv",
@@ -519,16 +376,10 @@ def test_table_columns():
 )
 def test_path_with_format(path, format, extra_qs, expected):
     request = Request.fake(path)
-    actual = utils.path_with_format(request=request, format=format, extra_qs=extra_qs)
+    actual = utils.path_with_format(request, format, extra_qs)
     assert expected == actual
 
 
-def test_path_with_format_can_override_request_path():
-    request = Request.fake("/prefix/foo?x=1")
-    actual = utils.path_with_format(request=request, path="/foo", format="json")
-    assert "/foo.json?x=1" == actual
-
-
 @pytest.mark.parametrize(
     "bytes,expected",
     [
@@ -562,343 +413,13 @@ def test_escape_fts(query, expected):
     assert expected == utils.escape_fts(query)
 
 
-@pytest.mark.parametrize(
-    "input,expected",
-    [
-        ("dog", "dog"),
-        ('dateutil_parse("1/2/2020")', r"dateutil_parse(\0000221/2/2020\000022)"),
-        ("this\r\nand\r\nthat", r"this\00000Aand\00000Athat"),
-    ],
-)
-def test_escape_css_string(input, expected):
-    assert expected == utils.escape_css_string(input)
-
-
 def test_check_connection_spatialite_raises():
     path = str(pathlib.Path(__file__).parent / "spatialite.db")
     conn = sqlite3.connect(path)
     with pytest.raises(utils.SpatialiteConnectionProblem):
         utils.check_connection(conn)
-    conn.close()
 
 
 def test_check_connection_passes():
     conn = sqlite3.connect(":memory:")
     utils.check_connection(conn)
-    conn.close()
-
-
-def test_call_with_supported_arguments():
-    def foo(a, b):
-        return f"{a}+{b}"
-
-    assert "1+2" == utils.call_with_supported_arguments(foo, a=1, b=2)
-    assert "1+2" == utils.call_with_supported_arguments(foo, a=1, b=2, c=3)
-
-    with pytest.raises(TypeError):
-        utils.call_with_supported_arguments(foo, a=1)
-
-
-@pytest.mark.parametrize(
-    "data,should_raise",
-    [
-        ([["foo", "bar"], ["foo", "baz"]], False),
-        ([("foo", "bar"), ("foo", "baz")], False),
-        ((["foo", "bar"], ["foo", "baz"]), False),
-        ([["foo", "bar"], ["foo", "baz", "bax"]], True),
-        ({"foo": ["bar", "baz"]}, False),
-        ({"foo": ("bar", "baz")}, False),
-        ({"foo": "bar"}, True),
-    ],
-)
-def test_multi_params(data, should_raise):
-    if should_raise:
-        with pytest.raises(AssertionError):
-            utils.MultiParams(data)
-        return
-    p1 = utils.MultiParams(data)
-    assert "bar" == p1["foo"]
-    assert ["bar", "baz"] == list(p1.getlist("foo"))
-
-
-@pytest.mark.parametrize(
-    "actor,allow,expected",
-    [
-        # Default is to allow:
-        (None, None, True),
-        # {} means deny-all:
-        (None, {}, False),
-        ({"id": "root"}, {}, False),
-        # true means allow-all
-        ({"id": "root"}, True, True),
-        (None, True, True),
-        # false means deny-all
-        ({"id": "root"}, False, False),
-        (None, False, False),
-        # Special case for "unauthenticated": true
-        (None, {"unauthenticated": True}, True),
-        (None, {"unauthenticated": False}, False),
-        # Match on just one property:
-        (None, {"id": "root"}, False),
-        ({"id": "root"}, None, True),
-        ({"id": "simon", "staff": True}, {"staff": True}, True),
-        ({"id": "simon", "staff": False}, {"staff": True}, False),
-        # Special "*" value for any key:
-        ({"id": "root"}, {"id": "*"}, True),
-        ({}, {"id": "*"}, False),
-        ({"name": "root"}, {"id": "*"}, False),
-        # Supports single strings or list of values:
-        ({"id": "root"}, {"id": "bob"}, False),
-        ({"id": "root"}, {"id": ["bob"]}, False),
-        ({"id": "root"}, {"id": "root"}, True),
-        ({"id": "root"}, {"id": ["root"]}, True),
-        # Any matching role will work:
-        ({"id": "garry", "roles": ["staff", "dev"]}, {"roles": ["staff"]}, True),
-        ({"id": "garry", "roles": ["staff", "dev"]}, {"roles": ["dev"]}, True),
-        ({"id": "garry", "roles": ["staff", "dev"]}, {"roles": ["otter"]}, False),
-        ({"id": "garry", "roles": ["staff", "dev"]}, {"roles": ["dev", "otter"]}, True),
-        ({"id": "garry", "roles": []}, {"roles": ["staff"]}, False),
-        ({"id": "garry"}, {"roles": ["staff"]}, False),
-        # Any single matching key works:
-        ({"id": "root"}, {"bot_id": "my-bot", "id": ["root"]}, True),
-    ],
-)
-def test_actor_matches_allow(actor, allow, expected):
-    assert expected == utils.actor_matches_allow(actor, allow)
-
-
-@pytest.mark.parametrize(
-    "config,expected",
-    [
-        ({"foo": "bar"}, {"foo": "bar"}),
-        ({"$env": "FOO"}, "x"),
-        ({"k": {"$env": "FOO"}}, {"k": "x"}),
-        ([{"k": {"$env": "FOO"}}, {"z": {"$env": "FOO"}}], [{"k": "x"}, {"z": "x"}]),
-        ({"k": [{"in_a_list": {"$env": "FOO"}}]}, {"k": [{"in_a_list": "x"}]}),
-    ],
-)
-def test_resolve_env_secrets(config, expected):
-    assert expected == utils.resolve_env_secrets(config, {"FOO": "x"})
-
-
-@pytest.mark.parametrize(
-    "actor,expected",
-    [
-        ({"id": "blah"}, "blah"),
-        ({"id": "blah", "login": "l"}, "l"),
-        ({"id": "blah", "login": "l"}, "l"),
-        ({"id": "blah", "login": "l", "username": "u"}, "u"),
-        ({"login": "l", "name": "n"}, "n"),
-        (
-            {"id": "blah", "login": "l", "username": "u", "name": "n", "display": "d"},
-            "d",
-        ),
-        ({"weird": "shape"}, "{'weird': 'shape'}"),
-    ],
-)
-def test_display_actor(actor, expected):
-    assert expected == utils.display_actor(actor)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "dbs,expected_path",
-    [
-        (["one_table"], "/one/one"),
-        (["two_tables"], "/two"),
-        (["one_table", "two_tables"], "/"),
-    ],
-)
-async def test_initial_path_for_datasette(tmp_path_factory, dbs, expected_path):
-    db_dir = tmp_path_factory.mktemp("dbs")
-    one_table = str(db_dir / "one.db")
-    conn1 = sqlite3.connect(one_table)
-    conn1.execute("create table one (id integer primary key)")
-    conn1.close()
-    two_tables = str(db_dir / "two.db")
-    conn2 = sqlite3.connect(two_tables)
-    conn2.execute("create table two (id integer primary key)")
-    conn2.execute("create table three (id integer primary key)")
-    conn2.close()
-    datasette = Datasette(
-        [{"one_table": one_table, "two_tables": two_tables}[db] for db in dbs]
-    )
-    path = await utils.initial_path_for_datasette(datasette)
-    assert path == expected_path
-
-
-@pytest.mark.parametrize(
-    "content,expected",
-    (
-        ("title: Hello", {"title": "Hello"}),
-        ('{"title": "Hello"}', {"title": "Hello"}),
-        ("{{ this }} is {{ bad }}", None),
-    ),
-)
-def test_parse_metadata(content, expected):
-    if expected is None:
-        with pytest.raises(utils.BadMetadataError):
-            utils.parse_metadata(content)
-    else:
-        assert utils.parse_metadata(content) == expected
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "sql,expected",
-    (
-        ("select 1", []),
-        ("select 1 + :one", ["one"]),
-        ("select 1 + :one + :two", ["one", "two"]),
-        ("select 'bob' || '0:00' || :cat", ["cat"]),
-        ("select this is invalid :one, :two, :three", ["one", "two", "three"]),
-    ),
-)
-@pytest.mark.parametrize("use_async_version", (False, True))
-async def test_named_parameters(sql, expected, use_async_version):
-    ds = Datasette([], memory=True)
-    db = ds.get_database("_memory")
-    if use_async_version:
-        params = await utils.derive_named_parameters(db, sql)
-    else:
-        params = utils.named_parameters(sql)
-    assert params == expected
-
-
-@pytest.mark.parametrize(
-    "original,expected",
-    (
-        ("abc", "abc"),
-        ("/foo/bar", "~2Ffoo~2Fbar"),
-        ("/-/bar", "~2F-~2Fbar"),
-        ("-/db-/table.csv", "-~2Fdb-~2Ftable~2Ecsv"),
-        (r"%~-/", "~25~7E-~2F"),
-        ("~25~7E~2D~2F", "~7E25~7E7E~7E2D~7E2F"),
-        ("with space", "with+space"),
-    ),
-)
-def test_tilde_encoding(original, expected):
-    actual = utils.tilde_encode(original)
-    assert actual == expected
-    # And test round-trip
-    assert original == utils.tilde_decode(actual)
-
-
-@pytest.mark.parametrize(
-    "url,length,expected",
-    (
-        ("https://example.com/", 5, "http…"),
-        ("https://example.com/foo/bar", 15, "https://exampl…"),
-        ("https://example.com/foo/bar/baz.jpg", 30, "https://example.com/foo/ba….jpg"),
-        # Extensions longer than 4 characters are not treated specially:
-        ("https://example.com/foo/bar/baz.jpeg2", 30, "https://example.com/foo/bar/b…"),
-        (
-            "https://example.com/foo/bar/baz.jpeg2",
-            None,
-            "https://example.com/foo/bar/baz.jpeg2",
-        ),
-    ),
-)
-def test_truncate_url(url, length, expected):
-    actual = utils.truncate_url(url, length)
-    assert actual == expected
-
-
-@pytest.mark.parametrize(
-    "pairs,expected",
-    (
-        # Simple nested objects
-        ([("a", "b")], {"a": "b"}),
-        ([("a.b", "c")], {"a": {"b": "c"}}),
-        # JSON literals
-        ([("a.b", "true")], {"a": {"b": True}}),
-        ([("a.b", "false")], {"a": {"b": False}}),
-        ([("a.b", "null")], {"a": {"b": None}}),
-        ([("a.b", "1")], {"a": {"b": 1}}),
-        ([("a.b", "1.1")], {"a": {"b": 1.1}}),
-        # Nested JSON literals
-        ([("a.b", '{"foo": "bar"}')], {"a": {"b": {"foo": "bar"}}}),
-        ([("a.b", "[1, 2, 3]")], {"a": {"b": [1, 2, 3]}}),
-        # JSON strings are preserved
-        ([("a.b", '"true"')], {"a": {"b": "true"}}),
-        ([("a.b", '"[1, 2, 3]"')], {"a": {"b": "[1, 2, 3]"}}),
-        # Later keys over-ride the previous
-        (
-            [
-                ("a", "b"),
-                ("a.b", "c"),
-            ],
-            {"a": {"b": "c"}},
-        ),
-        (
-            [
-                ("settings.trace_debug", "true"),
-                ("plugins.datasette-ripgrep.path", "/etc"),
-                ("settings.trace_debug", "false"),
-            ],
-            {
-                "settings": {
-                    "trace_debug": False,
-                },
-                "plugins": {
-                    "datasette-ripgrep": {
-                        "path": "/etc",
-                    }
-                },
-            },
-        ),
-    ),
-)
-def test_pairs_to_nested_config(pairs, expected):
-    actual = utils.pairs_to_nested_config(pairs)
-    assert actual == expected
-
-
-def test_sha256_file(tmp_path):
-    path = tmp_path / "test.txt"
-    path.write_text("hello")
-    assert utils.sha256_file(path, chunk_size=2) == hashlib.sha256(b"hello").hexdigest()
-
-
-@pytest.mark.asyncio
-async def test_calculate_etag(tmp_path):
-    path = tmp_path / "test.txt"
-    path.write_text("hello")
-    etag = '"5d41402abc4b2a76b9719d911017c592"'
-    assert etag == await utils.calculate_etag(path)
-    assert utils._etag_cache[path] == etag
-    utils._etag_cache[path] = "hash"
-    assert "hash" == await utils.calculate_etag(path)
-    utils._etag_cache.clear()
-
-
-@pytest.mark.parametrize(
-    "dict1,dict2,expected",
-    [
-        # Basic update
-        ({"a": 1, "b": 2}, {"b": 3, "c": 4}, {"a": 1, "b": 3, "c": 4}),
-        # Nested dictionary update
-        (
-            {"a": 1, "b": {"x": 10, "y": 20}},
-            {"b": {"y": 30, "z": 40}},
-            {"a": 1, "b": {"x": 10, "y": 30, "z": 40}},
-        ),
-        # Deep nested update
-        (
-            {"a": {"b": {"c": 1}}},
-            {"a": {"b": {"d": 2}}},
-            {"a": {"b": {"c": 1, "d": 2}}},
-        ),
-        # Update with mixed types
-        (
-            {"a": 1, "b": {"x": 10}},
-            {"b": {"y": 20}, "c": [1, 2, 3]},
-            {"a": 1, "b": {"x": 10, "y": 20}, "c": [1, 2, 3]},
-        ),
-    ],
-)
-def test_deep_dict_update(dict1, dict2, expected):
-    result = utils.deep_dict_update(dict1, dict2)
-    assert result == expected
-    # Check that the original dict1 was modified
-    assert dict1 == expected
diff --git a/tests/test_utils_check_callable.py b/tests/test_utils_check_callable.py
deleted file mode 100644
index 4f72f9ff..00000000
--- a/tests/test_utils_check_callable.py
+++ /dev/null
@@ -1,46 +0,0 @@
-from datasette.utils.check_callable import check_callable
-import pytest
-
-
-class AsyncClass:
-    async def __call__(self):
-        pass
-
-
-class NotAsyncClass:
-    def __call__(self):
-        pass
-
-
-class ClassNoCall:
-    pass
-
-
-async def async_func():
-    pass
-
-
-def non_async_func():
-    pass
-
-
-@pytest.mark.parametrize(
-    "obj,expected_is_callable,expected_is_async_callable",
-    (
-        (async_func, True, True),
-        (non_async_func, True, False),
-        (AsyncClass(), True, True),
-        (NotAsyncClass(), True, False),
-        (ClassNoCall(), False, False),
-        (AsyncClass, True, False),
-        (NotAsyncClass, True, False),
-        (ClassNoCall, True, False),
-        ("", False, False),
-        (1, False, False),
-        (str, True, False),
-    ),
-)
-def test_check_callable(obj, expected_is_callable, expected_is_async_callable):
-    status = check_callable(obj)
-    assert status.is_callable == expected_is_callable
-    assert status.is_async_callable == expected_is_async_callable
diff --git a/tests/test_utils_permissions.py b/tests/test_utils_permissions.py
deleted file mode 100644
index bc3599c2..00000000
--- a/tests/test_utils_permissions.py
+++ /dev/null
@@ -1,610 +0,0 @@
-import pytest
-from datasette.app import Datasette
-from datasette.permissions import PermissionSQL
-from datasette.utils.permissions import resolve_permissions_from_catalog
-from typing import Callable, List
-
-
-@pytest.fixture
-def db():
-    ds = Datasette()
-    import tempfile
-    from datasette.database import Database
-
-    path = tempfile.mktemp(suffix="demo.db")
-    db = ds.add_database(Database(ds, path=path))
-    return db
-
-
-NO_RULES_SQL = (
-    "SELECT NULL AS parent, NULL AS child, NULL AS allow, NULL AS reason WHERE 0"
-)
-
-
-def plugin_allow_all_for_user(user: str) -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT NULL AS parent, NULL AS child, 1 AS allow,
-                   'global allow for ' || :allow_all_user || ' on ' || :allow_all_action AS reason
-            WHERE :actor_id = :allow_all_user
-            """,
-            {"allow_all_user": user, "allow_all_action": action},
-        )
-
-    return provider
-
-
-def plugin_deny_specific_table(
-    user: str, parent: str, child: str
-) -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT :deny_specific_table_parent AS parent, :deny_specific_table_child AS child, 0 AS allow,
-                   'deny ' || :deny_specific_table_parent || '/' || :deny_specific_table_child || ' for ' || :deny_specific_table_user || ' on ' || :deny_specific_table_action AS reason
-            WHERE :actor_id = :deny_specific_table_user
-            """,
-            {
-                "deny_specific_table_parent": parent,
-                "deny_specific_table_child": child,
-                "deny_specific_table_user": user,
-                "deny_specific_table_action": action,
-            },
-        )
-
-    return provider
-
-
-def plugin_org_policy_deny_parent(parent: str) -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT :org_policy_parent_deny_parent AS parent, NULL AS child, 0 AS allow,
-                   'org policy: parent ' || :org_policy_parent_deny_parent || ' denied on ' || :org_policy_parent_deny_action AS reason
-            """,
-            {
-                "org_policy_parent_deny_parent": parent,
-                "org_policy_parent_deny_action": action,
-            },
-        )
-
-    return provider
-
-
-def plugin_allow_parent_for_user(
-    user: str, parent: str
-) -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT :allow_parent_parent AS parent, NULL AS child, 1 AS allow,
-                   'allow full parent for ' || :allow_parent_user || ' on ' || :allow_parent_action AS reason
-            WHERE :actor_id = :allow_parent_user
-            """,
-            {
-                "allow_parent_parent": parent,
-                "allow_parent_user": user,
-                "allow_parent_action": action,
-            },
-        )
-
-    return provider
-
-
-def plugin_child_allow_for_user(
-    user: str, parent: str, child: str
-) -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT :allow_child_parent AS parent, :allow_child_child AS child, 1 AS allow,
-                   'allow child for ' || :allow_child_user || ' on ' || :allow_child_action AS reason
-            WHERE :actor_id = :allow_child_user
-            """,
-            {
-                "allow_child_parent": parent,
-                "allow_child_child": child,
-                "allow_child_user": user,
-                "allow_child_action": action,
-            },
-        )
-
-    return provider
-
-
-def plugin_root_deny_for_all() -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT NULL AS parent, NULL AS child, 0 AS allow, 'root deny for all on ' || :root_deny_action AS reason
-            """,
-            {"root_deny_action": action},
-        )
-
-    return provider
-
-
-def plugin_conflicting_same_child_rules(
-    user: str, parent: str, child: str
-) -> List[Callable[[str], PermissionSQL]]:
-    def allow_provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT :conflict_child_allow_parent AS parent, :conflict_child_allow_child AS child, 1 AS allow,
-                   'team grant at child for ' || :conflict_child_allow_user || ' on ' || :conflict_child_allow_action AS reason
-            WHERE :actor_id = :conflict_child_allow_user
-            """,
-            {
-                "conflict_child_allow_parent": parent,
-                "conflict_child_allow_child": child,
-                "conflict_child_allow_user": user,
-                "conflict_child_allow_action": action,
-            },
-        )
-
-    def deny_provider(action: str) -> PermissionSQL:
-        return PermissionSQL(
-            """
-            SELECT :conflict_child_deny_parent AS parent, :conflict_child_deny_child AS child, 0 AS allow,
-                   'exception deny at child for ' || :conflict_child_deny_user || ' on ' || :conflict_child_deny_action AS reason
-            WHERE :actor_id = :conflict_child_deny_user
-            """,
-            {
-                "conflict_child_deny_parent": parent,
-                "conflict_child_deny_child": child,
-                "conflict_child_deny_user": user,
-                "conflict_child_deny_action": action,
-            },
-        )
-
-    return [allow_provider, deny_provider]
-
-
-def plugin_allow_all_for_action(
-    user: str, allowed_action: str
-) -> Callable[[str], PermissionSQL]:
-    def provider(action: str) -> PermissionSQL:
-        if action != allowed_action:
-            return PermissionSQL(NO_RULES_SQL)
-        # Sanitize parameter names by replacing hyphens with underscores
-        param_prefix = action.replace("-", "_")
-        return PermissionSQL(
-            f"""
-            SELECT NULL AS parent, NULL AS child, 1 AS allow,
-                   'global allow for ' || :{param_prefix}_user || ' on ' || :{param_prefix}_action AS reason
-            WHERE :actor_id = :{param_prefix}_user
-            """,
-            {f"{param_prefix}_user": user, f"{param_prefix}_action": action},
-        )
-
-    return provider
-
-
-VIEW_TABLE = "view-table"
-
-
-# ---------- Catalog DDL (from your schema) ----------
-CATALOG_DDL = """
-CREATE TABLE IF NOT EXISTS catalog_databases (
-    database_name TEXT PRIMARY KEY,
-    path TEXT,
-    is_memory INTEGER,
-    schema_version INTEGER
-);
-CREATE TABLE IF NOT EXISTS catalog_tables (
-    database_name TEXT,
-    table_name TEXT,
-    rootpage INTEGER,
-    sql TEXT,
-    PRIMARY KEY (database_name, table_name),
-    FOREIGN KEY (database_name) REFERENCES catalog_databases(database_name)
-);
-"""
-
-PARENTS = ["accounting", "hr", "analytics"]
-SPECIALS = {"accounting": ["sales"], "analytics": ["secret"], "hr": []}
-
-TABLE_CANDIDATES_SQL = (
-    "SELECT database_name AS parent, table_name AS child FROM catalog_tables"
-)
-PARENT_CANDIDATES_SQL = (
-    "SELECT database_name AS parent, NULL AS child FROM catalog_databases"
-)
-
-
-# ---------- Helpers ----------
-async def seed_catalog(db, per_parent: int = 10) -> None:
-    await db.execute_write_script(CATALOG_DDL)
-    # databases
-    db_rows = [(p, f"/{p}.db", 0, 1) for p in PARENTS]
-    await db.execute_write_many(
-        "INSERT OR REPLACE INTO catalog_databases(database_name, path, is_memory, schema_version) VALUES (?,?,?,?)",
-        db_rows,
-    )
-
-    # tables
-    def tables_for(parent: str, n: int):
-        base = [f"table{i:02d}" for i in range(1, n + 1)]
-        for s in SPECIALS.get(parent, []):
-            if s not in base:
-                base[0] = s
-        return base
-
-    table_rows = []
-    for p in PARENTS:
-        for t in tables_for(p, per_parent):
-            table_rows.append((p, t, 0, f"CREATE TABLE {t} (id INTEGER PRIMARY KEY)"))
-    await db.execute_write_many(
-        "INSERT OR REPLACE INTO catalog_tables(database_name, table_name, rootpage, sql) VALUES (?,?,?,?)",
-        table_rows,
-    )
-
-
-def res_allowed(rows, parent=None):
-    return sorted(
-        r["resource"]
-        for r in rows
-        if r["allow"] == 1 and (parent is None or r["parent"] == parent)
-    )
-
-
-def res_denied(rows, parent=None):
-    return sorted(
-        r["resource"]
-        for r in rows
-        if r["allow"] == 0 and (parent is None or r["parent"] == parent)
-    )
-
-
-# ---------- Tests ----------
-@pytest.mark.asyncio
-async def test_alice_global_allow_with_specific_denies_catalog(db):
-    await seed_catalog(db)
-    plugins = [
-        plugin_allow_all_for_user("alice"),
-        plugin_deny_specific_table("alice", "accounting", "sales"),
-        plugin_org_policy_deny_parent("hr"),
-    ]
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "alice"},
-        plugins,
-        VIEW_TABLE,
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-    # Alice can see everything except accounting/sales and hr/*
-    assert "/accounting/sales" in res_denied(rows)
-    for r in rows:
-        if r["parent"] == "hr":
-            assert r["allow"] == 0
-        elif r["resource"] == "/accounting/sales":
-            assert r["allow"] == 0
-        else:
-            assert r["allow"] == 1
-
-
-@pytest.mark.asyncio
-async def test_carol_parent_allow_but_child_conflict_deny_wins_catalog(db):
-    await seed_catalog(db)
-    plugins = [
-        plugin_org_policy_deny_parent("hr"),
-        plugin_allow_parent_for_user("carol", "analytics"),
-        *plugin_conflicting_same_child_rules("carol", "analytics", "secret"),
-    ]
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "carol"},
-        plugins,
-        VIEW_TABLE,
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-    allowed_analytics = res_allowed(rows, parent="analytics")
-    denied_analytics = res_denied(rows, parent="analytics")
-
-    assert "/analytics/secret" in denied_analytics
-    # 10 analytics children total, 1 denied
-    assert len(allowed_analytics) == 9
-
-
-@pytest.mark.asyncio
-async def test_specificity_child_allow_overrides_parent_deny_catalog(db):
-    await seed_catalog(db)
-    plugins = [
-        plugin_allow_all_for_user("alice"),
-        plugin_org_policy_deny_parent("analytics"),  # parent-level deny
-        plugin_child_allow_for_user(
-            "alice", "analytics", "table02"
-        ),  # child allow beats parent deny
-    ]
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "alice"},
-        plugins,
-        VIEW_TABLE,
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-
-    # table02 allowed, other analytics tables denied
-    assert any(r["resource"] == "/analytics/table02" and r["allow"] == 1 for r in rows)
-    assert all(
-        (r["parent"] != "analytics" or r["child"] == "table02" or r["allow"] == 0)
-        for r in rows
-    )
-
-
-@pytest.mark.asyncio
-async def test_root_deny_all_but_parent_allow_rescues_specific_parent_catalog(db):
-    await seed_catalog(db)
-    plugins = [
-        plugin_root_deny_for_all(),  # root deny
-        plugin_allow_parent_for_user(
-            "bob", "accounting"
-        ),  # parent allow (more specific)
-    ]
-    rows = await resolve_permissions_from_catalog(
-        db, {"id": "bob"}, plugins, VIEW_TABLE, TABLE_CANDIDATES_SQL, implicit_deny=True
-    )
-    for r in rows:
-        if r["parent"] == "accounting":
-            assert r["allow"] == 1
-        else:
-            assert r["allow"] == 0
-
-
-@pytest.mark.asyncio
-async def test_parent_scoped_candidates(db):
-    await seed_catalog(db)
-    plugins = [
-        plugin_org_policy_deny_parent("hr"),
-        plugin_allow_parent_for_user("carol", "analytics"),
-    ]
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "carol"},
-        plugins,
-        VIEW_TABLE,
-        PARENT_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-    d = {r["resource"]: r["allow"] for r in rows}
-    assert d["/analytics"] == 1
-    assert d["/hr"] == 0
-
-
-@pytest.mark.asyncio
-async def test_implicit_deny_behavior(db):
-    await seed_catalog(db)
-    plugins = []  # no rules at all
-
-    # implicit_deny=True -> everything denied with reason 'implicit deny'
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "erin"},
-        plugins,
-        VIEW_TABLE,
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-    assert all(r["allow"] == 0 and r["reason"] == "implicit deny" for r in rows)
-
-    # implicit_deny=False -> no winner => allow is None, reason is None
-    rows2 = await resolve_permissions_from_catalog(
-        db,
-        {"id": "erin"},
-        plugins,
-        VIEW_TABLE,
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=False,
-    )
-    assert all(r["allow"] is None and r["reason"] is None for r in rows2)
-
-
-@pytest.mark.asyncio
-async def test_candidate_filters_via_params(db):
-    await seed_catalog(db)
-    # Add some metadata to test filtering
-    # Mark 'hr' as is_memory=1 and increment analytics schema_version
-    await db.execute_write(
-        "UPDATE catalog_databases SET is_memory=1 WHERE database_name='hr'"
-    )
-    await db.execute_write(
-        "UPDATE catalog_databases SET schema_version=2 WHERE database_name='analytics'"
-    )
-
-    # Candidate SQL that filters by db metadata via params
-    candidate_sql = """
-    SELECT t.database_name AS parent, t.table_name AS child
-    FROM catalog_tables t
-    JOIN catalog_databases d ON d.database_name = t.database_name
-    WHERE (:exclude_memory = 1 AND d.is_memory = 1) IS NOT 1
-      AND (:min_schema_version IS NULL OR d.schema_version >= :min_schema_version)
-    """
-
-    plugins = [
-        plugin_root_deny_for_all(),
-        plugin_allow_parent_for_user(
-            "dev", "analytics"
-        ),  # analytics rescued if included by candidates
-    ]
-
-    # Case 1: exclude memory dbs, require schema_version >= 2 -> only analytics appear, and thus are allowed
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "dev"},
-        plugins,
-        VIEW_TABLE,
-        candidate_sql,
-        candidate_params={"exclude_memory": 1, "min_schema_version": 2},
-        implicit_deny=True,
-    )
-    assert rows and all(r["parent"] == "analytics" for r in rows)
-    assert all(r["allow"] == 1 for r in rows)
-
-    # Case 2: include memory dbs, min_schema_version = None -> accounting/hr/analytics appear,
-    # but root deny wins except where specifically allowed (none except analytics parent allow doesn’t apply to table depth if candidate includes children; still fine—policy is explicit).
-    rows2 = await resolve_permissions_from_catalog(
-        db,
-        {"id": "dev"},
-        plugins,
-        VIEW_TABLE,
-        candidate_sql,
-        candidate_params={"exclude_memory": 0, "min_schema_version": None},
-        implicit_deny=True,
-    )
-    assert any(r["parent"] == "accounting" for r in rows2)
-    assert any(r["parent"] == "hr" for r in rows2)
-    # For table-scoped candidates, the parent-level allow does not override root deny unless you have child-level rules
-    assert all(r["allow"] in (0, 1) for r in rows2)
-
-
-@pytest.mark.asyncio
-async def test_action_specific_rules(db):
-    await seed_catalog(db)
-    plugins = [plugin_allow_all_for_action("dana", VIEW_TABLE)]
-
-    view_rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "dana"},
-        plugins,
-        VIEW_TABLE,
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-    assert view_rows and all(r["allow"] == 1 for r in view_rows)
-    assert all(r["action"] == VIEW_TABLE for r in view_rows)
-
-    insert_rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "dana"},
-        plugins,
-        "insert-row",
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-    assert insert_rows and all(r["allow"] == 0 for r in insert_rows)
-    assert all(r["reason"] == "implicit deny" for r in insert_rows)
-    assert all(r["action"] == "insert-row" for r in insert_rows)
-
-
-@pytest.mark.asyncio
-async def test_actor_actor_id_action_parameters_available(db):
-    """Test that :actor (JSON), :actor_id, and :action are all available in SQL"""
-    await seed_catalog(db)
-
-    def plugin_using_all_parameters() -> Callable[[str], PermissionSQL]:
-        def provider(action: str) -> PermissionSQL:
-            return PermissionSQL("""
-                SELECT NULL AS parent, NULL AS child, 1 AS allow,
-                       'Actor ID: ' || COALESCE(:actor_id, 'null') ||
-                       ', Actor JSON: ' || COALESCE(:actor, 'null') ||
-                       ', Action: ' || :action AS reason
-                WHERE :actor_id = 'test_user' AND :action = 'view-table'
-                AND json_extract(:actor, '$.role') = 'admin'
-                """)
-
-        return provider
-
-    plugins = [plugin_using_all_parameters()]
-
-    # Test with full actor dict
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "test_user", "role": "admin"},
-        plugins,
-        "view-table",
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=True,
-    )
-
-    # Should have allowed rows with reason containing all the info
-    allowed = [r for r in rows if r["allow"] == 1]
-    assert len(allowed) > 0
-
-    # Check that the reason string contains evidence of all parameters
-    reason = allowed[0]["reason"]
-    assert "test_user" in reason
-    assert "view-table" in reason
-    # The :actor parameter should be the JSON string
-    assert "Actor JSON:" in reason
-
-
-@pytest.mark.asyncio
-async def test_multiple_plugins_with_own_parameters(db):
-    """
-    Test that multiple plugins can use their own parameter names without conflict.
-
-    This verifies that the parameter naming convention works: plugins prefix their
-    parameters (e.g., :plugin1_pattern, :plugin2_message) and both sets of parameters
-    are successfully bound in the SQL queries.
-    """
-    await seed_catalog(db)
-
-    def plugin_one() -> Callable[[str], PermissionSQL]:
-        def provider(action: str) -> PermissionSQL:
-            if action != "view-table":
-                return PermissionSQL("plugin_one", "SELECT NULL WHERE 0", {})
-            return PermissionSQL(
-                """
-                SELECT database_name AS parent, table_name AS child,
-                       1 AS allow, 'Plugin one used param: ' || :plugin1_param AS reason
-                FROM catalog_tables
-                WHERE database_name = 'accounting'
-                """,
-                {
-                    "plugin1_param": "value1",
-                },
-            )
-
-        return provider
-
-    def plugin_two() -> Callable[[str], PermissionSQL]:
-        def provider(action: str) -> PermissionSQL:
-            if action != "view-table":
-                return PermissionSQL("plugin_two", "SELECT NULL WHERE 0", {})
-            return PermissionSQL(
-                """
-                SELECT database_name AS parent, table_name AS child,
-                       1 AS allow, 'Plugin two used param: ' || :plugin2_param AS reason
-                FROM catalog_tables
-                WHERE database_name = 'hr'
-                """,
-                {
-                    "plugin2_param": "value2",
-                },
-            )
-
-        return provider
-
-    plugins = [plugin_one(), plugin_two()]
-
-    rows = await resolve_permissions_from_catalog(
-        db,
-        {"id": "test_user"},
-        plugins,
-        "view-table",
-        TABLE_CANDIDATES_SQL,
-        implicit_deny=False,
-    )
-
-    # Both plugins should contribute results with their parameters successfully bound
-    plugin_one_rows = [
-        r for r in rows if r.get("reason") and "Plugin one" in r["reason"]
-    ]
-    plugin_two_rows = [
-        r for r in rows if r.get("reason") and "Plugin two" in r["reason"]
-    ]
-
-    assert len(plugin_one_rows) > 0, "Plugin one should contribute rules"
-    assert len(plugin_two_rows) > 0, "Plugin two should contribute rules"
-
-    # Verify each plugin's parameters were successfully bound in the SQL
-    assert any(
-        "value1" in r.get("reason", "") for r in plugin_one_rows
-    ), "Plugin one's :plugin1_param should be bound"
-    assert any(
-        "value2" in r.get("reason", "") for r in plugin_two_rows
-    ), "Plugin two's :plugin2_param should be bound"
diff --git a/tests/test_utils_sql_analysis.py b/tests/test_utils_sql_analysis.py
deleted file mode 100644
index 979ff9e1..00000000
--- a/tests/test_utils_sql_analysis.py
+++ /dev/null
@@ -1,458 +0,0 @@
-import pytest
-
-from datasette.utils.sqlite import sqlite3
-from datasette.utils.sql_analysis import analyze_sql_tables
-
-
-@pytest.fixture
-def conn():
-    conn = sqlite3.connect(":memory:")
-    conn.executescript("""
-        create table dogs (id integer primary key, name text, age integer);
-        create table cats (id integer primary key, name text);
-        create table log (message text);
-        create view dog_names as select id, name from dogs;
-        create trigger dogs_after_insert after insert on dogs begin
-            update cats set name = new.name where id = new.id;
-            insert into log (message) values (new.name);
-        end;
-        create trigger dog_names_instead_of_update instead of update on dog_names begin
-            update dogs set name = new.name where id = old.id;
-        end;
-        """)
-    try:
-        yield conn
-    finally:
-        conn.close()
-
-
-def table_operation_tuples(analysis):
-    return [
-        (
-            operation.operation,
-            operation.database,
-            operation.sqlite_schema,
-            operation.table,
-            operation.columns,
-            operation.source,
-        )
-        for operation in analysis.operations
-        if operation.target_type == "table"
-        and operation.operation in {"read", "insert", "update", "delete"}
-        and not operation.internal
-    ]
-
-
-def test_analyze_select_tables(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "select dogs.name, cats.name from dogs join cats on dogs.id = cats.id where dogs.age > ?",
-        (2,),
-        database_name="data",
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("read", "data", "main", "cats", ("id", "name"), None),
-        ("read", "data", "main", "dogs", ("age", "id", "name"), None),
-    }
-
-
-def test_analyze_uses_sqlite_schema_as_default_database(conn):
-    analysis = analyze_sql_tables(conn, "select name from dogs")
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("read", "main", "main", "dogs", ("name",), None),
-    }
-
-
-def test_analyze_user_schema_table_read_is_not_internal(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "insert into log select sql from sqlite_master where name = 'dogs'",
-        database_name="data",
-    )
-
-    assert {
-        "operation": "read",
-        "target_type": "schema",
-        "database": "data",
-        "sqlite_schema": "main",
-        "table": None,
-        "target": "sqlite_master",
-        "columns": ("name", "sql"),
-        "source": None,
-        "internal": False,
-    } in [operation_dict(operation) for operation in analysis.operations]
-
-
-def operation_dict(operation):
-    return {
-        "operation": operation.operation,
-        "target_type": operation.target_type,
-        "database": operation.database,
-        "sqlite_schema": operation.sqlite_schema,
-        "table": operation.table,
-        "target": operation.target,
-        "columns": operation.columns,
-        "source": operation.source,
-        "internal": operation.internal,
-    }
-
-
-def test_analyze_create_table_operation():
-    conn = sqlite3.connect(":memory:")
-    try:
-        analysis = analyze_sql_tables(
-            conn,
-            "create table foobar (id integer primary key, name text)",
-            database_name="data",
-        )
-    finally:
-        conn.close()
-
-    assert {
-        "operation": "create",
-        "target_type": "table",
-        "database": "data",
-        "sqlite_schema": "main",
-        "table": "foobar",
-        "target": "foobar",
-        "columns": (),
-        "source": None,
-        "internal": False,
-    } in [operation_dict(operation) for operation in analysis.operations]
-    assert not [
-        operation
-        for operation in analysis.operations
-        if operation.table in {"sqlite_master", "sqlite_schema"}
-        and not operation.internal
-    ]
-
-
-def test_analyze_vacuum_operation():
-    conn = sqlite3.connect(":memory:")
-    try:
-        analysis = analyze_sql_tables(conn, "vacuum", database_name="data")
-    finally:
-        conn.close()
-
-    assert [operation_dict(operation) for operation in analysis.operations] == [
-        {
-            "operation": "vacuum",
-            "target_type": "database",
-            "database": "data",
-            "sqlite_schema": "main",
-            "table": None,
-            "target": "data",
-            "columns": (),
-            "source": None,
-            "internal": False,
-        }
-    ]
-
-
-def test_analyze_statement_with_no_authorizer_callbacks_is_unknown():
-    conn = sqlite3.connect(":memory:")
-    try:
-        analysis = analyze_sql_tables(conn, "reindex", database_name="data")
-    finally:
-        conn.close()
-
-    assert [operation_dict(operation) for operation in analysis.operations] == [
-        {
-            "operation": "unknown",
-            "target_type": "statement",
-            "database": "data",
-            "sqlite_schema": None,
-            "table": None,
-            "target": None,
-            "columns": (),
-            "source": None,
-            "internal": False,
-        }
-    ]
-
-
-def test_analyze_transaction_operation(conn):
-    analysis = analyze_sql_tables(conn, "commit", database_name="data")
-
-    assert [operation_dict(operation) for operation in analysis.operations] == [
-        {
-            "operation": "commit",
-            "target_type": "transaction",
-            "database": None,
-            "sqlite_schema": None,
-            "table": None,
-            "target": "COMMIT",
-            "columns": (),
-            "source": None,
-            "internal": False,
-        }
-    ]
-
-
-def test_analyze_savepoint_operation(conn):
-    analysis = analyze_sql_tables(conn, "savepoint s", database_name="data")
-
-    assert [operation_dict(operation) for operation in analysis.operations] == [
-        {
-            "operation": "savepoint",
-            "target_type": "transaction",
-            "database": None,
-            "sqlite_schema": None,
-            "table": None,
-            "target": "BEGIN s",
-            "columns": (),
-            "source": None,
-            "internal": False,
-        }
-    ]
-
-
-def test_analyze_function_operation(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "insert into dogs (name) values (upper(:name))",
-        {"name": "Cleo"},
-        database_name="data",
-    )
-
-    assert {
-        (
-            operation.operation,
-            operation.target_type,
-            operation.target,
-            operation.database,
-            operation.table,
-        )
-        for operation in analysis.operations
-    } == {
-        ("insert", "table", "dogs", "data", "dogs"),
-        ("function", "function", "upper", None, None),
-        ("read", "table", "dogs", "data", "dogs"),
-        ("update", "table", "cats", "data", "cats"),
-        ("read", "table", "cats", "data", "cats"),
-        ("insert", "table", "log", "data", "log"),
-    }
-
-
-def test_analyze_create_virtual_table_operation():
-    conn = sqlite3.connect(":memory:")
-    try:
-        analysis = analyze_sql_tables(
-            conn,
-            "create virtual table docs using fts5(body)",
-            database_name="data",
-        )
-    finally:
-        conn.close()
-
-    assert {
-        "operation": "create",
-        "target_type": "virtual-table",
-        "database": "data",
-        "sqlite_schema": "main",
-        "table": "docs",
-        "target": "docs",
-        "columns": (),
-        "source": None,
-        "internal": False,
-    } in [operation_dict(operation) for operation in analysis.operations]
-
-
-def test_analyze_table_kind_for_regular_virtual_and_shadow_tables():
-    conn = sqlite3.connect(":memory:")
-    try:
-        conn.executescript("""
-            create table dogs (id integer primary key, name text);
-            create virtual table docs using fts5(title, body, content='');
-        """)
-
-        regular_analysis = analyze_sql_tables(
-            conn,
-            "insert into dogs (name) values ('Cleo')",
-            database_name="data",
-        )
-        virtual_analysis = analyze_sql_tables(
-            conn,
-            "insert into docs(docs) values('delete-all')",
-            database_name="data",
-        )
-        shadow_analysis = analyze_sql_tables(
-            conn,
-            "insert into docs_config(k, v) values ('x', 1)",
-            database_name="data",
-        )
-    finally:
-        conn.close()
-
-    regular_insert = next(
-        operation
-        for operation in regular_analysis.operations
-        if operation.operation == "insert" and operation.table == "dogs"
-    )
-    virtual_insert = next(
-        operation
-        for operation in virtual_analysis.operations
-        if operation.operation == "insert" and operation.table == "docs"
-    )
-    shadow_insert = next(
-        operation
-        for operation in shadow_analysis.operations
-        if operation.operation == "insert" and operation.table == "docs_config"
-    )
-
-    assert regular_insert.table_kind == "table"
-    assert virtual_insert.table_kind == "virtual"
-    assert shadow_insert.table_kind == "shadow"
-
-
-def test_analyze_create_table_as_select_function_is_not_internal():
-    conn = sqlite3.connect(":memory:")
-    try:
-        conn.execute("create table secret(value text)")
-        analysis = analyze_sql_tables(
-            conn,
-            "create table copied as select substr(value, 1, 1) from secret",
-            database_name="data",
-        )
-    finally:
-        conn.close()
-
-    assert {
-        "operation": "function",
-        "target_type": "function",
-        "database": None,
-        "sqlite_schema": None,
-        "table": None,
-        "target": "substr",
-        "columns": (),
-        "source": None,
-        "internal": False,
-    } in [operation_dict(operation) for operation in analysis.operations]
-
-
-def test_analyze_insert_tables(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "insert into dogs (name, age) values (:name, :age)",
-        {"name": "Cleo", "age": 4},
-        database_name="data",
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("insert", "data", "main", "dogs", (), None),
-        ("read", "data", "main", "dogs", ("id", "name"), "dogs_after_insert"),
-        ("update", "data", "main", "cats", ("name",), "dogs_after_insert"),
-        ("read", "data", "main", "cats", ("id",), "dogs_after_insert"),
-        ("insert", "data", "main", "log", (), "dogs_after_insert"),
-    }
-
-
-def test_analyze_update_tables(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "update dogs set age = age + 1 where name = ?",
-        ("Cleo",),
-        database_name="data",
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("update", "data", "main", "dogs", ("age",), None),
-        ("read", "data", "main", "dogs", ("age", "name"), None),
-    }
-
-
-def test_analyze_delete_tables(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "delete from dogs where name = ?",
-        ("Cleo",),
-        database_name="data",
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("delete", "data", "main", "dogs", (), None),
-        ("read", "data", "main", "dogs", ("name",), None),
-    }
-
-
-def test_analyze_insert_select_with_cte(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        """
-        with old_dogs as (
-            select name from dogs where age > :age
-        )
-        insert into cats (name)
-        select name from old_dogs
-        """,
-        {"age": 10},
-        database_name="data",
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("insert", "data", "main", "cats", (), None),
-        ("read", "data", "main", "dogs", ("age", "name"), "old_dogs"),
-    }
-
-
-def test_analyze_view_with_instead_of_trigger(conn):
-    analysis = analyze_sql_tables(
-        conn,
-        "update dog_names set name = :name where id = :id",
-        {"name": "Zelda", "id": 1},
-        database_name="data",
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("update", "data", "main", "dog_names", ("name",), None),
-        ("read", "data", "main", "dogs", ("id", "name"), "dog_names"),
-        ("read", "data", "main", "dog_names", ("id", "name"), "dog_names"),
-        (
-            "read",
-            "data",
-            "main",
-            "dog_names",
-            ("id", "name"),
-            "dog_names_instead_of_update",
-        ),
-        ("update", "data", "main", "dogs", ("name",), "dog_names_instead_of_update"),
-        ("read", "data", "main", "dogs", ("id",), "dog_names_instead_of_update"),
-    }
-
-
-def test_analyze_attached_database_tables(conn):
-    conn.execute("attach database ':memory:' as extra")
-    conn.execute("create table extra.people (id integer primary key, name text)")
-
-    analysis = analyze_sql_tables(
-        conn,
-        "insert into extra.people (name) select name from dogs",
-        database_name="data",
-        schema_to_database={"extra": "extra_db"},
-    )
-
-    assert set(table_operation_tuples(analysis)) == {
-        ("insert", "extra_db", "extra", "people", (), None),
-        ("read", "data", "main", "dogs", ("name",), None),
-    }
-
-
-def test_analyze_clears_authorizer_on_error():
-    class FakeConnection:
-        def __init__(self):
-            self.authorizers = []
-
-        def set_authorizer(self, authorizer):
-            self.authorizers.append(authorizer)
-
-        def execute(self, sql, params):
-            raise sqlite3.OperationalError("bad SQL")
-
-    conn = FakeConnection()
-
-    with pytest.raises(sqlite3.OperationalError):
-        analyze_sql_tables(conn, "bad SQL")
-
-    assert conn.authorizers[-1] is None
diff --git a/tests/test_write_sql_operation_decisions.py b/tests/test_write_sql_operation_decisions.py
deleted file mode 100644
index cc19f701..00000000
--- a/tests/test_write_sql_operation_decisions.py
+++ /dev/null
@@ -1,94 +0,0 @@
-import pytest
-
-from datasette.utils.sql_analysis import Operation
-from datasette.write_sql import (
-    IgnoreWriteSqlOperation,
-    RejectWriteSqlOperation,
-    RequireWriteSqlPermissions,
-    UnsupportedWriteSqlOperation,
-    decision_for_write_sql_operation,
-)
-
-
-@pytest.mark.parametrize(
-    ("operation", "reason"),
-    (
-        pytest.param(
-            Operation("read", "schema", None, None, "main", internal=True),
-            "internal SQLite operation",
-            id="internal",
-        ),
-        pytest.param(
-            Operation("select", "statement", None, None, None),
-            "select statement",
-            id="select-statement",
-        ),
-        pytest.param(
-            Operation("function", "function", None, None, None, target="upper"),
-            "SQL function",
-            id="function",
-        ),
-    ),
-)
-def test_decision_for_write_sql_operation_ignores_operations(operation, reason):
-    decision = decision_for_write_sql_operation(operation)
-
-    assert isinstance(decision, IgnoreWriteSqlOperation)
-    assert decision.reason == reason
-
-
-@pytest.mark.parametrize("operation", ("insert", "update"))
-def test_decision_for_write_sql_operation_requires_table_write_permissions(operation):
-    decision = decision_for_write_sql_operation(
-        Operation(operation, "table", "data", "dogs", None)
-    )
-
-    assert isinstance(decision, RequireWriteSqlPermissions)
-    assert [permission.action for permission in decision.permissions] == [
-        "insert-row",
-        "update-row",
-        "delete-row",
-    ]
-    assert [str(permission.resource) for permission in decision.permissions] == [
-        "data/dogs",
-        "data/dogs",
-        "data/dogs",
-    ]
-
-
-@pytest.mark.parametrize(
-    ("operation", "message"),
-    (
-        pytest.param(
-            Operation("vacuum", "statement", None, None, None),
-            "VACUUM is not allowed in user-supplied SQL",
-            id="vacuum",
-        ),
-        pytest.param(
-            Operation("insert", "table", "data", "docs", None, table_kind="virtual"),
-            "Writes to virtual tables are not allowed in user-supplied SQL",
-            id="virtual-table",
-        ),
-        pytest.param(
-            Operation(
-                "insert", "table", "data", "docs_data", None, table_kind="shadow"
-            ),
-            "Writes to shadow tables are not allowed in user-supplied SQL",
-            id="shadow-table",
-        ),
-    ),
-)
-def test_decision_for_write_sql_operation_rejects_operations(operation, message):
-    decision = decision_for_write_sql_operation(operation)
-
-    assert isinstance(decision, RejectWriteSqlOperation)
-    assert decision.message == message
-
-
-def test_decision_for_write_sql_operation_reports_unsupported_operations():
-    decision = decision_for_write_sql_operation(
-        Operation("unknown", "unknown", None, None, None)
-    )
-
-    assert isinstance(decision, UnsupportedWriteSqlOperation)
-    assert decision.message == "Unsupported SQL operation: unknown unknown"
diff --git a/tests/test_write_wrapper.py b/tests/test_write_wrapper.py
deleted file mode 100644
index 88ce5520..00000000
--- a/tests/test_write_wrapper.py
+++ /dev/null
@@ -1,768 +0,0 @@
-"""
-Tests for the write_wrapper plugin hook.
-"""
-
-import asyncio
-from dataclasses import dataclass
-from datasette.app import Datasette
-from datasette.events import Event
-from datasette.hookspecs import hookimpl
-from datasette.plugins import pm
-import pytest
-import sqlite3
-import time
-
-
-@dataclass
-class DummyEvent(Event):
-    name = "dummy"
-    message: str
-
-
-@pytest.fixture
-def datasette(tmp_path):
-    db_path = str(tmp_path / "test.db")
-    ds = Datasette([db_path])
-    return ds
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "use_execute_write",
-    (False, True),
-    ids=["execute_write_fn", "execute_write"],
-)
-async def test_write_wrapper_before_and_after(datasette, use_execute_write):
-    """Test that code before and after yield both execute."""
-    log = []
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn):
-                log.append("before")
-                yield
-                log.append("after")
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_before_after")
-    try:
-        db = datasette.get_database("test")
-        if use_execute_write:
-            await db.execute_write(
-                "create table if not exists t (id integer primary key)"
-            )
-        else:
-            await db.execute_write_fn(
-                lambda conn: conn.execute(
-                    "create table if not exists t (id integer primary key)"
-                )
-            )
-        assert log == ["before", "after"]
-    finally:
-        pm.unregister(name="test_before_after")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_receives_result_via_yield(datasette):
-    """Test that the result of fn(conn) is sent back through yield."""
-    captured = {}
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn):
-                result = yield
-                captured["result"] = result
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_result")
-    try:
-        db = datasette.get_database("test")
-        await db.execute_write_fn(
-            lambda conn: conn.execute(
-                "create table if not exists t2 (id integer primary key)"
-            )
-        )
-        assert "result" in captured
-        # Should be a sqlite3 Cursor
-        assert captured["result"] is not None
-    finally:
-        pm.unregister(name="test_result")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_exception_thrown_into_generator(datasette):
-    """Test that exceptions from fn(conn) are thrown into the generator."""
-    caught = {}
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn):
-                try:
-                    yield
-                except Exception as e:
-                    caught["error"] = e
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_exception")
-    try:
-        db = datasette.get_database("test")
-        with pytest.raises(Exception, match="deliberate"):
-            await db.execute_write_fn(
-                lambda conn: (_ for _ in ()).throw(Exception("deliberate"))
-            )
-        assert "error" in caught
-        assert str(caught["error"]) == "deliberate"
-    finally:
-        pm.unregister(name="test_exception")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_conn_is_usable(datasette):
-    """Test that the conn passed to the wrapper can execute SQL."""
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn):
-                conn.execute("create table if not exists hook_log (msg text)")
-                conn.execute("insert into hook_log values ('before')")
-                yield
-                conn.execute("insert into hook_log values ('after')")
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_conn")
-    try:
-        db = datasette.get_database("test")
-        await db.execute_write_fn(
-            lambda conn: conn.execute(
-                "create table if not exists t3 (id integer primary key)"
-            )
-        )
-        result = await db.execute("select msg from hook_log order by rowid")
-        messages = [row[0] for row in result.rows]
-        assert messages == ["before", "after"]
-    finally:
-        pm.unregister(name="test_conn")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_multiple_plugins_nest(datasette):
-    """Test that multiple write_wrapper plugins nest correctly."""
-    log = []
-
-    class PluginA:
-        __name__ = "PluginA"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn):
-                log.append("A-before")
-                yield
-                log.append("A-after")
-
-            return wrapper
-
-    class PluginB:
-        __name__ = "PluginB"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn):
-                log.append("B-before")
-                yield
-                log.append("B-after")
-
-            return wrapper
-
-    pm.register(PluginA(), name="PluginA")
-    pm.register(PluginB(), name="PluginB")
-    try:
-        db = datasette.get_database("test")
-        await db.execute_write_fn(
-            lambda conn: conn.execute(
-                "create table if not exists t4 (id integer primary key)"
-            )
-        )
-        assert set(log) == {"A-before", "A-after", "B-before", "B-after"}
-        # Verify proper nesting: each plugin's before/after should be
-        # symmetric around the write
-        a_before = log.index("A-before")
-        a_after = log.index("A-after")
-        b_before = log.index("B-before")
-        b_after = log.index("B-after")
-        if a_before < b_before:
-            assert a_after > b_after, "A is outer so A-after should come after B-after"
-        else:
-            assert b_after > a_after, "B is outer so B-after should come after A-after"
-    finally:
-        pm.unregister(name="PluginA")
-        pm.unregister(name="PluginB")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_return_none_skips(datasette):
-    """Test that returning None from write_wrapper means no wrapping."""
-    log = []
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            log.append("hook-called")
-            return None
-
-    pm.register(Plugin(), name="test_skip")
-    try:
-        db = datasette.get_database("test")
-        await db.execute_write_fn(
-            lambda conn: conn.execute(
-                "create table if not exists t5 (id integer primary key)"
-            )
-        )
-        assert log == ["hook-called"]
-    finally:
-        pm.unregister(name="test_skip")
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "request_value,transaction_value,expected_request,expected_transaction",
-    (
-        ("fake-request", True, "fake-request", True),
-        (None, True, None, True),
-        (None, False, None, False),
-    ),
-    ids=["with-request", "request-none-by-default", "transaction-false"],
-)
-async def test_write_wrapper_hook_parameters(
-    datasette,
-    request_value,
-    transaction_value,
-    expected_request,
-    expected_transaction,
-):
-    """Test that request and transaction parameters are passed through."""
-    captured = {}
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            captured["request"] = request
-            captured["database"] = database
-            captured["transaction"] = transaction
-
-    pm.register(Plugin(), name="test_params")
-    try:
-        db = datasette.get_database("test")
-        kwargs = {"transaction": transaction_value}
-        if request_value is not None:
-            kwargs["request"] = request_value
-        await db.execute_write_fn(
-            lambda conn: conn.execute(
-                "create table if not exists t6 (id integer primary key)"
-            ),
-            **kwargs,
-        )
-        assert captured["request"] == expected_request
-        assert captured["database"] == "test"
-        assert captured["transaction"] == expected_transaction
-    finally:
-        pm.unregister(name="test_params")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_via_api(tmp_path):
-    """Test that write_wrapper fires for API write operations."""
-    log = []
-
-    db_path = str(tmp_path / "test.db")
-    ds = Datasette([db_path], pdb=False)
-    ds.root_enabled = True
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            if database != "test":
-                return None
-
-            def wrapper(conn):
-                log.append("before")
-                yield
-                log.append("after")
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_api")
-    try:
-        db = ds.get_database("test")
-        await db.execute_write(
-            "create table if not exists api_test (id integer primary key, name text)"
-        )
-        log.clear()
-
-        token = "dstok_{}".format(
-            ds.sign(
-                {"a": "root", "token": "dstok", "t": int(time.time())},
-                namespace="token",
-            )
-        )
-        response = await ds.client.post(
-            "/test/api_test/-/insert",
-            json={"row": {"name": "test"}, "return": True},
-            headers={
-                "Authorization": "Bearer {}".format(token),
-                "Content-Type": "application/json",
-            },
-        )
-        assert response.status_code == 201, response.json()
-        assert log == ["before", "after"]
-    finally:
-        pm.unregister(name="test_api")
-
-
-@pytest.mark.asyncio
-async def test_write_wrapper_change_group_pattern(datasette):
-    """Test the motivating use case: activating a change group around a write."""
-    db = datasette.get_database("test")
-
-    await db.execute_write(
-        "create table if not exists groups (id integer primary key, current integer)"
-    )
-    await db.execute_write(
-        "create table if not exists data (id integer primary key, value text)"
-    )
-    await db.execute_write("insert into groups (id, current) values (1, null)")
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            if request and getattr(request, "group_id", None):
-                group_id = request.group_id
-
-                def wrapper(conn):
-                    conn.execute(
-                        "update groups set current = 1 where id = ?", [group_id]
-                    )
-                    yield
-                    conn.execute("update groups set current = null where current = 1")
-
-                return wrapper
-
-    pm.register(Plugin(), name="test_change_group")
-    try:
-
-        class FakeRequest:
-            group_id = 1
-
-        await db.execute_write_fn(
-            lambda conn: conn.execute("insert into data (value) values ('test')"),
-            request=FakeRequest(),
-        )
-
-        result = await db.execute("select current from groups where id = 1")
-        assert result.rows[0][0] is None
-    finally:
-        pm.unregister(name="test_change_group")
-
-
-WRITE_ACTIONS = (
-    sqlite3.SQLITE_INSERT,
-    sqlite3.SQLITE_UPDATE,
-    sqlite3.SQLITE_DELETE,
-)
-
-
-@pytest.mark.asyncio
-@pytest.mark.parametrize(
-    "actor,table,should_deny",
-    (
-        (None, "protected_table", True),
-        ({"id": "regular"}, "protected_table", True),
-        ({"id": "admin"}, "protected_table", False),
-        (None, "other_table", False),
-        ({"id": "regular"}, "other_table", False),
-    ),
-    ids=[
-        "no-actor-protected",
-        "regular-user-protected",
-        "admin-protected",
-        "no-actor-other",
-        "regular-user-other",
-    ],
-)
-async def test_write_wrapper_set_authorizer(datasette, actor, table, should_deny):
-    """Test the docs example that uses set_authorizer to block writes to a protected table."""
-    db = datasette.get_database("test")
-    await db.execute_write(
-        "create table if not exists protected_table (id integer primary key, value text)"
-    )
-    await db.execute_write(
-        "create table if not exists other_table (id integer primary key, value text)"
-    )
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            actor = None
-            if request:
-                actor = request.actor
-            if actor and actor.get("id") == "admin":
-                return None
-
-            def wrapper(conn):
-                def authorizer(action, arg1, arg2, db_name, trigger):
-                    if action in WRITE_ACTIONS and arg1 == "protected_table":
-                        return sqlite3.SQLITE_DENY
-                    return sqlite3.SQLITE_OK
-
-                conn.set_authorizer(authorizer)
-                try:
-                    yield
-                finally:
-                    conn.set_authorizer(lambda *args: sqlite3.SQLITE_OK)
-
-            return wrapper
-
-    class FakeRequest:
-        def __init__(self, actor):
-            self.actor = actor
-
-    pm.register(Plugin(), name="test_set_authorizer")
-    try:
-        request = FakeRequest(actor)
-        if should_deny:
-            with pytest.raises(Exception):
-                await db.execute_write_fn(
-                    lambda conn: conn.execute(
-                        f"insert into {table} (value) values ('test')"
-                    ),
-                    request=request,
-                )
-        else:
-            await db.execute_write_fn(
-                lambda conn: conn.execute(
-                    f"insert into {table} (value) values ('test')"
-                ),
-                request=request,
-            )
-            result = await db.execute(
-                f"select value from {table} order by rowid desc limit 1"
-            )
-            assert result.rows[0][0] == "test"
-    finally:
-        pm.unregister(name="test_set_authorizer")
-
-
-# --- Tests for track_event callback ---
-
-
-@pytest.fixture
-def ds_with_event_tracking(tmp_path):
-    """Datasette instance that records tracked events and registers DummyEvent."""
-    db_path = str(tmp_path / "test.db")
-    ds = Datasette([db_path])
-    ds._tracked_events = []
-    # Set event_classes directly to avoid needing invoke_startup
-    ds.event_classes = (DummyEvent,)
-
-    async def recording_track_event(event):
-        ds._tracked_events.append(event)
-
-    ds.track_event = recording_track_event
-
-    yield ds
-    ds.close()
-
-
-@pytest.mark.asyncio
-async def test_track_event_in_write_fn(ds_with_event_tracking):
-    """fn(conn, track_event) can queue events that are dispatched after commit."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    def my_write(conn, track_event):
-        conn.execute("create table if not exists te1 (id integer primary key)")
-        track_event(DummyEvent(actor=None, message="hello"))
-
-    await db.execute_write_fn(my_write)
-    assert len(ds._tracked_events) == 1
-    assert ds._tracked_events[0].message == "hello"
-
-
-@pytest.mark.asyncio
-async def test_track_event_discarded_on_exception(ds_with_event_tracking):
-    """Events are discarded if the write fn raises an exception."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    def my_write(conn, track_event):
-        track_event(DummyEvent(actor=None, message="should not fire"))
-        raise ValueError("deliberate error")
-
-    with pytest.raises(ValueError, match="deliberate"):
-        await db.execute_write_fn(my_write)
-    assert len(ds._tracked_events) == 0
-
-
-@pytest.mark.asyncio
-async def test_track_event_existing_fn_signature_still_works(ds_with_event_tracking):
-    """Existing fn(conn) signatures continue to work without track_event."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    await db.execute_write_fn(
-        lambda conn: conn.execute(
-            "create table if not exists te2 (id integer primary key)"
-        )
-    )
-    # No events, no errors
-    assert len(ds._tracked_events) == 0
-
-
-@pytest.mark.asyncio
-async def test_track_event_in_write_wrapper(ds_with_event_tracking):
-    """write_wrapper generator with (conn, track_event) can queue events."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn, track_event):
-                track_event(DummyEvent(actor=None, message="from wrapper before"))
-                yield
-                track_event(DummyEvent(actor=None, message="from wrapper after"))
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_track_wrapper")
-    try:
-        await db.execute_write_fn(
-            lambda conn: conn.execute(
-                "create table if not exists te3 (id integer primary key)"
-            )
-        )
-        assert len(ds._tracked_events) == 2
-        assert ds._tracked_events[0].message == "from wrapper before"
-        assert ds._tracked_events[1].message == "from wrapper after"
-    finally:
-        pm.unregister(name="test_track_wrapper")
-
-
-@pytest.mark.asyncio
-async def test_track_event_shared_between_fn_and_wrapper(ds_with_event_tracking):
-    """Both fn and wrapper can queue events, all dispatched in order."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    class Plugin:
-        __name__ = "Plugin"
-
-        @staticmethod
-        @hookimpl
-        def write_wrapper(datasette, database, request, transaction):
-            def wrapper(conn, track_event):
-                track_event(DummyEvent(actor=None, message="wrapper-before"))
-                yield
-                track_event(DummyEvent(actor=None, message="wrapper-after"))
-
-            return wrapper
-
-    pm.register(Plugin(), name="test_track_shared")
-    try:
-
-        def my_write(conn, track_event):
-            conn.execute("create table if not exists te4 (id integer primary key)")
-            track_event(DummyEvent(actor=None, message="from-fn"))
-
-        await db.execute_write_fn(my_write)
-        messages = [e.message for e in ds._tracked_events]
-        assert messages == ["wrapper-before", "from-fn", "wrapper-after"]
-    finally:
-        pm.unregister(name="test_track_shared")
-
-
-@pytest.mark.asyncio
-async def test_track_event_with_block_false(ds_with_event_tracking):
-    """Events are dispatched even when block=False (non-blocking writes)."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    def my_write(conn, track_event):
-        conn.execute("create table if not exists te5 (id integer primary key)")
-        track_event(DummyEvent(actor=None, message="non-blocking"))
-
-    task_id = await db.execute_write_fn(my_write, block=False)
-    assert task_id is not None
-
-    # Give the background task time to complete
-    for _ in range(50):
-        if ds._tracked_events:
-            break
-        await asyncio.sleep(0.01)
-
-    assert len(ds._tracked_events) == 1
-    assert ds._tracked_events[0].message == "non-blocking"
-
-
-@pytest.mark.asyncio
-async def test_track_event_with_block_false_discarded_on_exception(
-    ds_with_event_tracking,
-):
-    """Events queued by a non-blocking write are discarded if the write fails."""
-    ds = ds_with_event_tracking
-    db = ds.get_database("test")
-
-    def my_write(conn, track_event):
-        track_event(DummyEvent(actor=None, message="should not fire"))
-        raise ValueError("deliberate error")
-
-    task_id = await db.execute_write_fn(my_write, block=False)
-    assert task_id is not None
-
-    # A following blocking write proves the failed non-blocking task has
-    # completed; one more loop turn lets its event-dispatch task observe the
-    # exception and exit.
-    await db.execute_write_fn(lambda conn: conn.execute("select 1"))
-    await asyncio.sleep(0)
-
-    assert ds._tracked_events == []
-
-
-# --- Tests for RenameTableEvent detection ---
-
-
-@pytest.fixture
-def ds_for_rename(tmp_path):
-    """Datasette instance that records tracked events for rename detection tests."""
-    from datasette.events import RenameTableEvent
-
-    db_path = str(tmp_path / "test.db")
-    ds = Datasette([db_path])
-    ds._tracked_events = []
-    ds.event_classes = (RenameTableEvent,)
-
-    async def recording_track_event(event):
-        ds._tracked_events.append(event)
-
-    ds.track_event = recording_track_event
-    return ds
-
-
-@pytest.mark.asyncio
-async def test_rename_table_fires_event(ds_for_rename):
-    """Renaming a table via ALTER TABLE fires a RenameTableEvent."""
-    from datasette.events import RenameTableEvent
-
-    ds = ds_for_rename
-    db = ds.get_database("test")
-
-    await db.execute_write("create table old_name (id integer primary key)")
-
-    def rename(conn):
-        conn.execute("alter table old_name rename to new_name")
-
-    await db.execute_write_fn(rename)
-
-    rename_events = [e for e in ds._tracked_events if isinstance(e, RenameTableEvent)]
-    assert len(rename_events) == 1
-    assert rename_events[0].old_table == "old_name"
-    assert rename_events[0].new_table == "new_name"
-    assert rename_events[0].database == "test"
-
-
-@pytest.mark.asyncio
-async def test_no_rename_event_for_regular_writes(ds_for_rename):
-    """Regular writes (CREATE, INSERT) do not fire RenameTableEvent."""
-    from datasette.events import RenameTableEvent
-
-    ds = ds_for_rename
-    db = ds.get_database("test")
-
-    await db.execute_write("create table t (id integer primary key)")
-    await db.execute_write_fn(lambda conn: conn.execute("insert into t values (1)"))
-
-    rename_events = [e for e in ds._tracked_events if isinstance(e, RenameTableEvent)]
-    assert len(rename_events) == 0
-
-
-@pytest.mark.asyncio
-async def test_no_rename_event_on_rollback(ds_for_rename):
-    """RenameTableEvent is not fired if the write raises an exception."""
-    from datasette.events import RenameTableEvent
-
-    ds = ds_for_rename
-    db = ds.get_database("test")
-
-    await db.execute_write("create table rollback_test (id integer primary key)")
-
-    def rename_then_fail(conn):
-        conn.execute("alter table rollback_test rename to renamed")
-        raise ValueError("deliberate error")
-
-    with pytest.raises(ValueError, match="deliberate"):
-        await db.execute_write_fn(rename_then_fail)
-
-    rename_events = [e for e in ds._tracked_events if isinstance(e, RenameTableEvent)]
-    assert len(rename_events) == 0
-
-
-@pytest.mark.asyncio
-async def test_multiple_renames_in_one_write(ds_for_rename):
-    """Multiple renames in a single write fire multiple RenameTableEvents."""
-    from datasette.events import RenameTableEvent
-
-    ds = ds_for_rename
-    db = ds.get_database("test")
-
-    await db.execute_write("create table alpha (id integer primary key)")
-    await db.execute_write("create table beta (id integer primary key)")
-
-    def rename_both(conn):
-        conn.execute("alter table alpha rename to alpha2")
-        conn.execute("alter table beta rename to beta2")
-
-    await db.execute_write_fn(rename_both)
-
-    rename_events = [e for e in ds._tracked_events if isinstance(e, RenameTableEvent)]
-    assert len(rename_events) == 2
-    names = {(e.old_table, e.new_table) for e in rename_events}
-    assert names == {("alpha", "alpha2"), ("beta", "beta2")}
diff --git a/tests/utils.py b/tests/utils.py
index 808feea7..8947956b 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -1,47 +1,8 @@
-from datasette.utils.sqlite import sqlite3
-
-
-def last_event(datasette):
-    events = getattr(datasette, "_tracked_events", [])
-    return events[-1] if events else None
-
-
-def assert_footer_links(soup):
-    footer_links = soup.find("footer").find_all("a")
-    assert 4 == len(footer_links)
-    datasette_link, license_link, source_link, about_link = footer_links
-    assert "Datasette" == datasette_link.text.strip()
-    assert "tests/fixtures.py" == source_link.text.strip()
-    assert "Apache License 2.0" == license_link.text.strip()
-    assert "About Datasette" == about_link.text.strip()
-    assert "https://datasette.io/" == datasette_link["href"]
-    assert (
-        "https://github.com/simonw/datasette/blob/main/tests/fixtures.py"
-        == source_link["href"]
-    )
-    assert (
-        "https://github.com/simonw/datasette/blob/main/LICENSE" == license_link["href"]
-    )
-    assert "https://github.com/simonw/datasette" == about_link["href"]
-
-
-def inner_html(soup):
-    html = str(soup)
-    # This includes the parent tag - so remove that
-    inner_html = html.split(">", 1)[1].rsplit("<", 1)[0]
-    return inner_html.strip()
-
-
-def has_load_extension():
-    conn = sqlite3.connect(":memory:")
-    result = hasattr(conn, "enable_load_extension")
-    conn.close()
-    return result
-
-
-def cookie_was_deleted(response, cookie):
-    return any(
-        h
-        for h in response.headers.get_list("set-cookie")
-        if h.startswith(f'{cookie}="";')
-    )
+class MockRequest:
+    def __init__(self, url):
+        self.url = url
+        self.path = "/" + url.split("://")[1].split("/", 1)[1]
+        self.query_string = ""
+        if "?" in url:
+            self.query_string = url.split("?", 1)[1]
+            self.path = self.path.split("?")[0]
diff --git a/update-docs-help.py b/update-docs-help.py
new file mode 100644
index 00000000..9c455b9d
--- /dev/null
+++ b/update-docs-help.py
@@ -0,0 +1,26 @@
+from click.testing import CliRunner
+from datasette.cli import cli
+from pathlib import Path
+
+docs_path = Path(__file__).parent / "docs"
+
+includes = (
+    ("serve", "datasette-serve-help.txt"),
+    ("package", "datasette-package-help.txt"),
+    ("publish nowv1", "datasette-publish-nowv1-help.txt"),
+    ("publish heroku", "datasette-publish-heroku-help.txt"),
+    ("publish cloudrun", "datasette-publish-cloudrun-help.txt"),
+)
+
+
+def update_help_includes():
+    for name, filename in includes:
+        runner = CliRunner()
+        result = runner.invoke(cli, name.split() + ["--help"], terminal_width=88)
+        actual = "$ datasette {} --help\n\n{}".format(name, result.output)
+        actual = actual.replace("Usage: cli ", "Usage: datasette ")
+        open(docs_path / filename, "w").write(actual)
+
+
+if __name__ == "__main__":
+    update_help_includes()
diff --git a/versioneer.py b/versioneer.py
new file mode 100644
index 00000000..858fc0bd
--- /dev/null
+++ b/versioneer.py
@@ -0,0 +1,1885 @@
+# Version: 0.18
+
+"""The Versioneer - like a rocketeer, but for versions.
+
+The Versioneer
+==============
+
+* like a rocketeer, but for versions!
+* https://github.com/warner/python-versioneer
+* Brian Warner
+* License: Public Domain
+* Compatible With: python2.6, 2.7, 3.2, 3.3, 3.4, 3.5, 3.6, and pypy
+* [![Latest Version]
+(https://pypip.in/version/versioneer/badge.svg?style=flat)
+](https://pypi.python.org/pypi/versioneer/)
+* [![Build Status]
+(https://travis-ci.org/warner/python-versioneer.png?branch=master)
+](https://travis-ci.org/warner/python-versioneer)
+
+This is a tool for managing a recorded version number in distutils-based
+python projects. The goal is to remove the tedious and error-prone "update
+the embedded version string" step from your release process. Making a new
+release should be as easy as recording a new tag in your version-control
+system, and maybe making new tarballs.
+
+
+## Quick Install
+
+* `pip install versioneer` to somewhere to your $PATH
+* add a `[versioneer]` section to your setup.cfg (see below)
+* run `versioneer install` in your source tree, commit the results
+
+## Version Identifiers
+
+Source trees come from a variety of places:
+
+* a version-control system checkout (mostly used by developers)
+* a nightly tarball, produced by build automation
+* a snapshot tarball, produced by a web-based VCS browser, like github's
+  "tarball from tag" feature
+* a release tarball, produced by "setup.py sdist", distributed through PyPI
+
+Within each source tree, the version identifier (either a string or a number,
+this tool is format-agnostic) can come from a variety of places:
+
+* ask the VCS tool itself, e.g. "git describe" (for checkouts), which knows
+  about recent "tags" and an absolute revision-id
+* the name of the directory into which the tarball was unpacked
+* an expanded VCS keyword ($Id$, etc)
+* a `_version.py` created by some earlier build step
+
+For released software, the version identifier is closely related to a VCS
+tag. Some projects use tag names that include more than just the version
+string (e.g. "myproject-1.2" instead of just "1.2"), in which case the tool
+needs to strip the tag prefix to extract the version identifier. For
+unreleased software (between tags), the version identifier should provide
+enough information to help developers recreate the same tree, while also
+giving them an idea of roughly how old the tree is (after version 1.2, before
+version 1.3). Many VCS systems can report a description that captures this,
+for example `git describe --tags --dirty --always` reports things like
+"0.7-1-g574ab98-dirty" to indicate that the checkout is one revision past the
+0.7 tag, has a unique revision id of "574ab98", and is "dirty" (it has
+uncommitted changes.
+
+The version identifier is used for multiple purposes:
+
+* to allow the module to self-identify its version: `myproject.__version__`
+* to choose a name and prefix for a 'setup.py sdist' tarball
+
+## Theory of Operation
+
+Versioneer works by adding a special `_version.py` file into your source
+tree, where your `__init__.py` can import it. This `_version.py` knows how to
+dynamically ask the VCS tool for version information at import time.
+
+`_version.py` also contains `$Revision$` markers, and the installation
+process marks `_version.py` to have this marker rewritten with a tag name
+during the `git archive` command. As a result, generated tarballs will
+contain enough information to get the proper version.
+
+To allow `setup.py` to compute a version too, a `versioneer.py` is added to
+the top level of your source tree, next to `setup.py` and the `setup.cfg`
+that configures it. This overrides several distutils/setuptools commands to
+compute the version when invoked, and changes `setup.py build` and `setup.py
+sdist` to replace `_version.py` with a small static file that contains just
+the generated version data.
+
+## Installation
+
+See [INSTALL.md](./INSTALL.md) for detailed installation instructions.
+
+## Version-String Flavors
+
+Code which uses Versioneer can learn about its version string at runtime by
+importing `_version` from your main `__init__.py` file and running the
+`get_versions()` function. From the "outside" (e.g. in `setup.py`), you can
+import the top-level `versioneer.py` and run `get_versions()`.
+
+Both functions return a dictionary with different flavors of version
+information:
+
+* `['version']`: A condensed version string, rendered using the selected
+  style. This is the most commonly used value for the project's version
+  string. The default "pep440" style yields strings like `0.11`,
+  `0.11+2.g1076c97`, or `0.11+2.g1076c97.dirty`. See the "Styles" section
+  below for alternative styles.
+
+* `['full-revisionid']`: detailed revision identifier. For Git, this is the
+  full SHA1 commit id, e.g. "1076c978a8d3cfc70f408fe5974aa6c092c949ac".
+
+* `['date']`: Date and time of the latest `HEAD` commit. For Git, it is the
+  commit date in ISO 8601 format. This will be None if the date is not
+  available.
+
+* `['dirty']`: a boolean, True if the tree has uncommitted changes. Note that
+  this is only accurate if run in a VCS checkout, otherwise it is likely to
+  be False or None
+
+* `['error']`: if the version string could not be computed, this will be set
+  to a string describing the problem, otherwise it will be None. It may be
+  useful to throw an exception in setup.py if this is set, to avoid e.g.
+  creating tarballs with a version string of "unknown".
+
+Some variants are more useful than others. Including `full-revisionid` in a
+bug report should allow developers to reconstruct the exact code being tested
+(or indicate the presence of local changes that should be shared with the
+developers). `version` is suitable for display in an "about" box or a CLI
+`--version` output: it can be easily compared against release notes and lists
+of bugs fixed in various releases.
+
+The installer adds the following text to your `__init__.py` to place a basic
+version in `YOURPROJECT.__version__`:
+
+    from ._version import get_versions
+    __version__ = get_versions()['version']
+    del get_versions
+
+## Styles
+
+The setup.cfg `style=` configuration controls how the VCS information is
+rendered into a version string.
+
+The default style, "pep440", produces a PEP440-compliant string, equal to the
+un-prefixed tag name for actual releases, and containing an additional "local
+version" section with more detail for in-between builds. For Git, this is
+TAG[+DISTANCE.gHEX[.dirty]] , using information from `git describe --tags
+--dirty --always`. For example "0.11+2.g1076c97.dirty" indicates that the
+tree is like the "1076c97" commit but has uncommitted changes (".dirty"), and
+that this commit is two revisions ("+2") beyond the "0.11" tag. For released
+software (exactly equal to a known tag), the identifier will only contain the
+stripped tag, e.g. "0.11".
+
+Other styles are available. See [details.md](details.md) in the Versioneer
+source tree for descriptions.
+
+## Debugging
+
+Versioneer tries to avoid fatal errors: if something goes wrong, it will tend
+to return a version of "0+unknown". To investigate the problem, run `setup.py
+version`, which will run the version-lookup code in a verbose mode, and will
+display the full contents of `get_versions()` (including the `error` string,
+which may help identify what went wrong).
+
+## Known Limitations
+
+Some situations are known to cause problems for Versioneer. This details the
+most significant ones. More can be found on Github
+[issues page](https://github.com/warner/python-versioneer/issues).
+
+### Subprojects
+
+Versioneer has limited support for source trees in which `setup.py` is not in
+the root directory (e.g. `setup.py` and `.git/` are *not* siblings). The are
+two common reasons why `setup.py` might not be in the root:
+
+* Source trees which contain multiple subprojects, such as
+  [Buildbot](https://github.com/buildbot/buildbot), which contains both
+  "master" and "slave" subprojects, each with their own `setup.py`,
+  `setup.cfg`, and `tox.ini`. Projects like these produce multiple PyPI
+  distributions (and upload multiple independently-installable tarballs).
+* Source trees whose main purpose is to contain a C library, but which also
+  provide bindings to Python (and perhaps other languages) in subdirectories.
+
+Versioneer will look for `.git` in parent directories, and most operations
+should get the right version string. However `pip` and `setuptools` have bugs
+and implementation details which frequently cause `pip install .` from a
+subproject directory to fail to find a correct version string (so it usually
+defaults to `0+unknown`).
+
+`pip install --editable .` should work correctly. `setup.py install` might
+work too.
+
+Pip-8.1.1 is known to have this problem, but hopefully it will get fixed in
+some later version.
+
+[Bug #38](https://github.com/warner/python-versioneer/issues/38) is tracking
+this issue. The discussion in
+[PR #61](https://github.com/warner/python-versioneer/pull/61) describes the
+issue from the Versioneer side in more detail.
+[pip PR#3176](https://github.com/pypa/pip/pull/3176) and
+[pip PR#3615](https://github.com/pypa/pip/pull/3615) contain work to improve
+pip to let Versioneer work correctly.
+
+Versioneer-0.16 and earlier only looked for a `.git` directory next to the
+`setup.cfg`, so subprojects were completely unsupported with those releases.
+
+### Editable installs with setuptools <= 18.5
+
+`setup.py develop` and `pip install --editable .` allow you to install a
+project into a virtualenv once, then continue editing the source code (and
+test) without re-installing after every change.
+
+"Entry-point scripts" (`setup(entry_points={"console_scripts": ..})`) are a
+convenient way to specify executable scripts that should be installed along
+with the python package.
+
+These both work as expected when using modern setuptools. When using
+setuptools-18.5 or earlier, however, certain operations will cause
+`pkg_resources.DistributionNotFound` errors when running the entrypoint
+script, which must be resolved by re-installing the package. This happens
+when the install happens with one version, then the egg_info data is
+regenerated while a different version is checked out. Many setup.py commands
+cause egg_info to be rebuilt (including `sdist`, `wheel`, and installing into
+a different virtualenv), so this can be surprising.
+
+[Bug #83](https://github.com/warner/python-versioneer/issues/83) describes
+this one, but upgrading to a newer version of setuptools should probably
+resolve it.
+
+### Unicode version strings
+
+While Versioneer works (and is continually tested) with both Python 2 and
+Python 3, it is not entirely consistent with bytes-vs-unicode distinctions.
+Newer releases probably generate unicode version strings on py2. It's not
+clear that this is wrong, but it may be surprising for applications when then
+write these strings to a network connection or include them in bytes-oriented
+APIs like cryptographic checksums.
+
+[Bug #71](https://github.com/warner/python-versioneer/issues/71) investigates
+this question.
+
+
+## Updating Versioneer
+
+To upgrade your project to a new release of Versioneer, do the following:
+
+* install the new Versioneer (`pip install -U versioneer` or equivalent)
+* edit `setup.cfg`, if necessary, to include any new configuration settings
+  indicated by the release notes. See [UPGRADING](./UPGRADING.md) for details.
+* re-run `versioneer install` in your source tree, to replace
+  `SRC/_version.py`
+* commit any changed files
+
+## Future Directions
+
+This tool is designed to make it easily extended to other version-control
+systems: all VCS-specific components are in separate directories like
+src/git/ . The top-level `versioneer.py` script is assembled from these
+components by running make-versioneer.py . In the future, make-versioneer.py
+will take a VCS name as an argument, and will construct a version of
+`versioneer.py` that is specific to the given VCS. It might also take the
+configuration arguments that are currently provided manually during
+installation by editing setup.py . Alternatively, it might go the other
+direction and include code from all supported VCS systems, reducing the
+number of intermediate scripts.
+
+
+## License
+
+To make Versioneer easier to embed, all its code is dedicated to the public
+domain. The `_version.py` that it creates is also in the public domain.
+Specifically, both are released under the Creative Commons "Public Domain
+Dedication" license (CC0-1.0), as described in
+https://creativecommons.org/publicdomain/zero/1.0/ .
+
+"""
+
+from __future__ import print_function
+
+try:
+    import configparser
+except ImportError:
+    import ConfigParser as configparser
+import errno
+import json
+import os
+import re
+import subprocess
+import sys
+
+
+class VersioneerConfig:
+    """Container for Versioneer configuration parameters."""
+
+
+def get_root():
+    """Get the project root directory.
+
+    We require that all commands are run from the project root, i.e. the
+    directory that contains setup.py, setup.cfg, and versioneer.py .
+    """
+    root = os.path.realpath(os.path.abspath(os.getcwd()))
+    setup_py = os.path.join(root, "setup.py")
+    versioneer_py = os.path.join(root, "versioneer.py")
+    if not (os.path.exists(setup_py) or os.path.exists(versioneer_py)):
+        # allow 'python path/to/setup.py COMMAND'
+        root = os.path.dirname(os.path.realpath(os.path.abspath(sys.argv[0])))
+        setup_py = os.path.join(root, "setup.py")
+        versioneer_py = os.path.join(root, "versioneer.py")
+    if not (os.path.exists(setup_py) or os.path.exists(versioneer_py)):
+        err = (
+            "Versioneer was unable to run the project root directory. "
+            "Versioneer requires setup.py to be executed from "
+            "its immediate directory (like 'python setup.py COMMAND'), "
+            "or in a way that lets it use sys.argv[0] to find the root "
+            "(like 'python path/to/setup.py COMMAND')."
+        )
+        raise VersioneerBadRootError(err)
+    try:
+        # Certain runtime workflows (setup.py install/develop in a setuptools
+        # tree) execute all dependencies in a single python process, so
+        # "versioneer" may be imported multiple times, and python's shared
+        # module-import table will cache the first one. So we can't use
+        # os.path.dirname(__file__), as that will find whichever
+        # versioneer.py was first imported, even in later projects.
+        me = os.path.realpath(os.path.abspath(__file__))
+        me_dir = os.path.normcase(os.path.splitext(me)[0])
+        vsr_dir = os.path.normcase(os.path.splitext(versioneer_py)[0])
+        if me_dir != vsr_dir:
+            print(
+                "Warning: build in %s is using versioneer.py from %s"
+                % (os.path.dirname(me), versioneer_py)
+            )
+    except NameError:
+        pass
+    return root
+
+
+def get_config_from_root(root):
+    """Read the project setup.cfg file to determine Versioneer config."""
+    # This might raise EnvironmentError (if setup.cfg is missing), or
+    # configparser.NoSectionError (if it lacks a [versioneer] section), or
+    # configparser.NoOptionError (if it lacks "VCS="). See the docstring at
+    # the top of versioneer.py for instructions on writing your setup.cfg .
+    setup_cfg = os.path.join(root, "setup.cfg")
+    parser = configparser.SafeConfigParser()
+    with open(setup_cfg, "r") as f:
+        parser.readfp(f)
+    VCS = parser.get("versioneer", "VCS")  # mandatory
+
+    def get(parser, name):
+        if parser.has_option("versioneer", name):
+            return parser.get("versioneer", name)
+        return None
+
+    cfg = VersioneerConfig()
+    cfg.VCS = VCS
+    cfg.style = get(parser, "style") or ""
+    cfg.versionfile_source = get(parser, "versionfile_source")
+    cfg.versionfile_build = get(parser, "versionfile_build")
+    cfg.tag_prefix = get(parser, "tag_prefix")
+    if cfg.tag_prefix in ("''", '""'):
+        cfg.tag_prefix = ""
+    cfg.parentdir_prefix = get(parser, "parentdir_prefix")
+    cfg.verbose = get(parser, "verbose")
+    return cfg
+
+
+class NotThisMethod(Exception):
+    """Exception raised if a method is not valid for the current scenario."""
+
+
+# these dictionaries contain VCS-specific tools
+LONG_VERSION_PY = {}
+HANDLERS = {}
+
+
+def register_vcs_handler(vcs, method):  # decorator
+    """Decorator to mark a method as the handler for a particular VCS."""
+
+    def decorate(f):
+        """Store f in HANDLERS[vcs][method]."""
+        if vcs not in HANDLERS:
+            HANDLERS[vcs] = {}
+        HANDLERS[vcs][method] = f
+        return f
+
+    return decorate
+
+
+def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False, env=None):
+    """Call the given command(s)."""
+    assert isinstance(commands, list)
+    p = None
+    for c in commands:
+        try:
+            dispcmd = str([c] + args)
+            # remember shell=False, so use git.cmd on windows, not just git
+            p = subprocess.Popen(
+                [c] + args,
+                cwd=cwd,
+                env=env,
+                stdout=subprocess.PIPE,
+                stderr=(subprocess.PIPE if hide_stderr else None),
+            )
+            break
+        except EnvironmentError:
+            e = sys.exc_info()[1]
+            if e.errno == errno.ENOENT:
+                continue
+            if verbose:
+                print("unable to run %s" % dispcmd)
+                print(e)
+            return None, None
+    else:
+        if verbose:
+            print("unable to find command, tried %s" % (commands,))
+        return None, None
+    stdout = p.communicate()[0].strip()
+    if sys.version_info[0] >= 3:
+        stdout = stdout.decode()
+    if p.returncode != 0:
+        if verbose:
+            print("unable to run %s (error)" % dispcmd)
+            print("stdout was %s" % stdout)
+        return None, p.returncode
+    return stdout, p.returncode
+
+
+LONG_VERSION_PY[
+    "git"
+] = '''
+# This file helps to compute a version number in source trees obtained from
+# git-archive tarball (such as those provided by githubs download-from-tag
+# feature). Distribution tarballs (built by setup.py sdist) and build
+# directories (produced by setup.py build) will contain a much shorter file
+# that just contains the computed version number.
+
+# This file is released into the public domain. Generated by
+# versioneer-0.18 (https://github.com/warner/python-versioneer)
+
+"""Git implementation of _version.py."""
+
+import errno
+import os
+import re
+import subprocess
+import sys
+
+
+def get_keywords():
+    """Get the keywords needed to look up the version information."""
+    # these strings will be replaced by git during git-archive.
+    # setup.py/versioneer.py will grep for the variable names, so they must
+    # each be defined on a line of their own. _version.py will just call
+    # get_keywords().
+    git_refnames = "%(DOLLAR)sFormat:%%d%(DOLLAR)s"
+    git_full = "%(DOLLAR)sFormat:%%H%(DOLLAR)s"
+    git_date = "%(DOLLAR)sFormat:%%ci%(DOLLAR)s"
+    keywords = {"refnames": git_refnames, "full": git_full, "date": git_date}
+    return keywords
+
+
+class VersioneerConfig:
+    """Container for Versioneer configuration parameters."""
+
+
+def get_config():
+    """Create, populate and return the VersioneerConfig() object."""
+    # these strings are filled in when 'setup.py versioneer' creates
+    # _version.py
+    cfg = VersioneerConfig()
+    cfg.VCS = "git"
+    cfg.style = "%(STYLE)s"
+    cfg.tag_prefix = "%(TAG_PREFIX)s"
+    cfg.parentdir_prefix = "%(PARENTDIR_PREFIX)s"
+    cfg.versionfile_source = "%(VERSIONFILE_SOURCE)s"
+    cfg.verbose = False
+    return cfg
+
+
+class NotThisMethod(Exception):
+    """Exception raised if a method is not valid for the current scenario."""
+
+
+LONG_VERSION_PY = {}
+HANDLERS = {}
+
+
+def register_vcs_handler(vcs, method):  # decorator
+    """Decorator to mark a method as the handler for a particular VCS."""
+    def decorate(f):
+        """Store f in HANDLERS[vcs][method]."""
+        if vcs not in HANDLERS:
+            HANDLERS[vcs] = {}
+        HANDLERS[vcs][method] = f
+        return f
+    return decorate
+
+
+def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
+                env=None):
+    """Call the given command(s)."""
+    assert isinstance(commands, list)
+    p = None
+    for c in commands:
+        try:
+            dispcmd = str([c] + args)
+            # remember shell=False, so use git.cmd on windows, not just git
+            p = subprocess.Popen([c] + args, cwd=cwd, env=env,
+                                 stdout=subprocess.PIPE,
+                                 stderr=(subprocess.PIPE if hide_stderr
+                                         else None))
+            break
+        except EnvironmentError:
+            e = sys.exc_info()[1]
+            if e.errno == errno.ENOENT:
+                continue
+            if verbose:
+                print("unable to run %%s" %% dispcmd)
+                print(e)
+            return None, None
+    else:
+        if verbose:
+            print("unable to find command, tried %%s" %% (commands,))
+        return None, None
+    stdout = p.communicate()[0].strip()
+    if sys.version_info[0] >= 3:
+        stdout = stdout.decode()
+    if p.returncode != 0:
+        if verbose:
+            print("unable to run %%s (error)" %% dispcmd)
+            print("stdout was %%s" %% stdout)
+        return None, p.returncode
+    return stdout, p.returncode
+
+
+def versions_from_parentdir(parentdir_prefix, root, verbose):
+    """Try to determine the version from the parent directory name.
+
+    Source tarballs conventionally unpack into a directory that includes both
+    the project name and a version string. We will also support searching up
+    two directory levels for an appropriately named parent directory
+    """
+    rootdirs = []
+
+    for i in range(3):
+        dirname = os.path.basename(root)
+        if dirname.startswith(parentdir_prefix):
+            return {"version": dirname[len(parentdir_prefix):],
+                    "full-revisionid": None,
+                    "dirty": False, "error": None, "date": None}
+        else:
+            rootdirs.append(root)
+            root = os.path.dirname(root)  # up a level
+
+    if verbose:
+        print("Tried directories %%s but none started with prefix %%s" %%
+              (str(rootdirs), parentdir_prefix))
+    raise NotThisMethod("rootdir doesn't start with parentdir_prefix")
+
+
+@register_vcs_handler("git", "get_keywords")
+def git_get_keywords(versionfile_abs):
+    """Extract version information from the given file."""
+    # the code embedded in _version.py can just fetch the value of these
+    # keywords. When used from setup.py, we don't want to import _version.py,
+    # so we do it with a regexp instead. This function is not used from
+    # _version.py.
+    keywords = {}
+    try:
+        f = open(versionfile_abs, "r")
+        for line in f.readlines():
+            if line.strip().startswith("git_refnames ="):
+                mo = re.search(r'=\s*"(.*)"', line)
+                if mo:
+                    keywords["refnames"] = mo.group(1)
+            if line.strip().startswith("git_full ="):
+                mo = re.search(r'=\s*"(.*)"', line)
+                if mo:
+                    keywords["full"] = mo.group(1)
+            if line.strip().startswith("git_date ="):
+                mo = re.search(r'=\s*"(.*)"', line)
+                if mo:
+                    keywords["date"] = mo.group(1)
+        f.close()
+    except EnvironmentError:
+        pass
+    return keywords
+
+
+@register_vcs_handler("git", "keywords")
+def git_versions_from_keywords(keywords, tag_prefix, verbose):
+    """Get version information from git keywords."""
+    if not keywords:
+        raise NotThisMethod("no keywords at all, weird")
+    date = keywords.get("date")
+    if date is not None:
+        # git-2.2.0 added "%%cI", which expands to an ISO-8601 -compliant
+        # datestamp. However we prefer "%%ci" (which expands to an "ISO-8601
+        # -like" string, which we must then edit to make compliant), because
+        # it's been around since git-1.5.3, and it's too difficult to
+        # discover which version we're using, or to work around using an
+        # older one.
+        date = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
+    refnames = keywords["refnames"].strip()
+    if refnames.startswith("$Format"):
+        if verbose:
+            print("keywords are unexpanded, not using")
+        raise NotThisMethod("unexpanded keywords, not a git-archive tarball")
+    refs = set([r.strip() for r in refnames.strip("()").split(",")])
+    # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of
+    # just "foo-1.0". If we see a "tag: " prefix, prefer those.
+    TAG = "tag: "
+    tags = set([r[len(TAG):] for r in refs if r.startswith(TAG)])
+    if not tags:
+        # Either we're using git < 1.8.3, or there really are no tags. We use
+        # a heuristic: assume all version tags have a digit. The old git %%d
+        # expansion behaves like git log --decorate=short and strips out the
+        # refs/heads/ and refs/tags/ prefixes that would let us distinguish
+        # between branches and tags. By ignoring refnames without digits, we
+        # filter out many common branch names like "release" and
+        # "stabilization", as well as "HEAD" and "master".
+        tags = set([r for r in refs if re.search(r'\d', r)])
+        if verbose:
+            print("discarding '%%s', no digits" %% ",".join(refs - tags))
+    if verbose:
+        print("likely tags: %%s" %% ",".join(sorted(tags)))
+    for ref in sorted(tags):
+        # sorting will prefer e.g. "2.0" over "2.0rc1"
+        if ref.startswith(tag_prefix):
+            r = ref[len(tag_prefix):]
+            if verbose:
+                print("picking %%s" %% r)
+            return {"version": r,
+                    "full-revisionid": keywords["full"].strip(),
+                    "dirty": False, "error": None,
+                    "date": date}
+    # no suitable tags, so version is "0+unknown", but full hex is still there
+    if verbose:
+        print("no suitable tags, using unknown + full revision id")
+    return {"version": "0+unknown",
+            "full-revisionid": keywords["full"].strip(),
+            "dirty": False, "error": "no suitable tags", "date": None}
+
+
+@register_vcs_handler("git", "pieces_from_vcs")
+def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
+    """Get version from 'git describe' in the root of the source tree.
+
+    This only gets called if the git-archive 'subst' keywords were *not*
+    expanded, and _version.py hasn't already been rewritten with a short
+    version string, meaning we're inside a checked out source tree.
+    """
+    GITS = ["git"]
+    if sys.platform == "win32":
+        GITS = ["git.cmd", "git.exe"]
+
+    out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root,
+                          hide_stderr=True)
+    if rc != 0:
+        if verbose:
+            print("Directory %%s not under git control" %% root)
+        raise NotThisMethod("'git rev-parse --git-dir' returned error")
+
+    # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty]
+    # if there isn't one, this yields HEX[-dirty] (no NUM)
+    describe_out, rc = run_command(GITS, ["describe", "--tags", "--dirty",
+                                          "--always", "--long",
+                                          "--match", "%%s*" %% tag_prefix],
+                                   cwd=root)
+    # --long was added in git-1.5.5
+    if describe_out is None:
+        raise NotThisMethod("'git describe' failed")
+    describe_out = describe_out.strip()
+    full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root)
+    if full_out is None:
+        raise NotThisMethod("'git rev-parse' failed")
+    full_out = full_out.strip()
+
+    pieces = {}
+    pieces["long"] = full_out
+    pieces["short"] = full_out[:7]  # maybe improved later
+    pieces["error"] = None
+
+    # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty]
+    # TAG might have hyphens.
+    git_describe = describe_out
+
+    # look for -dirty suffix
+    dirty = git_describe.endswith("-dirty")
+    pieces["dirty"] = dirty
+    if dirty:
+        git_describe = git_describe[:git_describe.rindex("-dirty")]
+
+    # now we have TAG-NUM-gHEX or HEX
+
+    if "-" in git_describe:
+        # TAG-NUM-gHEX
+        mo = re.search(r'^(.+)-(\d+)-g([0-9a-f]+)$', git_describe)
+        if not mo:
+            # unparseable. Maybe git-describe is misbehaving?
+            pieces["error"] = ("unable to parse git-describe output: '%%s'"
+                               %% describe_out)
+            return pieces
+
+        # tag
+        full_tag = mo.group(1)
+        if not full_tag.startswith(tag_prefix):
+            if verbose:
+                fmt = "tag '%%s' doesn't start with prefix '%%s'"
+                print(fmt %% (full_tag, tag_prefix))
+            pieces["error"] = ("tag '%%s' doesn't start with prefix '%%s'"
+                               %% (full_tag, tag_prefix))
+            return pieces
+        pieces["closest-tag"] = full_tag[len(tag_prefix):]
+
+        # distance: number of commits since tag
+        pieces["distance"] = int(mo.group(2))
+
+        # commit: short hex revision ID
+        pieces["short"] = mo.group(3)
+
+    else:
+        # HEX: no tags
+        pieces["closest-tag"] = None
+        count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"],
+                                    cwd=root)
+        pieces["distance"] = int(count_out)  # total number of commits
+
+    # commit date: see ISO-8601 comment in git_versions_from_keywords()
+    date = run_command(GITS, ["show", "-s", "--format=%%ci", "HEAD"],
+                       cwd=root)[0].strip()
+    pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
+
+    return pieces
+
+
+def plus_or_dot(pieces):
+    """Return a + if we don't already have one, else return a ."""
+    if "+" in pieces.get("closest-tag", ""):
+        return "."
+    return "+"
+
+
+def render_pep440(pieces):
+    """Build up version string, with post-release "local version identifier".
+
+    Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you
+    get a tagged build and then dirty it, you'll get TAG+0.gHEX.dirty
+
+    Exceptions:
+    1: no tags. git_describe was just HEX. 0+untagged.DISTANCE.gHEX[.dirty]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += plus_or_dot(pieces)
+            rendered += "%%d.g%%s" %% (pieces["distance"], pieces["short"])
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0+untagged.%%d.g%%s" %% (pieces["distance"],
+                                          pieces["short"])
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def render_pep440_pre(pieces):
+    """TAG[.post.devDISTANCE] -- No -dirty.
+
+    Exceptions:
+    1: no tags. 0.post.devDISTANCE
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"]:
+            rendered += ".post.dev%%d" %% pieces["distance"]
+    else:
+        # exception #1
+        rendered = "0.post.dev%%d" %% pieces["distance"]
+    return rendered
+
+
+def render_pep440_post(pieces):
+    """TAG[.postDISTANCE[.dev0]+gHEX] .
+
+    The ".dev0" means dirty. Note that .dev0 sorts backwards
+    (a dirty tree will appear "older" than the corresponding clean one),
+    but you shouldn't be releasing software with -dirty anyways.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%%d" %% pieces["distance"]
+            if pieces["dirty"]:
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "g%%s" %% pieces["short"]
+    else:
+        # exception #1
+        rendered = "0.post%%d" %% pieces["distance"]
+        if pieces["dirty"]:
+            rendered += ".dev0"
+        rendered += "+g%%s" %% pieces["short"]
+    return rendered
+
+
+def render_pep440_old(pieces):
+    """TAG[.postDISTANCE[.dev0]] .
+
+    The ".dev0" means dirty.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%%d" %% pieces["distance"]
+            if pieces["dirty"]:
+                rendered += ".dev0"
+    else:
+        # exception #1
+        rendered = "0.post%%d" %% pieces["distance"]
+        if pieces["dirty"]:
+            rendered += ".dev0"
+    return rendered
+
+
+def render_git_describe(pieces):
+    """TAG[-DISTANCE-gHEX][-dirty].
+
+    Like 'git describe --tags --dirty --always'.
+
+    Exceptions:
+    1: no tags. HEX[-dirty]  (note: no 'g' prefix)
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"]:
+            rendered += "-%%d-g%%s" %% (pieces["distance"], pieces["short"])
+    else:
+        # exception #1
+        rendered = pieces["short"]
+    if pieces["dirty"]:
+        rendered += "-dirty"
+    return rendered
+
+
+def render_git_describe_long(pieces):
+    """TAG-DISTANCE-gHEX[-dirty].
+
+    Like 'git describe --tags --dirty --always -long'.
+    The distance/hash is unconditional.
+
+    Exceptions:
+    1: no tags. HEX[-dirty]  (note: no 'g' prefix)
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        rendered += "-%%d-g%%s" %% (pieces["distance"], pieces["short"])
+    else:
+        # exception #1
+        rendered = pieces["short"]
+    if pieces["dirty"]:
+        rendered += "-dirty"
+    return rendered
+
+
+def render(pieces, style):
+    """Render the given version pieces into the requested style."""
+    if pieces["error"]:
+        return {"version": "unknown",
+                "full-revisionid": pieces.get("long"),
+                "dirty": None,
+                "error": pieces["error"],
+                "date": None}
+
+    if not style or style == "default":
+        style = "pep440"  # the default
+
+    if style == "pep440":
+        rendered = render_pep440(pieces)
+    elif style == "pep440-pre":
+        rendered = render_pep440_pre(pieces)
+    elif style == "pep440-post":
+        rendered = render_pep440_post(pieces)
+    elif style == "pep440-old":
+        rendered = render_pep440_old(pieces)
+    elif style == "git-describe":
+        rendered = render_git_describe(pieces)
+    elif style == "git-describe-long":
+        rendered = render_git_describe_long(pieces)
+    else:
+        raise ValueError("unknown style '%%s'" %% style)
+
+    return {"version": rendered, "full-revisionid": pieces["long"],
+            "dirty": pieces["dirty"], "error": None,
+            "date": pieces.get("date")}
+
+
+def get_versions():
+    """Get version information or return default if unable to do so."""
+    # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have
+    # __file__, we can work backwards from there to the root. Some
+    # py2exe/bbfreeze/non-CPython implementations don't do __file__, in which
+    # case we can only use expanded keywords.
+
+    cfg = get_config()
+    verbose = cfg.verbose
+
+    try:
+        return git_versions_from_keywords(get_keywords(), cfg.tag_prefix,
+                                          verbose)
+    except NotThisMethod:
+        pass
+
+    try:
+        root = os.path.realpath(__file__)
+        # versionfile_source is the relative path from the top of the source
+        # tree (where the .git directory might live) to this file. Invert
+        # this to find the root from __file__.
+        for i in cfg.versionfile_source.split('/'):
+            root = os.path.dirname(root)
+    except NameError:
+        return {"version": "0+unknown", "full-revisionid": None,
+                "dirty": None,
+                "error": "unable to find root of source tree",
+                "date": None}
+
+    try:
+        pieces = git_pieces_from_vcs(cfg.tag_prefix, root, verbose)
+        return render(pieces, cfg.style)
+    except NotThisMethod:
+        pass
+
+    try:
+        if cfg.parentdir_prefix:
+            return versions_from_parentdir(cfg.parentdir_prefix, root, verbose)
+    except NotThisMethod:
+        pass
+
+    return {"version": "0+unknown", "full-revisionid": None,
+            "dirty": None,
+            "error": "unable to compute version", "date": None}
+'''
+
+
+@register_vcs_handler("git", "get_keywords")
+def git_get_keywords(versionfile_abs):
+    """Extract version information from the given file."""
+    # the code embedded in _version.py can just fetch the value of these
+    # keywords. When used from setup.py, we don't want to import _version.py,
+    # so we do it with a regexp instead. This function is not used from
+    # _version.py.
+    keywords = {}
+    try:
+        f = open(versionfile_abs, "r")
+        for line in f.readlines():
+            if line.strip().startswith("git_refnames ="):
+                mo = re.search(r'=\s*"(.*)"', line)
+                if mo:
+                    keywords["refnames"] = mo.group(1)
+            if line.strip().startswith("git_full ="):
+                mo = re.search(r'=\s*"(.*)"', line)
+                if mo:
+                    keywords["full"] = mo.group(1)
+            if line.strip().startswith("git_date ="):
+                mo = re.search(r'=\s*"(.*)"', line)
+                if mo:
+                    keywords["date"] = mo.group(1)
+        f.close()
+    except EnvironmentError:
+        pass
+    return keywords
+
+
+@register_vcs_handler("git", "keywords")
+def git_versions_from_keywords(keywords, tag_prefix, verbose):
+    """Get version information from git keywords."""
+    if not keywords:
+        raise NotThisMethod("no keywords at all, weird")
+    date = keywords.get("date")
+    if date is not None:
+        # git-2.2.0 added "%cI", which expands to an ISO-8601 -compliant
+        # datestamp. However we prefer "%ci" (which expands to an "ISO-8601
+        # -like" string, which we must then edit to make compliant), because
+        # it's been around since git-1.5.3, and it's too difficult to
+        # discover which version we're using, or to work around using an
+        # older one.
+        date = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
+    refnames = keywords["refnames"].strip()
+    if refnames.startswith("$Format"):
+        if verbose:
+            print("keywords are unexpanded, not using")
+        raise NotThisMethod("unexpanded keywords, not a git-archive tarball")
+    refs = set([r.strip() for r in refnames.strip("()").split(",")])
+    # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of
+    # just "foo-1.0". If we see a "tag: " prefix, prefer those.
+    TAG = "tag: "
+    tags = set([r[len(TAG) :] for r in refs if r.startswith(TAG)])
+    if not tags:
+        # Either we're using git < 1.8.3, or there really are no tags. We use
+        # a heuristic: assume all version tags have a digit. The old git %d
+        # expansion behaves like git log --decorate=short and strips out the
+        # refs/heads/ and refs/tags/ prefixes that would let us distinguish
+        # between branches and tags. By ignoring refnames without digits, we
+        # filter out many common branch names like "release" and
+        # "stabilization", as well as "HEAD" and "master".
+        tags = set([r for r in refs if re.search(r"\d", r)])
+        if verbose:
+            print("discarding '%s', no digits" % ",".join(refs - tags))
+    if verbose:
+        print("likely tags: %s" % ",".join(sorted(tags)))
+    for ref in sorted(tags):
+        # sorting will prefer e.g. "2.0" over "2.0rc1"
+        if ref.startswith(tag_prefix):
+            r = ref[len(tag_prefix) :]
+            if verbose:
+                print("picking %s" % r)
+            return {
+                "version": r,
+                "full-revisionid": keywords["full"].strip(),
+                "dirty": False,
+                "error": None,
+                "date": date,
+            }
+    # no suitable tags, so version is "0+unknown", but full hex is still there
+    if verbose:
+        print("no suitable tags, using unknown + full revision id")
+    return {
+        "version": "0+unknown",
+        "full-revisionid": keywords["full"].strip(),
+        "dirty": False,
+        "error": "no suitable tags",
+        "date": None,
+    }
+
+
+@register_vcs_handler("git", "pieces_from_vcs")
+def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
+    """Get version from 'git describe' in the root of the source tree.
+
+    This only gets called if the git-archive 'subst' keywords were *not*
+    expanded, and _version.py hasn't already been rewritten with a short
+    version string, meaning we're inside a checked out source tree.
+    """
+    GITS = ["git"]
+    if sys.platform == "win32":
+        GITS = ["git.cmd", "git.exe"]
+
+    out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root, hide_stderr=True)
+    if rc != 0:
+        if verbose:
+            print("Directory %s not under git control" % root)
+        raise NotThisMethod("'git rev-parse --git-dir' returned error")
+
+    # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty]
+    # if there isn't one, this yields HEX[-dirty] (no NUM)
+    describe_out, rc = run_command(
+        GITS,
+        [
+            "describe",
+            "--tags",
+            "--dirty",
+            "--always",
+            "--long",
+            "--match",
+            "%s*" % tag_prefix,
+        ],
+        cwd=root,
+    )
+    # --long was added in git-1.5.5
+    if describe_out is None:
+        raise NotThisMethod("'git describe' failed")
+    describe_out = describe_out.strip()
+    full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root)
+    if full_out is None:
+        raise NotThisMethod("'git rev-parse' failed")
+    full_out = full_out.strip()
+
+    pieces = {}
+    pieces["long"] = full_out
+    pieces["short"] = full_out[:7]  # maybe improved later
+    pieces["error"] = None
+
+    # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty]
+    # TAG might have hyphens.
+    git_describe = describe_out
+
+    # look for -dirty suffix
+    dirty = git_describe.endswith("-dirty")
+    pieces["dirty"] = dirty
+    if dirty:
+        git_describe = git_describe[: git_describe.rindex("-dirty")]
+
+    # now we have TAG-NUM-gHEX or HEX
+
+    if "-" in git_describe:
+        # TAG-NUM-gHEX
+        mo = re.search(r"^(.+)-(\d+)-g([0-9a-f]+)$", git_describe)
+        if not mo:
+            # unparseable. Maybe git-describe is misbehaving?
+            pieces["error"] = "unable to parse git-describe output: '%s'" % describe_out
+            return pieces
+
+        # tag
+        full_tag = mo.group(1)
+        if not full_tag.startswith(tag_prefix):
+            if verbose:
+                fmt = "tag '%s' doesn't start with prefix '%s'"
+                print(fmt % (full_tag, tag_prefix))
+            pieces["error"] = "tag '%s' doesn't start with prefix '%s'" % (
+                full_tag,
+                tag_prefix,
+            )
+            return pieces
+        pieces["closest-tag"] = full_tag[len(tag_prefix) :]
+
+        # distance: number of commits since tag
+        pieces["distance"] = int(mo.group(2))
+
+        # commit: short hex revision ID
+        pieces["short"] = mo.group(3)
+
+    else:
+        # HEX: no tags
+        pieces["closest-tag"] = None
+        count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"], cwd=root)
+        pieces["distance"] = int(count_out)  # total number of commits
+
+    # commit date: see ISO-8601 comment in git_versions_from_keywords()
+    date = run_command(GITS, ["show", "-s", "--format=%ci", "HEAD"], cwd=root)[
+        0
+    ].strip()
+    pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
+
+    return pieces
+
+
+def do_vcs_install(manifest_in, versionfile_source, ipy):
+    """Git-specific installation logic for Versioneer.
+
+    For Git, this means creating/changing .gitattributes to mark _version.py
+    for export-subst keyword substitution.
+    """
+    GITS = ["git"]
+    if sys.platform == "win32":
+        GITS = ["git.cmd", "git.exe"]
+    files = [manifest_in, versionfile_source]
+    if ipy:
+        files.append(ipy)
+    try:
+        me = __file__
+        if me.endswith(".pyc") or me.endswith(".pyo"):
+            me = os.path.splitext(me)[0] + ".py"
+        versioneer_file = os.path.relpath(me)
+    except NameError:
+        versioneer_file = "versioneer.py"
+    files.append(versioneer_file)
+    present = False
+    try:
+        f = open(".gitattributes", "r")
+        for line in f.readlines():
+            if line.strip().startswith(versionfile_source):
+                if "export-subst" in line.strip().split()[1:]:
+                    present = True
+        f.close()
+    except EnvironmentError:
+        pass
+    if not present:
+        f = open(".gitattributes", "a+")
+        f.write("%s export-subst\n" % versionfile_source)
+        f.close()
+        files.append(".gitattributes")
+    run_command(GITS, ["add", "--"] + files)
+
+
+def versions_from_parentdir(parentdir_prefix, root, verbose):
+    """Try to determine the version from the parent directory name.
+
+    Source tarballs conventionally unpack into a directory that includes both
+    the project name and a version string. We will also support searching up
+    two directory levels for an appropriately named parent directory
+    """
+    rootdirs = []
+
+    for i in range(3):
+        dirname = os.path.basename(root)
+        if dirname.startswith(parentdir_prefix):
+            return {
+                "version": dirname[len(parentdir_prefix) :],
+                "full-revisionid": None,
+                "dirty": False,
+                "error": None,
+                "date": None,
+            }
+        else:
+            rootdirs.append(root)
+            root = os.path.dirname(root)  # up a level
+
+    if verbose:
+        print(
+            "Tried directories %s but none started with prefix %s"
+            % (str(rootdirs), parentdir_prefix)
+        )
+    raise NotThisMethod("rootdir doesn't start with parentdir_prefix")
+
+
+SHORT_VERSION_PY = """
+# This file was generated by 'versioneer.py' (0.18) from
+# revision-control system data, or from the parent directory name of an
+# unpacked source archive. Distribution tarballs contain a pre-generated copy
+# of this file.
+
+import json
+
+version_json = '''
+%s
+'''  # END VERSION_JSON
+
+
+def get_versions():
+    return json.loads(version_json)
+"""
+
+
+def versions_from_file(filename):
+    """Try to determine the version from _version.py if present."""
+    try:
+        with open(filename) as f:
+            contents = f.read()
+    except EnvironmentError:
+        raise NotThisMethod("unable to read _version.py")
+    mo = re.search(
+        r"version_json = '''\n(.*)'''  # END VERSION_JSON", contents, re.M | re.S
+    )
+    if not mo:
+        mo = re.search(
+            r"version_json = '''\r\n(.*)'''  # END VERSION_JSON", contents, re.M | re.S
+        )
+    if not mo:
+        raise NotThisMethod("no version_json in _version.py")
+    return json.loads(mo.group(1))
+
+
+def write_to_version_file(filename, versions):
+    """Write the given version number to the given _version.py file."""
+    os.unlink(filename)
+    contents = json.dumps(versions, sort_keys=True, indent=1, separators=(",", ": "))
+    with open(filename, "w") as f:
+        f.write(SHORT_VERSION_PY % contents)
+
+    print("set %s to '%s'" % (filename, versions["version"]))
+
+
+def plus_or_dot(pieces):
+    """Return a + if we don't already have one, else return a ."""
+    if "+" in pieces.get("closest-tag", ""):
+        return "."
+    return "+"
+
+
+def render_pep440(pieces):
+    """Build up version string, with post-release "local version identifier".
+
+    Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you
+    get a tagged build and then dirty it, you'll get TAG+0.gHEX.dirty
+
+    Exceptions:
+    1: no tags. git_describe was just HEX. 0+untagged.DISTANCE.gHEX[.dirty]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += plus_or_dot(pieces)
+            rendered += "%d.g%s" % (pieces["distance"], pieces["short"])
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0+untagged.%d.g%s" % (pieces["distance"], pieces["short"])
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def render_pep440_pre(pieces):
+    """TAG[.post.devDISTANCE] -- No -dirty.
+
+    Exceptions:
+    1: no tags. 0.post.devDISTANCE
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"]:
+            rendered += ".post.dev%d" % pieces["distance"]
+    else:
+        # exception #1
+        rendered = "0.post.dev%d" % pieces["distance"]
+    return rendered
+
+
+def render_pep440_post(pieces):
+    """TAG[.postDISTANCE[.dev0]+gHEX] .
+
+    The ".dev0" means dirty. Note that .dev0 sorts backwards
+    (a dirty tree will appear "older" than the corresponding clean one),
+    but you shouldn't be releasing software with -dirty anyways.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%d" % pieces["distance"]
+            if pieces["dirty"]:
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "g%s" % pieces["short"]
+    else:
+        # exception #1
+        rendered = "0.post%d" % pieces["distance"]
+        if pieces["dirty"]:
+            rendered += ".dev0"
+        rendered += "+g%s" % pieces["short"]
+    return rendered
+
+
+def render_pep440_old(pieces):
+    """TAG[.postDISTANCE[.dev0]] .
+
+    The ".dev0" means dirty.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%d" % pieces["distance"]
+            if pieces["dirty"]:
+                rendered += ".dev0"
+    else:
+        # exception #1
+        rendered = "0.post%d" % pieces["distance"]
+        if pieces["dirty"]:
+            rendered += ".dev0"
+    return rendered
+
+
+def render_git_describe(pieces):
+    """TAG[-DISTANCE-gHEX][-dirty].
+
+    Like 'git describe --tags --dirty --always'.
+
+    Exceptions:
+    1: no tags. HEX[-dirty]  (note: no 'g' prefix)
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"]:
+            rendered += "-%d-g%s" % (pieces["distance"], pieces["short"])
+    else:
+        # exception #1
+        rendered = pieces["short"]
+    if pieces["dirty"]:
+        rendered += "-dirty"
+    return rendered
+
+
+def render_git_describe_long(pieces):
+    """TAG-DISTANCE-gHEX[-dirty].
+
+    Like 'git describe --tags --dirty --always -long'.
+    The distance/hash is unconditional.
+
+    Exceptions:
+    1: no tags. HEX[-dirty]  (note: no 'g' prefix)
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        rendered += "-%d-g%s" % (pieces["distance"], pieces["short"])
+    else:
+        # exception #1
+        rendered = pieces["short"]
+    if pieces["dirty"]:
+        rendered += "-dirty"
+    return rendered
+
+
+def render(pieces, style):
+    """Render the given version pieces into the requested style."""
+    if pieces["error"]:
+        return {
+            "version": "unknown",
+            "full-revisionid": pieces.get("long"),
+            "dirty": None,
+            "error": pieces["error"],
+            "date": None,
+        }
+
+    if not style or style == "default":
+        style = "pep440"  # the default
+
+    if style == "pep440":
+        rendered = render_pep440(pieces)
+    elif style == "pep440-pre":
+        rendered = render_pep440_pre(pieces)
+    elif style == "pep440-post":
+        rendered = render_pep440_post(pieces)
+    elif style == "pep440-old":
+        rendered = render_pep440_old(pieces)
+    elif style == "git-describe":
+        rendered = render_git_describe(pieces)
+    elif style == "git-describe-long":
+        rendered = render_git_describe_long(pieces)
+    else:
+        raise ValueError("unknown style '%s'" % style)
+
+    return {
+        "version": rendered,
+        "full-revisionid": pieces["long"],
+        "dirty": pieces["dirty"],
+        "error": None,
+        "date": pieces.get("date"),
+    }
+
+
+class VersioneerBadRootError(Exception):
+    """The project root directory is unknown or missing key files."""
+
+
+def get_versions(verbose=False):
+    """Get the project version from whatever source is available.
+
+    Returns dict with two keys: 'version' and 'full'.
+    """
+    if "versioneer" in sys.modules:
+        # see the discussion in cmdclass.py:get_cmdclass()
+        del sys.modules["versioneer"]
+
+    root = get_root()
+    cfg = get_config_from_root(root)
+
+    assert cfg.VCS is not None, "please set [versioneer]VCS= in setup.cfg"
+    handlers = HANDLERS.get(cfg.VCS)
+    assert handlers, "unrecognized VCS '%s'" % cfg.VCS
+    verbose = verbose or cfg.verbose
+    assert (
+        cfg.versionfile_source is not None
+    ), "please set versioneer.versionfile_source"
+    assert cfg.tag_prefix is not None, "please set versioneer.tag_prefix"
+
+    versionfile_abs = os.path.join(root, cfg.versionfile_source)
+
+    # extract version from first of: _version.py, VCS command (e.g. 'git
+    # describe'), parentdir. This is meant to work for developers using a
+    # source checkout, for users of a tarball created by 'setup.py sdist',
+    # and for users of a tarball/zipball created by 'git archive' or github's
+    # download-from-tag feature or the equivalent in other VCSes.
+
+    get_keywords_f = handlers.get("get_keywords")
+    from_keywords_f = handlers.get("keywords")
+    if get_keywords_f and from_keywords_f:
+        try:
+            keywords = get_keywords_f(versionfile_abs)
+            ver = from_keywords_f(keywords, cfg.tag_prefix, verbose)
+            if verbose:
+                print("got version from expanded keyword %s" % ver)
+            return ver
+        except NotThisMethod:
+            pass
+
+    try:
+        ver = versions_from_file(versionfile_abs)
+        if verbose:
+            print("got version from file %s %s" % (versionfile_abs, ver))
+        return ver
+    except NotThisMethod:
+        pass
+
+    from_vcs_f = handlers.get("pieces_from_vcs")
+    if from_vcs_f:
+        try:
+            pieces = from_vcs_f(cfg.tag_prefix, root, verbose)
+            ver = render(pieces, cfg.style)
+            if verbose:
+                print("got version from VCS %s" % ver)
+            return ver
+        except NotThisMethod:
+            pass
+
+    try:
+        if cfg.parentdir_prefix:
+            ver = versions_from_parentdir(cfg.parentdir_prefix, root, verbose)
+            if verbose:
+                print("got version from parentdir %s" % ver)
+            return ver
+    except NotThisMethod:
+        pass
+
+    if verbose:
+        print("unable to compute version")
+
+    return {
+        "version": "0+unknown",
+        "full-revisionid": None,
+        "dirty": None,
+        "error": "unable to compute version",
+        "date": None,
+    }
+
+
+def get_version():
+    """Get the short version string for this project."""
+    return get_versions()["version"]
+
+
+def get_cmdclass():
+    """Get the custom setuptools/distutils subclasses used by Versioneer."""
+    if "versioneer" in sys.modules:
+        del sys.modules["versioneer"]
+        # this fixes the "python setup.py develop" case (also 'install' and
+        # 'easy_install .'), in which subdependencies of the main project are
+        # built (using setup.py bdist_egg) in the same python process. Assume
+        # a main project A and a dependency B, which use different versions
+        # of Versioneer. A's setup.py imports A's Versioneer, leaving it in
+        # sys.modules by the time B's setup.py is executed, causing B to run
+        # with the wrong versioneer. Setuptools wraps the sub-dep builds in a
+        # sandbox that restores sys.modules to it's pre-build state, so the
+        # parent is protected against the child's "import versioneer". By
+        # removing ourselves from sys.modules here, before the child build
+        # happens, we protect the child from the parent's versioneer too.
+        # Also see https://github.com/warner/python-versioneer/issues/52
+
+    cmds = {}
+
+    # we add "version" to both distutils and setuptools
+    from distutils.core import Command
+
+    class cmd_version(Command):
+        description = "report generated version string"
+        user_options = []
+        boolean_options = []
+
+        def initialize_options(self):
+            pass
+
+        def finalize_options(self):
+            pass
+
+        def run(self):
+            vers = get_versions(verbose=True)
+            print("Version: %s" % vers["version"])
+            print(" full-revisionid: %s" % vers.get("full-revisionid"))
+            print(" dirty: %s" % vers.get("dirty"))
+            print(" date: %s" % vers.get("date"))
+            if vers["error"]:
+                print(" error: %s" % vers["error"])
+
+    cmds["version"] = cmd_version
+
+    # we override "build_py" in both distutils and setuptools
+    #
+    # most invocation pathways end up running build_py:
+    #  distutils/build -> build_py
+    #  distutils/install -> distutils/build ->..
+    #  setuptools/bdist_wheel -> distutils/install ->..
+    #  setuptools/bdist_egg -> distutils/install_lib -> build_py
+    #  setuptools/install -> bdist_egg ->..
+    #  setuptools/develop -> ?
+    #  pip install:
+    #   copies source tree to a tempdir before running egg_info/etc
+    #   if .git isn't copied too, 'git describe' will fail
+    #   then does setup.py bdist_wheel, or sometimes setup.py install
+    #  setup.py egg_info -> ?
+
+    # we override different "build_py" commands for both environments
+    if "setuptools" in sys.modules:
+        from setuptools.command.build_py import build_py as _build_py
+    else:
+        from distutils.command.build_py import build_py as _build_py
+
+    class cmd_build_py(_build_py):
+        def run(self):
+            root = get_root()
+            cfg = get_config_from_root(root)
+            versions = get_versions()
+            _build_py.run(self)
+            # now locate _version.py in the new build/ directory and replace
+            # it with an updated value
+            if cfg.versionfile_build:
+                target_versionfile = os.path.join(self.build_lib, cfg.versionfile_build)
+                print("UPDATING %s" % target_versionfile)
+                write_to_version_file(target_versionfile, versions)
+
+    cmds["build_py"] = cmd_build_py
+
+    if "cx_Freeze" in sys.modules:  # cx_freeze enabled?
+        from cx_Freeze.dist import build_exe as _build_exe
+
+        # nczeczulin reports that py2exe won't like the pep440-style string
+        # as FILEVERSION, but it can be used for PRODUCTVERSION, e.g.
+        # setup(console=[{
+        #   "version": versioneer.get_version().split("+", 1)[0], # FILEVERSION
+        #   "product_version": versioneer.get_version(),
+        #   ...
+
+        class cmd_build_exe(_build_exe):
+            def run(self):
+                root = get_root()
+                cfg = get_config_from_root(root)
+                versions = get_versions()
+                target_versionfile = cfg.versionfile_source
+                print("UPDATING %s" % target_versionfile)
+                write_to_version_file(target_versionfile, versions)
+
+                _build_exe.run(self)
+                os.unlink(target_versionfile)
+                with open(cfg.versionfile_source, "w") as f:
+                    LONG = LONG_VERSION_PY[cfg.VCS]
+                    f.write(
+                        LONG
+                        % {
+                            "DOLLAR": "$",
+                            "STYLE": cfg.style,
+                            "TAG_PREFIX": cfg.tag_prefix,
+                            "PARENTDIR_PREFIX": cfg.parentdir_prefix,
+                            "VERSIONFILE_SOURCE": cfg.versionfile_source,
+                        }
+                    )
+
+        cmds["build_exe"] = cmd_build_exe
+        del cmds["build_py"]
+
+    if "py2exe" in sys.modules:  # py2exe enabled?
+        try:
+            from py2exe.distutils_buildexe import py2exe as _py2exe  # py3
+        except ImportError:
+            from py2exe.build_exe import py2exe as _py2exe  # py2
+
+        class cmd_py2exe(_py2exe):
+            def run(self):
+                root = get_root()
+                cfg = get_config_from_root(root)
+                versions = get_versions()
+                target_versionfile = cfg.versionfile_source
+                print("UPDATING %s" % target_versionfile)
+                write_to_version_file(target_versionfile, versions)
+
+                _py2exe.run(self)
+                os.unlink(target_versionfile)
+                with open(cfg.versionfile_source, "w") as f:
+                    LONG = LONG_VERSION_PY[cfg.VCS]
+                    f.write(
+                        LONG
+                        % {
+                            "DOLLAR": "$",
+                            "STYLE": cfg.style,
+                            "TAG_PREFIX": cfg.tag_prefix,
+                            "PARENTDIR_PREFIX": cfg.parentdir_prefix,
+                            "VERSIONFILE_SOURCE": cfg.versionfile_source,
+                        }
+                    )
+
+        cmds["py2exe"] = cmd_py2exe
+
+    # we override different "sdist" commands for both environments
+    if "setuptools" in sys.modules:
+        from setuptools.command.sdist import sdist as _sdist
+    else:
+        from distutils.command.sdist import sdist as _sdist
+
+    class cmd_sdist(_sdist):
+        def run(self):
+            versions = get_versions()
+            self._versioneer_generated_versions = versions
+            # unless we update this, the command will keep using the old
+            # version
+            self.distribution.metadata.version = versions["version"]
+            return _sdist.run(self)
+
+        def make_release_tree(self, base_dir, files):
+            root = get_root()
+            cfg = get_config_from_root(root)
+            _sdist.make_release_tree(self, base_dir, files)
+            # now locate _version.py in the new base_dir directory
+            # (remembering that it may be a hardlink) and replace it with an
+            # updated value
+            target_versionfile = os.path.join(base_dir, cfg.versionfile_source)
+            print("UPDATING %s" % target_versionfile)
+            write_to_version_file(
+                target_versionfile, self._versioneer_generated_versions
+            )
+
+    cmds["sdist"] = cmd_sdist
+
+    return cmds
+
+
+CONFIG_ERROR = """
+setup.cfg is missing the necessary Versioneer configuration. You need
+a section like:
+
+ [versioneer]
+ VCS = git
+ style = pep440
+ versionfile_source = src/myproject/_version.py
+ versionfile_build = myproject/_version.py
+ tag_prefix =
+ parentdir_prefix = myproject-
+
+You will also need to edit your setup.py to use the results:
+
+ import versioneer
+ setup(version=versioneer.get_version(),
+       cmdclass=versioneer.get_cmdclass(), ...)
+
+Please read the docstring in ./versioneer.py for configuration instructions,
+edit setup.cfg, and re-run the installer or 'python versioneer.py setup'.
+"""
+
+SAMPLE_CONFIG = """
+# See the docstring in versioneer.py for instructions. Note that you must
+# re-run 'versioneer.py setup' after changing this section, and commit the
+# resulting files.
+
+[versioneer]
+#VCS = git
+#style = pep440
+#versionfile_source =
+#versionfile_build =
+#tag_prefix =
+#parentdir_prefix =
+
+"""
+
+INIT_PY_SNIPPET = """
+from ._version import get_versions
+__version__ = get_versions()['version']
+del get_versions
+"""
+
+
+def do_setup():
+    """Main VCS-independent setup function for installing Versioneer."""
+    root = get_root()
+    try:
+        cfg = get_config_from_root(root)
+    except (
+        EnvironmentError,
+        configparser.NoSectionError,
+        configparser.NoOptionError,
+    ) as e:
+        if isinstance(e, (EnvironmentError, configparser.NoSectionError)):
+            print("Adding sample versioneer config to setup.cfg", file=sys.stderr)
+            with open(os.path.join(root, "setup.cfg"), "a") as f:
+                f.write(SAMPLE_CONFIG)
+        print(CONFIG_ERROR, file=sys.stderr)
+        return 1
+
+    print(" creating %s" % cfg.versionfile_source)
+    with open(cfg.versionfile_source, "w") as f:
+        LONG = LONG_VERSION_PY[cfg.VCS]
+        f.write(
+            LONG
+            % {
+                "DOLLAR": "$",
+                "STYLE": cfg.style,
+                "TAG_PREFIX": cfg.tag_prefix,
+                "PARENTDIR_PREFIX": cfg.parentdir_prefix,
+                "VERSIONFILE_SOURCE": cfg.versionfile_source,
+            }
+        )
+
+    ipy = os.path.join(os.path.dirname(cfg.versionfile_source), "__init__.py")
+    if os.path.exists(ipy):
+        try:
+            with open(ipy, "r") as f:
+                old = f.read()
+        except EnvironmentError:
+            old = ""
+        if INIT_PY_SNIPPET not in old:
+            print(" appending to %s" % ipy)
+            with open(ipy, "a") as f:
+                f.write(INIT_PY_SNIPPET)
+        else:
+            print(" %s unmodified" % ipy)
+    else:
+        print(" %s doesn't exist, ok" % ipy)
+        ipy = None
+
+    # Make sure both the top-level "versioneer.py" and versionfile_source
+    # (PKG/_version.py, used by runtime code) are in MANIFEST.in, so
+    # they'll be copied into source distributions. Pip won't be able to
+    # install the package without this.
+    manifest_in = os.path.join(root, "MANIFEST.in")
+    simple_includes = set()
+    try:
+        with open(manifest_in, "r") as f:
+            for line in f:
+                if line.startswith("include "):
+                    for include in line.split()[1:]:
+                        simple_includes.add(include)
+    except EnvironmentError:
+        pass
+    # That doesn't cover everything MANIFEST.in can do
+    # (http://docs.python.org/2/distutils/sourcedist.html#commands), so
+    # it might give some false negatives. Appending redundant 'include'
+    # lines is safe, though.
+    if "versioneer.py" not in simple_includes:
+        print(" appending 'versioneer.py' to MANIFEST.in")
+        with open(manifest_in, "a") as f:
+            f.write("include versioneer.py\n")
+    else:
+        print(" 'versioneer.py' already in MANIFEST.in")
+    if cfg.versionfile_source not in simple_includes:
+        print(
+            " appending versionfile_source ('%s') to MANIFEST.in"
+            % cfg.versionfile_source
+        )
+        with open(manifest_in, "a") as f:
+            f.write("include %s\n" % cfg.versionfile_source)
+    else:
+        print(" versionfile_source already in MANIFEST.in")
+
+    # Make VCS-specific changes. For git, this means creating/changing
+    # .gitattributes to mark _version.py for export-subst keyword
+    # substitution.
+    do_vcs_install(manifest_in, cfg.versionfile_source, ipy)
+    return 0
+
+
+def scan_setup_py():
+    """Validate the contents of setup.py against Versioneer's expectations."""
+    found = set()
+    setters = False
+    errors = 0
+    with open("setup.py", "r") as f:
+        for line in f.readlines():
+            if "import versioneer" in line:
+                found.add("import")
+            if "versioneer.get_cmdclass()" in line:
+                found.add("cmdclass")
+            if "versioneer.get_version()" in line:
+                found.add("get_version")
+            if "versioneer.VCS" in line:
+                setters = True
+            if "versioneer.versionfile_source" in line:
+                setters = True
+    if len(found) != 3:
+        print("")
+        print("Your setup.py appears to be missing some important items")
+        print("(but I might be wrong). Please make sure it has something")
+        print("roughly like the following:")
+        print("")
+        print(" import versioneer")
+        print(" setup( version=versioneer.get_version(),")
+        print("        cmdclass=versioneer.get_cmdclass(),  ...)")
+        print("")
+        errors += 1
+    if setters:
+        print("You should remove lines like 'versioneer.VCS = ' and")
+        print("'versioneer.versionfile_source = ' . This configuration")
+        print("now lives in setup.cfg, and should be removed from setup.py")
+        print("")
+        errors += 1
+    return errors
+
+
+if __name__ == "__main__":
+    cmd = sys.argv[1]
+    if cmd == "setup":
+        errors = do_setup()
+        errors += scan_setup_py()
+        if errors:
+            sys.exit(1)

    idname1Cleo1Dog 1!10Dog 10!11Dog 11!http…http…\xa0http…1hello2world3\xa0{}{i}{i}a{i}b{i}c{i}a,babca/b,.c-da/b.c-dcd,ede{"row": {"pk1": "d", "pk2": "e", "content": "RENDER_CELL_DEMO"}, "column": "content", "table": "compound_primary_key", "database": "fixtures", "pks": ["pk1", "pk2"], "config": {"depth": "database"}}1hello\xa01-\xa031ab2\xa0\xa0\xa0\xa0\xa01131ab1world2\xa01 elements,
-    # so the thead must render even when the table has no rows.
-    ths = soup.select("table.rows-and-columns thead th[data-column]")
-    assert len(ths) >= 1
-
-
-@pytest.mark.asyncio
-async def test_row_delete_action_data_attributes():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "items": {
-                            "permissions": {
-                                "update-row": {"id": "root"},
-                                "delete-row": {"id": "root"},
-                            },
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_row_delete_actions"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (id integer primary key, name text, score integer);
-            insert into items (id, name, score) values (1, 'One', 5);
-            """)
-        response = await ds.client.get("/data/items", actor={"id": "root"})
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-        assert table_data_from_soup(soup) == {
-            "database": "data",
-            "table": "items",
-            "tableUrl": "/data/items",
-        }
-        assert soup.select_one('button[data-table-action="insert-row"]') is None
-
-        row = soup.select_one("table.rows-and-columns tbody tr")
-        assert row["data-row"] == "1"
-        assert row["data-row-label"] == "One"
-        assert {key for key in row.attrs if key.startswith("data-row")} == {
-            "data-row",
-            "data-row-label",
-        }
-
-        edit_button = row.select_one(
-            'button.row-inline-action-edit[data-row-action="edit"]'
-        )
-        assert edit_button is not None
-        assert edit_button["aria-label"] == "Edit row 1 One"
-        assert edit_button["title"] == "Edit row"
-        assert edit_button.find("svg") is not None
-
-        button = row.select_one(
-            'button.row-inline-action-delete[data-row-action="delete"]'
-        )
-        assert button is not None
-        assert button["aria-label"] == "Delete row 1 One"
-        assert button["title"] == "Delete row"
-        assert button.find("svg") is not None
-
-        response = await ds.client.get("/data/items?_col=score", actor={"id": "root"})
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-        row = soup.select_one("table.rows-and-columns tbody tr")
-        assert row["data-row"] == "1"
-        assert "data-row-label" not in row.attrs
-
-        edit_button = row.select_one(
-            'button.row-inline-action-edit[data-row-action="edit"]'
-        )
-        assert edit_button is not None
-        assert edit_button["aria-label"] == "Edit row 1"
-
-        button = row.select_one(
-            'button.row-inline-action-delete[data-row-action="delete"]'
-        )
-        assert button is not None
-        assert button["aria-label"] == "Delete row 1"
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_database_create_table_action_button_and_data():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "create-table": {"id": "root"},
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_database_create_table_action"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (id integer primary key, name text);
-            """)
-
-        response = await ds.client.get("/data", actor={"id": "root"})
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-
-        button = soup.select_one(
-            'button.action-menu-button[data-database-action="create-table"]'
-        )
-        assert button is not None
-        assert button["aria-label"] == "Create table in data"
-        assert button["role"] == "menuitem"
-        description = button.find("span", class_="dropdown-description")
-        assert description.text.strip() == "Create a new table in this database."
-        description.extract()
-        assert button.text.strip() == "Create table"
-        assert any(
-            "edit-tools.js" in script.get("src", "")
-            for script in soup.find_all("script")
-        )
-        assert database_data_from_soup(soup) == {
-            "createTable": {
-                "path": "/data/-/create",
-                "foreignKeyTargetsPath": "/data/-/foreign-key-targets",
-                "databaseName": "data",
-                "columnTypes": ["text", "integer", "float", "blob"],
-                "defaultExpressions": DEFAULT_EXPRESSION_OPTIONS,
-            },
-        }
-        assert "customColumnTypes" not in database_data_from_soup(soup)["createTable"]
-
-        response_without_permission = await ds.client.get(
-            "/data", actor={"id": "someone-else"}
-        )
-        assert response_without_permission.status_code == 200
-        soup_without_permission = Soup(response_without_permission.text, "html.parser")
-        assert (
-            soup_without_permission.select_one(
-                'button[data-database-action="create-table"]'
-            )
-            is None
-        )
-        assert not any(
-            "_datasetteDatabaseData" in (script.string or "")
-            for script in soup_without_permission.find_all("script")
-        )
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_database_create_table_data_includes_custom_column_types():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "permissions": {
-                        "create-table": {"id": "root"},
-                        "set-column-type": {"id": "root"},
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_database_create_table_custom_types"),
-            name="data",
-        )
-        await db.execute_write_script("""
-            create table items (id integer primary key, name text);
-            """)
-
-        response = await ds.client.get("/data", actor={"id": "root"})
-        assert response.status_code == 200
-        create_table_data = database_data_from_soup(Soup(response.text, "html.parser"))[
-            "createTable"
-        ]
-        assert create_table_data["customColumnTypes"] == [
-            {
-                "name": "email",
-                "description": "Email address",
-                "sqliteTypes": ["text"],
-                "fixedSqliteType": "text",
-            },
-            {
-                "name": "json",
-                "description": "JSON data",
-                "sqliteTypes": ["text"],
-                "fixedSqliteType": "text",
-            },
-            {
-                "name": "textarea",
-                "description": "Multiline text",
-                "sqliteTypes": ["text"],
-                "fixedSqliteType": "text",
-            },
-            {
-                "name": "url",
-                "description": "URL",
-                "sqliteTypes": ["text"],
-                "fixedSqliteType": "text",
-            },
-        ]
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_table_alter_action_button_and_data():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "items": {
-                            "permissions": {
-                                "alter-table": {"id": ["root", "alter-only"]},
-                                "set-column-type": {"id": "root"},
-                                "drop-table": {"id": "root"},
-                            },
-                            "column_types": {"name": "textarea"},
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_table_alter_action"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (
-                id integer primary key,
-                name text not null,
-                score integer default 5,
-                created text default current_timestamp,
-                created_ms integer default (CAST((julianday('now') - 2440587.5) * 86400000 AS INTEGER))
-            );
-            """)
-        response = await ds.client.get("/data/items", actor={"id": "root"})
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-
-        button = soup.select_one(
-            'button.action-menu-button[data-table-action="alter-table"]'
-        )
-        assert button is not None
-        assert button["aria-label"] == "Alter table items"
-        assert button["role"] == "menuitem"
-        description = button.find("span", class_="dropdown-description")
-        assert description.text.strip() == (
-            "Change columns and primary key for this table."
-        )
-        description.extract()
-        assert button.text.strip() == "Alter table"
-        assert any(
-            "edit-tools.js" in script.get("src", "")
-            for script in soup.find_all("script")
-        )
-
-        alter_data = table_data_from_soup(soup)["alterTable"]
-        assert alter_data["path"] == "/data/items/-/alter"
-        assert alter_data["tableName"] == "items"
-        assert alter_data["primaryKeys"] == ["id"]
-        assert alter_data["columnTypes"] == ["text", "integer", "float", "blob"]
-        assert alter_data["foreignKeyTargetsPath"] == (
-            "/data/-/foreign-key-targets?table=items"
-        )
-        assert alter_data["defaultExpressions"] == DEFAULT_EXPRESSION_OPTIONS
-        assert [option["name"] for option in alter_data["customColumnTypes"]] == [
-            "email",
-            "json",
-            "textarea",
-            "url",
-        ]
-        assert alter_data["dropPath"] == "/data/items/-/drop"
-        assert alter_data["columns"] == [
-            {
-                "name": "id",
-                "type": "integer",
-                "sqlite_type": "INTEGER",
-                "notnull": 0,
-                "default": None,
-                "has_default": False,
-                "is_pk": True,
-                "foreign_key": None,
-                "column_type": None,
-            },
-            {
-                "name": "name",
-                "type": "text",
-                "sqlite_type": "TEXT",
-                "notnull": 1,
-                "default": None,
-                "has_default": False,
-                "is_pk": False,
-                "foreign_key": None,
-                "column_type": {"type": "textarea", "config": None},
-            },
-            {
-                "name": "score",
-                "type": "integer",
-                "sqlite_type": "INTEGER",
-                "notnull": 0,
-                "default": "5",
-                "has_default": True,
-                "is_pk": False,
-                "foreign_key": None,
-                "column_type": None,
-            },
-            {
-                "name": "created",
-                "type": "text",
-                "sqlite_type": "TEXT",
-                "notnull": 0,
-                "default": None,
-                "default_expr": "current_timestamp",
-                "has_default": True,
-                "is_pk": False,
-                "foreign_key": None,
-                "column_type": None,
-            },
-            {
-                "name": "created_ms",
-                "type": "integer",
-                "sqlite_type": "INTEGER",
-                "notnull": 0,
-                "default": None,
-                "default_expr": "current_unixtime_ms",
-                "has_default": True,
-                "is_pk": False,
-                "foreign_key": None,
-                "column_type": None,
-            },
-        ]
-
-        response_without_permission = await ds.client.get(
-            "/data/items", actor={"id": "someone-else"}
-        )
-        assert response_without_permission.status_code == 200
-        soup_without_permission = Soup(response_without_permission.text, "html.parser")
-        assert (
-            soup_without_permission.select_one(
-                'button[data-table-action="alter-table"]'
-            )
-            is None
-        )
-        assert "alterTable" not in table_data_from_soup(soup_without_permission)
-
-        # An actor that can alter but not drop should not get a dropPath
-        response_alter_only = await ds.client.get(
-            "/data/items", actor={"id": "alter-only"}
-        )
-        assert response_alter_only.status_code == 200
-        alter_only_data = table_data_from_soup(
-            Soup(response_alter_only.text, "html.parser")
-        )["alterTable"]
-        assert "dropPath" not in alter_only_data
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_table_insert_action_button_and_data():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "items": {
-                            "permissions": {
-                                "insert-row": {"id": "root"},
-                            },
-                            "column_types": {"body": "textarea"},
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_table_insert_action"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (
-                id integer primary key,
-                name text not null,
-                score integer default 5,
-                price numeric,
-                created text default (datetime('now')),
-                body text,
-                typeless
-            );
-            """)
-        response = await ds.client.get("/data/items", actor={"id": "root"})
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-
-        button = soup.select_one(
-            'button.table-insert-row[data-table-action="insert-row"]'
-        )
-        assert button is not None
-        assert button.text.strip() == "Insert row"
-        assert button.find("svg") is not None
-        assert button.find_parent("div", class_="table-row-toolbar") is not None
-
-        insert_data = table_data_from_soup(soup)["insertRow"]
-        assert insert_data["path"] == "/data/items/-/insert"
-        assert insert_data["tableName"] == "items"
-        assert insert_data["primaryKeys"] == ["id"]
-        assert [column["name"] for column in insert_data["columns"]] == [
-            "name",
-            "score",
-            "price",
-            "created",
-            "body",
-            "typeless",
-        ]
-        name, score, price, created, body, typeless = insert_data["columns"]
-        assert name["notnull"] == 1
-        assert name["sqlite_type"] == "TEXT"
-        assert name["value_kind"] == "string"
-        assert not name["has_default"]
-        assert score["default"] == "5"
-        assert score["has_default"]
-        assert score["sqlite_type"] == "INTEGER"
-        assert score["value_kind"] == "number"
-        assert price["sqlite_type"] == "NUMERIC"
-        assert price["value_kind"] == "string"
-        assert created["default"] == "datetime('now')"
-        assert created["has_default"]
-        assert created["sqlite_type"] == "TEXT"
-        assert body["sqlite_type"] == "TEXT"
-        assert body["value_kind"] == "string"
-        assert body["column_type"] == {"type": "textarea", "config": None}
-        assert typeless["sqlite_type"] == "BLOB"
-        assert typeless["value_kind"] == "string"
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_table_insert_action_includes_compound_primary_keys():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "memberships": {
-                            "permissions": {
-                                "insert-row": {"id": "root"},
-                            },
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_table_insert_compound_pk"), name="data"
-        )
-        await db.execute_write_script("""
-            create table memberships (
-                account text,
-                username text,
-                role text,
-                primary key (account, username)
-            );
-            """)
-        response = await ds.client.get("/data/memberships", actor={"id": "root"})
-        assert response.status_code == 200
-        insert_data = table_data_from_soup(Soup(response.text, "html.parser"))[
-            "insertRow"
-        ]
-        assert insert_data["tableName"] == "memberships"
-        assert insert_data["primaryKeys"] == ["account", "username"]
-        assert [column["name"] for column in insert_data["columns"]] == [
-            "account",
-            "username",
-            "role",
-        ]
-        assert [column["is_pk"] for column in insert_data["columns"]] == [
-            True,
-            True,
-            False,
-        ]
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_table_data_includes_foreign_key_autocomplete_urls():
-    ds = Datasette([])
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_table_foreign_key_autocomplete"), name="data"
-        )
-        await db.execute_write_script("""
-            create table authors (
-                id integer primary key,
-                name text
-            );
-            create table tags (
-                slug text unique,
-                name text
-            );
-            create table articles (
-                id integer primary key,
-                author_id integer references authors(id),
-                implicit_author_id integer references authors,
-                tag_slug text references tags(slug),
-                title text
-            );
-            insert into authors (id, name) values (1, 'Ada Lovelace');
-            insert into tags (slug, name) values ('science', 'Science');
-            insert into articles (
-                id,
-                author_id,
-                implicit_author_id,
-                tag_slug,
-                title
-            ) values (
-                1,
-                1,
-                1,
-                'science',
-                'Notes'
-            );
-            """)
-        response = await ds.client.get("/data/articles")
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-        table_data = table_data_from_soup(soup)
-        assert table_data["foreignKeys"] == {
-            "author_id": "/data/authors/-/autocomplete",
-            "implicit_author_id": "/data/authors/-/autocomplete",
-        }
-        assert any(
-            "autocomplete.js" in (script.get("src") or "")
-            for script in soup.find_all("script")
-        )
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_table_fragment_endpoint(ds_client):
-    response = await ds_client.get("/fixtures/simple_primary_key/-/fragment?_row=1")
-    assert response.status_code == 200
-    assert response.headers["content-type"].startswith("text/html")
-    soup = Soup(response.text, "html.parser")
-    assert soup.find("html") is None
-    rows = soup.select("[data-row]")
-    assert len(rows) == 1
-    assert rows[0]["data-row"] == "1"
-    assert rows[0]["data-row-label"] == "hello"
-    assert {key for key in rows[0].attrs if key.startswith("data-row")} == {
-        "data-row",
-        "data-row-label",
-    }
-
-
-@pytest.mark.asyncio
-async def test_table_fragment_row_parameter_replaces_pk_filters(ds_client):
-    response = await ds_client.get(
-        "/fixtures/simple_primary_key/-/fragment?id=2&_row=1"
-    )
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    rows = soup.select("[data-row]")
-    assert len(rows) == 1
-    assert rows[0]["data-row"] == "1"
-    assert rows[0]["data-row-label"] == "hello"
-
-
-@pytest.mark.asyncio
-async def test_row_page_edit_delete_action_menu_buttons():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "items": {
-                            "permissions": {
-                                "update-row": {"id": "root"},
-                                "delete-row": {"id": "root"},
-                            },
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_row_page_edit_delete_actions"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (id integer primary key, name text, score integer);
-            insert into items (id, name, score) values (1, 'One', 5);
-            """)
-        response = await ds.client.get("/data/items/1", actor={"id": "root"})
-        assert response.status_code == 200
-        soup = Soup(response.text, "html.parser")
-        assert table_data_from_soup(soup) == {
-            "database": "data",
-            "table": "items",
-            "tableUrl": "/data/items",
-        }
-        script_srcs = [script.get("src") or "" for script in soup.find_all("script")]
-        assert any("edit-tools.js" in src for src in script_srcs)
-        assert not any("table.js" in src for src in script_srcs)
-
-        row = soup.select_one("table.rows-and-columns tbody tr")
-        assert row["data-row"] == "1"
-        assert row["data-row-label"] == "One"
-
-        edit_button = soup.select_one(
-            'details.actions-menu-links button.action-menu-button[data-row-action="edit"]'
-        )
-        assert edit_button is not None
-        assert edit_button["aria-label"] == "Edit row 1 One"
-        assert edit_button["data-row"] == "1"
-        assert edit_button["data-row-label"] == "One"
-        assert edit_button["role"] == "menuitem"
-        assert edit_button.find("span", class_="dropdown-description").text.strip() == (
-            "Open a dialog to edit this row."
-        )
-        edit_button.find("span").extract()
-        assert edit_button.text.strip() == "Edit row"
-
-        delete_button = soup.select_one(
-            'details.actions-menu-links button.action-menu-button[data-row-action="delete"]'
-        )
-        assert delete_button is not None
-        assert delete_button["aria-label"] == "Delete row 1 One"
-        assert delete_button["data-row"] == "1"
-        assert delete_button["data-row-label"] == "One"
-        assert delete_button["role"] == "menuitem"
-        assert delete_button.find(
-            "span", class_="dropdown-description"
-        ).text.strip() == ("Open a confirmation dialog to delete this row.")
-        delete_button.find("span").extract()
-        assert delete_button.text.strip() == "Delete row"
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_row_delete_redirect_to_table_sets_message():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "items": {
-                            "permissions": {
-                                "delete-row": {"id": "root"},
-                            },
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_row_delete_redirect"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (id integer primary key, name text);
-            insert into items (id, name) values (1, 'One');
-            """)
-        response = await ds.client.post(
-            "/data/items/1/-/delete?_redirect_to_table=1", actor={"id": "root"}
-        )
-        assert response.status_code == 200
-        assert response.json() == {"ok": True, "redirect": "/data/items"}
-        assert ds.unsign(response.cookies["ds_messages"], "messages") == [
-            ["Deleted row 1 (One)", ds.INFO]
-        ]
-    finally:
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_row_update_sets_message():
-    ds = Datasette(
-        [],
-        config={
-            "databases": {
-                "data": {
-                    "tables": {
-                        "items": {
-                            "permissions": {
-                                "update-row": {"id": "root"},
-                            },
-                        },
-                    },
-                },
-            },
-        },
-    )
-    try:
-        db = ds.add_database(
-            Database(ds, memory_name="test_row_update_message"), name="data"
-        )
-        await db.execute_write_script("""
-            create table items (id integer primary key, name text);
-            insert into items (id, name) values (1, 'One');
-            """)
-        long_name = "Two " + ("long label " * 12)
-        truncated_name = long_name[:79] + "\u2026"
-        response = await ds.client.post(
-            "/data/items/1/-/update?_message=1",
-            actor={"id": "root"},
-            json={"update": {"name": long_name}, "return": True},
-        )
-        assert response.status_code == 200
-        assert response.json()["row"]["name"] == long_name
-        assert ds.unsign(response.cookies["ds_messages"], "messages") == [
-            ["Updated row 1 ({})".format(truncated_name), ds.INFO]
-        ]
-    finally:
-        ds.close()
-
-
-def test_table_data_uses_base_url(app_client_base_url_prefix):
-    response = app_client_base_url_prefix.get("/prefix/fixtures/simple_primary_key")
-    assert response.status_code == 200
-    import json
-    import re
-
-    soup = Soup(response.text, "html.parser")
-    table_script = [
-        s for s in soup.find_all("script") if "_datasetteTableData" in (s.string or "")
-    ][0]
-    match = re.search(
-        r"window\._datasetteTableData\s*=\s*({.*?});",
-        table_script.string,
-        re.DOTALL,
-    )
-    assert json.loads(match.group(1)) == {
-        "database": "fixtures",
-        "table": "simple_primary_key",
-        "tableUrl": "/prefix/fixtures/simple_primary_key",
-    }
-
-
-def test_table_fragment_custom_table_include():
-    with make_app_client(
-        template_dir=str(pathlib.Path(__file__).parent / "test_templates")
-    ) as client:
-        response = client.get("/fixtures/complex_foreign_keys/-/fragment?f1=1&f2=2")
-        assert response.status == 200
-        assert (
-            '
    '
-            '1 - 2 - hello 1'
-            "
    "
-        ) == str(Soup(response.text, "html.parser").select_one("div.custom-table-row"))
-
-
-@pytest.mark.asyncio
-async def test_table_fragment_uses_render_cell_hook():
-    from datasette import hookimpl
-    from markupsafe import Markup
-
-    class TestRenderCellPlugin:
-        __name__ = "TestRenderCellPlugin"
-
-        @hookimpl
-        def render_cell(self, value, column, table, database):
-            if database == "data" and table == "items" and column == "name":
-                return Markup("{}".format(value))
-            return None
-
-    ds = Datasette(memory=True)
-    await ds.invoke_startup()
-    db = ds.add_memory_database("data")
-    await db.execute_write("create table items (id integer primary key, name text)")
-    await db.execute_write("insert into items values (1, 'Alice')")
-    ds.pm.register(TestRenderCellPlugin(), name="TestRenderCellPlugin")
-    try:
-        response = await ds.client.get("/data/items/-/fragment?id=1")
-        assert response.status_code == 200
-        assert "Alice" in response.text
-    finally:
-        ds.pm.unregister(name="TestRenderCellPlugin")
-        ds.close()
-
-
-@pytest.mark.asyncio
-async def test_zero_row_table_renders_thead(ds_client):
-    response = await ds_client.get("/fixtures/123_starts_with_digits")
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    table = soup.select_one("table.rows-and-columns")
-    assert table is not None
-    column_names = [
-        th.get("data-column") for th in table.select("thead th[data-column]")
-    ]
-    assert "content" in column_names
-    assert table.select_one("tbody tr") is None
-    assert soup.select_one("p.zero-results") is not None
-
-
-@pytest.mark.asyncio
-async def test_column_chooser_data_reflects_col_filtering(ds_client):
-    response = await ds_client.get("/fixtures/facetable?_col=state&_col=created")
-    assert response.status_code == 200
-    import json
-    import re
-
-    soup = Soup(response.text, "html.parser")
-    chooser = soup.find("column-chooser")
-    assert chooser is not None
-    scripts = soup.find_all("script")
-    chooser_script = [s for s in scripts if "_columnChooserData" in (s.string or "")]
-    script_text = chooser_script[0].string
-    # Parse the JSON object from the script
-    match = re.search(
-        r"window\._columnChooserData\s*=\s*({.*?});", script_text, re.DOTALL
-    )
-    data = json.loads(match.group(1))
-    # All non-PK columns should still be listed in allColumns
-    assert "state" in data["allColumns"]
-    assert "created" in data["allColumns"]
-    assert "planet_int" in data["allColumns"]
-    # Only state and created should be in selectedColumns (plus pk)
-    non_pk_selected = [
-        c for c in data["selectedColumns"] if c not in data["primaryKeys"]
-    ]
-    assert "state" in non_pk_selected
-    assert "created" in non_pk_selected
-    assert "planet_int" not in non_pk_selected
-
-
-@pytest.mark.asyncio
-async def test_column_chooser_shown_for_views(ds_client):
-    response = await ds_client.get("/fixtures/simple_view")
-    assert response.status_code == 200
-    soup = Soup(response.text, "html.parser")
-    chooser = soup.find("column-chooser")
-    assert chooser is not None
-    scripts = soup.find_all("script")
-    chooser_script = [s for s in scripts if "_columnChooserData" in (s.string or "")]
-    assert len(chooser_script) == 1
-
-
-@pytest.mark.asyncio
-async def test_compound_primary_key_with_foreign_key_references(ds_client):
-    # e.g. a many-to-many table with a compound primary key on the two columns
-    response = await ds_client.get("/fixtures/searchable_tags")
-    assert response.status_code == 200
-    table = Soup(response.text, "html.parser").find("table")
-    expected = [
-        [
-            '    		1,feline1\xa01feline2,canine2\xa02caninehelloHELLOworldWORLD\xa0\xa011<Binary:\xa07\xa0bytes>22<Binary:\xa07\xa0bytes>33\xa03Detroit2Los Angeles4Memnonia1San Francisco2Paranormal1Museum