Add authentication support for REST API calls in telemetry

Implement proper authentication for feature flag fetching and telemetry
export by adding getAuthHeaders() method to IClientContext.

## Changes

### Core Authentication Infrastructure
- **IClientContext**: Add getAuthHeaders() method to expose auth headers
- **DBSQLClient**: Implement getAuthHeaders() using authProvider.authenticate()
- Returns empty object gracefully if no auth provider available

### Feature Flag Fetching (COMPLETED)
- **FeatureFlagCache**: Implement actual server API call
- Endpoint: GET /api/2.0/connector-service/feature-flags/OSS_NODEJS/{version}
- Uses context.getAuthHeaders() for authentication
- Parses JSON response with flags array
- Updates cache duration from server-provided ttl_seconds
- Looks for: databricks.partnerplatform.clientConfigsFeatureFlags.enableTelemetryForNodeJs
- All exceptions swallowed with debug logging only

### Telemetry Export (FIXED)
- **DatabricksTelemetryExporter**: Add authentication to authenticated endpoint
- Uses context.getAuthHeaders() when authenticatedExport=true
- Properly authenticates POST to /api/2.0/sql/telemetry-ext
- Removes TODO comments about missing authentication

## JDBC Driver Pattern Alignment
Follows same pattern as JDBC driver:
- Endpoint: /api/2.0/connector-service/feature-flags/OSS_JDBC/{version} (JDBC)
- Endpoint: /api/2.0/connector-service/feature-flags/OSS_NODEJS/{version} (Node.js)
- Auth headers from connection's authenticate() method
- Response format: { flags: [{ name, value }], ttl_seconds }

## Testing
- Build: ✅ Successful
- E2E: ✅ Verified with real credentials
- Feature flag fetch now fully functional
- Telemetry export now properly authenticated

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: samikshya-db

lib/DBSQLClient.ts

@@ -3,6 +3,7 @@ import Int64 from 'node-int64';
 import os from 'os';
 
 import { EventEmitter } from 'events';
+import { HeadersInit } from 'node-fetch';
 import TCLIService from '../thrift/TCLIService';
 import { TProtocolVersion } from '../thrift/TCLIService_types';
 import IDBSQLClient, { ClientOptions, ConnectionOptions, OpenSessionRequest } from './contracts/IDBSQLClient';
@@ -493,4 +494,21 @@ export default class DBSQLClient extends EventEmitter implements IDBSQLClient, I
   public async getDriver(): Promise<IDriver> {
     return this.driver;
   }
+
+  /**
+   * Gets authentication headers for HTTP requests.
+   * Used by telemetry and feature flag fetching to authenticate REST API calls.
+   * @returns Promise resolving to headers object with authentication, or empty object if no auth
+   */
+  public async getAuthHeaders(): Promise<HeadersInit> {
+    if (this.authProvider) {
+      try {
+        return await this.authProvider.authenticate();
+      } catch (error) {
+        this.logger.log(LogLevel.debug, `Error getting auth headers: ${error}`);
+        return {};
+      }
+    }
+    return {};
+  }
 }

lib/contracts/IClientContext.ts

@@ -1,3 +1,4 @@
+import { HeadersInit } from 'node-fetch';
 import IDBSQLLogger from './IDBSQLLogger';
 import IDriver from './IDriver';
 import IConnectionProvider from '../connection/contracts/IConnectionProvider';
@@ -43,4 +44,11 @@ export default interface IClientContext {
   getClient(): Promise<IThriftClient>;
 
   getDriver(): Promise<IDriver>;
+
+  /**
+   * Gets authentication headers for HTTP requests.
+   * Used by telemetry and feature flag fetching to authenticate REST API calls.
+   * @returns Promise resolving to headers object with authentication, or empty object if no auth
+   */
+  getAuthHeaders(): Promise<HeadersInit>;
 }

lib/telemetry/DatabricksTelemetryExporter.ts

@@ -203,16 +203,16 @@ export default class DatabricksTelemetryExporter {
       `Exporting ${metrics.length} telemetry metrics to ${authenticatedExport ? 'authenticated' : 'unauthenticated'} endpoint`
     );
 
-    // Make HTTP POST request
-    // Note: In production, auth headers would be added via connectionProvider
+    // Get authentication headers if using authenticated endpoint
+    const authHeaders = authenticatedExport ? await this.context.getAuthHeaders() : {};
+
+    // Make HTTP POST request with authentication
     const response: Response = await this.fetchFn(endpoint, {
       method: 'POST',
       headers: {
+        ...authHeaders,
         'Content-Type': 'application/json',
         'User-Agent': this.userAgent,
-        // Note: ConnectionProvider may add auth headers automatically
-        // via getThriftConnection, but for telemetry we use direct fetch
-        // In production, we'd need to extract auth headers from connectionProvider
       },
       body: JSON.stringify(payload),
     });

lib/telemetry/FeatureFlagCache.ts

@@ -16,6 +16,7 @@
 
 import IClientContext from '../contracts/IClientContext';
 import { LogLevel } from '../contracts/IDBSQLLogger';
+import fetch from 'node-fetch';
 
 /**
  * Context holding feature flag state for a specific host.
@@ -104,17 +105,95 @@ export default class FeatureFlagCache {
   }
 
   /**
-   * Fetches feature flag from server.
-   * This is a placeholder implementation that returns false.
-   * Real implementation would fetch from server using connection provider.
-   * @param _host The host to fetch feature flag for (unused in placeholder implementation)
+   * Fetches feature flag from server using connector-service API.
+   * Calls GET /api/2.0/connector-service/feature-flags/OSS_NODEJS/{version}
+   *
+   * @param host The host to fetch feature flag for
+   * @returns true if feature flag is enabled, false otherwise
    */
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  private async fetchFeatureFlag(_host: string): Promise<boolean> {
-    // Placeholder implementation
-    // Real implementation would use:
-    // const connectionProvider = await this.context.getConnectionProvider();
-    // and make an API call to fetch the feature flag
-    return false;
+  private async fetchFeatureFlag(host: string): Promise<boolean> {
+    const logger = this.context.getLogger();
+
+    try {
+      // Get driver version for endpoint
+      const driverVersion = this.getDriverVersion();
+
+      // Build feature flags endpoint
+      const endpoint = `https://${host}/api/2.0/connector-service/feature-flags/OSS_NODEJS/${driverVersion}`;
+
+      // Get authentication headers
+      const authHeaders = await this.context.getAuthHeaders();
+
+      logger.log(LogLevel.debug, `Fetching feature flags from ${endpoint}`);
+
+      // Make HTTP GET request with authentication
+      const response = await fetch(endpoint, {
+        method: 'GET',
+        headers: {
+          ...authHeaders,
+          'Content-Type': 'application/json',
+          'User-Agent': `databricks-sql-nodejs/${driverVersion}`,
+        },
+      });
+
+      if (!response.ok) {
+        logger.log(
+          LogLevel.debug,
+          `Feature flag fetch failed: ${response.status} ${response.statusText}`
+        );
+        return false;
+      }
+
+      // Parse response JSON
+      const data: any = await response.json();
+
+      // Response format: { flags: [{ name: string, value: string }], ttl_seconds?: number }
+      if (data && data.flags && Array.isArray(data.flags)) {
+        // Update cache duration if TTL provided
+        const ctx = this.contexts.get(host);
+        if (ctx && data.ttl_seconds) {
+          ctx.cacheDuration = data.ttl_seconds * 1000; // Convert to milliseconds
+          logger.log(LogLevel.debug, `Updated cache duration to ${data.ttl_seconds} seconds`);
+        }
+
+        // Look for our specific feature flag
+        const flag = data.flags.find((f: any) => f.name === this.FEATURE_FLAG_NAME);
+
+        if (flag) {
+          // Parse boolean value (can be string "true"/"false")
+          const value = String(flag.value).toLowerCase();
+          const enabled = value === 'true';
+          logger.log(
+            LogLevel.debug,
+            `Feature flag ${this.FEATURE_FLAG_NAME}: ${enabled}`
+          );
+          return enabled;
+        }
+      }
+
+      // Feature flag not found in response, default to false
+      logger.log(LogLevel.debug, `Feature flag ${this.FEATURE_FLAG_NAME} not found in response`);
+      return false;
+    } catch (error: any) {
+      // Log at debug level only, never propagate exceptions
+      logger.log(LogLevel.debug, `Error fetching feature flag from ${host}: ${error.message}`);
+      return false;
+    }
+  }
+
+  /**
+   * Gets the driver version without -oss suffix for API calls.
+   * Format: "1.12.0" from "1.12.0-oss"
+   */
+  private getDriverVersion(): string {
+    try {
+      // Import version from lib/version.ts
+      const version = require('../version').default;
+      // Remove -oss suffix if present
+      return version.replace(/-oss$/, '');
+    } catch (error) {
+      // Fallback to a default version if import fails
+      return '1.0.0';
+    }
   }
 }