.Net: [MEVD] Ensure identifiers are properly quoted

[roji]

Closes #12161

[Copilot]

Pull request overview

This PR tightens escaping and validation of user-defined identifiers across multiple vector store connectors (.NET), and updates tests to reflect the safer SQL/GraphQL/Cosmos query shapes. The goal is to ensure schema, table, column, and JSON field names are always either safely quoted/escaped or proactively validated where escaping isn’t possible.

Changes:

• PostgreSQL, SQLite, and SQL Server vector connectors now consistently quote and escape schema, table, column, and index identifiers via dedicated helpers, with tests updated accordingly.
• Cosmos DB NoSQL queries and filters now use bracket notation with proper JSON-style escaping for property names, and related tests are updated to assert the new query shape.
• Weaviate, Redis, and Azure AI Search model builders now validate storage names against backend-specific identifier rules (GraphQL, RediSearch, OData), and filter/query builders rely on validated identifiers.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
dotnet/test/VectorData/PgVector.UnitTests/PostgresSqlBuilderTests.cs	Updates expectations for schema/table quoting and index creation so that schema ("public") is quoted consistently with the table and column identifiers.
dotnet/test/VectorData/CosmosNoSql.UnitTests/CosmosNoSqlCollectionQueryBuilderTests.cs	Adjusts expected Cosmos DB SQL strings to use x["..."] bracket notation and to match the new escaped property access patterns in SELECT, WHERE, ORDER BY, and SELECT TOP queries.
dotnet/src/VectorData/Weaviate/WeaviateQueryBuilder.cs	Ensures Weaviate GraphQL sort paths are JSON-encoded strings while relying on validated storage names, improving robustness of sort: [ { path: [...] }] clauses.
dotnet/src/VectorData/Weaviate/WeaviateModelBuilder.cs	Adds ValidateProperty logic enforcing GraphQL name rules for storage names (first char letter/underscore; subsequent alphanumeric/underscore), throwing clear errors when invalid.
dotnet/src/VectorData/SqliteVec/SqliteCommandBuilder.cs	Replaces ad-hoc string interpolation with AppendIdentifier/QuoteIdentifier helpers for all table/column/index names and joins, ensuring SQLite identifiers are consistently double-quoted and escaped.
dotnet/src/VectorData/SqliteVec/SqliteCollection.cs	Stops pre-escaping table names on construction and instead passes raw names into SqliteCommandBuilder, avoiding double-escaping now that builder methods quote/escape identifiers themselves.
dotnet/src/VectorData/SqlServer/SqlServerCommandBuilder.cs	Centralizes SQL Server identifier quoting into AppendIdentifier, applies it for columns, primary keys, indexes, merge statements, DELETE/SELECT queries, and ORDER BY clauses to prevent malformed or injectable names.
dotnet/src/VectorData/Redis/RedisModelBuilder.cs	Introduces ValidateStorageName / IsValidIdentifier to enforce RediSearch-safe field names during model building, rejecting invalid storage names early.
dotnet/src/VectorData/Redis/RedisJsonModelBuilder.cs	Hooks Redis JSON model building into RedisModelBuilder.ValidateStorageName so JSON-backed collections share the same RediSearch field-name validation.
dotnet/src/VectorData/Redis/RedisFilterTranslator.cs	Documents that Redis field names are assumed validated at model-build time and keeps filter generation using property.StorageName with that guarantee.
dotnet/src/VectorData/PgVector/PostgresSqlBuilder.cs	Refactors SQL construction to consistently use AppendIdentifier for schema/table/column/index names across CREATE TABLE/INDEX, UPSERT, SELECT, DELETE, and nearest-neighbor search queries, including legacy filter support.
dotnet/src/VectorData/CosmosNoSql/CosmosNoSqlFilterTranslator.cs	Changes filter property access to use x["..."] bracket notation with escaping of backslashes and double quotes in storage names.
dotnet/src/VectorData/CosmosNoSql/CosmosNoSqlCollectionQueryBuilder.cs	Centralizes Cosmos JSON property escaping via EscapeJsonPropertyName/GeneratePropertyAccess, and updates all SELECT/WHERE/ORDER BY construction to use bracket notation with proper escaping.
dotnet/src/VectorData/AzureAISearch/AzureAISearchModelBuilder.cs	Adds OData identifier validation for storage names, enforcing the same naming constraints as the OData spec and throwing with a clear message when they are violated.
dotnet/src/VectorData/AzureAISearch/AzureAISearchFilterTranslator.cs	Documents reliance on prevalidated OData identifiers when emitting property names in filter expressions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.