Reject unknown trust_server_heartbeat URL tokens loudly

The inline lambda silently coerced any non-truthy string to False, so
a typo like ?trust_server_heartbeat=flase would disable the opt-in
without error. Factor a strict _parse_url_bool helper that raises
ArgumentError on anything outside the conventional bool token set,
matching the loud-fail precedent established for the range validators.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/sqlalchemydqlite/base.py

@@ -18,6 +18,27 @@
 import dqlitedbapi.exceptions as _dbapi_exc
 from dqlitewire import LEADER_ERROR_CODES as _LEADER_CHANGE_CODES
 
+_TRUE_TOKENS = frozenset({"1", "true", "yes", "on"})
+_FALSE_TOKENS = frozenset({"0", "false", "no", "off"})
+
+
+def _parse_url_bool(key: str, raw: str) -> bool:
+    """Strict bool parser for URL query parameters.
+
+    Accepts the conventional truthy/falsy token sets and raises
+    ``ArgumentError`` on anything else so a typo like ``?flag=flase``
+    surfaces instead of silently coercing to False.
+    """
+    token = raw.strip().lower()
+    if token in _TRUE_TOKENS:
+        return True
+    if token in _FALSE_TOKENS:
+        return False
+    raise ArgumentError(
+        f"Invalid bool value for URL parameter {key!r}: {raw!r} "
+        f"(accepted: 1/0, true/false, yes/no, on/off)"
+    )
+
 
 class _DqliteDateTime(sqltypes.DateTime):
     """Passthrough DateTime — ``dqlitedbapi`` already returns ``datetime.datetime``
@@ -161,13 +182,15 @@ def import_dbapi(cls) -> types.ModuleType:
     # values (zero, negative, NaN, inf). The predicate may be ``None`` for
     # bool knobs that don't admit a range check.
     # ``trust_server_heartbeat`` uses a URL-friendly bool parser because
-    # bool("False") evaluates truthy (non-empty string).
+    # bool("False") evaluates truthy (non-empty string). Unknown tokens
+    # raise ``ArgumentError`` to prevent a typo from silently disabling
+    # the opt-in.
     _URL_QUERY_ALLOWED: dict[str, tuple[Callable[[str], Any], Callable[[Any], bool] | None]] = {
         "timeout": (float, lambda v: math.isfinite(v) and v > 0),
         "max_total_rows": (int, lambda v: v > 0),
         "max_continuation_frames": (int, lambda v: v > 0),
         "trust_server_heartbeat": (
-            lambda s: s.strip().lower() in ("1", "true", "yes", "on"),
+            lambda s: _parse_url_bool("trust_server_heartbeat", s),
             None,
         ),
     }

tests/test_dialect_dialect_config.py

@@ -126,6 +126,22 @@ def test_trust_server_heartbeat_parses_boolean(self, raw: str, expected: bool) -
         _, kwargs = dialect.create_connect_args(url)
         assert kwargs["trust_server_heartbeat"] is expected
 
+    @pytest.mark.parametrize(
+        "raw",
+        ["enabled", "flase", "yse", "2", "maybe"],
+    )
+    def test_trust_server_heartbeat_rejects_unknown_tokens(self, raw: str) -> None:
+        """Unknown tokens must raise rather than silently coerce to False.
+
+        A typo in the URL would previously mean the operator thinks they
+        opted into the flag but actually got the default — a surprising
+        and hard-to-diagnose misconfiguration.
+        """
+        dialect = DqliteDialect()
+        url = make_url(f"dqlite://host:19001/db?trust_server_heartbeat={raw}")
+        with pytest.raises(ArgumentError, match="Invalid bool value"):
+            dialect.create_connect_args(url)
+
 
 class TestURLQueryRangeValidation:
     @pytest.mark.parametrize(