fix: reject empty values for filter methods that require them

Mirrors the validator pattern in utopia-php/database
(Validator/Query/Filter.php): contains/notContains/equal/etc. queries
must have at least one value; an empty values array is rejected up front
with `<Method> queries require at least one value.` instead of silently
producing a "no filter applied" WHERE clause.

Without the guard, `Query::contains('metric', [])` would skip the IN
clause entirely and return all rows — exactly the opposite of the
intended IN () semantics, which should match nothing.

Applies the same VALUE_REQUIRED_METHODS allow-list and pre-switch check
that the audit adapter uses, so both libraries reject the same set of
empty-value filter methods consistently.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: lohanidamodar

src/Usage/Adapter/ClickHouse.php

@@ -48,6 +48,28 @@ class ClickHouse extends SQL
         '1d' => 'toStartOfDay',
     ];
 
+    /**
+     * Filter methods that must be supplied at least one value. Empty `values`
+     * arrays for these methods are rejected up front so they can't silently
+     * compile into a "no filter applied" WHERE clause.
+     *
+     * @var list<string>
+     */
+    private const VALUE_REQUIRED_METHODS = [
+        Query::TYPE_EQUAL,
+        Query::TYPE_NOT_EQUAL,
+        Query::TYPE_LESSER,
+        Query::TYPE_LESSER_EQUAL,
+        Query::TYPE_GREATER,
+        Query::TYPE_GREATER_EQUAL,
+        Query::TYPE_BETWEEN,
+        Query::TYPE_NOT_BETWEEN,
+        Query::TYPE_CONTAINS,
+        Query::TYPE_NOT_CONTAINS,
+        Query::TYPE_STARTS_WITH,
+        Query::TYPE_ENDS_WITH,
+    ];
+
     private string $host;
 
     private int $port;
@@ -2665,6 +2687,15 @@ private function parseQueries(array $queries, string $type = 'event'): array
             $attribute = $query->getAttribute();
             $values = $query->getValues();
 
+            // Reject empty values for filter methods that take values — mirrors
+            // the validator in utopia-php/database (Validator/Query/Filter.php)
+            // and prevents silently dropping the WHERE fragment, which would
+            // otherwise turn `Query::contains('attr', [])` into a full-table
+            // match instead of an empty result.
+            if (\in_array($method, self::VALUE_REQUIRED_METHODS, true) && empty($values)) {
+                throw new \Exception(\ucfirst($method) . ' queries require at least one value.');
+            }
+
             switch ($method) {
                 case Query::TYPE_EQUAL:
                     $this->validateAttributeName($attribute, $type);

tests/Usage/Adapter/ClickHouseTest.php

@@ -1160,4 +1160,34 @@ public function testStartsWithAndEndsWithQueries(): void
             $this->assertStringEndsWith('/files', $path);
         }
     }
+
+    public function testContainsRejectsEmptyValues(): void
+    {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('Contains queries require at least one value.');
+
+        $this->usage->find([
+            Query::contains('metric', []),
+        ], Usage::TYPE_EVENT);
+    }
+
+    public function testNotContainsRejectsEmptyValues(): void
+    {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('NotContains queries require at least one value.');
+
+        $this->usage->find([
+            Query::notContains('metric', []),
+        ], Usage::TYPE_EVENT);
+    }
+
+    public function testEqualRejectsEmptyValues(): void
+    {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('Equal queries require at least one value.');
+
+        $this->usage->find([
+            new Query(Query::TYPE_EQUAL, 'metric', []),
+        ], Usage::TYPE_EVENT);
+    }
 }