pg_sql_triggers 1.0.0 → 1.1.0

data/lib/pg_sql_triggers/sql/kill_switch.rb

@@ -0,0 +1,300 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  module SQL
+    # KillSwitch is a centralized safety gate that prevents dangerous operations
+    # from being executed in protected environments (typically production).
+    #
+    # It operates on three levels:
+    # 1. Configuration Level: Environment-based activation via PgSqlTriggers.kill_switch_enabled
+    # 2. Runtime Level: ENV variable override support (KILL_SWITCH_OVERRIDE)
+    # 3. Explicit Confirmation Level: Typed confirmation text for critical operations
+    #
+    # @example Basic usage in a dangerous operation
+    #   KillSwitch.check!(
+    #     operation: :migrate_up,
+    #     environment: Rails.env,
+    #     confirmation: params[:confirmation_text],
+    #     actor: { type: 'UI', id: current_user.email }
+    #   )
+    #
+    # @example Using override block
+    #   KillSwitch.override(confirmation: "EXECUTE MIGRATE_UP") do
+    #     # dangerous operation here
+    #   end
+    #
+    # @example CLI usage with ENV override
+    #   KILL_SWITCH_OVERRIDE=true CONFIRMATION_TEXT="EXECUTE MIGRATE_UP" rake pg_sql_triggers:migrate
+    #
+    # rubocop:disable Metrics/ModuleLength
+    module KillSwitch
+      # Thread-local storage key for override state
+      OVERRIDE_KEY = :pg_sql_triggers_kill_switch_override
+
+      class << self
+        # Checks if the kill switch is active for the given environment and operation.
+        #
+        # @param environment [String, Symbol, nil] The environment to check (defaults to current environment)
+        # @param operation [String, Symbol, nil] The operation being performed (for logging)
+        # @return [Boolean] true if kill switch is active, false otherwise
+        def active?(environment: nil, operation: nil)
+          # Check if kill switch is globally disabled
+          return false unless kill_switch_enabled?
+
+          # Detect environment
+          env = detect_environment(environment)
+
+          # Check if this environment is protected
+          is_active = protected_environment?(env)
+
+          # Log the check if logger is available and operation is provided
+          if logger && operation
+            logger.debug "[KILL_SWITCH] Check: operation=#{operation} environment=#{env} active=#{is_active}"
+          end
+
+          is_active
+        end
+
+        # Checks if an operation should be blocked by the kill switch.
+        # Raises KillSwitchError if the operation is blocked.
+        #
+        # @param operation [String, Symbol] The operation being performed
+        # @param environment [String, Symbol, nil] The environment (defaults to current)
+        # @param confirmation [String, nil] The confirmation text provided by the user
+        # @param actor [Hash, nil] Information about who is performing the operation
+        # @raise [PgSqlTriggers::KillSwitchError] if the operation is blocked
+        # @return [void]
+        def check!(operation:, environment: nil, confirmation: nil, actor: nil)
+          env = detect_environment(environment)
+
+          # Check if kill switch is active for this environment
+          unless active?(environment: env, operation: operation)
+            log_allowed(operation: operation, environment: env, actor: actor, reason: "not_protected_environment")
+            return
+          end
+
+          # Check for thread-local override
+          if thread_override_active?
+            log_override(operation: operation, environment: env, actor: actor, source: "thread_local")
+            return
+          end
+
+          # Check for ENV override
+          if env_override_active?
+            # If ENV override is present, check confirmation if required
+            if confirmation_required?
+              validate_confirmation!(confirmation, operation)
+              log_override(operation: operation, environment: env, actor: actor, source: "env_with_confirmation",
+                           confirmation: confirmation)
+            else
+              log_override(operation: operation, environment: env, actor: actor, source: "env_without_confirmation")
+            end
+            return
+          end
+
+          # If confirmation is provided, validate it
+          unless confirmation.nil?
+            validate_confirmation!(confirmation, operation)
+            log_override(operation: operation, environment: env, actor: actor, source: "explicit_confirmation",
+                         confirmation: confirmation)
+            return
+          end
+
+          # No override mechanism satisfied - block the operation
+          log_blocked(operation: operation, environment: env, actor: actor)
+          raise_blocked_error(operation: operation, environment: env)
+        end
+
+        # Temporarily overrides the kill switch for the duration of the block.
+        # Uses thread-local storage to ensure thread safety.
+        #
+        # @param confirmation [String, nil] Optional confirmation text
+        # @yield The block to execute with kill switch overridden
+        # @return The return value of the block
+        def override(confirmation: nil)
+          raise ArgumentError, "Block required for kill switch override" unless block_given?
+
+          # Validate confirmation if provided and required
+          if confirmation.present? && confirmation_required?
+            # NOTE: We can't validate against a specific operation here since we don't know it
+            # The block itself will call check! with the operation, which will see the override
+            logger&.info "[KILL_SWITCH] Override block initiated with confirmation: #{confirmation}"
+          end
+
+          # Set thread-local override
+          previous_value = Thread.current[OVERRIDE_KEY]
+          Thread.current[OVERRIDE_KEY] = true
+
+          begin
+            yield
+          ensure
+            # Restore previous value
+            Thread.current[OVERRIDE_KEY] = previous_value
+          end
+        end
+
+        # Validates the confirmation text against the expected pattern for the operation.
+        #
+        # @param confirmation [String, nil] The confirmation text to validate
+        # @param operation [String, Symbol] The operation being confirmed
+        # @raise [PgSqlTriggers::KillSwitchError] if confirmation is invalid
+        # @return [void]
+        def validate_confirmation!(confirmation, operation)
+          expected = expected_confirmation(operation)
+
+          if confirmation.nil? || confirmation.strip.empty?
+            raise PgSqlTriggers::KillSwitchError,
+                  "Confirmation text required. Expected: '#{expected}'"
+          end
+
+          return if confirmation.strip == expected
+
+          raise PgSqlTriggers::KillSwitchError,
+                "Invalid confirmation text. Expected: '#{expected}', got: '#{confirmation.strip}'"
+        end
+
+        private
+
+        # Checks if kill switch is globally enabled in configuration
+        def kill_switch_enabled?
+          return true unless PgSqlTriggers.respond_to?(:kill_switch_enabled)
+
+          # Default to true (fail-safe) if not configured
+          value = PgSqlTriggers.kill_switch_enabled
+          value.nil? || value
+        end
+
+        # Checks if the given environment is protected by the kill switch
+        def protected_environment?(environment)
+          return false if environment.nil?
+
+          protected_envs = if PgSqlTriggers.respond_to?(:kill_switch_environments)
+                             value = PgSqlTriggers.kill_switch_environments
+                             value.nil? ? %i[production staging] : value
+                           else
+                             %i[production staging]
+                           end
+
+          protected_envs = Array(protected_envs).map(&:to_s)
+          protected_envs.include?(environment.to_s)
+        end
+
+        # Detects the current environment
+        def detect_environment(environment)
+          return environment.to_s if environment.present?
+
+          # Try Rails environment
+          return Rails.env.to_s if defined?(Rails) && Rails.respond_to?(:env)
+
+          # Try PgSqlTriggers default_environment
+          if PgSqlTriggers.respond_to?(:default_environment) && PgSqlTriggers.default_environment.respond_to?(:call)
+            begin
+              return PgSqlTriggers.default_environment.call.to_s
+            rescue NameError, NoMethodError # rubocop:disable Lint/ShadowedException
+              # Fall through to next option if default_environment proc references undefined constants
+            end
+          end
+
+          # Fall back to RAILS_ENV or RACK_ENV
+          ENV["RAILS_ENV"] || ENV["RACK_ENV"] || "development"
+        end
+
+        # Checks if thread-local override is active
+        def thread_override_active?
+          Thread.current[OVERRIDE_KEY] == true
+        end
+
+        # Checks if ENV override is active
+        def env_override_active?
+          ENV["KILL_SWITCH_OVERRIDE"]&.downcase == "true"
+        end
+
+        # Checks if confirmation is required for overrides
+        def confirmation_required?
+          return true unless PgSqlTriggers.respond_to?(:kill_switch_confirmation_required)
+
+          # Default to true (safer) if not configured
+          value = PgSqlTriggers.kill_switch_confirmation_required
+          value.nil? || value
+        end
+
+        # Generates the expected confirmation text for an operation
+        def expected_confirmation(operation)
+          if PgSqlTriggers.respond_to?(:kill_switch_confirmation_pattern) &&
+             PgSqlTriggers.kill_switch_confirmation_pattern.respond_to?(:call)
+            PgSqlTriggers.kill_switch_confirmation_pattern.call(operation)
+          else
+            # Default pattern
+            "EXECUTE #{operation.to_s.upcase}"
+          end
+        end
+
+        # Returns the configured logger
+        def logger
+          if PgSqlTriggers.respond_to?(:kill_switch_logger)
+            PgSqlTriggers.kill_switch_logger
+          elsif defined?(Rails) && Rails.respond_to?(:logger)
+            Rails.logger
+          end
+        end
+
+        # Logs an allowed operation
+        def log_allowed(operation:, environment:, actor:, reason:)
+          actor_info = format_actor(actor)
+          logger&.info "[KILL_SWITCH] ALLOWED: operation=#{operation} environment=#{environment} " \
+                       "actor=#{actor_info} reason=#{reason}"
+        end
+
+        # Logs an overridden operation
+        def log_override(operation:, environment:, actor:, source:, confirmation: nil)
+          actor_info = format_actor(actor)
+          conf_info = confirmation ? " confirmation=#{confirmation}" : ""
+          logger&.warn "[KILL_SWITCH] OVERRIDDEN: operation=#{operation} environment=#{environment} " \
+                       "actor=#{actor_info} source=#{source}#{conf_info}"
+        end
+
+        # Logs a blocked operation
+        def log_blocked(operation:, environment:, actor:)
+          actor_info = format_actor(actor)
+          logger&.error "[KILL_SWITCH] BLOCKED: operation=#{operation} environment=#{environment} actor=#{actor_info}"
+        end
+
+        # Formats actor information for logging
+        def format_actor(actor)
+          return "unknown" if actor.nil?
+          return actor.to_s unless actor.is_a?(Hash)
+
+          "#{actor[:type] || 'unknown'}:#{actor[:id] || 'unknown'}"
+        end
+
+        # Raises a kill switch error with helpful message
+        def raise_blocked_error(operation:, environment:)
+          expected = expected_confirmation(operation)
+
+          message = <<~ERROR
+            Kill switch is active for #{environment} environment.
+            Operation '#{operation}' has been blocked for safety.
+
+            To override this protection, you must provide confirmation.
+
+            For CLI/rake tasks, use:
+              KILL_SWITCH_OVERRIDE=true CONFIRMATION_TEXT="#{expected}" rake your:task
+
+            For console operations, use:
+              PgSqlTriggers::SQL::KillSwitch.override(confirmation: "#{expected}") do
+                # your dangerous operation here
+              end
+
+            For UI operations, enter the confirmation text: #{expected}
+
+            This protection prevents accidental destructive operations in production.
+            Make sure you understand the implications before proceeding.
+          ERROR
+
+          raise PgSqlTriggers::KillSwitchError, message
+        end
+      end
+    end
+    # rubocop:enable Metrics/ModuleLength
+  end
+end

data/lib/pg_sql_triggers/testing/dry_run.rb

@@ -27,14 +27,12 @@ module PgSqlTriggers
         trigger_timing = "BEFORE" # Could be configurable
         trigger_level = "ROW"     # Could be configurable
 
-        trigger_sql = <<~SQL.squish
-          CREATE TRIGGER #{@trigger.trigger_name}
-          #{trigger_timing} #{events} ON #{@trigger.table_name}
-          FOR EACH #{trigger_level}
-        SQL
+        trigger_sql = "CREATE TRIGGER #{@trigger.trigger_name} " \
+                      "#{trigger_timing} #{events} ON #{@trigger.table_name} " \
+                      "FOR EACH #{trigger_level}"
 
-        trigger_sql += "WHEN (#{@trigger.condition})\n" if @trigger.condition.present?
-        trigger_sql += "EXECUTE FUNCTION #{definition['function_name']}();"
+        trigger_sql += " WHEN (#{@trigger.condition})" if @trigger.condition.present?
+        trigger_sql += " EXECUTE FUNCTION #{definition['function_name']}();"
 
         sql_parts << {
           type: "CREATE TRIGGER",

data/lib/pg_sql_triggers/testing/function_tester.rb

@@ -8,6 +8,7 @@ module PgSqlTriggers
       end
 
       # Test ONLY the function, not the trigger
+      # rubocop:disable Lint/UnusedMethodArgument
       def test_function_only(test_context: {})
         results = {
           function_created: false,
@@ -16,15 +17,44 @@ module PgSqlTriggers
           output: []
         }
 
+        # Check if function_body is present
+        if @trigger.function_body.blank?
+          results[:success] = false
+          results[:errors] << "Function body is missing"
+          return results
+        end
+
+        # Extract function name to verify it matches
+        function_name_from_body = nil
+        if @trigger.function_body.present?
+          pattern = /CREATE\s+(?:OR\s+REPLACE\s+)?FUNCTION\s+([a-zA-Z_][a-zA-Z0-9_]*)\s*\(/i
+          match = @trigger.function_body.match(pattern)
+          function_name_from_body = match[1] if match
+        end
+
+        # If function_body doesn't contain a valid function definition, fail early
+        unless function_name_from_body
+          results[:success] = false
+          results[:errors] << "Function body does not contain a valid CREATE FUNCTION statement"
+          return results
+        end
+
+        # rubocop:disable Metrics/BlockLength
         ActiveRecord::Base.transaction do
           # Create function in transaction
-          ActiveRecord::Base.connection.execute(@trigger.function_body)
-          results[:function_created] = true
-          results[:output] << "✓ Function created in test transaction"
+          begin
+            ActiveRecord::Base.connection.execute(@trigger.function_body)
+            results[:function_created] = true
+            results[:output] << "✓ Function created in test transaction"
+          rescue ActiveRecord::StatementInvalid, StandardError => e
+            results[:success] = false
+            results[:errors] << "Error during function creation: #{e.message}"
+            # Don't raise here, let it fall through to ensure block for rollback
+          end
 
           # Try to invoke function directly (if test context provided)
           # Note: Empty hash {} is not "present" in Rails, so check if it's not nil
-          if !test_context.nil? && results[:function_created]
+          if results[:function_created]
             # This would require custom invocation logic
             # For now, just verify it was created - if function was successfully created,
             # we can assume it exists and is executable within the transaction
@@ -51,40 +81,50 @@ module PgSqlTriggers
             end
 
             # Verify function exists in database by checking pg_proc
-            # Since the function was created successfully (function_created is true),
-            # it exists and is executable
-            results[:function_executed] = true
-
             # Try to verify via query if function_name is available
             if function_name.present?
-              sanitized_name = ActiveRecord::Base.connection.quote_string(function_name)
-              check_sql = <<~SQL.squish
-                SELECT COUNT(*) as count
-                FROM pg_proc p
-                JOIN pg_namespace n ON p.pronamespace = n.oid
-                WHERE p.proname = '#{sanitized_name}'
-                AND n.nspname = 'public'
-              SQL
-
               begin
+                sanitized_name = begin
+                  ActiveRecord::Base.connection.quote_string(function_name)
+                rescue StandardError => e
+                  # If quote_string fails, use the function name as-is (less safe but allows test to continue)
+                  results[:errors] << "Error during function name sanitization: #{e.message}"
+                  function_name
+                end
+                check_sql = <<~SQL.squish
+                  SELECT COUNT(*) as count
+                  FROM pg_proc p
+                  JOIN pg_namespace n ON p.pronamespace = n.oid
+                  WHERE p.proname = '#{sanitized_name}'
+                  AND n.nspname = 'public'
+                SQL
+
                 result = ActiveRecord::Base.connection.execute(check_sql).first
-                results[:output] << if result && result["count"].to_i.positive?
+                results[:function_executed] = result && result["count"].to_i.positive?
+                results[:output] << if results[:function_executed]
                                       "✓ Function exists and is callable"
                                     else
                                       "✓ Function created (verified via successful creation)"
                                     end
-              rescue StandardError
-                results[:output] << "✓ Function created (verified via successful creation)"
+              rescue ActiveRecord::StatementInvalid, StandardError => e
+                results[:function_executed] = false
+                results[:success] = false
+                results[:errors] << "Error during function verification: #{e.message}"
+                results[:output] << "✓ Function created (verification failed)"
               end
             else
+              # If we can't extract function name, assume it was created successfully
+              # since function_created is true
+              results[:function_executed] = true
               results[:output] << "✓ Function created (execution verified via successful creation)"
             end
           end
 
-          results[:success] = true
-        rescue ActiveRecord::StatementInvalid => e
+          # Set success to true only if no errors occurred and function was created
+          results[:success] = results[:errors].empty? && results[:function_created]
+        rescue ActiveRecord::StatementInvalid, StandardError => e
           results[:success] = false
-          results[:errors] << e.message
+          results[:errors] << e.message unless results[:errors].include?(e.message)
         ensure
           raise ActiveRecord::Rollback
         end
@@ -92,6 +132,7 @@ module PgSqlTriggers
         results[:output] << "\n⚠ Function rolled back (test mode)"
         results
       end
+      # rubocop:enable Lint/UnusedMethodArgument, Metrics/BlockLength
 
       # Check if function already exists in database
       def function_exists?
@@ -100,7 +141,8 @@ module PgSqlTriggers
         rescue StandardError
           {}
         end
-        function_name = definition["function_name"]
+        function_name = definition["function_name"] || definition["name"] ||
+                        definition[:function_name] || definition[:name]
         return false if function_name.blank?
 
         sanitized_name = ActiveRecord::Base.connection.quote_string(function_name)

data/lib/pg_sql_triggers/testing/safe_executor.rb

@@ -26,21 +26,33 @@ module PgSqlTriggers
           end
 
           # Step 2: Create trigger
-          trigger_sql = DryRun.new(@trigger).generate_sql[:sql_parts]
-                              .find { |p| p[:type] == "CREATE TRIGGER" }[:sql]
-          ActiveRecord::Base.connection.execute(trigger_sql)
-          results[:trigger_created] = true
-          results[:output] << "✓ Trigger created successfully"
+          begin
+            sql_parts = DryRun.new(@trigger).generate_sql[:sql_parts]
+            trigger_part = sql_parts.find { |p| p[:type] == "CREATE TRIGGER" }
+            if trigger_part && trigger_part[:sql]
+              ActiveRecord::Base.connection.execute(trigger_part[:sql])
+              results[:trigger_created] = true
+              results[:output] << "✓ Trigger created successfully"
+            else
+              results[:errors] << "Could not find CREATE TRIGGER SQL in generated SQL parts"
+            end
+          rescue StandardError => e
+            results[:errors] << "Error generating trigger SQL: #{e.message}"
+          end
 
           # Step 3: Test with sample data (if provided)
-          if test_data
-            test_sql = build_test_insert(test_data)
-            ActiveRecord::Base.connection.execute(test_sql)
-            results[:test_insert_executed] = true
-            results[:output] << "✓ Test insert executed successfully"
+          if test_data && results[:trigger_created]
+            begin
+              test_sql = build_test_insert(test_data)
+              ActiveRecord::Base.connection.execute(test_sql)
+              results[:test_insert_executed] = true
+              results[:output] << "✓ Test insert executed successfully"
+            rescue StandardError => e
+              results[:errors] << "Error executing test insert: #{e.message}"
+            end
           end
 
-          results[:success] = true
+          results[:success] = results[:errors].empty?
         rescue ActiveRecord::StatementInvalid => e
           results[:success] = false
           results[:errors] << e.message

data/lib/pg_sql_triggers/testing/syntax_validator.rb

@@ -65,10 +65,33 @@ module PgSqlTriggers
           {}
         end
         function_name = definition["function_name"] || "test_validation_function"
+        events = Array(definition["events"] || [])
         sanitized_table = ActiveRecord::Base.connection.quote_string(@trigger.table_name)
         sanitized_function = ActiveRecord::Base.connection.quote_string(function_name)
         sanitized_condition = @trigger.condition
 
+        # Check if condition references OLD values
+        condition_uses_old = sanitized_condition.match?(/\bOLD\./i)
+
+        # Determine which event to use for validation
+        # If condition uses OLD, we must use UPDATE or DELETE since INSERT doesn't have OLD
+        # If condition doesn't use OLD, we can use INSERT
+        if condition_uses_old
+          # Condition references OLD, so it can't be used with INSERT
+          if events.include?("insert")
+            return {
+              valid: false,
+              error: "WHEN condition cannot reference OLD values for INSERT triggers. " \
+                     "Use UPDATE or DELETE events, or modify condition to only use NEW values."
+            }
+          end
+          # Use UPDATE for validation if available (it has OLD), otherwise use DELETE
+          test_event = events.include?("update") ? "UPDATE" : "DELETE"
+        else
+          # Condition doesn't reference OLD, so INSERT is fine
+          test_event = "INSERT"
+        end
+
         # Validate condition by creating a temporary trigger with the condition
         # This is the only way to validate WHEN conditions since they use NEW/OLD
         test_function_sql = <<~SQL.squish
@@ -81,7 +104,7 @@ module PgSqlTriggers
 
         test_trigger_sql = <<~SQL.squish
           CREATE TRIGGER test_validation_trigger
-          BEFORE INSERT ON #{sanitized_table}
+          BEFORE #{test_event} ON #{sanitized_table}
           FOR EACH ROW
           WHEN (#{sanitized_condition})
           EXECUTE FUNCTION #{sanitized_function}();

data/lib/pg_sql_triggers/version.rb

@@ -11,5 +11,5 @@
 # 3. Run: bundle exec rake release
 # See RELEASE.md for detailed release instructions
 module PgSqlTriggers
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

data/lib/pg_sql_triggers.rb

@@ -9,11 +9,24 @@ module PgSqlTriggers
   class DriftError < Error; end
   class KillSwitchError < Error; end
   class ValidationError < Error; end
+  class UnsafeMigrationError < Error; end
 
   # Configuration
   mattr_accessor :kill_switch_enabled
   self.kill_switch_enabled = true
 
+  mattr_accessor :kill_switch_environments
+  self.kill_switch_environments = %i[production staging]
+
+  mattr_accessor :kill_switch_confirmation_required
+  self.kill_switch_confirmation_required = true
+
+  mattr_accessor :kill_switch_confirmation_pattern
+  self.kill_switch_confirmation_pattern = ->(operation) { "EXECUTE #{operation.to_s.upcase}" }
+
+  mattr_accessor :kill_switch_logger
+  self.kill_switch_logger = nil # Will default to Rails.logger if available
+
   mattr_accessor :default_environment
   self.default_environment = -> { Rails.env }
 
@@ -23,6 +36,17 @@ module PgSqlTriggers
   mattr_accessor :excluded_tables
   self.excluded_tables = []
 
+  mattr_accessor :allow_unsafe_migrations
+  self.allow_unsafe_migrations = false
+
+  # Drift states
+  DRIFT_STATE_IN_SYNC = "in_sync"
+  DRIFT_STATE_DRIFTED = "drifted"
+  DRIFT_STATE_MANUAL_OVERRIDE = "manual_override"
+  DRIFT_STATE_DISABLED = "disabled"
+  DRIFT_STATE_DROPPED = "dropped"
+  DRIFT_STATE_UNKNOWN = "unknown"
+
   def self.configure
     yield self
   end