pg_sql_triggers 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e72011f4407b6d60e5002202eedccf7e34c03075faebdf24301f74521e817904
-  data.tar.gz: b9df169c3fecf2a3b5bb34bc6a8fd7c3cad9707ded4297276a9d73af3c57871c
+  metadata.gz: 54f76c538693c37b1572cb914462269eb8c3600473c1a7c26efda0a7e02eefe5
+  data.tar.gz: 8574ff3bb8f835a11f8cec850c5adbff7f17be65a1461b8f8e87242ab3e50b62
 SHA512:
-  metadata.gz: 7868c6518becf693b0d34e28c18423220e8fb29ef6a5bf331123e6f0bec08735d1de582f49064b3140106f1906f1d4430fb569dcea1953c2204e5355552b4e89
-  data.tar.gz: c6d7c92d4588482fe526d7e747d646e5abfcd542d094942348186719bf9b5240d85752e5a3485abe4d72fd21037d013bd155da8e8ddd388d5c36d4dfe88d5fd8
+  metadata.gz: 5e7ccb4983c43cad0aee550a741e341a3feda8a2fd5541be1786a92ffc26894a80eb8081e57493e6eb05697a362cafaa3fee325b288a716f4f1e8c3de989966e
+  data.tar.gz: f24548a2b4fa7f0bb274d11d2085b87e716c44e08923782eee93ffb0d86500892ffca3b6d7c69ba53e1f886743646ac0c8695097589ecb7db4280152b4c1dccf

data/.rubocop.yml

@@ -118,6 +118,21 @@ RSpec/MultipleExpectations:
 RSpec/SpecFilePathFormat:
   Enabled: false
 
+RSpec/AnyInstance:
+  Enabled: false
+
+RSpec/LetSetup:
+  Enabled: false
+
+RSpec/NestedGroups:
+  Enabled: false
+
+RSpec/VerifiedDoubles:
+  Enabled: false
+
+RSpec/RepeatedExample:
+  Enabled: false
+
 # Capybara
 Capybara/RSpec/PredicateMatcher:
   Enabled: false

data/CHANGELOG.md

@@ -7,6 +7,67 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.2.0] - 2026-01-02
+
+### Added
+- **SQL Capsules**: Emergency SQL execution feature for critical operations
+  - Named SQL capsules with environment declaration and purpose description
+  - Capsule class for creating and managing SQL capsules
+  - Executor class for safe, transactional SQL execution
+  - Permission checks (Admin role required for execution)
+  - Kill switch protection for all executions
+  - Checksum calculation and storage in registry
+  - Comprehensive logging of all operations
+  - Web UI for creating, viewing, and executing SQL capsules
+  - Console API: `PgSqlTriggers::SQL::Executor.execute(capsule, actor:, confirmation:)`
+
+- **Drop & Re-Execute Flow**: Operational controls for trigger lifecycle management
+  - `TriggerRegistry#drop!` method for safely dropping triggers
+    - Admin permission required
+    - Kill switch protection
+    - Reason field (required and logged)
+    - Typed confirmation required in protected environments
+    - Transactional execution
+    - Removes trigger from database and registry
+  - `TriggerRegistry#re_execute!` method for fixing drifted triggers
+    - Admin permission required
+    - Kill switch protection
+    - Shows drift diff before execution
+    - Reason field (required and logged)
+    - Typed confirmation required in protected environments
+    - Transactional execution
+    - Drops and re-creates trigger from registry definition
+  - Web UI buttons for drop and re-execute on trigger detail page
+  - Controller actions with proper permission checks and error handling
+  - Interactive modals with reason input and confirmation fields
+  - Drift comparison shown before re-execution
+
+- **Enhanced Permissions Enforcement**:
+  - Console APIs with permission checks:
+    - `PgSqlTriggers::Registry.enable(trigger_name, actor:, confirmation:)`
+    - `PgSqlTriggers::Registry.disable(trigger_name, actor:, confirmation:)`
+    - `PgSqlTriggers::Registry.drop(trigger_name, actor:, reason:, confirmation:)`
+    - `PgSqlTriggers::Registry.re_execute(trigger_name, actor:, reason:, confirmation:)`
+  - Permission checks enforced at console API level
+  - Rake tasks already protected by kill switch
+  - Clear error messages for permission violations
+
+### Fixed
+- Improved error handling for trigger enable/disable operations
+- Better logging for drop and re-execute operations
+- Fixed rubocop linting issues
+
+### Security
+- All destructive operations (drop, re-execute, SQL capsule execution) require Admin permissions
+- Kill switch protection enforced across all new features
+- Typed confirmation required in protected environments
+- Comprehensive audit logging for all operations
+
+## [1.1.1] - 2025-12-31
+
+### Changed
+- Updated git username in repository metadata
+
 ## [1.1.0] - 2025-12-29
 
 ### Added

data/COVERAGE.md

@@ -1,8 +1,8 @@
 # Code Coverage Report
 
-**Total Coverage: 95.4%**
+**Total Coverage: 95.33%**
 
-Covered: 1678 / 1759 lines
+Covered: 2040 / 2140 lines
 
 ---
 
@@ -10,47 +10,51 @@ Covered: 1678 / 1759 lines
 
 | File | Coverage | Covered Lines | Missed Lines | Total Lines |
 |------|----------|---------------|--------------|-------------|
-| `lib/pg_sql_triggers/testing/dry_run.rb` | 100.0% ✅ | 24 | 0 | 24 |
-| `lib/pg_sql_triggers/testing.rb` | 100.0% ✅ | 6 | 0 | 6 |
-| `lib/pg_sql_triggers/registry/validator.rb` | 100.0% ✅ | 5 | 0 | 5 |
-| `lib/pg_sql_triggers/registry.rb` | 100.0% ✅ | 18 | 0 | 18 |
-| `lib/pg_sql_triggers/permissions/checker.rb` | 100.0% ✅ | 15 | 0 | 15 |
-| `lib/pg_sql_triggers/permissions.rb` | 100.0% ✅ | 11 | 0 | 11 |
-| `lib/pg_sql_triggers/migrator/safety_validator.rb` | 100.0% ✅ | 110 | 0 | 110 |
-| `lib/pg_sql_triggers/migrator/pre_apply_diff_reporter.rb` | 100.0% ✅ | 75 | 0 | 75 |
-| `lib/pg_sql_triggers/migrator/pre_apply_comparator.rb` | 100.0% ✅ | 123 | 0 | 123 |
-| `lib/pg_sql_triggers/migration.rb` | 100.0% ✅ | 4 | 0 | 4 |
-| `lib/generators/trigger/migration_generator.rb` | 100.0% ✅ | 27 | 0 | 27 |
-| `lib/generators/pg_sql_triggers/install_generator.rb` | 100.0% ✅ | 18 | 0 | 18 |
-| `lib/pg_sql_triggers/generator/service.rb` | 100.0% ✅ | 93 | 0 | 93 |
-| `lib/pg_sql_triggers/generator/form.rb` | 100.0% ✅ | 36 | 0 | 36 |
-| `lib/pg_sql_triggers/generator.rb` | 100.0% ✅ | 4 | 0 | 4 |
 | `lib/pg_sql_triggers/dsl/trigger_definition.rb` | 100.0% ✅ | 37 | 0 | 37 |
-| `lib/pg_sql_triggers.rb` | 100.0% ✅ | 45 | 0 | 45 |
+| `lib/pg_sql_triggers/generator.rb` | 100.0% ✅ | 4 | 0 | 4 |
+| `lib/pg_sql_triggers/generator/form.rb` | 100.0% ✅ | 36 | 0 | 36 |
+| `lib/pg_sql_triggers/generator/service.rb` | 100.0% ✅ | 101 | 0 | 101 |
+| `lib/generators/pg_sql_triggers/install_generator.rb` | 100.0% ✅ | 18 | 0 | 18 |
+| `lib/generators/trigger/migration_generator.rb` | 100.0% ✅ | 27 | 0 | 27 |
+| `lib/pg_sql_triggers/migration.rb` | 100.0% ✅ | 4 | 0 | 4 |
+| `lib/pg_sql_triggers/migrator/pre_apply_diff_reporter.rb` | 100.0% ✅ | 75 | 0 | 75 |
+| `lib/pg_sql_triggers/migrator/safety_validator.rb` | 100.0% ✅ | 110 | 0 | 110 |
+| `lib/pg_sql_triggers/permissions.rb` | 100.0% ✅ | 11 | 0 | 11 |
+| `lib/pg_sql_triggers/permissions/checker.rb` | 100.0% ✅ | 15 | 0 | 15 |
+| `lib/pg_sql_triggers/registry.rb` | 100.0% ✅ | 41 | 0 | 41 |
+| `lib/pg_sql_triggers/registry/validator.rb` | 100.0% ✅ | 5 | 0 | 5 |
+| `lib/pg_sql_triggers/sql/capsule.rb` | 100.0% ✅ | 28 | 0 | 28 |
+| `lib/pg_sql_triggers/sql/executor.rb` | 100.0% ✅ | 63 | 0 | 63 |
+| `lib/pg_sql_triggers/testing.rb` | 100.0% ✅ | 6 | 0 | 6 |
+| `lib/pg_sql_triggers/testing/syntax_validator.rb` | 100.0% ✅ | 58 | 0 | 58 |
+| `lib/pg_sql_triggers/testing/dry_run.rb` | 100.0% ✅ | 24 | 0 | 24 |
 | `config/initializers/pg_sql_triggers.rb` | 100.0% ✅ | 10 | 0 | 10 |
 | `app/models/pg_sql_triggers/application_record.rb` | 100.0% ✅ | 3 | 0 | 3 |
 | `app/controllers/pg_sql_triggers/application_controller.rb` | 100.0% ✅ | 28 | 0 | 28 |
-| `app/controllers/pg_sql_triggers/dashboard_controller.rb` | 100.0% ✅ | 25 | 0 | 25 |
-| `app/controllers/pg_sql_triggers/migrations_controller.rb` | 100.0% ✅ | 63 | 0 | 63 |
+| `lib/pg_sql_triggers.rb` | 100.0% ✅ | 45 | 0 | 45 |
 | `lib/pg_sql_triggers/dsl.rb` | 100.0% ✅ | 9 | 0 | 9 |
-| `lib/pg_sql_triggers/drift.rb` | 100.0% ✅ | 13 | 0 | 13 |
 | `lib/pg_sql_triggers/drift/db_queries.rb` | 100.0% ✅ | 24 | 0 | 24 |
+| `lib/pg_sql_triggers/drift.rb` | 100.0% ✅ | 13 | 0 | 13 |
+| `lib/pg_sql_triggers/migrator/pre_apply_comparator.rb` | 99.19% ✅ | 122 | 1 | 123 |
 | `lib/pg_sql_triggers/drift/detector.rb` | 98.48% ✅ | 65 | 1 | 66 |
-| `lib/pg_sql_triggers/registry/manager.rb` | 96.36% ✅ | 53 | 2 | 55 |
+| `app/controllers/pg_sql_triggers/sql_capsules_controller.rb` | 97.18% ✅ | 69 | 2 | 71 |
+| `app/controllers/pg_sql_triggers/dashboard_controller.rb` | 96.67% ✅ | 29 | 1 | 30 |
+| `app/controllers/pg_sql_triggers/triggers_controller.rb` | 96.43% ✅ | 81 | 3 | 84 |
 | `lib/generators/pg_sql_triggers/trigger_migration_generator.rb` | 96.3% ✅ | 26 | 1 | 27 |
 | `lib/pg_sql_triggers/sql/kill_switch.rb` | 96.0% ✅ | 96 | 4 | 100 |
 | `lib/pg_sql_triggers/migrator.rb` | 95.42% ✅ | 125 | 6 | 131 |
-| `app/controllers/pg_sql_triggers/generator_controller.rb` | 94.68% ✅ | 89 | 5 | 94 |
+| `lib/pg_sql_triggers/registry/manager.rb` | 95.08% ✅ | 58 | 3 | 61 |
 | `app/controllers/pg_sql_triggers/tables_controller.rb` | 94.44% ✅ | 17 | 1 | 18 |
+| `lib/pg_sql_triggers/database_introspection.rb` | 94.29% ✅ | 66 | 4 | 70 |
 | `lib/pg_sql_triggers/drift/reporter.rb` | 94.12% ✅ | 96 | 6 | 102 |
 | `lib/pg_sql_triggers/engine.rb` | 92.86% ✅ | 13 | 1 | 14 |
-| `lib/pg_sql_triggers/database_introspection.rb` | 92.86% ✅ | 65 | 5 | 70 |
+| `app/models/pg_sql_triggers/trigger_registry.rb` | 92.25% ✅ | 119 | 10 | 129 |
 | `lib/pg_sql_triggers/testing/safe_executor.rb` | 91.89% ✅ | 34 | 3 | 37 |
+| `app/controllers/pg_sql_triggers/generator_controller.rb` | 91.49% ✅ | 86 | 8 | 94 |
 | `lib/pg_sql_triggers/sql.rb` | 90.91% ✅ | 10 | 1 | 11 |
-| `lib/pg_sql_triggers/testing/syntax_validator.rb` | 89.66% ⚠️ | 52 | 6 | 58 |
-| `app/models/pg_sql_triggers/trigger_registry.rb` | 84.62% ⚠️ | 55 | 10 | 65 |
-| `lib/pg_sql_triggers/testing/function_tester.rb` | 79.1% ⚠️ | 53 | 14 | 67 |
-| `config/routes.rb` | 16.67% ❌ | 3 | 15 | 18 |
+| `lib/pg_sql_triggers/testing/function_tester.rb` | 89.55% ⚠️ | 60 | 7 | 67 |
+| `app/controllers/pg_sql_triggers/migrations_controller.rb` | 81.4% ⚠️ | 70 | 16 | 86 |
+| `config/routes.rb` | 12.5% ❌ | 3 | 21 | 24 |
 
 ---
 

data/README.md

@@ -97,12 +97,41 @@ Multi-layered safety mechanism preventing accidental destructive operations in p
 ### Web Dashboard
 Visual interface for managing triggers, running migrations, and executing SQL capsules.
 
+### SQL Capsules
+Emergency SQL execution feature for critical operations with Admin permission requirements, kill switch protection, and comprehensive logging.
+
+### Drop & Re-Execute Flow
+Operational controls for trigger lifecycle management with drop and re-execute capabilities, drift comparison, and required reason logging.
+
 ### Permissions
 Three-tier permission system (Viewer, Operator, Admin) with customizable authorization.
 
+## Console API
+
+PgSqlTriggers provides a comprehensive console API for managing triggers programmatically:
+
+```ruby
+# Enable/disable triggers
+PgSqlTriggers::Registry.enable("users_email_validation", actor: current_user, confirmation: "EXECUTE TRIGGER_ENABLE")
+PgSqlTriggers::Registry.disable("users_email_validation", actor: current_user, confirmation: "EXECUTE TRIGGER_DISABLE")
+
+# Drop and re-execute triggers
+PgSqlTriggers::Registry.drop("old_trigger", actor: current_user, reason: "No longer needed", confirmation: "EXECUTE TRIGGER_DROP")
+PgSqlTriggers::Registry.re_execute("drifted_trigger", actor: current_user, reason: "Fix drift", confirmation: "EXECUTE TRIGGER_RE_EXECUTE")
+
+# Execute SQL capsules
+capsule = PgSqlTriggers::SQL::Capsule.new(
+  name: "emergency_fix",
+  environment: "production",
+  purpose: "Fix critical data issue",
+  sql: "UPDATE users SET status = 'active' WHERE id = 123"
+)
+PgSqlTriggers::SQL::Executor.execute(capsule, actor: current_user, confirmation: "EXECUTE SQL")
+```
+
 ## Examples
 
-For working examples and complete demonstrations, check out the [example repository](https://github.com/samaswin87/pg_triggers_example).
+For working examples and complete demonstrations, check out the [example repository](https://github.com/samaswin/pg_triggers_example).
 
 ## Core Principles
 
@@ -125,7 +154,7 @@ See [COVERAGE.md](COVERAGE.md) for detailed coverage information.
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/samaswin87/pg_sql_triggers.
+Bug reports and pull requests are welcome on GitHub at https://github.com/samaswin/pg_sql_triggers.
 
 ## License
 

data/RELEASE.md

@@ -152,7 +152,7 @@ gem search pg_sql_triggers
 
 ### 11. Create a GitHub Release (Optional but Recommended)
 
-1. Go to https://github.com/samaswin87/pg_sql_triggers/releases
+1. Go to https://github.com/samaswin/pg_sql_triggers/releases
 2. Click "Draft a new release"
 3. Select the tag you just created (e.g., `v1.0.1`)
 4. Use the CHANGELOG entry as the release notes

data/app/controllers/pg_sql_triggers/application_controller.rb

@@ -10,7 +10,7 @@ module PgSqlTriggers
     before_action :check_permissions?
 
     # Helper methods available in views
-    helper_method :current_environment, :kill_switch_active?, :expected_confirmation_text
+    helper_method :current_environment, :kill_switch_active?, :expected_confirmation_text, :current_actor
 
     private
 

data/app/controllers/pg_sql_triggers/dashboard_controller.rb

@@ -2,6 +2,8 @@
 
 module PgSqlTriggers
   class DashboardController < ApplicationController
+    before_action :check_viewer_permission
+
     def index
       @triggers = PgSqlTriggers::TriggerRegistry.order(created_at: :desc)
 
@@ -41,5 +43,13 @@ module PgSqlTriggers
         @per_page = 20
       end
     end
+
+    private
+
+    def check_viewer_permission
+      return if PgSqlTriggers::Permissions.can?(current_actor, :view_triggers)
+
+      redirect_to root_path, alert: "Insufficient permissions. Viewer role required."
+    end
   end
 end

data/app/controllers/pg_sql_triggers/migrations_controller.rb

@@ -4,6 +4,8 @@ module PgSqlTriggers
   # Controller for managing trigger migrations via web UI
   # Provides actions to run migrations up, down, and redo
   class MigrationsController < ApplicationController
+    before_action :check_operator_permission
+
     def up
       # Check kill switch before running migration
       check_kill_switch(operation: :ui_migration_up, confirmation: params[:confirmation_text])
@@ -73,18 +75,16 @@ module PgSqlTriggers
       target_version = params[:version]&.to_i
       PgSqlTriggers::Migrator.ensure_migrations_table!
 
+      current_version = PgSqlTriggers::Migrator.current_version
+      if current_version.zero?
+        flash[:warning] = "No migrations to redo."
+        redirect_to root_path
+        return
+      end
+
       if target_version
-        PgSqlTriggers::Migrator.run_down(target_version)
-        PgSqlTriggers::Migrator.run_up(target_version)
-        flash[:success] = "Migration #{target_version} redone successfully."
+        redo_target_migration(target_version, current_version)
       else
-        current_version = PgSqlTriggers::Migrator.current_version
-        if current_version.zero?
-          flash[:warning] = "No migrations to redo."
-          redirect_to root_path
-          return
-        end
-
         PgSqlTriggers::Migrator.run_down
         PgSqlTriggers::Migrator.run_up
         flash[:success] = "Last migration redone successfully."
@@ -98,5 +98,57 @@ module PgSqlTriggers
       flash[:error] = "Failed to redo migration: #{e.message}"
       redirect_to root_path
     end
+
+    private
+
+    def check_operator_permission
+      return if PgSqlTriggers::Permissions.can?(current_actor, :apply_trigger)
+
+      redirect_to root_path, alert: "Insufficient permissions. Operator role required."
+    end
+
+    def redo_target_migration(target_version, current_version)
+      # For redo, we need to rollback the specific migration and re-apply it
+      # If target_version is the current version, rollback the last migration
+      # Otherwise, rollback to one version before target, then run up to target
+      if current_version == target_version
+        # Rollback the last migration (which is the target)
+        PgSqlTriggers::Migrator.run_down
+      elsif current_version > target_version
+        rollback_to_before_target(target_version)
+      else
+        # Target version is not applied yet, just run it up
+        PgSqlTriggers::Migrator.run_up(target_version)
+        flash[:success] = "Migration #{target_version} redone successfully."
+        redirect_to root_path
+        return
+      end
+
+      # Now run up to the target version
+      PgSqlTriggers::Migrator.run_up(target_version)
+      flash.now[:success] = "Migration #{target_version} redone successfully."
+    end
+
+    def rollback_to_before_target(target_version)
+      # Rollback to one version before target (this will rollback target_version too)
+      # Find the migration just before target_version
+      all_migrations = PgSqlTriggers::Migrator.migrations.sort_by(&:version)
+      prev_migration = all_migrations.find { |m| m.version < target_version }
+      if prev_migration
+        # Rollback to the previous migration (this rolls back target_version)
+        PgSqlTriggers::Migrator.run_down(prev_migration.version)
+      else
+        # No previous migration, target_version is the first migration
+        # Rollback all migrations until we're below target_version
+        rollback_until_below_target(target_version)
+      end
+    end
+
+    def rollback_until_below_target(target_version)
+      while PgSqlTriggers::Migrator.current_version >= target_version
+        PgSqlTriggers::Migrator.run_down
+        break if PgSqlTriggers::Migrator.current_version.zero?
+      end
+    end
   end
 end

data/app/controllers/pg_sql_triggers/sql_capsules_controller.rb

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  class SqlCapsulesController < ApplicationController
+    before_action :check_admin_permission, only: [:execute]
+    before_action :check_operator_permission, only: %i[new create show]
+    before_action :load_capsule, only: %i[show execute]
+
+    def show
+      unless @capsule
+        redirect_to new_sql_capsule_path, alert: "Capsule not found"
+        return
+      end
+
+      @checksum = @capsule.checksum
+      @can_execute = can_execute_capsule?
+    end
+
+    def new
+      @capsule_name = params[:name] || ""
+      @environment = params[:environment] || current_environment
+      @purpose = params[:purpose] || ""
+      @sql = params[:sql] || ""
+    end
+
+    def create
+      # Strip whitespace from parameters
+      @capsule_name = params[:name].to_s.strip
+      @environment = params[:environment].to_s.strip
+      @purpose = params[:purpose].to_s.strip
+      @sql = params[:sql].to_s.strip
+
+      capsule = build_capsule_from_params
+
+      # Save the capsule to registry
+      result = save_capsule_to_registry(capsule)
+
+      if result[:success]
+        redirect_to sql_capsule_path(id: @capsule_name),
+                    notice: "SQL Capsule '#{capsule.name}' created successfully"
+      else
+        flash.now[:alert] = result[:message]
+        render :new
+      end
+    rescue ArgumentError => e
+      flash.now[:alert] = "Invalid capsule: #{e.message}"
+      render :new
+    end
+
+    def execute
+      unless @capsule
+        redirect_to new_sql_capsule_path, alert: "Capsule not found"
+        return
+      end
+
+      # Check kill switch with confirmation
+      check_kill_switch(
+        operation: :execute_sql_capsule,
+        confirmation: params[:confirmation]
+      )
+
+      # Execute the capsule
+      result = PgSqlTriggers::SQL::Executor.execute(
+        @capsule,
+        actor: current_actor,
+        confirmation: params[:confirmation],
+        dry_run: false
+      )
+
+      if result[:success]
+        flash[:notice] = result[:message]
+      else
+        flash[:alert] = result[:message]
+      end
+      redirect_to sql_capsule_path(id: params[:id])
+    rescue PgSqlTriggers::KillSwitchError => e
+      flash[:alert] = "Kill switch blocked execution: #{e.message}"
+      redirect_to sql_capsule_path(id: params[:id])
+    rescue PgSqlTriggers::PermissionError => e
+      flash[:alert] = "Permission denied: #{e.message}"
+      redirect_to sql_capsule_path(id: params[:id])
+    rescue StandardError => e
+      Rails.logger.error("SQL Capsule execution failed: #{e.message}\n#{e.backtrace.join("\n")}")
+      flash[:alert] = "Execution failed: #{e.message}"
+      redirect_to sql_capsule_path(id: params[:id])
+    end
+
+    private
+
+    def check_admin_permission
+      return if PgSqlTriggers::Permissions.can?(current_actor, :execute_sql)
+
+      redirect_to dashboard_path, alert: "Insufficient permissions. Admin role required."
+    end
+
+    def check_operator_permission
+      return if PgSqlTriggers::Permissions.can?(current_actor, :generate_trigger)
+
+      redirect_to dashboard_path, alert: "Insufficient permissions. Operator role required."
+    end
+
+    def build_capsule_from_params
+      PgSqlTriggers::SQL::Capsule.new(
+        name: params[:name].to_s.strip,
+        environment: params[:environment].to_s.strip,
+        purpose: params[:purpose].to_s.strip,
+        sql: params[:sql].to_s.strip
+      )
+    end
+
+    def save_capsule_to_registry(capsule)
+      # Check if capsule already exists
+      existing = PgSqlTriggers::TriggerRegistry.find_by(
+        trigger_name: capsule.registry_trigger_name,
+        source: "manual_sql"
+      )
+
+      if existing
+        return {
+          success: false,
+          message: "A capsule with this name already exists. Please choose a different name."
+        }
+      end
+
+      # Create new registry entry
+      registry_entry = PgSqlTriggers::TriggerRegistry.new(
+        trigger_name: capsule.registry_trigger_name,
+        table_name: "manual_sql_execution",
+        version: Time.current.to_i,
+        checksum: capsule.checksum,
+        source: "manual_sql",
+        function_body: capsule.sql,
+        condition: capsule.purpose,
+        environment: capsule.environment,
+        enabled: false # Not executed yet
+      )
+
+      if registry_entry.save
+        { success: true, message: "Capsule saved successfully" }
+      else
+        { success: false, message: "Failed to save capsule: #{registry_entry.errors.full_messages.join(', ')}" }
+      end
+    rescue StandardError => e
+      Rails.logger.error("Failed to save capsule to registry: #{e.message}")
+      { success: false, message: "Failed to save capsule: #{e.message}" }
+    end
+
+    def load_capsule
+      return if params[:id].blank?
+
+      @capsule = PgSqlTriggers::SQL::Executor.send(
+        :load_capsule_from_registry,
+        params[:id]
+      )
+    end
+
+    def can_execute_capsule?
+      PgSqlTriggers::Permissions.can?(current_actor, :execute_sql)
+    end
+  end
+end