query_console 0.2.0 → 0.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c73054ef91ed2d89682d757f0ec545db4f43273b32df46b9a1f57b8f72d92a2
-  data.tar.gz: 753f12bc25e012af3233b96d0c7326f7df307219aea79740f232d9e7dda41def
+  metadata.gz: 3a47be0c8cd2c38f02425d2bbdd1a077c8dc2ca7903a336cf05bbc5d39042e86
+  data.tar.gz: e7f5487b5ea34bc21280d87181a5b74afcc4b12f9f592894801838bc84d82686
 SHA512:
-  metadata.gz: 0a0eff39813e9f070ef5df3b2965b0d6c39c4bb34c958efb2511bfec614c40fed59d76406b9b119b78a8f9e9e41914810aab439f2f9ea4555843f785ac787cdf
-  data.tar.gz: d3ef86f6fd078fa1844b38212acf27def791c8031886c9132f6b476b06db344687d37b1c97930cd514f487dd25b048263f04927c9f19c71e1e4c5013253f9840
+  metadata.gz: b5987fca8610f57bc4f83eee25adb96bd073a72e2dbe34fc7e4c989d11281f89812c9d2d8ced545ee22a2f501e800ad2292e429b889c4194aedf5eb6ffa13e78
+  data.tar.gz: dc2f080870957fac2ac78a764036e843b3af76b6f2c85ce3385a14e2b9dc563312f7dac1defa1a757d36a6db3bf0633230b338a10c31b3f0f9326710cd47b58a

data/README.md

@@ -1,26 +1,76 @@
 # QueryConsole
 
-A Rails engine that provides a secure, mountable web interface for running read-only SQL queries against your application's database.
+[![Gem Version](https://badge.fury.io/rb/query_console.svg)](https://badge.fury.io/rb/query_console)
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](MIT-LICENSE)
+[![Ruby](https://img.shields.io/badge/ruby-%3E%3D%203.1-ruby.svg)](https://www.ruby-lang.org)
+[![Rails](https://img.shields.io/badge/rails-%3E%3D%207.0-red.svg)](https://rubyonrails.org)
+
+A Rails engine that provides a secure, mountable web interface for running SQL queries against your application's database. Read-only by default with optional DML support.
+
+![Query Console Interface](docs/images/query-execution.png)
+*Modern, responsive SQL query interface with schema explorer, query management, and real-time execution*
+
+## Table of Contents
+
+- [Features](#features)
+- [Screenshots](#screenshots)
+- [Security Features](#security-features)
+- [Installation](#installation)
+- [Configuration](#configuration)
+- [Usage](#usage)
+- [Security Considerations](#security-considerations)
+- [Development](#development)
+- [Troubleshooting](#troubleshooting)
+- [Contributing](#contributing)
+- [Changelog](#changelog)
 
 ## Features
 
-### Core Features (v0.1.0)
-- 🔒 **Security First**: Read-only queries enforced at multiple levels
+### Security & Control
+- 🔒 **Security First**: Read-only by default with multi-layer enforcement
 - 🚦 **Environment Gating**: Disabled by default in production
 - 🔑 **Flexible Authorization**: Integrate with your existing auth system
-- 📊 **Modern UI**: Clean, responsive interface with query history
-- 📝 **Audit Logging**: All queries logged with actor information
 - ⚡ **Resource Protection**: Configurable row limits and query timeouts
-- 💾 **Client-Side History**: Query history stored in browser localStorage
-- ⚡ **Hotwire-Powered**: Uses Turbo Frames and Stimulus for smooth, SPA-like experience
-- 🎨 **Zero Build Step**: CDN-hosted Hotwire, no asset compilation needed
+- 📝 **Comprehensive Audit Logging**: All queries logged with actor information and metadata
+- 🔐 **Optional DML Support**: Enable INSERT/UPDATE/DELETE with confirmation dialogs
 
-### New in v0.2.0 🚀
+### Query Execution
 - 📊 **EXPLAIN Query Plans**: Analyze query execution plans for performance debugging
+- ✅ **Smart Validation**: SQL validation with keyword blocking and statement isolation
+- 🎯 **Accurate Results**: Proper row counts for both SELECT and DML operations
+- ⏱️ **Query Timeout**: Configurable timeout to prevent long-running queries
+
+### User Interface
+- 📊 **Modern UI**: Clean, responsive interface with real-time updates
 - 🗂️ **Schema Explorer**: Browse tables, columns, types with quick actions
-- 💾 **Saved Queries**: Save, organize, import/export your important queries (client-side)
-- 🎨 **Tabbed UI**: Switch between History and Schema views seamlessly
+- 💾 **Query Management**: Save, organize, import/export queries (client-side)
+- 📜 **Query History**: Client-side history stored in browser localStorage
+- 🎨 **Tabbed Navigation**: Switch between History, Schema, and Saved Queries seamlessly
 - 🔍 **Quick Actions**: Generate queries from schema, copy names, insert WHERE clauses
+- ⚡ **Hotwire-Powered**: Turbo Frames and Stimulus for smooth, SPA-like experience
+- 🎨 **Zero Build Step**: CDN-hosted dependencies, no asset compilation needed
+
+## Screenshots
+
+### Query Execution with Results
+![Query Execution](docs/images/query-execution.png)
+*Execute SQL queries with real-time results, execution time, and row counts displayed in a clean, scrollable table*
+
+### Schema Explorer
+![Schema Browser](docs/images/schema-explorer.png)
+*Browse database tables, columns with data types, nullable status, and quick-action buttons (Insert, WHERE, Copy Table Name)*
+
+### DML Operations with Safety Features
+![DML Results Banner](docs/images/dml-results.png)
+*DML operations show "Data Modified" banner, accurate "Rows Affected" count, and permanent change confirmation. A browser confirmation dialog appears before execution (not shown - browser native UI).*
+
+### Query History
+![Query History](docs/images/query-history.png)
+*Access recent queries with timestamps - click any query to load it into the editor instantly*
+
+### Saved Queries Management
+![Saved Queries](docs/images/saved-queries.png)
+*Save important queries with names and tags, then load, export, or import them with one click*
 
 ## Security Features
 
@@ -28,12 +78,13 @@ QueryConsole implements multiple layers of security:
 
 1. **Environment Gating**: Only enabled in configured environments (development by default)
 2. **Authorization Hook**: Requires explicit authorization configuration
-3. **SQL Validation**: Only SELECT and WITH (CTE) queries allowed
-4. **Keyword Blocking**: Blocks all write operations (UPDATE, DELETE, INSERT, DROP, etc.)
-5. **Statement Isolation**: Prevents multiple statement execution
-6. **Row Limiting**: Automatic result limiting to prevent resource exhaustion
-7. **Query Timeout**: Configurable timeout to prevent long-running queries
-8. **Audit Trail**: All queries logged with structured data
+3. **Read-Only by Default**: Only SELECT and WITH (CTE) queries allowed by default
+4. **Optional DML with Safeguards**: INSERT/UPDATE/DELETE available when explicitly enabled, with mandatory user confirmation dialogs
+5. **Keyword Blocking**: Always blocks DDL operations (DROP, ALTER, CREATE, TRUNCATE, etc.)
+6. **Statement Isolation**: Prevents multiple statement execution
+7. **Row Limiting**: Automatic result limiting to prevent resource exhaustion
+8. **Query Timeout**: Configurable timeout to prevent long-running queries
+9. **Comprehensive Audit Trail**: All queries logged with actor, query type, and execution metadata
 
 ## Installation
 
@@ -79,7 +130,7 @@ QueryConsole.configure do |config|
   # config.max_rows = 1000
   # config.timeout_ms = 5000
   
-  # v0.2.0+ Features
+  # Advanced Features
   # EXPLAIN feature (default: enabled)
   # config.enable_explain = true
   # config.enable_explain_analyze = false  # Disabled by default for safety
@@ -129,6 +180,93 @@ config.authorize = ->(_controller) { true }
 | `timeout_ms` | `3000` | Query timeout in milliseconds |
 | `forbidden_keywords` | See code | SQL keywords that are blocked |
 | `allowed_starts_with` | `["select", "with"]` | Allowed query starting keywords |
+| `enable_dml` | `false` | Enable DML queries (INSERT, UPDATE, DELETE) |
+| `enable_explain` | `true` | Enable EXPLAIN query plans |
+| `enable_explain_analyze` | `false` | Enable EXPLAIN ANALYZE (use with caution) |
+| `schema_explorer` | `true` | Enable schema browser |
+| `schema_cache_seconds` | `60` | Schema cache duration in seconds |
+
+### DML (Data Manipulation Language) Support
+
+By default, Query Console is **read-only**. To enable DML operations (INSERT, UPDATE, DELETE):
+
+```ruby
+QueryConsole.configure do |config|
+  config.enable_dml = true
+  
+  # Recommended: Restrict to specific environments
+  config.enabled_environments = ["development", "staging"]
+end
+```
+
+#### Important Security Notes
+
+- **DML is disabled by default** for safety
+- When enabled, INSERT, UPDATE, DELETE, and MERGE queries are permitted
+- All DML operations are logged with actor information and query type
+- No transaction support - queries auto-commit immediately
+- Consider additional application-level authorization for production use
+
+#### What's Still Blocked
+
+Even with DML enabled, these operations remain **forbidden**:
+- `DROP`, `ALTER`, `CREATE` (schema changes)
+- `TRUNCATE` (bulk deletion)
+- `GRANT`, `REVOKE` (permission changes)
+- `EXECUTE`, `EXEC` (stored procedures)
+- `TRANSACTION`, `COMMIT`, `ROLLBACK` (manual transaction control)
+- System procedures (`sp_`, `xp_`)
+
+#### UI Behavior with DML
+
+When DML is enabled and a DML query is detected:
+- **Before execution**: A confirmation dialog appears with a clear warning about permanent data modifications
+- User must explicitly confirm to proceed (can click "Cancel" to abort)
+- **After execution**: An informational banner shows: "ℹ️ Data Modified: This query has modified the database"
+- **Rows Affected** count is displayed (e.g., "3 row(s) affected") showing how many rows were inserted/updated/deleted
+- The security banner reflects DML status
+- All changes are permanent and logged
+
+#### Database Support
+
+DML operations work on all supported databases:
+- **SQLite**: INSERT, UPDATE, DELETE
+- **PostgreSQL**: INSERT, UPDATE, DELETE, MERGE (via INSERT ... ON CONFLICT)
+- **MySQL**: INSERT, UPDATE, DELETE, REPLACE
+
+#### Enhanced Audit Logging
+
+DML queries are logged with additional metadata:
+
+```ruby
+{
+  component: "query_console",
+  actor: "user@example.com",
+  sql: "UPDATE users SET active = true WHERE id = 123",
+  duration_ms: 12.5,
+  rows: 1,
+  status: "ok",
+  query_type: "UPDATE",     # NEW: Query type classification
+  is_dml: true              # NEW: DML flag
+}
+```
+
+#### Example DML Queries
+
+```sql
+-- Insert a new record
+INSERT INTO users (name, email) VALUES ('John Doe', 'john@example.com');
+
+-- Update existing records
+UPDATE users SET active = true WHERE id = 123;
+
+-- Delete specific records
+DELETE FROM sessions WHERE expires_at < NOW();
+
+-- PostgreSQL upsert
+INSERT INTO settings (key, value) VALUES ('theme', 'dark')
+ON CONFLICT (key) DO UPDATE SET value = 'dark';
+```
 
 ## Mounting
 
@@ -166,14 +304,17 @@ Then visit: `http://localhost:3000/query_console`
 - `WITH active_users AS (SELECT * FROM users WHERE active = true) SELECT * FROM active_users`
 - Queries with JOINs, ORDER BY, GROUP BY, etc.
 
-❌ **Blocked**:
-- `UPDATE users SET name = 'test'`
-- `DELETE FROM users`
-- `INSERT INTO users VALUES (...)`
-- `DROP TABLE users`
-- `SELECT * FROM users; DELETE FROM users` (multiple statements)
+❌ **Blocked** (by default):
+- `UPDATE users SET name = 'test'` (unless `enable_dml = true`)
+- `DELETE FROM users` (unless `enable_dml = true`)
+- `INSERT INTO users VALUES (...)` (unless `enable_dml = true`)
+- `DROP TABLE users` (always blocked)
+- `TRUNCATE TABLE users` (always blocked)
+- `SELECT * FROM users; DELETE FROM users` (multiple statements always blocked)
 - Any query containing forbidden keywords
 
+**Note**: With `config.enable_dml = true`, INSERT, UPDATE, DELETE, and MERGE queries become allowed.
+
 ## Example Queries
 
 ```sql
@@ -390,12 +531,28 @@ Created by [Johnson Gnanasekar](https://github.com/JohnsonGnanasekar)
 
 ## Changelog
 
-### 0.1.0 (Initial Release)
-
-- Basic query console with read-only enforcement
-- Environment gating and authorization hooks
-- SQL validation and row limiting
-- Query timeout protection
-- Client-side history with localStorage
-- Comprehensive test suite
-- Audit logging
+See [CHANGELOG.md](CHANGELOG.md) for detailed version history.
+
+### Recent Updates
+
+#### Latest (DML Support)
+- ✨ **Optional DML Support**: INSERT/UPDATE/DELETE with mandatory confirmation dialogs
+- 🎯 **Accurate Row Counts**: Proper affected rows tracking for DML operations
+- 🔒 **Enhanced Security**: Pre-execution confirmation with detailed warnings
+- 📝 **Enhanced Audit Logging**: Query type classification and DML flags
+- 🗃️ **Multi-Database Support**: SQLite, PostgreSQL, MySQL compatibility
+
+#### v0.2.0 (January 2026)
+- 📊 **EXPLAIN Plans**: Query execution plan analysis
+- 🗂️ **Schema Explorer**: Interactive table/column browser with quick actions
+- 💾 **Saved Queries**: Client-side query management with import/export
+- 🎨 **Modern UI**: Tabbed navigation and collapsible sections
+- 🔍 **Quick Actions**: Generate queries from schema explorer
+
+#### v0.1.0 (Initial Release)
+- 🔒 Read-only query console with security enforcement
+- 🚦 Environment gating and authorization hooks
+- ✅ SQL validation and row limiting
+- ⏱️ Query timeout protection
+- 📜 Client-side history with localStorage
+- ✅ Comprehensive test suite and audit logging

data/app/controllers/query_console/explain_controller.rb

@@ -1,7 +1,5 @@
 module QueryConsole
   class ExplainController < ApplicationController
-    skip_forgery_protection only: [:create] # Allow Turbo Frame POST requests
-
     def create
       sql = params[:sql]
 
@@ -9,11 +7,11 @@ module QueryConsole
         @result = ExplainRunner::ExplainResult.new(error: "Query cannot be empty")
         respond_to do |format|
           format.turbo_stream do
-            render turbo_stream: turbo_stream.replace(
-              "explain-results",
-              partial: "explain/results",
-              locals: { result: @result }
-            )
+        render turbo_stream: turbo_stream.replace(
+          "explain-results",
+          partial: "query_console/explain/results",
+          locals: { result: @result }
+        )
           end
           format.html { render "explain/_results", layout: false, locals: { result: @result } }
         end

data/app/controllers/query_console/queries_controller.rb

@@ -1,7 +1,5 @@
 module QueryConsole
   class QueriesController < ApplicationController
-    skip_forgery_protection only: [:run] # Allow Turbo Frame POST requests
-    
     def new
       # Render the main query editor page
     end
@@ -21,6 +19,7 @@ module QueryConsole
       # Execute the query
       runner = Runner.new(sql)
       @result = runner.execute
+      @is_dml = @result.dml?
 
       # Log the query execution
       AuditLogger.log_query(
@@ -35,7 +34,7 @@ module QueryConsole
           render turbo_stream: turbo_stream.replace(
             "query-results",
             partial: "results",
-            locals: { result: @result }
+            locals: { result: @result, is_dml: @is_dml }
           )
         end
         format.html { render :_results, layout: false }

data/app/javascript/query_console/controllers/editor_controller.js

@@ -1,77 +1,214 @@
 import { Controller } from "@hotwired/stimulus"
+import { EditorView, keymap } from "@codemirror/view"
+import { EditorState } from "@codemirror/state"
+import { sql } from "@codemirror/lang-sql"
+import { defaultKeymap } from "@codemirror/commands"
+import { autocompletion } from "@codemirror/autocomplete"
 
-// Manages the SQL editor textarea and query execution
+// Manages the SQL editor with CodeMirror and query execution
 // Usage: <div data-controller="editor">
 export default class extends Controller {
-  static targets = ["textarea", "runButton", "clearButton", "results"]
+  static targets = ["container"]
 
   connect() {
+    this.initializeCodeMirror()
+    
     // Listen for history load events
     this.element.addEventListener('history:load', (event) => {
       this.loadQuery(event.detail.sql)
     })
   }
 
-  // Load query into textarea (from history)
+  disconnect() {
+    if (this.view) {
+      this.view.destroy()
+    }
+  }
+
+  initializeCodeMirror() {
+    const sqlLanguage = sql()
+    
+    const startState = EditorState.create({
+      doc: "SELECT * FROM users LIMIT 10;",
+      extensions: [
+        sqlLanguage.extension,
+        autocompletion(),
+        keymap.of(defaultKeymap),
+        EditorView.lineWrapping,
+        EditorView.theme({
+          "&": {
+            fontSize: "14px",
+            border: "1px solid #ddd",
+            borderRadius: "4px"
+          },
+          ".cm-content": {
+            fontFamily: "'Monaco', 'Menlo', 'Courier New', monospace",
+            minHeight: "200px",
+            padding: "12px"
+          },
+          ".cm-scroller": {
+            overflow: "auto"
+          },
+          "&.cm-focused": {
+            outline: "none"
+          }
+        })
+      ]
+    })
+
+    this.view = new EditorView({
+      state: startState,
+      parent: this.containerTarget
+    })
+  }
+
+  // Get SQL content from CodeMirror
+  getSql() {
+    return this.view.state.doc.toString()
+  }
+
+  // Set SQL content in CodeMirror
+  setSql(text) {
+    this.view.dispatch({
+      changes: {
+        from: 0,
+        to: this.view.state.doc.length,
+        insert: text
+      }
+    })
+    this.view.focus()
+  }
+
+  // Insert text at cursor position
+  insertAtCursor(text) {
+    const selection = this.view.state.selection.main
+    this.view.dispatch({
+      changes: {
+        from: selection.from,
+        to: selection.to,
+        insert: text
+      },
+      selection: {
+        anchor: selection.from + text.length
+      }
+    })
+    this.view.focus()
+  }
+
+  // Load query into editor (from history)
   loadQuery(sql) {
-    this.textareaTarget.value = sql
-    this.textareaTarget.focus()
+    this.setSql(sql)
     
     // Scroll to editor
     this.element.scrollIntoView({ behavior: 'smooth', block: 'start' })
   }
 
-  // Clear textarea
-  clear(event) {
-    event.preventDefault()
-    this.textareaTarget.value = ''
-    this.textareaTarget.focus()
+  // Clear editor
+  clearEditor() {
+    this.setSql('')
+    
+    // Clear query results
+    const queryFrame = document.querySelector('turbo-frame#query-results')
+    if (queryFrame) {
+      queryFrame.innerHTML = '<div style="color: #6c757d; text-align: center; padding: 40px; margin-top: 20px;"><p>Enter a query above and click "Run Query" to see results here.</p></div>'
+    }
+    
+    // Clear explain results
+    const explainFrame = document.querySelector('turbo-frame#explain-results')
+    if (explainFrame) {
+      explainFrame.innerHTML = ''
+    }
+  }
+
+  // Check if query is a DML operation
+  isDmlQuery(sql) {
+    const trimmed = sql.trim().toLowerCase()
+    return /^(insert|update|delete|merge)\b/.test(trimmed)
   }
 
-  // Handle form submission
-  submit(event) {
-    const sql = this.textareaTarget.value.trim()
-    
+  // Run query
+  runQuery() {
+    const sql = this.getSql().trim()
     if (!sql) {
-      event.preventDefault()
       alert('Please enter a SQL query')
       return
     }
-
-    // Show loading state
-    this.runButtonTarget.disabled = true
-    this.runButtonTarget.textContent = 'Running...'
     
-    // After Turbo completes the request, we'll handle success/error
-  }
-
-  // Called after successful query execution (via Turbo)
-  querySuccess(event) {
-    // Re-enable button
-    this.runButtonTarget.disabled = false
-    this.runButtonTarget.textContent = 'Run Query'
+    // Check if it's a DML query and confirm with user
+    if (this.isDmlQuery(sql)) {
+      const confirmed = confirm(
+        '⚠️ DATA MODIFICATION WARNING\n\n' +
+        'This query will INSERT, UPDATE, or DELETE data.\n\n' +
+        '• All changes are PERMANENT and cannot be undone\n' +
+        '• All operations are logged\n\n' +
+        'Do you want to proceed?'
+      )
+      
+      if (!confirmed) {
+        return // User cancelled
+      }
+    }
     
-    // Dispatch event to add to history
-    const sql = this.textareaTarget.value.trim()
-    this.dispatch('executed', { 
-      detail: { 
-        sql: sql,
-        timestamp: new Date().toISOString()
-      },
-      target: document.querySelector('[data-controller="history"]')
-    })
+    // Clear explain results when running query
+    const explainFrame = document.querySelector('turbo-frame#explain-results')
+    if (explainFrame) {
+      explainFrame.innerHTML = ''
+    }
+    
+    // Store for history
+    window._lastExecutedSQL = sql
+    
+    // Get CSRF token
+    const csrfToken = document.querySelector('meta[name=csrf-token]')?.content
+    
+    // Create form with Turbo Frame target
+    const form = document.createElement('form')
+    form.method = 'POST'
+    form.action = this.element.dataset.runPath
+    form.setAttribute('data-turbo-frame', 'query-results')
+    form.innerHTML = `
+      <input type="hidden" name="sql" value="${this.escapeHtml(sql)}">
+      <input type="hidden" name="authenticity_token" value="${csrfToken}">
+    `
+    document.body.appendChild(form)
+    form.requestSubmit()
+    document.body.removeChild(form)
   }
 
-  // Called after failed query execution
-  queryError(event) {
-    this.runButtonTarget.disabled = false
-    this.runButtonTarget.textContent = 'Run Query'
+  // Explain query
+  explainQuery() {
+    const sql = this.getSql().trim()
+    if (!sql) {
+      alert('Please enter a SQL query')
+      return
+    }
+    
+    // Clear query results when running explain
+    const queryFrame = document.querySelector('turbo-frame#query-results')
+    if (queryFrame) {
+      queryFrame.innerHTML = ''
+    }
+    
+    // Get CSRF token
+    const csrfToken = document.querySelector('meta[name=csrf-token]')?.content
+    
+    // Create form with Turbo Frame target
+    const form = document.createElement('form')
+    form.method = 'POST'
+    form.action = this.element.dataset.explainPath
+    form.setAttribute('data-turbo-frame', 'explain-results')
+    form.innerHTML = `
+      <input type="hidden" name="sql" value="${this.escapeHtml(sql)}">
+      <input type="hidden" name="authenticity_token" value="${csrfToken}">
+    `
+    document.body.appendChild(form)
+    form.requestSubmit()
+    document.body.removeChild(form)
   }
 
-  // Handle Turbo Frame errors
-  turboFrameError(event) {
-    console.error('Turbo Frame error:', event.detail)
-    this.runButtonTarget.disabled = false
-    this.runButtonTarget.textContent = 'Run Query'
+  escapeHtml(text) {
+    const div = document.createElement('div')
+    div.textContent = text
+    return div.innerHTML
   }
 }

data/app/services/query_console/audit_logger.rb

@@ -15,7 +15,9 @@ module QueryConsole
         actor: resolved_actor,
         sql: sql.to_s.strip,
         duration_ms: result.execution_time_ms,
-        status: result.success? ? "ok" : "error"
+        status: result.success? ? "ok" : "error",
+        query_type: determine_query_type(sql),
+        is_dml: is_dml_query?(sql)
       }
 
       # Add row count if available (for QueryResult)
@@ -36,6 +38,22 @@ module QueryConsole
       Rails.logger.info(log_data.to_json)
     end
 
+    def self.is_dml_query?(sql)
+      sql.to_s.strip.downcase.match?(/\A(insert|update|delete|merge)\b/)
+    end
+
+    def self.determine_query_type(sql)
+      case sql.to_s.strip.downcase
+      when /\Aselect\b/ then "SELECT"
+      when /\Awith\b/ then "WITH"
+      when /\Ainsert\b/ then "INSERT"
+      when /\Aupdate\b/ then "UPDATE"
+      when /\Adelete\b/ then "DELETE"
+      when /\Amerge\b/ then "MERGE"
+      else "UNKNOWN"
+      end
+    end
+
     def self.determine_error_class(error_message)
       case error_message
       when /timeout/i
@@ -46,6 +64,10 @@ module QueryConsole
         "SecurityError"
       when /must start with/i
         "ValidationError"
+      when /cannot delete/i, /cannot update/i, /cannot insert/i
+        "DMLError"
+      when /foreign key constraint/i, /constraint.*violated/i
+        "ConstraintError"
       else
         "QueryError"
       end