RubyGems - rails-pg-extras-mcp - Versions diffs - 0.2.4 → 0.2.6 - Mend

rails-pg-extras-mcp 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/rails-pg-extras-mcp.rb +37 -24
data/lib/rails_pg_extras_mcp/validate_query.rb +50 -0
data/lib/rails_pg_extras_mcp/version.rb +1 -1
data/rails-pg-extras-mcp.gemspec +1 -0
data/spec/smoke_spec.rb +1 -1
data/spec/validate_query_spec.rb +66 -0
metadata +19 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c325326b879c8e447cb8865244a6dba60d3acfe611720bc838c0d71b2d77be91
-  data.tar.gz: a35cca49706ea0e8ecc7143bdbebe64664ddcdab223221b37bae97c228558ed5
+  metadata.gz: 1b7ef071e268c78304c699be7ffef21a2797bff1eac7d16223b8383b7112d755
+  data.tar.gz: fb974d7e4ce85b429c8a7b29cbf4c1a2425132afd326a81bc3500d5577c4db81
 SHA512:
-  metadata.gz: 6b9af0e9a1c41158e7b231060cc56f8ea97f7eba97674f05446fac42b8299c6ab17ef72b1260a69dc9d1d6ff4cefb364490bf0b6bc65020286676935b786479a
-  data.tar.gz: 5d55fc2ec81088a21749e56b55c07e50cdd19ce187faceeecfde4933beaf3cd89065a7a8196df997d7de4e073f3f48834ddabf8f2bc1e3b0b771dd7b062f48d6
+  metadata.gz: 3ad442345f1c4879c0310ebe6f0fbc6f3c431176bfd146fb86cda194f50b34a89599c202d5683cf27a52e5a4e0dac9db76ad08d8a1decb5d97ebce68b91adc57
+  data.tar.gz: 22e94431fdad9ba2f87a37ab3741592f8ff3074b254c9e09052a9f2f2a6a0fee463f89afe981fb5777aa745ffe3d1a3b9ba9a2d3d56bfae94fff69c0c199b831

data/lib/rails-pg-extras-mcp.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require "rack"
 require "ruby-pg-extras"
 require "rails-pg-extras"
 require "rails_pg_extras_mcp/version"
+require "rails_pg_extras_mcp/validate_query"
 SKIP_QUERIES = %i[
   add_extensions
@@ -65,31 +66,19 @@ class DiagnoseTool < FastMcp::Tool
 end
 class ExplainBaseTool < FastMcp::Tool
-  DENYLIST = %w[
-    delete,
-    insert,
-    update,
-    truncate,
-    drop,
-    alter,
-    create,
-    grant,
-    begin,
-    commit
-  ]
-  def call(sql_query:)
+  def call(sql_query: nil)
     connection = RailsPgExtras.connection
-    if DENYLIST.any? { |deny| sql_query.downcase.include?(deny) }
-      raise "This query is not allowed. It contains a denied keyword. Denylist: #{DENYLIST.join(", ")}"
-    end
-    connection.execute("BEGIN")
-    result = connection.execute("#{sql_query}")
-    connection.execute("ROLLBACK")
-    result.to_a
+    connection.execute("BEGIN;")
+    begin
+      result = connection.execute("#{sql_query}")
+      connection.execute("ROLLBACK;")
+      result.to_a
+    rescue => e
+      connection.execute("ROLLBACK;") rescue nil
+      raise e
+    end
   end
 end
@@ -105,8 +94,14 @@ class ExplainTool < ExplainBaseTool
   end
   def call(sql_query:)
-    if sql_query.downcase.include?("analyze")
-      raise "This query is not allowed. It contains a denied ANALYZE keyword."
+    if sql_query.to_s.empty?
+      return "sql_query param is required"
+    end
+    begin
+      ValidateQuery.new(sql_query).call
+    rescue ValidateQuery::InvalidQueryError => e
+      return e.message
     end
     super(sql_query: "EXPLAIN #{sql_query}")
@@ -125,6 +120,16 @@ class ExplainAnalyzeTool < ExplainBaseTool
   end
   def call(sql_query:)
+    if sql_query.to_s.empty?
+      return "sql_query param is required"
+    end
+    begin
+      ValidateQuery.new(sql_query).call
+    rescue ValidateQuery::InvalidQueryError => e
+      return e.message
+    end
     super(sql_query: "EXPLAIN ANALYZE #{sql_query}")
   end
 end
@@ -137,6 +142,10 @@ class IndexInfoTool < FastMcp::Tool
   end
   def call(table_name:)
+    if table_name.to_s.empty?
+      return "table_name param is required"
+    end
     RailsPgExtras.index_info(args: { table_name: table_name }, in_format: :hash)
   end
@@ -153,6 +162,10 @@ class TableInfoTool < FastMcp::Tool
   end
   def call(table_name:)
+    if table_name.to_s.empty?
+      return "table_name param is required"
+    end
     RailsPgExtras.table_info(args: { table_name: table_name }, in_format: :hash)
   end

data/lib/rails_pg_extras_mcp/validate_query.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'pg_query'
+class ValidateQuery
+  InvalidQueryError = Class.new(StandardError)
+  DENYLIST = %w[
+    delete
+    insert
+    update
+    truncate
+    drop
+    alter
+    create
+    grant
+    begin
+    commit
+    explain
+    analyze
+  ].freeze
+  def initialize(sql_query)
+    @sql_query = sql_query.to_s.strip
+  end
+  def call
+    raise InvalidQueryError, "Query is empty" if @sql_query.empty?
+    if DENYLIST.any? { |word| @sql_query.downcase.include?(word) }
+      raise InvalidQueryError, "Query contains denied keyword. Denylist: #{DENYLIST.join(', ')}"
+    end
+    begin
+      tree = PgQuery.parse(@sql_query)
+    rescue PgQuery::ParseError => e
+      raise InvalidQueryError, "Invalid SQL syntax: #{e.message}"
+    end
+    if tree.tree.stmts.size > 1
+      raise InvalidQueryError, "Multiple SQL statements are not allowed"
+    end
+    unless tree.tree.stmts.all? { |stmt| stmt.stmt.select_stmt }
+      raise InvalidQueryError, "Only SELECT statements are allowed"
+    end
+    true
+  end
+end

data/lib/rails_pg_extras_mcp/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RailsPgExtrasMcp
-  VERSION = "0.2.4"
+  VERSION = "0.2.6"
 end

data/rails-pg-extras-mcp.gemspec CHANGED Viewed

@@ -18,6 +18,7 @@ Gem::Specification.new do |s|
   s.add_dependency "rails-pg-extras", "~> 5.6.12"
   s.add_dependency "rails"
   s.add_dependency "fast-mcp"
+  s.add_dependency "pg_query"
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec"
   s.add_development_dependency "rufo"

data/spec/smoke_spec.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require "spec_helper"
-require "rails-pg-extras"
+require "rails-pg-extras-mcp"
 describe RailsPgExtrasMcp do
   it "works" do

data/spec/validate_query_spec.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+require "spec_helper"
+require "rails-pg-extras-mcp"
+RSpec.describe ValidateQuery do
+  subject { described_class.new(query) }
+  describe "#call" do
+    context "with a valid SELECT query" do
+      let(:query) { "SELECT * FROM users" }
+      it "returns true" do
+        expect(subject.call).to eq(true)
+      end
+    end
+    context "with nested SELECT statements" do
+      let(:query) { "SELECT * FROM users WHERE id IN (SELECT user_id FROM posts WHERE published = true)" }
+      it "returns true" do
+        expect(subject.call).to eq(true)
+      end
+    end
+    context "with multiple statements" do
+      let(:query) { "SELECT * FROM users; SELECT * FROM posts" }
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /Multiple SQL statements/)
+      end
+    end
+    context "with a denied keyword" do
+      let(:query) { "DROP TABLE users" }
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /denied keyword/)
+      end
+    end
+    context "with a non-SELECT query" do
+      let(:query) { "EXPLAIN SELECT * FROM users" }
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError)
+      end
+    end
+    context "with invalid SQL syntax" do
+      let(:query) { "SELECT FROM WHERE" }
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /Invalid SQL syntax/)
+      end
+    end
+    context "with an empty query" do
+      let(:query) { "   " }
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /Query is empty/)
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails-pg-extras-mcp
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.6
 platform: ruby
 authors:
 - pawurb
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-14 00:00:00.000000000 Z
+date: 2025-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails-pg-extras
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg_query
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -110,11 +124,13 @@ files:
 - README.md
 - Rakefile
 - lib/rails-pg-extras-mcp.rb
+- lib/rails_pg_extras_mcp/validate_query.rb
 - lib/rails_pg_extras_mcp/version.rb
 - pg-extras-mcp.png
 - rails-pg-extras-mcp.gemspec
 - spec/smoke_spec.rb
 - spec/spec_helper.rb
+- spec/validate_query_spec.rb
 homepage: http://github.com/pawurb/rails-pg-extras-mcp
 licenses:
 - MIT
@@ -142,3 +158,4 @@ summary: MCP interface for rails-pg-extras
 test_files:
 - spec/smoke_spec.rb
 - spec/spec_helper.rb
+- spec/validate_query_spec.rb