rails-pg-extras-mcp 0.2.5 → 0.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b4509d036ac44d7408f298e5809c97517b938a17b767b495ecc49a6829030dd
-  data.tar.gz: 4de56739fdb9f9a55246468c49389dd797a48f44fa140fd7928fbe0d67525701
+  metadata.gz: 1b7ef071e268c78304c699be7ffef21a2797bff1eac7d16223b8383b7112d755
+  data.tar.gz: fb974d7e4ce85b429c8a7b29cbf4c1a2425132afd326a81bc3500d5577c4db81
 SHA512:
-  metadata.gz: 748259151e1174a0352136ae9168978b19beea269cae6fb56b72e4afd9a8f07e818394174f26b14e1737f6e4c461de8aa2fa527c476b61f7a0178ab1074d772a
-  data.tar.gz: 0e4ca375b7e0366cc2a3b08c10915576de3fe97b5fbf5f8ebb545e153ce14298a7d38adb6e6da0c69e1b3aa5056991d343678ebeeb75b52558ecb8566137bfa3
+  metadata.gz: 3ad442345f1c4879c0310ebe6f0fbc6f3c431176bfd146fb86cda194f50b34a89599c202d5683cf27a52e5a4e0dac9db76ad08d8a1decb5d97ebce68b91adc57
+  data.tar.gz: 22e94431fdad9ba2f87a37ab3741592f8ff3074b254c9e09052a9f2f2a6a0fee463f89afe981fb5777aa745ffe3d1a3b9ba9a2d3d56bfae94fff69c0c199b831

data/lib/rails-pg-extras-mcp.rb

@@ -5,6 +5,7 @@ require "rack"
 require "ruby-pg-extras"
 require "rails-pg-extras"
 require "rails_pg_extras_mcp/version"
+require "rails_pg_extras_mcp/validate_query"
 
 SKIP_QUERIES = %i[
   add_extensions
@@ -65,28 +66,9 @@ class DiagnoseTool < FastMcp::Tool
 end
 
 class ExplainBaseTool < FastMcp::Tool
-  DENYLIST = %w[
-    delete,
-    insert,
-    update,
-    truncate,
-    drop,
-    alter,
-    create,
-    grant,
-    begin,
-    commit
-  ]
-
-  def call(sql_query:)
+  def call(sql_query: nil)
     connection = RailsPgExtras.connection
 
-    if DENYLIST.any? { |deny| sql_query.downcase.include?(deny) }
-      raise "This query is not allowed. It contains a denied keyword. Denylist: #{DENYLIST.join(", ")}"
-    end
-
-    # Prevent multiple queries in one request
-    sql_query = sql_query.gsub(/;/, "")
 
     connection.execute("BEGIN;")
     begin
@@ -112,8 +94,14 @@ class ExplainTool < ExplainBaseTool
   end
 
   def call(sql_query:)
-    if sql_query.downcase.include?("analyze")
-      raise "This query is not allowed. It contains a denied ANALYZE keyword."
+    if sql_query.to_s.empty?
+      return "sql_query param is required"
+    end  
+
+    begin
+      ValidateQuery.new(sql_query).call
+    rescue ValidateQuery::InvalidQueryError => e
+      return e.message
     end
 
     super(sql_query: "EXPLAIN #{sql_query}")
@@ -132,6 +120,16 @@ class ExplainAnalyzeTool < ExplainBaseTool
   end
 
   def call(sql_query:)
+    if sql_query.to_s.empty?
+      return "sql_query param is required"
+    end  
+
+    begin
+      ValidateQuery.new(sql_query).call
+    rescue ValidateQuery::InvalidQueryError => e
+      return e.message
+    end
+
     super(sql_query: "EXPLAIN ANALYZE #{sql_query}")
   end
 end
@@ -144,6 +142,10 @@ class IndexInfoTool < FastMcp::Tool
   end
 
   def call(table_name:)
+    if table_name.to_s.empty?
+      return "table_name param is required"
+    end  
+
     RailsPgExtras.index_info(args: { table_name: table_name }, in_format: :hash)
   end
 
@@ -160,6 +162,10 @@ class TableInfoTool < FastMcp::Tool
   end
 
   def call(table_name:)
+    if table_name.to_s.empty?
+      return "table_name param is required"
+    end  
+
     RailsPgExtras.table_info(args: { table_name: table_name }, in_format: :hash)
   end
 

data/lib/rails_pg_extras_mcp/validate_query.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'pg_query'
+
+class ValidateQuery
+  InvalidQueryError = Class.new(StandardError)
+
+  DENYLIST = %w[
+    delete
+    insert
+    update
+    truncate
+    drop
+    alter
+    create
+    grant
+    begin
+    commit
+    explain
+    analyze
+  ].freeze
+
+  def initialize(sql_query)
+    @sql_query = sql_query.to_s.strip
+  end
+
+  def call
+    raise InvalidQueryError, "Query is empty" if @sql_query.empty?
+
+    if DENYLIST.any? { |word| @sql_query.downcase.include?(word) }
+      raise InvalidQueryError, "Query contains denied keyword. Denylist: #{DENYLIST.join(', ')}"
+    end
+
+    begin
+      tree = PgQuery.parse(@sql_query)
+    rescue PgQuery::ParseError => e
+      raise InvalidQueryError, "Invalid SQL syntax: #{e.message}"
+    end
+
+    if tree.tree.stmts.size > 1
+      raise InvalidQueryError, "Multiple SQL statements are not allowed"
+    end
+
+    unless tree.tree.stmts.all? { |stmt| stmt.stmt.select_stmt }
+      raise InvalidQueryError, "Only SELECT statements are allowed"
+    end
+
+    true
+  end
+end

data/lib/rails_pg_extras_mcp/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsPgExtrasMcp
-  VERSION = "0.2.5"
+  VERSION = "0.2.6"
 end

data/rails-pg-extras-mcp.gemspec

@@ -18,6 +18,7 @@ Gem::Specification.new do |s|
   s.add_dependency "rails-pg-extras", "~> 5.6.12"
   s.add_dependency "rails"
   s.add_dependency "fast-mcp"
+  s.add_dependency "pg_query"
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec"
   s.add_development_dependency "rufo"

data/spec/smoke_spec.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "spec_helper"
-require "rails-pg-extras"
+require "rails-pg-extras-mcp"
 
 describe RailsPgExtrasMcp do
   it "works" do

data/spec/validate_query_spec.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+require "rails-pg-extras-mcp"
+
+RSpec.describe ValidateQuery do
+  subject { described_class.new(query) }
+
+  describe "#call" do
+    context "with a valid SELECT query" do
+      let(:query) { "SELECT * FROM users" }
+
+      it "returns true" do
+        expect(subject.call).to eq(true)
+      end
+    end
+
+    context "with nested SELECT statements" do
+      let(:query) { "SELECT * FROM users WHERE id IN (SELECT user_id FROM posts WHERE published = true)" }
+
+      it "returns true" do
+        expect(subject.call).to eq(true)
+      end
+    end
+
+    context "with multiple statements" do
+      let(:query) { "SELECT * FROM users; SELECT * FROM posts" }
+
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /Multiple SQL statements/)
+      end
+    end
+
+    context "with a denied keyword" do
+      let(:query) { "DROP TABLE users" }
+
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /denied keyword/)
+      end
+    end
+
+    context "with a non-SELECT query" do
+      let(:query) { "EXPLAIN SELECT * FROM users" }
+
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError)
+      end
+    end
+
+    context "with invalid SQL syntax" do
+      let(:query) { "SELECT FROM WHERE" }
+
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /Invalid SQL syntax/)
+      end
+    end
+
+    context "with an empty query" do
+      let(:query) { "   " }
+
+      it "raises an error" do
+        expect { subject.call }.to raise_error(ValidateQuery::InvalidQueryError, /Query is empty/)
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails-pg-extras-mcp
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.2.6
 platform: ruby
 authors:
 - pawurb
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-20 00:00:00.000000000 Z
+date: 2025-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails-pg-extras
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg_query
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -110,11 +124,13 @@ files:
 - README.md
 - Rakefile
 - lib/rails-pg-extras-mcp.rb
+- lib/rails_pg_extras_mcp/validate_query.rb
 - lib/rails_pg_extras_mcp/version.rb
 - pg-extras-mcp.png
 - rails-pg-extras-mcp.gemspec
 - spec/smoke_spec.rb
 - spec/spec_helper.rb
+- spec/validate_query_spec.rb
 homepage: http://github.com/pawurb/rails-pg-extras-mcp
 licenses:
 - MIT
@@ -142,3 +158,4 @@ summary: MCP interface for rails-pg-extras
 test_files:
 - spec/smoke_spec.rb
 - spec/spec_helper.rb
+- spec/validate_query_spec.rb