@bytebase/dbhub 0.21.0 → 0.21.1

package/README.md

@@ -117,4 +117,10 @@ See [Testing](.claude/skills/testing/SKILL.md) and [Debug](https://dbhub.ai/conf
 
 ## Star History
 
-![Star History Chart](https://api.star-history.com/svg?repos=bytebase/dbhub&type=Date)
+<a href="https://www.star-history.com/?repos=bytebase%2Fdbhub&type=date&legend=top-left">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/image?repos=bytebase/dbhub&type=date&theme=dark&legend=top-left" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/image?repos=bytebase/dbhub&type=date&legend=top-left" />
+   <img alt="Star History Chart" src="https://api.star-history.com/image?repos=bytebase/dbhub&type=date&legend=top-left" />
+ </picture>
+</a>

package/dist/{chunk-GRGEI5QT.js → chunk-6JFMPX62.js}

@@ -1,3 +1,6 @@
+import {
+  isDriverNotInstalled
+} from "./chunk-GWPUVYLO.js";
 import {
   ConnectorRegistry,
   SafeURL,
@@ -1314,8 +1317,18 @@ function buildDSNFromSource(source) {
 }
 
 // src/utils/aws-rds-signer.ts
-import { Signer } from "@aws-sdk/rds-signer";
 async function generateRdsAuthToken(params) {
+  let Signer;
+  try {
+    ({ Signer } = await import("@aws-sdk/rds-signer"));
+  } catch (error) {
+    if (isDriverNotInstalled(error, "@aws-sdk/rds-signer")) {
+      throw new Error(
+        'AWS IAM authentication requires the "@aws-sdk/rds-signer" package. Install it with: pnpm add @aws-sdk/rds-signer'
+      );
+    }
+    throw error;
+  }
   const signer = new Signer({
     hostname: params.hostname,
     port: params.port,

package/dist/chunk-GWPUVYLO.js

@@ -0,0 +1,35 @@
+// src/utils/module-loader.ts
+var MISSING_MODULE_RE = /Cannot find (?:package|module) '([^']+)'/;
+function isDriverNotInstalled(err, driver) {
+  if (!(err instanceof Error) || !("code" in err) || err.code !== "ERR_MODULE_NOT_FOUND") {
+    return false;
+  }
+  const match = err.message.match(MISSING_MODULE_RE);
+  if (!match) {
+    return false;
+  }
+  const missingSpecifier = match[1];
+  return missingSpecifier === driver || missingSpecifier.startsWith(`${driver}/`);
+}
+async function loadConnectors(connectorModules) {
+  await Promise.all(
+    connectorModules.map(async ({ load, name, driver }) => {
+      try {
+        await load();
+      } catch (err) {
+        if (isDriverNotInstalled(err, driver)) {
+          console.error(
+            `Skipping ${name} connector: driver package "${driver}" not installed.`
+          );
+        } else {
+          throw err;
+        }
+      }
+    })
+  );
+}
+
+export {
+  isDriverNotInstalled,
+  loadConnectors
+};

package/dist/index.js

@@ -12,7 +12,10 @@ import {
   resolveSourceConfigs,
   resolveTomlConfigPath,
   resolveTransport
-} from "./chunk-GRGEI5QT.js";
+} from "./chunk-6JFMPX62.js";
+import {
+  loadConnectors
+} from "./chunk-GWPUVYLO.js";
 import {
   quoteQualifiedIdentifier
 } from "./chunk-JFWX35TB.js";
@@ -90,20 +93,76 @@ function createToolSuccessResponse(data, meta = {}) {
 
 // src/utils/allowed-keywords.ts
 var allowedKeywords = {
-  postgres: ["select", "with", "explain", "analyze", "show"],
-  mysql: ["select", "with", "explain", "analyze", "show", "describe", "desc"],
-  mariadb: ["select", "with", "explain", "analyze", "show", "describe", "desc"],
-  sqlite: ["select", "with", "explain", "analyze", "pragma"],
+  postgres: ["select", "with", "explain", "show"],
+  mysql: ["select", "with", "explain", "show", "describe", "desc"],
+  mariadb: ["select", "with", "explain", "show", "describe", "desc"],
+  sqlite: ["select", "with", "explain", "pragma"],
   sqlserver: ["select", "with", "explain", "showplan"]
 };
+var mutatingKeywords = [
+  "insert",
+  "update",
+  "delete",
+  "drop",
+  "alter",
+  "create",
+  "truncate",
+  "merge",
+  "grant",
+  "revoke",
+  "rename"
+];
+var mutatingPattern = new RegExp(
+  `\\b(?:${mutatingKeywords.join("|")})\\b`,
+  "i"
+);
+var mutatingPatternWithReplace = new RegExp(
+  `\\b(?:${mutatingKeywords.join("|")}|replace\\s+(?:(?:low_priority|delayed)\\s+)?into)\\b`,
+  "i"
+);
+var mutatingPatterns = {
+  postgres: mutatingPattern,
+  mysql: mutatingPatternWithReplace,
+  mariadb: mutatingPatternWithReplace,
+  sqlite: mutatingPatternWithReplace,
+  sqlserver: mutatingPattern
+};
+var selectIntoPattern = /\bselect\b[\s\S]+\binto\b/i;
+var explainAnalyzePattern = /^explain\s+(?:\([^)]*\banalyze\b(?!\s*(?:=\s*)?(?:false|off|0)\b)[^)]*\)|\banalyze\b(?!\s*(?:=\s*)?(?:false|off|0)\b)(?:\s+verbose\b)?)/i;
 function isReadOnlySQL(sql, connectorType) {
-  const cleanedSQL = stripCommentsAndStrings(sql, connectorType).trim().toLowerCase();
+  return checkReadOnly(
+    stripCommentsAndStrings(sql, connectorType).trim().toLowerCase(),
+    connectorType
+  );
+}
+function checkReadOnly(cleanedSQL, connectorType) {
   if (!cleanedSQL) {
     return false;
   }
-  const firstWord = cleanedSQL.split(/\s+/)[0];
+  const firstWord = cleanedSQL.match(/\S+/)?.[0] ?? "";
   const keywordList = allowedKeywords[connectorType] || [];
-  return keywordList.includes(firstWord);
+  if (!keywordList.includes(firstWord)) {
+    return false;
+  }
+  if (firstWord === "with") {
+    const pattern = mutatingPatterns[connectorType] ?? mutatingPattern;
+    if (pattern.test(cleanedSQL)) {
+      return false;
+    }
+  }
+  if ((firstWord === "select" || firstWord === "with") && selectIntoPattern.test(cleanedSQL)) {
+    return false;
+  }
+  if (firstWord === "explain") {
+    const m = explainAnalyzePattern.exec(cleanedSQL);
+    if (m) {
+      const afterExplain = cleanedSQL.slice(m[0].length).trim();
+      if (afterExplain && !checkReadOnly(afterExplain, connectorType)) {
+        return false;
+      }
+    }
+  }
+  return true;
 }
 
 // src/requests/store.ts
@@ -1362,7 +1421,7 @@ See documentation for more details on configuring database connections.
     const sources = sourceConfigsData.sources;
     console.error(`Configuration source: ${sourceConfigsData.source}`);
     await connectorManager.connectWithSources(sources);
-    const { initializeToolRegistry: initializeToolRegistry2 } = await import("./registry-XSMMLRC4.js");
+    const { initializeToolRegistry: initializeToolRegistry2 } = await import("./registry-I2JQWFDX.js");
     initializeToolRegistry2({
       sources: sourceConfigsData.sources,
       tools: sourceConfigsData.tools
@@ -1488,41 +1547,10 @@ See documentation for more details on configuring database connections.
   }
 }
 
-// src/utils/module-loader.ts
-var MISSING_MODULE_RE = /Cannot find (?:package|module) '([^']+)'/;
-function isDriverNotInstalled(err, driver) {
-  if (!(err instanceof Error) || !("code" in err) || err.code !== "ERR_MODULE_NOT_FOUND") {
-    return false;
-  }
-  const match = err.message.match(MISSING_MODULE_RE);
-  if (!match) {
-    return false;
-  }
-  const missingSpecifier = match[1];
-  return missingSpecifier === driver || missingSpecifier.startsWith(`${driver}/`);
-}
-async function loadConnectors(connectorModules2) {
-  await Promise.all(
-    connectorModules2.map(async ({ load, name, driver }) => {
-      try {
-        await load();
-      } catch (err) {
-        if (isDriverNotInstalled(err, driver)) {
-          console.error(
-            `Skipping ${name} connector: driver package "${driver}" not installed.`
-          );
-        } else {
-          throw err;
-        }
-      }
-    })
-  );
-}
-
 // src/index.ts
 var connectorModules = [
-  { load: () => import("./postgres-B7YSSZMH.js"), name: "PostgreSQL", driver: "pg" },
-  { load: () => import("./sqlserver-FDBRUELV.js"), name: "SQL Server", driver: "mssql" },
+  { load: () => import("./postgres-4PCNQDGV.js"), name: "PostgreSQL", driver: "pg" },
+  { load: () => import("./sqlserver-JBR6X37Z.js"), name: "SQL Server", driver: "mssql" },
   { load: () => import("./sqlite-FSCLCRIH.js"), name: "SQLite", driver: "better-sqlite3" },
   { load: () => import("./mysql-I35IQ2GH.js"), name: "MySQL", driver: "mysql2" },
   { load: () => import("./mariadb-VGTS4WXE.js"), name: "MariaDB", driver: "mariadb" }

package/dist/{postgres-B7YSSZMH.js → postgres-4PCNQDGV.js}

@@ -303,7 +303,7 @@ var PostgresConnector = class _PostgresConnector {
         JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
         WHERE c.relname = $1
         AND n.nspname = $2
-        AND c.relkind IN ('r','p','m','f')
+        AND c.relkind IN ('r','p','m','f','v')
       `,
         [tableName, schemaToUse]
       );

package/dist/{registry-XSMMLRC4.js → registry-I2JQWFDX.js}

@@ -2,7 +2,8 @@ import {
   ToolRegistry,
   getToolRegistry,
   initializeToolRegistry
-} from "./chunk-GRGEI5QT.js";
+} from "./chunk-6JFMPX62.js";
+import "./chunk-GWPUVYLO.js";
 import "./chunk-C7WEAPX4.js";
 export {
   ToolRegistry,

package/dist/{sqlserver-FDBRUELV.js → sqlserver-JBR6X37Z.js}

@@ -1,3 +1,6 @@
+import {
+  isDriverNotInstalled
+} from "./chunk-GWPUVYLO.js";
 import {
   SQLRowLimiter
 } from "./chunk-BRXZ5ZQB.js";
@@ -9,7 +12,6 @@ import {
 
 // src/connectors/sqlserver/index.ts
 import sql from "mssql";
-import { DefaultAzureCredential } from "@azure/identity";
 var SQLServerDSNParser = class {
   async parse(dsn, config) {
     const connectionTimeoutSeconds = config?.connectionTimeoutSeconds;
@@ -74,6 +76,17 @@ Expected: ${expectedFormat}`
       };
       switch (options.authentication) {
         case "azure-active-directory-access-token": {
+          let DefaultAzureCredential;
+          try {
+            ({ DefaultAzureCredential } = await import("@azure/identity"));
+          } catch (importError) {
+            if (isDriverNotInstalled(importError, "@azure/identity")) {
+              throw new Error(
+                'Azure AD authentication requires the "@azure/identity" package. Install it with: pnpm add @azure/identity'
+              );
+            }
+            throw importError;
+          }
           try {
             const credential = new DefaultAzureCredential();
             const token = await credential.getToken("https://database.windows.net/");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bytebase/dbhub",
-  "version": "0.21.0",
+  "version": "0.21.1",
   "mcpName": "io.github.bytebase/dbhub",
   "description": "Minimal, token-efficient Database MCP Server for PostgreSQL, MySQL, SQL Server, SQLite, MariaDB",
   "repository": {
@@ -30,7 +30,8 @@
     "test": "vitest run",
     "test:unit": "vitest run --project unit",
     "test:watch": "vitest",
-    "test:integration": "vitest run --project integration"
+    "test:integration": "vitest run --project integration",
+    "test:build": "node scripts/smoke-test-build.mjs"
   },
   "engines": {
     "node": ">=20"
@@ -39,8 +40,6 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
-    "@aws-sdk/rds-signer": "^3.1001.0",
-    "@azure/identity": "^4.8.0",
     "@iarna/toml": "^2.2.5",
     "@modelcontextprotocol/sdk": "^1.25.1",
     "dotenv": "^16.4.7",
@@ -50,6 +49,8 @@
     "zod": "^3.24.2"
   },
   "optionalDependencies": {
+    "@aws-sdk/rds-signer": "^3.1001.0",
+    "@azure/identity": "^4.8.0",
     "better-sqlite3": "^11.9.0",
     "mariadb": "^3.4.0",
     "mssql": "^11.0.1",