@deepsql/mcp 0.13.4 → 0.14.0

package/src/commands/index-recommendations.test.js

@@ -0,0 +1,323 @@
+"use strict";
+
+const test = require("node:test");
+const assert = require("node:assert/strict");
+
+// Mock api/client.request and the connection resolver before requiring the
+// command module so its captured references point at our stubs.
+const apiClientPath = require.resolve("../api/client");
+const realApiClient = require("../api/client");
+const connectionsPath = require.resolve("./_connections");
+const realConnections = require("./_connections");
+const sessionPath = require.resolve("./_session");
+const realSession = require("./_session");
+
+function withMocks({ request, resolveConnectionId, resolveSession }, fn) {
+  delete require.cache[require.resolve("./index-recommendations")];
+  if (request) {
+    require.cache[apiClientPath] = {
+      ...require.cache[apiClientPath],
+      exports: { ...realApiClient, request },
+    };
+  }
+  if (resolveConnectionId) {
+    require.cache[connectionsPath] = {
+      ...require.cache[connectionsPath],
+      exports: { ...realConnections, resolveConnectionId },
+    };
+  }
+  if (resolveSession) {
+    require.cache[sessionPath] = {
+      ...require.cache[sessionPath],
+      exports: { ...realSession, resolveSession },
+    };
+  }
+  try {
+    const mod = require("./index-recommendations");
+    return fn(mod);
+  } finally {
+    require.cache[apiClientPath].exports = realApiClient;
+    require.cache[connectionsPath].exports = realConnections;
+    require.cache[sessionPath].exports = realSession;
+    delete require.cache[require.resolve("./index-recommendations")];
+  }
+}
+
+function captured() {
+  const out = { stdout: "", stderr: "" };
+  const io = {
+    stdout: { write: (s) => (out.stdout += s) },
+    stderr: { write: (s) => (out.stderr += s) },
+  };
+  return { out, io };
+}
+
+const fakeSession = () => ({ baseUrl: "http://x", token: "t", defaultConnection: null });
+const fakeResolveConnId = async () => "conn-abc";
+
+// ─── `top` ─────────────────────────────────────────────────────────────────
+
+test("top prints workload-weighted summary lines with net-benefit + evidence", async () => {
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      resolveConnectionId: fakeResolveConnId,
+      request: async (baseUrl, path, opts) => {
+        assert.equal(path, "/index-recommendations/conn-abc/top");
+        assert.deepEqual(opts.query, { limit: 5 });
+        return [
+          {
+            id: "rec-1",
+            tableName: "orders",
+            columnNames: "customer_id,status",
+            indexName: "idx_orders_customer_id_status",
+            kind: "CREATE_INDEX",
+            priority: "HIGH",
+            occurrenceCount: 4,
+            netBenefitMs: 4823000,
+            workloadScoreMs: 4823000,
+            writeCostScore: 142000,
+            evidenceCount: 3,
+            reason: "Workload-weighted composite from 3 contributing queries.",
+            hypopgBeforeCost: 1000,
+            hypopgAfterCost: 250,
+            hypopgReductionPct: 75,
+            topEvidence: [
+              { calls: 4500, meanExecTimeMs: 850, totalExecTimeMs: 3825000, role: "WHERE_EQ" },
+            ],
+          },
+        ];
+      },
+    },
+    async (mod) => {
+      const { out, io } = captured();
+      await mod.run({ positional: ["top"], connection: "mylocalpg" }, io);
+      assert.match(out.stdout, /\[CREATE\] orders\(customer_id,status\)/);
+      assert.match(out.stdout, /seen 4×/);
+      assert.match(out.stdout, /net=1\.3h saved/);
+      assert.match(out.stdout, /HypoPG cost: 1000 → 250 \(−75\.0%\)/);
+      assert.match(out.stdout, /id: rec-1/);
+      assert.match(out.stdout, /top evidence: 4500 calls/);
+    }
+  );
+});
+
+test("top renders an empty-state message when no recommendations exist", async () => {
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      resolveConnectionId: fakeResolveConnId,
+      request: async () => [],
+    },
+    async (mod) => {
+      const { out, io } = captured();
+      await mod.run({ positional: ["top"], connection: "mylocalpg" }, io);
+      assert.match(out.stdout, /No pending index recommendations/);
+      assert.match(out.stdout, /index-recommendations refresh/);
+    }
+  );
+});
+
+test("top respects --limit and clamps to the [1, 50] range", async () => {
+  let captured_limit = null;
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      resolveConnectionId: fakeResolveConnId,
+      request: async (_, __, opts) => {
+        captured_limit = opts.query.limit;
+        return [];
+      },
+    },
+    async (mod) => {
+      const { io } = captured();
+      await mod.run({ positional: ["top"], connection: "c", limit: 999 }, io);
+      assert.equal(captured_limit, 50);
+      await mod.run({ positional: ["top"], connection: "c", limit: 0 }, io);
+      assert.equal(captured_limit, 1);
+      await mod.run({ positional: ["top"], connection: "c", limit: 10 }, io);
+      assert.equal(captured_limit, 10);
+    }
+  );
+});
+
+test("top --json passes through the raw payload", async () => {
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      resolveConnectionId: fakeResolveConnId,
+      request: async () => [{ id: "rec-1", tableName: "orders" }],
+    },
+    async (mod) => {
+      const { out, io } = captured();
+      await mod.run({ positional: ["top"], connection: "c", json: true }, io);
+      const parsed = JSON.parse(out.stdout);
+      assert.equal(parsed[0].id, "rec-1");
+    }
+  );
+});
+
+// ─── `apply` safety guard ──────────────────────────────────────────────────
+
+test("apply with mode=apply but no --confirm refuses up-front (no API call)", async () => {
+  let called = false;
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      request: async () => {
+        called = true;
+        return {};
+      },
+    },
+    async (mod) => {
+      const { io } = captured();
+      await assert.rejects(
+        () => mod.run({ positional: ["apply", "rec-1"], mode: "apply" }, io),
+        /Re-run with --confirm/
+      );
+      assert.equal(called, false, "API should not be hit without --confirm");
+    }
+  );
+});
+
+test("apply DRY_RUN does not require --confirm and surfaces planner-cost delta", async () => {
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      request: async (_, path, opts) => {
+        assert.equal(path, "/index-recommendations/rec-1/apply");
+        assert.equal(opts.method, "POST");
+        assert.deepEqual(opts.query, { mode: "DRY_RUN", confirm: false, concurrent: true });
+        return {
+          recommendationId: "rec-1",
+          executedDdl: "CREATE INDEX idx_o_status ON orders (status);",
+          mode: "DRY_RUN",
+          status: "OK",
+          beforeCost: 1000,
+          afterCost: 250,
+          costReductionPct: 75,
+          samples: [
+            { fingerprint: "abc123def456", beforeCost: 1000, afterCost: 250 },
+          ],
+          message: "DRY_RUN complete — planner cost −75.0% (1000 → 250)",
+        };
+      },
+    },
+    async (mod) => {
+      const { out, io } = captured();
+      await mod.run({ positional: ["apply", "rec-1"], mode: "dry-run" }, io);
+      assert.match(out.stdout, /\[DRY_RUN\] OK/);
+      assert.match(out.stdout, /planner cost: 1000 → 250 \(−75\.0%\)/);
+      assert.match(out.stdout, /fp=abc123def456 cost 1000 → 250/);
+    }
+  );
+});
+
+test("apply --no-concurrent passes concurrent=false to the backend", async () => {
+  let captured_query = null;
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      request: async (_, __, opts) => {
+        captured_query = opts.query;
+        return { mode: "APPLY", status: "OK", executedDdl: "CREATE INDEX …" };
+      },
+    },
+    async (mod) => {
+      const { io } = captured();
+      await mod.run(
+        {
+          positional: ["apply", "rec-1"],
+          mode: "apply",
+          confirm: true,
+          noConcurrent: true,
+        },
+        io
+      );
+      assert.deepEqual(captured_query, { mode: "APPLY", confirm: true, concurrent: false });
+    }
+  );
+});
+
+test("apply rejects unknown modes early", async () => {
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      request: async () => {
+        throw new Error("API should not be called");
+      },
+    },
+    async (mod) => {
+      const { io } = captured();
+      await assert.rejects(
+        () => mod.run({ positional: ["apply", "rec-1"], mode: "bogus" }, io),
+        /Unknown mode/
+      );
+    }
+  );
+});
+
+// ─── refresh / dismiss ─────────────────────────────────────────────────────
+
+test("refresh POSTs to /generate and surfaces the count", async () => {
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      resolveConnectionId: fakeResolveConnId,
+      request: async (_, path, opts) => {
+        assert.equal(path, "/index-recommendations/generate/conn-abc");
+        assert.equal(opts.method, "POST");
+        return { success: true, count: 12, message: "Generated 12 index recommendations" };
+      },
+    },
+    async (mod) => {
+      const { out, io } = captured();
+      await mod.run({ positional: ["refresh"], connection: "mylocalpg" }, io);
+      assert.match(out.stdout, /Refresh complete: 12 candidate/);
+    }
+  );
+});
+
+test("dismiss issues PUT /{id}/dismiss", async () => {
+  let called_path = null;
+  let called_method = null;
+  await withMocks(
+    {
+      resolveSession: fakeSession,
+      request: async (_, path, opts) => {
+        called_path = path;
+        called_method = opts.method;
+        return {};
+      },
+    },
+    async (mod) => {
+      const { out, io } = captured();
+      await mod.run({ positional: ["dismiss", "rec-9"] }, io);
+      assert.equal(called_path, "/index-recommendations/rec-9/dismiss");
+      assert.equal(called_method, "PUT");
+      assert.match(out.stdout, /Dismissed recommendation rec-9/);
+    }
+  );
+});
+
+// ─── usage errors ──────────────────────────────────────────────────────────
+
+test("run with no subcommand prints usage error", async () => {
+  await withMocks({ resolveSession: fakeSession }, async (mod) => {
+    const { io } = captured();
+    await assert.rejects(
+      () => mod.run({ positional: [] }, io),
+      /Usage: deepsql index-recommendations/
+    );
+  });
+});
+
+test("run with unknown subcommand throws clearly", async () => {
+  await withMocks({ resolveSession: fakeSession }, async (mod) => {
+    const { io } = captured();
+    await assert.rejects(
+      () => mod.run({ positional: ["bogus"] }, io),
+      /Unknown index-recommendations subcommand: bogus/
+    );
+  });
+});

package/src/commands/login.js

@@ -11,6 +11,50 @@ function defaultClientLabel() {
   return `deepsql-cli@${process.versions.node}`;
 }
 
+/**
+ * Resolve which DeepSQL URL `deepsql login` should target. Self-hosted
+ * safety property: we never silently pick "the URL the user happens to
+ * have logged into first" when their machine has multiple profiles.
+ *
+ * Rules:
+ *   --url given      → use it (always wins).
+ *   0 saved profiles → error, ask for --url with a concrete example.
+ *   1 saved profile  → use it, print which one so the user can ^C if it's
+ *                      not what they meant.
+ *   ≥ 2 profiles     → error, list them, require --url. This is the case
+ *                      that bit a user testing against multiple hosts —
+ *                      bare `deepsql login` used to keep returning to
+ *                      whichever URL was logged into FIRST, regardless
+ *                      of which one the user actually wanted.
+ *
+ * Exported for tests.
+ */
+function resolveLoginBaseUrl(opts, { stderr = process.stderr } = {}) {
+  if (opts.url) {
+    return store.normalizeBaseUrl(opts.url);
+  }
+  const state = store.listProfiles();
+  const urls = Object.keys(state.profiles || {});
+  if (urls.length === 0) {
+    throw new Error(
+      "No saved DeepSQL profile yet. Pass --url <https://your-deepsql-host> "
+      + "with your own DeepSQL host (e.g. `deepsql login --url https://deepsql.acme.com`).",
+    );
+  }
+  if (urls.length === 1) {
+    const only = urls[0];
+    stderr.write(
+      `[deepsql] Using saved profile: ${only}. Pass --url to log in against a different host.\n`,
+    );
+    return only;
+  }
+  // Multiple profiles — refuse to guess. List them so the user can pick.
+  throw new Error(
+    `Multiple saved DeepSQL profiles. Pass --url <host> to choose one:\n  - ${urls.join("\n  - ")}\n`
+    + `Or run \`deepsql config set-default <url>\` to pin one as the default for future logins.`,
+  );
+}
+
 function pickFlow(opts) {
   // Explicit user choice wins.
   if (opts.password) return "password";
@@ -23,12 +67,7 @@ function pickFlow(opts) {
 }
 
 async function run(opts, { stderr = process.stderr, stdout = process.stdout } = {}) {
-  const baseUrl = opts.url ? store.normalizeBaseUrl(opts.url) : store.defaultBaseUrl();
-  if (!baseUrl) {
-    throw new Error(
-      "Pass --url <https://your-deepsql> on first login (no default profile is saved yet).",
-    );
-  }
+  const baseUrl = resolveLoginBaseUrl(opts, { stderr });
   const hostname = os.hostname();
   const label = opts.label || defaultClientLabel();
   const flow = pickFlow(opts);
@@ -78,4 +117,4 @@ async function run(opts, { stderr = process.stderr, stdout = process.stdout } =
   stdout.write(`Token saved to ${store.authFilePath()}\n`);
 }
 
-module.exports = { run };
+module.exports = { run, resolveLoginBaseUrl };

package/src/commands/login.test.js

@@ -0,0 +1,111 @@
+"use strict";
+
+const test = require("node:test");
+const assert = require("node:assert/strict");
+
+// Stub the auth/store module before requiring login so login picks up
+// our fake. Each test rebuilds the stub with the profile shape it wants.
+function withStubbedStore(profiles, fn) {
+  const storeKey = require.resolve("../auth/store");
+  const loginKey = require.resolve("./login");
+  delete require.cache[storeKey];
+  delete require.cache[loginKey];
+  require.cache[storeKey] = {
+    id: storeKey,
+    filename: storeKey,
+    loaded: true,
+    exports: {
+      normalizeBaseUrl: (url) => url.endsWith("/") ? url : `${url}/`,
+      listProfiles: () => ({ profiles, default: Object.keys(profiles)[0] || null }),
+      // Other fns aren't used by resolveLoginBaseUrl. Stub them just so
+      // the require() in login.js doesn't blow up.
+      defaultBaseUrl: () => null,
+      getProfile: () => null,
+      setProfile: () => {},
+    },
+  };
+  const { resolveLoginBaseUrl } = require("./login");
+  try {
+    return fn(resolveLoginBaseUrl);
+  } finally {
+    delete require.cache[storeKey];
+    delete require.cache[loginKey];
+  }
+}
+
+function captureStderr() {
+  let buf = "";
+  return { write: (s) => { buf += s; }, get: () => buf };
+}
+
+// ─── --url always wins ────────────────────────────────────────────────────
+
+test("login --url wins regardless of saved profiles", () => {
+  withStubbedStore(
+    { "https://existing.example.com/": { token: "t" } },
+    (resolve) => {
+      const stderr = captureStderr();
+      const url = resolve({ url: "https://customer-fresh.example.com" }, { stderr });
+      assert.equal(url, "https://customer-fresh.example.com/");
+      assert.equal(stderr.get(), "", "no chatty hint when user passed --url explicitly");
+    },
+  );
+});
+
+// ─── 0 profiles: clean error with self-host example ───────────────────────
+
+test("login with no --url and no saved profiles errors with a self-host-friendly hint", () => {
+  withStubbedStore({}, (resolve) => {
+    assert.throws(
+      () => resolve({}, { stderr: captureStderr() }),
+      /Pass --url <https:\/\/your-deepsql-host>.*deepsql\.acme\.com/s,
+    );
+  });
+});
+
+// ─── exactly 1 profile: use it, but announce which one ───────────────────
+
+test("login with no --url and one saved profile uses it AND announces it on stderr", () => {
+  withStubbedStore(
+    { "https://customer.example.com/": { token: "t" } },
+    (resolve) => {
+      const stderr = captureStderr();
+      const url = resolve({}, { stderr });
+      assert.equal(url, "https://customer.example.com/");
+      const hint = stderr.get();
+      assert.match(hint, /Using saved profile: https:\/\/customer\.example\.com\//);
+      assert.match(hint, /Pass --url to log in against a different host/);
+    },
+  );
+});
+
+// ─── ≥ 2 profiles: refuse to guess (the regression we're fixing) ─────────
+
+test("login with no --url and multiple profiles refuses to guess — lists them and requires --url", () => {
+  // This is the scenario that bit the user: they logged into our hosted
+  // demo (deepsql.stayflexi.com) AND their self-hosted instance, and bare
+  // `deepsql login` kept defaulting to whichever was logged in first.
+  // After this fix, the CLI lists both and requires --url.
+  withStubbedStore(
+    {
+      "https://deepsql.stayflexi.com/": { token: "t1" },
+      "https://customer.example.com/":  { token: "t2" },
+    },
+    (resolve) => {
+      let thrown;
+      try {
+        resolve({}, { stderr: captureStderr() });
+      } catch (err) {
+        thrown = err;
+      }
+      assert.ok(thrown, "must throw when multiple profiles exist");
+      assert.match(thrown.message, /Multiple saved DeepSQL profiles/);
+      assert.match(thrown.message, /Pass --url <host> to choose one/);
+      // Both URLs must be listed so the user can pick.
+      assert.match(thrown.message, /https:\/\/deepsql\.stayflexi\.com\//);
+      assert.match(thrown.message, /https:\/\/customer\.example\.com\//);
+      // And we point them at config set-default for pinning.
+      assert.match(thrown.message, /deepsql config set-default/);
+    },
+  );
+});