@deepsql/mcp 0.8.0 → 0.10.1

package/src/auth/store.test.js

@@ -63,6 +63,28 @@ test("auth file is written with mode 0600", { skip: process.platform === "win32"
   });
 });
 
+test("setDefaultConnection round-trips and clearing it removes the field", () => {
+  withTempStore((store) => {
+    store.setProfile("http://x", { token: "t", username: "a" });
+    assert.equal(store.getDefaultConnection("http://x"), null);
+
+    store.setDefaultConnection("http://x", "prod-replica");
+    assert.equal(store.getDefaultConnection("http://x"), "prod-replica");
+
+    store.setDefaultConnection("http://x", null);
+    assert.equal(store.getDefaultConnection("http://x"), null);
+  });
+});
+
+test("setDefaultConnection refuses to write when the profile doesn't exist", () => {
+  withTempStore((store) => {
+    assert.throws(
+      () => store.setDefaultConnection("http://no-such-profile", "x"),
+      /No profile saved/,
+    );
+  });
+});
+
 test("rejects loose perms unless DEEPSQL_INSECURE_AUTH=1", { skip: process.platform === "win32" }, () => {
   withTempStore((store, dir) => {
     store.setProfile("http://localhost:8080", { token: "t", username: "a" });

package/src/cli.js

@@ -60,7 +60,31 @@ Commands:
   config set-default <url>        Set the default profile.
   config path                     Print the auth file path.
   mcp                             Run the stdio MCP server using the saved token.
-  connections list [--json]       List database connections.
+  connections list [--json]       List database connections (active default
+                                  is marked with \`*\`).
+  connections use <name>          Pin <name> as the active default; commands
+                                  drop --connection from then on.
+  connections current             Print the active default (exit 1 if none).
+  connections unset               Clear the active default for this profile.
+  connections schema [--json]     Print the JSON Schema for the connection
+                                  config (the input format for \`add\`).
+  connections add [--from-file <p>] [--from-stdin] [--upsert] [--no-test]
+                  [--wait] [--delete-after] [--cloud]
+                  [--allow-plaintext-secrets]
+                                  Create a connection. Default is interactive
+                                  prompts; use --from-file for AI-agent flows.
+  connections update <name> --from-file <p>
+                                  PATCH-style update; omitted secrets are
+                                  preserved.
+  connections remove <name> [--yes]
+                                  Delete a connection (DELETE /connections).
+  connections test [<name> | --from-file <p>]
+                                  Validate a connection without saving.
+                                  Prints the privilege report.
+  connections show <name> [--json]
+                                  Show a connection's config (secrets masked).
+  connections init <name> [--force] [--wait]
+                                  Trigger brain re-initialization.
   query "<sql>" --connection <name> [--limit <n>] [--timeout-seconds <n>] [--file <path>] [--json]
                                   Run a read-only SQL statement. Enforced
                                   read-only at the backend (parser-level) and
@@ -127,10 +151,12 @@ Admin commands (require ADMIN role on the calling token):
                                   and are NOT touched by this wizard.
 
 Global options:
-  --url <url>     Override the DeepSQL base URL.
-  --token <tok>   Override the auth token (also: DEEPSQL_AUTH_TOKEN).
-  -h, --help      Show help.
-  -v, --version   Show version.
+  --url <url>           Override the DeepSQL base URL.
+  --token <tok>         Override the auth token (also: DEEPSQL_AUTH_TOKEN).
+  --connection <name>   Override the active connection (also: DEEPSQL_CONNECTION,
+                        or pin one with \`deepsql connections use <name>\`).
+  -h, --help            Show help.
+  -v, --version         Show version.
 `;
 
 function parseArgs(argv) {
@@ -229,6 +255,15 @@ function buildOpts(parsed) {
     skipComplete: !!f.skipComplete,
     // Confirmations
     yes: !!f.yes || !!f.y,
+    // Connection management
+    fromFile: f.fromFile || null,
+    fromStdin: !!f.fromStdin,
+    upsert: !!f.upsert,
+    noTest: !!f.noTest,
+    wait: !!f.wait,
+    deleteAfter: !!f.deleteAfter,
+    cloud: !!f.cloud,
+    allowPlaintextSecrets: !!f.allowPlaintextSecrets,
   };
 }
 

package/src/commands/_connections.js

@@ -29,11 +29,34 @@ async function listConnections(session) {
   return cachedList;
 }
 
+/**
+ * Resolution chain for the connection a command should hit:
+ *
+ *   1. explicit `input` argument (i.e. opts.connection from --connection flag)
+ *   2. DEEPSQL_CONNECTION env var
+ *   3. session.defaultConnection (set via `deepsql connections use <name>`)
+ *
+ * If none of those produce a value, throw a friendly message that points the
+ * user at all three escape hatches.
+ */
 async function resolveConnectionId(session, input) {
-  if (!input || typeof input !== "string") {
-    throw new Error("Pass a connection name or id with --connection.");
+  let raw = input;
+  let source = "--connection";
+  if (raw == null || raw === "") {
+    raw = process.env.DEEPSQL_CONNECTION || null;
+    source = "DEEPSQL_CONNECTION";
+  }
+  if (raw == null || raw === "") {
+    raw = session && session.defaultConnection ? session.defaultConnection : null;
+    source = "saved default";
+  }
+  if (!raw || typeof raw !== "string") {
+    throw new Error(
+      "No connection specified. Pass --connection <name>, set DEEPSQL_CONNECTION, " +
+        "or run `deepsql connections use <name>` to pin a default.",
+    );
   }
-  const trimmed = input.trim();
+  const trimmed = raw.trim();
   if (UUID_RE.test(trimmed)) return trimmed;
 
   const connections = await listConnections(session);

package/src/commands/_connections.test.js

@@ -66,9 +66,26 @@ test("throws a useful error listing available names when no match", async () =>
   });
 });
 
-test("requires non-empty input", async () => {
-  await withMockedRequest([], async ({ resolveConnectionId }) => {
-    await assert.rejects(() => resolveConnectionId(session, ""), /connection name/);
-    await assert.rejects(() => resolveConnectionId(session, null), /connection name/);
+test("falls back through env and saved default before erroring", async () => {
+  const connections = [{ id: "id-default", connectionName: "saved" }];
+  await withMockedRequest(connections, async ({ resolveConnectionId }) => {
+    // No flag, no env, no saved default → error mentioning all three escape hatches.
+    delete process.env.DEEPSQL_CONNECTION;
+    await assert.rejects(
+      () => resolveConnectionId({ baseUrl: "http://x", token: "t" }, ""),
+      /No connection specified.*--connection.*DEEPSQL_CONNECTION.*connections use/s,
+    );
+
+    // DEEPSQL_CONNECTION is consulted next.
+    process.env.DEEPSQL_CONNECTION = "saved";
+    try {
+      assert.equal(await resolveConnectionId({ baseUrl: "http://x", token: "t" }, ""), "id-default");
+    } finally {
+      delete process.env.DEEPSQL_CONNECTION;
+    }
+
+    // Otherwise, the session's defaultConnection is the final fallback.
+    const session = { baseUrl: "http://x", token: "t", defaultConnection: "saved" };
+    assert.equal(await resolveConnectionId(session, null), "id-default");
   });
 });

package/src/commands/_session.js

@@ -31,7 +31,10 @@ function resolveSession(opts = {}) {
   if (!token) {
     throw new Error(`No auth token for ${baseUrl}. Run \`deepsql login --url ${baseUrl}\`.`);
   }
-  return { baseUrl, token, profile };
+  // Surface the saved active connection so the connection resolver can fall
+  // back to it when --connection isn't passed. Set via `deepsql connections use`.
+  const defaultConnection = profile?.defaultConnection || null;
+  return { baseUrl, token, profile, defaultConnection };
 }
 
 function stripApiSuffix(url) {

package/src/commands/access.js

@@ -94,7 +94,6 @@ async function cmdList(opts, { stdout = process.stdout } = {}) {
 
 async function cmdGrant(opts, { stdout = process.stdout } = {}) {
   if (!opts.user) throw new Error("--user <ref> is required.");
-  if (!opts.connection) throw new Error("--connection <name> is required.");
   const level = (opts.level || "READ").toUpperCase();
   if (!["READ", "WRITE", "ADMIN"].includes(level)) {
     throw new Error(`Invalid --level "${level}". Pick read, write, or admin.`);
@@ -122,7 +121,6 @@ async function cmdGrant(opts, { stdout = process.stdout } = {}) {
 
 async function cmdRevoke(opts, { stdout = process.stdout } = {}) {
   if (!opts.user) throw new Error("--user <ref> is required.");
-  if (!opts.connection) throw new Error("--connection <name> is required.");
 
   const session = resolveSession(opts);
   const user = await resolveUser(session, opts.user);

package/src/commands/admin.test.js

@@ -133,3 +133,40 @@ test("--password=secret keeps the string value (still truthy)", () => {
   const o = opts(["--password=secret"]);
   assert.equal(o.password, "secret");
 });
+
+// connections add/test flags ----------------------------------------------
+
+test("connections add --from-file with --upsert/--no-test/--wait/--delete-after", () => {
+  const o = opts([
+    "add",
+    "--from-file",
+    "/tmp/conn.json",
+    "--upsert",
+    "--no-test",
+    "--wait",
+    "--delete-after",
+  ]);
+  assert.equal(o.fromFile, "/tmp/conn.json");
+  assert.equal(o.upsert, true);
+  assert.equal(o.noTest, true);
+  assert.equal(o.wait, true);
+  assert.equal(o.deleteAfter, true);
+});
+
+test("connections add --from-stdin + --allow-plaintext-secrets", () => {
+  const o = opts(["add", "--from-stdin", "--allow-plaintext-secrets"]);
+  assert.equal(o.fromStdin, true);
+  assert.equal(o.allowPlaintextSecrets, true);
+});
+
+test("connections add --cloud triggers cloud-prompt path", () => {
+  const o = opts(["add", "--cloud"]);
+  assert.equal(o.cloud, true);
+});
+
+test("connections init <name> --force --wait", () => {
+  const o = opts(["init", "prod", "--force", "--wait"]);
+  assert.deepEqual(o.positional, ["init", "prod"]);
+  assert.equal(o.force, true);
+  assert.equal(o.wait, true);
+});

package/src/commands/anti-patterns.js

@@ -13,7 +13,6 @@ const { resolveSession } = require("./_session");
 const { resolveConnectionId } = require("./_connections");
 
 async function run(opts, { stdout = process.stdout } = {}) {
-  if (!opts.connection) throw new Error("--connection <name> is required.");
 
   const session = resolveSession(opts);
   const connectionId = await resolveConnectionId(session, opts.connection);

package/src/commands/brain-context.js

@@ -23,7 +23,6 @@ async function run(opts, { stdout = process.stdout } = {}) {
       'Pass a question: `deepsql brain-context "which tables hold customer orders?" --connection <name>`.',
     );
   }
-  if (!opts.connection) throw new Error("--connection <name> is required.");
 
   const session = resolveSession(opts);
   const connectionId = await resolveConnectionId(session, opts.connection);
@@ -49,16 +48,36 @@ async function run(opts, { stdout = process.stdout } = {}) {
     return;
   }
 
-  // Default: print the most useful field directly so it can be piped into
-  // a coding agent. /context returns trainingContext (text); /retrieve
-  // returns ranked results — fall back to JSON for the latter.
-  if (response && typeof response === "object" && response.trainingContext) {
+  // Default: print the most useful fields directly so output can be piped
+  // into a coding agent. /context returns one or more of:
+  //   - trainingContext (the rich, prompt-ready RAG block)
+  //   - companyKnowledgeContext (workspace hints — populated even when the
+  //     pipeline detects a "simple_schema_question" and skips RAG)
+  //   - ragTableNames, retrievalIntent, resultCount, etc. (diagnostic)
+  // /retrieve (--top-k) returns ranked snippets — fall back to JSON for that.
+  const isContextPayload =
+    response &&
+    typeof response === "object" &&
+    ("trainingContext" in response ||
+      "companyKnowledgeContext" in response ||
+      "skipped" in response);
+
+  if (isContextPayload) {
     if (response.skipped) {
-      stdout.write(`# (skipped: ${response.skipReason || "n/a"})\n`);
+      stdout.write(`# (retrieval skipped: ${response.skipReason || "n/a"})\n\n`);
+    }
+    if (response.trainingContext) {
+      stdout.write(`${response.trainingContext}\n`);
     }
-    stdout.write(`${response.trainingContext}\n`);
     if (response.companyKnowledgeContext) {
-      stdout.write(`\n# Company knowledge\n${response.companyKnowledgeContext}\n`);
+      stdout.write(
+        `${response.trainingContext ? "\n" : ""}${response.companyKnowledgeContext}\n`,
+      );
+    }
+    if (!response.trainingContext && !response.companyKnowledgeContext) {
+      stdout.write(
+        "(no retrieval results — pass --top-k <n> to fetch ranked snippets, or `--json` for the full payload)\n",
+      );
     }
     return;
   }

package/src/commands/business-rules.js

@@ -12,7 +12,6 @@ const { resolveSession } = require("./_session");
 const { resolveConnectionId } = require("./_connections");
 
 async function run(opts, { stdout = process.stdout } = {}) {
-  if (!opts.connection) throw new Error("--connection <name> is required.");
 
   const session = resolveSession(opts);
   const connectionId = await resolveConnectionId(session, opts.connection);