@hienlh/ppm 0.6.3 → 0.6.4

package/src/server/routes/database.ts

@@ -0,0 +1,259 @@
+import { Hono } from "hono";
+import {
+  getConnections, getConnectionById, insertConnection, updateConnection, deleteConnection,
+  type ConnectionConfig, type ConnectionRow,
+} from "../../services/db.service.ts";
+import { getAdapter } from "../../services/database/adapter-registry.ts";
+import { syncTables, searchTables } from "../../services/table-cache.service.ts";
+import { isReadOnlyQuery } from "../../services/database/readonly-check.ts";
+import { ok, err } from "../../types/api.ts";
+import type { DbConnectionConfig } from "../../types/database.ts";
+
+export const databaseRoutes = new Hono();
+
+/** Strip sensitive connection_config from connection responses */
+function sanitizeConn(conn: ConnectionRow): Omit<ConnectionRow, "connection_config"> {
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  const { connection_config: _, ...safe } = conn;
+  return safe;
+}
+
+/** Validate hex color string (e.g. #3b82f6) */
+function isValidHex(color: string): boolean {
+  return /^#[0-9a-fA-F]{3}([0-9a-fA-F]{3})?$/.test(color);
+}
+
+/** Resolve connection + parse config, return 404 on miss */
+function resolveConn(id: string) {
+  const numId = parseInt(id, 10);
+  if (isNaN(numId)) return null;
+  return getConnectionById(numId);
+}
+
+// ---------------------------------------------------------------------------
+// Connection CRUD
+// ---------------------------------------------------------------------------
+
+/** GET /api/db/connections */
+databaseRoutes.get("/connections", (c) => {
+  try {
+    return c.json(ok(getConnections().map(sanitizeConn)));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** GET /api/db/connections/:id */
+databaseRoutes.get("/connections/:id", (c) => {
+  const conn = resolveConn(c.req.param("id"));
+  if (!conn) return c.json(err("Connection not found"), 404);
+  return c.json(ok(sanitizeConn(conn)));
+});
+
+/** POST /api/db/connections */
+databaseRoutes.post("/connections", async (c) => {
+  try {
+    const body = await c.req.json<{
+      type: "sqlite" | "postgres";
+      name: string;
+      connectionConfig: ConnectionConfig;
+      groupName?: string;
+      color?: string;
+    }>();
+    if (!body.type || !body.name || !body.connectionConfig) {
+      return c.json(err("type, name, and connectionConfig are required"), 400);
+    }
+    if (!["sqlite", "postgres"].includes(body.type)) {
+      return c.json(err("type must be sqlite or postgres"), 400);
+    }
+    if (body.color && !isValidHex(body.color)) {
+      return c.json(err("color must be a valid hex color (e.g. #3b82f6)"), 400);
+    }
+    const conn = insertConnection(body.type, body.name, body.connectionConfig, body.groupName, body.color);
+    return c.json(ok(sanitizeConn(conn)), 201);
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** PUT /api/db/connections/:id — allows toggling readonly (UI-only) */
+databaseRoutes.put("/connections/:id", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+
+    const body = await c.req.json<{
+      name?: string;
+      connectionConfig?: ConnectionConfig;
+      groupName?: string | null;
+      color?: string | null;
+      readonly?: number;
+    }>();
+
+    if (body.color && !isValidHex(body.color)) {
+      return c.json(err("color must be a valid hex color (e.g. #3b82f6)"), 400);
+    }
+
+    updateConnection(conn.id, {
+      name: body.name,
+      config: body.connectionConfig,
+      groupName: body.groupName,
+      color: body.color,
+      readonly: body.readonly,
+    });
+    const updated = getConnectionById(conn.id);
+    return c.json(ok(updated ? sanitizeConn(updated) : null));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** DELETE /api/db/connections/:id */
+databaseRoutes.delete("/connections/:id", (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+    deleteConnection(String(conn.id));
+    return c.json(ok({ deleted: true }));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+// ---------------------------------------------------------------------------
+// Connection operations
+// ---------------------------------------------------------------------------
+
+/** POST /api/db/connections/:id/test */
+databaseRoutes.post("/connections/:id/test", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+    const config = JSON.parse(conn.connection_config) as DbConnectionConfig;
+    const adapter = getAdapter(conn.type);
+    const result = await adapter.testConnection(config);
+    return c.json(ok(result));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** GET /api/db/connections/:id/tables — live fetch + sync cache */
+databaseRoutes.get("/connections/:id/tables", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+    const tables = await syncTables(conn.id);
+    return c.json(ok(tables));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** GET /api/db/connections/:id/schema?table=...&schema=... */
+databaseRoutes.get("/connections/:id/schema", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+    const table = c.req.query("table");
+    const schema = c.req.query("schema");
+    if (!table) return c.json(err("table query param required"), 400);
+    const config = JSON.parse(conn.connection_config) as DbConnectionConfig;
+    const adapter = getAdapter(conn.type);
+    const cols = await adapter.getTableSchema(config, table, schema);
+    return c.json(ok(cols));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** GET /api/db/connections/:id/data?table=...&page=1&limit=100&orderBy=...&orderDir=ASC */
+databaseRoutes.get("/connections/:id/data", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+    const table = c.req.query("table");
+    if (!table) return c.json(err("table query param required"), 400);
+    const config = JSON.parse(conn.connection_config) as DbConnectionConfig;
+    const adapter = getAdapter(conn.type);
+    const data = await adapter.getTableData(config, table, {
+      schema: c.req.query("schema"),
+      page: parseInt(c.req.query("page") ?? "1", 10),
+      limit: Math.min(parseInt(c.req.query("limit") ?? "100", 10), 1000),
+      orderBy: c.req.query("orderBy"),
+      orderDir: (c.req.query("orderDir") as "ASC" | "DESC") ?? "ASC",
+    });
+    return c.json(ok(data));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** POST /api/db/connections/:id/query — body: { sql } — enforces readonly */
+databaseRoutes.post("/connections/:id/query", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+    const body = await c.req.json<{ sql: string }>();
+    if (!body.sql) return c.json(err("sql is required"), 400);
+
+    if (conn.readonly && !isReadOnlyQuery(body.sql)) {
+      return c.json(err("Connection is readonly — only SELECT queries allowed. Change this in PPM web UI."), 403);
+    }
+
+    const config = JSON.parse(conn.connection_config) as DbConnectionConfig;
+    const adapter = getAdapter(conn.type);
+    const result = await adapter.executeQuery(config, body.sql);
+    return c.json(ok(result));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+/** PUT /api/db/connections/:id/cell — body: { table, schema?, pkColumn, pkValue, column, value } — enforces readonly */
+databaseRoutes.put("/connections/:id/cell", async (c) => {
+  try {
+    const conn = resolveConn(c.req.param("id"));
+    if (!conn) return c.json(err("Connection not found"), 404);
+
+    if (conn.readonly) {
+      return c.json(err("Connection is readonly — cell editing is disabled. Change this in PPM web UI."), 403);
+    }
+
+    const body = await c.req.json<{
+      table: string; schema?: string;
+      pkColumn: string; pkValue: unknown; column: string; value: unknown;
+    }>();
+    if (!body.table || !body.pkColumn || !body.column) {
+      return c.json(err("table, pkColumn, and column are required"), 400);
+    }
+
+    const config = JSON.parse(conn.connection_config) as DbConnectionConfig;
+    const adapter = getAdapter(conn.type);
+    await adapter.updateCell(config, body.table, {
+      schema: body.schema,
+      pkColumn: body.pkColumn,
+      pkValue: body.pkValue,
+      column: body.column,
+      value: body.value,
+    });
+    return c.json(ok({ updated: true }));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
+// ---------------------------------------------------------------------------
+// Search
+// ---------------------------------------------------------------------------
+
+/** GET /api/db/search?q=... — search cached tables across all connections */
+databaseRoutes.get("/search", (c) => {
+  try {
+    const q = c.req.query("q") ?? "";
+    return c.json(ok(searchTables(q)));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+

package/src/services/database/adapter-registry.ts

@@ -0,0 +1,13 @@
+import type { DbType, DatabaseAdapter } from "../../types/database.ts";
+
+const adapters = new Map<DbType, DatabaseAdapter>();
+
+export function registerAdapter(type: DbType, adapter: DatabaseAdapter): void {
+  adapters.set(type, adapter);
+}
+
+export function getAdapter(type: DbType): DatabaseAdapter {
+  const adapter = adapters.get(type);
+  if (!adapter) throw new Error(`No adapter registered for database type: ${type}`);
+  return adapter;
+}

package/src/services/database/init-adapters.ts

@@ -0,0 +1,9 @@
+import { registerAdapter } from "./adapter-registry.ts";
+import { sqliteAdapter } from "./sqlite-adapter.ts";
+import { postgresAdapter } from "./postgres-adapter.ts";
+
+/** Register all database adapters. Call once at server startup. */
+export function initAdapters(): void {
+  registerAdapter("sqlite", sqliteAdapter);
+  registerAdapter("postgres", postgresAdapter);
+}

package/src/services/database/postgres-adapter.ts

@@ -0,0 +1,42 @@
+import type { DatabaseAdapter, DbConnectionConfig, DbTableInfo, DbColumnInfo, DbPagedData, DbQueryResult } from "../../types/database.ts";
+import { postgresService } from "../postgres.service.ts";
+
+/** Thin adapter wrapping the existing PostgresService to implement DatabaseAdapter */
+export const postgresAdapter: DatabaseAdapter = {
+  async testConnection(config: DbConnectionConfig): Promise<{ ok: boolean; error?: string }> {
+    if (!config.connectionString) return { ok: false, error: "Missing connectionString" };
+    return postgresService.testConnection(config.connectionString);
+  },
+
+  async getTables(config: DbConnectionConfig): Promise<DbTableInfo[]> {
+    if (!config.connectionString) throw new Error("Missing connectionString");
+    const tables = await postgresService.getTables(config.connectionString);
+    return tables.map((t) => ({ name: t.name, schema: t.schema, rowCount: t.rowCount }));
+  },
+
+  async getTableSchema(config: DbConnectionConfig, table: string, schema = "public"): Promise<DbColumnInfo[]> {
+    if (!config.connectionString) throw new Error("Missing connectionString");
+    return postgresService.getTableSchema(config.connectionString, table, schema);
+  },
+
+  async getTableData(config: DbConnectionConfig, table: string, opts): Promise<DbPagedData> {
+    if (!config.connectionString) throw new Error("Missing connectionString");
+    return postgresService.getTableData(
+      config.connectionString, table, opts.schema ?? "public",
+      opts.page, opts.limit, opts.orderBy, opts.orderDir,
+    );
+  },
+
+  async executeQuery(config: DbConnectionConfig, sql: string): Promise<DbQueryResult> {
+    if (!config.connectionString) throw new Error("Missing connectionString");
+    return postgresService.executeQuery(config.connectionString, sql);
+  },
+
+  async updateCell(config: DbConnectionConfig, table: string, opts): Promise<void> {
+    if (!config.connectionString) throw new Error("Missing connectionString");
+    await postgresService.updateCell(
+      config.connectionString, table, opts.schema ?? "public",
+      opts.pkColumn, opts.pkValue, opts.column, opts.value,
+    );
+  },
+};

package/src/services/database/readonly-check.ts

@@ -0,0 +1,17 @@
+/**
+ * Returns true if sql is a read-only statement.
+ * Handles: SELECT, EXPLAIN, SHOW, PRAGMA, DESCRIBE, WITH...SELECT.
+ * Guards against CTEs with write keywords (e.g. WITH x AS (DELETE...) SELECT).
+ */
+export function isReadOnlyQuery(sql: string): boolean {
+  const trimmed = sql.trim();
+
+  // Reject if the SQL contains write keywords anywhere (catches CTE attacks like
+  // "WITH x AS (DELETE ...) SELECT ...").
+  if (/\b(INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|TRUNCATE|REPLACE|MERGE)\b/i.test(trimmed)) {
+    return false;
+  }
+
+  // Confirm it starts with a known read-only keyword.
+  return /^\s*(SELECT|EXPLAIN|SHOW|PRAGMA|DESCRIBE|WITH\b)/i.test(trimmed);
+}

package/src/services/database/sqlite-adapter.ts

@@ -0,0 +1,55 @@
+import type { DatabaseAdapter, DbConnectionConfig, DbTableInfo, DbColumnInfo, DbPagedData, DbQueryResult } from "../../types/database.ts";
+import { sqliteService } from "../sqlite.service.ts";
+import { existsSync } from "node:fs";
+
+/** Thin adapter wrapping the existing SqliteService to implement DatabaseAdapter */
+export const sqliteAdapter: DatabaseAdapter = {
+  async testConnection(config: DbConnectionConfig): Promise<{ ok: boolean; error?: string }> {
+    try {
+      if (!config.path) return { ok: false, error: "Missing path" };
+      if (!existsSync(config.path)) return { ok: false, error: `File not found: ${config.path}` };
+      // Attempt to open and list tables
+      sqliteService.getTables(config.path, config.path);
+      return { ok: true };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  },
+
+  async getTables(config: DbConnectionConfig): Promise<DbTableInfo[]> {
+    if (!config.path) throw new Error("Missing path");
+    const tables = sqliteService.getTables(config.path, config.path);
+    return tables.map((t) => ({ name: t.name, schema: "main", rowCount: t.rowCount }));
+  },
+
+  async getTableSchema(config: DbConnectionConfig, table: string): Promise<DbColumnInfo[]> {
+    if (!config.path) throw new Error("Missing path");
+    const cols = sqliteService.getTableSchema(config.path, config.path, table);
+    return cols.map((c) => ({
+      name: c.name,
+      type: c.type,
+      nullable: !c.notnull,
+      pk: !!c.pk,
+      defaultValue: c.dflt_value,
+    }));
+  },
+
+  async getTableData(config: DbConnectionConfig, table: string, opts): Promise<DbPagedData> {
+    if (!config.path) throw new Error("Missing path");
+    return sqliteService.getTableData(
+      config.path, config.path, table,
+      opts.page, opts.limit, opts.orderBy, opts.orderDir,
+    );
+  },
+
+  async executeQuery(config: DbConnectionConfig, sql: string): Promise<DbQueryResult> {
+    if (!config.path) throw new Error("Missing path");
+    return sqliteService.executeQuery(config.path, config.path, sql);
+  },
+
+  async updateCell(config: DbConnectionConfig, table: string, opts): Promise<void> {
+    if (!config.path) throw new Error("Missing path");
+    // SQLite uses rowid as PK for cell updates
+    sqliteService.updateCell(config.path, config.path, table, Number(opts.pkValue), opts.column, opts.value);
+  },
+};

package/src/services/db.service.ts

@@ -1,10 +1,10 @@
-import { Database } from "bun:sqlite";
+import { Database, type SQLQueryBindings } from "bun:sqlite";
 import { resolve } from "node:path";
 import { homedir } from "node:os";
 import { mkdirSync, existsSync } from "node:fs";
 
 const PPM_DIR = resolve(homedir(), ".ppm");
-const CURRENT_SCHEMA_VERSION = 2;
+const CURRENT_SCHEMA_VERSION = 3;
 
 let db: Database | null = null;
 let dbProfile: string | null = null;
@@ -142,6 +142,31 @@ function runMigrations(database: Database): void {
       PRAGMA user_version = 2;
     `);
   }
+
+  if (current < 3) {
+    // Add readonly column (safe-by-default: 1 = block writes, UI-only toggle)
+    try {
+      database.exec(`ALTER TABLE connections ADD COLUMN readonly INTEGER NOT NULL DEFAULT 1`);
+    } catch {
+      // Column may already exist (fresh DB created in this session)
+    }
+
+    database.exec(`
+      CREATE TABLE IF NOT EXISTS connection_table_cache (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        connection_id INTEGER NOT NULL REFERENCES connections(id) ON DELETE CASCADE,
+        table_name TEXT NOT NULL,
+        schema_name TEXT NOT NULL DEFAULT 'public',
+        row_count INTEGER NOT NULL DEFAULT 0,
+        cached_at TEXT DEFAULT (datetime('now')),
+        UNIQUE(connection_id, schema_name, table_name)
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_table_cache_conn ON connection_table_cache(connection_id);
+
+      PRAGMA user_version = 3;
+    `);
+  }
 }
 
 // ---------------------------------------------------------------------------
@@ -331,6 +356,8 @@ export interface ConnectionRow {
   connection_config: string;
   group_name: string | null;
   color: string | null;
+  /** 1 = readonly (default), 0 = writable. UI-only toggle — CLI cannot change this. */
+  readonly: number;
   sort_order: number;
   created_at: string;
   updated_at: string;
@@ -383,7 +410,7 @@ export function deleteConnection(nameOrId: string): boolean {
 }
 
 export function updateConnection(
-  id: number, updates: { name?: string; config?: ConnectionConfig; groupName?: string | null; color?: string | null },
+  id: number, updates: { name?: string; config?: ConnectionConfig; groupName?: string | null; color?: string | null; readonly?: number },
 ): void {
   const sets: string[] = [];
   const vals: unknown[] = [];
@@ -391,10 +418,56 @@ export function updateConnection(
   if (updates.config !== undefined) { sets.push("connection_config = ?"); vals.push(JSON.stringify(updates.config)); }
   if (updates.groupName !== undefined) { sets.push("group_name = ?"); vals.push(updates.groupName); }
   if (updates.color !== undefined) { sets.push("color = ?"); vals.push(updates.color); }
+  if (updates.readonly !== undefined) { sets.push("readonly = ?"); vals.push(updates.readonly); }
   if (sets.length === 0) return;
   sets.push("updated_at = datetime('now')");
   vals.push(id);
-  getDb().query(`UPDATE connections SET ${sets.join(", ")} WHERE id = ?`).run(...vals);
+  getDb().query(`UPDATE connections SET ${sets.join(", ")} WHERE id = ?`).run(...(vals as SQLQueryBindings[]));
+}
+
+// ---------------------------------------------------------------------------
+// Table cache helpers
+// ---------------------------------------------------------------------------
+
+export interface TableCacheRow {
+  id: number;
+  connection_id: number;
+  table_name: string;
+  schema_name: string;
+  row_count: number;
+  cached_at: string;
+}
+
+export function getCachedTables(connectionId: number): TableCacheRow[] {
+  return getDb().query(
+    "SELECT * FROM connection_table_cache WHERE connection_id = ? ORDER BY schema_name, table_name",
+  ).all(connectionId) as TableCacheRow[];
+}
+
+export function upsertTableCache(connectionId: number, tableName: string, schemaName: string, rowCount: number): void {
+  getDb().query(
+    `INSERT INTO connection_table_cache (connection_id, table_name, schema_name, row_count, cached_at)
+     VALUES (?, ?, ?, ?, datetime('now'))
+     ON CONFLICT(connection_id, schema_name, table_name)
+     DO UPDATE SET row_count = excluded.row_count, cached_at = excluded.cached_at`,
+  ).run(connectionId, tableName, schemaName, rowCount);
+}
+
+export function deleteTableCache(connectionId: number): void {
+  getDb().query("DELETE FROM connection_table_cache WHERE connection_id = ?").run(connectionId);
+}
+
+export function searchTableCache(query: string): Array<TableCacheRow & { connection_name: string; connection_type: string; connection_color: string | null }> {
+  // Escape LIKE wildcards so user input is treated as literal text
+  const escaped = query.replace(/[%_\\]/g, "\\$&");
+  return getDb().query(
+    `SELECT tc.*, c.name as connection_name, c.type as connection_type, c.color as connection_color
+     FROM connection_table_cache tc
+     JOIN connections c ON tc.connection_id = c.id
+     WHERE tc.table_name LIKE ? ESCAPE '\\'
+     ORDER BY tc.table_name, c.name
+     LIMIT 50`,
+  ).all(`%${escaped}%`) as Array<TableCacheRow & { connection_name: string; connection_type: string; connection_color: string | null }>;
 }
 
 // Auto-close on process exit

package/src/services/table-cache.service.ts

@@ -0,0 +1,75 @@
+import {
+  getCachedTables, upsertTableCache, deleteTableCache, searchTableCache,
+  getConnectionById, type TableCacheRow,
+} from "./db.service.ts";
+import { getAdapter } from "./database/adapter-registry.ts";
+import type { DbConnectionConfig } from "../types/database.ts";
+
+export interface CachedTable {
+  connectionId: number;
+  tableName: string;
+  schemaName: string;
+  rowCount: number;
+  cachedAt: string;
+}
+
+export interface TableSearchResult {
+  connectionId: number;
+  connectionName: string;
+  connectionType: string;
+  connectionColor: string | null;
+  tableName: string;
+  schemaName: string;
+}
+
+function rowToTable(r: TableCacheRow): CachedTable {
+  return {
+    connectionId: r.connection_id,
+    tableName: r.table_name,
+    schemaName: r.schema_name,
+    rowCount: r.row_count,
+    cachedAt: r.cached_at,
+  };
+}
+
+/** Get cached tables for a connection (no live fetch) */
+export function getTablesFromCache(connectionId: number): CachedTable[] {
+  return getCachedTables(connectionId).map(rowToTable);
+}
+
+/** Fetch live tables via adapter, update cache, return result */
+export async function syncTables(connectionId: number): Promise<CachedTable[]> {
+  const conn = getConnectionById(connectionId);
+  if (!conn) throw new Error(`Connection not found: ${connectionId}`);
+
+  const config = JSON.parse(conn.connection_config) as DbConnectionConfig;
+  const adapter = getAdapter(conn.type);
+  const tables = await adapter.getTables(config);
+
+  // Delete stale cache entries, then upsert fresh ones
+  deleteTableCache(connectionId);
+  for (const t of tables) {
+    upsertTableCache(connectionId, t.name, t.schema || "main", t.rowCount);
+  }
+
+  return tables.map((t) => ({
+    connectionId,
+    tableName: t.name,
+    schemaName: t.schema || "main",
+    rowCount: t.rowCount,
+    cachedAt: new Date().toISOString(),
+  }));
+}
+
+/** Search cached tables across all connections (for command palette) */
+export function searchTables(query: string): TableSearchResult[] {
+  if (!query || query.length < 2) return [];
+  return searchTableCache(query).map((r) => ({
+    connectionId: r.connection_id,
+    connectionName: r.connection_name,
+    connectionType: r.connection_type,
+    connectionColor: r.connection_color,
+    tableName: r.table_name,
+    schemaName: r.schema_name,
+  }));
+}

package/src/types/database.ts

@@ -0,0 +1,50 @@
+export type DbType = "sqlite" | "postgres";
+
+export interface DbConnectionConfig {
+  type: DbType;
+  path?: string;             // sqlite
+  connectionString?: string; // postgres
+  [key: string]: unknown;
+}
+
+export interface DbTableInfo {
+  name: string;
+  schema: string; // "main" for sqlite, actual schema for postgres
+  rowCount: number;
+}
+
+export interface DbColumnInfo {
+  name: string;
+  type: string;
+  nullable: boolean;
+  pk: boolean;
+  defaultValue: string | null;
+}
+
+export interface DbQueryResult {
+  columns: string[];
+  rows: Record<string, unknown>[];
+  rowsAffected: number;
+  changeType: "select" | "modify";
+}
+
+export interface DbPagedData {
+  columns: string[];
+  rows: Record<string, unknown>[];
+  total: number;
+  page: number;
+  limit: number;
+}
+
+export interface DatabaseAdapter {
+  testConnection(config: DbConnectionConfig): Promise<{ ok: boolean; error?: string }>;
+  getTables(config: DbConnectionConfig): Promise<DbTableInfo[]>;
+  getTableSchema(config: DbConnectionConfig, table: string, schema?: string): Promise<DbColumnInfo[]>;
+  getTableData(config: DbConnectionConfig, table: string, opts: {
+    schema?: string; page?: number; limit?: number; orderBy?: string; orderDir?: "ASC" | "DESC";
+  }): Promise<DbPagedData>;
+  executeQuery(config: DbConnectionConfig, sql: string): Promise<DbQueryResult>;
+  updateCell(config: DbConnectionConfig, table: string, opts: {
+    schema?: string; pkColumn: string; pkValue: unknown; column: string; value: unknown;
+  }): Promise<void>;
+}

package/src/web/app.tsx

@@ -58,12 +58,9 @@ export function App() {
     }
   }, [theme]);
 
-  // Fetch server info + keybindings on mount (before auth — shown on login screen)
+  // Fetch server info on mount (before auth — shown on login screen)
   useEffect(() => {
     fetchServerInfo();
-    import("@/stores/keybindings-store").then(({ useKeybindingsStore }) => {
-      useKeybindingsStore.getState().loadFromServer();
-    });
   }, [fetchServerInfo]);
 
   // Auth check on mount
@@ -102,6 +99,14 @@ export function App() {
   // Health check — detects server crash/restart
   useHealthCheck();
 
+  // Load keybindings after auth confirmed (must not call ApiClient before auth)
+  useEffect(() => {
+    if (authState !== "authenticated") return;
+    import("@/stores/keybindings-store").then(({ useKeybindingsStore }) => {
+      useKeybindingsStore.getState().loadFromServer();
+    });
+  }, [authState]);
+
   // Fetch projects after auth, then restore from URL if applicable
   useEffect(() => {
     if (authState !== "authenticated") return;