@indiekitai/pg-dash 0.2.0

package/dist/cli.js

@@ -0,0 +1,2285 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/server/advisor.ts
+var advisor_exports = {};
+__export(advisor_exports, {
+  computeAdvisorScore: () => computeAdvisorScore,
+  getAdvisorReport: () => getAdvisorReport,
+  gradeFromScore: () => gradeFromScore,
+  isSafeFix: () => isSafeFix
+});
+function computeAdvisorScore(issues) {
+  let score = 100;
+  const counts = { critical: 0, warning: 0, info: 0 };
+  for (const issue of issues) {
+    counts[issue.severity]++;
+    const n = counts[issue.severity];
+    const weight = SEVERITY_WEIGHT[issue.severity];
+    if (n <= 5) score -= weight;
+    else if (n <= 15) score -= weight * 0.5;
+    else score -= weight * 0.25;
+  }
+  return Math.max(0, Math.min(100, Math.round(score)));
+}
+function gradeFromScore(score) {
+  if (score >= 90) return "A";
+  if (score >= 80) return "B";
+  if (score >= 70) return "C";
+  if (score >= 50) return "D";
+  return "F";
+}
+function computeBreakdown(issues) {
+  const categories = ["performance", "maintenance", "schema", "security"];
+  const result = {};
+  for (const cat of categories) {
+    const catIssues = issues.filter((i) => i.category === cat);
+    const score = computeAdvisorScore(catIssues);
+    result[cat] = { score, grade: gradeFromScore(score), count: catIssues.length };
+  }
+  return result;
+}
+async function getAdvisorReport(pool) {
+  const client = await pool.connect();
+  const issues = [];
+  try {
+    try {
+      const r = await client.query(`
+        SELECT schemaname, relname, seq_scan, seq_tup_read, n_live_tup,
+          pg_size_pretty(pg_total_relation_size(relid)) AS size
+        FROM pg_stat_user_tables
+        WHERE n_live_tup > 10000 AND seq_scan > 100
+        ORDER BY seq_tup_read DESC LIMIT 10
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `perf-seq-scan-${row.schemaname}-${row.relname}`,
+          severity: row.seq_scan > 1e3 ? "warning" : "info",
+          category: "performance",
+          title: `High sequential scans on ${row.relname}`,
+          description: `Table ${row.schemaname}.${row.relname} (${row.n_live_tup} rows, ${row.size}) has ${row.seq_scan} sequential scans reading ${Number(row.seq_tup_read).toLocaleString()} tuples. Consider adding indexes on frequently filtered columns.`,
+          fix: `-- Identify commonly filtered columns and add indexes:
+-- EXPLAIN ANALYZE SELECT * FROM ${row.schemaname}.${row.relname} WHERE <your_condition>;
+CREATE INDEX CONCURRENTLY idx_${row.relname}_<column> ON ${row.schemaname}.${row.relname} (<column>);`,
+          impact: "Queries will continue to do full table scans, degrading performance as the table grows.",
+          effort: "moderate"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking seq scans:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT
+          schemaname, relname, indexrelname,
+          pg_relation_size(indexrelid) AS idx_size,
+          pg_relation_size(relid) AS tbl_size,
+          pg_size_pretty(pg_relation_size(indexrelid)) AS idx_size_pretty,
+          pg_size_pretty(pg_relation_size(relid)) AS tbl_size_pretty
+        FROM pg_stat_user_indexes
+        WHERE pg_relation_size(indexrelid) > 1048576
+          AND pg_relation_size(indexrelid) > pg_relation_size(relid) * 3
+        ORDER BY pg_relation_size(indexrelid) DESC LIMIT 10
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `perf-bloated-idx-${row.indexrelname}`,
+          severity: "warning",
+          category: "performance",
+          title: `Bloated index ${row.indexrelname}`,
+          description: `Index ${row.indexrelname} on ${row.relname} is ${row.idx_size_pretty} but the table is only ${row.tbl_size_pretty}. The index may need rebuilding.`,
+          fix: `REINDEX INDEX CONCURRENTLY ${row.schemaname}.${row.indexrelname};`,
+          impact: "Bloated indexes waste disk space and slow down queries that use them.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking bloated indexes:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT schemaname, relname, n_dead_tup, n_live_tup,
+          CASE WHEN n_live_tup > 0 THEN round(n_dead_tup::numeric / n_live_tup * 100, 1) ELSE 0 END AS dead_pct,
+          pg_size_pretty(pg_total_relation_size(relid)) AS size
+        FROM pg_stat_user_tables
+        WHERE n_live_tup > 1000 AND n_dead_tup::float / GREATEST(n_live_tup, 1) > 0.1
+        ORDER BY n_dead_tup DESC LIMIT 10
+      `);
+      for (const row of r.rows) {
+        const pct = parseFloat(row.dead_pct);
+        issues.push({
+          id: `perf-bloat-${row.schemaname}-${row.relname}`,
+          severity: pct > 30 ? "critical" : "warning",
+          category: "performance",
+          title: `Table bloat on ${row.relname} (${row.dead_pct}% dead)`,
+          description: `${row.schemaname}.${row.relname} has ${Number(row.n_dead_tup).toLocaleString()} dead tuples (${row.dead_pct}% of ${Number(row.n_live_tup).toLocaleString()} live rows). Size: ${row.size}.`,
+          fix: `VACUUM FULL ${row.schemaname}.${row.relname};`,
+          impact: "Dead tuples waste storage and degrade scan performance.",
+          effort: pct > 30 ? "moderate" : "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking table bloat:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT schemaname, relname,
+          heap_blks_hit, heap_blks_read,
+          CASE WHEN (heap_blks_hit + heap_blks_read) = 0 THEN 1
+            ELSE heap_blks_hit::float / (heap_blks_hit + heap_blks_read) END AS ratio
+        FROM pg_statio_user_tables
+        WHERE (heap_blks_hit + heap_blks_read) > 100
+        ORDER BY ratio ASC LIMIT 5
+      `);
+      for (const row of r.rows) {
+        const ratio = parseFloat(row.ratio);
+        if (ratio < 0.9) {
+          issues.push({
+            id: `perf-cache-${row.schemaname}-${row.relname}`,
+            severity: ratio < 0.5 ? "critical" : "warning",
+            category: "performance",
+            title: `Poor cache hit ratio on ${row.relname}`,
+            description: `Table ${row.schemaname}.${row.relname} has a cache hit ratio of ${(ratio * 100).toFixed(1)}%. Most reads are going to disk.`,
+            fix: `-- Consider increasing shared_buffers or reducing working set:
+SHOW shared_buffers;`,
+            impact: "Disk reads are orders of magnitude slower than memory reads.",
+            effort: "involved"
+          });
+        }
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking cache efficiency:", err.message);
+    }
+    try {
+      const extCheck = await client.query("SELECT 1 FROM pg_extension WHERE extname = 'pg_stat_statements'");
+      if (extCheck.rows.length > 0) {
+        const r = await client.query(`
+          SELECT query, calls, mean_exec_time, total_exec_time,
+            round(mean_exec_time::numeric, 2) AS mean_ms,
+            round(total_exec_time::numeric / 1000, 2) AS total_sec
+          FROM pg_stat_statements
+          WHERE query NOT LIKE '%pg_stat%' AND query NOT LIKE '%pg_catalog%'
+            AND mean_exec_time > 100
+          ORDER BY mean_exec_time DESC LIMIT 5
+        `);
+        for (const row of r.rows) {
+          issues.push({
+            id: `perf-slow-${row.query.slice(0, 30).replace(/\W/g, "_")}`,
+            severity: parseFloat(row.mean_ms) > 1e3 ? "warning" : "info",
+            category: "performance",
+            title: `Slow query (avg ${row.mean_ms}ms)`,
+            description: `Query averaging ${row.mean_ms}ms over ${row.calls} calls (total: ${row.total_sec}s): ${row.query.slice(0, 200)}`,
+            fix: `EXPLAIN ANALYZE ${row.query.slice(0, 500)};`,
+            impact: "Slow queries degrade overall database responsiveness.",
+            effort: "moderate"
+          });
+        }
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking slow queries:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT schemaname, relname, last_vacuum, last_autovacuum, n_dead_tup
+        FROM pg_stat_user_tables
+        WHERE n_live_tup > 100
+          AND (last_vacuum IS NULL AND last_autovacuum IS NULL
+               OR GREATEST(last_vacuum, last_autovacuum) < now() - interval '7 days')
+        ORDER BY n_dead_tup DESC LIMIT 15
+      `);
+      for (const row of r.rows) {
+        const never = !row.last_vacuum && !row.last_autovacuum;
+        issues.push({
+          id: `maint-vacuum-${row.schemaname}-${row.relname}`,
+          severity: never ? "warning" : "info",
+          category: "maintenance",
+          title: `VACUUM ${never ? "never run" : "overdue"} on ${row.relname}`,
+          description: `${row.schemaname}.${row.relname} ${never ? "has never been vacuumed" : "was last vacuumed over 7 days ago"}. Dead tuples: ${Number(row.n_dead_tup).toLocaleString()}.`,
+          fix: `VACUUM ANALYZE ${row.schemaname}.${row.relname};`,
+          impact: "Dead tuples accumulate, increasing table size and degrading query performance.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking vacuum overdue:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT schemaname, relname
+        FROM pg_stat_user_tables
+        WHERE n_live_tup > 100
+          AND last_analyze IS NULL AND last_autoanalyze IS NULL
+          AND NOT EXISTS (
+            SELECT 1 FROM pg_stat_user_tables t2
+            WHERE t2.relname = pg_stat_user_tables.relname
+              AND (t2.last_vacuum IS NULL AND t2.last_autovacuum IS NULL)
+          )
+        LIMIT 10
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `maint-analyze-${row.schemaname}-${row.relname}`,
+          severity: "info",
+          category: "maintenance",
+          title: `ANALYZE never run on ${row.relname}`,
+          description: `${row.schemaname}.${row.relname} has never been analyzed. The query planner may choose suboptimal plans.`,
+          fix: `ANALYZE ${row.schemaname}.${row.relname};`,
+          impact: "Without statistics, the query planner makes poor estimates leading to slow queries.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking analyze overdue:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT datname, age(datfrozenxid) AS xid_age
+        FROM pg_database
+        WHERE datname = current_database()
+      `);
+      for (const row of r.rows) {
+        const age = parseInt(row.xid_age);
+        if (age > 1e9) {
+          issues.push({
+            id: `maint-xid-wraparound`,
+            severity: "critical",
+            category: "maintenance",
+            title: `Transaction ID wraparound risk`,
+            description: `Database ${row.datname} has datfrozenxid age of ${age.toLocaleString()}. Wraparound occurs at ~2 billion.`,
+            fix: `VACUUM FREEZE;`,
+            impact: "If wraparound occurs, PostgreSQL will shut down to prevent data loss.",
+            effort: "involved"
+          });
+        } else if (age > 5e8) {
+          issues.push({
+            id: `maint-xid-warning`,
+            severity: "warning",
+            category: "maintenance",
+            title: `Transaction ID age is high`,
+            description: `Database ${row.datname} has datfrozenxid age of ${age.toLocaleString()}.`,
+            fix: `VACUUM FREEZE;`,
+            impact: "Approaching transaction ID wraparound threshold.",
+            effort: "moderate"
+          });
+        }
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking xid wraparound:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT pid, state, now() - state_change AS idle_duration,
+          client_addr::text, application_name,
+          extract(epoch from now() - state_change)::int AS idle_seconds
+        FROM pg_stat_activity
+        WHERE state IN ('idle', 'idle in transaction')
+          AND now() - state_change > interval '10 minutes'
+          AND pid != pg_backend_pid()
+      `);
+      for (const row of r.rows) {
+        const isIdleTx = row.state === "idle in transaction";
+        issues.push({
+          id: `maint-idle-${row.pid}`,
+          severity: isIdleTx ? "warning" : "info",
+          category: "maintenance",
+          title: `${isIdleTx ? "Idle in transaction" : "Idle connection"} (PID ${row.pid})`,
+          description: `PID ${row.pid} from ${row.client_addr || "local"} (${row.application_name || "unknown"}) has been ${row.state} for ${Math.round(row.idle_seconds / 60)} minutes.`,
+          fix: `SELECT pg_terminate_backend(${row.pid});`,
+          impact: isIdleTx ? "Idle-in-transaction connections hold locks and prevent VACUUM." : "Idle connections consume connection slots.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking idle connections:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT c.relname AS table_name, n.nspname AS schema
+        FROM pg_class c
+        JOIN pg_namespace n ON c.relnamespace = n.oid
+        WHERE c.relkind = 'r' AND n.nspname = 'public'
+          AND NOT EXISTS (
+            SELECT 1 FROM pg_constraint con WHERE con.conrelid = c.oid AND con.contype = 'p'
+          )
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `schema-no-pk-${row.schema}-${row.table_name}`,
+          severity: "warning",
+          category: "schema",
+          title: `Missing primary key on ${row.table_name}`,
+          description: `Table ${row.schema}.${row.table_name} has no primary key. This can cause replication issues and makes row identification unreliable.`,
+          fix: `ALTER TABLE ${row.schema}.${row.table_name} ADD PRIMARY KEY (<column>);`,
+          impact: "No primary key means no unique row identity, problematic for replication and ORMs.",
+          effort: "moderate"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking missing primary keys:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT schemaname, relname, indexrelname, idx_scan,
+          pg_size_pretty(pg_relation_size(indexrelid)) AS idx_size,
+          pg_relation_size(indexrelid) AS idx_bytes
+        FROM pg_stat_user_indexes
+        WHERE idx_scan = 0
+          AND indexrelname NOT LIKE '%_pkey'
+          AND pg_relation_size(indexrelid) > 1048576
+        ORDER BY pg_relation_size(indexrelid) DESC LIMIT 10
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `schema-unused-idx-${row.indexrelname}`,
+          severity: "warning",
+          category: "schema",
+          title: `Unused index ${row.indexrelname} (${row.idx_size})`,
+          description: `Index ${row.indexrelname} on ${row.relname} has never been used (0 scans) and takes ${row.idx_size}.`,
+          fix: `DROP INDEX CONCURRENTLY ${row.schemaname}.${row.indexrelname};`,
+          impact: "Unused indexes waste disk space and slow down writes.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking unused indexes:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT array_agg(idx.indexrelid::regclass::text) AS indexes,
+          idx.indrelid::regclass::text AS table_name,
+          pg_size_pretty(sum(pg_relation_size(idx.indexrelid))) AS total_size
+        FROM pg_index idx
+        GROUP BY idx.indrelid, idx.indkey
+        HAVING count(*) > 1
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `schema-dup-idx-${row.table_name}-${row.indexes[0]}`,
+          severity: "warning",
+          category: "schema",
+          title: `Duplicate indexes on ${row.table_name}`,
+          description: `These indexes cover the same columns on ${row.table_name}: ${row.indexes.join(", ")}. Total wasted space: ${row.total_size}.`,
+          fix: `-- Keep one, drop the rest:
+DROP INDEX CONCURRENTLY ${row.indexes.slice(1).join(";\nDROP INDEX CONCURRENTLY ")};`,
+          impact: "Duplicate indexes double the write overhead and waste disk space.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking duplicate indexes:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT
+          conrelid::regclass::text AS table_name,
+          a.attname AS column_name,
+          confrelid::regclass::text AS referenced_table
+        FROM pg_constraint c
+        JOIN pg_attribute a ON a.attrelid = c.conrelid AND a.attnum = ANY(c.conkey)
+        WHERE c.contype = 'f'
+          AND NOT EXISTS (
+            SELECT 1 FROM pg_index i
+            WHERE i.indrelid = c.conrelid
+              AND a.attnum = ANY(i.indkey)
+          )
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `schema-fk-no-idx-${row.table_name}-${row.column_name}`,
+          severity: "warning",
+          category: "schema",
+          title: `Missing index on FK column ${row.table_name}.${row.column_name}`,
+          description: `Foreign key column ${row.column_name} on ${row.table_name} (references ${row.referenced_table}) has no index. This causes slow JOINs and cascading deletes.`,
+          fix: `CREATE INDEX CONCURRENTLY idx_${row.table_name.replace(/\./g, "_")}_${row.column_name} ON ${row.table_name} (${row.column_name});`,
+          impact: "JOINs and cascading deletes on this FK will require full table scans.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking missing FK indexes:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT blocked_locks.pid AS blocked_pid,
+          blocking_locks.pid AS blocking_pid,
+          blocked_activity.query AS blocked_query
+        FROM pg_catalog.pg_locks blocked_locks
+        JOIN pg_catalog.pg_locks blocking_locks ON blocking_locks.locktype = blocked_locks.locktype
+          AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
+          AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
+          AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
+          AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
+          AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
+          AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
+          AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
+          AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
+          AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
+          AND blocking_locks.pid != blocked_locks.pid
+        JOIN pg_catalog.pg_stat_activity blocked_activity ON blocked_activity.pid = blocked_locks.pid
+        WHERE NOT blocked_locks.granted
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `perf-lock-blocked-${row.blocked_pid}`,
+          severity: "warning",
+          category: "performance",
+          title: `Blocked query (PID ${row.blocked_pid} blocked by PID ${row.blocking_pid})`,
+          description: `PID ${row.blocked_pid} is waiting for a lock held by PID ${row.blocking_pid}. Query: ${(row.blocked_query || "").slice(0, 200)}`,
+          fix: `SELECT pg_cancel_backend(${row.blocking_pid});`,
+          impact: "Blocked queries cause cascading delays and potential timeouts.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking locks:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT CASE WHEN pg_is_in_recovery()
+          THEN pg_wal_lsn_diff(pg_last_wal_receive_lsn(), pg_last_wal_replay_lsn())
+          ELSE 0 END AS lag_bytes
+      `);
+      const lagBytes = parseInt(r.rows[0]?.lag_bytes ?? "0");
+      if (lagBytes > 1048576) {
+        issues.push({
+          id: `perf-replication-lag`,
+          severity: lagBytes > 104857600 ? "critical" : "warning",
+          category: "performance",
+          title: `Replication lag: ${(lagBytes / 1048576).toFixed(1)} MB`,
+          description: `WAL replay is lagging by ${(lagBytes / 1048576).toFixed(1)} MB. This indicates the replica is falling behind.`,
+          fix: `-- Check replication status:
+SELECT * FROM pg_stat_replication;`,
+          impact: "High replication lag means the replica has stale data and failover may lose transactions.",
+          effort: "involved"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking replication lag:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT checkpoints_req, checkpoints_timed,
+          CASE WHEN (checkpoints_req + checkpoints_timed) = 0 THEN 0
+            ELSE round(checkpoints_req::numeric / (checkpoints_req + checkpoints_timed) * 100, 1) END AS req_pct
+        FROM pg_stat_bgwriter
+      `);
+      const reqPct = parseFloat(r.rows[0]?.req_pct ?? "0");
+      if (reqPct > 50) {
+        issues.push({
+          id: `maint-checkpoint-frequency`,
+          severity: reqPct > 80 ? "warning" : "info",
+          category: "maintenance",
+          title: `${reqPct}% of checkpoints are requested (not timed)`,
+          description: `${r.rows[0]?.checkpoints_req} requested vs ${r.rows[0]?.checkpoints_timed} timed checkpoints. High requested checkpoints indicate checkpoint_completion_target or max_wal_size may need tuning.`,
+          fix: `-- Increase max_wal_size:
+ALTER SYSTEM SET max_wal_size = '2GB';
+SELECT pg_reload_conf();`,
+          impact: "Frequent requested checkpoints cause I/O spikes and degrade performance.",
+          effort: "moderate"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking checkpoint frequency:", err.message);
+    }
+    try {
+      const r = await client.query(`SELECT setting FROM pg_settings WHERE name = 'autovacuum'`);
+      if (r.rows[0]?.setting === "off") {
+        issues.push({
+          id: `maint-autovacuum-disabled`,
+          severity: "critical",
+          category: "maintenance",
+          title: `Autovacuum is disabled`,
+          description: `Autovacuum is turned off. Dead tuples will accumulate and transaction ID wraparound becomes a risk.`,
+          fix: `ALTER SYSTEM SET autovacuum = on;
+SELECT pg_reload_conf();`,
+          impact: "Without autovacuum, tables bloat indefinitely and risk transaction ID wraparound shutdown.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking autovacuum:", err.message);
+    }
+    try {
+      const sbRes = await client.query(`SELECT setting, unit FROM pg_settings WHERE name = 'shared_buffers'`);
+      const memRes = await client.query(`
+        SELECT (SELECT setting::bigint FROM pg_settings WHERE name = 'shared_buffers') *
+               (SELECT setting::bigint FROM pg_settings WHERE name = 'block_size') AS shared_bytes
+      `);
+      const sharedBytes = parseInt(memRes.rows[0]?.shared_bytes ?? "0");
+      if (sharedBytes > 0 && sharedBytes < 128 * 1024 * 1024) {
+        issues.push({
+          id: `perf-shared-buffers-low`,
+          severity: "warning",
+          category: "performance",
+          title: `shared_buffers is only ${(sharedBytes / 1048576).toFixed(0)} MB`,
+          description: `shared_buffers is set to ${sbRes.rows[0]?.setting}${sbRes.rows[0]?.unit || ""}. Recommended: ~25% of system RAM, typically at least 256MB for production.`,
+          fix: `ALTER SYSTEM SET shared_buffers = '256MB';
+-- Requires restart`,
+          impact: "Low shared_buffers means more disk I/O and poor cache hit ratios.",
+          effort: "involved"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking shared_buffers:", err.message);
+    }
+    try {
+      const r = await client.query(`SELECT setting, unit FROM pg_settings WHERE name = 'work_mem'`);
+      const workMemKB = parseInt(r.rows[0]?.setting ?? "0");
+      if (workMemKB > 0 && workMemKB < 4096) {
+        issues.push({
+          id: `perf-work-mem-low`,
+          severity: "info",
+          category: "performance",
+          title: `work_mem is only ${workMemKB < 1024 ? workMemKB + "kB" : (workMemKB / 1024).toFixed(0) + "MB"}`,
+          description: `work_mem is ${r.rows[0]?.setting}${r.rows[0]?.unit || ""}. Low work_mem causes sorts and hash operations to spill to disk.`,
+          fix: `ALTER SYSTEM SET work_mem = '16MB';
+SELECT pg_reload_conf();`,
+          impact: "Operations that exceed work_mem use temporary disk files, which is much slower.",
+          effort: "quick"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking work_mem:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT pid, usename, client_addr::text
+        FROM pg_stat_activity
+        WHERE usename IN (SELECT rolname FROM pg_roles WHERE rolsuper)
+          AND client_addr IS NOT NULL
+          AND client_addr::text NOT IN ('127.0.0.1', '::1')
+          AND pid != pg_backend_pid()
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `sec-superuser-remote-${row.pid}`,
+          severity: "critical",
+          category: "security",
+          title: `Superuser ${row.usename} connected from ${row.client_addr}`,
+          description: `Superuser ${row.usename} has an active connection from non-localhost address ${row.client_addr}. This is a security risk.`,
+          fix: `-- Restrict superuser access in pg_hba.conf to localhost only.
+-- Then: SELECT pg_reload_conf();`,
+          impact: "Remote superuser access is a significant security vulnerability.",
+          effort: "moderate"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking superuser connections:", err.message);
+    }
+    try {
+      const r = await client.query(`SELECT setting FROM pg_settings WHERE name = 'ssl'`);
+      if (r.rows[0]?.setting === "off") {
+        issues.push({
+          id: `sec-ssl-off`,
+          severity: "warning",
+          category: "security",
+          title: `SSL is disabled`,
+          description: `SSL is turned off. Database connections are not encrypted.`,
+          fix: `-- Enable SSL in postgresql.conf:
+-- ssl = on
+-- ssl_cert_file = 'server.crt'
+-- ssl_key_file = 'server.key'
+SELECT pg_reload_conf();`,
+          impact: "Database traffic can be intercepted and read in transit.",
+          effort: "involved"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking SSL check:", err.message);
+    }
+    try {
+      const r = await client.query(`
+        SELECT type, database, user_name, auth_method
+        FROM pg_hba_file_rules
+        WHERE auth_method = 'trust' AND type != 'local'
+        LIMIT 5
+      `);
+      for (const row of r.rows) {
+        issues.push({
+          id: `sec-trust-auth-${row.database}-${row.user_name}`,
+          severity: "critical",
+          category: "security",
+          title: `Trust authentication for ${row.user_name}@${row.database}`,
+          description: `HBA rule allows trust (no password) authentication for ${row.type} connections to ${row.database} as ${row.user_name}.`,
+          fix: `-- Change auth_method from 'trust' to 'scram-sha-256' in pg_hba.conf
+-- Then: SELECT pg_reload_conf();`,
+          impact: "Anyone can connect without a password.",
+          effort: "moderate"
+        });
+      }
+    } catch (err) {
+      console.error("[advisor] Error checking trust auth:", err.message);
+    }
+    const score = computeAdvisorScore(issues);
+    return {
+      score,
+      grade: gradeFromScore(score),
+      issues,
+      breakdown: computeBreakdown(issues)
+    };
+  } finally {
+    client.release();
+  }
+}
+function isSafeFix(sql) {
+  const trimmed = sql.trim();
+  if (!trimmed) return false;
+  const statements = trimmed.replace(/;\s*$/, "").split(";").map((s) => s.trim()).filter(Boolean);
+  if (statements.length !== 1) return false;
+  const upper = statements[0].toUpperCase();
+  if (upper.startsWith("EXPLAIN ANALYZE")) {
+    const afterExplain = upper.replace(/^EXPLAIN\s+ANALYZE\s+/, "").trimStart();
+    return afterExplain.startsWith("SELECT");
+  }
+  const ALLOWED_PREFIXES = [
+    "VACUUM",
+    "ANALYZE",
+    "REINDEX",
+    "CREATE INDEX CONCURRENTLY",
+    "DROP INDEX CONCURRENTLY",
+    "SELECT PG_TERMINATE_BACKEND(",
+    "SELECT PG_CANCEL_BACKEND("
+  ];
+  return ALLOWED_PREFIXES.some((p) => upper.startsWith(p));
+}
+var SEVERITY_WEIGHT;
+var init_advisor = __esm({
+  "src/server/advisor.ts"() {
+    "use strict";
+    SEVERITY_WEIGHT = { critical: 20, warning: 8, info: 3 };
+  }
+});
+
+// src/cli.ts
+import { parseArgs } from "util";
+
+// src/server/index.ts
+import { Hono } from "hono";
+import path2 from "path";
+import fs2 from "fs";
+import os2 from "os";
+import { fileURLToPath } from "url";
+import { Pool } from "pg";
+
+// src/server/queries/overview.ts
+async function getOverview(pool) {
+  const client = await pool.connect();
+  try {
+    const version = await client.query("SHOW server_version");
+    const uptime = await client.query(
+      "SELECT now() - pg_postmaster_start_time() AS uptime"
+    );
+    const dbSize = await client.query(
+      "SELECT pg_size_pretty(pg_database_size(current_database())) AS size"
+    );
+    const dbCount = await client.query(
+      "SELECT count(*)::int AS count FROM pg_database WHERE NOT datistemplate"
+    );
+    const connections = await client.query(`
+      SELECT
+        (SELECT count(*)::int FROM pg_stat_activity WHERE state = 'active') AS active,
+        (SELECT count(*)::int FROM pg_stat_activity WHERE state = 'idle') AS idle,
+        (SELECT setting::int FROM pg_settings WHERE name = 'max_connections') AS max
+    `);
+    return {
+      version: version.rows[0].server_version,
+      uptime: uptime.rows[0].uptime,
+      dbSize: dbSize.rows[0].size,
+      databaseCount: dbCount.rows[0].count,
+      connections: connections.rows[0]
+    };
+  } finally {
+    client.release();
+  }
+}
+
+// src/server/queries/databases.ts
+async function getDatabases(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT datname AS name,
+        pg_size_pretty(pg_database_size(datname)) AS size,
+        pg_database_size(datname) AS size_bytes
+      FROM pg_database
+      WHERE NOT datistemplate
+      ORDER BY pg_database_size(datname) DESC
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+
+// src/server/queries/tables.ts
+async function getTables(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT
+        schemaname AS schema,
+        relname AS name,
+        pg_size_pretty(pg_total_relation_size(relid)) AS total_size,
+        pg_total_relation_size(relid) AS size_bytes,
+        n_live_tup AS rows,
+        n_dead_tup AS dead_tuples,
+        CASE WHEN n_live_tup > 0 
+          THEN round(n_dead_tup::numeric / n_live_tup * 100, 1) 
+          ELSE 0 END AS dead_pct
+      FROM pg_stat_user_tables
+      ORDER BY pg_total_relation_size(relid) DESC
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+
+// src/server/queries/activity.ts
+async function getActivity(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT
+        pid,
+        COALESCE(query, '') AS query,
+        COALESCE(state, 'unknown') AS state,
+        wait_event,
+        wait_event_type,
+        CASE WHEN state = 'active' THEN (now() - query_start)::text
+             WHEN state = 'idle in transaction' THEN (now() - state_change)::text
+             ELSE NULL END AS duration,
+        client_addr::text,
+        COALESCE(application_name, '') AS application_name,
+        backend_start::text
+      FROM pg_stat_activity
+      WHERE pid != pg_backend_pid()
+        AND state IS NOT NULL
+      ORDER BY
+        CASE state
+          WHEN 'active' THEN 1
+          WHEN 'idle in transaction' THEN 2
+          ELSE 3
+        END,
+        query_start ASC NULLS LAST
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+
+// src/server/queries/slow-queries.ts
+async function getSlowQueries(pool) {
+  const client = await pool.connect();
+  try {
+    const extCheck = await client.query(
+      "SELECT 1 FROM pg_extension WHERE extname = 'pg_stat_statements'"
+    );
+    if (extCheck.rows.length === 0) {
+      return [];
+    }
+    const r = await client.query(`
+      SELECT
+        queryid::text,
+        query,
+        calls::int,
+        total_exec_time AS total_time,
+        mean_exec_time AS mean_time,
+        rows::int,
+        round(total_exec_time::numeric / 1000, 2)::text || 's' AS total_time_pretty,
+        round(mean_exec_time::numeric, 2)::text || 'ms' AS mean_time_pretty
+      FROM pg_stat_statements
+      WHERE query NOT LIKE '%pg_stat%'
+        AND query NOT LIKE '%pg_catalog%'
+      ORDER BY total_exec_time DESC
+      LIMIT 50
+    `);
+    return r.rows;
+  } catch {
+    return [];
+  } finally {
+    client.release();
+  }
+}
+
+// src/server/index.ts
+init_advisor();
+
+// src/server/queries/schema.ts
+async function getSchemaTables(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT
+        c.relname AS name,
+        n.nspname AS schema,
+        pg_size_pretty(pg_total_relation_size(c.oid)) AS total_size,
+        pg_total_relation_size(c.oid) AS total_size_bytes,
+        pg_size_pretty(pg_relation_size(c.oid)) AS table_size,
+        pg_size_pretty(pg_total_relation_size(c.oid) - pg_relation_size(c.oid)) AS index_size,
+        s.n_live_tup AS row_count,
+        obj_description(c.oid) AS description
+      FROM pg_class c
+      JOIN pg_namespace n ON c.relnamespace = n.oid
+      LEFT JOIN pg_stat_user_tables s ON s.relid = c.oid
+      WHERE c.relkind = 'r' AND n.nspname NOT IN ('pg_catalog', 'information_schema')
+      ORDER BY pg_total_relation_size(c.oid) DESC
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+async function getSchemaTableDetail(pool, tableName) {
+  const client = await pool.connect();
+  try {
+    const parts = tableName.split(".");
+    const schema = parts.length > 1 ? parts[0] : "public";
+    const name = parts.length > 1 ? parts[1] : parts[0];
+    const tableInfo = await client.query(`
+      SELECT
+        c.relname AS name, n.nspname AS schema,
+        pg_size_pretty(pg_total_relation_size(c.oid)) AS total_size,
+        pg_size_pretty(pg_relation_size(c.oid)) AS table_size,
+        pg_size_pretty(pg_total_relation_size(c.oid) - pg_relation_size(c.oid)) AS index_size,
+        pg_size_pretty(pg_relation_size(c.reltoastrelid)) AS toast_size,
+        s.n_live_tup AS row_count, s.n_dead_tup AS dead_tuples,
+        s.last_vacuum, s.last_autovacuum, s.last_analyze, s.last_autoanalyze,
+        s.seq_scan, s.idx_scan
+      FROM pg_class c
+      JOIN pg_namespace n ON c.relnamespace = n.oid
+      LEFT JOIN pg_stat_user_tables s ON s.relid = c.oid
+      WHERE c.relname = $1 AND n.nspname = $2 AND c.relkind = 'r'
+    `, [name, schema]);
+    if (tableInfo.rows.length === 0) return null;
+    const columns = await client.query(`
+      SELECT
+        a.attname AS name,
+        pg_catalog.format_type(a.atttypid, a.atttypmod) AS type,
+        NOT a.attnotnull AS nullable,
+        pg_get_expr(d.adbin, d.adrelid) AS default_value,
+        col_description(a.attrelid, a.attnum) AS description
+      FROM pg_attribute a
+      LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
+      WHERE a.attrelid = (SELECT c.oid FROM pg_class c JOIN pg_namespace n ON c.relnamespace = n.oid WHERE c.relname = $1 AND n.nspname = $2)
+        AND a.attnum > 0 AND NOT a.attisdropped
+      ORDER BY a.attnum
+    `, [name, schema]);
+    const indexes = await client.query(`
+      SELECT
+        i.relname AS name,
+        am.amname AS type,
+        pg_size_pretty(pg_relation_size(i.oid)) AS size,
+        pg_get_indexdef(idx.indexrelid) AS definition,
+        idx.indisunique AS is_unique,
+        idx.indisprimary AS is_primary,
+        s.idx_scan, s.idx_tup_read, s.idx_tup_fetch
+      FROM pg_index idx
+      JOIN pg_class i ON idx.indexrelid = i.oid
+      JOIN pg_class t ON idx.indrelid = t.oid
+      JOIN pg_namespace n ON t.relnamespace = n.oid
+      JOIN pg_am am ON i.relam = am.oid
+      LEFT JOIN pg_stat_user_indexes s ON s.indexrelid = i.oid
+      WHERE t.relname = $1 AND n.nspname = $2
+      ORDER BY i.relname
+    `, [name, schema]);
+    const constraints = await client.query(`
+      SELECT
+        conname AS name,
+        CASE contype WHEN 'p' THEN 'PRIMARY KEY' WHEN 'f' THEN 'FOREIGN KEY'
+          WHEN 'u' THEN 'UNIQUE' WHEN 'c' THEN 'CHECK' WHEN 'x' THEN 'EXCLUDE' END AS type,
+        pg_get_constraintdef(oid) AS definition
+      FROM pg_constraint
+      WHERE conrelid = (SELECT c.oid FROM pg_class c JOIN pg_namespace n ON c.relnamespace = n.oid WHERE c.relname = $1 AND n.nspname = $2)
+      ORDER BY
+        CASE contype WHEN 'p' THEN 1 WHEN 'u' THEN 2 WHEN 'f' THEN 3 WHEN 'c' THEN 4 ELSE 5 END
+    `, [name, schema]);
+    const foreignKeys = await client.query(`
+      SELECT
+        conname AS name,
+        a.attname AS column_name,
+        confrelid::regclass::text AS referenced_table,
+        af.attname AS referenced_column
+      FROM pg_constraint c
+      JOIN pg_attribute a ON a.attrelid = c.conrelid AND a.attnum = ANY(c.conkey)
+      JOIN pg_attribute af ON af.attrelid = c.confrelid AND af.attnum = ANY(c.confkey)
+      WHERE c.contype = 'f'
+        AND c.conrelid = (SELECT cl.oid FROM pg_class cl JOIN pg_namespace n ON cl.relnamespace = n.oid WHERE cl.relname = $1 AND n.nspname = $2)
+    `, [name, schema]);
+    let sampleData = [];
+    try {
+      const sample = await client.query(
+        `SELECT * FROM ${client.escapeIdentifier(schema)}.${client.escapeIdentifier(name)} LIMIT 10`
+      );
+      sampleData = sample.rows;
+    } catch (err) {
+      console.error("[schema] Error:", err.message);
+    }
+    return {
+      ...tableInfo.rows[0],
+      columns: columns.rows,
+      indexes: indexes.rows,
+      constraints: constraints.rows,
+      foreignKeys: foreignKeys.rows,
+      sampleData
+    };
+  } finally {
+    client.release();
+  }
+}
+async function getSchemaIndexes(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT
+        n.nspname AS schema,
+        t.relname AS table_name,
+        i.relname AS name,
+        am.amname AS type,
+        pg_size_pretty(pg_relation_size(i.oid)) AS size,
+        pg_relation_size(i.oid) AS size_bytes,
+        pg_get_indexdef(idx.indexrelid) AS definition,
+        idx.indisunique AS is_unique,
+        idx.indisprimary AS is_primary,
+        s.idx_scan, s.idx_tup_read, s.idx_tup_fetch
+      FROM pg_index idx
+      JOIN pg_class i ON idx.indexrelid = i.oid
+      JOIN pg_class t ON idx.indrelid = t.oid
+      JOIN pg_namespace n ON t.relnamespace = n.oid
+      JOIN pg_am am ON i.relam = am.oid
+      LEFT JOIN pg_stat_user_indexes s ON s.indexrelid = i.oid
+      WHERE n.nspname NOT IN ('pg_catalog', 'information_schema')
+      ORDER BY pg_relation_size(i.oid) DESC
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+async function getSchemaFunctions(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT
+        n.nspname AS schema,
+        p.proname AS name,
+        pg_get_function_result(p.oid) AS return_type,
+        pg_get_function_arguments(p.oid) AS arguments,
+        l.lanname AS language,
+        p.prosrc AS source,
+        CASE p.prokind WHEN 'f' THEN 'function' WHEN 'p' THEN 'procedure' WHEN 'a' THEN 'aggregate' WHEN 'w' THEN 'window' END AS kind
+      FROM pg_proc p
+      JOIN pg_namespace n ON p.pronamespace = n.oid
+      JOIN pg_language l ON p.prolang = l.oid
+      WHERE n.nspname NOT IN ('pg_catalog', 'information_schema')
+      ORDER BY n.nspname, p.proname
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+async function getSchemaExtensions(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT extname AS name, extversion AS installed_version,
+        n.nspname AS schema, obj_description(e.oid) AS description
+      FROM pg_extension e
+      JOIN pg_namespace n ON e.extnamespace = n.oid
+      ORDER BY extname
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+async function getSchemaEnums(pool) {
+  const client = await pool.connect();
+  try {
+    const r = await client.query(`
+      SELECT
+        t.typname AS name,
+        n.nspname AS schema,
+        array_agg(e.enumlabel ORDER BY e.enumsortorder) AS values
+      FROM pg_type t
+      JOIN pg_namespace n ON t.typnamespace = n.oid
+      JOIN pg_enum e ON t.oid = e.enumtypid
+      WHERE n.nspname NOT IN ('pg_catalog', 'information_schema')
+      GROUP BY t.typname, n.nspname
+      ORDER BY t.typname
+    `);
+    return r.rows;
+  } finally {
+    client.release();
+  }
+}
+
+// src/server/timeseries.ts
+import Database from "better-sqlite3";
+import path from "path";
+import os from "os";
+import fs from "fs";
+var DEFAULT_DIR = path.join(os.homedir(), ".pg-dash");
+var DEFAULT_RETENTION_DAYS = 7;
+var TimeseriesStore = class {
+  db;
+  insertStmt;
+  retentionMs;
+  constructor(dataDir, retentionDays = DEFAULT_RETENTION_DAYS) {
+    const dir = dataDir || DEFAULT_DIR;
+    fs.mkdirSync(dir, { recursive: true });
+    const dbPath = path.join(dir, "metrics.db");
+    this.db = new Database(dbPath);
+    this.retentionMs = retentionDays * 24 * 60 * 60 * 1e3;
+    this.db.pragma("journal_mode = WAL");
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS metrics (
+        timestamp INTEGER NOT NULL,
+        metric TEXT NOT NULL,
+        value REAL NOT NULL
+      );
+      CREATE INDEX IF NOT EXISTS idx_metrics_metric_ts ON metrics(metric, timestamp);
+    `);
+    this.insertStmt = this.db.prepare(
+      "INSERT INTO metrics (timestamp, metric, value) VALUES (?, ?, ?)"
+    );
+  }
+  insert(metric, value, timestamp) {
+    this.insertStmt.run(timestamp ?? Date.now(), metric, value);
+  }
+  insertMany(points) {
+    const tx = this.db.transaction((pts) => {
+      for (const p of pts) {
+        this.insertStmt.run(p.timestamp, p.metric, p.value);
+      }
+    });
+    tx(points);
+  }
+  query(metric, startMs, endMs) {
+    const end = endMs ?? Date.now();
+    return this.db.prepare(
+      "SELECT timestamp, value FROM metrics WHERE metric = ? AND timestamp >= ? AND timestamp <= ? ORDER BY timestamp"
+    ).all(metric, startMs, end);
+  }
+  latest(metrics) {
+    const result = {};
+    if (metrics && metrics.length > 0) {
+      const placeholders = metrics.map(() => "?").join(",");
+      const rows = this.db.prepare(
+        `SELECT m.metric, m.timestamp, m.value FROM metrics m INNER JOIN (SELECT metric, MAX(timestamp) as max_ts FROM metrics WHERE metric IN (${placeholders}) GROUP BY metric) g ON m.metric = g.metric AND m.timestamp = g.max_ts`
+      ).all(...metrics);
+      for (const r of rows) result[r.metric] = { timestamp: r.timestamp, value: r.value };
+    } else {
+      const rows = this.db.prepare(
+        "SELECT m.metric, m.timestamp, m.value FROM metrics m INNER JOIN (SELECT metric, MAX(timestamp) as max_ts FROM metrics GROUP BY metric) g ON m.metric = g.metric AND m.timestamp = g.max_ts"
+      ).all();
+      for (const r of rows) result[r.metric] = { timestamp: r.timestamp, value: r.value };
+    }
+    return result;
+  }
+  prune() {
+    const cutoff = Date.now() - this.retentionMs;
+    const info = this.db.prepare("DELETE FROM metrics WHERE timestamp < ?").run(cutoff);
+    return info.changes;
+  }
+  close() {
+    this.db.close();
+  }
+};
+
+// src/server/collector.ts
+var Collector = class {
+  constructor(pool, store, intervalMs = 3e4) {
+    this.pool = pool;
+    this.store = store;
+    this.intervalMs = intervalMs;
+  }
+  timer = null;
+  prev = null;
+  lastSnapshot = {};
+  start() {
+    this.collect().catch((err) => console.error("[collector] Initial collection failed:", err));
+    this.timer = setInterval(() => {
+      this.collect().catch((err) => console.error("[collector] Collection failed:", err));
+    }, this.intervalMs);
+    setInterval(() => this.store.prune(), 60 * 60 * 1e3);
+  }
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+  }
+  getLastSnapshot() {
+    return { ...this.lastSnapshot };
+  }
+  async collect() {
+    const now = Date.now();
+    const snapshot = {};
+    try {
+      const client = await this.pool.connect();
+      try {
+        const connRes = await client.query(`
+          SELECT
+            count(*) FILTER (WHERE state = 'active')::int AS active,
+            count(*) FILTER (WHERE state = 'idle')::int AS idle,
+            count(*)::int AS total
+          FROM pg_stat_activity
+        `);
+        const conn = connRes.rows[0];
+        snapshot.connections_active = conn.active;
+        snapshot.connections_idle = conn.idle;
+        snapshot.connections_total = conn.total;
+        const dbRes = await client.query(`
+          SELECT
+            xact_commit, xact_rollback, deadlocks, temp_bytes,
+            tup_inserted, tup_updated, tup_deleted,
+            CASE WHEN (blks_hit + blks_read) = 0 THEN 1
+              ELSE blks_hit::float / (blks_hit + blks_read) END AS cache_ratio,
+            pg_database_size(current_database()) AS db_size
+          FROM pg_stat_database WHERE datname = current_database()
+        `);
+        const db = dbRes.rows[0];
+        if (db) {
+          snapshot.cache_hit_ratio = parseFloat(db.cache_ratio);
+          snapshot.db_size_bytes = parseInt(db.db_size);
+          const cur = {
+            timestamp: now,
+            xact_commit: parseInt(db.xact_commit),
+            xact_rollback: parseInt(db.xact_rollback),
+            deadlocks: parseInt(db.deadlocks),
+            temp_bytes: parseInt(db.temp_bytes),
+            tup_inserted: parseInt(db.tup_inserted),
+            tup_updated: parseInt(db.tup_updated),
+            tup_deleted: parseInt(db.tup_deleted)
+          };
+          if (this.prev) {
+            const dtSec = (now - this.prev.timestamp) / 1e3;
+            if (dtSec > 0) {
+              snapshot.tps_commit = Math.max(0, (cur.xact_commit - this.prev.xact_commit) / dtSec);
+              snapshot.tps_rollback = Math.max(0, (cur.xact_rollback - this.prev.xact_rollback) / dtSec);
+              snapshot.deadlocks = Math.max(0, cur.deadlocks - this.prev.deadlocks);
+              snapshot.temp_bytes = Math.max(0, cur.temp_bytes - this.prev.temp_bytes);
+              snapshot.tuple_inserted = Math.max(0, (cur.tup_inserted - this.prev.tup_inserted) / dtSec);
+              snapshot.tuple_updated = Math.max(0, (cur.tup_updated - this.prev.tup_updated) / dtSec);
+              snapshot.tuple_deleted = Math.max(0, (cur.tup_deleted - this.prev.tup_deleted) / dtSec);
+            }
+          }
+          this.prev = cur;
+        }
+        try {
+          const repRes = await client.query(`
+            SELECT CASE WHEN pg_is_in_recovery() 
+              THEN pg_wal_lsn_diff(pg_last_wal_receive_lsn(), pg_last_wal_replay_lsn())
+              ELSE 0 END AS lag_bytes
+          `);
+          snapshot.replication_lag_bytes = parseInt(repRes.rows[0]?.lag_bytes ?? "0");
+        } catch {
+          snapshot.replication_lag_bytes = 0;
+        }
+      } finally {
+        client.release();
+      }
+    } catch (err) {
+      console.error("[collector] Error collecting metrics:", err.message);
+      return snapshot;
+    }
+    const points = Object.entries(snapshot).map(([metric, value]) => ({
+      timestamp: now,
+      metric,
+      value
+    }));
+    if (points.length > 0) {
+      this.store.insertMany(points);
+    }
+    this.lastSnapshot = snapshot;
+    return snapshot;
+  }
+};
+
+// src/server/schema-diff.ts
+function diffSnapshots(oldSnap, newSnap) {
+  const changes = [];
+  const oldTableMap = new Map(oldSnap.tables.map((t) => [`${t.schema}.${t.name}`, t]));
+  const newTableMap = new Map(newSnap.tables.map((t) => [`${t.schema}.${t.name}`, t]));
+  for (const [key, t] of newTableMap) {
+    if (!oldTableMap.has(key)) {
+      changes.push({ change_type: "added", object_type: "table", table_name: key, detail: `Table ${key} added` });
+    }
+  }
+  for (const [key] of oldTableMap) {
+    if (!newTableMap.has(key)) {
+      changes.push({ change_type: "removed", object_type: "table", table_name: key, detail: `Table ${key} removed` });
+    }
+  }
+  for (const [key, newTable] of newTableMap) {
+    const oldTable = oldTableMap.get(key);
+    if (!oldTable) continue;
+    const oldCols = new Map(oldTable.columns.map((c) => [c.name, c]));
+    const newCols = new Map(newTable.columns.map((c) => [c.name, c]));
+    for (const [name, col] of newCols) {
+      const oldCol = oldCols.get(name);
+      if (!oldCol) {
+        changes.push({ change_type: "added", object_type: "column", table_name: key, detail: `Column ${name} added (${col.type})` });
+      } else {
+        if (oldCol.type !== col.type) {
+          changes.push({ change_type: "modified", object_type: "column", table_name: key, detail: `Column ${name} type changed: ${oldCol.type} \u2192 ${col.type}` });
+        }
+        if (oldCol.nullable !== col.nullable) {
+          changes.push({ change_type: "modified", object_type: "column", table_name: key, detail: `Column ${name} nullable changed: ${oldCol.nullable} \u2192 ${col.nullable}` });
+        }
+        if (oldCol.default_value !== col.default_value) {
+          changes.push({ change_type: "modified", object_type: "column", table_name: key, detail: `Column ${name} default changed: ${oldCol.default_value ?? "NULL"} \u2192 ${col.default_value ?? "NULL"}` });
+        }
+      }
+    }
+    for (const name of oldCols.keys()) {
+      if (!newCols.has(name)) {
+        changes.push({ change_type: "removed", object_type: "column", table_name: key, detail: `Column ${name} removed` });
+      }
+    }
+    const oldIdx = new Map(oldTable.indexes.map((i) => [i.name, i]));
+    const newIdx = new Map(newTable.indexes.map((i) => [i.name, i]));
+    for (const [name, idx] of newIdx) {
+      if (!oldIdx.has(name)) {
+        changes.push({ change_type: "added", object_type: "index", table_name: key, detail: `Index ${name} added` });
+      } else if (oldIdx.get(name).definition !== idx.definition) {
+        changes.push({ change_type: "modified", object_type: "index", table_name: key, detail: `Index ${name} definition changed` });
+      }
+    }
+    for (const name of oldIdx.keys()) {
+      if (!newIdx.has(name)) {
+        changes.push({ change_type: "removed", object_type: "index", table_name: key, detail: `Index ${name} removed` });
+      }
+    }
+    const oldCon = new Map(oldTable.constraints.map((c) => [c.name, c]));
+    const newCon = new Map(newTable.constraints.map((c) => [c.name, c]));
+    for (const [name, con] of newCon) {
+      if (!oldCon.has(name)) {
+        changes.push({ change_type: "added", object_type: "constraint", table_name: key, detail: `Constraint ${name} added (${con.type})` });
+      } else if (oldCon.get(name).definition !== con.definition) {
+        changes.push({ change_type: "modified", object_type: "constraint", table_name: key, detail: `Constraint ${name} definition changed` });
+      }
+    }
+    for (const name of oldCon.keys()) {
+      if (!newCon.has(name)) {
+        changes.push({ change_type: "removed", object_type: "constraint", table_name: key, detail: `Constraint ${name} removed` });
+      }
+    }
+  }
+  const oldEnums = new Map((oldSnap.enums || []).map((e) => [`${e.schema}.${e.name}`, e]));
+  const newEnums = new Map((newSnap.enums || []).map((e) => [`${e.schema}.${e.name}`, e]));
+  for (const [key, en] of newEnums) {
+    const oldEn = oldEnums.get(key);
+    if (!oldEn) {
+      changes.push({ change_type: "added", object_type: "enum", table_name: null, detail: `Enum ${key} added (${en.values.join(", ")})` });
+    } else {
+      const added = en.values.filter((v) => !oldEn.values.includes(v));
+      const removed = oldEn.values.filter((v) => !en.values.includes(v));
+      for (const v of added) {
+        changes.push({ change_type: "modified", object_type: "enum", table_name: null, detail: `Enum ${key}: value '${v}' added` });
+      }
+      for (const v of removed) {
+        changes.push({ change_type: "modified", object_type: "enum", table_name: null, detail: `Enum ${key}: value '${v}' removed` });
+      }
+    }
+  }
+  for (const key of oldEnums.keys()) {
+    if (!newEnums.has(key)) {
+      changes.push({ change_type: "removed", object_type: "enum", table_name: null, detail: `Enum ${key} removed` });
+    }
+  }
+  return changes;
+}
+
+// src/server/schema-tracker.ts
+var SchemaTracker = class {
+  db;
+  pool;
+  intervalMs;
+  timer = null;
+  constructor(db, pool, intervalMs = 6 * 60 * 60 * 1e3) {
+    this.db = db;
+    this.pool = pool;
+    this.intervalMs = intervalMs;
+    this.initTables();
+  }
+  initTables() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS schema_snapshots (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        timestamp INTEGER NOT NULL,
+        snapshot TEXT NOT NULL
+      );
+      CREATE TABLE IF NOT EXISTS schema_changes (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        snapshot_id INTEGER NOT NULL,
+        timestamp INTEGER NOT NULL,
+        change_type TEXT NOT NULL,
+        object_type TEXT NOT NULL,
+        table_name TEXT,
+        detail TEXT NOT NULL,
+        FOREIGN KEY (snapshot_id) REFERENCES schema_snapshots(id)
+      );
+    `);
+  }
+  async takeSnapshot() {
+    const snapshot = await this.buildSnapshot();
+    const now = Date.now();
+    const json = JSON.stringify(snapshot);
+    const info = this.db.prepare("INSERT INTO schema_snapshots (timestamp, snapshot) VALUES (?, ?)").run(now, json);
+    const snapshotId = Number(info.lastInsertRowid);
+    const prev = this.db.prepare("SELECT snapshot FROM schema_snapshots WHERE id < ? ORDER BY id DESC LIMIT 1").get(snapshotId);
+    let changes = [];
+    if (prev) {
+      const oldSnap = JSON.parse(prev.snapshot);
+      changes = diffSnapshots(oldSnap, snapshot);
+      if (changes.length > 0) {
+        const insert = this.db.prepare("INSERT INTO schema_changes (snapshot_id, timestamp, change_type, object_type, table_name, detail) VALUES (?, ?, ?, ?, ?, ?)");
+        const tx = this.db.transaction((chs) => {
+          for (const c of chs) {
+            insert.run(snapshotId, now, c.change_type, c.object_type, c.table_name, c.detail);
+          }
+        });
+        tx(changes);
+      }
+    }
+    return { snapshotId, changes };
+  }
+  async buildSnapshot() {
+    const tables = await getSchemaTables(this.pool);
+    const enums = await getSchemaEnums(this.pool);
+    const detailedTables = await Promise.all(
+      tables.map(async (t) => {
+        const detail = await getSchemaTableDetail(this.pool, `${t.schema}.${t.name}`);
+        if (!detail) return null;
+        return {
+          name: detail.name,
+          schema: detail.schema,
+          columns: detail.columns.map((c) => ({
+            name: c.name,
+            type: c.type,
+            nullable: c.nullable,
+            default_value: c.default_value
+          })),
+          indexes: detail.indexes.map((i) => ({
+            name: i.name,
+            definition: i.definition,
+            is_unique: i.is_unique,
+            is_primary: i.is_primary
+          })),
+          constraints: detail.constraints.map((c) => ({
+            name: c.name,
+            type: c.type,
+            definition: c.definition
+          }))
+        };
+      })
+    );
+    return {
+      tables: detailedTables.filter(Boolean),
+      enums: enums.map((e) => ({ name: e.name, schema: e.schema, values: e.values }))
+    };
+  }
+  start() {
+    this.takeSnapshot().catch((err) => console.error("Schema snapshot error:", err.message));
+    this.timer = setInterval(() => {
+      this.takeSnapshot().catch((err) => console.error("Schema snapshot error:", err.message));
+    }, this.intervalMs);
+  }
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+  }
+  // API helpers
+  getHistory(limit = 30) {
+    return this.db.prepare("SELECT id, timestamp FROM schema_snapshots ORDER BY id DESC LIMIT ?").all(limit);
+  }
+  getChanges(since) {
+    if (since) {
+      return this.db.prepare("SELECT * FROM schema_changes WHERE timestamp >= ? ORDER BY timestamp DESC").all(since);
+    }
+    return this.db.prepare("SELECT * FROM schema_changes ORDER BY timestamp DESC LIMIT 100").all();
+  }
+  getLatestChanges() {
+    const latest = this.db.prepare("SELECT id FROM schema_snapshots ORDER BY id DESC LIMIT 1").get();
+    if (!latest) return [];
+    return this.db.prepare("SELECT * FROM schema_changes WHERE snapshot_id = ? ORDER BY id").all(latest.id);
+  }
+  getDiff(fromId, toId) {
+    const from = this.db.prepare("SELECT snapshot FROM schema_snapshots WHERE id = ?").get(fromId);
+    const to = this.db.prepare("SELECT snapshot FROM schema_snapshots WHERE id = ?").get(toId);
+    if (!from || !to) return null;
+    return diffSnapshots(JSON.parse(from.snapshot), JSON.parse(to.snapshot));
+  }
+};
+
+// src/server/alerts.ts
+var DEFAULT_RULES = [
+  { name: "Connection utilization > 80%", metric: "connection_util", operator: "gt", threshold: 80, severity: "warning", enabled: 1, cooldown_minutes: 60 },
+  { name: "Connection utilization > 90%", metric: "connection_util", operator: "gt", threshold: 90, severity: "critical", enabled: 1, cooldown_minutes: 30 },
+  { name: "Cache hit ratio < 99%", metric: "cache_hit_pct", operator: "lt", threshold: 99, severity: "warning", enabled: 1, cooldown_minutes: 60 },
+  { name: "Cache hit ratio < 95%", metric: "cache_hit_pct", operator: "lt", threshold: 95, severity: "critical", enabled: 1, cooldown_minutes: 30 },
+  { name: "Long-running query > 5 min", metric: "long_query_count", operator: "gt", threshold: 0, severity: "warning", enabled: 1, cooldown_minutes: 15 },
+  { name: "Idle in transaction > 10 min", metric: "idle_in_tx_count", operator: "gt", threshold: 0, severity: "warning", enabled: 1, cooldown_minutes: 15 },
+  { name: "Health score below D", metric: "health_score", operator: "lt", threshold: 50, severity: "warning", enabled: 1, cooldown_minutes: 120 }
+];
+var AlertManager = class {
+  db;
+  webhookUrl;
+  constructor(db, webhookUrl) {
+    this.db = db;
+    this.webhookUrl = webhookUrl || null;
+    this.initTables();
+  }
+  initTables() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS alert_rules (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        name TEXT NOT NULL,
+        metric TEXT NOT NULL,
+        operator TEXT NOT NULL,
+        threshold REAL NOT NULL,
+        severity TEXT NOT NULL DEFAULT 'warning',
+        enabled INTEGER DEFAULT 1,
+        cooldown_minutes INTEGER DEFAULT 60
+      );
+      CREATE TABLE IF NOT EXISTS alert_history (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        rule_id INTEGER NOT NULL,
+        timestamp INTEGER NOT NULL,
+        value REAL NOT NULL,
+        message TEXT NOT NULL,
+        notified INTEGER DEFAULT 0,
+        FOREIGN KEY (rule_id) REFERENCES alert_rules(id)
+      );
+    `);
+    const count = this.db.prepare("SELECT COUNT(*) as c FROM alert_rules").get().c;
+    if (count === 0) {
+      const insert = this.db.prepare("INSERT INTO alert_rules (name, metric, operator, threshold, severity, enabled, cooldown_minutes) VALUES (?, ?, ?, ?, ?, ?, ?)");
+      const tx = this.db.transaction(() => {
+        for (const r of DEFAULT_RULES) {
+          insert.run(r.name, r.metric, r.operator, r.threshold, r.severity, r.enabled, r.cooldown_minutes);
+        }
+      });
+      tx();
+    }
+  }
+  getRules() {
+    return this.db.prepare("SELECT * FROM alert_rules ORDER BY id").all();
+  }
+  addRule(rule) {
+    const info = this.db.prepare("INSERT INTO alert_rules (name, metric, operator, threshold, severity, enabled, cooldown_minutes) VALUES (?, ?, ?, ?, ?, ?, ?)").run(
+      rule.name,
+      rule.metric,
+      rule.operator,
+      rule.threshold,
+      rule.severity,
+      rule.enabled ?? 1,
+      rule.cooldown_minutes ?? 60
+    );
+    return { ...rule, id: Number(info.lastInsertRowid) };
+  }
+  updateRule(id, updates) {
+    const existing = this.db.prepare("SELECT * FROM alert_rules WHERE id = ?").get(id);
+    if (!existing) return false;
+    const merged = { ...existing, ...updates };
+    this.db.prepare("UPDATE alert_rules SET name=?, metric=?, operator=?, threshold=?, severity=?, enabled=?, cooldown_minutes=? WHERE id=?").run(
+      merged.name,
+      merged.metric,
+      merged.operator,
+      merged.threshold,
+      merged.severity,
+      merged.enabled,
+      merged.cooldown_minutes,
+      id
+    );
+    return true;
+  }
+  deleteRule(id) {
+    const info = this.db.prepare("DELETE FROM alert_rules WHERE id = ?").run(id);
+    return info.changes > 0;
+  }
+  getHistory(limit = 50) {
+    return this.db.prepare("SELECT * FROM alert_history ORDER BY timestamp DESC LIMIT ?").all(limit);
+  }
+  /**
+   * Check all enabled rules against current metric values.
+   * `metrics` is a map of metric name → current value.
+   */
+  checkAlerts(metrics) {
+    const rules = this.db.prepare("SELECT * FROM alert_rules WHERE enabled = 1").all();
+    const fired = [];
+    const now = Date.now();
+    for (const rule of rules) {
+      const value = metrics[rule.metric];
+      if (value === void 0) continue;
+      const triggered = this.evaluateRule(rule, value);
+      if (!triggered) continue;
+      const lastAlert = this.db.prepare(
+        "SELECT timestamp FROM alert_history WHERE rule_id = ? ORDER BY timestamp DESC LIMIT 1"
+      ).get(rule.id);
+      if (lastAlert && now - lastAlert.timestamp < rule.cooldown_minutes * 60 * 1e3) {
+        continue;
+      }
+      const message = `${rule.name}: ${rule.metric} = ${value} (threshold: ${rule.operator} ${rule.threshold})`;
+      const info = this.db.prepare("INSERT INTO alert_history (rule_id, timestamp, value, message, notified) VALUES (?, ?, ?, ?, 0)").run(
+        rule.id,
+        now,
+        value,
+        message
+      );
+      const entry = { id: Number(info.lastInsertRowid), rule_id: rule.id, timestamp: now, value, message, notified: 0 };
+      fired.push(entry);
+      const icon = rule.severity === "critical" ? "\u{1F534}" : rule.severity === "warning" ? "\u{1F7E1}" : "\u{1F535}";
+      console.log(`[alert] ${icon} ${message}`);
+      if (this.webhookUrl) {
+        this.sendWebhook(rule, entry).catch((err) => console.error("[alert] Webhook failed:", err.message));
+      }
+    }
+    return fired;
+  }
+  evaluateRule(rule, value) {
+    switch (rule.operator) {
+      case "gt":
+        return value > rule.threshold;
+      case "lt":
+        return value < rule.threshold;
+      case "eq":
+        return value === rule.threshold;
+      default:
+        return false;
+    }
+  }
+  async sendWebhook(rule, entry) {
+    if (!this.webhookUrl) return;
+    try {
+      await fetch(this.webhookUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          severity: rule.severity,
+          rule: rule.name,
+          metric: rule.metric,
+          value: entry.value,
+          message: entry.message,
+          timestamp: entry.timestamp
+        })
+      });
+      this.db.prepare("UPDATE alert_history SET notified = 1 WHERE id = ?").run(entry.id);
+    } catch (err) {
+      console.error("[alert] Webhook error:", err.message);
+    }
+  }
+};
+
+// src/server/index.ts
+import Database2 from "better-sqlite3";
+import { WebSocketServer, WebSocket } from "ws";
+import http from "http";
+var __dirname = path2.dirname(fileURLToPath(import.meta.url));
+var RANGE_MAP = {
+  "5m": 5 * 60 * 1e3,
+  "15m": 15 * 60 * 1e3,
+  "1h": 60 * 60 * 1e3,
+  "6h": 6 * 60 * 60 * 1e3,
+  "24h": 24 * 60 * 60 * 1e3,
+  "7d": 7 * 24 * 60 * 60 * 1e3
+};
+async function startServer(opts) {
+  const pool = new Pool({ connectionString: opts.connectionString });
+  try {
+    const client = await pool.connect();
+    client.release();
+  } catch (err) {
+    console.error(`Failed to connect to PostgreSQL: ${err.message}`);
+    process.exit(1);
+  }
+  if (opts.json) {
+    try {
+      const [overview, advisor, databases, tables] = await Promise.all([
+        getOverview(pool),
+        getAdvisorReport(pool),
+        getDatabases(pool),
+        getTables(pool)
+      ]);
+      console.log(JSON.stringify({ overview, advisor, databases, tables }, null, 2));
+    } catch (err) {
+      console.error(JSON.stringify({ error: err.message }));
+      process.exit(1);
+    }
+    await pool.end();
+    process.exit(0);
+  }
+  const dataDir = opts.dataDir || path2.join(os2.homedir(), ".pg-dash");
+  fs2.mkdirSync(dataDir, { recursive: true });
+  const store = new TimeseriesStore(opts.dataDir, opts.retentionDays);
+  const intervalMs = (opts.interval || 30) * 1e3;
+  const longQueryThreshold = opts.longQueryThreshold || 5;
+  const collector = new Collector(pool, store, intervalMs);
+  console.log(`  Collecting metrics every ${intervalMs / 1e3}s...`);
+  collector.start();
+  const schemaDbPath = path2.join(dataDir, "schema.db");
+  const schemaDb = new Database2(schemaDbPath);
+  schemaDb.pragma("journal_mode = WAL");
+  const snapshotIntervalMs = (opts.snapshotInterval || 6) * 60 * 60 * 1e3;
+  const schemaTracker = new SchemaTracker(schemaDb, pool, snapshotIntervalMs);
+  schemaTracker.start();
+  console.log("  Schema change tracking enabled");
+  const alertsDbPath = path2.join(dataDir, "alerts.db");
+  const alertsDb = new Database2(alertsDbPath);
+  alertsDb.pragma("journal_mode = WAL");
+  const alertManager = new AlertManager(alertsDb, opts.webhook);
+  console.log("  Alert monitoring enabled");
+  const app = new Hono();
+  if (opts.auth || opts.token) {
+    app.use("*", async (c, next) => {
+      const authHeader = c.req.header("authorization") || "";
+      if (opts.token) {
+        if (authHeader === `Bearer ${opts.token}`) return next();
+      }
+      if (opts.auth) {
+        const [user, pass] = opts.auth.split(":");
+        const expected = "Basic " + Buffer.from(`${user}:${pass}`).toString("base64");
+        if (authHeader === expected) return next();
+      }
+      const url = new URL(c.req.url, "http://localhost");
+      if (opts.token && url.searchParams.get("token") === opts.token) return next();
+      if (opts.auth) {
+        c.header("WWW-Authenticate", 'Basic realm="pg-dash"');
+      }
+      return c.text("Unauthorized", 401);
+    });
+  }
+  app.get("/api/overview", async (c) => {
+    try {
+      return c.json(await getOverview(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/databases", async (c) => {
+    try {
+      return c.json(await getDatabases(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/tables", async (c) => {
+    try {
+      return c.json(await getTables(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/metrics", (c) => {
+    try {
+      const metric = c.req.query("metric");
+      const range = c.req.query("range") || "1h";
+      if (!metric) return c.json({ error: "metric param required" }, 400);
+      const rangeMs = RANGE_MAP[range] || RANGE_MAP["1h"];
+      const now = Date.now();
+      const data = store.query(metric, now - rangeMs, now);
+      return c.json(data);
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/metrics/latest", (_c) => {
+    try {
+      const snapshot = collector.getLastSnapshot();
+      return _c.json(snapshot);
+    } catch (err) {
+      return _c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/activity", async (c) => {
+    try {
+      return c.json(await getActivity(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/queries", async (c) => {
+    try {
+      return c.json(await getSlowQueries(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.post("/api/activity/:pid/cancel", async (c) => {
+    try {
+      const pid = parseInt(c.req.param("pid"));
+      const client = await pool.connect();
+      try {
+        await client.query("SELECT pg_cancel_backend($1)", [pid]);
+        return c.json({ ok: true });
+      } finally {
+        client.release();
+      }
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/advisor", async (c) => {
+    try {
+      return c.json(await getAdvisorReport(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.post("/api/fix", async (c) => {
+    try {
+      const body = await c.req.json();
+      const sql = body?.sql?.trim();
+      if (!sql) return c.json({ error: "sql field required" }, 400);
+      if (!isSafeFix(sql)) return c.json({ error: "Operation not allowed. Only VACUUM, ANALYZE, REINDEX, CREATE/DROP INDEX CONCURRENTLY, pg_terminate_backend, pg_cancel_backend, and EXPLAIN ANALYZE are permitted." }, 403);
+      const client = await pool.connect();
+      try {
+        const start = Date.now();
+        const result = await client.query(sql);
+        const duration = Date.now() - start;
+        return c.json({ ok: true, duration, rowCount: result.rowCount, rows: result.rows || [] });
+      } finally {
+        client.release();
+      }
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/tables", async (c) => {
+    try {
+      return c.json(await getSchemaTables(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/tables/:name", async (c) => {
+    try {
+      const name = c.req.param("name");
+      const detail = await getSchemaTableDetail(pool, name);
+      if (!detail) return c.json({ error: "Table not found" }, 404);
+      return c.json(detail);
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/indexes", async (c) => {
+    try {
+      return c.json(await getSchemaIndexes(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/functions", async (c) => {
+    try {
+      return c.json(await getSchemaFunctions(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/extensions", async (c) => {
+    try {
+      return c.json(await getSchemaExtensions(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/enums", async (c) => {
+    try {
+      return c.json(await getSchemaEnums(pool));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/history", (c) => {
+    try {
+      const limit = parseInt(c.req.query("limit") || "30");
+      return c.json(schemaTracker.getHistory(limit));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/changes", (c) => {
+    try {
+      const since = c.req.query("since");
+      return c.json(schemaTracker.getChanges(since ? parseInt(since) : void 0));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/changes/latest", (c) => {
+    try {
+      return c.json(schemaTracker.getLatestChanges());
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/schema/diff", (c) => {
+    try {
+      const from = parseInt(c.req.query("from") || "0");
+      const to = parseInt(c.req.query("to") || "0");
+      if (!from || !to) return c.json({ error: "from and to params required" }, 400);
+      const diff = schemaTracker.getDiff(from, to);
+      if (!diff) return c.json({ error: "Snapshot not found" }, 404);
+      return c.json(diff);
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.post("/api/schema/snapshot", async (c) => {
+    try {
+      const result = await schemaTracker.takeSnapshot();
+      return c.json(result);
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/alerts/rules", (c) => {
+    try {
+      return c.json(alertManager.getRules());
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.post("/api/alerts/rules", async (c) => {
+    try {
+      const body = await c.req.json();
+      const rule = alertManager.addRule(body);
+      return c.json(rule, 201);
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.put("/api/alerts/rules/:id", async (c) => {
+    try {
+      const id = parseInt(c.req.param("id"));
+      const body = await c.req.json();
+      const ok = alertManager.updateRule(id, body);
+      if (!ok) return c.json({ error: "Rule not found" }, 404);
+      return c.json({ ok: true });
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.delete("/api/alerts/rules/:id", (c) => {
+    try {
+      const id = parseInt(c.req.param("id"));
+      const ok = alertManager.deleteRule(id);
+      if (!ok) return c.json({ error: "Rule not found" }, 404);
+      return c.json({ ok: true });
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  app.get("/api/alerts/history", (c) => {
+    try {
+      const limit = parseInt(c.req.query("limit") || "50");
+      return c.json(alertManager.getHistory(limit));
+    } catch (err) {
+      return c.json({ error: err.message }, 500);
+    }
+  });
+  const uiPath = path2.resolve(__dirname, "ui");
+  const MIME_TYPES = {
+    ".html": "text/html",
+    ".js": "application/javascript",
+    ".css": "text/css",
+    ".json": "application/json",
+    ".png": "image/png",
+    ".jpg": "image/jpeg",
+    ".svg": "image/svg+xml",
+    ".ico": "image/x-icon",
+    ".woff": "font/woff",
+    ".woff2": "font/woff2"
+  };
+  app.get("/*", async (c) => {
+    const urlPath = c.req.path === "/" ? "/index.html" : c.req.path;
+    const filePath = path2.join(uiPath, urlPath);
+    try {
+      const content = await fs2.promises.readFile(filePath);
+      const ext = path2.extname(filePath);
+      const contentType = MIME_TYPES[ext] || "application/octet-stream";
+      return new Response(content, { headers: { "content-type": contentType } });
+    } catch {
+      try {
+        const html = await fs2.promises.readFile(path2.join(uiPath, "index.html"));
+        return new Response(html, { headers: { "content-type": "text/html" } });
+      } catch (err) {
+        console.error("[static] Error reading index.html:", err.message);
+        return c.text("Not Found", 404);
+      }
+    }
+  });
+  const server = http.createServer(async (req, res) => {
+    const chunks = [];
+    for await (const chunk of req) chunks.push(chunk);
+    const body = Buffer.concat(chunks);
+    const url = new URL(req.url || "/", `http://localhost:${opts.port}`);
+    const init = {
+      method: req.method,
+      headers: req.headers
+    };
+    if (req.method !== "GET" && req.method !== "HEAD" && body.length > 0) {
+      init.body = body;
+    }
+    const request = new Request(url.toString(), init);
+    app.fetch(request).then((response) => {
+      res.writeHead(response.status, Object.fromEntries(response.headers.entries()));
+      response.arrayBuffer().then((buf) => {
+        res.end(Buffer.from(buf));
+      });
+    }).catch(() => {
+      res.writeHead(500);
+      res.end("Internal Server Error");
+    });
+  });
+  const wss = new WebSocketServer({
+    server,
+    path: "/ws",
+    verifyClient: opts.auth || opts.token ? (info, cb) => {
+      const url = new URL(info.req.url || "/", `http://localhost:${opts.port}`);
+      const qToken = url.searchParams.get("token");
+      if (opts.token && qToken === opts.token) return cb(true);
+      const authHeader = info.req.headers["authorization"] || "";
+      if (opts.token && authHeader === `Bearer ${opts.token}`) return cb(true);
+      if (opts.auth) {
+        const [user, pass] = opts.auth.split(":");
+        const expected = "Basic " + Buffer.from(`${user}:${pass}`).toString("base64");
+        if (authHeader === expected) return cb(true);
+      }
+      cb(false, 401, "Unauthorized");
+    } : void 0
+  });
+  const clients = /* @__PURE__ */ new Set();
+  wss.on("connection", (ws) => {
+    clients.add(ws);
+    const snap = collector.getLastSnapshot();
+    if (Object.keys(snap).length > 0) {
+      ws.send(JSON.stringify({ type: "metrics", data: snap }));
+    }
+    ws.on("close", () => clients.delete(ws));
+    ws.on("error", () => clients.delete(ws));
+  });
+  let collectCycleCount = 0;
+  const origCollect = collector.collect.bind(collector);
+  collector.collect = async () => {
+    const snapshot = await origCollect();
+    if (clients.size > 0 && Object.keys(snapshot).length > 0) {
+      const metricsMsg = JSON.stringify({ type: "metrics", data: snapshot });
+      let activityData = [];
+      try {
+        activityData = await getActivity(pool);
+      } catch (err) {
+        console.error("[ws] Error fetching activity:", err.message);
+      }
+      const activityMsg = JSON.stringify({ type: "activity", data: activityData });
+      for (const ws of clients) {
+        if (ws.readyState === WebSocket.OPEN) {
+          ws.send(metricsMsg);
+          ws.send(activityMsg);
+        }
+      }
+    }
+    if (Object.keys(snapshot).length > 0) {
+      try {
+        const alertMetrics = {};
+        if (snapshot.connections_total !== void 0) {
+          const client = await pool.connect();
+          try {
+            const r = await client.query("SELECT setting::int AS max FROM pg_settings WHERE name = 'max_connections'");
+            const max = r.rows[0]?.max || 100;
+            alertMetrics.connection_util = snapshot.connections_total / max * 100;
+          } finally {
+            client.release();
+          }
+        }
+        if (snapshot.cache_hit_ratio !== void 0) {
+          alertMetrics.cache_hit_pct = snapshot.cache_hit_ratio * 100;
+        }
+        try {
+          const client = await pool.connect();
+          try {
+            const r = await client.query(`SELECT count(*)::int AS c FROM pg_stat_activity WHERE state = 'active' AND now() - query_start > interval '${longQueryThreshold} minutes' AND pid != pg_backend_pid()`);
+            alertMetrics.long_query_count = r.rows[0]?.c || 0;
+          } finally {
+            client.release();
+          }
+        } catch (err) {
+          console.error("[alerts] Error checking long queries:", err.message);
+        }
+        try {
+          const client = await pool.connect();
+          try {
+            const r = await client.query("SELECT count(*)::int AS c FROM pg_stat_activity WHERE state = 'idle in transaction' AND now() - state_change > interval '10 minutes'");
+            alertMetrics.idle_in_tx_count = r.rows[0]?.c || 0;
+          } finally {
+            client.release();
+          }
+        } catch (err) {
+          console.error("[alerts] Error checking idle-in-tx:", err.message);
+        }
+        collectCycleCount++;
+        if (collectCycleCount % 10 === 0) {
+          try {
+            const report = await getAdvisorReport(pool);
+            alertMetrics.health_score = report.score;
+          } catch (err) {
+            console.error("[alerts] Error checking health score:", err.message);
+          }
+        }
+        const fired = alertManager.checkAlerts(alertMetrics);
+        if (fired.length > 0 && clients.size > 0) {
+          const alertMsg = JSON.stringify({ type: "alerts", data: fired });
+          for (const ws of clients) {
+            if (ws.readyState === WebSocket.OPEN) {
+              ws.send(alertMsg);
+            }
+          }
+        }
+      } catch (err) {
+        console.error("[alerts] Error checking alerts:", err.message);
+      }
+    }
+    return snapshot;
+  };
+  const bindAddr = opts.bind || "127.0.0.1";
+  server.listen(opts.port, bindAddr, async () => {
+    console.log(`
+  pg-dash running at http://${bindAddr}:${opts.port}
+`);
+    if (opts.open) {
+      try {
+        const openMod = await import("open");
+        await openMod.default(`http://localhost:${opts.port}`);
+      } catch (err) {
+        console.error("[open] Failed to open browser:", err.message);
+      }
+    }
+  });
+  const shutdown = async () => {
+    console.log("\n  Shutting down gracefully...");
+    collector.stop();
+    schemaTracker.stop();
+    wss.close();
+    server.close();
+    store.close();
+    schemaDb.close();
+    alertsDb.close();
+    await pool.end();
+    console.log("  Goodbye!");
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  await new Promise(() => {
+  });
+}
+
+// src/cli.ts
+import fs3 from "fs";
+import path3 from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+process.on("uncaughtException", (err) => {
+  console.error("Uncaught exception:", err);
+});
+process.on("unhandledRejection", (err) => {
+  console.error("Unhandled rejection:", err);
+});
+var { values, positionals } = parseArgs({
+  allowPositionals: true,
+  options: {
+    port: { type: "string", short: "p", default: "3480" },
+    bind: { type: "string", default: "127.0.0.1" },
+    auth: { type: "string" },
+    token: { type: "string" },
+    webhook: { type: "string" },
+    "no-open": { type: "boolean", default: false },
+    json: { type: "boolean", default: false },
+    host: { type: "string" },
+    user: { type: "string", short: "u" },
+    password: { type: "string" },
+    db: { type: "string", short: "d" },
+    "pg-port": { type: "string" },
+    "data-dir": { type: "string" },
+    interval: { type: "string", short: "i" },
+    "retention-days": { type: "string" },
+    "snapshot-interval": { type: "string" },
+    "long-query-threshold": { type: "string" },
+    help: { type: "boolean", short: "h" },
+    version: { type: "boolean", short: "v" },
+    threshold: { type: "string" },
+    format: { type: "string", short: "f" }
+  }
+});
+if (values.version) {
+  try {
+    const __dirname2 = path3.dirname(fileURLToPath2(import.meta.url));
+    const pkg = JSON.parse(fs3.readFileSync(path3.resolve(__dirname2, "../package.json"), "utf-8"));
+    console.log(`pg-dash v${pkg.version}`);
+  } catch {
+    console.log("pg-dash v0.1.0");
+  }
+  process.exit(0);
+}
+if (values.help) {
+  console.log(`
+pg-dash \u2014 Lightweight PostgreSQL Monitoring Dashboard
+
+Usage:
+  pg-dash <connection-string>
+  pg-dash check <connection-string>     Run health check and exit
+  pg-dash schema-diff <connection-string> Show latest schema changes
+  pg-dash --host localhost --user postgres --db mydb
+
+Options:
+  -p, --port <port>      Dashboard port (default: 3480)
+  --bind <addr>          Bind address (default: 127.0.0.1)
+  --auth <user:pass>     Basic auth credentials (user:password)
+  --token <token>        Bearer token for authentication
+  --webhook <url>        Webhook URL for alert notifications
+  --no-open              Don't auto-open browser (default: opens)
+  --json                 Dump health check as JSON and exit
+  --host <host>          PostgreSQL host
+  -u, --user <user>      PostgreSQL user
+  --password <pass>      PostgreSQL password
+  --db, -d <database>    PostgreSQL database
+  --pg-port <port>       PostgreSQL port (default: 5432)
+  --data-dir <dir>       Data directory for metrics (default: ~/.pg-dash)
+  -i, --interval <sec>   Collection interval in seconds (default: 30)
+  --retention-days <N>   Metrics retention in days (default: 7)
+  --snapshot-interval <h> Schema snapshot interval in hours (default: 6)
+  --long-query-threshold <min> Long query threshold in minutes (default: 5)
+  --threshold <score>    Health score threshold for check command (default: 70)
+  -f, --format <fmt>     Output format: text|json (default: text)
+  -v, --version          Show version
+  -h, --help             Show this help
+
+Environment variables:
+  PG_DASH_RETENTION_DAYS, PG_DASH_SNAPSHOT_INTERVAL, PG_DASH_LONG_QUERY_THRESHOLD
+`);
+  process.exit(0);
+}
+var subcommand = positionals[0];
+function resolveConnectionString(startIdx = 0) {
+  let connStr = positionals[startIdx];
+  if (!connStr) {
+    if (values.host) {
+      const user = values.user || "postgres";
+      const pass = values.password ? `:${values.password}` : "";
+      const host = values.host;
+      const pgPort = values["pg-port"] || "5432";
+      const db = values.db || "postgres";
+      connStr = `postgresql://${user}${pass}@${host}:${pgPort}/${db}`;
+    } else {
+      console.error("Error: provide a connection string or --host\n\nRun pg-dash --help for usage.");
+      process.exit(1);
+    }
+  }
+  return connStr;
+}
+if (subcommand === "check") {
+  const connectionString = resolveConnectionString(1);
+  const threshold = parseInt(values.threshold || "70", 10);
+  const format = values.format || "text";
+  const { Pool: Pool2 } = await import("pg");
+  const { getAdvisorReport: getAdvisorReport2 } = await Promise.resolve().then(() => (init_advisor(), advisor_exports));
+  const pool = new Pool2({ connectionString });
+  try {
+    const report = await getAdvisorReport2(pool);
+    if (format === "json") {
+      console.log(JSON.stringify(report, null, 2));
+    } else {
+      console.log(`
+  Health Score: ${report.score}/100 (Grade: ${report.grade})
+`);
+      for (const [cat, b] of Object.entries(report.breakdown)) {
+        console.log(`  ${cat.padEnd(14)} ${b.grade} (${b.score}/100) \u2014 ${b.count} issue${b.count !== 1 ? "s" : ""}`);
+      }
+      if (report.issues.length > 0) {
+        console.log(`
+  Issues (${report.issues.length}):
+`);
+        for (const issue of report.issues) {
+          const icon = issue.severity === "critical" ? "\u{1F534}" : issue.severity === "warning" ? "\u{1F7E1}" : "\u{1F535}";
+          console.log(`  ${icon} [${issue.severity}] ${issue.title}`);
+        }
+      }
+      console.log();
+    }
+    await pool.end();
+    process.exit(report.score < threshold ? 1 : 0);
+  } catch (err) {
+    console.error(`Error: ${err.message}`);
+    await pool.end();
+    process.exit(1);
+  }
+} else if (subcommand === "schema-diff") {
+  const connectionString = resolveConnectionString(1);
+  const dataDir = values["data-dir"] || path3.join((await import("os")).homedir(), ".pg-dash");
+  const schemaDbPath = path3.join(dataDir, "schema.db");
+  if (!fs3.existsSync(schemaDbPath)) {
+    console.error("No schema tracking data found. Run pg-dash server first to collect schema snapshots.");
+    process.exit(1);
+  }
+  const Database3 = (await import("better-sqlite3")).default;
+  const db = new Database3(schemaDbPath, { readonly: true });
+  const changes = db.prepare("SELECT * FROM schema_changes ORDER BY timestamp DESC LIMIT 50").all();
+  db.close();
+  if (changes.length === 0) {
+    console.log("No schema changes detected.");
+  } else {
+    console.log(`
+  Schema Changes (${changes.length}):
+`);
+    for (const c of changes) {
+      const icon = c.change_type === "added" ? "\uFF0B" : c.change_type === "removed" ? "\u2212" : "~";
+      const color = c.change_type === "added" ? "\x1B[32m" : c.change_type === "removed" ? "\x1B[31m" : "\x1B[33m";
+      console.log(`  ${color}${icon}\x1B[0m ${c.detail}${c.table_name ? ` (${c.table_name})` : ""} \u2014 ${new Date(c.timestamp).toLocaleString()}`);
+    }
+    console.log();
+  }
+  process.exit(0);
+} else {
+  const connectionString = resolveConnectionString(0);
+  const port = parseInt(values.port, 10);
+  const bind = values.bind || process.env.PG_DASH_BIND || "127.0.0.1";
+  const interval = values.interval ? parseInt(values.interval, 10) : void 0;
+  const retentionDays = parseInt(values["retention-days"] || process.env.PG_DASH_RETENTION_DAYS || "7", 10);
+  const snapshotInterval = parseInt(values["snapshot-interval"] || process.env.PG_DASH_SNAPSHOT_INTERVAL || "6", 10);
+  const longQueryThreshold = parseInt(values["long-query-threshold"] || process.env.PG_DASH_LONG_QUERY_THRESHOLD || "5", 10);
+  const auth = values.auth || void 0;
+  const token = values.token || void 0;
+  const webhook = values.webhook || void 0;
+  if (bind === "0.0.0.0" && !auth && !token) {
+    console.warn("\n  \u26A0\uFE0F  WARNING: Dashboard is exposed without authentication. Use --auth or --token.\n");
+  }
+  await startServer({
+    connectionString,
+    port,
+    bind,
+    open: !values["no-open"],
+    json: values.json,
+    dataDir: values["data-dir"],
+    interval,
+    retentionDays,
+    snapshotInterval,
+    longQueryThreshold,
+    auth,
+    token,
+    webhook
+  });
+}
+//# sourceMappingURL=cli.js.map