@libredb/studio 0.9.7 → 0.9.13

package/src/app/api/ai/describe-schema/route.ts

@@ -1,52 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { createLLMProvider } from '@/lib/llm';
-import { createErrorResponse } from '@/lib/api/errors';
-
-export async function POST(req: NextRequest) {
-  try {
-    const { schemaContext, databaseType, mode } = await req.json();
-
-    if (!schemaContext) {
-      return NextResponse.json({ error: 'Schema context required' }, { status: 400 });
-    }
-
-    const provider = await createLLMProvider();
-
-    const systemPrompt = mode === 'table'
-      ? `You are a database documentation expert. Given a table schema, generate clear, concise documentation.
-
-For each table, provide:
-1. **Purpose**: What this table stores and its role in the system
-2. **Key Columns**: Brief description of important columns
-3. **Relationships**: Detected foreign keys and relationships
-4. **Usage Notes**: Common query patterns or important constraints
-
-Format as markdown. Be concise but informative. Database type: ${databaseType || 'SQL'}.`
-      : `You are a database documentation expert. Generate comprehensive database documentation.
-
-Given the full schema, provide:
-1. **Database Overview**: High-level summary of the database's purpose
-2. **Entity Relationship Summary**: How tables relate to each other
-3. **Table Descriptions**: Brief purpose of each table (one line each)
-4. **Data Flow**: How data typically flows through the system
-5. **Key Observations**: Naming conventions, patterns, potential issues
-
-Format as clean markdown. Be concise. Database type: ${databaseType || 'SQL'}.`;
-
-    const stream = await provider.stream({
-      messages: [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: `Generate documentation for:\n\n${schemaContext}` },
-      ],
-    });
-
-    return new Response(stream as ReadableStream, {
-      headers: {
-        'Content-Type': 'text/plain; charset=utf-8',
-        'Transfer-Encoding': 'chunked',
-      },
-    });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'api/ai/describe-schema' });
-  }
-}

package/src/app/api/ai/explain/route.ts

@@ -1,86 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { createLLMProvider } from '@/lib/llm';
-import { createErrorResponse } from '@/lib/api/errors';
-
-function buildExplainSystemPrompt(databaseType: string, schemaContext: string): string {
-  return `You are an Expert Database Performance Analyst specializing in query optimization for ${databaseType || 'PostgreSQL'}.
-
-ROLE: Analyze EXPLAIN plans and provide actionable, plain-language explanations.
-
-SCHEMA CONTEXT:
-${schemaContext || 'No schema context available.'}
-
-OUTPUT FORMAT (always follow this structure):
-
-## Plain Language Explanation
-Explain what the query does step-by-step in simple terms anyone can understand. Be specific about which tables, joins, and filters are involved.
-
-## Performance Issues
-List any problems found (sequential scans on large tables, expensive sorts, nested loop issues, row estimate mismatches). For each issue:
-- What the problem is
-- Why it matters
-- How much impact it has
-
-## Recommendations
-Numbered list of concrete, actionable suggestions. Each should include:
-- The specific action (e.g., "Create an index on orders.customer_id")
-- Expected improvement
-- The exact SQL command if applicable
-
-## Optimized Query
-If the query can be rewritten for better performance, provide the optimized version in a SQL code block. If the query is already optimal, say so.
-
-GUIDELINES:
-- Be concise but thorough
-- Use plain language, avoid jargon where possible
-- Quantify impact when you can (e.g., "reduces from table scan of ~100K rows to index lookup")
-- If there are no issues, say the query looks good and explain why
-- Format SQL in code blocks with \`\`\`sql
-`;
-}
-
-export async function POST(req: NextRequest) {
-  try {
-    const { query, explainPlan, schemaContext, databaseType } = await req.json();
-
-    if (!query) {
-      return NextResponse.json(
-        { error: 'Query is required' },
-        { status: 400 }
-      );
-    }
-
-    const provider = await createLLMProvider();
-    const systemPrompt = buildExplainSystemPrompt(databaseType, schemaContext);
-
-    const userMessage = `Analyze this SQL query and its EXPLAIN plan:
-
-**Original Query:**
-\`\`\`sql
-${query}
-\`\`\`
-
-**EXPLAIN Plan:**
-\`\`\`json
-${JSON.stringify(explainPlan, null, 2)}
-\`\`\`
-
-Provide a plain-language explanation, identify performance issues, give specific recommendations, and suggest an optimized query if possible.`;
-
-    const stream = await provider.stream({
-      messages: [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: userMessage },
-      ],
-    });
-
-    return new Response(stream, {
-      headers: {
-        'Content-Type': 'text/plain; charset=utf-8',
-        'Transfer-Encoding': 'chunked',
-      },
-    });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'api/ai/explain' });
-  }
-}

package/src/app/api/ai/impact/route.ts

@@ -1,97 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { createLLMProvider } from '@/lib/llm';
-import { createErrorResponse } from '@/lib/api/errors';
-
-function buildImpactSystemPrompt(databaseType: string, schemaContext: string): string {
-  return `You are a Schema Change Impact Analyst for ${databaseType || 'PostgreSQL'}. You analyze DDL statements BEFORE they are executed and predict their impact.
-
-DATABASE TYPE: ${databaseType || 'PostgreSQL'}
-
-SCHEMA CONTEXT:
-${schemaContext || 'No schema available.'}
-
-ANALYSIS SCOPE:
-1. **Lock Impact**: Will this statement acquire table locks? For how long? What queries will be blocked?
-2. **Data Impact**: Will data be lost? How many rows affected? Are there cascade effects?
-3. **Dependent Objects**: Views, indexes, triggers, functions that depend on the modified object
-4. **Performance Impact**: Will queries become slower after this change? Will indexes need rebuilding?
-5. **Rollback Plan**: How to reverse this change if something goes wrong
-
-OUTPUT FORMAT (markdown):
-
-## Impact Summary
-One-line: what this DDL does and its risk level (Low/Medium/High/Critical).
-
-## Lock Analysis
-- Lock type acquired (ACCESS EXCLUSIVE, ROW EXCLUSIVE, etc.)
-- Estimated duration for the schema context
-- Affected concurrent queries
-
-## Data Impact
-- Rows affected (estimate)
-- Data loss risk (none/potential/certain)
-- Cascade effects (FK constraints)
-
-## Dependent Objects
-List views, indexes, triggers, stored procedures that reference the modified table/column.
-
-## Validation Queries
-SQL queries the user can run BEFORE applying the change to verify safety:
-\`\`\`sql
--- Check for NULL values before adding NOT NULL constraint
-SELECT COUNT(*) FROM table WHERE column IS NULL;
-\`\`\`
-
-## Rollback Plan
-\`\`\`sql
--- Exact SQL to reverse this change
-\`\`\`
-
-## Recommendation
-Whether to proceed, modify, or avoid this change. Suggest safer alternatives if applicable.
-
-GUIDELINES:
-- Be specific about ${databaseType} lock behavior
-- For ALTER TABLE on large tables, warn about lock time
-- For DROP operations, list ALL dependent objects
-- For column type changes, check for data truncation risks
-- Always provide a rollback plan
-`;
-}
-
-export async function POST(req: NextRequest) {
-  try {
-    const { query, schemaContext, databaseType } = await req.json();
-
-    if (!query) {
-      return NextResponse.json({ error: 'Query is required' }, { status: 400 });
-    }
-
-    const provider = await createLLMProvider();
-    const systemPrompt = buildImpactSystemPrompt(databaseType, schemaContext);
-
-    const userMessage = `Analyze the impact of this schema change before I execute it:
-
-\`\`\`sql
-${query}
-\`\`\`
-
-Provide a comprehensive impact analysis.`;
-
-    const stream = await provider.stream({
-      messages: [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: userMessage },
-      ],
-    });
-
-    return new Response(stream, {
-      headers: {
-        'Content-Type': 'text/plain; charset=utf-8',
-        'Transfer-Encoding': 'chunked',
-      },
-    });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'api/ai/impact' });
-  }
-}

package/src/app/api/ai/index-advisor/route.ts

@@ -1,98 +0,0 @@
-import { NextRequest } from 'next/server';
-import { createLLMProvider } from '@/lib/llm';
-import { createErrorResponse } from '@/lib/api/errors';
-
-function buildIndexAdvisorPrompt(databaseType: string): string {
-  return `You are a Database Index Optimization Expert for ${databaseType || 'PostgreSQL'}.
-
-You will be given:
-1. Slow queries with execution statistics
-2. Current index statistics (scans, usage ratio)
-3. Table statistics (row counts, sizes)
-4. Schema information
-
-Your job is to provide actionable index recommendations.
-
-OUTPUT FORMAT (use markdown):
-
-## Index Analysis Summary
-Brief overview of the indexing health.
-
-## Missing Indexes (Recommended to Create)
-For each recommendation:
-### Index: \`index_name\`
-- **Table:** table_name
-- **Columns:** column(s) to index
-- **Reason:** Why this index is needed (reference the slow query)
-- **Expected Impact:** How much improvement
-- **SQL:**
-\`\`\`sql
-CREATE INDEX index_name ON table_name (columns);
-\`\`\`
-
-## Unused Indexes (Consider Dropping)
-For each unused index:
-- **Index:** index_name on table_name
-- **Size:** index size
-- **Scans:** 0 (never used)
-- **Recommendation:** DROP or keep (with reason)
-
-## Duplicate / Overlapping Indexes
-If any indexes cover the same columns.
-
-## Quick Wins
-Top 3 most impactful changes, numbered.
-
-GUIDELINES:
-- Recommend composite indexes when queries filter on multiple columns
-- Consider partial indexes for filtered queries
-- For ${databaseType}, use appropriate index types (btree, hash, gin, gist)
-- Always name indexes descriptively: idx_tablename_columns
-- Note if ANALYZE/VACUUM should be run first
-`;
-}
-
-export async function POST(req: NextRequest) {
-  try {
-    const { slowQueries, indexStats, tableStats, schemaContext, databaseType } = await req.json();
-
-    const provider = await createLLMProvider();
-    const systemPrompt = buildIndexAdvisorPrompt(databaseType);
-
-    const parts: string[] = [];
-
-    if (slowQueries?.length) {
-      parts.push('## Slow Queries\n' + JSON.stringify(slowQueries.slice(0, 20), null, 2));
-    }
-
-    if (indexStats?.length) {
-      parts.push('## Current Indexes\n' + JSON.stringify(indexStats.slice(0, 50), null, 2));
-    }
-
-    if (tableStats?.length) {
-      parts.push('## Table Statistics\n' + JSON.stringify(tableStats.slice(0, 30), null, 2));
-    }
-
-    if (schemaContext) {
-      parts.push('## Schema\n' + schemaContext.substring(0, 4000));
-    }
-
-    const userMessage = `Analyze the following database statistics and provide index recommendations:\n\n${parts.join('\n\n')}`;
-
-    const stream = await provider.stream({
-      messages: [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: userMessage },
-      ],
-    });
-
-    return new Response(stream, {
-      headers: {
-        'Content-Type': 'text/plain; charset=utf-8',
-        'Transfer-Encoding': 'chunked',
-      },
-    });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'api/ai/index-advisor' });
-  }
-}

package/src/app/api/ai/nl2sql/route.ts

@@ -1,87 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { createLLMProvider } from '@/lib/llm';
-import { createErrorResponse } from '@/lib/api/errors';
-
-function buildNL2SQLPrompt(databaseType: string, schemaContext: string, queryLanguage?: string): string {
-  if (queryLanguage === 'json') {
-    return `You are an NL-to-MongoDB translator. Convert natural language questions into MongoDB JSON queries for LibreDB Studio.
-
-DATABASE: MongoDB
-
-COLLECTIONS:
-${schemaContext || 'No schema available.'}
-
-QUERY FORMAT:
-{
-  "collection": "collection_name",
-  "operation": "find|aggregate|count|distinct",
-  "filter": {},
-  "pipeline": [],
-  "options": { "limit": 50, "sort": {} }
-}
-
-RULES:
-1. Return ONLY a JSON code block with the query
-2. Use exact collection and field names from the schema
-3. Add reasonable limits (default 50)
-4. For complex questions, prefer aggregate with pipeline
-5. After the JSON block, add a brief one-line explanation starting with "-- "
-`;
-  }
-
-  return `You are an NL-to-SQL translator. Convert natural language questions into ${databaseType || 'PostgreSQL'} SQL queries.
-
-DATABASE TYPE: ${databaseType || 'PostgreSQL'}
-
-SCHEMA:
-${schemaContext || 'No schema available.'}
-
-RULES:
-1. Return ONLY a SQL code block with the query
-2. Use exact table and column names from the schema
-3. Add reasonable LIMIT (default 50) to prevent large result sets
-4. Use JOINs when the question implies data from multiple tables
-5. Handle aggregations (COUNT, SUM, AVG) when asked about totals or averages
-6. After the SQL block, add a brief one-line explanation starting with "-- "
-7. If the question is ambiguous, make your best guess and explain your interpretation
-8. Use standard ${databaseType || 'PostgreSQL'} syntax
-`;
-}
-
-export async function POST(req: NextRequest) {
-  try {
-    const { question, schemaContext, databaseType, queryLanguage, conversationHistory } = await req.json();
-
-    if (!question) {
-      return NextResponse.json({ error: 'Question is required' }, { status: 400 });
-    }
-
-    const provider = await createLLMProvider();
-    const systemPrompt = buildNL2SQLPrompt(databaseType, schemaContext, queryLanguage);
-
-    // Build messages with optional conversation history for multi-turn
-    const messages: { role: 'system' | 'user' | 'assistant'; content: string }[] = [
-      { role: 'system', content: systemPrompt },
-    ];
-
-    // Add conversation history if provided
-    if (conversationHistory?.length) {
-      for (const msg of conversationHistory) {
-        messages.push({ role: msg.role, content: msg.content });
-      }
-    }
-
-    messages.push({ role: 'user', content: question });
-
-    const stream = await provider.stream({ messages });
-
-    return new Response(stream, {
-      headers: {
-        'Content-Type': 'text/plain; charset=utf-8',
-        'Transfer-Encoding': 'chunked',
-      },
-    });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'api/ai/nl2sql' });
-  }
-}

package/src/app/api/ai/query-safety/route.ts

@@ -1,87 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { createLLMProvider } from '@/lib/llm';
-import { createErrorResponse } from '@/lib/api/errors';
-
-function buildSafetySystemPrompt(databaseType: string, schemaContext: string): string {
-  return `You are a Database Safety Analyst. Your job is to analyze SQL queries BEFORE they are executed and warn the user about potential dangers.
-
-DATABASE TYPE: ${databaseType || 'PostgreSQL'}
-
-SCHEMA CONTEXT:
-${schemaContext || 'No schema available.'}
-
-ANALYSIS RULES:
-1. Check for destructive operations: DROP, TRUNCATE, DELETE without WHERE, UPDATE without WHERE
-2. Estimate affected row counts based on schema info
-3. Check for cascade effects (FK constraints)
-4. Detect risky patterns: Cartesian joins, unbounded deletes, mass updates
-5. Check for schema modifications that could lock tables
-
-OUTPUT FORMAT (always use this JSON structure, wrapped in a code block):
-\`\`\`json
-{
-  "riskLevel": "safe" | "low" | "medium" | "high" | "critical",
-  "summary": "One-line summary of the risk",
-  "warnings": [
-    {
-      "type": "destructive" | "performance" | "schema" | "data_loss" | "lock",
-      "severity": "info" | "warning" | "critical",
-      "message": "What the issue is",
-      "detail": "Why it matters and estimated impact"
-    }
-  ],
-  "affectedRows": "estimated number or range, e.g. '~12,000' or 'all rows'",
-  "cascadeEffects": "Description of cascade effects or 'none'",
-  "recommendation": "What the user should do instead or how to make it safer"
-}
-\`\`\`
-
-GUIDELINES:
-- Be conservative: when in doubt, flag it
-- For SELECT queries, riskLevel is always "safe"
-- For INSERT, riskLevel is typically "low" unless it's INSERT INTO ... SELECT without limits
-- DELETE without WHERE is ALWAYS "critical"
-- DROP TABLE is ALWAYS "critical"
-- UPDATE without WHERE is ALWAYS "high"
-- TRUNCATE is ALWAYS "high"
-- ALTER TABLE on large tables (>100K rows) is "medium" due to lock time
-- Always return valid JSON in the code block
-`;
-}
-
-export async function POST(req: NextRequest) {
-  try {
-    const { query, schemaContext, databaseType } = await req.json();
-
-    if (!query) {
-      return NextResponse.json({ error: 'Query is required' }, { status: 400 });
-    }
-
-    const provider = await createLLMProvider();
-    const systemPrompt = buildSafetySystemPrompt(databaseType, schemaContext);
-
-    const userMessage = `Analyze this query for safety before execution:
-
-\`\`\`sql
-${query}
-\`\`\`
-
-Return your analysis as a JSON code block.`;
-
-    const stream = await provider.stream({
-      messages: [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: userMessage },
-      ],
-    });
-
-    return new Response(stream, {
-      headers: {
-        'Content-Type': 'text/plain; charset=utf-8',
-        'Transfer-Encoding': 'chunked',
-      },
-    });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'api/ai/query-safety' });
-  }
-}

package/src/app/api/auth/login/route.ts

@@ -1,62 +0,0 @@
-import { login } from '@/lib/auth';
-import { NextRequest, NextResponse } from 'next/server';
-import { createErrorResponse } from '@/lib/api/errors';
-import { logger } from '@/lib/logger';
-
-interface AuthUser {
-  email: string;
-  password: string;
-  role: 'admin' | 'user';
-}
-
-function getAuthUsers(): AuthUser[] {
-  const adminEmail = process.env.ADMIN_EMAIL;
-  const adminPassword = process.env.ADMIN_PASSWORD;
-  const userEmail = process.env.USER_EMAIL;
-  const userPassword = process.env.USER_PASSWORD;
-
-  if (process.env.NODE_ENV === 'production') {
-    if (!adminEmail || !adminPassword || !userEmail || !userPassword) {
-      throw new Error(
-        'ADMIN_EMAIL, ADMIN_PASSWORD, USER_EMAIL, and USER_PASSWORD environment variables are required in production'
-      );
-    }
-  }
-
-  return [
-    {
-      email: adminEmail || 'admin@libredb.org',
-      password: adminPassword || 'LibreDB.2026',
-      role: 'admin',
-    },
-    {
-      email: userEmail || 'user@libredb.org',
-      password: userPassword || 'LibreDB.2026',
-      role: 'user',
-    },
-  ];
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    const { email, password } = await request.json();
-    const users = getAuthUsers();
-
-    const matched = users.find(
-      (u) => u.email === email && u.password === password
-    );
-
-    if (matched) {
-      await login(matched.role, matched.email);
-      return NextResponse.json({ success: true, role: matched.role });
-    }
-
-    logger.warn('Failed login attempt', { route: 'POST /api/auth/login', email });
-    return NextResponse.json(
-      { success: false, message: 'Invalid email or password' },
-      { status: 401 }
-    );
-  } catch (error) {
-    return createErrorResponse(error, { route: 'POST /api/auth/login' });
-  }
-}

package/src/app/api/auth/logout/route.ts

@@ -1,25 +0,0 @@
-import { logout } from '@/lib/auth';
-import { buildLogoutUrl, getPublicOrigin } from '@/lib/oidc';
-import { NextRequest, NextResponse } from 'next/server';
-import { createErrorResponse } from '@/lib/api/errors';
-
-export async function POST(request: NextRequest) {
-  try {
-    await logout();
-
-    const authProvider = process.env.NEXT_PUBLIC_AUTH_PROVIDER || 'local';
-    if (authProvider === 'oidc') {
-      const origin = getPublicOrigin(request);
-      const returnTo = `${origin}/login`;
-      const oidcLogoutUrl = buildLogoutUrl(returnTo);
-
-      if (oidcLogoutUrl) {
-        return NextResponse.json({ success: true, redirectUrl: oidcLogoutUrl });
-      }
-    }
-
-    return NextResponse.json({ success: true });
-  } catch (error) {
-    return createErrorResponse(error, { route: 'POST /api/auth/logout' });
-  }
-}

package/src/app/api/auth/me/route.ts

@@ -1,10 +0,0 @@
-import { getSession } from '@/lib/auth';
-import { NextResponse } from 'next/server';
-
-export async function GET() {
-  const session = await getSession();
-  if (!session) {
-    return NextResponse.json({ authenticated: false }, { status: 401 });
-  }
-  return NextResponse.json({ authenticated: true, user: session });
-}

package/src/app/api/auth/oidc/callback/route.ts

@@ -1,82 +0,0 @@
-import { NextResponse } from 'next/server';
-import { cookies } from 'next/headers';
-import { login } from '@/lib/auth';
-import {
-  getOIDCConfig,
-  discoverProvider,
-  exchangeCode,
-  decryptState,
-  mapOIDCRole,
-  getPublicOrigin,
-} from '@/lib/oidc';
-import { logger } from '@/lib/logger';
-
-export async function GET(request: Request) {
-  const origin = getPublicOrigin(request);
-
-  try {
-    const cookieStore = await cookies();
-    const stateCookie = cookieStore.get('oidc-state')?.value;
-
-    if (!stateCookie) {
-      return NextResponse.redirect(`${origin}/login?error=oidc_state_missing`);
-    }
-
-    // Decrypt and validate state
-    let oidcState;
-    try {
-      oidcState = await decryptState(stateCookie);
-    } catch (decryptError) {
-      logger.warn('OIDC state decryption failed', { route: 'GET /api/auth/oidc/callback', error: decryptError instanceof Error ? decryptError.message : 'Unknown' });
-      cookieStore.delete('oidc-state');
-      return NextResponse.redirect(`${origin}/login?error=oidc_state_invalid`);
-    }
-
-    // Exchange code for tokens
-    const oidcConfig = getOIDCConfig();
-    const config = await discoverProvider(oidcConfig);
-
-    // Reconstruct callback URL with public origin for token exchange
-    const internalUrl = new URL(request.url);
-    const callbackUrl = new URL(
-      `${internalUrl.pathname}${internalUrl.search}`,
-      origin
-    );
-
-    const claims = await exchangeCode(
-      config,
-      callbackUrl,
-      oidcState.code_verifier,
-      oidcState.state,
-      oidcState.nonce
-    );
-
-    if (!claims) {
-      logger.warn('OIDC callback: no claims returned from token exchange', { route: 'oidc/callback' });
-      return NextResponse.redirect(`${origin}/login?error=oidc_no_claims`);
-    }
-
-    // Map role from claims
-    const role = mapOIDCRole(
-      claims as Record<string, unknown>,
-      oidcConfig.roleClaim,
-      oidcConfig.adminRoles
-    );
-
-    // Create local JWT session (same as password login)
-    const username = claims.email || claims.preferred_username || claims.sub || role;
-    await login(role, username);
-
-    // Clean up state cookie
-    cookieStore.delete('oidc-state');
-
-    // Redirect based on role
-    return NextResponse.redirect(
-      `${origin}${role === 'admin' ? '/admin' : '/'}`
-    );
-  } catch (error) {
-    logger.error('OIDC callback error', error, { route: 'GET /api/auth/oidc/callback' });
-    const errorCode = error instanceof Error && error.message.includes('config') ? 'oidc_config' : 'oidc_failed';
-    return NextResponse.redirect(`${origin}/login?error=${errorCode}`);
-  }
-}