npm - @mgsoftwarebv/mg-dashboard-mcp - Versions diffs - 6.1.0 → 6.2.0 - Mend

@mgsoftwarebv/mg-dashboard-mcp 6.1.0 → 6.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1191,7 +1191,7 @@ async function handleVercelTool(name, args2, deps) {
           sinceMs
         );
         if (error) {
-          const hint = error.includes("404") || error.includes("400") ? '\n\nThis endpoint requires both project ID and deployment ID and may not be available on every Vercel plan. Use kind="webhooks" or the supabase MCP (vercel_deployment_log table) for archived runtime logs.' : "";
+          const hint = error.includes("404") || error.includes("400") ? '\n\nThis endpoint requires both project ID and deployment ID and may not be available on every Vercel plan. Use kind="webhooks" or query the vercel_deployment_log table directly for archived runtime logs.' : "";
           return { content: [{ type: "text", text: `Error: ${error}${hint}` }] };
         }
         const body = formatRuntimeLogs(logs);
@@ -1199,7 +1199,7 @@ async function handleVercelTool(name, args2, deps) {
         const footer = hitDurationLimit ? `
 [${windowNote}]
-[hint] Vercel hit its 5-min query budget for this window. Try a smaller sinceMinutes (e.g. 5-10), lower limit, or use kind="webhooks" / the supabase MCP vercel_deployment_log table for archived logs.` : `
+[hint] Vercel hit its 5-min query budget for this window. Try a smaller sinceMinutes (e.g. 5-10), lower limit, or use kind="webhooks" / query the vercel_deployment_log table for archived logs.` : `
 [${windowNote}]`;
         return { content: [{ type: "text", text: body + footer }] };
@@ -2420,6 +2420,10 @@ function assertServerAccess(serverId) {
     throw new Error(`Access denied: you do not have permission for server ${serverId}`);
   }
 }
+function uuidArrayParam(values) {
+  if (values.length === 0) return sql`ARRAY[]::uuid[]`;
+  return sql`ARRAY[${sql.join(values.map((v) => sql`${v}::uuid`), sql`, `)}]`;
+}
 async function resolveReleaseProfileStageIds(profileName) {
   const profileRows = await db.execute(sql`
     SELECT id, name FROM release_profile
@@ -2449,13 +2453,13 @@ async function getProfileNamesForStageIds(stageIds) {
   if (stageIds.length === 0) return {};
   const stages = await db.execute(sql`
     SELECT id, release_profile_id FROM release_profile_stage
-    WHERE id = ANY(${stageIds}::uuid[])
+    WHERE id = ANY(${uuidArrayParam(stageIds)})
   `);
   if (stages.length === 0) return {};
   const profileIds = [...new Set(stages.map((s) => s.release_profile_id))];
   const profiles = await db.execute(sql`
     SELECT id, name FROM release_profile
-    WHERE id = ANY(${profileIds}::uuid[])
+    WHERE id = ANY(${uuidArrayParam(profileIds)})
   `);
   const profileMap = {};
   for (const p of profiles) profileMap[p.id] = p.name;
@@ -2690,7 +2694,35 @@ async function getProxyConnection() {
   };
   return _proxyConnCache;
 }
-async function getServerConnection(serverId) {
+var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+async function resolveServerId(input) {
+  const trimmed = (input ?? "").trim();
+  if (!trimmed) throw new Error("serverId is required");
+  if (UUID_RE.test(trimmed)) return trimmed;
+  const exact = await db.execute(sql`
+    SELECT id, name FROM ssh_server WHERE name = ${trimmed} LIMIT 2
+  `);
+  if (exact.length === 1) {
+    KNOWN_SERVER_NAMES.set(exact[0].id, { id: exact[0].id, name: exact[0].name });
+    return exact[0].id;
+  }
+  if (exact.length > 1) {
+    throw new Error(`Multiple servers share the exact name "${trimmed}". Pass the UUID instead.`);
+  }
+  const fuzzy = await db.execute(sql`
+    SELECT id, name FROM ssh_server WHERE name ILIKE ${"%" + trimmed + "%"} ORDER BY name LIMIT 5
+  `);
+  if (fuzzy.length === 1) {
+    KNOWN_SERVER_NAMES.set(fuzzy[0].id, { id: fuzzy[0].id, name: fuzzy[0].name });
+    return fuzzy[0].id;
+  }
+  if (fuzzy.length === 0) {
+    throw new Error(`Server "${trimmed}" not found by id or name. Call \`list-servers\` to see what's available.`);
+  }
+  throw new Error(`Multiple servers match "${trimmed}": ${fuzzy.map((f) => f.name).join(", ")}. Use an exact name or UUID.`);
+}
+async function getServerConnection(serverIdOrName) {
+  const serverId = await resolveServerId(serverIdOrName);
   assertServerAccess(serverId);
   const rows = await db.execute(sql`
     SELECT hostname, port, username, password_encrypted, ssh_key_encrypted,
@@ -4442,7 +4474,7 @@ async function mijnhostFetch(path, options = {}) {
 var TOOLS = [
   {
     name: "list-servers",
-    description: 'List all SSH servers you have access to. Returns id, name, hostname, tags, and os_type per server. Pass `includeStats: true` to also probe each server in parallel for container count, disk-free, and uptime (skips unreachable hosts gracefully). Cached for 60s \u2014 pass `noCache: true` to force a refresh. Adds an "auto-context" footer with one-line tags inferred from server name/tags so the LLM knows which host runs Trigger / Supabase / proxy / etc. (disable with `context: false`).',
+    description: 'List all SSH servers you have access to. Returns id, name, hostname, tags, and os_type per server. Pass `includeStats: true` to also probe each server in parallel for container count, disk-free, and uptime (skips unreachable hosts gracefully). Cached for 60s \u2014 pass `noCache: true` to force a refresh. Adds an "auto-context" footer with one-line tags inferred from server name/tags so the LLM knows which host runs Trigger / Supabase / proxy / etc. (disable with `context: false`).\n\n**Tip:** every tool that takes `serverId` also accepts the server `name` directly (exact match or fuzzy `ILIKE %x%`). E.g. `ssh-execute serverId="MG Giga Server"` works without a separate UUID lookup.',
     inputSchema: {
       type: "object",
       properties: {
@@ -4670,7 +4702,7 @@ var TOOLS = [
   },
   {
     name: "db-query",
-    description: 'Execute SQL against any database. **Use this for ALL queries (SELECT, INSERT, UPDATE, DELETE, schema introspection) against vanilla Postgres / MySQL / MSSQL containers** \u2014 do NOT fall back to `ssh-execute` + `docker cp` + `psql -f` with .tmp.sql files; the container path here already pipes via stdin so quotes / `$` / `;` are safe. Multi-statement scripts work fine: separate with `;` and they will all be executed by psql/mysql.\n\nTwo routing modes:\n- MySQL via `/var/www` autodiscover (default): pass `sitePath` (and `engine: "mysql"` implicitly). Credentials are read from wp-config.php, parameters.php, .env.\n- Direct via Docker container: pass `containerName` (the container running the DB server). Engine defaults to `postgres`; pass `engine: "mysql"` or `"mssql"` to override. Use `db-discover include=["postgres-containers"]` to find available containers + creds.\n\nPostgres example: `{ serverId, containerName: "refront-postgres-vanilla", dbName: "main", dbUser: "postgres", query: "SELECT 1" }`. Defaults: dbUser=postgres, dbName=postgres.\nMSSQL example: `{ serverId, containerName: "mssql-1", engine: "mssql", dbUser: "sa", dbPass: "...", query: "SELECT 1" }`.\n\nResult safety: `maxRows` (default 1000, max 10000) auto-injects a `LIMIT` for SELECT queries that don\'t have one. The footer reports whether the cap was applied. Pass `maxRows: 0` to disable.\n\nDiagnostics: `explain: true` prepends EXPLAIN (postgres / mysql) or runs `SET SHOWPLAN_TEXT ON` (mssql).\n\nSchema introspection: pass `describe: "tablename"` to get columns + indexes (works for mysql, postgres, and mssql). Pass `describe: "*"` to list all tables. When `describe` is set, `query` is ignored.\n\nDestructive operations (DROP, TRUNCATE, ALTER \u2026 DROP, naked DELETE) are blocked by default. For schema migrations, **prefer `db-apply-migration`** \u2014 it has an audit ledger and idempotency. As an escape hatch for ad-hoc hot-fixes, pass `allowDestructive: "yes-i-understand-this-is-not-logged"` (literal string) to bypass the gate. The bypass is logged in the response footer.',
+    description: 'Execute SQL against any database. **Use this for ALL queries (SELECT, INSERT, UPDATE, DELETE, schema introspection) against vanilla Postgres / MySQL / MSSQL containers** \u2014 do NOT fall back to `ssh-execute` + `docker cp` + `psql -f` with .tmp.sql files; the container path here already pipes via stdin so quotes / `$` / `;` are safe. Multi-statement scripts work fine: separate with `;` and they will all be executed by psql/mysql.\n\nTwo routing modes:\n- MySQL via `/var/www` autodiscover (default): pass `sitePath` (and `engine: "mysql"` implicitly). Credentials are read from wp-config.php, parameters.php, .env.\n- Direct via Docker container: pass `containerName` (the container running the DB server). Engine defaults to `postgres`; pass `engine: "mysql"` or `"mssql"` to override. Use `db-discover include=["postgres-containers"]` to find available containers + creds.\n\nPostgres example: `{ serverId, containerName: "refront-postgres-vanilla", dbName: "main", dbUser: "postgres", query: "SELECT 1" }`. Defaults: dbUser=postgres, dbName=postgres.\nMSSQL example: `{ serverId, containerName: "mssql-1", engine: "mssql", dbUser: "sa", dbPass: "...", query: "SELECT 1" }`.\n\nResult safety: `maxRows` (default 1000, max 10000) auto-injects a `LIMIT` for SELECT queries that don\'t have one. The footer reports whether the cap was applied. Pass `maxRows: 0` to disable.\n\nDiagnostics: `explain: true` prepends EXPLAIN (postgres / mysql) or runs `SET SHOWPLAN_TEXT ON` (mssql).\n\nAtomic multi-statement: pass `transaction: true` to wrap the query in BEGIN/COMMIT (postgres / mysql) so a failure in any statement rolls back the lot. Use for ad-hoc fixes that are not schema migrations (e.g. `UPDATE tax_rate SET pct = pct * 100; UPDATE order SET ...`).\n\nSchema introspection: pass `describe: "tablename"` to get columns + indexes (works for mysql, postgres, and mssql). Pass `describe: "*"` to list all tables. When `describe` is set, `query` is ignored.\n\nDestructive operations (DROP, TRUNCATE, ALTER \u2026 DROP, naked DELETE) are blocked by default. For schema migrations, **prefer `db-apply-migration`** \u2014 it has an audit ledger and idempotency. As an escape hatch for ad-hoc hot-fixes, pass `allowDestructive: "yes-i-understand-this-is-not-logged"` (literal string) to bypass the gate. The bypass is logged in the response footer.',
     inputSchema: {
       type: "object",
       properties: {
@@ -4685,7 +4717,8 @@ var TOOLS = [
         dbPass: { type: "string", description: "Database password (containerName mode). Required for mssql; optional for mysql; postgres uses trust auth by default." },
         maxRows: { type: "number", description: "Auto-inject LIMIT for unbounded SELECTs. Default 1000, max 10000, set 0 to disable." },
         explain: { type: "boolean", description: "Prepend EXPLAIN (postgres/mysql) or SHOWPLAN (mssql) instead of executing. Useful for slow-query diagnosis." },
-        allowDestructive: { type: "string", description: 'Escape hatch for ad-hoc DROP/TRUNCATE/ALTER\u2026DROP/naked DELETE. Pass the literal string "yes-i-understand-this-is-not-logged". For schema migrations prefer db-apply-migration (audit-logged, idempotent).' }
+        allowDestructive: { type: "string", description: 'Escape hatch for ad-hoc DROP/TRUNCATE/ALTER\u2026DROP/naked DELETE. Pass the literal string "yes-i-understand-this-is-not-logged". For schema migrations prefer db-apply-migration (audit-logged, idempotent).' },
+        transaction: { type: "boolean", description: "Wrap the query in BEGIN/COMMIT so multiple statements either all succeed or all roll back. Use for atomic ad-hoc updates like `UPDATE x SET y = y * 100; UPDATE z ...` that are not migration-worthy. Ignored in EXPLAIN mode and on MSSQL (use its own transaction syntax). Postgres/MySQL only." }
       },
       required: ["serverId"]
     }
@@ -4705,7 +4738,8 @@ var TOOLS = [
         localFile: { type: "string", description: "Path on this machine to a .sql file (read here, streamed via stdin)" },
         remoteFile: { type: "string", description: "Absolute path of a .sql file already on the server (read with `cat`)" },
         noTransaction: { type: "boolean", description: "Skip the implicit BEGIN/COMMIT wrapper. Required for CONCURRENTLY / ALTER TYPE ADD VALUE / VACUUM. Default false." },
-        force: { type: "boolean", description: "Re-apply even when the ledger says it ran with a different sha256. Use after a deliberate edit; logged in the response." }
+        force: { type: "boolean", description: "Re-apply even when the ledger says it ran with a different sha256. Use after a deliberate edit; logged in the response." },
+        recordOnly: { type: "boolean", description: "Register the migration in the ledger WITHOUT executing the SQL. Use to backfill migrations that were applied out-of-band (e.g. by hand via ssh + psql). The SQL is still required so the recorded sha256 matches what was run." }
       },
       required: ["serverId", "containerName", "name"]
     }
@@ -4824,7 +4858,7 @@ var TOOLS = [
   // ----- Repo reference -----
   ...REPO_TOOLS
 ];
-var MCP_VERSION = "6.1.0";
+var MCP_VERSION = "6.2.0";
 async function handleListTools() {
   if (!authContext) return { tools: TOOLS };
   const accessible = TOOLS.filter((tool) => {
@@ -4892,7 +4926,7 @@ async function executeToolCall(name, a, _serverId) {
         const data = ctx.allowedServerIds !== null ? await db.execute(sql`
               SELECT id, name, hostname, port, username, tags, hosted_by, os_type, created_at
               FROM ssh_server
-              WHERE id = ANY(${ctx.allowedServerIds}::uuid[])
+              WHERE id = ANY(${uuidArrayParam(ctx.allowedServerIds)})
               ORDER BY name
             `) : await db.execute(sql`
               SELECT id, name, hostname, port, username, tags, hosted_by, os_type, created_at
@@ -5878,6 +5912,7 @@ For a one-off ad-hoc destructive query, pass \`allowDestructive: "${allowDestruc
         }
         let query = rawQuery.replace(/;\s*$/, "");
         let appliedLimit = false;
+        const wrapTransaction = a.transaction === true && !explainMode && !describeArg && engine !== "mssql";
         if (explainMode && !describeArg) {
           if (engine === "mssql") {
             query = `SET SHOWPLAN_TEXT ON;
@@ -5894,13 +5929,21 @@ LIMIT ${maxRows + 1}`;
             appliedLimit = true;
           }
         }
+        if (wrapTransaction) {
+          query = `BEGIN;
+${query.replace(/;\s*$/, "")};
+COMMIT;`;
+        }
+        const txBanner = wrapTransaction ? `
+[transaction] wrapped in BEGIN/COMMIT \u2014 all statements committed atomically.` : "";
         const destructiveBanner = allowDestructive ? "\n\n[allowDestructive] safety gate bypassed for this query \u2014 NOT recorded in any audit ledger. Consider db-apply-migration for repeatable schema changes." : "";
         if (!containerName && engine === "mysql") {
           if (!a.sitePath) return { content: [{ type: "text", text: "Error: sitePath is required for mysql autodiscover (or pass containerName + engine for direct DB queries)" }] };
           const { conn: conn2, proxy: proxy2 } = await getServerConnection(String(a.serverId));
           const output2 = await execSiteMysql(conn2, String(a.sitePath), query, proxy2);
           const footer2 = formatDbQueryFooter(output2, appliedLimit, maxRows, explainMode);
-          return { content: [{ type: "text", text: (output2 || "Query executed successfully (no output)") + footer2 + destructiveBanner }] };
+          return { content: [{ type: "text", text: (output2 || "Query executed successfully (no output)") + footer2 + destructiveBanner + txBanner }] };
         }
         if (!containerName) {
           return { content: [{ type: "text", text: `Error: engine=${engine} requires containerName (the docker container running the DB server, e.g. "supabase-db" or "trigger-postgres")` }] };
@@ -5940,7 +5983,7 @@ GO
           return { content: [{ type: "text", text: `Error (exit ${result.exitCode}, ${engine}): ${output}` }] };
         }
         const footer = formatDbQueryFooter(output, appliedLimit, maxRows, explainMode);
-        return { content: [{ type: "text", text: output + footer + destructiveBanner }] };
+        return { content: [{ type: "text", text: output + footer + destructiveBanner + txBanner }] };
       }
       case "db-apply-migration": {
         const containerName = String(a.containerName || "").replace(/[^a-zA-Z0-9._-]/g, "");
@@ -5954,6 +5997,9 @@ GO
         }
         const noTransaction = a.noTransaction === true;
         const force = a.force === true;
+        const recordOnly = a.recordOnly === true;
+        const t0 = Date.now();
+        const took = () => `${((Date.now() - t0) / 1e3).toFixed(2)}s`;
         const sources = [
           typeof a.sql === "string" && a.sql ? "sql" : null,
           typeof a.localFile === "string" && a.localFile ? "localFile" : null,
@@ -5992,20 +6038,23 @@ GO
           return { content: [{ type: "text", text: "Error: resolved SQL is empty" }] };
         }
         const sha = migrationSha256(migrationSql);
-        const probeSql = `${MIGRATION_LEDGER_DDL}
-SELECT sha256 FROM _mcp_migrations WHERE name = ${dollarQuote(name2)};
+        const ddl = await psqlInContainer(conn, proxy, containerName, dbUser, dbName, `${MIGRATION_LEDGER_DDL}
+`, "");
+        if (ddl.exitCode !== 0) {
+          return { content: [{ type: "text", text: `Error initialising ledger on ${containerName} (${dbName}): ${ddl.stderr || ddl.stdout || `exit ${ddl.exitCode}`}` }] };
+        }
+        const probeSelect = `SELECT sha256 FROM _mcp_migrations WHERE name = ${dollarQuote(name2)};
 `;
-        const probe = await psqlInContainer(conn, proxy, containerName, dbUser, dbName, probeSql, "-tA");
+        const probe = await psqlInContainer(conn, proxy, containerName, dbUser, dbName, probeSelect, "-tA");
         if (probe.exitCode !== 0) {
-          return { content: [{ type: "text", text: `Error initialising ledger on ${containerName} (${dbName}): ${probe.stderr || probe.stdout || `exit ${probe.exitCode}`}` }] };
+          return { content: [{ type: "text", text: `Error reading ledger on ${containerName} (${dbName}): ${probe.stderr || probe.stdout || `exit ${probe.exitCode}`}` }] };
         }
-        const probeLines = probe.stdout.split("\n").map((l) => l.trim()).filter((l) => l.length > 0);
-        const existingSha = probeLines.length > 0 ? probeLines[probeLines.length - 1] : "";
+        const existingSha = probe.stdout.split("\n").map((l) => l.trim()).find((l) => /^[0-9a-f]{64}$/.test(l)) || "";
         if (existingSha && existingSha === sha) {
           return {
             content: [{
               type: "text",
-              text: `[noop] Migration "${name2}" already applied on ${containerName}/${dbName} (sha256 matches).
+              text: `[noop] Migration "${name2}" already applied on ${containerName}/${dbName} (sha256 matches, took ${took()}).
 Ledger sha: ${sha.slice(0, 12)}\u2026`
             }]
           };
@@ -6014,7 +6063,7 @@ Ledger sha: ${sha.slice(0, 12)}\u2026`
           return {
             content: [{
               type: "text",
-              text: `[drift] Migration "${name2}" exists in ledger with DIFFERENT sha256.
+              text: `[drift] Migration "${name2}" exists in ledger with DIFFERENT sha256 (took ${took()}).
   ledger sha: ${existingSha.slice(0, 12)}\u2026
   new sha:    ${sha.slice(0, 12)}\u2026
@@ -6026,6 +6075,29 @@ This usually means the migration file was edited after it was first applied. Ins
         const ledgerInsert = `INSERT INTO _mcp_migrations (name, sha256, applied_by) VALUES (${dollarQuote(name2)}, ${dollarQuote(sha)}, ${dollarQuote(appliedBy)})
 ON CONFLICT (name) DO UPDATE SET sha256 = EXCLUDED.sha256, applied_at = now(), applied_by = EXCLUDED.applied_by;
 `;
+        if (recordOnly) {
+          const record = await psqlInContainer(conn, proxy, containerName, dbUser, dbName, ledgerInsert, "");
+          if (record.exitCode !== 0) {
+            return {
+              content: [{
+                type: "text",
+                text: `[failed] Ledger insert for "${name2}" failed (recordOnly=true, no SQL was executed).
+psql exit: ${record.exitCode}
+` + (record.stderr ? `--- stderr ---
+${record.stderr}
+` : "") + (record.stdout ? `--- stdout ---
+${record.stdout}` : "")
+              }]
+            };
+          }
+          return {
+            content: [{
+              type: "text",
+              text: `[recorded] "${name2}" written to ledger on ${containerName}/${dbName} WITHOUT executing the SQL (recordOnly=true${existingSha ? ", overwrote existing entry" : ""}, took ${took()}).
+ledger sha: ${sha.slice(0, 12)}\u2026`
+            }]
+          };
+        }
         if (noTransaction) {
           const apply = await psqlInContainer(conn, proxy, containerName, dbUser, dbName, normalised, "");
           if (apply.exitCode !== 0) {
@@ -6058,7 +6130,7 @@ ${record.stdout}` : "")
           return {
             content: [{
               type: "text",
-              text: `[applied] "${name2}" on ${containerName}/${dbName} (noTransaction=true${existingSha ? ", force" : ""}).
+              text: `[applied] "${name2}" on ${containerName}/${dbName} (noTransaction=true${existingSha ? ", force" : ""}, took ${took()}).
 ledger sha: ${sha.slice(0, 12)}\u2026
 ` + (apply.stdout ? `--- output ---
 ${apply.stdout.trim()}` : "(no output)")
@@ -6086,7 +6158,7 @@ ${res.stdout}` : "")
         return {
           content: [{
             type: "text",
-            text: `[applied] "${name2}" on ${containerName}/${dbName}${existingSha ? " (forced overwrite)" : ""}.
+            text: `[applied] "${name2}" on ${containerName}/${dbName}${existingSha ? " (forced overwrite)" : ""} (took ${took()}).
 ledger sha: ${sha.slice(0, 12)}\u2026
 ` + (res.stdout ? `--- output ---
 ${res.stdout.trim()}` : "(no output)")
@@ -6101,8 +6173,7 @@ ${res.stdout.trim()}` : "(no output)")
         const limitRaw = Number(a.limit);
         const limit = Math.min(Math.max(Number.isFinite(limitRaw) && limitRaw > 0 ? Math.floor(limitRaw) : 50, 1), 500);
         const { conn, proxy } = await getServerConnection(String(a.serverId));
-        const sqlText = `DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_class WHERE relname = '_mcp_migrations') THEN RAISE NOTICE 'NO_LEDGER'; END IF; END $$;
-SELECT name, substr(sha256, 1, 12) || '\u2026' AS sha, applied_at, applied_by
+        const sqlText = `SELECT name, sha256, applied_at, applied_by
 FROM _mcp_migrations
 ORDER BY applied_at DESC
 LIMIT ${limit};
@@ -6127,7 +6198,7 @@ LIMIT ${limit};
         const data = stageFilterIds ? await db.execute(sql`
               SELECT id, app_name, environment, description, updated_at, release_profile_stage_id
               FROM env_config
-              WHERE release_profile_stage_id = ANY(${stageFilterIds}::uuid[])
+              WHERE release_profile_stage_id = ANY(${uuidArrayParam(stageFilterIds)})
               ORDER BY app_name, environment
             `) : await db.execute(sql`
               SELECT id, app_name, environment, description, updated_at, release_profile_stage_id
@@ -6155,7 +6226,7 @@ LIMIT ${limit};
               FROM env_config
               WHERE app_name = ${appName}
                 AND environment = ${environment}
-                AND release_profile_stage_id = ANY(${stageFilterIds}::uuid[])
+                AND release_profile_stage_id = ANY(${uuidArrayParam(stageFilterIds)})
             `) : await db.execute(sql`
               SELECT env_data_encrypted, release_profile_stage_id
               FROM env_config
@@ -6190,7 +6261,7 @@ LIMIT ${limit};
               FROM env_config
               WHERE app_name = ${appName}
                 AND environment = ${environment}
-                AND release_profile_stage_id = ANY(${resolvedStageIds}::uuid[])
+                AND release_profile_stage_id = ANY(${uuidArrayParam(resolvedStageIds)})
             `) : await db.execute(sql`
               SELECT id, release_profile_stage_id
               FROM env_config