@mgsoftwarebv/mg-dashboard-mcp 6.2.0 → 6.3.0

package/dist/index.js

@@ -2750,7 +2750,7 @@ async function getServerConnection(serverIdOrName) {
   const needsProxy = data.allowed_ssh_ips !== null && serverId !== SSH_PROXY_SERVER_ID;
   const proxy = needsProxy ? await getProxyConnection() : void 0;
   const os = data.os_type === "windows" ? "windows" : "linux";
-  return { conn, proxy, os };
+  return { serverId, conn, proxy, os };
 }
 async function sshExec(opts, command, proxy, options) {
   const first = await sshExecOnce(opts, command, proxy, options);
@@ -4232,6 +4232,34 @@ done
   }
   return out;
 }
+var POSTGRES_CONTAINER_CREDS_CACHE = /* @__PURE__ */ new Map();
+var PG_CREDS_TTL_MS = 60 * 60 * 1e3;
+function cachePostgresContainerCreds(serverId, containerName, creds) {
+  POSTGRES_CONTAINER_CREDS_CACHE.set(`${serverId}|${containerName}`, { ...creds, capturedAt: Date.now() });
+}
+async function resolvePostgresContainerCreds(conn, proxy, serverId, containerName) {
+  const key = `${serverId}|${containerName}`;
+  const cached = POSTGRES_CONTAINER_CREDS_CACHE.get(key);
+  if (cached && Date.now() - cached.capturedAt < PG_CREDS_TTL_MS) return cached;
+  const safeContainer = containerName.replace(/[^a-zA-Z0-9._-]/g, "");
+  const res = await sshExec(
+    conn,
+    `docker exec ${safeContainer} env 2>/dev/null | grep -E '^POSTGRES_(USER|DB|PASSWORD)='`,
+    proxy
+  );
+  let dbUser = "postgres";
+  let dbName = "postgres";
+  let hasPassword = false;
+  for (const raw of res.stdout.split("\n")) {
+    const line = raw.trim();
+    if (line.startsWith("POSTGRES_USER=")) dbUser = line.slice("POSTGRES_USER=".length) || "postgres";
+    else if (line.startsWith("POSTGRES_DB=")) dbName = line.slice("POSTGRES_DB=".length) || "postgres";
+    else if (line.startsWith("POSTGRES_PASSWORD=")) hasPassword = true;
+  }
+  const creds = { dbName, dbUser, hasPassword, capturedAt: Date.now() };
+  POSTGRES_CONTAINER_CREDS_CACHE.set(key, creds);
+  return creds;
+}
 async function psqlInContainer(conn, proxy, containerName, dbUser, dbName, scriptSql, flags) {
   const safeContainer = containerName.replace(/[^a-zA-Z0-9._-]/g, "");
   const safeUser = dbUser.replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
@@ -4687,22 +4715,22 @@ var TOOLS = [
   },
   {
     name: "db-tables",
-    description: "List tables with row counts + sizes. Two routing modes:\n- MySQL via `/var/www` autodiscover: pass `sitePath`. Credentials are read from wp-config.php / parameters.php / .env.\n- Postgres container: pass `containerName` (and optionally `dbName` / `dbUser`, defaulting to `postgres`). Returns one row per user table sorted by total size, with estimated row count from pg_class.reltuples.",
+    description: "List tables with row counts + sizes. Two routing modes:\n- MySQL via `/var/www` autodiscover: pass `sitePath`. Credentials are read from wp-config.php / parameters.php / .env.\n- Postgres container: pass `containerName`. dbName + dbUser are auto-resolved from the container `POSTGRES_DB` / `POSTGRES_USER` env vars (cached 1h). Returns one row per user table sorted by total size, with estimated row count from pg_class.reltuples.",
     inputSchema: {
       type: "object",
       properties: {
-        serverId: { type: "string", description: "UUID of the SSH server" },
+        serverId: { type: "string", description: "UUID or (fuzzy) name of the SSH server" },
         sitePath: { type: "string", description: "Site root path (e.g. /var/www/example.com). MySQL autodiscover mode." },
         containerName: { type: "string", description: "Postgres container name. Activates direct Postgres mode." },
-        dbName: { type: "string", description: 'Database name (containerName mode, defaults to "postgres")' },
-        dbUser: { type: "string", description: 'Database user (containerName mode, defaults to "postgres")' }
+        dbName: { type: "string", description: "Database name (containerName mode). Auto-resolved from container env when omitted." },
+        dbUser: { type: "string", description: "Database user (containerName mode). Auto-resolved from container env when omitted." }
       },
       required: ["serverId"]
     }
   },
   {
     name: "db-query",
-    description: 'Execute SQL against any database. **Use this for ALL queries (SELECT, INSERT, UPDATE, DELETE, schema introspection) against vanilla Postgres / MySQL / MSSQL containers** \u2014 do NOT fall back to `ssh-execute` + `docker cp` + `psql -f` with .tmp.sql files; the container path here already pipes via stdin so quotes / `$` / `;` are safe. Multi-statement scripts work fine: separate with `;` and they will all be executed by psql/mysql.\n\nTwo routing modes:\n- MySQL via `/var/www` autodiscover (default): pass `sitePath` (and `engine: "mysql"` implicitly). Credentials are read from wp-config.php, parameters.php, .env.\n- Direct via Docker container: pass `containerName` (the container running the DB server). Engine defaults to `postgres`; pass `engine: "mysql"` or `"mssql"` to override. Use `db-discover include=["postgres-containers"]` to find available containers + creds.\n\nPostgres example: `{ serverId, containerName: "refront-postgres-vanilla", dbName: "main", dbUser: "postgres", query: "SELECT 1" }`. Defaults: dbUser=postgres, dbName=postgres.\nMSSQL example: `{ serverId, containerName: "mssql-1", engine: "mssql", dbUser: "sa", dbPass: "...", query: "SELECT 1" }`.\n\nResult safety: `maxRows` (default 1000, max 10000) auto-injects a `LIMIT` for SELECT queries that don\'t have one. The footer reports whether the cap was applied. Pass `maxRows: 0` to disable.\n\nDiagnostics: `explain: true` prepends EXPLAIN (postgres / mysql) or runs `SET SHOWPLAN_TEXT ON` (mssql).\n\nAtomic multi-statement: pass `transaction: true` to wrap the query in BEGIN/COMMIT (postgres / mysql) so a failure in any statement rolls back the lot. Use for ad-hoc fixes that are not schema migrations (e.g. `UPDATE tax_rate SET pct = pct * 100; UPDATE order SET ...`).\n\nSchema introspection: pass `describe: "tablename"` to get columns + indexes (works for mysql, postgres, and mssql). Pass `describe: "*"` to list all tables. When `describe` is set, `query` is ignored.\n\nDestructive operations (DROP, TRUNCATE, ALTER \u2026 DROP, naked DELETE) are blocked by default. For schema migrations, **prefer `db-apply-migration`** \u2014 it has an audit ledger and idempotency. As an escape hatch for ad-hoc hot-fixes, pass `allowDestructive: "yes-i-understand-this-is-not-logged"` (literal string) to bypass the gate. The bypass is logged in the response footer.',
+    description: 'Execute SQL against any database. **Use this for ALL queries (SELECT, INSERT, UPDATE, DELETE, schema introspection) against vanilla Postgres / MySQL / MSSQL containers** \u2014 do NOT fall back to `ssh-execute` + `docker cp` + `psql -f` with .tmp.sql files; the container path here already pipes via stdin so quotes / `$` / `;` are safe. Multi-statement scripts work fine: separate with `;` and they will all be executed by psql/mysql.\n\nTwo routing modes:\n- MySQL via `/var/www` autodiscover (default): pass `sitePath` (and `engine: "mysql"` implicitly). Credentials are read from wp-config.php, parameters.php, .env.\n- Direct via Docker container: pass `containerName` (the container running the DB server). Engine defaults to `postgres`; pass `engine: "mysql"` or `"mssql"` to override. Use `db-discover include=["postgres-containers"]` to find available containers + creds.\n\nPostgres example: `{ serverId, containerName: "refront-postgres-vanilla", query: "SELECT 1" }` \u2014 dbName and dbUser are AUTO-RESOLVED from the container\'s `POSTGRES_USER` / `POSTGRES_DB` env vars (cached 1h per server). Only pass `dbName`/`dbUser` explicitly when the instance hosts multiple databases or you want to query as a non-default role.\nMSSQL example: `{ serverId, containerName: "mssql-1", engine: "mssql", dbUser: "sa", dbPass: "...", query: "SELECT 1" }`.\n\nResult safety: `maxRows` (default 1000, max 10000) auto-injects a `LIMIT` for SELECT queries that don\'t have one. The footer reports whether the cap was applied. Pass `maxRows: 0` to disable.\n\nDiagnostics: `explain: true` prepends EXPLAIN (postgres / mysql) or runs `SET SHOWPLAN_TEXT ON` (mssql).\n\nAtomic multi-statement: pass `transaction: true` to wrap the query in BEGIN/COMMIT (postgres / mysql) so a failure in any statement rolls back the lot. Use for ad-hoc fixes that are not schema migrations (e.g. `UPDATE tax_rate SET pct = pct * 100; UPDATE order SET ...`).\n\nSchema introspection: pass `describe: "tablename"` to get columns + indexes (works for mysql, postgres, and mssql). Pass `describe: "*"` to list all tables. When `describe` is set, `query` is ignored.\n\nDestructive operations (DROP, TRUNCATE, ALTER \u2026 DROP, naked DELETE) are blocked by default. For schema migrations, **prefer `db-apply-migration`** \u2014 it has an audit ledger and idempotency. As an escape hatch for ad-hoc hot-fixes, pass `allowDestructive: "yes-i-understand-this-is-not-logged"` (literal string) to bypass the gate. The bypass is logged in the response footer.',
     inputSchema: {
       type: "object",
       properties: {
@@ -4712,8 +4740,8 @@ var TOOLS = [
         sitePath: { type: "string", description: "Site root path (e.g. /var/www/example.com). Used only with engine=mysql autodiscover." },
         containerName: { type: "string", description: 'Docker container running the DB server (e.g. "refront-postgres-vanilla", "supabase-db"). Activates direct-query mode.' },
         engine: { type: "string", enum: ["mysql", "postgres", "mssql"], description: 'DB engine. Defaults to "mysql" with sitePath, "postgres" with containerName.' },
-        dbName: { type: "string", description: 'Database name (containerName mode). Defaults: postgres \u2192 "postgres", mysql \u2192 server default, mssql \u2192 server default.' },
-        dbUser: { type: "string", description: 'Database user (containerName mode). Defaults: postgres \u2192 "postgres", mysql \u2192 "root", mssql \u2192 "sa".' },
+        dbName: { type: "string", description: "Database name (containerName mode). For postgres: auto-resolved from container `POSTGRES_DB` env var when omitted. For mysql: server default. For mssql: server default." },
+        dbUser: { type: "string", description: 'Database user (containerName mode). For postgres: auto-resolved from container `POSTGRES_USER` env var when omitted. For mysql: defaults to "root". For mssql: defaults to "sa".' },
         dbPass: { type: "string", description: "Database password (containerName mode). Required for mssql; optional for mysql; postgres uses trust auth by default." },
         maxRows: { type: "number", description: "Auto-inject LIMIT for unbounded SELECTs. Default 1000, max 10000, set 0 to disable." },
         explain: { type: "boolean", description: "Prepend EXPLAIN (postgres/mysql) or SHOWPLAN (mssql) instead of executing. Useful for slow-query diagnosis." },
@@ -4725,14 +4753,14 @@ var TOOLS = [
   },
   {
     name: "db-apply-migration",
-    description: 'Apply a SQL migration to a Postgres container and record it in an MCP-managed ledger table (`_mcp_migrations`) so re-runs are idempotent. Use this for ALL schema changes (CREATE/ALTER/DROP/TRUNCATE) \u2014 it allows DDL that `db-query` blocks, and gives you audit + drift detection in exchange.\n\nLedger schema (auto-created on first call): `_mcp_migrations(name TEXT PRIMARY KEY, sha256 TEXT, applied_at TIMESTAMPTZ, applied_by TEXT)`.\n\nBehaviour:\n- If `name` is already in the ledger AND the sha256 of the supplied SQL matches \u2192 no-op, returns "already applied".\n- If `name` is already in the ledger with a DIFFERENT sha256 \u2192 fails loudly ("drift detected"). Pass `force: true` to overwrite (logged).\n- Otherwise the SQL is wrapped in BEGIN/COMMIT and applied, then a row is inserted into `_mcp_migrations`.\n\nPass `noTransaction: true` for statements that cannot run inside a transaction (`CREATE INDEX CONCURRENTLY`, `ALTER TYPE \u2026 ADD VALUE`, `VACUUM`, etc.). In that mode the user SQL runs first and the ledger is recorded in a separate follow-up call.\n\nSQL source: provide ONE of `sql` (inline string), `localFile` (path on this machine, read and piped via stdin), or `remoteFile` (absolute path on the SSH server, read with `cat` first).\n\nExample: `{ serverId, containerName: "refront-postgres-vanilla", dbName: "main", name: "20260517120000_add_unified_classification", localFile: "./migrations/20260517120000_add_unified_classification.sql" }`.',
+    description: 'Apply a SQL migration to a Postgres container and record it in an MCP-managed ledger table (`_mcp_migrations`) so re-runs are idempotent. Use this for ALL schema changes (CREATE/ALTER/DROP/TRUNCATE) \u2014 it allows DDL that `db-query` blocks, and gives you audit + drift detection in exchange.\n\nLedger schema (auto-created on first call): `_mcp_migrations(name TEXT PRIMARY KEY, sha256 TEXT, applied_at TIMESTAMPTZ, applied_by TEXT)`.\n\nBehaviour:\n- If `name` is already in the ledger AND the sha256 of the supplied SQL matches \u2192 no-op, returns "already applied".\n- If `name` is already in the ledger with a DIFFERENT sha256 \u2192 fails loudly ("drift detected"). Pass `force: true` to overwrite (logged).\n- Otherwise the SQL is wrapped in BEGIN/COMMIT and applied, then a row is inserted into `_mcp_migrations`.\n\nPass `noTransaction: true` for statements that cannot run inside a transaction (`CREATE INDEX CONCURRENTLY`, `ALTER TYPE \u2026 ADD VALUE`, `VACUUM`, etc.). In that mode the user SQL runs first and the ledger is recorded in a separate follow-up call.\n\nSQL source: provide ONE of `sql` (inline string), `localFile` (path on this machine, read and piped via stdin), or `remoteFile` (absolute path on the SSH server, read with `cat` first).\n\nExample: `{ serverId, containerName: "refront-postgres-vanilla", name: "20260517120000_add_unified_classification", localFile: "./migrations/20260517120000_add_unified_classification.sql" }` \u2014 dbName + dbUser are auto-resolved from the container env (cached 1h).',
     inputSchema: {
       type: "object",
       properties: {
-        serverId: { type: "string", description: "UUID of the SSH server" },
+        serverId: { type: "string", description: "UUID or (fuzzy) name of the SSH server" },
         containerName: { type: "string", description: 'Postgres container name (e.g. "refront-postgres-vanilla")' },
-        dbName: { type: "string", description: 'Database (defaults to "postgres" \u2014 set explicitly to your app DB)' },
-        dbUser: { type: "string", description: 'User (defaults to "postgres")' },
+        dbName: { type: "string", description: "Database. Auto-resolved from container `POSTGRES_DB` env when omitted. Override only when the instance hosts multiple databases." },
+        dbUser: { type: "string", description: "User. Auto-resolved from container `POSTGRES_USER` env when omitted." },
         name: { type: "string", description: "Unique migration name (recommended format: `YYYYMMDDhhmmss_description`)" },
         sql: { type: "string", description: "Inline SQL string (mutually exclusive with localFile / remoteFile)" },
         localFile: { type: "string", description: "Path on this machine to a .sql file (read here, streamed via stdin)" },
@@ -4746,14 +4774,14 @@ var TOOLS = [
   },
   {
     name: "db-list-migrations",
-    description: 'List entries from the `_mcp_migrations` ledger on a Postgres container. Answers "what migrations have already been applied here?" without having to write SQL. Returns name, sha256 (truncated), applied_at, applied_by, ordered by most recent first. If the ledger table does not exist yet (no migrations applied via db-apply-migration), returns an empty list.',
+    description: 'List entries from the `_mcp_migrations` ledger on a Postgres container. Answers "what migrations have already been applied here?" without having to write SQL. Returns full name, sha256, applied_at, applied_by, ordered by most recent first. If the ledger table does not exist yet (no migrations applied via db-apply-migration), returns a friendly empty response. dbName + dbUser are auto-resolved from the container env when omitted.',
     inputSchema: {
       type: "object",
       properties: {
-        serverId: { type: "string", description: "UUID of the SSH server" },
+        serverId: { type: "string", description: "UUID or (fuzzy) name of the SSH server" },
         containerName: { type: "string", description: "Postgres container name" },
-        dbName: { type: "string", description: 'Database (defaults to "postgres")' },
-        dbUser: { type: "string", description: 'User (defaults to "postgres")' },
+        dbName: { type: "string", description: "Database. Auto-resolved from container `POSTGRES_DB` env when omitted." },
+        dbUser: { type: "string", description: "User. Auto-resolved from container `POSTGRES_USER` env when omitted." },
         limit: { type: "number", description: "Max number of entries (default 50, max 500)" }
       },
       required: ["serverId", "containerName"]
@@ -4858,7 +4886,7 @@ var TOOLS = [
   // ----- Repo reference -----
   ...REPO_TOOLS
 ];
-var MCP_VERSION = "6.2.0";
+var MCP_VERSION = "6.3.0";
 async function handleListTools() {
   if (!authContext) return { tools: TOOLS };
   const accessible = TOOLS.filter((tool) => {
@@ -5814,7 +5842,7 @@ ${trail.join("\n")}` }] };
       }
       // ----- Database -----
       case "db-discover": {
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        const { serverId, conn, proxy } = await getServerConnection(String(a.serverId));
         const rawInclude = Array.isArray(a.include) ? a.include.map(String) : ["www"];
         const include = new Set(rawInclude.filter((m) => m === "www" || m === "postgres-containers"));
         if (include.size === 0) include.add("www");
@@ -5833,6 +5861,13 @@ ${lines.join("\n")}`);
         }
         if (include.has("postgres-containers")) {
           const containers = await discoverPostgresContainers(conn, proxy);
+          for (const c of containers) {
+            cachePostgresContainerCreds(serverId, c.container, {
+              dbName: c.db,
+              dbUser: c.user,
+              hasPassword: c.hasPassword
+            });
+          }
           if (!containers.length) {
             sections.push("## Postgres containers\n(none \u2014 no running container exposes POSTGRES_USER/POSTGRES_DB)");
           } else {
@@ -5842,17 +5877,22 @@ ${lines.join("\n")}`);
             sections.push(`## Postgres containers (${containers.length})
 ${lines.join("\n")}
 
-Tip: use these directly with \`db-query containerName=\u2026 dbName=\u2026 dbUser=\u2026\` or \`db-apply-migration\`.`);
+Tip: pass just \`containerName\` to \`db-query\` / \`db-apply-migration\` / \`db-list-migrations\` \u2014 dbName + dbUser are auto-resolved from the container env (cached for 1h per server).`);
           }
         }
         return { content: [{ type: "text", text: sections.join("\n\n") }] };
       }
       case "db-tables": {
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        const { serverId, conn, proxy } = await getServerConnection(String(a.serverId));
         const containerName = typeof a.containerName === "string" && a.containerName ? a.containerName : "";
         if (containerName) {
-          const dbUser = typeof a.dbUser === "string" && a.dbUser ? a.dbUser : "postgres";
-          const dbName = typeof a.dbName === "string" && a.dbName ? a.dbName : "postgres";
+          let dbUser = typeof a.dbUser === "string" && a.dbUser ? a.dbUser : "";
+          let dbName = typeof a.dbName === "string" && a.dbName ? a.dbName : "";
+          if (!dbUser || !dbName) {
+            const creds = await resolvePostgresContainerCreds(conn, proxy, serverId, containerName);
+            if (!dbUser) dbUser = creds.dbUser;
+            if (!dbName) dbName = creds.dbName;
+          }
           const sqlText2 = `SELECT n.nspname AS schema,
        c.relname AS "table",
        pg_size_pretty(pg_total_relation_size(c.oid)) AS size,
@@ -5948,9 +5988,14 @@ COMMIT;`;
         if (!containerName) {
           return { content: [{ type: "text", text: `Error: engine=${engine} requires containerName (the docker container running the DB server, e.g. "supabase-db" or "trigger-postgres")` }] };
         }
-        const dbName = typeof a.dbName === "string" && a.dbName ? a.dbName.replace(/[^a-zA-Z0-9_-]/g, "") : "";
-        const dbUser = typeof a.dbUser === "string" && a.dbUser ? a.dbUser.replace(/[^a-zA-Z0-9_-]/g, "") : "";
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        let dbName = typeof a.dbName === "string" && a.dbName ? a.dbName.replace(/[^a-zA-Z0-9_-]/g, "") : "";
+        let dbUser = typeof a.dbUser === "string" && a.dbUser ? a.dbUser.replace(/[^a-zA-Z0-9_-]/g, "") : "";
+        const { serverId, conn, proxy } = await getServerConnection(String(a.serverId));
+        if (engine === "postgres" && (!dbName || !dbUser)) {
+          const creds = await resolvePostgresContainerCreds(conn, proxy, serverId, containerName);
+          if (!dbName) dbName = creds.dbName.replace(/[^a-zA-Z0-9_-]/g, "");
+          if (!dbUser) dbUser = creds.dbUser.replace(/[^a-zA-Z0-9_-]/g, "");
+        }
         let cmd;
         let stdinPayload;
         if (engine === "postgres") {
@@ -5988,8 +6033,8 @@ GO
       case "db-apply-migration": {
         const containerName = String(a.containerName || "").replace(/[^a-zA-Z0-9._-]/g, "");
         if (!containerName) return { content: [{ type: "text", text: "Error: containerName is required" }] };
-        const dbUser = (typeof a.dbUser === "string" && a.dbUser ? a.dbUser : "postgres").replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
-        const dbName = (typeof a.dbName === "string" && a.dbName ? a.dbName : "postgres").replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
+        let dbUser = (typeof a.dbUser === "string" && a.dbUser ? a.dbUser : "").replace(/[^a-zA-Z0-9_-]/g, "");
+        let dbName = (typeof a.dbName === "string" && a.dbName ? a.dbName : "").replace(/[^a-zA-Z0-9_-]/g, "");
         const name2 = String(a.name || "").trim();
         if (!name2) return { content: [{ type: "text", text: 'Error: name is required (e.g. "20260517120000_add_foo")' }] };
         if (!/^[\w.@:+\-]+$/.test(name2) || name2.length > 200) {
@@ -6008,7 +6053,12 @@ GO
         if (sources.length !== 1) {
           return { content: [{ type: "text", text: `Error: pass exactly one of \`sql\`, \`localFile\`, or \`remoteFile\` (got ${sources.length || "none"}: ${sources.join(", ") || "\u2014"})` }] };
         }
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        const { serverId, conn, proxy } = await getServerConnection(String(a.serverId));
+        if (!dbUser || !dbName) {
+          const creds = await resolvePostgresContainerCreds(conn, proxy, serverId, containerName);
+          if (!dbUser) dbUser = creds.dbUser.replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
+          if (!dbName) dbName = creds.dbName.replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
+        }
         let migrationSql;
         if (typeof a.sql === "string" && a.sql) {
           migrationSql = a.sql;
@@ -6168,11 +6218,16 @@ ${res.stdout.trim()}` : "(no output)")
       case "db-list-migrations": {
         const containerName = String(a.containerName || "").replace(/[^a-zA-Z0-9._-]/g, "");
         if (!containerName) return { content: [{ type: "text", text: "Error: containerName is required" }] };
-        const dbUser = (typeof a.dbUser === "string" && a.dbUser ? a.dbUser : "postgres").replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
-        const dbName = (typeof a.dbName === "string" && a.dbName ? a.dbName : "postgres").replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
+        let dbUser = (typeof a.dbUser === "string" && a.dbUser ? a.dbUser : "").replace(/[^a-zA-Z0-9_-]/g, "");
+        let dbName = (typeof a.dbName === "string" && a.dbName ? a.dbName : "").replace(/[^a-zA-Z0-9_-]/g, "");
         const limitRaw = Number(a.limit);
         const limit = Math.min(Math.max(Number.isFinite(limitRaw) && limitRaw > 0 ? Math.floor(limitRaw) : 50, 1), 500);
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        const { serverId, conn, proxy } = await getServerConnection(String(a.serverId));
+        if (!dbUser || !dbName) {
+          const creds = await resolvePostgresContainerCreds(conn, proxy, serverId, containerName);
+          if (!dbUser) dbUser = creds.dbUser.replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
+          if (!dbName) dbName = creds.dbName.replace(/[^a-zA-Z0-9_-]/g, "") || "postgres";
+        }
         const sqlText = `SELECT name, sha256, applied_at, applied_by
 FROM _mcp_migrations
 ORDER BY applied_at DESC