@neverinfamous/mysql-mcp 2.3.0 → 3.0.0

package/src/adapters/mysql/tools/schema/constraints.ts

@@ -1,10 +1,20 @@
-import { z } from "zod";
+import { z, ZodError } from "zod";
 import type { MySQLAdapter } from "../../MySQLAdapter.js";
 import type {
   ToolDefinition,
   RequestContext,
 } from "../../../../types/index.js";
 
+/** Extract human-readable messages from a ZodError instead of raw JSON array */
+function formatZodError(error: ZodError): string {
+  return error.issues.map((i) => i.message).join("; ");
+}
+
+const ListConstraintsSchemaBase = z.object({
+  table: z.string().describe("Table name"),
+  type: z.string().optional().describe("Filter by constraint type"),
+});
+
 const ListConstraintsSchema = z.object({
   table: z.string().describe("Table name"),
   type: z
@@ -25,14 +35,23 @@ export function createListConstraintsTool(
     description:
       "List all constraints (primary key, foreign key, unique, check) for a table.",
     group: "schema",
-    inputSchema: ListConstraintsSchema,
+    inputSchema: ListConstraintsSchemaBase,
     requiredScopes: ["read"],
     annotations: {
       readOnlyHint: true,
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { table, type } = ListConstraintsSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListConstraintsSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { table, type } = parsed;
 
       const parts = table.split(".");
       let schemaName: string | null = null;

package/src/adapters/mysql/tools/schema/management.ts

@@ -1,4 +1,9 @@
-import { z } from "zod";
+import { z, ZodError } from "zod";
+
+/** Extract human-readable messages from a ZodError instead of raw JSON array */
+function formatZodError(error: ZodError): string {
+  return error.issues.map((i) => i.message).join("; ");
+}
 import type { MySQLAdapter } from "../../MySQLAdapter.js";
 import type {
   ToolDefinition,
@@ -41,7 +46,16 @@ export function createListSchemasTool(adapter: MySQLAdapter): ToolDefinition {
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { pattern } = ListSchemasSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListSchemasSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { pattern } = parsed;
 
       let query = `
                 SELECT 
@@ -85,12 +99,26 @@ export function createCreateSchemaTool(adapter: MySQLAdapter): ToolDefinition {
       readOnlyHint: false,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { name, charset, collation, ifNotExists } =
-        CreateSchemaSchema.parse(params);
+      let parsed;
+      try {
+        parsed = CreateSchemaSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { name, charset, collation, ifNotExists } = parsed;
 
-      // Validate schema name
       if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
-        throw new Error("Invalid schema name");
+        return { success: false, error: "Invalid schema name" };
+      }
+
+      if (!/^[a-zA-Z0-9_]+$/.test(charset)) {
+        return { success: false, error: `Invalid charset: ${charset}` };
+      }
+      if (!/^[a-zA-Z0-9_]+$/.test(collation)) {
+        return { success: false, error: `Invalid collation: ${collation}` };
       }
 
       // Pre-check: detect no-op when ifNotExists is true
@@ -120,10 +148,15 @@ export function createCreateSchemaTool(adapter: MySQLAdapter): ToolDefinition {
         if (message.toLowerCase().includes("database exists")) {
           return {
             success: false,
-            reason: `Schema '${name}' already exists`,
+            error: `Schema '${name}' already exists`,
           };
         }
-        throw err;
+        return {
+          success: false,
+          error: message
+            .replace(/^Query failed:\s*/i, "")
+            .replace(/^Execute failed:\s*/i, ""),
+        };
       }
     },
   };
@@ -146,14 +179,21 @@ export function createDropSchemaTool(adapter: MySQLAdapter): ToolDefinition {
       destructiveHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { name, ifExists } = DropSchemaSchema.parse(params);
+      let parsed;
+      try {
+        parsed = DropSchemaSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { name, ifExists } = parsed;
 
-      // Validate schema name
       if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
-        throw new Error("Invalid schema name");
+        return { success: false, error: "Invalid schema name" };
       }
 
-      // Protect system schemas
       const systemSchemas = [
         "mysql",
         "information_schema",
@@ -161,7 +201,7 @@ export function createDropSchemaTool(adapter: MySQLAdapter): ToolDefinition {
         "sys",
       ];
       if (systemSchemas.includes(name.toLowerCase())) {
-        throw new Error("Cannot drop system schema");
+        return { success: false, error: "Cannot drop system schema" };
       }
 
       // Pre-check: detect no-op when ifExists is true
@@ -194,10 +234,15 @@ export function createDropSchemaTool(adapter: MySQLAdapter): ToolDefinition {
         ) {
           return {
             success: false,
-            reason: `Schema '${name}' does not exist`,
+            error: `Schema '${name}' does not exist`,
           };
         }
-        throw err;
+        return {
+          success: false,
+          error: message
+            .replace(/^Query failed:\s*/i, "")
+            .replace(/^Execute failed:\s*/i, ""),
+        };
       }
     },
   };

package/src/adapters/mysql/tools/schema/routines.ts

@@ -1,4 +1,9 @@
-import { z } from "zod";
+import { z, ZodError } from "zod";
+
+/** Extract human-readable messages from a ZodError instead of raw JSON array */
+function formatZodError(error: ZodError): string {
+  return error.issues.map((i) => i.message).join("; ");
+}
 import type { MySQLAdapter } from "../../MySQLAdapter.js";
 import type {
   ToolDefinition,
@@ -10,7 +15,6 @@ const ListObjectsSchema = z.object({
     .string()
     .optional()
     .describe("Schema name (defaults to current database)"),
-  type: z.enum(["PROCEDURE", "FUNCTION"]).optional().describe("Filter by type"),
 });
 
 /**
@@ -31,7 +35,16 @@ export function createListStoredProceduresTool(
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { schema } = ListObjectsSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListObjectsSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { schema } = parsed;
 
       // P154: Schema existence check when explicitly provided
       if (schema) {
@@ -97,7 +110,16 @@ export function createListFunctionsTool(adapter: MySQLAdapter): ToolDefinition {
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { schema } = ListObjectsSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListObjectsSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { schema } = parsed;
 
       // P154: Schema existence check when explicitly provided
       if (schema) {

package/src/adapters/mysql/tools/schema/scheduled_events.ts

@@ -1,10 +1,23 @@
-import { z } from "zod";
+import { z, ZodError } from "zod";
 import type { MySQLAdapter } from "../../MySQLAdapter.js";
 import type {
   ToolDefinition,
   RequestContext,
 } from "../../../../types/index.js";
 
+/** Extract human-readable messages from a ZodError instead of raw JSON array */
+function formatZodError(error: ZodError): string {
+  return error.issues.map((i) => i.message).join("; ");
+}
+
+const ListEventsSchemaBase = z.object({
+  schema: z
+    .string()
+    .optional()
+    .describe("Schema name (defaults to current database)"),
+  status: z.string().optional().describe("Filter by status"),
+});
+
 const ListEventsSchema = z.object({
   schema: z
     .string()
@@ -26,14 +39,23 @@ export function createListEventsTool(adapter: MySQLAdapter): ToolDefinition {
     description:
       "List all scheduled events with execution status and schedule info.",
     group: "schema",
-    inputSchema: ListEventsSchema,
+    inputSchema: ListEventsSchemaBase,
     requiredScopes: ["read"],
     annotations: {
       readOnlyHint: true,
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { schema, status } = ListEventsSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListEventsSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { schema, status } = parsed;
 
       // P154: Schema existence check when explicitly provided
       if (schema) {

package/src/adapters/mysql/tools/schema/triggers.ts

@@ -1,4 +1,9 @@
-import { z } from "zod";
+import { z, ZodError } from "zod";
+
+/** Extract human-readable messages from a ZodError instead of raw JSON array */
+function formatZodError(error: ZodError): string {
+  return error.issues.map((i) => i.message).join("; ");
+}
 import type { MySQLAdapter } from "../../MySQLAdapter.js";
 import type {
   ToolDefinition,
@@ -29,7 +34,16 @@ export function createListTriggersTool(adapter: MySQLAdapter): ToolDefinition {
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { table, schema } = ListTriggersSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListTriggersSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { table, schema } = parsed;
 
       // P154: Schema existence check when explicitly provided
       if (schema) {
@@ -42,6 +56,17 @@ export function createListTriggersTool(adapter: MySQLAdapter): ToolDefinition {
         }
       }
 
+      // P154: Table existence check when explicitly provided
+      if (table) {
+        const tableCheck = await adapter.executeQuery(
+          "SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA = COALESCE(?, DATABASE()) AND TABLE_NAME = ?",
+          [schema ?? null, table],
+        );
+        if (!tableCheck.rows || tableCheck.rows.length === 0) {
+          return { exists: false, table };
+        }
+      }
+
       let query = `
                 SELECT 
                     TRIGGER_NAME as name,

package/src/adapters/mysql/tools/schema/views.ts

@@ -1,4 +1,9 @@
-import { z } from "zod";
+import { z, ZodError } from "zod";
+
+/** Extract human-readable messages from a ZodError instead of raw JSON array */
+function formatZodError(error: ZodError): string {
+  return error.issues.map((i) => i.message).join("; ");
+}
 import type { MySQLAdapter } from "../../MySQLAdapter.js";
 import type {
   ToolDefinition,
@@ -16,6 +21,14 @@ const ListViewsSchema = z.object({
     .describe("Schema name (defaults to current database)"),
 });
 
+const CreateViewSchemaBase = z.object({
+  name: z.string().describe("View name"),
+  definition: z.string().describe("SELECT statement defining the view"),
+  orReplace: z.boolean().default(false).describe("Use CREATE OR REPLACE"),
+  algorithm: z.string().default("UNDEFINED").describe("View algorithm"),
+  checkOption: z.string().default("NONE").describe("WITH CHECK OPTION"),
+});
+
 const CreateViewSchema = z.object({
   name: z.string().describe("View name"),
   definition: z.string().describe("SELECT statement defining the view"),
@@ -47,7 +60,16 @@ export function createListViewsTool(adapter: MySQLAdapter): ToolDefinition {
       idempotentHint: true,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { schema } = ListViewsSchema.parse(params);
+      let parsed;
+      try {
+        parsed = ListViewsSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { schema } = parsed;
 
       // P154: Schema existence check when explicitly provided
       if (schema) {
@@ -92,16 +114,29 @@ export function createCreateViewTool(adapter: MySQLAdapter): ToolDefinition {
     description:
       "Create or replace a view with specified algorithm and check option.",
     group: "schema",
-    inputSchema: CreateViewSchema,
+    inputSchema: CreateViewSchemaBase,
     requiredScopes: ["write"],
     annotations: {
       readOnlyHint: false,
     },
     handler: async (params: unknown, _context: RequestContext) => {
-      const { name, definition, orReplace, algorithm, checkOption } =
-        CreateViewSchema.parse(params);
+      let parsed;
+      try {
+        parsed = CreateViewSchema.parse(params);
+      } catch (error: unknown) {
+        if (error instanceof ZodError) {
+          return { success: false, error: formatZodError(error) };
+        }
+        throw error;
+      }
+      const { name, definition, orReplace, algorithm, checkOption } = parsed;
 
-      validateQualifiedIdentifier(name, "view");
+      try {
+        validateQualifiedIdentifier(name, "view");
+      } catch (err: unknown) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { success: false, error: message };
+      }
 
       const fullViewName = escapeQualifiedTable(name);
 
@@ -114,18 +149,21 @@ export function createCreateViewTool(adapter: MySQLAdapter): ToolDefinition {
 
       try {
         await adapter.executeQuery(sql);
+        adapter.clearSchemaCache();
         return { success: true, viewName: name };
       } catch (err: unknown) {
         const message = err instanceof Error ? err.message : String(err);
         if (message.toLowerCase().includes("already exists")) {
           return {
             success: false,
-            reason: `View '${name}' already exists`,
+            error: `View '${name}' already exists`,
           };
         }
         return {
           success: false,
-          reason: message,
+          error: message
+            .replace(/^Query failed:\s*/i, "")
+            .replace(/^Execute failed:\s*/i, ""),
         };
       }
     },

package/src/adapters/mysql/tools/security/__tests__/audit.test.ts

@@ -85,7 +85,7 @@ describe("Security Audit Tools", () => {
       expect(queryCall).toContain("user LIKE ?");
       expect(queryCall).toContain("event_type = ?");
       expect(queryCall).toContain("timestamp >= ?");
-      expect(queryParams).toHaveLength(3);
+      expect(queryParams).toHaveLength(4);
     });
 
     it("should fallback to performance_schema if audit_log is missing", async () => {
@@ -134,10 +134,64 @@ describe("Security Audit Tools", () => {
       );
 
       const queryCall = mockAdapter.executeQuery.mock.calls[1][0] as string;
-      const queryParams = mockAdapter.executeQuery.mock.calls[1][1] as any[];
 
-      expect(queryCall).toContain("CURRENT_USER LIKE ?");
-      expect(queryParams[0]).toContain("test_user");
+      expect(queryCall).toContain("t.PROCESSLIST_USER LIKE '%test_user%'");
+    });
+
+    it("should apply eventType filter in fallback mode", async () => {
+      mockAdapter.executeQuery.mockResolvedValueOnce(createMockQueryResult([])); // No audit log
+      mockAdapter.executeQuery.mockResolvedValueOnce(createMockQueryResult([]));
+
+      const tool = createSecurityAuditTool(
+        mockAdapter as unknown as MySQLAdapter,
+      );
+      await tool.handler(
+        {
+          limit: 10,
+          eventType: "CONNECT",
+        },
+        mockContext,
+      );
+
+      const queryCall = mockAdapter.executeQuery.mock.calls[1][0] as string;
+
+      expect(queryCall).toContain("e.EVENT_NAME LIKE '%CONNECT%'");
+    });
+
+    it("should include filtersIgnored when startTime used in fallback mode", async () => {
+      mockAdapter.executeQuery.mockResolvedValueOnce(createMockQueryResult([])); // No audit log
+      mockAdapter.executeQuery.mockResolvedValueOnce(createMockQueryResult([]));
+
+      const tool = createSecurityAuditTool(
+        mockAdapter as unknown as MySQLAdapter,
+      );
+      const result = (await tool.handler(
+        {
+          limit: 10,
+          startTime: "2023-01-01",
+        },
+        mockContext,
+      )) as { filtersIgnored?: string[]; note?: string };
+
+      expect(result.filtersIgnored).toEqual(["startTime"]);
+      expect(result.note).toContain("picosecond");
+    });
+
+    it("should return structured error for non-audit failures", async () => {
+      mockAdapter.executeQuery.mockRejectedValue(
+        new Error("Connection lost to host"),
+      );
+
+      const tool = createSecurityAuditTool(
+        mockAdapter as unknown as MySQLAdapter,
+      );
+      const result = (await tool.handler({}, mockContext)) as {
+        success: boolean;
+        error: string;
+      };
+
+      expect(result.success).toBe(false);
+      expect(result.error).toBe("Connection lost to host");
     });
 
     it("should handle error when checking audit log", async () => {
@@ -152,6 +206,22 @@ describe("Security Audit Tools", () => {
 
       expect(result.available).toBe(false);
     });
+
+    it("should not include duplicated message field in error response", async () => {
+      mockAdapter.executeQuery.mockRejectedValue(new Error("Access denied"));
+
+      const tool = createSecurityAuditTool(
+        mockAdapter as unknown as MySQLAdapter,
+      );
+      const result = (await tool.handler({}, mockContext)) as Record<
+        string,
+        unknown
+      >;
+
+      expect(result.success).toBe(false);
+      expect(result).toHaveProperty("error");
+      expect(result).not.toHaveProperty("message");
+    });
   });
 
   describe("createSecurityFirewallStatusTool", () => {
@@ -235,5 +305,21 @@ describe("Security Audit Tools", () => {
 
       expect(result.available).toBe(false);
     });
+
+    it("should not include duplicated message field in error response", async () => {
+      mockAdapter.executeQuery.mockRejectedValue(new Error("Table missing"));
+
+      const tool = createSecurityFirewallRulesTool(
+        mockAdapter as unknown as MySQLAdapter,
+      );
+      const result = (await tool.handler({}, mockContext)) as Record<
+        string,
+        unknown
+      >;
+
+      expect(result.success).toBe(false);
+      expect(result).toHaveProperty("error");
+      expect(result).not.toHaveProperty("message");
+    });
   });
 });