npm - @optima-chat/dev-skills - Versions diffs - 0.4.0 → 0.5.1 - Mend

@optima-chat/dev-skills 0.4.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/.claude/commands/query-db.md +29 -4
package/.claude/skills/query-db/SKILL.md +69 -53
package/README.md +27 -4
package/bin/helpers/query-db.ts +190 -0
package/dist/bin/helpers/query-db.js +167 -0
package/package.json +15 -5
package/tsconfig.json +17 -0

package/.claude/commands/query-db.md CHANGED Viewed

@@ -2,7 +2,7 @@
 执行 SQL 查询，支持 CI/Stage/Prod 三个环境。
-**版本**: v0.3.0
+**版本**: v0.5.0
 ## 使用场景
@@ -10,6 +10,29 @@
 **调试**: 检查数据库状态、排查数据问题
 **运维**: 查看生产数据、统计分析
+## 🎯 推荐方式：使用 CLI 工具
+**最简单的方式**是使用 `optima-query-db` CLI 工具，它会自动处理所有连接细节：
+```bash
+# 查询 CI 环境（默认）
+optima-query-db commerce-backend "SELECT COUNT(*) FROM products"
+# 查询 Stage 环境
+optima-query-db user-auth "SELECT COUNT(*) FROM users" stage
+# 查询 Prod 环境
+optima-query-db commerce-backend "SELECT * FROM products LIMIT 5" prod
+```
+**优点**：
+- ✅ 自动管理 SSH 隧道
+- ✅ 自动从 Infisical 获取密钥
+- ✅ 无需手动执行多个步骤
+- ✅ 支持所有环境
+如果 CLI 工具不可用，可以使用下面的手动方式。
 ## 用法
 ```
@@ -45,10 +68,12 @@
 ## Claude Code 执行步骤
-**重要提示**：根据用户指定的 `environment` 参数选择执行方式：
+**首选方法**：使用 `optima-query-db` CLI 工具（见上方）
+**备用方法**：如果 CLI 工具不可用，根据用户指定的 `environment` 参数选择执行方式：
 - `ci` 或未指定 → 通过 SSH 连接 Docker Postgres（第 0 节，默认）
-- `stage` → 通过 AWS RDS 端点连接（第 1 节）
-- `prod` → 通过 AWS RDS 端点连接（第 2 节，⚠️ 只读）
+- `stage` → 通过 SSH 隧道访问 RDS（第 1 节）
+- `prod` → 通过 SSH 隧道访问 RDS（第 2 节）
 ### 0. CI 环境（environment = "ci" 或默认）

package/.claude/skills/query-db/SKILL.md CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 name: "query-db"
-description: "当用户请求查询数据库、执行SQL、查看数据、统计数据、检查数据库、查询表、数据库查询时，使用此技能。支持 CI、Stage、Prod 三个环境的 commerce-backend、user-auth、mcp-host、agentic-chat 服务的数据库查询。"
+description: "当用户请求查询数据库、执行SQL、查看数据、统计数据、检查数据库、查询表、数据库查询时，使用此技能。支持 CI、Stage、Prod 三个环境的 commerce-backend、user-auth、mcp-host、agentic-chat 服务的数据库查询。优先使用 optima-query-db CLI 工具。"
 allowed-tools: ["Bash", "SlashCommand"]
 ---
@@ -8,6 +8,32 @@ allowed-tools: ["Bash", "SlashCommand"]
 当你需要执行 SQL 查询检查数据时，使用这个场景。
+## 🎯 推荐方式：使用 CLI 工具
+**最简单的方式**是直接使用 `optima-query-db` CLI 工具：
+```bash
+optima-query-db <service> "<sql>" [environment]
+```
+这个工具会自动处理：
+- ✅ 获取 Infisical 配置
+- ✅ 获取数据库密钥
+- ✅ 建立 SSH 隧道（Stage/Prod）
+- ✅ 执行查询
+**示例**：
+```bash
+# CI 环境（默认）
+optima-query-db user-auth "SELECT COUNT(*) FROM users"
+# Stage 环境
+optima-query-db commerce-backend "SELECT COUNT(*) FROM products" stage
+# Prod 环境
+optima-query-db user-auth "SELECT COUNT(*) FROM users" prod
+```
 ## 🎯 适用情况
 - 验证数据是否正确插入/更新
@@ -18,60 +44,48 @@ allowed-tools: ["Bash", "SlashCommand"]
 ## 🚀 快速操作
-### 1. 查询 CI 环境数据库（默认）
+### 使用 CLI 工具（推荐）
-```
-/query-db commerce-backend "SELECT COUNT(*) FROM products"
-/query-db user-auth "SELECT email FROM users LIMIT 5"
-```
+```bash
+# CI 环境（默认）
+optima-query-db commerce-backend "SELECT COUNT(*) FROM products"
+optima-query-db user-auth "SELECT email FROM users LIMIT 5"
-**说明**：
-- 查询 CI 开发环境数据库
-- 默认环境，不需要指定 `ci` 参数
-- 通过 SSH + Docker Exec 访问
-- 可以执行任何 SQL 语句
+# Stage 环境
+optima-query-db commerce-backend "SELECT COUNT(*) FROM orders" stage
-### 2. 查询 Stage 环境数据库
-```
-/query-db commerce-backend "SELECT COUNT(*) FROM orders" stage
+# Prod 环境
+optima-query-db commerce-backend "SELECT status, COUNT(*) FROM orders GROUP BY status" prod
 ```
-**说明**：
-- 查询 Stage 预发布环境
-- 通过 AWS RDS 直连
-### 3. 查询 Prod 环境数据库
+### 使用 Slash 命令（备用）
 ```
-/query-db commerce-backend "SELECT status, COUNT(*) FROM orders GROUP BY status" prod
+/query-db commerce-backend "SELECT COUNT(*) FROM products"
+/query-db user-auth "SELECT COUNT(*) FROM users" stage
+/query-db commerce-backend "SELECT * FROM products LIMIT 5" prod
 ```
-**说明**：
-- 查询生产环境数据库
-- ⚠️ **只读查询**，不能修改数据
-- 使用只读用户连接
 **常用服务**：
 - `commerce-backend` - 电商数据库
 - `user-auth` - 用户认证数据库
 - `mcp-host` - MCP 协调器数据库
 - `agentic-chat` - AI 聊天数据库
-### 4. 常用查询示例
+### 常用查询示例
-```
+```bash
 # 统计查询
-/query-db commerce-backend "SELECT COUNT(*) FROM products WHERE status='active'"
+optima-query-db commerce-backend "SELECT COUNT(*) FROM products WHERE status='active'"
 # 查看最新数据
-/query-db user-auth "SELECT id, email, created_at FROM users ORDER BY created_at DESC LIMIT 10"
+optima-query-db user-auth "SELECT id, email, created_at FROM users ORDER BY created_at DESC LIMIT 10"
 # 聚合统计
-/query-db commerce-backend "SELECT status, COUNT(*) as count FROM orders GROUP BY status"
+optima-query-db commerce-backend "SELECT status, COUNT(*) as count FROM orders GROUP BY status"
 # 检查特定记录
-/query-db user-auth "SELECT * FROM users WHERE email='user@example.com'"
+optima-query-db user-auth "SELECT * FROM users WHERE email='user@example.com'"
 ```
 ## 📋 常见使用场景
@@ -79,20 +93,20 @@ allowed-tools: ["Bash", "SlashCommand"]
 ### 场景 1：验证新功能
 **步骤**：
-1. 创建数据后查询：`/query-db commerce-backend "SELECT * FROM products WHERE title='新商品'"`
-2. 检查关联数据：`/query-db commerce-backend "SELECT * FROM product_variants WHERE product_id=123"`
+1. 创建数据后查询：`optima-query-db commerce-backend "SELECT * FROM products WHERE title='新商品'"`
+2. 检查关联数据：`optima-query-db commerce-backend "SELECT * FROM product_variants WHERE product_id=123"`
 ### 场景 2：数据统计
 **步骤**：
-1. 统计总数：`/query-db user-auth "SELECT COUNT(*) FROM users"`
-2. 分组统计：`/query-db commerce-backend "SELECT DATE(created_at), COUNT(*) FROM orders GROUP BY DATE(created_at)"`
+1. 统计总数：`optima-query-db user-auth "SELECT COUNT(*) FROM users"`
+2. 分组统计：`optima-query-db commerce-backend "SELECT DATE(created_at), COUNT(*) FROM orders GROUP BY DATE(created_at)"`
 ### 场景 3：排查问题
 **步骤**：
-1. 查找异常数据：`/query-db commerce-backend "SELECT * FROM orders WHERE status IS NULL"`
-2. 检查重复数据：`/query-db user-auth "SELECT email, COUNT(*) FROM users GROUP BY email HAVING COUNT(*) > 1"`
+1. 查找异常数据：`optima-query-db commerce-backend "SELECT * FROM orders WHERE status IS NULL"`
+2. 检查重复数据：`optima-query-db user-auth "SELECT email, COUNT(*) FROM users GROUP BY email HAVING COUNT(*) > 1"`
 ## ⚠️ 安全提示
@@ -105,14 +119,14 @@ allowed-tools: ["Bash", "SlashCommand"]
 ### 安全查询示例
-```
+```bash
 # ✅ 好的查询
-/query-db commerce-backend "SELECT COUNT(*) FROM orders WHERE created_at > NOW() - INTERVAL '1 day'" prod
-/query-db user-auth "SELECT id, email FROM users LIMIT 10" prod
+optima-query-db commerce-backend "SELECT COUNT(*) FROM orders WHERE created_at > NOW() - INTERVAL '1 day'" prod
+optima-query-db user-auth "SELECT id, email FROM users LIMIT 10" prod
 # ❌ 不好的查询
-# /query-db commerce-backend "SELECT * FROM orders" prod  (全表扫描)
-# /query-db user-auth "SELECT password_hash FROM users" prod  (敏感数据)
+# optima-query-db commerce-backend "SELECT * FROM orders" prod  (全表扫描)
+# optima-query-db user-auth "SELECT password_hash FROM users" prod  (敏感数据)
 ```
 ## 💡 最佳实践
@@ -127,37 +141,39 @@ allowed-tools: ["Bash", "SlashCommand"]
 ### CI 环境
-```
-/query-db commerce-backend "SELECT COUNT(*) FROM products"
+```bash
+optima-query-db commerce-backend "SELECT COUNT(*) FROM products"
 ```
 **特点**：
 - 开发环境，可以任意查询和修改
 - 数据可以随时重置
-- 通过 Docker 容器访问
+- 通过 SSH + Docker 容器访问
 ### Stage 环境
-```
-/query-db commerce-backend "SELECT COUNT(*) FROM orders" stage
+```bash
+optima-query-db commerce-backend "SELECT COUNT(*) FROM orders" stage
 ```
 **特点**：
 - 预发布环境
 - 数据接近生产
-- 通过 AWS RDS 访问
+- 通过 SSH 隧道访问 RDS
 ### Prod 环境
-```
-/query-db commerce-backend "SELECT status, COUNT(*) FROM orders GROUP BY status" prod
+```bash
+optima-query-db commerce-backend "SELECT status, COUNT(*) FROM orders GROUP BY status" prod
 ```
 **特点**：
-- 生产环境，只读访问
+- 生产环境
 - 真实用户数据
+- 通过 SSH 隧道访问 RDS
 - ⚠️ 谨慎使用
 ## 🔗 相关命令
-- `/query-db` - 查询数据库（详细使用方法请查看 `/query-db --help`）
+- `optima-query-db` - CLI 查询工具（推荐）
+- `/query-db` - Slash 命令（备用方式，详细使用方法请查看 `/query-db --help`）

package/README.md CHANGED Viewed

@@ -72,6 +72,7 @@ Claude:
 |------|------|------|--------|
 | `/logs` | 查看服务日志 | `/logs commerce-backend 100` | ✅ |
 | `/query-db` | 查询数据库 | `/query-db user-auth "SELECT COUNT(*) FROM users"` | ✅ |
+| `optima-query-db` | 数据库查询工具（CLI） | `optima-query-db user-auth "SELECT COUNT(*) FROM users" prod` | ✅ |
 **说明**：
 - 命令支持 CI、Stage、Prod 三个环境
@@ -99,7 +100,7 @@ optima-dev-skills/
 ## 💡 使用示例
-### 示例：排查 Stage 环境问题
+### 示例 1：排查 Stage 环境问题
 ```
 开发者: "Stage 的 /products API 返回 500"
@@ -113,6 +114,27 @@ Claude:
 3. 问题定位：Stage RDS 连接配置问题
 ```
+### 示例 2：使用 CLI 工具快速查询
+```bash
+# 查询 Prod 用户数
+$ optima-query-db user-auth "SELECT COUNT(*) FROM users" prod
+🔍 Querying user-auth (PROD)...
+✓ Loaded Infisical config from GitHub Variables
+✓ Obtained Infisical access token
+✓ Retrieved database credentials from Infisical
+✓ SSH tunnel established on port 15433
+ count
+-------
+    26
+(1 行记录)
+# 查询 Stage 商品列表
+$ optima-query-db commerce-backend "SELECT id, title FROM products LIMIT 5" stage
+```
 ## 🎯 设计原则
 ### dev-skills 提供什么？
@@ -162,15 +184,16 @@ Claude:
 ## 🛠️ 开发状态
-**当前版本**: 0.3.0
+**当前版本**: 0.5.0
 **已完成**:
 - ✅ 2 个跨环境命令：`/logs`、`/query-db`
 - ✅ 2 个任务场景：`logs` skill、`query-db` skill
 - ✅ 支持 CI、Stage、Prod 三个环境
 - ✅ CI 环境通过 SSH + Docker 访问
-- ✅ Stage/Prod 通过 AWS 服务访问
-- ✅ 数据库查询支持只读模式（Prod）
+- ✅ Stage/Prod 通过 SSH 隧道访问 RDS
+- ✅ TypeScript CLI 工具：`optima-query-db`
+- ✅ 通过 Infisical 动态获取密钥
 **设计原则**:
 - 命令提供信息（URL、路径、凭证位置），不实现复杂逻辑

package/bin/helpers/query-db.ts ADDED Viewed

@@ -0,0 +1,190 @@
+#!/usr/bin/env node
+import { execSync } from 'child_process';
+import * as fs from 'fs';
+interface InfisicalConfig {
+  url: string;
+  clientId: string;
+  clientSecret: string;
+  projectId: string;
+}
+interface DatabaseConfig {
+  host: string;
+  user: string;
+  password: string;
+  database: string;
+}
+const SERVICE_DB_MAP = {
+  'commerce-backend': {
+    ci: { container: 'commerce-postgres', user: 'commerce', password: 'commerce123', database: 'commerce' },
+    stage: { userKey: 'COMMERCE_DB_USER', passwordKey: 'COMMERCE_DB_PASSWORD', database: 'optima_stage_commerce' },
+    prod: { userKey: 'COMMERCE_DB_USER', passwordKey: 'COMMERCE_DB_PASSWORD', database: 'optima_commerce' }
+  },
+  'user-auth': {
+    ci: { container: 'user-auth-postgres-1', user: 'userauth', password: 'password123', database: 'userauth' },
+    stage: { userKey: 'AUTH_DB_USER', passwordKey: 'AUTH_DB_PASSWORD', database: 'optima_stage_auth' },
+    prod: { userKey: 'AUTH_DB_USER', passwordKey: 'AUTH_DB_PASSWORD', database: 'optima_auth' }
+  },
+  'mcp-host': {
+    ci: { container: 'mcp-host-db-1', user: 'mcp_user', password: 'mcp_password', database: 'mcp_host' },
+    stage: { userKey: 'MCP_DB_USER', passwordKey: 'MCP_DB_PASSWORD', database: 'optima_stage_mcp' },
+    prod: { userKey: 'MCP_DB_USER', passwordKey: 'MCP_DB_PASSWORD', database: 'optima_mcp' }
+  },
+  'agentic-chat': {
+    ci: { container: 'optima-postgres', user: 'postgres', password: 'postgres123', database: 'optima_chat' },
+    stage: { userKey: 'CHAT_DB_USER', passwordKey: 'CHAT_DB_PASSWORD', database: 'optima_stage_chat' },
+    prod: { userKey: 'CHAT_DB_USER', passwordKey: 'CHAT_DB_PASSWORD', database: 'optima_chat' }
+  }
+};
+const EC2_HOSTS = {
+  stage: '54.179.132.102',
+  prod: '18.136.25.239'
+};
+function getGitHubVariable(name: string): string {
+  return execSync(`gh variable get ${name} -R Optima-Chat/optima-dev-skills`, { encoding: 'utf-8' }).trim();
+}
+function getInfisicalConfig(): InfisicalConfig {
+  return {
+    url: getGitHubVariable('INFISICAL_URL'),
+    clientId: getGitHubVariable('INFISICAL_CLIENT_ID'),
+    clientSecret: getGitHubVariable('INFISICAL_CLIENT_SECRET'),
+    projectId: getGitHubVariable('INFISICAL_PROJECT_ID')
+  };
+}
+function getInfisicalToken(config: InfisicalConfig): string {
+  const response = execSync(
+    `curl -s -X POST "${config.url}/api/v1/auth/universal-auth/login" -H "Content-Type: application/json" -d '{"clientId": "${config.clientId}", "clientSecret": "${config.clientSecret}"}'`,
+    { encoding: 'utf-8' }
+  );
+  return JSON.parse(response).accessToken;
+}
+function getInfisicalSecrets(config: InfisicalConfig, token: string, environment: string): Record<string, string> {
+  const response = execSync(
+    `curl -s "${config.url}/api/v3/secrets/raw?workspaceId=${config.projectId}&environment=${environment}&secretPath=/infrastructure" -H "Authorization: Bearer ${token}"`,
+    { encoding: 'utf-8' }
+  );
+  const data = JSON.parse(response);
+  const secrets: Record<string, string> = {};
+  for (const secret of data.secrets) {
+    secrets[secret.secretKey] = secret.secretValue;
+  }
+  return secrets;
+}
+function setupSSHTunnel(ec2Host: string, dbHost: string, localPort: number): void {
+  // 检查是否已有隧道
+  try {
+    execSync(`lsof -ti:${localPort}`, { stdio: 'ignore' });
+    console.log(`✓ SSH tunnel already exists on port ${localPort}`);
+    return;
+  } catch {
+    // 端口未占用，创建隧道
+  }
+  const sshKeyPath = `${process.env.HOME}/.ssh/optima-ec2-key`;
+  if (!fs.existsSync(sshKeyPath)) {
+    throw new Error(`SSH key not found: ${sshKeyPath}. Please obtain optima-ec2-key from xbfool.`);
+  }
+  console.log(`Creating SSH tunnel: localhost:${localPort} -> ${ec2Host} -> ${dbHost}:5432`);
+  execSync(
+    `ssh -i ${sshKeyPath} -f -N -o StrictHostKeyChecking=no -L ${localPort}:${dbHost}:5432 ec2-user@${ec2Host}`,
+    { stdio: 'inherit' }
+  );
+  console.log(`✓ SSH tunnel established on port ${localPort}`);
+}
+function queryDatabase(host: string, port: number, user: string, password: string, database: string, sql: string): string {
+  const psqlPath = '/usr/local/opt/postgresql@16/bin/psql';
+  if (!fs.existsSync(psqlPath)) {
+    throw new Error('PostgreSQL client not found. Install with: brew install postgresql@16');
+  }
+  const result = execSync(
+    `PGPASSWORD="${password}" ${psqlPath} -h ${host} -p ${port} -U ${user} -d ${database} -c "${sql}"`,
+    { encoding: 'utf-8' }
+  );
+  return result;
+}
+async function main() {
+  const args = process.argv.slice(2);
+  if (args.length < 2) {
+    console.error('Usage: query-db.ts <service> <sql> [environment]');
+    console.error('');
+    console.error('Services: commerce-backend, user-auth, mcp-host, agentic-chat');
+    console.error('Environments: ci (default), stage, prod');
+    console.error('');
+    console.error('Example: query-db.ts user-auth "SELECT COUNT(*) FROM users" prod');
+    process.exit(1);
+  }
+  const [service, sql, environment = 'ci'] = args;
+  if (!SERVICE_DB_MAP[service as keyof typeof SERVICE_DB_MAP]) {
+    console.error(`Unknown service: ${service}`);
+    console.error('Available services:', Object.keys(SERVICE_DB_MAP).join(', '));
+    process.exit(1);
+  }
+  const serviceConfig = SERVICE_DB_MAP[service as keyof typeof SERVICE_DB_MAP][environment as 'ci' | 'stage' | 'prod'];
+  console.log(`\n🔍 Querying ${service} (${environment.toUpperCase()})...`);
+  if (environment === 'ci') {
+    // CI 环境：通过 SSH + Docker Exec
+    const ciUser = getGitHubVariable('CI_SSH_USER');
+    const ciHost = getGitHubVariable('CI_SSH_HOST');
+    const ciPassword = getGitHubVariable('CI_SSH_PASSWORD');
+    const { container, user, database } = serviceConfig as any;
+    const result = execSync(
+      `sshpass -p "${ciPassword}" ssh -o StrictHostKeyChecking=no ${ciUser}@${ciHost} "docker exec ${container} psql -U ${user} -d ${database} -c \\"${sql}\\""`,
+      { encoding: 'utf-8' }
+    );
+    console.log('\n' + result);
+  } else {
+    // Stage/Prod 环境：通过 SSH 隧道访问 RDS
+    const infisicalConfig = getInfisicalConfig();
+    console.log('✓ Loaded Infisical config from GitHub Variables');
+    const token = getInfisicalToken(infisicalConfig);
+    console.log('✓ Obtained Infisical access token');
+    const secrets = getInfisicalSecrets(infisicalConfig, token, environment === 'stage' ? 'staging' : 'prod');
+    console.log('✓ Retrieved database credentials from Infisical');
+    const { userKey, passwordKey, database } = serviceConfig as any;
+    const dbHost = secrets.DATABASE_HOST;
+    const dbUser = secrets[userKey];
+    const dbPassword = secrets[passwordKey];
+    const localPort = environment === 'stage' ? 15432 : 15433;
+    const ec2Host = EC2_HOSTS[environment as 'stage' | 'prod'];
+    setupSSHTunnel(ec2Host, dbHost, localPort);
+    // 等待隧道建立
+    await new Promise(resolve => setTimeout(resolve, 1000));
+    const result = queryDatabase('localhost', localPort, dbUser, dbPassword, database, sql);
+    console.log('\n' + result);
+  }
+}
+main().catch(error => {
+  console.error('\n❌ Error:', error.message);
+  process.exit(1);
+});

package/dist/bin/helpers/query-db.js ADDED Viewed

@@ -0,0 +1,167 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const SERVICE_DB_MAP = {
+    'commerce-backend': {
+        ci: { container: 'commerce-postgres', user: 'commerce', password: 'commerce123', database: 'commerce' },
+        stage: { userKey: 'COMMERCE_DB_USER', passwordKey: 'COMMERCE_DB_PASSWORD', database: 'optima_stage_commerce' },
+        prod: { userKey: 'COMMERCE_DB_USER', passwordKey: 'COMMERCE_DB_PASSWORD', database: 'optima_commerce' }
+    },
+    'user-auth': {
+        ci: { container: 'user-auth-postgres-1', user: 'userauth', password: 'password123', database: 'userauth' },
+        stage: { userKey: 'AUTH_DB_USER', passwordKey: 'AUTH_DB_PASSWORD', database: 'optima_stage_auth' },
+        prod: { userKey: 'AUTH_DB_USER', passwordKey: 'AUTH_DB_PASSWORD', database: 'optima_auth' }
+    },
+    'mcp-host': {
+        ci: { container: 'mcp-host-db-1', user: 'mcp_user', password: 'mcp_password', database: 'mcp_host' },
+        stage: { userKey: 'MCP_DB_USER', passwordKey: 'MCP_DB_PASSWORD', database: 'optima_stage_mcp' },
+        prod: { userKey: 'MCP_DB_USER', passwordKey: 'MCP_DB_PASSWORD', database: 'optima_mcp' }
+    },
+    'agentic-chat': {
+        ci: { container: 'optima-postgres', user: 'postgres', password: 'postgres123', database: 'optima_chat' },
+        stage: { userKey: 'CHAT_DB_USER', passwordKey: 'CHAT_DB_PASSWORD', database: 'optima_stage_chat' },
+        prod: { userKey: 'CHAT_DB_USER', passwordKey: 'CHAT_DB_PASSWORD', database: 'optima_chat' }
+    }
+};
+const EC2_HOSTS = {
+    stage: '54.179.132.102',
+    prod: '18.136.25.239'
+};
+function getGitHubVariable(name) {
+    return (0, child_process_1.execSync)(`gh variable get ${name} -R Optima-Chat/optima-dev-skills`, { encoding: 'utf-8' }).trim();
+}
+function getInfisicalConfig() {
+    return {
+        url: getGitHubVariable('INFISICAL_URL'),
+        clientId: getGitHubVariable('INFISICAL_CLIENT_ID'),
+        clientSecret: getGitHubVariable('INFISICAL_CLIENT_SECRET'),
+        projectId: getGitHubVariable('INFISICAL_PROJECT_ID')
+    };
+}
+function getInfisicalToken(config) {
+    const response = (0, child_process_1.execSync)(`curl -s -X POST "${config.url}/api/v1/auth/universal-auth/login" -H "Content-Type: application/json" -d '{"clientId": "${config.clientId}", "clientSecret": "${config.clientSecret}"}'`, { encoding: 'utf-8' });
+    return JSON.parse(response).accessToken;
+}
+function getInfisicalSecrets(config, token, environment) {
+    const response = (0, child_process_1.execSync)(`curl -s "${config.url}/api/v3/secrets/raw?workspaceId=${config.projectId}&environment=${environment}&secretPath=/infrastructure" -H "Authorization: Bearer ${token}"`, { encoding: 'utf-8' });
+    const data = JSON.parse(response);
+    const secrets = {};
+    for (const secret of data.secrets) {
+        secrets[secret.secretKey] = secret.secretValue;
+    }
+    return secrets;
+}
+function setupSSHTunnel(ec2Host, dbHost, localPort) {
+    // 检查是否已有隧道
+    try {
+        (0, child_process_1.execSync)(`lsof -ti:${localPort}`, { stdio: 'ignore' });
+        console.log(`✓ SSH tunnel already exists on port ${localPort}`);
+        return;
+    }
+    catch {
+        // 端口未占用，创建隧道
+    }
+    const sshKeyPath = `${process.env.HOME}/.ssh/optima-ec2-key`;
+    if (!fs.existsSync(sshKeyPath)) {
+        throw new Error(`SSH key not found: ${sshKeyPath}. Please obtain optima-ec2-key from xbfool.`);
+    }
+    console.log(`Creating SSH tunnel: localhost:${localPort} -> ${ec2Host} -> ${dbHost}:5432`);
+    (0, child_process_1.execSync)(`ssh -i ${sshKeyPath} -f -N -o StrictHostKeyChecking=no -L ${localPort}:${dbHost}:5432 ec2-user@${ec2Host}`, { stdio: 'inherit' });
+    console.log(`✓ SSH tunnel established on port ${localPort}`);
+}
+function queryDatabase(host, port, user, password, database, sql) {
+    const psqlPath = '/usr/local/opt/postgresql@16/bin/psql';
+    if (!fs.existsSync(psqlPath)) {
+        throw new Error('PostgreSQL client not found. Install with: brew install postgresql@16');
+    }
+    const result = (0, child_process_1.execSync)(`PGPASSWORD="${password}" ${psqlPath} -h ${host} -p ${port} -U ${user} -d ${database} -c "${sql}"`, { encoding: 'utf-8' });
+    return result;
+}
+async function main() {
+    const args = process.argv.slice(2);
+    if (args.length < 2) {
+        console.error('Usage: query-db.ts <service> <sql> [environment]');
+        console.error('');
+        console.error('Services: commerce-backend, user-auth, mcp-host, agentic-chat');
+        console.error('Environments: ci (default), stage, prod');
+        console.error('');
+        console.error('Example: query-db.ts user-auth "SELECT COUNT(*) FROM users" prod');
+        process.exit(1);
+    }
+    const [service, sql, environment = 'ci'] = args;
+    if (!SERVICE_DB_MAP[service]) {
+        console.error(`Unknown service: ${service}`);
+        console.error('Available services:', Object.keys(SERVICE_DB_MAP).join(', '));
+        process.exit(1);
+    }
+    const serviceConfig = SERVICE_DB_MAP[service][environment];
+    console.log(`\n🔍 Querying ${service} (${environment.toUpperCase()})...`);
+    if (environment === 'ci') {
+        // CI 环境：通过 SSH + Docker Exec
+        const ciUser = getGitHubVariable('CI_SSH_USER');
+        const ciHost = getGitHubVariable('CI_SSH_HOST');
+        const ciPassword = getGitHubVariable('CI_SSH_PASSWORD');
+        const { container, user, database } = serviceConfig;
+        const result = (0, child_process_1.execSync)(`sshpass -p "${ciPassword}" ssh -o StrictHostKeyChecking=no ${ciUser}@${ciHost} "docker exec ${container} psql -U ${user} -d ${database} -c \\"${sql}\\""`, { encoding: 'utf-8' });
+        console.log('\n' + result);
+    }
+    else {
+        // Stage/Prod 环境：通过 SSH 隧道访问 RDS
+        const infisicalConfig = getInfisicalConfig();
+        console.log('✓ Loaded Infisical config from GitHub Variables');
+        const token = getInfisicalToken(infisicalConfig);
+        console.log('✓ Obtained Infisical access token');
+        const secrets = getInfisicalSecrets(infisicalConfig, token, environment === 'stage' ? 'staging' : 'prod');
+        console.log('✓ Retrieved database credentials from Infisical');
+        const { userKey, passwordKey, database } = serviceConfig;
+        const dbHost = secrets.DATABASE_HOST;
+        const dbUser = secrets[userKey];
+        const dbPassword = secrets[passwordKey];
+        const localPort = environment === 'stage' ? 15432 : 15433;
+        const ec2Host = EC2_HOSTS[environment];
+        setupSSHTunnel(ec2Host, dbHost, localPort);
+        // 等待隧道建立
+        await new Promise(resolve => setTimeout(resolve, 1000));
+        const result = queryDatabase('localhost', localPort, dbUser, dbPassword, database, sql);
+        console.log('\n' + result);
+    }
+}
+main().catch(error => {
+    console.error('\n❌ Error:', error.message);
+    process.exit(1);
+});

package/package.json CHANGED Viewed

@@ -1,13 +1,16 @@
 {
   "name": "@optima-chat/dev-skills",
-  "version": "0.4.0",
+  "version": "0.5.1",
   "description": "Claude Code Skills for Optima development team - cross-environment collaboration tools",
   "main": "index.js",
   "bin": {
-    "optima-dev-skills": "./bin/cli.js"
+    "optima-dev-skills": "./bin/cli.js",
+    "optima-query-db": "./dist/bin/helpers/query-db.js"
   },
   "scripts": {
-    "postinstall": "node scripts/install.js"
+    "postinstall": "node scripts/install.js",
+    "build": "tsc",
+    "prepare": "npm run build"
   },
   "keywords": [
     "claude-code",
@@ -34,7 +37,14 @@
   "files": [
     ".claude",
     "bin",
+    "dist",
     "scripts",
-    "README.md"
-  ]
+    "README.md",
+    "tsconfig.json"
+  ],
+  "devDependencies": {
+    "@types/node": "^24.10.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
+  }
 }

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["ES2020"],
+    "outDir": "./dist",
+    "rootDir": "./",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "moduleResolution": "node"
+  },
+  "include": ["bin/**/*"],
+  "exclude": ["node_modules", "dist"]
+}