@runa-ai/runa-cli 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (136) hide show
  1. package/dist/{build-HUDIP6KU.js → build-HQMSVN6N.js} +3 -3
  2. package/dist/{check-LOMVIRHX.js → check-PCSQPYDM.js} +2 -2
  3. package/dist/{chunk-QM53IQHM.js → chunk-2QX7T24B.js} +1 -1
  4. package/dist/{chunk-CCW3PLQY.js → chunk-3JO6YP3T.js} +1 -1
  5. package/dist/{chunk-XDCHRVE3.js → chunk-4XHZQRRK.js} +2 -2
  6. package/dist/{chunk-7B5C6U2K.js → chunk-A6A7JIRD.js} +35 -2
  7. package/dist/{chunk-AFY3TX4I.js → chunk-AO554K3G.js} +1 -1
  8. package/dist/{chunk-Z4Z5DNW4.js → chunk-B3POLMII.js} +12 -0
  9. package/dist/chunk-CKRLVEIO.js +119 -0
  10. package/dist/{chunk-HD74F6W2.js → chunk-FWMGC5FP.js} +1 -0
  11. package/dist/{chunk-FHG3ILE4.js → chunk-OBYZDT2E.js} +38 -8
  12. package/dist/{chunk-H2AHNI75.js → chunk-PAWNJA3N.js} +1 -1
  13. package/dist/{chunk-VM3IWOT5.js → chunk-QSEF4T3Y.js} +13 -5
  14. package/dist/{chunk-NPSRD26F.js → chunk-UHDAYPHH.js} +1 -1
  15. package/dist/{chunk-2APB25TT.js → chunk-VSH3IXDQ.js} +7 -3
  16. package/dist/{chunk-644FVGIQ.js → chunk-WPMR7RQ4.js} +9 -2
  17. package/dist/{chunk-EMB6IZFT.js → chunk-XVNDDHAF.js} +20 -1
  18. package/dist/{risk-detector-plpgsql-HWKS4OLR.js → chunk-Y5ANTCKE.js} +3 -412
  19. package/dist/{ci-XY6IKEDC.js → ci-Z4525QW6.js} +2150 -488
  20. package/dist/{cli-UZA4RBNQ.js → cli-SVXOSMW6.js} +72 -54
  21. package/dist/commands/ci/commands/ci-prod-db-operations.d.ts +6 -4
  22. package/dist/commands/ci/commands/ci-prod-types.d.ts +3 -0
  23. package/dist/commands/ci/commands/ci-prod-workflow.d.ts +1 -1
  24. package/dist/commands/ci/commands/ci-resolvers.d.ts +1 -1
  25. package/dist/commands/ci/commands/ci-supabase-local.d.ts +4 -0
  26. package/dist/commands/ci/machine/actors/build/build-and-playwright.d.ts +1 -1
  27. package/dist/commands/ci/machine/actors/db/collect-schema-stats.d.ts +11 -1
  28. package/dist/commands/ci/machine/actors/db/production-preview.d.ts +22 -4
  29. package/dist/commands/ci/machine/actors/db/schema-canonical-diff.d.ts +8 -1
  30. package/dist/commands/ci/machine/actors/db/sync-schema.d.ts +1 -0
  31. package/dist/commands/ci/machine/actors/finalize/index.d.ts +0 -1
  32. package/dist/commands/ci/machine/actors/index.d.ts +1 -1
  33. package/dist/commands/ci/machine/actors/setup/local.d.ts +2 -0
  34. package/dist/commands/ci/machine/actors/setup/pr-common.d.ts +3 -0
  35. package/dist/commands/ci/machine/actors/setup/pr-local.d.ts +2 -0
  36. package/dist/commands/ci/machine/commands/machine-runner.d.ts +5 -1
  37. package/dist/commands/ci/machine/commands/step-telemetry.d.ts +16 -0
  38. package/dist/commands/ci/machine/contract.d.ts +40 -0
  39. package/dist/commands/ci/machine/formatters/github-comment-types.d.ts +7 -2
  40. package/dist/commands/ci/machine/formatters/github-comment.d.ts +2 -1
  41. package/dist/commands/ci/machine/formatters/sections/final-comment.d.ts +2 -1
  42. package/dist/commands/ci/machine/formatters/sections/index.d.ts +1 -1
  43. package/dist/commands/ci/machine/formatters/summary.d.ts +4 -4
  44. package/dist/commands/ci/machine/guards.d.ts +4 -0
  45. package/dist/commands/ci/machine/helpers.d.ts +25 -0
  46. package/dist/commands/ci/machine/machine-state-helpers.d.ts +1 -1
  47. package/dist/commands/ci/machine/machine.d.ts +15 -8
  48. package/dist/commands/ci/machine/types.d.ts +9 -0
  49. package/dist/commands/ci/utils/ci-diagnostics.d.ts +67 -0
  50. package/dist/commands/ci/utils/ci-summary.d.ts +118 -0
  51. package/dist/commands/ci/utils/db-url-utils.d.ts +4 -77
  52. package/dist/commands/ci/utils/github-api.d.ts +14 -0
  53. package/dist/commands/db/apply/contract.d.ts +73 -0
  54. package/dist/commands/db/apply/helpers/alter-statement-parsers.d.ts +95 -0
  55. package/dist/commands/db/apply/helpers/data-compatibility-checker.d.ts +0 -61
  56. package/dist/commands/db/apply/helpers/function-plan-false-positive-filter.d.ts +36 -0
  57. package/dist/commands/db/apply/helpers/hazard-handler.d.ts +4 -4
  58. package/dist/commands/db/apply/helpers/index.d.ts +14 -5
  59. package/dist/commands/db/apply/helpers/partition-acl-cleaner.d.ts +3 -1
  60. package/dist/commands/db/apply/helpers/pg-schema-diff-helpers.d.ts +69 -6
  61. package/dist/commands/db/apply/helpers/plan-ast.d.ts +56 -0
  62. package/dist/commands/db/apply/helpers/plan-check-filter.d.ts +26 -0
  63. package/dist/commands/db/apply/helpers/plan-drop-protection.d.ts +43 -0
  64. package/dist/commands/db/apply/helpers/plan-ordering.d.ts +6 -0
  65. package/dist/commands/db/apply/helpers/plan-statement-parser.d.ts +39 -0
  66. package/dist/commands/db/apply/helpers/plan-validator.d.ts +8 -40
  67. package/dist/commands/db/apply/helpers/retry-logic.d.ts +1 -10
  68. package/dist/commands/db/apply/helpers/temp-db-bootstrap.d.ts +18 -0
  69. package/dist/commands/db/apply/helpers/temp-db-dsn.d.ts +14 -0
  70. package/dist/commands/db/apply/machine.d.ts +56 -32
  71. package/dist/commands/db/commands/db-apply-error.d.ts +5 -0
  72. package/dist/commands/db/commands/db-apply.d.ts +2 -0
  73. package/dist/commands/db/commands/db-sync/directory-placement-check.d.ts +4 -0
  74. package/dist/commands/db/commands/db-sync/error-classifier.d.ts +1 -1
  75. package/dist/commands/db/commands/db-sync/plan-boundary-reconciliation.d.ts +3 -0
  76. package/dist/commands/db/commands/db-sync/precheck-helpers.d.ts +18 -0
  77. package/dist/commands/db/commands/db-sync/production-precheck.d.ts +15 -0
  78. package/dist/commands/db/commands/db-sync/risk-scan-collectors.d.ts +11 -0
  79. package/dist/commands/db/commands/db-sync.d.ts +11 -5
  80. package/dist/commands/db/sync/contract.d.ts +80 -0
  81. package/dist/commands/db/sync/machine.d.ts +60 -1
  82. package/dist/commands/db/types.d.ts +5 -0
  83. package/dist/commands/db/utils/boundary-policy/rule-compiler.d.ts +2 -1
  84. package/dist/commands/db/utils/boundary-policy/types.d.ts +23 -0
  85. package/dist/commands/db/utils/boundary-policy-runtime.d.ts +12 -3
  86. package/dist/commands/db/utils/boundary-policy.d.ts +1 -1
  87. package/dist/commands/db/utils/db-target.d.ts +5 -3
  88. package/dist/commands/db/utils/declarative-dependency-collectors.d.ts +6 -0
  89. package/dist/commands/db/utils/declarative-dependency-contract.d.ts +78 -0
  90. package/dist/commands/db/utils/declarative-dependency-sql-utils.d.ts +49 -0
  91. package/dist/commands/db/utils/declarative-dependency-warning-governance.d.ts +24 -0
  92. package/dist/commands/db/utils/preflight-check.d.ts +1 -1
  93. package/dist/commands/db/utils/preflight-checks/declarative-dependency-checks.d.ts +4 -0
  94. package/dist/commands/db/utils/preflight-checks/idempotent-risk-checks.d.ts +4 -0
  95. package/dist/commands/db/utils/preflight-checks/schema-boundary-checks.d.ts +4 -0
  96. package/dist/commands/db/utils/preflight-checks/schema-risk-policy.d.ts +4 -0
  97. package/dist/commands/db/utils/preflight-checks/supabase-checks.d.ts +12 -0
  98. package/dist/commands/db/utils/psql.d.ts +23 -0
  99. package/dist/commands/db/utils/sql-table-extractor.d.ts +42 -1
  100. package/dist/commands/env/commands/setup/types.d.ts +1 -0
  101. package/dist/commands/env/constants/local-supabase.d.ts +4 -1
  102. package/dist/commands/observability.d.ts +72 -0
  103. package/dist/commands/observability.helpers.d.ts +25 -0
  104. package/dist/commands/template-check/contract.d.ts +3 -3
  105. package/dist/commands/template-check/machine.d.ts +1 -1
  106. package/dist/commands/workflow/commands/deploy-production.d.ts +0 -1
  107. package/dist/constants/versions.d.ts +1 -1
  108. package/dist/{db-Q3GF7JWP.js → db-S4V4ETDR.js} +14629 -11270
  109. package/dist/{dev-5YXNPTCJ.js → dev-MLRKIP7F.js} +5 -5
  110. package/dist/{doctor-MZLOA53G.js → doctor-ROSWSMLH.js} +2 -2
  111. package/dist/{env-GMB3THRG.js → env-WNHJVLOT.js} +37 -20
  112. package/dist/{env-HMMRSYCI.js → env-XPPACZM4.js} +2 -2
  113. package/dist/{env-files-2UIUYLLR.js → env-files-HRNUGZ5O.js} +1 -1
  114. package/dist/{error-handler-HEXBRNVV.js → error-handler-YRQWRDEF.js} +17 -0
  115. package/dist/{hotfix-NDTPY2T4.js → hotfix-Z5EGVSMH.js} +4 -4
  116. package/dist/index.js +4 -4
  117. package/dist/{init-U4VCRHTD.js → init-35JLDFHI.js} +1 -1
  118. package/dist/{inject-test-attrs-P44BVTQS.js → inject-test-attrs-XN4I2AOR.js} +2 -2
  119. package/dist/internal/machines/index.d.ts +1 -1
  120. package/dist/internal/machines/snapshot-helpers.d.ts +6 -0
  121. package/dist/{manifest-TMFLESHW.js → manifest-EGCAZ4TK.js} +1 -1
  122. package/dist/observability-CJA5UFIC.js +721 -0
  123. package/dist/{risk-detector-4U6ZJ2G5.js → risk-detector-S7XQF4I2.js} +1 -1
  124. package/dist/{risk-detector-core-TK4OAI3N.js → risk-detector-core-TGFKWHRS.js} +61 -3
  125. package/dist/risk-detector-plpgsql-O32TUR34.js +736 -0
  126. package/dist/{template-check-FFJVDLBF.js → template-check-BDFMT6ZO.js} +1 -1
  127. package/dist/{upgrade-7TWORWBV.js → upgrade-7L4JIE4K.js} +1 -1
  128. package/dist/utils/db-url-utils.d.ts +81 -0
  129. package/dist/validators/risk-detector-plpgsql.d.ts +3 -1
  130. package/dist/{vuln-check-6CMNPSBR.js → vuln-check-D575VXIQ.js} +1 -1
  131. package/dist/{vuln-checker-EJJTNDNE.js → vuln-checker-QV6XODTJ.js} +1 -1
  132. package/dist/{watch-PNTKZYFB.js → watch-AL4LCBRM.js} +1 -1
  133. package/dist/{workflow-H75N4BXX.js → workflow-UZIZ2JUS.js} +2 -3
  134. package/package.json +3 -3
  135. package/dist/chunk-AKZAN4BC.js +0 -90
  136. package/dist/commands/ci/machine/actors/finalize/summary.d.ts +0 -32
package/dist/{risk-detector-4U6ZJ2G5.js → risk-detector-S7XQF4I2.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env node
2
2
  import { createRequire } from 'module';
3
- export { categorizeRisks, detectSchemaRisks } from './chunk-H2AHNI75.js';
3
+ export { categorizeRisks, detectSchemaRisks } from './chunk-PAWNJA3N.js';
4
4
  import './chunk-VRXHCR5K.js';
5
5
 
6
6
  createRequire(import.meta.url);
package/dist/{risk-detector-core-TK4OAI3N.js → risk-detector-core-TGFKWHRS.js} RENAMED
@@ -35,10 +35,26 @@ var MAX_SCHEMA_RISK_ANALYSIS_BYTES = Math.max(
35
35
  )
36
36
  );
37
37
  var SCAN_ABORT_REASON_CODE = "SCHEMA_SCAN_TOO_LARGE";
38
+ var IDEMPOTENT_SQL_PATH_PATTERN = /[\\/]supabase[\\/]schemas[\\/]idempotent[\\/]/i;
39
+ var SESSION_SEARCH_PATH_WITH_EXTENSIONS = /\bSET\s+(?:LOCAL\s+)?search_path\s+TO\b[^;]*\bextensions\b/i;
40
+ var UNQUALIFIED_EXTENSION_REFERENCE_PATTERNS = [
41
+ {
42
+ pattern: /(^|[^A-Za-z0-9_."'])(geometry|geography|vector|halfvec|sparsevec)\s*\(/gim,
43
+ detail: "unqualified extension type reference"
44
+ },
45
+ {
46
+ pattern: /(^|[^A-Za-z0-9_."'])(st_[a-z_][a-z0-9_]*)\s*\(/gim,
47
+ detail: "unqualified PostGIS function reference"
48
+ },
49
+ {
50
+ pattern: /(<->|<=>|<#>)/g,
51
+ detail: "pgvector operator reference"
52
+ }
53
+ ];
38
54
  var plpgsqlModulePromise = null;
39
55
  async function loadPlpgsqlRiskDetectorModule() {
40
56
  if (!plpgsqlModulePromise) {
41
- plpgsqlModulePromise = import('./risk-detector-plpgsql-HWKS4OLR.js').catch((error) => {
57
+ plpgsqlModulePromise = import('./risk-detector-plpgsql-O32TUR34.js').catch((error) => {
42
58
  plpgsqlModulePromise = null;
43
59
  throw error;
44
60
  });
@@ -82,6 +98,37 @@ function detectForeignKeyRisks(searchableContent, originalContent, lineStarts) {
82
98
  }
83
99
  return risks;
84
100
  }
101
+ function detectIdempotentSearchPathRisk(filePath, searchableContent, originalContent, lineStarts) {
102
+ if (!IDEMPOTENT_SQL_PATH_PATTERN.test(filePath)) {
103
+ return [];
104
+ }
105
+ if (SESSION_SEARCH_PATH_WITH_EXTENSIONS.test(searchableContent)) {
106
+ return [];
107
+ }
108
+ for (const { pattern, detail } of UNQUALIFIED_EXTENSION_REFERENCE_PATTERNS) {
109
+ pattern.lastIndex = 0;
110
+ const match = pattern.exec(searchableContent);
111
+ if (!match) continue;
112
+ const prefixLength = match[1]?.length ?? 0;
113
+ const matchIndex = (match.index ?? 0) + prefixLength;
114
+ return [
115
+ {
116
+ level: "medium",
117
+ description: "Idempotent SQL references extension objects without local SET search_path; separate psql sessions do not inherit declarative search_path",
118
+ mitigation: 'Add `SET search_path TO "$user", public, extensions;` to this idempotent file or schema-qualify extension objects such as `extensions.vector(...)`.',
119
+ line: lineNumberFromIndex(originalContent, matchIndex, lineStarts),
120
+ reasonCode: "IDEMPOTENT_EXTENSION_SEARCH_PATH_REQUIRED",
121
+ confidence: "high",
122
+ evidence: {
123
+ source: "detectSchemaRisks",
124
+ snippet: match[0].trim(),
125
+ detail
126
+ }
127
+ }
128
+ ];
129
+ }
130
+ return [];
131
+ }
85
132
  async function detectSchemaRisks(filePath) {
86
133
  try {
87
134
  if (!existsSync(filePath)) {
@@ -97,10 +144,21 @@ async function detectSchemaRisks(filePath) {
97
144
  const searchableContent = stripSqlStringsPreserveLines(commentStripped);
98
145
  const contentLineStarts = buildLineStarts(content);
99
146
  const contentRisks = detectRisksFromContent(searchableContent, content, contentLineStarts);
147
+ const idempotentSearchPathRisks = detectIdempotentSearchPathRisk(
148
+ filePath,
149
+ searchableContent,
150
+ content,
151
+ contentLineStarts
152
+ );
100
153
  const { detectPlpgsqlDynamicExecutionRisks } = await loadPlpgsqlRiskDetectorModule();
101
- const plpgsqlRisks = detectPlpgsqlDynamicExecutionRisks(maskedContent);
154
+ const plpgsqlRisks = await detectPlpgsqlDynamicExecutionRisks(maskedContent, { filePath });
102
155
  const fkRisks = detectForeignKeyRisks(searchableContent, content, contentLineStarts);
103
- const risks = deduplicateSchemaRisksBySeverity([...contentRisks, ...plpgsqlRisks, ...fkRisks]);
156
+ const risks = deduplicateSchemaRisksBySeverity([
157
+ ...contentRisks,
158
+ ...idempotentSearchPathRisks,
159
+ ...plpgsqlRisks,
160
+ ...fkRisks
161
+ ]);
104
162
  return risks;
105
163
  } catch (error) {
106
164
  const message = error instanceof Error ? error.message : "Unknown parse error";