@supabase/pg-delta 1.0.0-alpha.24 → 1.0.0-alpha.25

package/src/core/objects/foreign-data-wrapper/server/changes/server.create.test.ts

@@ -141,4 +141,40 @@ describe("server", () => {
       "CREATE SERVER test_server TYPE 'postgres_fdw' VERSION '1.0' FOREIGN DATA WRAPPER test_fdw OPTIONS (host 'localhost', port '5432')",
     );
   });
+
+  test("redacts sensitive option values to prevent secret leakage (CLI-1467)", async () => {
+    const server = new Server({
+      name: "live_risk_server",
+      owner: "postgres",
+      foreign_data_wrapper: "postgres_fdw",
+      type: null,
+      version: null,
+      options: [
+        "host",
+        "remote.example.com",
+        "port",
+        "5432",
+        "password",
+        "server-shared-secret",
+        "passfile",
+        "/etc/secrets/passfile",
+      ],
+      comment: null,
+      privileges: [],
+    });
+
+    const change = new CreateServer({
+      server,
+    });
+
+    await assertValidSql(change.serialize());
+
+    const sql = change.serialize();
+    expect(sql).not.toContain("server-shared-secret");
+    expect(sql).not.toContain("/etc/secrets/passfile");
+    expect(sql).toContain("host 'remote.example.com'");
+    expect(sql).toContain("port '5432'");
+    expect(sql).toContain("password '__OPTION_PASSWORD__'");
+    expect(sql).toContain("passfile '__OPTION_PASSFILE__'");
+  });
 });

package/src/core/objects/foreign-data-wrapper/server/changes/server.create.ts

@@ -1,6 +1,7 @@
 import type { SerializeOptions } from "../../../../integrations/serialize/serialize.types.ts";
 import { quoteLiteral } from "../../../base.change.ts";
 import { stableId } from "../../../utils.ts";
+import { redactOptionValue } from "../../sensitive-options.ts";
 import type { Server } from "../server.model.ts";
 import { CreateServerChange } from "./server.base.ts";
 
@@ -66,11 +67,12 @@ export class CreateServer extends CreateServerChange {
     if (this.server.options && this.server.options.length > 0) {
       const optionPairs: string[] = [];
       for (let i = 0; i < this.server.options.length; i += 2) {
-        if (i + 1 < this.server.options.length) {
-          optionPairs.push(
-            `${this.server.options[i]} ${quoteLiteral(this.server.options[i + 1])}`,
-          );
-        }
+        const key = this.server.options[i];
+        const value = this.server.options[i + 1];
+        if (key === undefined || value === undefined) continue;
+        optionPairs.push(
+          `${key} ${quoteLiteral(redactOptionValue(key, value))}`,
+        );
       }
       if (optionPairs.length > 0) {
         parts.push(`OPTIONS (${optionPairs.join(", ")})`);

package/src/core/objects/foreign-data-wrapper/server/server.model.ts

@@ -80,6 +80,16 @@ export class Server extends BasePgModel {
   }
 }
 
+/**
+ * Extract `pg_foreign_server` rows into `Server` models.
+ *
+ * The returned models carry option values **verbatim** from
+ * `pg_foreign_server.srvoptions`, which means cleartext secrets like
+ * `password` are present in memory. Always route through
+ * `extractCatalog` (which calls `normalizeCatalog`) before emitting
+ * options to any output channel — see CLI-1467 and
+ * `packages/pg-delta/src/core/objects/foreign-data-wrapper/sensitive-options.ts`.
+ */
 export async function extractServers(pool: Pool): Promise<Server[]> {
   const { rows: serverRows } = await pool.query<ServerProps>(sql`
       select

package/src/core/objects/foreign-data-wrapper/user-mapping/changes/user-mapping.alter.test.ts

@@ -23,10 +23,43 @@ describe.concurrent("user-mapping", () => {
       await assertValidSql(change.serialize());
 
       expect(change.serialize()).toBe(
-        "ALTER USER MAPPING FOR test_user SERVER test_server OPTIONS (ADD user 'remote_user', ADD password 'secret')",
+        "ALTER USER MAPPING FOR test_user SERVER test_server OPTIONS (ADD user 'remote_user', ADD password '__OPTION_PASSWORD__')",
       );
     });
 
+    test("redacts sensitive option values to prevent secret leakage (CLI-1467)", async () => {
+      const props: UserMappingProps = {
+        user: "postgres",
+        server: "live_risk_server",
+        options: null,
+      };
+      const userMapping = new UserMapping(props);
+      const change = new AlterUserMappingSetOptions({
+        userMapping,
+        options: [
+          { action: "ADD", option: "password", value: "real-user-password" },
+          { action: "SET", option: "user", value: "fdw_reader" },
+          {
+            action: "ADD",
+            option: "passfile",
+            value: "/etc/secrets/passfile",
+          },
+          { action: "SET", option: "sslpassword", value: "ssl-secret" },
+        ],
+      });
+
+      await assertValidSql(change.serialize());
+
+      const sql = change.serialize();
+      expect(sql).not.toContain("real-user-password");
+      expect(sql).not.toContain("/etc/secrets/passfile");
+      expect(sql).not.toContain("ssl-secret");
+      expect(sql).toContain("SET user 'fdw_reader'");
+      expect(sql).toContain("ADD password '__OPTION_PASSWORD__'");
+      expect(sql).toContain("ADD passfile '__OPTION_PASSFILE__'");
+      expect(sql).toContain("SET sslpassword '__OPTION_SSLPASSWORD__'");
+    });
+
     test("set options SET", async () => {
       const props: UserMappingProps = {
         user: "test_user",
@@ -42,7 +75,7 @@ describe.concurrent("user-mapping", () => {
       await assertValidSql(change.serialize());
 
       expect(change.serialize()).toBe(
-        "ALTER USER MAPPING FOR test_user SERVER test_server OPTIONS (SET password 'new_secret')",
+        "ALTER USER MAPPING FOR test_user SERVER test_server OPTIONS (SET password '__OPTION_PASSWORD__')",
       );
     });
 
@@ -75,16 +108,16 @@ describe.concurrent("user-mapping", () => {
       const change = new AlterUserMappingSetOptions({
         userMapping,
         options: [
-          { action: "ADD", option: "new_option", value: "new_value" },
-          { action: "SET", option: "existing_option", value: "updated_value" },
-          { action: "DROP", option: "old_option" },
+          { action: "ADD", option: "user", value: "remote_user" },
+          { action: "SET", option: "sslmode", value: "require" },
+          { action: "DROP", option: "application_name" },
         ],
       });
 
       await assertValidSql(change.serialize());
 
       expect(change.serialize()).toBe(
-        "ALTER USER MAPPING FOR PUBLIC SERVER test_server OPTIONS (ADD new_option 'new_value', SET existing_option 'updated_value', DROP old_option)",
+        "ALTER USER MAPPING FOR PUBLIC SERVER test_server OPTIONS (ADD user 'remote_user', SET sslmode 'require', DROP application_name)",
       );
     });
   });

package/src/core/objects/foreign-data-wrapper/user-mapping/changes/user-mapping.alter.ts

@@ -1,5 +1,6 @@
 import type { SerializeOptions } from "../../../../integrations/serialize/serialize.types.ts";
 import { quoteLiteral } from "../../../base.change.ts";
+import { redactOptionValue } from "../../sensitive-options.ts";
 import type { UserMapping } from "../user-mapping.model.ts";
 import { AlterUserMappingChange } from "./user-mapping.base.ts";
 
@@ -53,7 +54,10 @@ export class AlterUserMappingSetOptions extends AlterUserMappingChange {
       if (opt.action === "DROP") {
         optionParts.push(`DROP ${opt.option}`);
       } else {
-        const value = opt.value !== undefined ? quoteLiteral(opt.value) : "''";
+        const value =
+          opt.value !== undefined
+            ? quoteLiteral(redactOptionValue(opt.option, opt.value))
+            : "''";
         optionParts.push(`${opt.action} ${opt.option} ${value}`);
       }
     }

package/src/core/objects/foreign-data-wrapper/user-mapping/changes/user-mapping.create.test.ts

@@ -72,7 +72,7 @@ describe("user-mapping", () => {
     await assertValidSql(change.serialize());
 
     expect(change.serialize()).toBe(
-      "CREATE USER MAPPING FOR test_user SERVER test_server OPTIONS (user 'remote_user', password 'secret')",
+      "CREATE USER MAPPING FOR test_user SERVER test_server OPTIONS (user 'remote_user', password '__OPTION_PASSWORD__')",
     );
   });
 
@@ -90,7 +90,43 @@ describe("user-mapping", () => {
     await assertValidSql(change.serialize());
 
     expect(change.serialize()).toBe(
-      "CREATE USER MAPPING FOR PUBLIC SERVER test_server OPTIONS (user 'remote_user', password 'secret')",
+      "CREATE USER MAPPING FOR PUBLIC SERVER test_server OPTIONS (user 'remote_user', password '__OPTION_PASSWORD__')",
     );
   });
+
+  test("redacts sensitive option values to prevent secret leakage (CLI-1467)", async () => {
+    const userMapping = new UserMapping({
+      user: "postgres",
+      server: "live_risk_server",
+      options: [
+        "user",
+        "fdw_reader",
+        "password",
+        "real-user-password",
+        "passfile",
+        "/etc/secrets/passfile",
+        "sslpassword",
+        "ssl-secret",
+        "passcode",
+        "krb-passcode",
+      ],
+    });
+
+    const change = new CreateUserMapping({
+      userMapping,
+    });
+
+    await assertValidSql(change.serialize());
+
+    const sql = change.serialize();
+    expect(sql).not.toContain("real-user-password");
+    expect(sql).not.toContain("/etc/secrets/passfile");
+    expect(sql).not.toContain("ssl-secret");
+    expect(sql).not.toContain("krb-passcode");
+    expect(sql).toContain("user 'fdw_reader'");
+    expect(sql).toContain("password '__OPTION_PASSWORD__'");
+    expect(sql).toContain("passfile '__OPTION_PASSFILE__'");
+    expect(sql).toContain("sslpassword '__OPTION_SSLPASSWORD__'");
+    expect(sql).toContain("passcode '__OPTION_PASSCODE__'");
+  });
 });

package/src/core/objects/foreign-data-wrapper/user-mapping/changes/user-mapping.create.ts

@@ -1,6 +1,7 @@
 import type { SerializeOptions } from "../../../../integrations/serialize/serialize.types.ts";
 import { quoteLiteral } from "../../../base.change.ts";
 import { stableId } from "../../../utils.ts";
+import { redactOptionValue } from "../../sensitive-options.ts";
 import type { UserMapping } from "../user-mapping.model.ts";
 import { CreateUserMappingChange } from "./user-mapping.base.ts";
 
@@ -51,11 +52,12 @@ export class CreateUserMapping extends CreateUserMappingChange {
     if (this.userMapping.options && this.userMapping.options.length > 0) {
       const optionPairs: string[] = [];
       for (let i = 0; i < this.userMapping.options.length; i += 2) {
-        if (i + 1 < this.userMapping.options.length) {
-          optionPairs.push(
-            `${this.userMapping.options[i]} ${quoteLiteral(this.userMapping.options[i + 1])}`,
-          );
-        }
+        const key = this.userMapping.options[i];
+        const value = this.userMapping.options[i + 1];
+        if (key === undefined || value === undefined) continue;
+        optionPairs.push(
+          `${key} ${quoteLiteral(redactOptionValue(key, value))}`,
+        );
       }
       if (optionPairs.length > 0) {
         parts.push(`OPTIONS (${optionPairs.join(", ")})`);

package/src/core/objects/foreign-data-wrapper/user-mapping/user-mapping.model.ts

@@ -56,6 +56,16 @@ export class UserMapping extends BasePgModel {
   }
 }
 
+/**
+ * Extract `pg_user_mapping` rows into `UserMapping` models.
+ *
+ * The returned models carry option values **verbatim** from
+ * `pg_user_mapping.umoptions`, which means cleartext secrets like
+ * `password` are present in memory. Always route through
+ * `extractCatalog` (which calls `normalizeCatalog`) before emitting
+ * options to any output channel — see CLI-1467 and
+ * `packages/pg-delta/src/core/objects/foreign-data-wrapper/sensitive-options.ts`.
+ */
 export async function extractUserMappings(pool: Pool): Promise<UserMapping[]> {
   const { rows: mappingRows } = await pool.query<UserMappingProps>(sql`
       select

package/src/core/objects/table/table.model.ts

@@ -341,8 +341,13 @@ select
           'no_inherit', c.connoinherit,
           'is_temporal', coalesce((to_jsonb(c)->>'conperiod')::boolean, false),
 
-          -- NEW: propagated-to-partition tagging (PG15+)
-          'is_partition_clone', (c.conparentid <> 0::oid),
+          -- Inherited from a parent (partition or classical inheritance).
+          -- coninhcount > 0 is the canonical signal across every constraint
+          -- kind. We previously used conparentid <> 0, but PostgreSQL only
+          -- populates conparentid for PK / UNIQUE / FK on partitions; CHECK
+          -- constraints on partitions always have conparentid = 0 and were
+          -- being re-emitted on every child, failing apply with 42710.
+          'is_partition_clone', (c.coninhcount > 0),
           'parent_constraint_schema', case when c.conparentid <> 0::oid then pc.connamespace::regnamespace::text end,
           'parent_constraint_name',   case when c.conparentid <> 0::oid then quote_ident(pc.conname) end,
           'parent_table_schema',      case when c.conparentid <> 0::oid then pc_rel.relnamespace::regnamespace::text end,

package/src/core/plan/sql-format/format-off.test.ts

@@ -689,7 +689,7 @@ describe("sql formatting snapshots", () => {
       COMMENT ON SUBSCRIPTION sub_replica IS NULL;
 
       -- fdw.create
-      CREATE FOREIGN DATA WRAPPER postgres_fdw HANDLER postgres_fdw_handler VALIDATOR postgres_fdw_validator OPTIONS (debug 'true');
+      CREATE FOREIGN DATA WRAPPER postgres_fdw HANDLER postgres_fdw_handler VALIDATOR postgres_fdw_validator OPTIONS (debug '__OPTION_DEBUG__');
 
       -- fdw.drop
       DROP FOREIGN DATA WRAPPER postgres_fdw;
@@ -698,7 +698,7 @@ describe("sql formatting snapshots", () => {
       ALTER FOREIGN DATA WRAPPER postgres_fdw OWNER TO new_owner;
 
       -- fdw.alter.set_options
-      ALTER FOREIGN DATA WRAPPER postgres_fdw OPTIONS (SET debug 'false', ADD use_remote_estimate '');
+      ALTER FOREIGN DATA WRAPPER postgres_fdw OPTIONS (SET debug '__OPTION_DEBUG__', ADD use_remote_estimate '');
 
       -- fdw.comment
       COMMENT ON FOREIGN DATA WRAPPER postgres_fdw IS 'PostgreSQL foreign data wrapper';
@@ -794,13 +794,13 @@ describe("sql formatting snapshots", () => {
       REVOKE GRANT OPTION FOR ALL ON SERVER remote_server FROM app_user;
 
       -- user_mapping.create
-      CREATE USER MAPPING FOR app_user SERVER remote_server OPTIONS (user 'remote_app', password 'secret123');
+      CREATE USER MAPPING FOR app_user SERVER remote_server OPTIONS (user 'remote_app', password '__OPTION_PASSWORD__');
 
       -- user_mapping.drop
       DROP USER MAPPING FOR app_user SERVER remote_server;
 
       -- user_mapping.alter.set_options
-      ALTER USER MAPPING FOR app_user SERVER remote_server OPTIONS (SET password 'new_secret');"
+      ALTER USER MAPPING FOR app_user SERVER remote_server OPTIONS (SET password '__OPTION_PASSWORD__');"
     `);
   });
 });

package/src/core/plan/sql-format/format-pretty-lower-leading.test.ts

@@ -912,7 +912,7 @@ describe("sql formatting snapshots", () => {
       create foreign data wrapper postgres_fdw
           handler postgres_fdw_handler
           validator postgres_fdw_validator
-          options (debug 'true');
+          options (debug '__OPTION_DEBUG__');
 
       -- fdw.drop
       drop foreign data wrapper postgres_fdw;
@@ -924,7 +924,7 @@ describe("sql formatting snapshots", () => {
       -- fdw.alter.set_options
       alter foreign data wrapper postgres_fdw
           options (
-                SET debug 'false'
+                SET debug '__OPTION_DEBUG__'
               , ADD use_remote_estimate ''
           );
 
@@ -1049,13 +1049,13 @@ describe("sql formatting snapshots", () => {
 
       -- user_mapping.create
       create user mapping for app_user server remote_server
-          options (user 'remote_app', password 'secret123');
+          options (user 'remote_app', password '__OPTION_PASSWORD__');
 
       -- user_mapping.drop
       drop user mapping for app_user server remote_server;
 
       -- user_mapping.alter.set_options
-      alter user mapping for app_user server remote_server options (SET password 'new_secret');"
+      alter user mapping for app_user server remote_server options (SET password '__OPTION_PASSWORD__');"
     `);
   });
 });

package/src/core/plan/sql-format/format-pretty-narrow.test.ts

@@ -1094,7 +1094,7 @@ describe("sql formatting snapshots", () => {
       CREATE FOREIGN DATA WRAPPER postgres_fdw
         HANDLER postgres_fdw_handler
         VALIDATOR postgres_fdw_validator
-        OPTIONS (debug 'true');
+        OPTIONS (debug '__OPTION_DEBUG__');
 
       -- fdw.drop
       DROP FOREIGN DATA WRAPPER postgres_fdw;
@@ -1106,7 +1106,7 @@ describe("sql formatting snapshots", () => {
       -- fdw.alter.set_options
       ALTER FOREIGN DATA WRAPPER postgres_fdw
         OPTIONS (
-          SET debug 'false',
+          SET debug '__OPTION_DEBUG__',
           ADD use_remote_estimate ''
         );
 
@@ -1264,7 +1264,7 @@ describe("sql formatting snapshots", () => {
         remote_server
         OPTIONS
         (user 'remote_app', password
-        'secret123');
+        '__OPTION_PASSWORD__');
 
       -- user_mapping.drop
       DROP USER MAPPING FOR app_user SERVER
@@ -1273,7 +1273,8 @@ describe("sql formatting snapshots", () => {
       -- user_mapping.alter.set_options
       ALTER USER MAPPING FOR app_user SERVER
         remote_server
-        OPTIONS (SET password 'new_secret');"
+        OPTIONS
+        (SET password '__OPTION_PASSWORD__');"
     `);
   });
 });

package/src/core/plan/sql-format/format-pretty-preserve.test.ts

@@ -908,7 +908,7 @@ describe("sql formatting snapshots", () => {
       CREATE FOREIGN DATA WRAPPER postgres_fdw
          HANDLER postgres_fdw_handler
          VALIDATOR postgres_fdw_validator
-         OPTIONS (debug 'true');
+         OPTIONS (debug '__OPTION_DEBUG__');
 
       -- fdw.drop
       DROP FOREIGN DATA WRAPPER postgres_fdw;
@@ -920,7 +920,7 @@ describe("sql formatting snapshots", () => {
       -- fdw.alter.set_options
       ALTER FOREIGN DATA WRAPPER postgres_fdw
          OPTIONS (
-            SET debug 'false',
+            SET debug '__OPTION_DEBUG__',
             ADD use_remote_estimate ''
          );
 
@@ -1045,13 +1045,13 @@ describe("sql formatting snapshots", () => {
 
       -- user_mapping.create
       CREATE USER MAPPING FOR app_user SERVER remote_server
-         OPTIONS (user 'remote_app', password 'secret123');
+         OPTIONS (user 'remote_app', password '__OPTION_PASSWORD__');
 
       -- user_mapping.drop
       DROP USER MAPPING FOR app_user SERVER remote_server;
 
       -- user_mapping.alter.set_options
-      ALTER USER MAPPING FOR app_user SERVER remote_server OPTIONS (SET password 'new_secret');"
+      ALTER USER MAPPING FOR app_user SERVER remote_server OPTIONS (SET password '__OPTION_PASSWORD__');"
     `);
   });
 });

package/src/core/plan/sql-format/format-pretty-upper.test.ts

@@ -899,7 +899,7 @@ describe("sql formatting snapshots", () => {
       CREATE FOREIGN DATA WRAPPER postgres_fdw
         HANDLER postgres_fdw_handler
         VALIDATOR postgres_fdw_validator
-        OPTIONS (debug 'true');
+        OPTIONS (debug '__OPTION_DEBUG__');
 
       -- fdw.drop
       DROP FOREIGN DATA WRAPPER postgres_fdw;
@@ -911,7 +911,7 @@ describe("sql formatting snapshots", () => {
       -- fdw.alter.set_options
       ALTER FOREIGN DATA WRAPPER postgres_fdw
         OPTIONS (
-          SET debug 'false',
+          SET debug '__OPTION_DEBUG__',
           ADD use_remote_estimate ''
         );
 
@@ -1036,13 +1036,13 @@ describe("sql formatting snapshots", () => {
 
       -- user_mapping.create
       CREATE USER MAPPING FOR app_user SERVER remote_server
-        OPTIONS (user 'remote_app', password 'secret123');
+        OPTIONS (user 'remote_app', password '__OPTION_PASSWORD__');
 
       -- user_mapping.drop
       DROP USER MAPPING FOR app_user SERVER remote_server;
 
       -- user_mapping.alter.set_options
-      ALTER USER MAPPING FOR app_user SERVER remote_server OPTIONS (SET password 'new_secret');"
+      ALTER USER MAPPING FOR app_user SERVER remote_server OPTIONS (SET password '__OPTION_PASSWORD__');"
     `);
   });
 });