@tejasanik/postgres-mcp-server 2.1.0 → 2.2.0

package/dist/utils/validation.js

@@ -1,24 +1,168 @@
+import { MAX_SQL_LENGTH_FOR_REGEX } from '../tools/sql/utils/constants.js';
+/** Maximum identifier length in PostgreSQL */
+const MAX_IDENTIFIER_LENGTH = 63;
+/** Pattern for valid unquoted PostgreSQL identifier part */
+const UNQUOTED_IDENTIFIER_PATTERN = /^[a-zA-Z_][a-zA-Z0-9_$]*$/;
+/** Pattern for quoted identifier content (allows Unicode and most characters) */
+// Using [^"]|"" instead of [^"]+|"" to avoid potential ReDoS from nested quantifiers
+const QUOTED_IDENTIFIER_PATTERN = /^"(?:[^"]|"")*"$/;
+/** SQL injection patterns that should never appear in identifiers */
+const SQL_INJECTION_PATTERNS = [
+    /;/, // Statement terminator
+    /--/, // Line comment start
+    /\/\*/, // Block comment start
+    /\*\//, // Block comment end
+];
+/**
+ * Validates a single PostgreSQL identifier part (without schema).
+ * Supports both unquoted and quoted identifiers.
+ *
+ * @param part - The identifier part to validate
+ * @param fieldName - Field name for error messages
+ * @returns The validated identifier part
+ * @throws Error if the identifier is invalid
+ */
+function validateIdentifierPart(part, fieldName) {
+    if (!part || typeof part !== 'string') {
+        throw new Error(`${fieldName} is required and must be a string`);
+    }
+    // Check for SQL injection patterns
+    for (const pattern of SQL_INJECTION_PATTERNS) {
+        if (pattern.test(part)) {
+            throw new Error(`${fieldName} contains potentially dangerous SQL characters`);
+        }
+    }
+    // Handle quoted identifiers (allow Unicode)
+    if (part.startsWith('"') && part.endsWith('"')) {
+        if (!QUOTED_IDENTIFIER_PATTERN.test(part)) {
+            throw new Error(`${fieldName} has invalid quoted identifier syntax. Use "" to escape internal quotes.`);
+        }
+        // Extract content without quotes for length check
+        const content = part.slice(1, -1).replace(/""/g, '"');
+        if (content.length > MAX_IDENTIFIER_LENGTH) {
+            throw new Error(`${fieldName} must be ${MAX_IDENTIFIER_LENGTH} characters or less (excluding quotes)`);
+        }
+        return part;
+    }
+    // Unquoted identifier validation
+    if (part.length > MAX_IDENTIFIER_LENGTH) {
+        throw new Error(`${fieldName} must be ${MAX_IDENTIFIER_LENGTH} characters or less`);
+    }
+    if (!UNQUOTED_IDENTIFIER_PATTERN.test(part)) {
+        throw new Error(`${fieldName} contains invalid characters. Only letters, numbers, underscores, and dollar signs are allowed, ` +
+            `and it must start with a letter or underscore. Use double quotes for special characters or Unicode.`);
+    }
+    return part;
+}
+/**
+ * Gets the appropriate field name for a part in a qualified identifier.
+ * Extracted to avoid nested ternary operators.
+ *
+ * @param totalParts - Total number of parts in the identifier
+ * @param partIndex - Index of the current part (0-based)
+ * @param fieldName - Base field name for error messages
+ * @returns The appropriate part name for error messages
+ */
+function getPartName(totalParts, partIndex, fieldName) {
+    if (totalParts !== 2) {
+        return fieldName;
+    }
+    return partIndex === 0 ? `${fieldName} schema` : `${fieldName} name`;
+}
 /**
  * Validates and sanitizes PostgreSQL identifiers (table names, column names, etc.)
- * Prevents SQL injection by only allowing valid identifier characters.
+ * Supports schema-qualified names (schema.table) and quoted identifiers.
+ * Prevents SQL injection by validating identifier characters.
+ *
+ * @param identifier - The identifier to validate (e.g., "users", "public.users", '"My Table"')
+ * @param fieldName - Field name for error messages
+ * @param allowQualified - Whether to allow schema-qualified names (default: true)
+ * @returns The validated identifier
+ * @throws Error if the identifier is invalid
+ *
+ * @example
+ * validateIdentifier('users', 'table')           // 'users'
+ * validateIdentifier('public.users', 'table')    // 'public.users'
+ * validateIdentifier('"My Table"', 'table')      // '"My Table"'
+ * validateIdentifier('my_schema."Table"', 'table') // 'my_schema."Table"'
  */
-export function validateIdentifier(identifier, fieldName) {
+export function validateIdentifier(identifier, fieldName, allowQualified = true) {
     if (!identifier || typeof identifier !== 'string') {
         throw new Error(`${fieldName} is required and must be a string`);
     }
-    // PostgreSQL identifier rules:
-    // - Must start with a letter (a-z) or underscore
-    // - Can contain letters, digits, underscores, and dollar signs
-    // - Maximum 63 characters
-    // We're being more restrictive for security
-    const validIdentifierRegex = /^[a-zA-Z_][a-zA-Z0-9_$]*$/;
-    if (identifier.length > 63) {
-        throw new Error(`${fieldName} must be 63 characters or less`);
+    const trimmed = identifier.trim();
+    // Split by unquoted dots (respecting quoted identifiers)
+    const parts = splitQualifiedIdentifier(trimmed);
+    if (parts.length === 0) {
+        throw new Error(`${fieldName} is required and must be a string`);
+    }
+    if (parts.length > 2) {
+        throw new Error(`${fieldName} has too many parts. Maximum format: schema.object`);
+    }
+    if (parts.length === 2 && !allowQualified) {
+        throw new Error(`${fieldName} cannot be schema-qualified. Provide just the object name.`);
+    }
+    // Validate each part
+    for (let i = 0; i < parts.length; i++) {
+        const partName = getPartName(parts.length, i, fieldName);
+        validateIdentifierPart(parts[i], partName);
+    }
+    return trimmed;
+}
+/**
+ * Splits a qualified identifier (e.g., "schema.table" or "schema"."table")
+ * into its parts, respecting quoted identifiers.
+ *
+ * @param identifier - The qualified identifier to split
+ * @returns Array of identifier parts
+ */
+function splitQualifiedIdentifier(identifier) {
+    const parts = [];
+    let current = '';
+    let inQuotes = false;
+    let i = 0;
+    while (i < identifier.length) {
+        const char = identifier[i];
+        if (char === '"') {
+            if (inQuotes && identifier[i + 1] === '"') {
+                // Escaped quote inside quoted identifier
+                current += '""';
+                i += 2;
+                continue;
+            }
+            inQuotes = !inQuotes;
+            current += char;
+        }
+        else if (char === '.' && !inQuotes) {
+            // Separator found
+            if (current.trim()) {
+                parts.push(current.trim());
+            }
+            current = '';
+        }
+        else {
+            current += char;
+        }
+        i++;
     }
-    if (!validIdentifierRegex.test(identifier)) {
-        throw new Error(`${fieldName} contains invalid characters. Only letters, numbers, underscores, and dollar signs are allowed, and it must start with a letter or underscore.`);
+    // Add the last part
+    if (current.trim()) {
+        parts.push(current.trim());
     }
-    return identifier;
+    return parts;
+}
+/**
+ * Parses a qualified identifier into schema and object name.
+ *
+ * @param identifier - The identifier to parse (must be pre-validated)
+ * @returns Object with schema (optional) and name
+ */
+export function parseQualifiedIdentifier(identifier) {
+    const parts = splitQualifiedIdentifier(identifier);
+    if (parts.length === 2) {
+        return { schema: parts[0], name: parts[1] };
+    }
+    return { name: parts[0] || identifier };
 }
 /**
  * Escapes a PostgreSQL identifier by doubling any internal double quotes
@@ -33,54 +177,126 @@ export function escapeIdentifier(identifier) {
     return `"${identifier.replace(/"/g, '""')}"`;
 }
 /**
- * Validates SQL for read-only operations more thoroughly.
- * Returns true if the SQL appears to be read-only, false otherwise.
+ * Write operations that should be blocked in read-only mode.
+ * Organized by category for maintainability.
  */
-export function isReadOnlySql(sql) {
-    if (!sql || typeof sql !== 'string') {
-        return { isReadOnly: false, reason: 'SQL is required' };
-    }
-    // Normalize: remove comments, extra whitespace
-    let normalizedSql = sql
-        // Remove single-line comments
-        .replace(/--[^\n]*/g, '')
-        // Remove multi-line comments
-        .replace(/\/\*[\s\S]*?\*\//g, '')
-        // Normalize whitespace
-        .replace(/\s+/g, ' ')
+const WRITE_OPERATIONS = [
+    // DML Operations
+    'INSERT',
+    'UPDATE',
+    'DELETE',
+    'MERGE', // SQL:2008 standard MERGE statement
+    'UPSERT', // PostgreSQL UPSERT pattern
+    // DDL Operations
+    'DROP',
+    'CREATE',
+    'ALTER',
+    'TRUNCATE',
+    'COMMENT ON', // Modifies metadata
+    // Security Operations
+    'GRANT',
+    'REVOKE',
+    'REASSIGN OWNED', // Ownership transfer
+    'SECURITY LABEL', // Security labels
+    // Maintenance Operations (with side effects)
+    'COPY', // Can write to files
+    'VACUUM',
+    'REINDEX',
+    'CLUSTER',
+    'ANALYZE', // Modifies statistics (can affect query plans)
+    'REFRESH MATERIALIZED VIEW',
+    // Lock Operations
+    'LOCK',
+    // Session State Operations
+    'DISCARD',
+    'RESET',
+    'SET ', // Note: space to avoid matching in column names
+    'SET LOCAL',
+    'SET SESSION',
+    // Code Execution
+    'DO', // Anonymous code blocks (no trailing space, \b handles boundary)
+    'CALL', // Stored procedures
+    'EXECUTE', // Dynamic SQL execution
+    // Transaction Control (shouldn't be in read-only queries)
+    'BEGIN',
+    'COMMIT',
+    'ROLLBACK',
+    'SAVEPOINT',
+    'RELEASE SAVEPOINT',
+    // PostgreSQL Extensions
+    'LOAD', // Load shared library
+    'IMPORT FOREIGN SCHEMA',
+    'CREATE SERVER',
+    'CREATE FOREIGN',
+    'NOTIFY', // Send notification
+    'LISTEN', // Subscribe to notifications
+    'UNLISTEN', // Unsubscribe from notifications
+];
+/**
+ * Functions that could have side effects or security implications.
+ */
+const DANGEROUS_FUNCTIONS = [
+    // Large Object Functions
+    'LO_IMPORT',
+    'LO_EXPORT',
+    'LO_UNLINK',
+    'LO_CREATE',
+    'LO_OPEN',
+    'LO_WRITE',
+    'LO_PUT',
+    // File System Functions
+    'PG_READ_FILE',
+    'PG_READ_BINARY_FILE',
+    'PG_WRITE_FILE',
+    'PG_FILE_WRITE',
+    'PG_FILE_UNLINK',
+    'PG_FILE_RENAME',
+    // Remote Connection Functions
+    'DBLINK_EXEC',
+    'DBLINK',
+    'DBLINK_CONNECT',
+    'DBLINK_SEND_QUERY',
+    // Copy Functions
+    'COPY_TO',
+    'COPY_FROM',
+    // System Administration
+    'PG_TERMINATE_BACKEND',
+    'PG_CANCEL_BACKEND',
+    'PG_RELOAD_CONF',
+    'PG_ROTATE_LOGFILE',
+    'PG_SWITCH_WAL',
+    'PG_SWITCH_XLOG',
+    // Sequence Functions (modify state even in rollback)
+    'NEXTVAL',
+    'SETVAL',
+    'CURRVAL', // Only dangerous if called after NEXTVAL
+    // Advisory Lock Functions (can affect other sessions)
+    'PG_ADVISORY_LOCK',
+    'PG_ADVISORY_UNLOCK',
+    'PG_TRY_ADVISORY_LOCK',
+];
+/**
+ * Normalizes SQL for analysis by removing comments and extra whitespace.
+ */
+function normalizeSqlForAnalysis(sql) {
+    return sql
+        .replace(/--[^\n]*/g, '') // Remove single-line comments
+        .replace(/\/\*[\s\S]*?\*\//g, '') // Remove multi-line comments (non-greedy, safe pattern)
+        .replace(/\s+/g, ' ') // Normalize whitespace
         .trim()
         .toUpperCase();
-    // Check for write operations at any position (not just start)
-    const writeOperations = [
-        'INSERT',
-        'UPDATE',
-        'DELETE',
-        'DROP',
-        'CREATE',
-        'ALTER',
-        'TRUNCATE',
-        'GRANT',
-        'REVOKE',
-        'COPY',
-        'VACUUM',
-        'REINDEX',
-        'CLUSTER',
-        'REFRESH MATERIALIZED VIEW',
-        'LOCK',
-        'DISCARD',
-        'RESET',
-        'SET ', // Note: space to avoid matching in column names
-        'DO ', // Anonymous code blocks
-        'CALL', // Stored procedures
-    ];
-    // Check if any write operation appears as a keyword (word boundary check)
-    for (const op of writeOperations) {
-        // Check at start or after common statement separators
+}
+/**
+ * Checks if SQL contains any write operations.
+ * Uses ReDoS-safe patterns with bounded whitespace.
+ */
+function checkWriteOperations(normalizedSql) {
+    for (const op of WRITE_OPERATIONS) {
+        const escapedOp = op.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
         const patterns = [
-            new RegExp(`^${op}\\b`), // At start
-            new RegExp(`\\(\\s*${op}\\b`), // After opening paren (subquery)
-            new RegExp(`;\\s*${op}\\b`), // After semicolon
-            new RegExp(`\\bWITH\\b.*\\bAS\\s*\\(\\s*${op}\\b`, 's'), // In CTE
+            new RegExp(`^${escapedOp}\\b`), // At start
+            new RegExp(`\\(\\s{0,10}${escapedOp}\\b`), // After opening paren
+            new RegExp(`;\\s{0,10}${escapedOp}\\b`), // After semicolon
         ];
         for (const pattern of patterns) {
             if (pattern.test(normalizedSql)) {
@@ -88,32 +304,79 @@ export function isReadOnlySql(sql) {
             }
         }
     }
-    // Check for function calls that could have side effects
-    const dangerousFunctions = [
-        'LO_IMPORT',
-        'LO_EXPORT',
-        'LO_UNLINK',
-        'PG_READ_FILE',
-        'PG_READ_BINARY_FILE',
-        'PG_WRITE_FILE',
-        'DBLINK_EXEC',
-        'DBLINK',
-    ];
-    for (const func of dangerousFunctions) {
-        if (new RegExp(`\\b${func}\\s*\\(`).test(normalizedSql)) {
+    return null;
+}
+/**
+ * Checks for data-modifying CTEs (WITH ... AS (INSERT/UPDATE/DELETE)).
+ */
+function checkCteWriteOperations(normalizedSql) {
+    if (!/\bWITH\b/.test(normalizedSql)) {
+        return null;
+    }
+    for (const op of ['INSERT', 'UPDATE', 'DELETE', 'MERGE']) {
+        if (new RegExp(`\\bAS\\s{0,10}\\(\\s{0,10}${op}\\b`).test(normalizedSql)) {
+            return { isReadOnly: false, reason: `Write operation '${op}' in CTE detected` };
+        }
+    }
+    return null;
+}
+/**
+ * Checks for dangerous function calls that could have side effects.
+ */
+function checkDangerousFunctions(normalizedSql) {
+    for (const func of DANGEROUS_FUNCTIONS) {
+        const escapedFunc = func.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        if (new RegExp(`\\b${escapedFunc}\\s{0,10}\\(`).test(normalizedSql)) {
             return { isReadOnly: false, reason: `Dangerous function '${func}' detected` };
         }
     }
+    return null;
+}
+/**
+ * Validates SQL for read-only operations more thoroughly.
+ * Uses ReDoS-safe patterns and comprehensive operation detection.
+ *
+ * @param sql - The SQL string to validate
+ * @returns Object with isReadOnly flag and optional reason
+ */
+export function isReadOnlySql(sql) {
+    if (!sql || typeof sql !== 'string') {
+        return { isReadOnly: false, reason: 'SQL is required' };
+    }
+    if (sql.length > MAX_SQL_LENGTH_FOR_REGEX) {
+        return {
+            isReadOnly: false,
+            reason: `SQL too large for safe validation (${sql.length} chars, max ${MAX_SQL_LENGTH_FOR_REGEX}). Review manually.`,
+        };
+    }
+    const normalizedSql = normalizeSqlForAnalysis(sql);
+    // Check each category of dangerous operations
+    const writeCheck = checkWriteOperations(normalizedSql);
+    if (writeCheck)
+        return writeCheck;
+    const cteCheck = checkCteWriteOperations(normalizedSql);
+    if (cteCheck)
+        return cteCheck;
+    const funcCheck = checkDangerousFunctions(normalizedSql);
+    if (funcCheck)
+        return funcCheck;
     return { isReadOnly: true };
 }
 /**
- * Validates that a number is within acceptable bounds.
+ * Validates that a value is a positive integer within acceptable bounds.
+ *
+ * @param value - The value to validate (can be number, string, or undefined/null)
+ * @param fieldName - Name of the field for error messages
+ * @param min - Minimum allowed value (default: 1)
+ * @param max - Maximum allowed value (default: 10000)
+ * @returns The validated integer value
+ * @throws Error if value is not a valid integer within bounds
  */
 export function validatePositiveInteger(value, fieldName, min = 1, max = 10000) {
     if (value === undefined || value === null) {
         return min;
     }
-    const num = parseInt(value, 10);
+    const num = typeof value === 'number' ? value : parseInt(String(value), 10);
     if (isNaN(num) || num < min || num > max) {
         throw new Error(`${fieldName} must be an integer between ${min} and ${max}`);
     }

package/dist/utils/validation.js.map

@@ -1 +1 @@
-{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB,EAAE,SAAiB;IACtE,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,+BAA+B;IAC/B,iDAAiD;IACjD,+DAA+D;IAC/D,0BAA0B;IAC1B,4CAA4C;IAC5C,MAAM,oBAAoB,GAAG,2BAA2B,CAAC;IAEzD,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,gCAAgC,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,gJAAgJ,CAAC,CAAC;IAChL,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkB;IACjD,iBAAiB;IACjB,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,uDAAuD;IACvD,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAC1D,CAAC;IAED,+CAA+C;IAC/C,IAAI,aAAa,GAAG,GAAG;QACrB,8BAA8B;SAC7B,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;QACzB,6BAA6B;SAC5B,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC;QACjC,uBAAuB;SACtB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE;SACN,WAAW,EAAE,CAAC;IAEjB,8DAA8D;IAC9D,MAAM,eAAe,GAAG;QACtB,QAAQ;QACR,QAAQ;QACR,QAAQ;QACR,MAAM;QACN,QAAQ;QACR,OAAO;QACP,UAAU;QACV,OAAO;QACP,QAAQ;QACR,MAAM;QACN,QAAQ;QACR,SAAS;QACT,SAAS;QACT,2BAA2B;QAC3B,MAAM;QACN,SAAS;QACT,OAAO;QACP,MAAM,EAAG,gDAAgD;QACzD,KAAK,EAAI,wBAAwB;QACjC,MAAM,EAAG,oBAAoB;KAC9B,CAAC;IAEF,0EAA0E;IAC1E,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;QACjC,sDAAsD;QACtD,MAAM,QAAQ,GAAG;YACf,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,EAAY,WAAW;YAC9C,IAAI,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,EAAM,iCAAiC;YACpE,IAAI,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAQ,kBAAkB;YACrD,IAAI,MAAM,CAAC,+BAA+B,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,SAAS;SACnE,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBAChC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,MAAM,kBAAkB,GAAG;QACzB,WAAW;QACX,WAAW;QACX,WAAW;QACX,cAAc;QACd,qBAAqB;QACrB,eAAe;QACf,aAAa;QACb,QAAQ;KACT,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,IAAI,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YACxD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,IAAI,YAAY,EAAE,CAAC;QAChF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAU,EAAE,SAAiB,EAAE,MAAc,CAAC,EAAE,MAAc,KAAK;IACzG,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAChC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,IAAI,GAAG,GAAG,GAAG,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,+BAA+B,GAAG,QAAQ,GAAG,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACtE,MAAM,UAAU,GAAG,CAAC,SAAS,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,sBAAsB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAE3E,8CAA8C;AAC9C,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAEjC,4DAA4D;AAC5D,MAAM,2BAA2B,GAAG,2BAA2B,CAAC;AAEhE,iFAAiF;AACjF,qFAAqF;AACrF,MAAM,yBAAyB,GAAG,kBAAkB,CAAC;AAErD,qEAAqE;AACrE,MAAM,sBAAsB,GAAG;IAC7B,GAAG,EAAY,uBAAuB;IACtC,IAAI,EAAW,qBAAqB;IACpC,MAAM,EAAS,sBAAsB;IACrC,MAAM,EAAS,oBAAoB;CACpC,CAAC;AAEF;;;;;;;;GAQG;AACH,SAAS,sBAAsB,CAAC,IAAY,EAAE,SAAiB;IAC7D,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,mCAAmC;IACnC,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,gDAAgD,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,0EAA0E,CAAC,CAAC;QAC1G,CAAC;QACD,kDAAkD;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,OAAO,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,YAAY,qBAAqB,wCAAwC,CAAC,CAAC;QACzG,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iCAAiC;IACjC,IAAI,IAAI,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,YAAY,qBAAqB,qBAAqB,CAAC,CAAC;IACtF,CAAC;IAED,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CACb,GAAG,SAAS,kGAAkG;YAC9G,qGAAqG,CACtG,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAE,SAAiB;IAC3E,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,OAAO,CAAC;AACvE,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAAkB,EAClB,SAAiB,EACjB,iBAA0B,IAAI;IAE9B,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAElC,yDAAyD;IACzD,MAAM,KAAK,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAEhD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,oDAAoD,CAAC,CAAC;IACpF,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,4DAA4D,CAAC,CAAC;IAC5F,CAAC;IAED,qBAAqB;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;QACzD,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAE3B,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,IAAI,QAAQ,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC1C,yCAAyC;gBACzC,OAAO,IAAI,IAAI,CAAC;gBAChB,CAAC,IAAI,CAAC,CAAC;gBACP,SAAS;YACX,CAAC;YACD,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrC,kBAAkB;YAClB,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7B,CAAC;YACD,OAAO,GAAG,EAAE,CAAC;QACf,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;QACD,CAAC,EAAE,CAAC;IACN,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,UAAkB;IACzD,MAAM,KAAK,GAAG,wBAAwB,CAAC,UAAU,CAAC,CAAC;IAEnD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkB;IACjD,iBAAiB;IACjB,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,uDAAuD;IACvD,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,gBAAgB,GAAsB;IAC1C,iBAAiB;IACjB,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO,EAAe,oCAAoC;IAC1D,QAAQ,EAAc,4BAA4B;IAClD,iBAAiB;IACjB,MAAM;IACN,QAAQ;IACR,OAAO;IACP,UAAU;IACV,YAAY,EAAU,oBAAoB;IAC1C,sBAAsB;IACtB,OAAO;IACP,QAAQ;IACR,gBAAgB,EAAM,qBAAqB;IAC3C,gBAAgB,EAAM,kBAAkB;IACxC,6CAA6C;IAC7C,MAAM,EAAgB,qBAAqB;IAC3C,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS,EAAa,+CAA+C;IACrE,2BAA2B;IAC3B,kBAAkB;IAClB,MAAM;IACN,2BAA2B;IAC3B,SAAS;IACT,OAAO;IACP,MAAM,EAAgB,gDAAgD;IACtE,WAAW;IACX,aAAa;IACb,iBAAiB;IACjB,IAAI,EAAkB,iEAAiE;IACvF,MAAM,EAAgB,oBAAoB;IAC1C,SAAS,EAAa,wBAAwB;IAC9C,0DAA0D;IAC1D,OAAO;IACP,QAAQ;IACR,UAAU;IACV,WAAW;IACX,mBAAmB;IACnB,wBAAwB;IACxB,MAAM,EAAgB,sBAAsB;IAC5C,uBAAuB;IACvB,eAAe;IACf,gBAAgB;IAChB,QAAQ,EAAc,oBAAoB;IAC1C,QAAQ,EAAc,6BAA6B;IACnD,UAAU,EAAY,iCAAiC;CAC/C,CAAC;AAEX;;GAEG;AACH,MAAM,mBAAmB,GAAsB;IAC7C,yBAAyB;IACzB,WAAW;IACX,WAAW;IACX,WAAW;IACX,WAAW;IACX,SAAS;IACT,UAAU;IACV,QAAQ;IACR,wBAAwB;IACxB,cAAc;IACd,qBAAqB;IACrB,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,8BAA8B;IAC9B,aAAa;IACb,QAAQ;IACR,gBAAgB;IAChB,mBAAmB;IACnB,iBAAiB;IACjB,SAAS;IACT,WAAW;IACX,wBAAwB;IACxB,sBAAsB;IACtB,mBAAmB;IACnB,gBAAgB;IAChB,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,qDAAqD;IACrD,SAAS;IACT,QAAQ;IACR,SAAS,EAAa,yCAAyC;IAC/D,sDAAsD;IACtD,kBAAkB;IAClB,oBAAoB;IACpB,sBAAsB;CACd,CAAC;AAKX;;GAEG;AACH,SAAS,uBAAuB,CAAC,GAAW;IAC1C,OAAO,GAAG;SACP,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAW,8BAA8B;SACjE,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAG,wDAAwD;SAC3F,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAe,uBAAuB;SAC1D,IAAI,EAAE;SACN,WAAW,EAAE,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,aAAqB;IACjD,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG;YACf,IAAI,MAAM,CAAC,IAAI,SAAS,KAAK,CAAC,EAAa,WAAW;YACtD,IAAI,MAAM,CAAC,eAAe,SAAS,KAAK,CAAC,EAAE,sBAAsB;YACjE,IAAI,MAAM,CAAC,aAAa,SAAS,KAAK,CAAC,EAAI,kBAAkB;SAC9D,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBAChC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,aAAqB;IACpD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,KAAK,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;QACzD,IAAI,IAAI,MAAM,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YACzE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;QAClF,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,aAAqB;IACpD,KAAK,MAAM,IAAI,IAAI,mBAAmB,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAChE,IAAI,IAAI,MAAM,CAAC,MAAM,WAAW,cAAc,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YACpE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,IAAI,YAAY,EAAE,CAAC;QAChF,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC1C,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,sCAAsC,GAAG,CAAC,MAAM,eAAe,wBAAwB,qBAAqB;SACrH,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAEnD,8CAA8C;IAC9C,MAAM,UAAU,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;IACvD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,SAAS,GAAG,uBAAuB,CAAC,aAAa,CAAC,CAAC;IACzD,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,uBAAuB,CACrC,KAAc,EACd,SAAiB,EACjB,MAAc,CAAC,EACf,MAAc,KAAK;IAEnB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5E,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,IAAI,GAAG,GAAG,GAAG,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,+BAA+B,GAAG,QAAQ,GAAG,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACtE,MAAM,UAAU,GAAG,CAAC,SAAS,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,sBAAsB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tejasanik/postgres-mcp-server",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "A Model Context Protocol (MCP) server for PostgreSQL database management and analysis",
   "type": "module",
   "main": "dist/index.js",
@@ -14,6 +14,8 @@
     "dev": "ts-node src/index.ts",
     "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
     "test:watch": "node --experimental-vm-modules node_modules/jest/bin/jest.js --watch",
+    "lint": "eslint src --ignore-pattern '__tests__'",
+    "lint:fix": "eslint src --ignore-pattern '__tests__' --fix",
     "prepare": "npm run build",
     "prepublishOnly": "npm run build && npm test"
   },
@@ -39,9 +41,14 @@
     "@types/node": "^22.10.2",
     "@types/pg": "^8.11.10",
     "@types/uuid": "^10.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.51.0",
+    "@typescript-eslint/parser": "^8.51.0",
+    "eslint": "^9.39.2",
+    "eslint-plugin-sonarjs": "^3.0.5",
     "jest": "^29.7.0",
     "ts-jest": "^29.2.5",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "typescript-eslint": "^8.51.0"
   },
   "engines": {
     "node": ">=18.0.0"

package/dist/__tests__/analysis-tools.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=analysis-tools.test.d.ts.map

package/dist/__tests__/analysis-tools.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"analysis-tools.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/analysis-tools.test.ts"],"names":[],"mappings":""}