npm - @useatlas/create - Versions diffs - 0.0.2 → 0.0.3 - Mend

@useatlas/create 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (296) hide show

package/templates/docker/src/lib/tools/__tests__/registry-actions.test.ts CHANGED Viewed

@@ -1,19 +1,7 @@
-import { describe, expect, it, afterEach, mock } from "bun:test";
+import { describe, expect, it, afterEach } from "bun:test";
 import { tool } from "ai";
 import { z } from "zod";
-// Mock the Salesforce tool so the registry module can be imported
-// without needing jsforce or a real Salesforce connection.
-const mockSfTool = tool({
-  description: "Mock querySalesforce",
-  inputSchema: z.object({ soql: z.string() }),
-  execute: async ({ soql }) => soql,
-});
-mock.module("@atlas/api/lib/tools/salesforce", () => ({
-  querySalesforce: mockSfTool,
-}));
 const { ToolRegistry } = await import("@atlas/api/lib/tools/registry");
 function makeTool(name: string) {

package/templates/docker/src/lib/tools/__tests__/registry.test.ts CHANGED Viewed

@@ -2,18 +2,6 @@ import { describe, expect, it, mock } from "bun:test";
 import { tool } from "ai";
 import { z } from "zod";
-// Mock the Salesforce tool so buildRegistry({ includeSalesforce: true }) works
-// without needing jsforce or a real Salesforce connection.
-const mockSfTool = tool({
-  description: "Mock querySalesforce",
-  inputSchema: z.object({ soql: z.string() }),
-  execute: async ({ soql }) => soql,
-});
-mock.module("@atlas/api/lib/tools/salesforce", () => ({
-  querySalesforce: mockSfTool,
-}));
 // Mock the action tools so buildRegistry({ includeActions: true }) works
 // without needing JIRA/email credentials or external services.
 const mockJiraTool = tool({
@@ -179,18 +167,49 @@ describe("defaultRegistry", () => {
 });
 describe("buildRegistry", () => {
-  it("without Salesforce returns 2 core tools", async () => {
+  it("throws when ATLAS_PYTHON_ENABLED=true but ATLAS_SANDBOX_URL is not set", async () => {
+    const saved = {
+      enabled: process.env.ATLAS_PYTHON_ENABLED,
+      url: process.env.ATLAS_SANDBOX_URL,
+    };
+    try {
+      process.env.ATLAS_PYTHON_ENABLED = "true";
+      delete process.env.ATLAS_SANDBOX_URL;
+      await expect(buildRegistry()).rejects.toThrow("ATLAS_SANDBOX_URL");
+    } finally {
+      if (saved.enabled !== undefined) process.env.ATLAS_PYTHON_ENABLED = saved.enabled;
+      else delete process.env.ATLAS_PYTHON_ENABLED;
+      if (saved.url !== undefined) process.env.ATLAS_SANDBOX_URL = saved.url;
+      else delete process.env.ATLAS_SANDBOX_URL;
+    }
+  });
+  it("includes executePython when ATLAS_PYTHON_ENABLED and ATLAS_SANDBOX_URL are set", async () => {
+    const saved = {
+      enabled: process.env.ATLAS_PYTHON_ENABLED,
+      url: process.env.ATLAS_SANDBOX_URL,
+    };
+    try {
+      process.env.ATLAS_PYTHON_ENABLED = "true";
+      process.env.ATLAS_SANDBOX_URL = "http://localhost:8080";
+      const registry = await buildRegistry();
+      const names = Object.keys(registry.getAll()).sort();
+      expect(names).toEqual(["executePython", "executeSQL", "explore"]);
+      expect(registry.describe()).toContain("### 4. Analyze Data with Python");
+    } finally {
+      if (saved.enabled !== undefined) process.env.ATLAS_PYTHON_ENABLED = saved.enabled;
+      else delete process.env.ATLAS_PYTHON_ENABLED;
+      if (saved.url !== undefined) process.env.ATLAS_SANDBOX_URL = saved.url;
+      else delete process.env.ATLAS_SANDBOX_URL;
+    }
+  });
+  it("returns 2 core tools by default", async () => {
     const registry = await buildRegistry();
     const names = Object.keys(registry.getAll()).sort();
     expect(names).toEqual(["executeSQL", "explore"]);
   });
-  it("with includeSalesforce returns 3 tools including querySalesforce", async () => {
-    const registry = await buildRegistry({ includeSalesforce: true });
-    const names = Object.keys(registry.getAll()).sort();
-    expect(names).toEqual(["executeSQL", "explore", "querySalesforce"]);
-  });
   it("with includeActions returns 4 tools including createJiraTicket and sendEmailReport", async () => {
     const registry = await buildRegistry({ includeActions: true });
     const names = Object.keys(registry.getAll()).sort();
@@ -202,18 +221,6 @@ describe("buildRegistry", () => {
     ]);
   });
-  it("with both includeSalesforce and includeActions returns 5 tools", async () => {
-    const registry = await buildRegistry({ includeSalesforce: true, includeActions: true });
-    const names = Object.keys(registry.getAll()).sort();
-    expect(names).toEqual([
-      "createJiraTicket",
-      "executeSQL",
-      "explore",
-      "querySalesforce",
-      "sendEmailReport",
-    ]);
-  });
   it("returned registry is frozen", async () => {
     const registry = await buildRegistry();
     expect(() =>

package/templates/docker/src/lib/tools/__tests__/sql-audit.test.ts CHANGED Viewed

@@ -35,6 +35,8 @@ mock.module("@atlas/api/lib/db/connection", () => ({
     getDBType: () => "postgres",
     getTargetHost: () => "localhost",
     getValidator: () => undefined,
+    getParserDialect: () => undefined,
+    getForbiddenPatterns: () => [],
     list: () => ["default"],
   },
   detectDBType: () => "postgres",

package/templates/docker/src/lib/tools/__tests__/sql-connection-whitelist.test.ts CHANGED Viewed

@@ -42,6 +42,8 @@ mock.module("@atlas/api/lib/db/connection", () => ({
       return "postgres" as const;
     },
     getValidator: () => undefined,
+    getParserDialect: () => undefined,
+    getForbiddenPatterns: () => [],
     list: () => ["default", "warehouse"],
     describe: () => [
       { id: "default", dbType: "postgres" as const },

package/templates/docker/src/lib/tools/__tests__/sql-ratelimit.test.ts CHANGED Viewed

@@ -35,6 +35,8 @@ mock.module("@atlas/api/lib/db/connection", () => ({
     getDBType: () => "postgres",
     getTargetHost: () => "localhost",
     getValidator: () => undefined,
+    getParserDialect: () => undefined,
+    getForbiddenPatterns: () => [],
     list: () => ["default"],
   },
   detectDBType: () => "postgres",

package/templates/docker/src/lib/tools/__tests__/sql.test.ts CHANGED Viewed

@@ -27,18 +27,6 @@ const mockDetectDBType = () => {
   if (url.startsWith("mysql://") || url.startsWith("mysql2://")) {
     return "mysql";
   }
-  if (url.startsWith("clickhouse://")) {
-    return "clickhouse";
-  }
-  if (url.startsWith("snowflake://")) {
-    return "snowflake";
-  }
-  if (url.startsWith("duckdb://")) {
-    return "duckdb";
-  }
-  if (url.startsWith("salesforce://")) {
-    return "salesforce";
-  }
   throw new Error(`Unsupported database URL: "${url.slice(0, 40)}…".`);
 };
@@ -49,6 +37,8 @@ mock.module("@atlas/api/lib/db/connection", () => ({
     getDefault: () => mockDBConnection,
     getDBType: () => mockDetectDBType(),
     getValidator: () => undefined,
+    getParserDialect: () => undefined,
+    getForbiddenPatterns: () => [],
     list: () => ["default"],
   },
   detectDBType: mockDetectDBType,
@@ -688,37 +678,6 @@ describe("validateSQL", () => {
     });
   });
-  // ----- Cross-DB guard: Snowflake patterns don't fire in PostgreSQL mode ---
-  describe("cross-database regex guard isolation — Snowflake patterns", () => {
-    it("does not reject GET in PostgreSQL mode via regex guard", () => {
-      process.env.ATLAS_DATASOURCE_URL = "postgresql://test:test@localhost:5432/test";
-      const result = validateSQL("GET @mystage file:///tmp/");
-      expect(result.valid).toBe(false);
-      expect(result.error).not.toContain("Forbidden SQL operation detected");
-    });
-    it("does not reject LIST in PostgreSQL mode via regex guard", () => {
-      process.env.ATLAS_DATASOURCE_URL = "postgresql://test:test@localhost:5432/test";
-      const result = validateSQL("LIST @mystage");
-      expect(result.valid).toBe(false);
-      expect(result.error).not.toContain("Forbidden SQL operation detected");
-    });
-    it("does not reject MERGE in MySQL mode via regex guard", () => {
-      process.env.ATLAS_DATASOURCE_URL = "mysql://test:test@localhost:3306/test";
-      // Minimal MERGE without UPDATE/INSERT keywords to isolate Snowflake-specific regex
-      const result = validateSQL("MERGE INTO companies USING src ON companies.id = src.id");
-      expect(result.valid).toBe(false);
-      expect(result.error).not.toContain("Forbidden SQL operation detected");
-    });
-    it("still blocks PUT in Snowflake mode via regex guard", () => {
-      process.env.ATLAS_DATASOURCE_URL = "snowflake://user:pass@account123/db/schema";
-      expectInvalid("PUT file:///tmp/data.csv @mystage", "forbidden");
-    });
-  });
   // ----- Formerly SQLite commands still rejected by AST ----------------------
   describe("formerly SQLite-specific commands still rejected via AST", () => {
@@ -744,269 +703,7 @@ describe("validateSQL", () => {
     });
   });
-  // ----- ClickHouse-specific validation ----------------------------------------
-  describe("ClickHouse-specific", () => {
-    beforeEach(() => {
-      process.env.ATLAS_DATASOURCE_URL = "clickhouse://test:test@localhost:8123/default";
-    });
-    it("rejects OPTIMIZE statement", () => {
-      expectInvalid("OPTIMIZE TABLE companies", "forbidden");
-    });
-    it("rejects SYSTEM statement", () => {
-      expectInvalid("SYSTEM FLUSH LOGS", "forbidden");
-    });
-    it("rejects KILL statement", () => {
-      expectInvalid("KILL QUERY WHERE query_id = '123'", "forbidden");
-    });
-    it("rejects ATTACH statement", () => {
-      expectInvalid("ATTACH TABLE companies", "forbidden");
-    });
-    it("rejects DETACH statement", () => {
-      expectInvalid("DETACH TABLE companies", "forbidden");
-    });
-    it("rejects RENAME statement", () => {
-      expectInvalid("RENAME TABLE companies TO old_companies", "forbidden");
-    });
-    it("rejects EXCHANGE statement", () => {
-      expectInvalid("EXCHANGE TABLES companies AND new_companies", "forbidden");
-    });
-    it("rejects SHOW statement", () => {
-      expectInvalid("SHOW TABLES", "forbidden");
-    });
-    it("rejects DESCRIBE statement", () => {
-      expectInvalid("DESCRIBE companies", "forbidden");
-    });
-    it("rejects mixed-case OPTIMIZE", () => {
-      expectInvalid("OpTiMiZe TABLE companies", "forbidden");
-    });
-    it("rejects mixed-case SYSTEM", () => {
-      expectInvalid("SyStEm FLUSH LOGS", "forbidden");
-    });
-    it("still rejects base forbidden patterns (INSERT, UPDATE, DELETE, DROP)", () => {
-      expectInvalid("INSERT INTO companies (name) VALUES ('x')", "forbidden");
-      expectInvalid("DROP TABLE companies", "forbidden");
-    });
-  });
-  // ----- ClickHouse parser mode -------------------------------------------------
-  describe("ClickHouse parser mode", () => {
-    beforeEach(() => {
-      process.env.ATLAS_DATASOURCE_URL = "clickhouse://test:test@localhost:8123/default";
-    });
-    it("accepts a simple SELECT in ClickHouse mode", () => {
-      expectValid("SELECT id, name FROM companies");
-    });
-    it("accepts SELECT with JOIN in ClickHouse mode", () => {
-      expectValid(
-        "SELECT c.name, p.name FROM companies c JOIN people p ON c.id = p.company_id"
-      );
-    });
-    it("accepts CTEs in ClickHouse mode", () => {
-      expectValid(
-        "WITH top AS (SELECT id, name FROM companies LIMIT 10) SELECT * FROM top"
-      );
-    });
-    it("accepts subqueries in ClickHouse mode", () => {
-      expectValid(
-        "SELECT * FROM companies WHERE id IN (SELECT company_id FROM people)"
-      );
-    });
-    it("rejects INSERT in ClickHouse mode", () => {
-      expectInvalid(
-        "INSERT INTO companies (name) VALUES ('Evil')",
-        "forbidden"
-      );
-    });
-    it("rejects UPDATE in ClickHouse mode", () => {
-      expectInvalid("UPDATE companies SET name = 'Evil'", "forbidden");
-    });
-    it("rejects DELETE in ClickHouse mode", () => {
-      expectInvalid("DELETE FROM companies WHERE id = 1", "forbidden");
-    });
-    it("rejects non-whitelisted tables in ClickHouse mode", () => {
-      expectInvalid(
-        "SELECT * FROM secret_data",
-        "not in the allowed list"
-      );
-    });
-    it("does not reject CTE names as non-whitelisted tables in ClickHouse mode", () => {
-      expectValid(
-        "WITH my_temp AS (SELECT id FROM companies) SELECT * FROM my_temp"
-      );
-    });
-    it("accepts UNION of SELECTs in ClickHouse mode", () => {
-      expectValid(
-        "SELECT name FROM companies UNION ALL SELECT name FROM people"
-      );
-    });
-  });
-  // ----- Cross-DB guard: ClickHouse patterns don't fire in PostgreSQL mode ------
-  describe("cross-database regex guard isolation (ClickHouse)", () => {
-    it("rejects OPTIMIZE in PostgreSQL mode via regex guard (base pattern)", () => {
-      process.env.ATLAS_DATASOURCE_URL = "postgresql://test:test@localhost:5432/test";
-      expectInvalid("OPTIMIZE TABLE companies", "forbidden");
-    });
-    it("rejects SYSTEM in PostgreSQL mode via AST parser, not regex guard", () => {
-      process.env.ATLAS_DATASOURCE_URL = "postgresql://test:test@localhost:5432/test";
-      const result = validateSQL("SYSTEM FLUSH LOGS");
-      expect(result.valid).toBe(false);
-      expect(result.error).not.toContain("Forbidden SQL operation detected");
-    });
-    it("still blocks OPTIMIZE in ClickHouse mode via regex guard", () => {
-      process.env.ATLAS_DATASOURCE_URL = "clickhouse://test:test@localhost:8123/default";
-      expectInvalid("OPTIMIZE TABLE companies", "forbidden");
-    });
-    it("rejects OPTIMIZE in MySQL mode via regex guard (base pattern)", () => {
-      process.env.ATLAS_DATASOURCE_URL = "mysql://test:test@localhost:3306/test";
-      expectInvalid("OPTIMIZE TABLE companies", "forbidden");
-    });
-  });
-  // ----- Snowflake-specific validation -------------------------------------------
-  describe("Snowflake-specific", () => {
-    beforeEach(() => {
-      process.env.ATLAS_DATASOURCE_URL = "snowflake://user:pass@account123/db/schema";
-    });
-    it("rejects PUT stage operation", () => {
-      expectInvalid("PUT file:///tmp/data.csv @mystage", "forbidden");
-    });
-    it("rejects GET stage operation", () => {
-      expectInvalid("GET @mystage file:///tmp/", "forbidden");
-    });
-    it("rejects LIST stage operation", () => {
-      expectInvalid("LIST @mystage", "forbidden");
-    });
-    it("rejects REMOVE stage operation", () => {
-      expectInvalid("REMOVE @mystage/file.csv", "forbidden");
-    });
-    it("rejects RM stage operation", () => {
-      expectInvalid("RM @mystage/file.csv", "forbidden");
-    });
-    it("rejects COPY INTO (Snowflake data ingestion)", () => {
-      expectInvalid("COPY INTO my_table FROM @my_stage", "forbidden");
-    });
-    it("rejects MERGE statement", () => {
-      expectInvalid(
-        "MERGE INTO companies USING new_data ON companies.id = new_data.id WHEN MATCHED THEN UPDATE SET name = new_data.name",
-        "forbidden"
-      );
-    });
-    it("rejects SHOW TABLES", () => {
-      expectInvalid("SHOW TABLES", "forbidden");
-    });
-    it("rejects DESCRIBE", () => {
-      expectInvalid("DESCRIBE companies", "forbidden");
-    });
-    it("rejects USE statement", () => {
-      expectInvalid("USE DATABASE mydb", "forbidden");
-    });
-    it("accepts valid SELECT in Snowflake mode", () => {
-      expectValid("SELECT * FROM companies LIMIT 10");
-    });
-    it("accepts SELECT with Snowflake-style identifier quoting", () => {
-      expectValid('SELECT "name", "id" FROM companies WHERE "id" > 0');
-    });
-    it("accepts CTEs in Snowflake mode", () => {
-      expectValid("WITH top AS (SELECT id, name FROM companies LIMIT 10) SELECT * FROM top");
-    });
-    it("accepts SELECT with JOIN in Snowflake mode", () => {
-      expectValid("SELECT c.name, p.name FROM companies c JOIN people p ON c.id = p.company_id");
-    });
-    it("accepts subqueries in Snowflake mode", () => {
-      expectValid("SELECT * FROM companies WHERE id IN (SELECT company_id FROM people)");
-    });
-    it("accepts window functions in Snowflake mode", () => {
-      expectValid("SELECT name, ROW_NUMBER() OVER (ORDER BY id) FROM companies");
-    });
-    it("does not reject CTE names as non-whitelisted tables in Snowflake mode", () => {
-      expectValid("WITH my_temp AS (SELECT id FROM companies) SELECT * FROM my_temp");
-    });
-    it("rejects non-whitelisted tables in Snowflake mode", () => {
-      expectInvalid("SELECT * FROM secret_data", "not in the allowed list");
-    });
-    it("accepts UNION of SELECTs in Snowflake mode", () => {
-      expectValid("SELECT name FROM companies UNION ALL SELECT name FROM people");
-    });
-    it("rejects INSERT in Snowflake mode", () => {
-      expectInvalid("INSERT INTO companies (name) VALUES ('Evil')", "forbidden");
-    });
-    it("rejects EXPLAIN in Snowflake mode", () => {
-      expectInvalid("EXPLAIN SELECT * FROM companies", "forbidden");
-    });
-    it("rejects mixed-case PUT in Snowflake mode", () => {
-      expectInvalid("PuT file:///tmp/data.csv @mystage", "forbidden");
-    });
-    it("allows data values containing 'Get' (no false positive after anchoring)", () => {
-      expectValid("SELECT id, name FROM companies WHERE name = 'Get Ready'");
-    });
-    it("allows column named 'list' (no false positive after anchoring)", () => {
-      expectValid("SELECT id FROM companies WHERE list = true");
-    });
-  });
-  describe("Salesforce redirect", () => {
-    beforeEach(() => {
-      process.env.ATLAS_DATASOURCE_URL = "salesforce://user:pass@login.salesforce.com";
-    });
-    it("rejects any SQL and directs to querySalesforce tool", () => {
-      const result = validateSQL("SELECT Id FROM Account");
-      expect(result.valid).toBe(false);
-      expect(result.error).toContain("querySalesforce");
-    });
-  });
+  // Note: ClickHouse, DuckDB, and Snowflake-specific validation tests were removed
+  // because those adapters are now plugins. See plugins/{clickhouse,snowflake,duckdb}-datasource/.
 });

package/templates/docker/src/lib/tools/explore-nsjail.ts CHANGED Viewed

@@ -11,8 +11,11 @@
  */
 import type { ExploreBackend, ExecResult } from "./explore";
+import { createLogger } from "@atlas/api/lib/logger";
 import * as fs from "fs";
+const log = createLogger("nsjail-sandbox");
 /** Maximum bytes to read from stdout/stderr (1 MB). */
 const MAX_OUTPUT = 1024 * 1024;
@@ -51,8 +54,8 @@ function parsePositiveInt(
   if (raw === undefined) return defaultValue;
   const parsed = parseInt(raw, 10);
   if (isNaN(parsed) || parsed <= 0) {
-    console.warn(
-      `[atlas] Invalid ${envVar}="${raw}" for ${name}, using default: ${defaultValue}`,
+    log.warn(
+      `Invalid ${envVar}="${raw}" for ${name}, using default: ${defaultValue}`,
     );
     return defaultValue;
   }
@@ -72,8 +75,8 @@ export function findNsjailBinary(): string | null {
         err instanceof Error && "code" in err
           ? (err as NodeJS.ErrnoException).code
           : "unknown";
-      console.error(
-        `[atlas] ATLAS_NSJAIL_PATH="${explicit}" is not executable (${code})`,
+      log.error(
+        `ATLAS_NSJAIL_PATH="${explicit}" is not executable (${code})`,
       );
       return null;
     }
@@ -294,7 +297,7 @@ export async function createNsjailBackend(
       } catch (err) {
         // Spawn itself failed — infrastructure error
         const detail = err instanceof Error ? err.message : String(err);
-        console.error("[atlas] nsjail spawn failed:", detail);
+        log.error({ err: detail }, "nsjail spawn failed");
         callbacks.onInfrastructureError();
         throw new Error(
           `nsjail infrastructure error: ${detail}. Backend cache cleared; nsjail will be re-initialized on next explore call.`,
@@ -311,8 +314,9 @@ export async function createNsjailBackend(
         exitCode = await proc.exited;
       } catch (err) {
         const detail = err instanceof Error ? err.message : String(err);
-        console.error(
-          `[atlas] nsjail process I/O error: ${detail} | command: ${command}`,
+        log.error(
+          { err: detail, command },
+          "nsjail process I/O error",
         );
         throw new Error(
           `nsjail process I/O error: ${detail}`,
@@ -322,9 +326,9 @@ export async function createNsjailBackend(
       // Interpret nsjail-specific exit codes
       if (exitCode === 109) {
-        console.error(
-          "[atlas] nsjail setup failure (exit 109) — sandbox may not have been applied. stderr:",
-          stderr,
+        log.error(
+          { exitCode, stderr },
+          "nsjail setup failure (exit 109) — sandbox may not have been applied",
         );
         // Mark nsjail as permanently failed so the system falls back to just-bash
         // (when ATLAS_SANDBOX=nsjail, getExploreBackend will still throw hard)
@@ -332,8 +336,9 @@ export async function createNsjailBackend(
       }
       if (exitCode > 128) {
         const signal = exitCode - 128;
-        console.warn(
-          `[atlas] nsjail child killed by signal ${signal} | command: ${command}`,
+        log.warn(
+          { signal, command },
+          "nsjail child killed by signal",
         );
       }

package/templates/docker/src/lib/tools/explore-sidecar.ts CHANGED Viewed

@@ -37,6 +37,31 @@ export async function createSidecarBackend(
   }
   const execUrl = new URL("/exec", baseUrl).toString();
+  const healthUrl = new URL("/health", baseUrl).toString();
+  // Lightweight health check on first creation — validates the sidecar is
+  // reachable before we return the backend. This catches misconfigured URLs
+  // and down services early (at backend init) rather than on the first user
+  // command, which produces a better error experience.
+  try {
+    const healthRes = await fetch(healthUrl, {
+      signal: AbortSignal.timeout(5_000),
+    });
+    if (!healthRes.ok) {
+      log.warn(
+        { status: healthRes.status, url: healthUrl },
+        "Sidecar health check returned non-OK status — commands may fail",
+      );
+    } else {
+      log.info({ url: baseUrl.origin }, "Sidecar health check passed");
+    }
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+    log.warn(
+      { err: detail, url: healthUrl },
+      "Sidecar health check failed on init — sidecar may be starting up or unreachable",
+    );
+  }
   return {
     exec: async (command: string): Promise<ExecResult> => {