ante-erp-cli 1.6.12 → 1.6.14

package/CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to the ANTE CLI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Fixed
+- **Misleading success messages in `clone-db` command** - Now shows accurate operation status
+  - Added result tracking for Prisma generate and migrate operations
+  - Summary now displays actual success/failure instead of always showing success
+  - Improved error messages: explains that migrations may not be needed after pg_restore
+  - Shows "⚠ Prisma migrations skipped (schema already exists from restore)" when appropriate
+- **ESLint warnings** - Removed unused variables and imports
+  - Removed unused `join` import from docker.js
+  - Removed unused `needsSudo` variable from update-cli.js
+  - Removed unused `getInstallDir` import from doctor.js
+  - Added eslint-disable comments for intentionally unused parameters
+
 ## [1.6.0] - 2025-01-28
 
 ### Added

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ante-erp-cli",
-  "version": "1.6.12",
+  "version": "1.6.14",
   "description": "Comprehensive CLI tool for managing ANTE ERP self-hosted installations",
   "type": "module",
   "bin": {

package/src/commands/clone-db.js

@@ -9,7 +9,10 @@ import {
   parsePostgresUrl,
   testConnection,
   dumpDatabase,
-  restoreDatabase
+  restoreDatabase,
+  disableRLS,
+  enableRLS,
+  verifyDataRestored
 } from '../utils/postgres.js';
 
 /**
@@ -187,8 +190,20 @@ export async function cloneDb(sourceUrl, options = {}) {
       console.log('');
     }
 
+    // Step 5A: Disable RLS on target database (to allow data insertion)
+    console.log(chalk.yellow('Step 5/7: Preparing target database...'));
+    const rlsDisableSpinner = ora('Disabling Row-Level Security policies...').start();
+    const rlsDisableResult = await disableRLS(localInfo, composeFile);
+
+    if (!rlsDisableResult.success) {
+      rlsDisableSpinner.warn(chalk.yellow('Could not disable RLS (this is normal for non-Supabase databases)'));
+    } else {
+      rlsDisableSpinner.succeed(chalk.green(`RLS disabled on ${rlsDisableResult.tablesAffected} tables`));
+    }
+    console.log('');
+
     // Step 6: Restore to local database
-    console.log(chalk.yellow('Step 5/6: Restoring to local database...'));
+    console.log(chalk.yellow('Step 6/7: Restoring to local database...'));
     console.log(chalk.gray('This may take several minutes...'));
     console.log('');
 
@@ -203,9 +218,46 @@ export async function cloneDb(sourceUrl, options = {}) {
     restoreSpinner.succeed(chalk.green('Database restore completed'));
     console.log('');
 
+    // Step 6A: Verify data was restored
+    const verifySpinner = ora('Verifying data restoration...').start();
+    const verifyResult = await verifyDataRestored(localInfo, composeFile);
+
+    if (!verifyResult.success) {
+      verifySpinner.fail(chalk.red('Data verification failed'));
+      console.log(chalk.yellow('  Warning: Could not verify data restoration'));
+    } else {
+      verifySpinner.succeed(chalk.green(`Verified: ${verifyResult.tableCount} tables, ${verifyResult.totalRows.toLocaleString()} rows restored`));
+
+      // Warn if no data was restored
+      if (verifyResult.totalRows === 0) {
+        console.log(chalk.red('\n⚠️  WARNING: No data was restored!'));
+        console.log(chalk.yellow('  Possible causes:'));
+        console.log(chalk.gray('  - Source database was empty'));
+        console.log(chalk.gray('  - RLS policies blocked data insertion'));
+        console.log(chalk.gray('  - Permission issues prevented data restore'));
+        console.log(chalk.gray('  - Data restore errors were silently ignored\n'));
+      }
+    }
+    console.log('');
+
+    // Step 6B: Re-enable RLS on target database
+    const rlsEnableSpinner = ora('Re-enabling Row-Level Security policies...').start();
+    const rlsEnableResult = await enableRLS(localInfo, composeFile);
+
+    if (!rlsEnableResult.success) {
+      rlsEnableSpinner.warn(chalk.yellow('Could not re-enable RLS'));
+    } else {
+      rlsEnableSpinner.succeed(chalk.green(`RLS re-enabled on ${rlsEnableResult.tablesAffected} tables`));
+    }
+    console.log('');
+
+    // Track Prisma operation results
+    let generateSuccess = false;
+    let migrateSuccess = false;
+
     // Step 7: Run Prisma operations (if not skipped)
     if (!options.noPrisma) {
-      console.log(chalk.yellow('Step 6/6: Running Prisma operations...'));
+      console.log(chalk.yellow('Step 7/7: Running Prisma operations...'));
 
       // Generate Prisma client
       const generateSpinner = ora('Generating Prisma client...').start();
@@ -216,9 +268,10 @@ export async function cloneDb(sourceUrl, options = {}) {
           ['npx', 'prisma', 'generate']
         );
         generateSpinner.succeed(chalk.green('Prisma client generated'));
+        generateSuccess = true;
       } catch (error) {
         generateSpinner.fail(chalk.red('Prisma generate failed'));
-        console.log(chalk.yellow('  Warning: You may need to run "ante db migrate" manually'));
+        console.log(chalk.yellow('  Warning: You may need to run "npx prisma generate" manually in the backend container'));
       }
 
       // Run Prisma migrations
@@ -230,9 +283,10 @@ export async function cloneDb(sourceUrl, options = {}) {
           ['npx', 'prisma', 'migrate', 'deploy']
         );
         migrateSpinner.succeed(chalk.green('Prisma migrations completed'));
+        migrateSuccess = true;
       } catch (error) {
         migrateSpinner.fail(chalk.red('Prisma migrate failed'));
-        console.log(chalk.yellow('  Warning: You may need to run "ante db migrate" manually'));
+        console.log(chalk.yellow('  Note: Database schema already exists from restore. Migrations may not be needed.'));
       }
       console.log('');
     }
@@ -245,10 +299,32 @@ export async function cloneDb(sourceUrl, options = {}) {
     console.log(chalk.blue('Summary:'));
     console.log(chalk.gray(`  ✓ Source database dumped to: ${dumpFile}`));
     console.log(chalk.gray(`  ✓ Restored to local database: ${localInfo.database}`));
+
+    // Show data restoration summary
+    if (verifyResult && verifyResult.success) {
+      if (verifyResult.totalRows > 0) {
+        console.log(chalk.green(`  ✓ Data restored: ${verifyResult.totalRows.toLocaleString()} rows across ${verifyResult.tableCount} tables`));
+      } else {
+        console.log(chalk.red(`  ✗ No data restored (${verifyResult.tableCount} tables created but empty)`));
+      }
+    }
+
     if (!options.noPrisma) {
-      console.log(chalk.gray('  ✓ Prisma client generated'));
-      console.log(chalk.gray('  ✓ Prisma migrations applied'));
+      // Show Prisma generate status
+      if (generateSuccess) {
+        console.log(chalk.gray('  ✓ Prisma client generated'));
+      } else {
+        console.log(chalk.yellow('  ⚠ Prisma client generation failed - run manually if needed'));
+      }
+
+      // Show Prisma migrate status
+      if (migrateSuccess) {
+        console.log(chalk.gray('  ✓ Prisma migrations applied'));
+      } else {
+        console.log(chalk.yellow('  ⚠ Prisma migrations skipped (schema already exists from restore)'));
+      }
     }
+
     console.log('');
     console.log(chalk.cyan('Your local database is now cloned from the source!'));
     console.log(chalk.gray('You can start your services with: ante start'));

package/src/utils/postgres.js

@@ -87,7 +87,7 @@ export async function testConnection(connectionInfo, composeFile = null) {
     }
 
     dockerArgs.push(
-      'postgres:17-alpine',
+      'postgres:15-alpine',
       'psql',
       '-h', testHost,
       '-p', port,
@@ -129,13 +129,13 @@ export async function dumpDatabase(connectionInfo, outputFile) {
     // Convert to absolute path for Docker volume mount
     const absoluteBackupDir = resolve(backupDir);
 
-    // Use Docker with PostgreSQL 17 to avoid version mismatch
+    // Use Docker with PostgreSQL 15 to match ANTE installation
     await execa('docker', [
       'run',
       '--rm',
       '-e', `PGPASSWORD=${password}`,
       '-v', `${absoluteBackupDir}:/backups`,
-      'postgres:17-alpine',
+      'postgres:15-alpine',
       'pg_dump',
       '-h', host,
       '-p', port,
@@ -227,8 +227,9 @@ export async function restoreDatabase(dumpFile, connectionInfo, dropSchema = tru
       });
 
       // Restore from inside the container
+      let restoreResult;
       try {
-        await execa('docker', [
+        restoreResult = await execa('docker', [
           'compose',
           '-f', composeFile,
           'exec',
@@ -244,8 +245,24 @@ export async function restoreDatabase(dumpFile, connectionInfo, dropSchema = tru
           '/tmp/' + dumpFileName
         ], {
           timeout: 600000, // 10 minute timeout
-          reject: false    // Don't reject on non-zero exit (pg_restore often exits with warnings)
+          reject: false,   // Don't reject on non-zero exit (pg_restore often exits with warnings)
+          all: true        // Capture both stdout and stderr
         });
+
+        // Check for critical errors in output
+        const output = (restoreResult.stdout || '') + (restoreResult.stderr || '');
+        if (output.includes('FATAL:') || output.includes('ERROR:')) {
+          console.error('\n⚠️  pg_restore reported errors:');
+          console.error(output);
+
+          // Check for specific error patterns that indicate data restoration failed
+          if (output.includes('permission denied') ||
+              output.includes('must be owner') ||
+              output.includes('RLS policy') ||
+              output.includes('no data was returned by command')) {
+            throw new Error('Data restoration may have failed due to permission or RLS policy issues. Check output above.');
+          }
+        }
       } finally {
         // Clean up: Remove dump file from container
         try {
@@ -283,7 +300,7 @@ export async function restoreDatabase(dumpFile, connectionInfo, dropSchema = tru
       }
 
       dockerArgs.push(
-        'postgres:17-alpine',
+        'postgres:15-alpine',
         'psql',
         '-h', psqlHost,
         '-p', port,
@@ -310,7 +327,7 @@ export async function restoreDatabase(dumpFile, connectionInfo, dropSchema = tru
     }
 
     restoreArgs.push(
-      'postgres:17-alpine',
+      'postgres:15-alpine',
       'pg_restore',
       '-h', restoreHost,
       '-p', port,
@@ -322,11 +339,28 @@ export async function restoreDatabase(dumpFile, connectionInfo, dropSchema = tru
       `/backups/${join('/', dumpFileName)}`
     );
 
+    let restoreResult;
     try {
-      await execa('docker', restoreArgs, {
+      restoreResult = await execa('docker', restoreArgs, {
         timeout: 600000, // 10 minute timeout
-        reject: false    // Don't reject on non-zero exit (pg_restore often exits with warnings)
+        reject: false,   // Don't reject on non-zero exit (pg_restore often exits with warnings)
+        all: true        // Capture both stdout and stderr
       });
+
+      // Check for critical errors in output
+      const output = (restoreResult.stdout || '') + (restoreResult.stderr || '');
+      if (output.includes('FATAL:') || output.includes('ERROR:')) {
+        console.error('\n⚠️  pg_restore reported errors:');
+        console.error(output);
+
+        // Check for specific error patterns that indicate data restoration failed
+        if (output.includes('permission denied') ||
+            output.includes('must be owner') ||
+            output.includes('RLS policy') ||
+            output.includes('no data was returned by command')) {
+          throw new Error('Data restoration may have failed due to permission or RLS policy issues. Check output above.');
+        }
+      }
     } catch (error) {
       // pg_restore might return non-zero even on successful restore due to warnings
       // We'll consider it successful if no critical error occurred
@@ -385,3 +419,292 @@ export async function runPrismaMigrate(backendDir) {
     };
   }
 }
+
+/**
+ * Disable Row-Level Security on all tables (for Supabase databases)
+ * @param {Object} connectionInfo - Connection details
+ * @param {string} composeFile - Optional path to docker-compose.yml
+ * @returns {Promise<{success: boolean, tablesAffected: number, error?: string}>}
+ */
+export async function disableRLS(connectionInfo, composeFile = null) {
+  try {
+    const { user, password, database, schema } = connectionInfo;
+
+    const query = `
+      DO $$
+      DECLARE
+        r RECORD;
+        count INTEGER := 0;
+      BEGIN
+        FOR r IN (SELECT tablename FROM pg_tables WHERE schemaname = '${schema}')
+        LOOP
+          EXECUTE 'ALTER TABLE ' || quote_ident('${schema}') || '.' || quote_ident(r.tablename) || ' DISABLE ROW LEVEL SECURITY';
+          count := count + 1;
+        END LOOP;
+        RAISE NOTICE 'Disabled RLS on % tables', count;
+      END $$;
+    `;
+
+    let result;
+    if (composeFile) {
+      result = await execa('docker', [
+        'compose',
+        '-f', composeFile,
+        'exec',
+        '-T',
+        '-e', `PGPASSWORD=${password}`,
+        'postgres',
+        'psql',
+        '-U', user,
+        '-d', database,
+        '-c', query
+      ], {
+        timeout: 30000,
+        all: true
+      });
+    } else {
+      const { host, port } = connectionInfo;
+      let psqlHost = host;
+      const dockerArgs = ['run', '--rm', '-e', `PGPASSWORD=${password}`];
+
+      if (host === 'localhost' || host === '127.0.0.1') {
+        psqlHost = 'host.docker.internal';
+        dockerArgs.push('--add-host=host.docker.internal:host-gateway');
+      }
+
+      dockerArgs.push(
+        'postgres:15-alpine',
+        'psql',
+        '-h', psqlHost,
+        '-p', port,
+        '-U', user,
+        '-d', database,
+        '-c', query
+      );
+
+      result = await execa('docker', dockerArgs, {
+        timeout: 30000,
+        all: true
+      });
+    }
+
+    // Extract table count from NOTICE message
+    const noticeMatch = result.all?.match(/Disabled RLS on (\d+) tables/);
+    const tablesAffected = noticeMatch ? parseInt(noticeMatch[1]) : 0;
+
+    return {
+      success: true,
+      tablesAffected
+    };
+  } catch (error) {
+    return {
+      success: false,
+      tablesAffected: 0,
+      error: error.message || 'Failed to disable RLS'
+    };
+  }
+}
+
+/**
+ * Enable Row-Level Security on all tables (for Supabase databases)
+ * @param {Object} connectionInfo - Connection details
+ * @param {string} composeFile - Optional path to docker-compose.yml
+ * @returns {Promise<{success: boolean, tablesAffected: number, error?: string}>}
+ */
+export async function enableRLS(connectionInfo, composeFile = null) {
+  try {
+    const { user, password, database, schema } = connectionInfo;
+
+    const query = `
+      DO $$
+      DECLARE
+        r RECORD;
+        count INTEGER := 0;
+      BEGIN
+        FOR r IN (SELECT tablename FROM pg_tables WHERE schemaname = '${schema}')
+        LOOP
+          EXECUTE 'ALTER TABLE ' || quote_ident('${schema}') || '.' || quote_ident(r.tablename) || ' ENABLE ROW LEVEL SECURITY';
+          count := count + 1;
+        END LOOP;
+        RAISE NOTICE 'Enabled RLS on % tables', count;
+      END $$;
+    `;
+
+    let result;
+    if (composeFile) {
+      result = await execa('docker', [
+        'compose',
+        '-f', composeFile,
+        'exec',
+        '-T',
+        '-e', `PGPASSWORD=${password}`,
+        'postgres',
+        'psql',
+        '-U', user,
+        '-d', database,
+        '-c', query
+      ], {
+        timeout: 30000,
+        all: true
+      });
+    } else {
+      const { host, port } = connectionInfo;
+      let psqlHost = host;
+      const dockerArgs = ['run', '--rm', '-e', `PGPASSWORD=${password}`];
+
+      if (host === 'localhost' || host === '127.0.0.1') {
+        psqlHost = 'host.docker.internal';
+        dockerArgs.push('--add-host=host.docker.internal:host-gateway');
+      }
+
+      dockerArgs.push(
+        'postgres:15-alpine',
+        'psql',
+        '-h', psqlHost,
+        '-p', port,
+        '-U', user,
+        '-d', database,
+        '-c', query
+      );
+
+      result = await execa('docker', dockerArgs, {
+        timeout: 30000,
+        all: true
+      });
+    }
+
+    // Extract table count from NOTICE message
+    const noticeMatch = result.all?.match(/Enabled RLS on (\d+) tables/);
+    const tablesAffected = noticeMatch ? parseInt(noticeMatch[1]) : 0;
+
+    return {
+      success: true,
+      tablesAffected
+    };
+  } catch (error) {
+    return {
+      success: false,
+      tablesAffected: 0,
+      error: error.message || 'Failed to enable RLS'
+    };
+  }
+}
+
+/**
+ * Verify data was restored by counting rows in all tables
+ * @param {Object} connectionInfo - Connection details
+ * @param {string} composeFile - Optional path to docker-compose.yml
+ * @returns {Promise<{success: boolean, tableCount: number, totalRows: number, error?: string}>}
+ */
+export async function verifyDataRestored(connectionInfo, composeFile = null) {
+  try {
+    const { user, password, database, schema } = connectionInfo;
+
+    // Count tables
+    const tableCountQuery = `SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = '${schema}'`;
+
+    // Count total rows across all tables (excluding _prisma_migrations)
+    const rowCountQuery = `
+      SELECT COALESCE(SUM(n_live_tup), 0)::bigint as total_rows
+      FROM pg_stat_user_tables
+      WHERE schemaname = '${schema}' AND relname != '_prisma_migrations'
+    `;
+
+    let tableCountResult, rowCountResult;
+
+    if (composeFile) {
+      // Get table count
+      tableCountResult = await execa('docker', [
+        'compose',
+        '-f', composeFile,
+        'exec',
+        '-T',
+        '-e', `PGPASSWORD=${password}`,
+        'postgres',
+        'psql',
+        '-U', user,
+        '-d', database,
+        '-t',  // Tuples only (no headers)
+        '-c', tableCountQuery
+      ], {
+        timeout: 10000
+      });
+
+      // Get row count
+      rowCountResult = await execa('docker', [
+        'compose',
+        '-f', composeFile,
+        'exec',
+        '-T',
+        '-e', `PGPASSWORD=${password}`,
+        'postgres',
+        'psql',
+        '-U', user,
+        '-d', database,
+        '-t',
+        '-c', rowCountQuery
+      ], {
+        timeout: 10000
+      });
+    } else {
+      const { host, port } = connectionInfo;
+      let psqlHost = host;
+      const dockerArgs = ['run', '--rm', '-e', `PGPASSWORD=${password}`];
+
+      if (host === 'localhost' || host === '127.0.0.1') {
+        psqlHost = 'host.docker.internal';
+        dockerArgs.push('--add-host=host.docker.internal:host-gateway');
+      }
+
+      // Get table count
+      const tableCountArgs = [...dockerArgs];
+      tableCountArgs.push(
+        'postgres:15-alpine',
+        'psql',
+        '-h', psqlHost,
+        '-p', port,
+        '-U', user,
+        '-d', database,
+        '-t',
+        '-c', tableCountQuery
+      );
+
+      tableCountResult = await execa('docker', tableCountArgs, {
+        timeout: 10000
+      });
+
+      // Get row count
+      const rowCountArgs = [...dockerArgs];
+      rowCountArgs.push(
+        'postgres:15-alpine',
+        'psql',
+        '-h', psqlHost,
+        '-p', port,
+        '-U', user,
+        '-d', database,
+        '-t',
+        '-c', rowCountQuery
+      );
+
+      rowCountResult = await execa('docker', rowCountArgs, {
+        timeout: 10000
+      });
+    }
+
+    const tableCount = parseInt(tableCountResult.stdout.trim());
+    const totalRows = parseInt(rowCountResult.stdout.trim() || '0');
+
+    return {
+      success: true,
+      tableCount,
+      totalRows
+    };
+  } catch (error) {
+    return {
+      success: false,
+      tableCount: 0,
+      totalRows: 0,
+      error: error.message || 'Failed to verify data'
+    };
+  }
+}