jettypod 4.4.118 → 4.4.121

package/crates/jettypod-core/src/db/mod.rs

@@ -0,0 +1,507 @@
+//! Database connection management.
+//!
+//! Opens the project's `.jettypod/work.db` with WAL mode and busy timeout,
+//! initializes the schema for new databases, and provides integrity/checkpoint
+//! utilities.
+//!
+//! Port of `lib/database.js` — same pragmas, same schema, same behavior.
+
+mod recovery;
+mod startup;
+mod validate;
+
+pub use validate::{IntegrityResult, WalCheckpointResult};
+
+use crate::error::{CoreError, Result};
+use crate::ws::BroadcastMessage;
+use rusqlite::hooks::Action;
+use rusqlite::Connection;
+use std::path::{Path, PathBuf};
+use tokio::sync::broadcast;
+
+mod embedded {
+    use refinery::embed_migrations;
+    embed_migrations!("migrations");
+}
+
+// ---------------------------------------------------------------------------
+// Database
+// ---------------------------------------------------------------------------
+
+/// The work database — wraps a rusqlite `Connection` with JettyPod-specific
+/// pragma configuration.
+pub struct Database {
+    conn: Connection,
+}
+
+impl Database {
+    /// Open a database at a specific file path **without** startup validation.
+    ///
+    /// Use `open_path` (which adds integrity checks and recovery) for
+    /// production callers.  This unchecked variant is for tests, recovery
+    /// internals, and other cases where you need a bare connection.
+    pub fn open_path_unchecked(path: &Path) -> Result<Self> {
+        if let Some(parent) = path.parent() {
+            std::fs::create_dir_all(parent)?;
+        }
+
+        let mut conn = Connection::open(path)?;
+
+        // Match the Node.js pragma configuration exactly:
+        conn.pragma_update(None, "journal_mode", "WAL")?;
+        conn.pragma_update(None, "synchronous", "NORMAL")?;
+        conn.pragma_update(None, "busy_timeout", 5000)?;
+        conn.pragma_update(None, "foreign_keys", "ON")?;
+
+        // Run migrations — V1 is the full baseline schema (all IF NOT EXISTS),
+        // so it's idempotent on both fresh and existing databases.
+        // Future schema changes are added as V2, V3, etc.
+        embedded::migrations::runner()
+            .run(&mut conn)
+            .map_err(|e| CoreError::Config(format!("Migration failed: {e}")))?;
+
+        let db = Self { conn };
+
+        // Sync _meta.schema_version so Node.js knows the current schema state.
+        db.sync_meta_version()?;
+
+        Ok(db)
+    }
+
+    /// Get a reference to the underlying rusqlite connection.
+    pub fn conn(&self) -> &Connection {
+        &self.conn
+    }
+
+    /// Register a SQLite update hook that sends delta events to the WebSocket
+    /// broadcast channel. Only fires for writes through this connection (Tauri
+    /// IPC); external writes (CLI) are still detected by file mtime polling.
+    pub fn register_update_hook(&self, broadcast_tx: broadcast::Sender<String>) {
+        self.conn.update_hook(Some(
+            move |action: Action, _db: &str, table: &str, rowid: i64| {
+                let action_str = match action {
+                    Action::SQLITE_INSERT => "insert",
+                    Action::SQLITE_UPDATE => "update",
+                    Action::SQLITE_DELETE => "delete",
+                    _ => return,
+                };
+                let msg = BroadcastMessage::db_delta(action_str, table, rowid).to_json();
+                // Non-blocking send — if no receivers, that's fine
+                let _ = broadcast_tx.send(msg);
+            },
+        ));
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Path resolution
+// ---------------------------------------------------------------------------
+
+/// Find the project root from the current working directory.
+///
+/// Strategy:
+/// 1. Walk up from CWD looking for a `.jettypod` directory
+/// 2. Fall back to `git rev-parse --show-toplevel`
+pub fn find_project_root() -> Result<PathBuf> {
+    let cwd = std::env::current_dir()?;
+
+    // Walk up looking for .jettypod/
+    let mut dir = cwd.as_path();
+    loop {
+        if dir.join(".jettypod").is_dir() {
+            return Ok(dir.to_path_buf());
+        }
+        match dir.parent() {
+            Some(parent) => dir = parent,
+            None => break,
+        }
+    }
+
+    // Fall back to git root
+    let output = std::process::Command::new("git")
+        .args(["rev-parse", "--show-toplevel"])
+        .output()?;
+
+    if output.status.success() {
+        let root = String::from_utf8_lossy(&output.stdout).trim().to_string();
+        return Ok(PathBuf::from(root));
+    }
+
+    Err(CoreError::Config(
+        "Not in a JettyPod project (no .jettypod directory found)".into(),
+    ))
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn temp_db() -> (tempfile::TempDir, Database) {
+        let dir = tempfile::tempdir().unwrap();
+        let db_path = dir.path().join("test.db");
+        let db = Database::open_path_unchecked(&db_path).unwrap();
+        (dir, db)
+    }
+
+    #[test]
+    fn open_creates_schema() {
+        let (_dir, db) = temp_db();
+        let count: i32 = db
+            .conn()
+            .query_row(
+                "SELECT COUNT(*) FROM pragma_table_info('work_items')",
+                [],
+                |row| row.get(0),
+            )
+            .unwrap();
+        assert!(count >= 30, "Expected at least 30 columns, got {}", count);
+    }
+
+    #[test]
+    fn integrity_check_passes() {
+        let (_dir, db) = temp_db();
+        let result = db.check_integrity().unwrap();
+        assert!(result.ok);
+        assert!(result.errors.is_empty());
+    }
+
+    #[test]
+    fn wal_checkpoint_works() {
+        let (_dir, db) = temp_db();
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'test')",
+                [],
+            )
+            .unwrap();
+        let result = db.wal_checkpoint().unwrap();
+        assert!(result.success);
+    }
+
+    #[test]
+    fn validate_schema_passes() {
+        let (_dir, db) = temp_db();
+        db.validate_schema().unwrap();
+    }
+
+    #[test]
+    fn open_creates_parent_dirs() {
+        let dir = tempfile::tempdir().unwrap();
+        let db_path = dir.path().join("deep").join("nested").join("test.db");
+        let db = Database::open_path_unchecked(&db_path).unwrap();
+        assert!(db.check_integrity().unwrap().ok);
+    }
+
+    #[test]
+    fn schema_is_idempotent() {
+        let (_dir, db) = temp_db();
+        // Running the baseline migration SQL again should not error
+        const BASELINE_SQL: &str = include_str!("../../migrations/V1__baseline.sql");
+        db.conn().execute_batch(BASELINE_SQL).unwrap();
+
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('epic', 'test')",
+                [],
+            )
+            .unwrap();
+        let title: String = db
+            .conn()
+            .query_row("SELECT title FROM work_items WHERE id = 1", [], |row| {
+                row.get(0)
+            })
+            .unwrap();
+        assert_eq!(title, "test");
+    }
+
+    #[test]
+    fn foreign_keys_enforced() {
+        let (_dir, db) = temp_db();
+        let result = db.conn().execute(
+            "INSERT INTO discovery_decisions (work_item_id, aspect, decision, rationale) VALUES (999, 'a', 'b', 'c')",
+            [],
+        );
+        assert!(result.is_err());
+    }
+
+    #[test]
+    fn validate_tables_passes() {
+        let (_dir, db) = temp_db();
+        db.validate_tables().unwrap();
+    }
+
+    #[test]
+    fn sync_meta_version_sets_value() {
+        let (_dir, db) = temp_db();
+        let version: String = db
+            .conn()
+            .query_row(
+                "SELECT value FROM _meta WHERE key = 'schema_version'",
+                [],
+                |row| row.get(0),
+            )
+            .unwrap();
+        assert_eq!(version, "33");
+    }
+
+    #[test]
+    fn open_from_project_root() {
+        let dir = tempfile::tempdir().unwrap();
+        std::fs::create_dir_all(dir.path().join(".jettypod")).unwrap();
+        let db = Database::open(dir.path()).unwrap();
+        assert!(dir.path().join(".jettypod").join("work.db").exists());
+        assert!(db.check_integrity().unwrap().ok);
+    }
+
+    #[test]
+    fn open_validated_on_fresh_db() {
+        let dir = tempfile::tempdir().unwrap();
+        let db_path = dir.path().join("test.db");
+        let db = Database::open_path(&db_path).unwrap();
+        assert!(db.check_integrity().unwrap().ok);
+        db.validate_schema().unwrap();
+        db.validate_tables().unwrap();
+    }
+
+    #[test]
+    fn open_validated_from_project_root() {
+        let dir = tempfile::tempdir().unwrap();
+        std::fs::create_dir_all(dir.path().join(".jettypod")).unwrap();
+        let db = Database::open(dir.path()).unwrap();
+        assert!(db.check_integrity().unwrap().ok);
+    }
+
+    #[test]
+    fn recover_from_snapshot() {
+        // 1. Create a DB with some data
+        let dir = tempfile::tempdir().unwrap();
+        let jettypod_dir = dir.path().join(".jettypod");
+        std::fs::create_dir_all(&jettypod_dir).unwrap();
+        let db_path = jettypod_dir.join("work.db");
+
+        let db = Database::open_path_unchecked(&db_path).unwrap();
+        db.conn().execute(
+            "INSERT INTO work_items (type, title) VALUES ('epic', 'My Epic')",
+            [],
+        ).unwrap();
+        db.conn().execute(
+            "INSERT INTO work_items (type, title) VALUES ('chore', 'My Chore')",
+            [],
+        ).unwrap();
+        drop(db);
+
+        // 2. Create a snapshot JSON
+        let snapshots_dir = jettypod_dir.join("snapshots");
+        std::fs::create_dir_all(&snapshots_dir).unwrap();
+        let snapshot = serde_json::json!({
+            "work_items": [
+                {"id": 1, "type": "epic", "title": "Recovered Epic", "status": "backlog"},
+                {"id": 2, "type": "chore", "title": "Recovered Chore", "status": "backlog"}
+            ]
+        });
+        std::fs::write(
+            snapshots_dir.join("work.json"),
+            serde_json::to_string(&snapshot).unwrap(),
+        ).unwrap();
+
+        // 3. Delete the DB to simulate missing file
+        std::fs::remove_file(&db_path).unwrap();
+        assert!(!db_path.exists());
+
+        // 4. open_path_validated should recover from snapshot
+        let db = Database::open_path(&db_path).unwrap();
+        let title: String = db.conn().query_row(
+            "SELECT title FROM work_items WHERE id = 1",
+            [],
+            |row| row.get(0),
+        ).unwrap();
+        assert_eq!(title, "Recovered Epic");
+
+        let count: i32 = db.conn().query_row(
+            "SELECT COUNT(*) FROM work_items",
+            [],
+            |row| row.get(0),
+        ).unwrap();
+        assert_eq!(count, 2);
+    }
+
+    #[test]
+    fn open_validated_missing_db_no_snapshot() {
+        // Missing DB + no snapshot = creates fresh DB
+        let dir = tempfile::tempdir().unwrap();
+        let db_path = dir.path().join("test.db");
+        assert!(!db_path.exists());
+        let db = Database::open_path(&db_path).unwrap();
+        assert!(db.check_integrity().unwrap().ok);
+    }
+
+    #[test]
+    fn snapshot_rejects_sql_injection_in_table_name() {
+        let dir = tempfile::tempdir().unwrap();
+        let jettypod_dir = dir.path().join(".jettypod");
+        std::fs::create_dir_all(&jettypod_dir).unwrap();
+        let db_path = jettypod_dir.join("work.db");
+
+        let snapshots_dir = jettypod_dir.join("snapshots");
+        std::fs::create_dir_all(&snapshots_dir).unwrap();
+        let malicious = serde_json::json!({
+            "work_items; DROP TABLE work_items; --": [
+                {"id": 1, "type": "epic", "title": "hacked"}
+            ]
+        });
+        std::fs::write(
+            snapshots_dir.join("work.json"),
+            serde_json::to_string(&malicious).unwrap(),
+        ).unwrap();
+
+        let result = Database::recover_from_snapshots(&db_path);
+        assert!(result.is_err());
+        let err = result.unwrap_err().to_string();
+        assert!(err.contains("Unsafe SQL identifier"), "Expected injection rejection, got: {err}");
+    }
+
+    #[test]
+    fn update_hook_sends_delta_on_insert() {
+        let (_dir, db) = temp_db();
+        let (tx, mut rx) = broadcast::channel::<String>(16);
+        db.register_update_hook(tx);
+
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'Hook test')",
+                [],
+            )
+            .unwrap();
+
+        let msg = rx.try_recv().unwrap();
+        let parsed: serde_json::Value = serde_json::from_str(&msg).unwrap();
+        assert_eq!(parsed["type"], "db_delta");
+        assert_eq!(parsed["table"], "work_items");
+        assert_eq!(parsed["action"], "insert");
+        assert!(parsed["rowid"].as_i64().unwrap() > 0);
+    }
+
+    #[test]
+    fn update_hook_sends_delta_on_update() {
+        let (_dir, db) = temp_db();
+        let (tx, mut rx) = broadcast::channel::<String>(16);
+
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'Before hook')",
+                [],
+            )
+            .unwrap();
+
+        db.register_update_hook(tx);
+
+        db.conn()
+            .execute(
+                "UPDATE work_items SET title = 'After hook' WHERE id = 1",
+                [],
+            )
+            .unwrap();
+
+        let msg = rx.try_recv().unwrap();
+        let parsed: serde_json::Value = serde_json::from_str(&msg).unwrap();
+        assert_eq!(parsed["type"], "db_delta");
+        assert_eq!(parsed["action"], "update");
+        assert_eq!(parsed["rowid"], 1);
+    }
+
+    #[test]
+    fn update_hook_sends_delta_on_delete() {
+        let (_dir, db) = temp_db();
+        let (tx, mut rx) = broadcast::channel::<String>(16);
+
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'To delete')",
+                [],
+            )
+            .unwrap();
+
+        db.register_update_hook(tx);
+
+        db.conn()
+            .execute("DELETE FROM work_items WHERE id = 1", [])
+            .unwrap();
+
+        let msg = rx.try_recv().unwrap();
+        let parsed: serde_json::Value = serde_json::from_str(&msg).unwrap();
+        assert_eq!(parsed["type"], "db_delta");
+        assert_eq!(parsed["action"], "delete");
+        assert_eq!(parsed["rowid"], 1);
+    }
+
+    #[test]
+    fn update_hook_fires_for_each_row() {
+        let (_dir, db) = temp_db();
+        let (tx, mut rx) = broadcast::channel::<String>(32);
+        db.register_update_hook(tx);
+
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'First')",
+                [],
+            )
+            .unwrap();
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'Second')",
+                [],
+            )
+            .unwrap();
+
+        let msg1 = rx.try_recv().unwrap();
+        let msg2 = rx.try_recv().unwrap();
+        let p1: serde_json::Value = serde_json::from_str(&msg1).unwrap();
+        let p2: serde_json::Value = serde_json::from_str(&msg2).unwrap();
+        assert_eq!(p1["action"], "insert");
+        assert_eq!(p2["action"], "insert");
+        assert_ne!(p1["rowid"], p2["rowid"]);
+    }
+
+    #[test]
+    fn update_hook_no_panic_without_receivers() {
+        let (_dir, db) = temp_db();
+        let (tx, _) = broadcast::channel::<String>(16);
+        db.register_update_hook(tx);
+        // All receivers dropped — send should not panic
+        db.conn()
+            .execute(
+                "INSERT INTO work_items (type, title) VALUES ('chore', 'No receiver')",
+                [],
+            )
+            .unwrap();
+    }
+
+    #[test]
+    fn snapshot_rejects_sql_injection_in_column_name() {
+        let dir = tempfile::tempdir().unwrap();
+        let jettypod_dir = dir.path().join(".jettypod");
+        std::fs::create_dir_all(&jettypod_dir).unwrap();
+        let db_path = jettypod_dir.join("work.db");
+
+        let snapshots_dir = jettypod_dir.join("snapshots");
+        std::fs::create_dir_all(&snapshots_dir).unwrap();
+        let malicious = serde_json::json!({
+            "work_items": [
+                {"id": 1, "type) VALUES (1,'epic'); DROP TABLE work_items; --": "hacked"}
+            ]
+        });
+        std::fs::write(
+            snapshots_dir.join("work.json"),
+            serde_json::to_string(&malicious).unwrap(),
+        ).unwrap();
+
+        let result = Database::recover_from_snapshots(&db_path);
+        assert!(result.is_err());
+        let err = result.unwrap_err().to_string();
+        assert!(err.contains("Unsafe SQL identifier"), "Expected injection rejection, got: {err}");
+    }
+}

package/crates/jettypod-core/src/db/recovery.rs

@@ -0,0 +1,114 @@
+//! Snapshot-based database recovery.
+//!
+//! Reads `.jettypod/snapshots/work.json` to rebuild a database from a JSON
+//! export when the database file is missing or corrupted.
+
+use crate::error::{CoreError, Result};
+use rusqlite::types::Value as SqlValue;
+use std::collections::HashMap;
+use std::path::Path;
+use super::Database;
+
+impl Database {
+    /// Attempt to recover a database from a JSON snapshot.
+    ///
+    /// Reads `.jettypod/snapshots/work.json`, deletes the corrupted database
+    /// files, creates a fresh database, and imports all rows.
+    ///
+    /// Returns the total number of rows imported on success.
+    pub(super) fn recover_from_snapshots(db_path: &Path) -> Result<usize> {
+        let jettypod_dir = db_path
+            .parent()
+            .ok_or_else(|| CoreError::Config("Invalid database path".into()))?;
+        let json_path = jettypod_dir.join("snapshots").join("work.json");
+
+        if !json_path.exists() {
+            return Err(CoreError::Config("No snapshot file found".into()));
+        }
+
+        // Read and parse snapshot
+        let content = std::fs::read_to_string(&json_path)?;
+        let data: HashMap<String, Vec<HashMap<String, serde_json::Value>>> =
+            serde_json::from_str(&content)?;
+
+        // Remove corrupted database files
+        let db_str = db_path.to_string_lossy();
+        for suffix in ["", "-wal", "-shm"] {
+            let file = format!("{db_str}{suffix}");
+            let p = Path::new(&file);
+            if p.exists() {
+                std::fs::remove_file(p)?;
+            }
+        }
+
+        // Create fresh database (runs migrations + schema)
+        let db = Self::open_path_unchecked(db_path)?;
+
+        // Import rows from snapshot
+        let mut total = 0usize;
+        for (table_name, rows) in &data {
+            if rows.is_empty() {
+                continue;
+            }
+
+            validate_identifier(table_name)?;
+            let columns: Vec<&String> = rows[0].keys().collect();
+            for col in &columns {
+                validate_identifier(col)?;
+            }
+            let col_names = columns.iter().map(|c| c.as_str()).collect::<Vec<_>>().join(", ");
+            let placeholders = columns.iter().map(|_| "?").collect::<Vec<_>>().join(", ");
+            let sql = format!("INSERT INTO {table_name} ({col_names}) VALUES ({placeholders})");
+
+            for row in rows {
+                let values: Vec<SqlValue> = columns
+                    .iter()
+                    .map(|col| json_to_sql(row.get(*col).unwrap_or(&serde_json::Value::Null)))
+                    .collect();
+
+                let params: Vec<&dyn rusqlite::types::ToSql> =
+                    values.iter().map(|v| v as &dyn rusqlite::types::ToSql).collect();
+
+                db.conn.execute(&sql, params.as_slice())?;
+                total += 1;
+            }
+        }
+
+        Ok(total)
+    }
+}
+
+/// Validate that a SQL identifier (table/column name) contains only safe characters.
+fn validate_identifier(name: &str) -> Result<()> {
+    if name.is_empty() {
+        return Err(CoreError::Config("Empty SQL identifier".into()));
+    }
+    if !name
+        .chars()
+        .all(|c| c.is_ascii_alphanumeric() || c == '_')
+    {
+        return Err(CoreError::Config(format!(
+            "Unsafe SQL identifier: {name:?}"
+        )));
+    }
+    Ok(())
+}
+
+/// Convert a serde_json value to a rusqlite value for dynamic SQL inserts.
+fn json_to_sql(val: &serde_json::Value) -> SqlValue {
+    match val {
+        serde_json::Value::Null => SqlValue::Null,
+        serde_json::Value::Bool(b) => SqlValue::Integer(*b as i64),
+        serde_json::Value::Number(n) => {
+            if let Some(i) = n.as_i64() {
+                SqlValue::Integer(i)
+            } else if let Some(f) = n.as_f64() {
+                SqlValue::Real(f)
+            } else {
+                SqlValue::Null
+            }
+        }
+        serde_json::Value::String(s) => SqlValue::Text(s.clone()),
+        other => SqlValue::Text(other.to_string()),
+    }
+}