mcp-db-analyzer 0.2.5 → 0.2.7

package/README.md

@@ -21,6 +21,19 @@ Other analytical MCP servers (CrystalDBA, pg-dash, MCP-PostgreSQL-Ops) cover Pos
 - **Markdown output** optimized for LLM consumption
 - **Zero configuration** — just set `DATABASE_URL`
 
+## Pro Tier
+
+**Generate exportable diagnostic reports (HTML + PDF)** with a Pro license key.
+
+- Full JVM thread dump analysis report with actionable recommendations
+- PDF export for sharing with your team
+- Priority support
+
+<!-- TODO: replace placeholder Stripe Payment Link once STRIPE_SECRET_KEY is configured -->
+**$9.99/month** — [Get Pro License](https://buy.stripe.com/PLACEHOLDER)
+
+Pro license key activates the `generate_report` MCP tool in mcp-jvm-diagnostics.
+
 ## Installation
 
 ```bash

package/build/analyzers/connections.js

@@ -63,7 +63,7 @@ async function analyzePostgresConnections() {
         lines.push("| PID | User | Duration | Query |");
         lines.push("|-----|------|----------|-------|");
         for (const row of idleTxn.rows) {
-            lines.push(`| ${row.pid} | ${row.usename} | ${row.duration} | ${row.query} |`);
+            lines.push(`| ${row.pid} | ${row.usename} | ${row.duration} | ${row.query.replace(/\|/g, "\\|")} |`);
         }
         lines.push("");
     }
@@ -83,7 +83,7 @@ async function analyzePostgresConnections() {
         lines.push("| PID | User | Duration | Wait | Query |");
         lines.push("|-----|------|----------|------|-------|");
         for (const row of longQueries.rows) {
-            lines.push(`| ${row.pid} | ${row.usename} | ${row.duration} | ${row.wait_event_type || "-"} | ${row.query} |`);
+            lines.push(`| ${row.pid} | ${row.usename} | ${row.duration} | ${row.wait_event_type || "-"} | ${row.query.replace(/\|/g, "\\|")} |`);
         }
         lines.push("");
     }
@@ -112,7 +112,7 @@ async function analyzePostgresConnections() {
         lines.push("| Blocked PID | Blocking PID | Blocked Query | Blocking Query |");
         lines.push("|-------------|--------------|---------------|----------------|");
         for (const row of blocked.rows) {
-            lines.push(`| ${row.blocked_pid} | ${row.blocking_pid} | ${row.blocked_query} | ${row.blocking_query} |`);
+            lines.push(`| ${row.blocked_pid} | ${row.blocking_pid} | ${row.blocked_query.replace(/\|/g, "\\|")} | ${row.blocking_query.replace(/\|/g, "\\|")} |`);
         }
         lines.push("");
     }

package/build/analyzers/query.js

@@ -10,7 +10,9 @@ export async function explainQuery(sql, analyze = false) {
     // EXPLAIN ANALYZE actually executes the query, so we must reject anything
     // that could modify data — including CTEs with write operations.
     if (analyze) {
-        const upperSql = sql.trim().toUpperCase();
+        // Strip single-quoted string literals before scanning for DML keywords so that
+        // a query like `SELECT ... WHERE status = 'DELETE me'` is not falsely rejected.
+        const upperSql = sql.trim().toUpperCase().replace(/'[^']*'/g, "''");
         const DML_KEYWORDS = ["INSERT", "UPDATE", "DELETE", "DROP", "ALTER", "TRUNCATE", "CREATE", "GRANT", "REVOKE", "COPY"];
         const containsDml = DML_KEYWORDS.some((kw) => upperSql.includes(kw + " ") || upperSql.includes(kw + "\n") || upperSql.includes(kw + "\t") || upperSql.endsWith(kw));
         if (containsDml) {
@@ -235,14 +237,19 @@ function collectWarnings(node) {
     if (node["Sort Method"] === "external merge") {
         warnings.push(`**Disk sort** detected. Increase \`work_mem\` or add an index to avoid sorting.`);
     }
-    // Stale statistics: actual rows deviate significantly from planner estimate
-    if (node["Actual Rows"] !== undefined &&
-        node["Plan Rows"] > 0 &&
-        node["Actual Rows"] > 0) {
-        const ratio = node["Actual Rows"] / node["Plan Rows"];
-        if (ratio > 10 || ratio < 0.1) {
-            const relation = node["Relation Name"] ?? node["Node Type"];
-            warnings.push(`**Stale statistics** on \`${relation}\`: planner estimated ${node["Plan Rows"]} rows but got ${node["Actual Rows"]} (${ratio > 1 ? ratio.toFixed(0) + "× over" : (1 / ratio).toFixed(0) + "× under"}estimate). Run \`ANALYZE ${node["Relation Name"] ?? ""}\` to refresh table statistics.`);
+    // Stale statistics: actual rows deviate significantly from planner estimate.
+    // Handle Plan Rows = 0 separately — the planner expected an empty result but
+    // got rows, which is the most misleading case for query planning.
+    if (node["Actual Rows"] !== undefined) {
+        const relation = node["Relation Name"] ?? node["Node Type"];
+        if (node["Plan Rows"] === 0 && node["Actual Rows"] > 0) {
+            warnings.push(`**Stale statistics** on \`${relation}\`: planner estimated 0 rows but got ${node["Actual Rows"]}. Run \`ANALYZE ${node["Relation Name"] ?? ""}\` to refresh table statistics.`);
+        }
+        else if (node["Plan Rows"] > 0 && node["Actual Rows"] > 0) {
+            const ratio = node["Actual Rows"] / node["Plan Rows"];
+            if (ratio > 10 || ratio < 0.1) {
+                warnings.push(`**Stale statistics** on \`${relation}\`: planner estimated ${node["Plan Rows"]} rows but got ${node["Actual Rows"]} (${ratio > 1 ? ratio.toFixed(0) + "× over" : (1 / ratio).toFixed(0) + "× under"}estimate). Run \`ANALYZE ${node["Relation Name"] ?? ""}\` to refresh table statistics.`);
+            }
         }
     }
     if (node.Plans) {

package/build/analyzers/schema.js

@@ -187,13 +187,16 @@ export async function inspectTable(tableName, schema = "public") {
     return lines.join("\n");
 }
 async function inspectTableSqlite(tableName) {
-    const cols = await query(`PRAGMA table_info("${tableName}")`);
+    // Escape double-quote characters so a table name containing `"` (e.g. `weird"table`)
+    // does not break the PRAGMA queries or the row-count SELECT.
+    const escaped = tableName.replace(/"/g, '""');
+    const cols = await query(`PRAGMA table_info("${escaped}")`);
     if (cols.rows.length === 0) {
         return `Table '${tableName}' not found.`;
     }
     const lines = [`## Table: main.${tableName}\n`];
     // Row count
-    const countResult = await query(`SELECT count(*) as cnt FROM "${tableName}"`);
+    const countResult = await query(`SELECT count(*) as cnt FROM "${escaped}"`);
     lines.push(`- **Rows**: ${countResult.rows[0]?.cnt ?? 0}`);
     lines.push("");
     lines.push("### Columns\n");
@@ -203,7 +206,7 @@ async function inspectTableSqlite(tableName) {
         lines.push(`| ${col.cid + 1} | ${col.name} | ${col.type || 'ANY'} | ${col.notnull ? 'NO' : 'YES'} | ${col.dflt_value ?? '-'} | ${col.pk ? 'YES' : '-'} |`);
     }
     // Foreign keys
-    const fks = await query(`PRAGMA foreign_key_list("${tableName}")`);
+    const fks = await query(`PRAGMA foreign_key_list("${escaped}")`);
     if (fks.rows.length > 0) {
         lines.push("\n### Foreign Keys\n");
         lines.push("| Column | References |");
@@ -213,13 +216,13 @@ async function inspectTableSqlite(tableName) {
         }
     }
     // Indexes
-    const indexes = await query(`PRAGMA index_list("${tableName}")`);
+    const indexes = await query(`PRAGMA index_list("${escaped}")`);
     if (indexes.rows.length > 0) {
         lines.push("\n### Indexes\n");
         lines.push("| Name | Unique | Columns |");
         lines.push("|------|--------|---------|");
         for (const idx of indexes.rows) {
-            const idxCols = await query(`PRAGMA index_info("${idx.name}")`);
+            const idxCols = await query(`PRAGMA index_info("${idx.name.replace(/"/g, '""')}")`);
             const colNames = idxCols.rows.map(c => c.name).join(", ");
             lines.push(`| ${idx.name} | ${idx.unique ? 'YES' : 'NO'} | ${colNames} |`);
         }

package/build/analyzers/slow-queries.js

@@ -119,6 +119,20 @@ async function analyzeMysqlSlowQueries(limit) {
             const truncated = r.DIGEST_TEXT.length > 80 ? r.DIGEST_TEXT.slice(0, 77) + "..." : r.DIGEST_TEXT;
             sections.push(`| ${i + 1} | ${r.AVG_TIMER_WAIT.toFixed(1)}ms | ${r.SUM_TIMER_WAIT.toFixed(0)}ms | ${r.COUNT_STAR} | \`${truncated.replace(/\|/g, "\\|")}\` |`);
         }
+        // Recommendations
+        sections.push("");
+        sections.push("### Recommendations");
+        const highCallSlow = result.rows.filter((r) => r.COUNT_STAR > 100 && r.AVG_TIMER_WAIT > 100);
+        if (highCallSlow.length > 0) {
+            sections.push(`- **${highCallSlow.length} high-impact queries** — called >100 times with >100ms avg. Prioritize these for optimization.`);
+        }
+        const fewRowsSlow = result.rows.filter((r) => r.AVG_TIMER_WAIT > 50 && r.SUM_ROWS_SENT / Math.max(r.COUNT_STAR, 1) < 10);
+        if (fewRowsSlow.length > 0) {
+            sections.push(`- **${fewRowsSlow.length} queries returning few rows but slow** — likely missing indexes. Use \`explain_query\` to check.`);
+        }
+        if (highCallSlow.length === 0 && fewRowsSlow.length === 0) {
+            sections.push("- No critical patterns detected. Monitor trends over time.");
+        }
         return sections.join("\n");
     }
     catch {

package/build/db-mysql.js

@@ -49,7 +49,13 @@ export function createMysqlAdapter() {
                     return { rows: rows };
                 }
                 catch (err) {
-                    await conn.rollback();
+                    try {
+                        await conn.rollback();
+                    }
+                    catch {
+                        // Transaction may not have started (e.g. beginTransaction threw);
+                        // suppress the secondary error so the original cause is preserved.
+                    }
                     throw err;
                 }
             }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-db-analyzer",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "MCP server for PostgreSQL, MySQL, and SQLite schema analysis, index optimization, and query plan inspection",
   "mcpName": "io.github.dmitriusan/mcp-db-analyzer",
   "author": "Dmytro Lisnichenko",