mcp-migration-advisor 0.2.2 → 0.2.4

package/build/analyzers/lock-risk.js

@@ -147,6 +147,17 @@ function analyzeStatement(stmt) {
             recommendation: "Avoid explicit locks in migrations. Use row-level locking or redesign the migration.",
         });
     }
+    // TRUNCATE acquires ACCESS EXCLUSIVE lock — same severity as DROP TABLE
+    if (stmt.type === "OTHER" && /\bTRUNCATE\b/i.test(stmt.raw)) {
+        const tableMatch = stmt.raw.match(/TRUNCATE\s+(?:TABLE\s+)?(?:`|"|)?(\w+)/i);
+        risks.push({
+            severity: "HIGH",
+            statement: truncate(stmt.raw),
+            tableName: tableMatch?.[1] || null,
+            risk: "TRUNCATE acquires ACCESS EXCLUSIVE lock, blocking all concurrent reads and writes for the duration.",
+            recommendation: "On large tables, prefer DELETE with a WHERE clause in batches. If speed is critical, ensure a maintenance window.",
+        });
+    }
     return risks;
 }
 function truncate(s, max = 120) {

package/build/index.js

@@ -16,9 +16,6 @@ import { analyzeLockRisks, calculateRiskScore } from "./analyzers/lock-risk.js";
 import { analyzeDataLoss } from "./analyzers/data-loss.js";
 import { generateRollback } from "./generators/rollback.js";
 import { detectConflicts, formatConflictReport } from "./analyzers/conflicts.js";
-import { validateLicense, formatUpgradePrompt } from "./license.js";
-// License check (reads MCP_LICENSE_KEY env var once at startup)
-const license = validateLicense(process.env.MCP_LICENSE_KEY, "migration-advisor");
 /**
  * Format parser warnings into a markdown section.
  * Returns empty string if there are no warnings.
@@ -36,7 +33,7 @@ function formatParserWarnings(migration) {
 }
 // Handle --help
 if (process.argv.includes("--help") || process.argv.includes("-h")) {
-    console.log(`mcp-migration-advisor v0.1.0 — MCP server for database migration risk analysis
+    console.log(`mcp-migration-advisor v0.2.4 — MCP server for database migration risk analysis
 
 Usage:
   mcp-migration-advisor [options]
@@ -55,7 +52,7 @@ Tools provided:
 }
 const server = new McpServer({
     name: "mcp-migration-advisor",
-    version: "0.1.0",
+    version: "0.2.4",
 });
 // Tool 1: analyze_migration
 server.tool("analyze_migration", "Analyze a SQL migration file for lock risks, data loss potential, and unsafe patterns. Supports Flyway (V__*.sql) and plain SQL.", {
@@ -238,21 +235,6 @@ server.tool("generate_rollback", "Generate reverse DDL to undo a SQL migration.
     filename: z.string().describe("Migration filename (e.g., V2__add_user_email.sql)"),
     sql: z.string().describe("The SQL content of the migration file"),
 }, async ({ filename, sql }) => {
-    // Pro feature gate — free users get a preview, Pro users get full output
-    if (!license.isPro) {
-        const migration = parseMigration(filename, sql);
-        const report = generateRollback(migration);
-        // Show a preview: statement count and reversibility, but not the actual SQL
-        let preview = `## Rollback Preview: ${filename}\n\n`;
-        preview += `**Reversible**: ${report.fullyReversible ? "Yes" : "Partially"}\n`;
-        preview += `**Statements**: ${report.statements.length}\n`;
-        preview += `**Warnings**: ${report.warnings.length}\n\n`;
-        preview += formatUpgradePrompt("generate_rollback", "Full rollback SQL generation with:\n" +
-            "- Complete reverse DDL for all migration operations\n" +
-            "- Flyway schema_history cleanup statements\n" +
-            "- Irreversibility warnings with manual intervention guidance");
-        return { content: [{ type: "text", text: preview }] };
-    }
     const migration = parseMigration(filename, sql);
     const report = generateRollback(migration);
     let output = `## Rollback Script: ${filename}\n\n`;

package/build/parsers/flyway-sql.js

@@ -31,7 +31,8 @@ export function parseFlywayFilename(filename) {
 }
 /**
  * Split SQL text into individual statements.
- * Handles semicolons, ignoring those inside strings and comments.
+ * Handles semicolons, ignoring those inside string literals and comments.
+ * Single-quoted strings are tracked; escaped quotes ('') are handled correctly.
  */
 function splitStatements(sql) {
     // Remove block comments
@@ -40,16 +41,38 @@ function splitStatements(sql) {
     cleaned = cleaned.replace(/--.*$/gm, "");
     const stmts = [];
     let current = "";
-    for (const char of cleaned) {
-        if (char === ";") {
+    let inString = false;
+    let i = 0;
+    while (i < cleaned.length) {
+        const char = cleaned[i];
+        if (char === "'" && !inString) {
+            inString = true;
+            current += char;
+            i++;
+        }
+        else if (char === "'" && inString) {
+            current += char;
+            i++;
+            // '' is the SQL escape for a literal single quote inside a string
+            if (i < cleaned.length && cleaned[i] === "'") {
+                current += cleaned[i];
+                i++;
+            }
+            else {
+                inString = false;
+            }
+        }
+        else if (char === ";" && !inString) {
             const trimmed = current.trim();
             if (trimmed.length > 0) {
                 stmts.push(trimmed);
             }
             current = "";
+            i++;
         }
         else {
             current += char;
+            i++;
         }
     }
     const last = current.trim();

package/package.json

@@ -1,7 +1,8 @@
 {
   "name": "mcp-migration-advisor",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "MCP server for database migration risk analysis — Flyway and Liquibase XML/YAML/SQL support with lock detection and conflict analysis",
+  "mcpName": "Migration Advisor",
   "main": "build/index.js",
   "bin": {
     "mcp-migration-advisor": "build/index.js"

package/build/license.js

@@ -1,115 +0,0 @@
-/**
- * License validation for MCP Migration Advisor (Pro features).
- *
- * Validates license keys offline using HMAC-SHA256.
- * Missing or invalid keys gracefully degrade to free mode — never errors.
- *
- * Key format: MCPJBS-XXXXX-XXXXX-XXXXX-XXXXX
- * Payload (12 bytes = 20 base32 chars):
- *   [0]     product mask (8 bits)
- *   [1-2]   expiry days since 2026-01-01 (16 bits)
- *   [3-5]   customer ID (24 bits)
- *   [6-11]  HMAC-SHA256 truncated (48 bits)
- */
-import { createHmac } from "node:crypto";
-const KEY_PREFIX = "MCPJBS-";
-const EPOCH = new Date("2026-01-01T00:00:00Z");
-const BASE32_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
-const HMAC_SECRET = "mcp-java-backend-suite-license-v1";
-const PRODUCTS = {
-    "db-analyzer": 0,
-    "jvm-diagnostics": 1,
-    "migration-advisor": 2,
-    "spring-boot-actuator": 3,
-    "redis-diagnostics": 4,
-};
-export function validateLicense(key, product) {
-    const FREE = {
-        isPro: false,
-        expiresAt: null,
-        customerId: null,
-        reason: "No license key provided",
-    };
-    if (!key || key.trim().length === 0)
-        return FREE;
-    const trimmed = key.trim().toUpperCase();
-    if (!trimmed.startsWith(KEY_PREFIX)) {
-        return { ...FREE, reason: "Invalid key format: missing MCPJBS- prefix" };
-    }
-    const body = trimmed.slice(KEY_PREFIX.length).replace(/-/g, "");
-    if (body.length < 20) {
-        return { ...FREE, reason: "Invalid key format: too short" };
-    }
-    let decoded;
-    try {
-        decoded = base32Decode(body.slice(0, 20));
-    }
-    catch {
-        return { ...FREE, reason: "Invalid key format: bad base32 encoding" };
-    }
-    if (decoded.length < 12) {
-        return { ...FREE, reason: "Invalid key format: decoded data too short" };
-    }
-    const payload = decoded.subarray(0, 6);
-    const providedSignature = decoded.subarray(6, 12);
-    const expectedHmac = createHmac("sha256", HMAC_SECRET)
-        .update(payload)
-        .digest();
-    const expectedSignature = expectedHmac.subarray(0, 6);
-    if (!providedSignature.equals(expectedSignature)) {
-        return { ...FREE, reason: "Invalid license key: signature mismatch" };
-    }
-    const productMask = payload[0];
-    const daysSinceEpoch = (payload[1] << 8) | payload[2];
-    const customerId = (payload[3] << 16) | (payload[4] << 8) | payload[5];
-    const productBit = PRODUCTS[product];
-    if (productBit === undefined) {
-        return { ...FREE, reason: `Unknown product: ${product}` };
-    }
-    if ((productMask & (1 << productBit)) === 0) {
-        return { ...FREE, customerId, reason: `License does not include ${product}` };
-    }
-    const expiresAt = new Date(EPOCH.getTime() + daysSinceEpoch * 24 * 60 * 60 * 1000);
-    if (new Date() > expiresAt) {
-        return {
-            isPro: false,
-            expiresAt,
-            customerId,
-            reason: `License expired on ${expiresAt.toISOString().slice(0, 10)}`,
-        };
-    }
-    return { isPro: true, expiresAt, customerId, reason: "Valid Pro license" };
-}
-export function formatUpgradePrompt(toolName, featureDescription) {
-    return [
-        `## ${toolName} (Pro Feature)`,
-        "",
-        "This analysis is available with MCP Java Backend Suite Pro.",
-        "",
-        `**What you'll get:**`,
-        featureDescription,
-        "",
-        "**Upgrade**: https://mcpjbs.dev/pricing",
-        "**Price**: $19/month or $190/year",
-        "",
-        "> Already have a key? Set `MCP_LICENSE_KEY` in your Claude Desktop config.",
-    ].join("\n");
-}
-function base32Decode(encoded) {
-    const bytes = [];
-    let bits = 0;
-    let value = 0;
-    for (const char of encoded) {
-        const idx = BASE32_CHARS.indexOf(char);
-        if (idx === -1)
-            throw new Error(`Invalid base32 character: ${char}`);
-        value = (value << 5) | idx;
-        bits += 5;
-        if (bits >= 8) {
-            bits -= 8;
-            bytes.push((value >> bits) & 0xff);
-        }
-    }
-    return Buffer.from(bytes);
-}
-//# sourceMappingURL=license.js.map