mpx-db 1.1.0 → 1.1.3

package/LICENSE

@@ -1,16 +1,26 @@
-MIT License
+Mesaplex Dual License
 
 Copyright (c) 2026 Mesaplex
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+This software is available under two licensing options:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+1. FREE TIER (Personal Use)
+   - Limited daily usage
+   - Basic features only
+   - Personal and non-commercial use only
+   
+   Permission is granted to use this software for personal, non-commercial
+   purposes subject to the usage limits described in the documentation.
+
+2. PRO LICENSE (Commercial Use)
+   - Unlimited usage
+   - All features unlocked
+   - JSON/CSV export
+   - CI/CD integration
+   - Commercial use allowed
+   - Priority support
+   
+   To obtain a Pro license, visit: https://mesaplex.com
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mpx-db",
-  "version": "1.1.0",
+  "version": "1.1.3",
   "description": "Database management CLI - Connect, query, migrate, and manage databases from the terminal",
   "main": "src/index.js",
   "bin": {
@@ -8,7 +8,7 @@
   },
   "type": "module",
   "scripts": {
-    "test": "node --test test/**/*.test.js",
+    "test": "node --test test/*.test.js",
     "test:watch": "node --test --watch test/**/*.test.js",
     "dev": "node bin/mpx-db.js"
   },
@@ -28,7 +28,7 @@
     "json-output"
   ],
   "author": "Mesaplex <support@mesaplex.com>",
-  "license": "MIT",
+  "license": "SEE LICENSE IN LICENSE",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/mesaplexdev/mpx-db.git"
@@ -43,9 +43,7 @@
     "better-sqlite3": "^12.6.2",
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
-    "commander": "^12.1.0",
-    "inquirer": "^10.0.0",
-    "yaml": "^2.6.1"
+    "commander": "^12.1.0"
   },
   "peerDependencies": {
     "mysql2": "^3.11.5",

package/src/cli.js

@@ -153,6 +153,78 @@ program
   .option('-o, --output <file>', 'Output file path')
   .action((target, table, options) => exportData(target, table, { ...globalOptions, ...options }));
 
+// Update subcommand
+program
+  .command('update')
+  .description('Check for updates and optionally install the latest version')
+  .option('--check', 'Only check for updates (do not install)')
+  .action(async (options) => {
+    const { checkForUpdate, performUpdate } = await import('./update.js');
+    const jsonMode = globalOptions.json;
+
+    try {
+      const info = checkForUpdate();
+
+      if (jsonMode) {
+        const output = {
+          current: info.current,
+          latest: info.latest,
+          updateAvailable: info.updateAvailable,
+          isGlobal: info.isGlobal
+        };
+
+        if (!options.check && info.updateAvailable) {
+          try {
+            const result = performUpdate(info.isGlobal);
+            output.updated = true;
+            output.newVersion = result.version;
+          } catch (err) {
+            output.updated = false;
+            output.error = err.message;
+          }
+        }
+
+        console.log(JSON.stringify(output, null, 2));
+        process.exit(0);
+        return;
+      }
+
+      // Human-readable output
+      if (!info.updateAvailable) {
+        console.log('');
+        console.log(chalk.green.bold(`✓ mpx-db v${info.current} is up to date`));
+        console.log('');
+        process.exit(0);
+        return;
+      }
+
+      console.log('');
+      console.log(chalk.yellow.bold(`⬆ Update available: v${info.current} → v${info.latest}`));
+
+      if (options.check) {
+        console.log(chalk.gray(`Run ${chalk.cyan('mpx-db update')} to install`));
+        console.log('');
+        process.exit(0);
+        return;
+      }
+
+      console.log(chalk.gray(`Installing v${info.latest}${info.isGlobal ? ' (global)' : ''}...`));
+
+      const result = performUpdate(info.isGlobal);
+      console.log(chalk.green.bold(`✓ Updated to v${result.version}`));
+      console.log('');
+      process.exit(0);
+    } catch (err) {
+      if (jsonMode) {
+        console.log(JSON.stringify({ error: err.message, code: 'ERR_UPDATE' }, null, 2));
+      } else {
+        console.error(chalk.red.bold('\n❌ Update check failed:'), err.message);
+        console.error('');
+      }
+      process.exit(1);
+    }
+  });
+
 // MCP subcommand
 program
   .command('mcp')

package/src/commands/connections.js

@@ -120,6 +120,7 @@ export async function removeConnection(name, options = {}) {
       name,
       message: deleted ? 'Connection deleted' : 'Connection not found'
     }, null, 2));
+    if (!deleted) process.exit(1);
     return;
   }
   
@@ -128,5 +129,6 @@ export async function removeConnection(name, options = {}) {
     console.log(chalk.green(`✓ Deleted connection "${name}"`));
   } else {
     console.log(chalk.yellow(`Connection "${name}" not found`));
+    process.exit(1);
   }
 }

package/src/commands/data.js

@@ -14,10 +14,12 @@ export async function exportData(target, tableName, options = {}) {
     db = await createConnection(connectionString);
     
     // Query all data
-    const rows = await db.query(`SELECT * FROM ${tableName}`);
+    const rows = await db.query(`SELECT * FROM ${db.quoteIdentifier(tableName)}`);
     
     if (rows.length === 0) {
-      if (!options.quiet) {
+      if (options.json) {
+        console.log(JSON.stringify({ success: true, rows: [], rowCount: 0 }, null, 2));
+      } else if (!options.quiet) {
         console.log(chalk.yellow('No data to export'));
       }
       return;

package/src/commands/migrate.js

@@ -7,6 +7,44 @@ import { resolveConnection } from './query.js';
 
 const MIGRATIONS_DIR = './migrations';
 
+/**
+ * Split SQL into statements on semicolons, respecting quoted strings.
+ */
+function splitStatements(sql) {
+  const statements = [];
+  let current = '';
+  let inSingle = false;
+  let inDouble = false;
+  
+  for (let i = 0; i < sql.length; i++) {
+    const ch = sql[i];
+    const prev = i > 0 ? sql[i - 1] : '';
+    
+    if (ch === "'" && !inDouble && prev !== '\\') {
+      inSingle = !inSingle;
+    } else if (ch === '"' && !inSingle && prev !== '\\') {
+      inDouble = !inDouble;
+    }
+    
+    if (ch === ';' && !inSingle && !inDouble) {
+      const trimmed = current.trim();
+      if (trimmed.length > 0) {
+        statements.push(trimmed);
+      }
+      current = '';
+    } else {
+      current += ch;
+    }
+  }
+  
+  const trimmed = current.trim();
+  if (trimmed.length > 0) {
+    statements.push(trimmed);
+  }
+  
+  return statements;
+}
+
 /**
  * Initialize migrations directory
  */
@@ -287,17 +325,14 @@ export async function runMigrations(target, options = {}) {
         console.log(chalk.gray(`→ ${name}`));
       }
       
-      // Execute migration (split by semicolon for multiple statements)
+      // Execute migration (split by semicolon, respecting quoted strings)
       // Remove comment lines first, then split
       const cleanedSQL = migration.up
         .split('\n')
         .filter(line => !line.trim().startsWith('--'))
         .join('\n');
       
-      const statements = cleanedSQL
-        .split(';')
-        .map(s => s.trim())
-        .filter(s => s.length > 0);
+      const statements = splitStatements(cleanedSQL);
       
       for (const statement of statements) {
         await db.execute(statement);
@@ -385,17 +420,14 @@ export async function rollbackMigration(target, options = {}) {
       console.log(chalk.cyan(`Rolling back: ${last.name}`));
     }
     
-    // Execute rollback (split by semicolon for multiple statements)
+    // Execute rollback (split by semicolon, respecting quoted strings)
     // Remove comment lines first, then split
     const cleanedSQL = migration.down
       .split('\n')
       .filter(line => !line.trim().startsWith('--'))
       .join('\n');
     
-    const statements = cleanedSQL
-      .split(';')
-      .map(s => s.trim())
-      .filter(s => s.length > 0);
+    const statements = splitStatements(cleanedSQL);
     
     for (const statement of statements) {
       await db.execute(statement);

package/src/commands/query.js

@@ -36,15 +36,12 @@ export async function handleQuery(target, sql, options = {}) {
           rowCount: rows.length,
           duration
         }, null, 2));
-      } else {
+      } else if (!options.quiet) {
         // Display results
         if (rows.length === 0) {
           console.log(chalk.yellow('No rows returned'));
         } else {
           displayTable(rows);
-        }
-        
-        if (!options.quiet) {
           console.log(chalk.gray(`\n${rows.length} row(s) in ${duration}ms`));
         }
       }

package/src/commands/schema.js

@@ -224,7 +224,7 @@ export async function dumpSchema(target, options = {}) {
         return def;
       });
       
-      sqlOutput += `CREATE TABLE ${table.name} (\n`;
+      sqlOutput += `CREATE TABLE "${table.name}" (\n`;
       sqlOutput += cols.join(',\n');
       sqlOutput += '\n);\n\n';
     }

package/src/db/base-adapter.js

@@ -8,6 +8,22 @@ export class BaseAdapter {
     this.connection = null;
   }
 
+  /**
+   * Validate and quote a table/identifier name to prevent SQL injection.
+   * Rejects names with dangerous characters. Override quoteChar in subclasses.
+   */
+  quoteIdentifier(name) {
+    if (!name || typeof name !== 'string') {
+      throw new Error('Invalid identifier: must be a non-empty string');
+    }
+    // Allow alphanumeric, underscores, dots (schema.table), hyphens
+    if (!/^[a-zA-Z_][a-zA-Z0-9_.\\-]*$/.test(name)) {
+      throw new Error(`Invalid identifier: "${name}" contains disallowed characters`);
+    }
+    const q = this._identifierQuote || '"';
+    return `${q}${name.replace(new RegExp(`\\${q}`, 'g'), q + q)}${q}`;
+  }
+
   /**
    * Connect to database
    */
@@ -63,7 +79,7 @@ export class BaseAdapter {
    * Get table row count
    */
   async getRowCount(tableName) {
-    const result = await this.query(`SELECT COUNT(*) as count FROM ${tableName}`);
+    const result = await this.query(`SELECT COUNT(*) as count FROM ${this.quoteIdentifier(tableName)}`);
     return result[0].count;
   }
 

package/src/db/mysql-adapter.js

@@ -4,6 +4,11 @@ import { BaseAdapter } from './base-adapter.js';
  * MySQL adapter using mysql2
  */
 export class MySQLAdapter extends BaseAdapter {
+  constructor(connectionString) {
+    super(connectionString);
+    this._identifierQuote = '`';
+  }
+
   async connect() {
     try {
       const mysql = await import('mysql2/promise');
@@ -62,7 +67,7 @@ export class MySQLAdapter extends BaseAdapter {
     const tables = [];
     for (const row of rows) {
       const countResult = await this.query(
-        `SELECT COUNT(*) as count FROM \`${row.name}\``
+        `SELECT COUNT(*) as count FROM ${this.quoteIdentifier(row.name)}`
       );
       tables.push({
         name: row.name,

package/src/db/postgres-adapter.js

@@ -64,7 +64,7 @@ export class PostgresAdapter extends BaseAdapter {
     const tables = [];
     for (const row of rows) {
       const countResult = await this.query(
-        `SELECT COUNT(*) as count FROM ${row.name}`
+        `SELECT COUNT(*) as count FROM ${this.quoteIdentifier(row.name)}`
       );
       tables.push({
         name: row.name,
@@ -127,6 +127,17 @@ export class PostgresAdapter extends BaseAdapter {
     };
   }
 
+  async recordMigration(name) {
+    await this.execute(
+      'INSERT INTO mpx_migrations (name, applied_at) VALUES ($1, $2)',
+      [name, new Date().toISOString()]
+    );
+  }
+
+  async removeMigration(name) {
+    await this.execute('DELETE FROM mpx_migrations WHERE name = $1', [name]);
+  }
+
   async ensureMigrationsTable() {
     await this.execute(`
       CREATE TABLE IF NOT EXISTS mpx_migrations (

package/src/db/sqlite-adapter.js

@@ -10,9 +10,9 @@ export class SQLiteAdapter extends BaseAdapter {
     super(connectionString);
     
     // Extract file path from sqlite:// or sqlite3://
-    this.dbPath = connectionString
-      .replace(/^sqlite3?:\/\//, '')
-      .replace(/^\//, ''); // Remove leading slash if absolute path
+    // sqlite:///tmp/foo.db → /tmp/foo.db (absolute)
+    // sqlite://mydb.db → mydb.db (relative)
+    this.dbPath = connectionString.replace(/^sqlite3?:\/\//, '');
   }
 
   async connect() {
@@ -76,7 +76,7 @@ export class SQLiteAdapter extends BaseAdapter {
     
     const tables = [];
     for (const row of rows) {
-      const countResult = await this.query(`SELECT COUNT(*) as count FROM ${row.name}`);
+      const countResult = await this.query(`SELECT COUNT(*) as count FROM ${this.quoteIdentifier(row.name)}`);
       tables.push({
         name: row.name,
         type: row.type,
@@ -88,7 +88,7 @@ export class SQLiteAdapter extends BaseAdapter {
   }
 
   async getTableSchema(tableName) {
-    const rows = await this.query(`PRAGMA table_info(${tableName})`);
+    const rows = await this.query(`PRAGMA table_info(${this.quoteIdentifier(tableName)})`);
     
     return rows.map(row => ({
       name: row.name,

package/src/mcp.js

@@ -261,7 +261,7 @@ export async function startMCPServer() {
           const db = await createConnection(connectionString);
           
           try {
-            const rows = await db.query(`SELECT * FROM ${args.table}`);
+            const rows = await db.query(`SELECT * FROM ${db.quoteIdentifier(args.table)}`);
             await db.disconnect();
             
             return {

package/src/schema.js

@@ -560,6 +560,19 @@ export function getSchema() {
         examples: [
           { command: 'mpx-db mcp', description: 'Start MCP stdio server' }
         ]
+      },
+      update: {
+        description: 'Check for updates and optionally install the latest version',
+        usage: 'mpx-db update [--check] [--json]',
+        flags: {
+          '--check': { description: 'Only check for updates (do not install)', default: false },
+          '--json': { description: 'Machine-readable JSON output', default: false }
+        },
+        examples: [
+          { command: 'mpx-db update', description: 'Check and install updates' },
+          { command: 'mpx-db update --check', description: 'Just check for updates' },
+          { command: 'mpx-db update --check --json', description: 'Check for updates (JSON output)' }
+        ]
       }
     },
     mcpConfig: {

package/src/update.js

@@ -0,0 +1,72 @@
+/**
+ * Update Command
+ * 
+ * Checks npm for the latest version of mpx-db and offers to update.
+ */
+
+import { execSync } from 'child_process';
+import { readFileSync } from 'fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const pkg = JSON.parse(readFileSync(join(__dirname, '../package.json'), 'utf8'));
+
+/**
+ * Check npm registry for latest version
+ * @returns {object} { current, latest, updateAvailable, isGlobal }
+ */
+export function checkForUpdate() {
+  const current = pkg.version;
+  
+  let latest;
+  try {
+    latest = execSync('npm view mpx-db version', { encoding: 'utf8', timeout: 10000 }).trim();
+  } catch (err) {
+    throw new Error('Failed to check npm registry: ' + (err.message || 'unknown error'));
+  }
+  
+  const updateAvailable = latest !== current && compareVersions(latest, current) > 0;
+  
+  // Detect if installed globally
+  let isGlobal = false;
+  try {
+    const globalDir = execSync('npm root -g', { encoding: 'utf8', timeout: 5000 }).trim();
+    isGlobal = __dirname.startsWith(globalDir) || process.argv[1]?.includes('node_modules/.bin');
+  } catch {
+    // Can't determine, assume local
+  }
+  
+  return { current, latest, updateAvailable, isGlobal };
+}
+
+/**
+ * Perform the update
+ * @param {boolean} isGlobal - Install globally
+ * @returns {object} { success, version }
+ */
+export function performUpdate(isGlobal) {
+  const cmd = isGlobal ? 'npm install -g mpx-db@latest' : 'npm install mpx-db@latest';
+  try {
+    execSync(cmd, { encoding: 'utf8', timeout: 60000, stdio: 'pipe' });
+    // Verify
+    const newVersion = execSync('npm view mpx-db version', { encoding: 'utf8', timeout: 10000 }).trim();
+    return { success: true, version: newVersion };
+  } catch (err) {
+    throw new Error('Update failed: ' + (err.message || 'unknown error'));
+  }
+}
+
+/**
+ * Compare semver strings. Returns >0 if a > b, <0 if a < b, 0 if equal.
+ */
+export function compareVersions(a, b) {
+  const pa = a.split('.').map(Number);
+  const pb = b.split('.').map(Number);
+  for (let i = 0; i < 3; i++) {
+    if ((pa[i] || 0) > (pb[i] || 0)) return 1;
+    if ((pa[i] || 0) < (pb[i] || 0)) return -1;
+  }
+  return 0;
+}