npm - pgserve - Versions diffs - 2.1.3 → 2.2.1 - Mend

pgserve 2.1.3 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/CHANGELOG.md +96 -0
package/README.md +105 -1
package/bin/autopg-wrapper.cjs +16 -0
package/bin/pgserve-wrapper.cjs +32 -6
package/bin/postgres-server.js +56 -0
package/console/README.md +131 -0
package/console/api.js +173 -0
package/console/app.jsx +483 -0
package/console/colors_and_type.css +227 -0
package/console/components.jsx +167 -0
package/console/console.css +1666 -0
package/console/data.jsx +350 -0
package/console/index.html +31 -0
package/console/screens/databases.jsx +5 -0
package/console/screens/health.jsx +5 -0
package/console/screens/ingress.jsx +5 -0
package/console/screens/optimizer.jsx +5 -0
package/console/screens/rlm-sim.jsx +5 -0
package/console/screens/rlm-trace.jsx +5 -0
package/console/screens/security.jsx +5 -0
package/console/screens/settings.jsx +611 -0
package/console/screens/sql.jsx +5 -0
package/console/screens/sync.jsx +5 -0
package/console/screens/tables.jsx +5 -0
package/console/tweaks-panel.jsx +425 -0
package/package.json +14 -2
package/scripts/postinstall.cjs +60 -0
package/src/cli-config.cjs +310 -0
package/src/cli-install.cjs +112 -11
package/src/cli-restart.cjs +228 -0
package/src/cli-ui.cjs +580 -0
package/src/cluster.js +43 -38
package/src/postgres.js +141 -19
package/src/settings-loader.cjs +235 -0
package/src/settings-migrate.cjs +212 -0
package/src/settings-pg-args.cjs +146 -0
package/src/settings-schema.cjs +422 -0
package/src/settings-validator.cjs +416 -0
package/src/settings-writer.cjs +288 -0
package/src/upgrade/index.js +65 -0
package/src/upgrade/runner.js +23 -0
package/src/upgrade/steps/binary-cache-flush.js +67 -0
package/src/upgrade/steps/consumer-signal.js +40 -0
package/src/upgrade/steps/env-refresh.js +89 -0
package/src/upgrade/steps/health-validate.js +53 -0
package/src/upgrade/steps/plpgsql-resolve.js +66 -0
package/src/upgrade/steps/port-reconcile.js +52 -0
package/.claude/context/windows-debug.md +0 -119
package/.genie/AGENTS.md +0 -15
package/.genie/agents/README.md +0 -110
package/.genie/agents/analyze.md +0 -176
package/.genie/agents/forge.md +0 -290
package/.genie/agents/garbage-cleaner.md +0 -324
package/.genie/agents/garbage-collector.md +0 -596
package/.genie/agents/github-issue-gc.md +0 -618
package/.genie/agents/review.md +0 -380
package/.genie/agents/semantic-analyzer/find-duplicates.md +0 -90
package/.genie/agents/semantic-analyzer/find-orphans.md +0 -99
package/.genie/agents/semantic-analyzer.md +0 -101
package/.genie/agents/update.md +0 -182
package/.genie/agents/wish.md +0 -357
package/.genie/brainstorms/pgserve-v2/DESIGN.md +0 -174
package/.genie/code/AGENTS.md +0 -694
package/.genie/code/agents/audit/risk.md +0 -173
package/.genie/code/agents/audit/security.md +0 -189
package/.genie/code/agents/audit.md +0 -145
package/.genie/code/agents/challenge.md +0 -230
package/.genie/code/agents/change-reviewer.md +0 -295
package/.genie/code/agents/code-garbage-collector.md +0 -425
package/.genie/code/agents/code-quality.md +0 -410
package/.genie/code/agents/commit-suggester.md +0 -255
package/.genie/code/agents/commit.md +0 -124
package/.genie/code/agents/consensus.md +0 -204
package/.genie/code/agents/daily-standup.md +0 -722
package/.genie/code/agents/docgen.md +0 -48
package/.genie/code/agents/explore.md +0 -79
package/.genie/code/agents/fix.md +0 -100
package/.genie/code/agents/git/commit-advisory.md +0 -219
package/.genie/code/agents/git/workflows/issue.md +0 -244
package/.genie/code/agents/git/workflows/pr.md +0 -179
package/.genie/code/agents/git/workflows/release.md +0 -460
package/.genie/code/agents/git/workflows/report.md +0 -342
package/.genie/code/agents/git.md +0 -432
package/.genie/code/agents/implementor.md +0 -161
package/.genie/code/agents/install.md +0 -515
package/.genie/code/agents/issue-creator.md +0 -344
package/.genie/code/agents/polish.md +0 -116
package/.genie/code/agents/qa.md +0 -653
package/.genie/code/agents/refactor.md +0 -294
package/.genie/code/agents/release.md +0 -1129
package/.genie/code/agents/roadmap.md +0 -885
package/.genie/code/agents/tests.md +0 -557
package/.genie/code/agents/tracer.md +0 -50
package/.genie/code/agents/update/upstream-update.md +0 -85
package/.genie/code/agents/update/versions/generic-update.md +0 -305
package/.genie/code/agents/vibe.md +0 -1317
package/.genie/code/spells/agent-configuration.md +0 -58
package/.genie/code/spells/automated-rc-publishing.md +0 -106
package/.genie/code/spells/branch-tracker-guidance.md +0 -28
package/.genie/code/spells/debug.md +0 -320
package/.genie/code/spells/emoji-naming-convention.md +0 -303
package/.genie/code/spells/evidence-storage.md +0 -26
package/.genie/code/spells/file-naming-rules.md +0 -35
package/.genie/code/spells/forge-code-blueprints.md +0 -195
package/.genie/code/spells/genie-integration.md +0 -153
package/.genie/code/spells/publishing-protocol.md +0 -61
package/.genie/code/spells/team-consultation-protocol.md +0 -284
package/.genie/code/spells/tool-requirements.md +0 -20
package/.genie/code/spells/triad-maintenance-protocol.md +0 -154
package/.genie/code/teams/tech-council/council.md +0 -328
package/.genie/code/teams/tech-council/jt.md +0 -352
package/.genie/code/teams/tech-council/nayr.md +0 -305
package/.genie/code/teams/tech-council/oettam.md +0 -375
package/.genie/neurons/README.md +0 -193
package/.genie/neurons/forge.md +0 -106
package/.genie/neurons/genie.md +0 -63
package/.genie/neurons/review.md +0 -106
package/.genie/neurons/wish.md +0 -104
package/.genie/product/README.md +0 -20
package/.genie/product/cli-automation.md +0 -359
package/.genie/product/environment.md +0 -60
package/.genie/product/mission.md +0 -60
package/.genie/product/roadmap.md +0 -44
package/.genie/product/tech-stack.md +0 -34
package/.genie/product/templates/context-template.md +0 -218
package/.genie/product/templates/qa-done-report-template.md +0 -68
package/.genie/product/templates/review-report-template.md +0 -89
package/.genie/product/templates/wish-template.md +0 -120
package/.genie/scripts/helpers/analyze-commit.js +0 -195
package/.genie/scripts/helpers/bullet-counter.js +0 -194
package/.genie/scripts/helpers/bullet-find.js +0 -289
package/.genie/scripts/helpers/bullet-id.js +0 -244
package/.genie/scripts/helpers/check-secrets.js +0 -237
package/.genie/scripts/helpers/count-tokens.js +0 -200
package/.genie/scripts/helpers/create-frontmatter.js +0 -456
package/.genie/scripts/helpers/detect-markers.js +0 -293
package/.genie/scripts/helpers/detect-todos.js +0 -267
package/.genie/scripts/helpers/detect-unlabeled-blocks.js +0 -135
package/.genie/scripts/helpers/embeddings.js +0 -344
package/.genie/scripts/helpers/find-empty-sections.js +0 -158
package/.genie/scripts/helpers/index.js +0 -319
package/.genie/scripts/helpers/validate-frontmatter.js +0 -578
package/.genie/scripts/helpers/validate-links.js +0 -207
package/.genie/scripts/helpers/validate-paths.js +0 -373
package/.genie/spells/README.md +0 -9
package/.genie/spells/ace-protocol.md +0 -118
package/.genie/spells/ask-one-at-a-time.md +0 -175
package/.genie/spells/backup-analyzer.md +0 -542
package/.genie/spells/blocker.md +0 -12
package/.genie/spells/break-things-move-fast.md +0 -56
package/.genie/spells/context-candidates.md +0 -72
package/.genie/spells/context-critic.md +0 -51
package/.genie/spells/defer-to-expertise.md +0 -278
package/.genie/spells/delegate-dont-do.md +0 -292
package/.genie/spells/error-investigation-protocol.md +0 -328
package/.genie/spells/evidence-based-completion.md +0 -273
package/.genie/spells/experiment.md +0 -65
package/.genie/spells/file-creation-protocol.md +0 -229
package/.genie/spells/forge-integration.md +0 -281
package/.genie/spells/forge-orchestration.md +0 -514
package/.genie/spells/gather-context.md +0 -18
package/.genie/spells/global-health-check.md +0 -34
package/.genie/spells/global-noop-roundtrip.md +0 -25
package/.genie/spells/install-genie.md +0 -1232
package/.genie/spells/install.md +0 -82
package/.genie/spells/investigate-before-commit.md +0 -112
package/.genie/spells/know-yourself.md +0 -288
package/.genie/spells/learn.md +0 -828
package/.genie/spells/mcp-diagnostic-protocol.md +0 -246
package/.genie/spells/mcp-first.md +0 -124
package/.genie/spells/multi-step-execution.md +0 -67
package/.genie/spells/orchestration-boundary-protocol.md +0 -256
package/.genie/spells/orchestrator-not-implementor.md +0 -189
package/.genie/spells/prompt.md +0 -746
package/.genie/spells/reflect.md +0 -404
package/.genie/spells/routing-decision-matrix.md +0 -368
package/.genie/spells/run-in-parallel.md +0 -12
package/.genie/spells/session-state-updater-example.md +0 -196
package/.genie/spells/session-state-updater.md +0 -220
package/.genie/spells/track-long-running-tasks.md +0 -133
package/.genie/spells/troubleshoot-infrastructure.md +0 -176
package/.genie/spells/upgrade-genie.md +0 -415
package/.genie/spells/url-presentation-protocol.md +0 -301
package/.genie/spells/wish-initiation.md +0 -158
package/.genie/spells/wish-issue-linkage.md +0 -410
package/.genie/spells/wish-lifecycle.md +0 -100
package/.genie/state/provider-status.json +0 -3
package/.genie/state/version.json +0 -16
package/.genie/wishes/canonical-pgserve-pm2-supervision/WISH.md +0 -290
package/.genie/wishes/pgserve-v2/BRIEF-from-genie-pgserve.md +0 -99
package/.genie/wishes/pgserve-v2/WISH.md +0 -442
package/.genie/wishes/release-system-genie-pattern/WISH.md +0 -268
package/.genie/wishes/release-system-genie-pattern/validation.md +0 -205
package/.gitguardian.yaml +0 -29
package/.gitguardianignore +0 -16
package/.github/workflows/ci.yml +0 -122
package/.github/workflows/release.yml +0 -289
package/.github/workflows/version.yml +0 -228
package/.husky/pre-commit +0 -2
package/AGENTS.md +0 -433
package/CLAUDE.md +0 -1
package/Makefile +0 -285
package/assets/icon.ico +0 -0
package/bun.lock +0 -435
package/bunfig.toml +0 -28
package/ecosystem.config.cjs +0 -23
package/eslint.config.js +0 -63
package/examples/multi-tenant-demo.js +0 -104
package/install.sh +0 -123
package/knip.json +0 -9
package/tests/audit.test.js +0 -189
package/tests/backpressure.test.js +0 -167
package/tests/benchmarks/runner.js +0 -1197
package/tests/benchmarks/vector-generator.js +0 -368
package/tests/cli-install.test.js +0 -322
package/tests/control-db.test.js +0 -285
package/tests/daemon-args.test.js +0 -86
package/tests/daemon-control.test.js +0 -171
package/tests/daemon-fingerprint-integration.test.js +0 -111
package/tests/daemon-pr24-regression.test.js +0 -198
package/tests/fingerprint.test.js +0 -263
package/tests/fixtures/240-orphan-seed.sql +0 -30
package/tests/multi-tenant.test.js +0 -374
package/tests/orphan-cleanup.test.js +0 -390
package/tests/pg-version-regex.test.js +0 -129
package/tests/quick-bench.js +0 -135
package/tests/router-handshake-retry.test.js +0 -119
package/tests/router-handshake-watchdog.test.js +0 -110
package/tests/sdk.test.js +0 -71
package/tests/stale-postmaster-pid.test.js +0 -85
package/tests/stress-test.js +0 -439
package/tests/sync-perf-test.js +0 -150
package/tests/tcp-listen.test.js +0 -368
package/tests/tenancy.test.js +0 -403
package/tests/wrapper-supervision.test.js +0 -107

package/tests/tenancy.test.js DELETED Viewed

@@ -1,403 +0,0 @@
-/**
- * Group 4 — database-per-fingerprint + enforcement + kill switch.
- *
- * Boots a real pgserve daemon with isolated control socket + audit log,
- * stubs SO_PEERCRED to return synthetic creds, and overrides the
- * fingerprint-derivation cwd per-accept so a single test process can
- * masquerade as several different "projects" connecting to the daemon.
- *
- * Coverage (mirrors WISH §Group 4 acceptance bullets):
- *   1. Two peers with different fingerprints get different DBs
- *   2. Same peer reconnecting reaches its existing DB
- *   3. Cross-fingerprint connection denied with SQLSTATE 28P01
- *   4. Kill-switch env: cross-fingerprint succeeds + audit event emitted
- *   5. Sanitizer: name "@scope/foo bar" → "_scope_foo_bar"
- *
- * Plus unit tests on `sanitizeName` and `resolveTenantDatabaseName` and a
- * boot-time deprecation warning check.
- */
-import {
-  describe,
-  test,
-  expect,
-  beforeAll,
-  afterAll,
-  beforeEach,
-  afterEach,
-} from 'bun:test';
-import fs from 'fs';
-import os from 'os';
-import path from 'path';
-import pg from 'pg';
-import {
-  PgserveDaemon,
-  resolveControlSocketPath,
-  resolvePidLockPath,
-  resolveLibpqCompatPath,
-} from '../src/daemon.js';
-import { _setPeerCredImpl, initFingerprintFfi } from '../src/fingerprint.js';
-import { configureAudit, AUDIT_EVENTS } from '../src/audit.js';
-import {
-  sanitizeName,
-  resolveTenantDatabaseName,
-  KILL_SWITCH_ENV,
-} from '../src/tenancy.js';
-import { createLogger } from '../src/logger.js';
-const { Client } = pg;
-// ---------------------------------------------------------------------------
-// Pure-function unit tests
-// ---------------------------------------------------------------------------
-describe('sanitizeName', () => {
-  test('collapses non-[a-z0-9] runs to a single underscore', () => {
-    expect(sanitizeName('hello-world')).toBe('hello_world');
-    expect(sanitizeName('hello---world')).toBe('hello_world');
-    expect(sanitizeName('a..b..c')).toBe('a_b_c');
-  });
-  test('lowercases', () => {
-    expect(sanitizeName('UPPER-CASE')).toBe('upper_case');
-    expect(sanitizeName('MixedCase')).toBe('mixedcase');
-  });
-  test('preserves alphanumerics', () => {
-    expect(sanitizeName('foo123')).toBe('foo123');
-    expect(sanitizeName('1to1')).toBe('1to1');
-  });
-  test('truncates to 30 chars', () => {
-    const long = 'a'.repeat(50);
-    expect(sanitizeName(long).length).toBe(30);
-  });
-  test('handles the wish-spec example', () => {
-    expect(sanitizeName('@scope/foo bar')).toBe('_scope_foo_bar');
-  });
-  test('falls back to "anon" for empty or pure-non-alphanumeric input', () => {
-    expect(sanitizeName('')).toBe('anon');
-    expect(sanitizeName(null)).toBe('anon');
-    expect(sanitizeName(undefined)).toBe('anon');
-    expect(sanitizeName('@@@')).toBe('anon');
-  });
-});
-describe('resolveTenantDatabaseName', () => {
-  test('builds canonical app_<sanitized>_<fingerprint>', () => {
-    expect(resolveTenantDatabaseName({ name: 'demo', fingerprint: 'abcdef012345' }))
-      .toBe('app_demo_abcdef012345');
-  });
-  test('applies sanitization', () => {
-    expect(resolveTenantDatabaseName({ name: '@scope/foo bar', fingerprint: 'abcdef012345' }))
-      .toBe('app__scope_foo_bar_abcdef012345');
-  });
-  test('rejects malformed fingerprints', () => {
-    expect(() => resolveTenantDatabaseName({ name: 'x', fingerprint: 'TOO-SHORT' }))
-      .toThrow(/12 hex chars/);
-    expect(() => resolveTenantDatabaseName({ name: 'x', fingerprint: 'GHIJKL012345' }))
-      .toThrow(/12 hex chars/);
-  });
-  test('result fits in PG identifier limit (≤63 chars)', () => {
-    const longName = 'a'.repeat(80);
-    const ident = resolveTenantDatabaseName({ name: longName, fingerprint: 'abcdef012345' });
-    expect(ident.length).toBeLessThanOrEqual(63);
-  });
-});
-// ---------------------------------------------------------------------------
-// Daemon integration tests
-//
-// One daemon shared across the integration suite — PG startup is slow and
-// the tests are independent at the pgserve_meta level (each clears its
-// state). Per-accept fingerprint behaviour is driven by an override queue
-// the test pushes into before each connect.
-// ---------------------------------------------------------------------------
-describe('daemon tenancy enforcement', () => {
-  let daemon;
-  let scratch;
-  let controlSocketDir;
-  let auditFile;
-  let overridesQueue;
-  let savedAuditDefaults;
-  beforeAll(async () => {
-    await initFingerprintFfi();
-    // Stub peer creds: every accept on the test daemon's control socket
-    // appears to come from this process. The real creds matter only for
-    // uid (used in fingerprint hashing); pid is ignored once we override
-    // cwd via `_fingerprintAcceptOpts`.
-    _setPeerCredImpl(() => ({
-      pid: process.pid,
-      uid: process.getuid(),
-      gid: process.getgid(),
-    }));
-    scratch = fs.mkdtempSync(path.join(os.tmpdir(), 'pgserve-tenancy-test-'));
-    controlSocketDir = path.join(scratch, 'sock');
-    fs.mkdirSync(controlSocketDir, { recursive: true });
-    auditFile = path.join(scratch, 'audit.log');
-    // Save the audit module's mutable globals so we can restore them after
-    // the suite (other tests rely on the defaults).
-    savedAuditDefaults = {
-      logFile: path.join(os.homedir(), '.pgserve', 'audit.log'),
-      target: process.env.PGSERVE_AUDIT_TARGET || 'file',
-    };
-    overridesQueue = [];
-    daemon = new PgserveDaemon({
-      controlSocketDir,
-      controlSocketPath: resolveControlSocketPath(controlSocketDir),
-      pidLockPath: resolvePidLockPath(controlSocketDir),
-      libpqCompatPath: resolveLibpqCompatPath(controlSocketDir, 5432),
-      auditLogFile: auditFile,
-      auditTarget: 'file',
-      pgPort: 16700,
-      logger: createLogger({ level: process.env.LOG_LEVEL || 'warn' }),
-      _fingerprintAcceptOpts: () => overridesQueue.shift() || {},
-    });
-    await daemon.start();
-  });
-  afterAll(async () => {
-    try { await daemon.stop(); } catch { /* swallow */ }
-    _setPeerCredImpl(null);
-    if (savedAuditDefaults) configureAudit(savedAuditDefaults);
-    try { fs.rmSync(scratch, { recursive: true, force: true }); } catch { /* swallow */ }
-  });
-  beforeEach(async () => {
-    overridesQueue.length = 0;
-    // Clear pgserve_meta and drop any user DBs from prior tests so each
-    // test starts from a clean slate.
-    if (daemon._adminClient) {
-      try { await daemon._adminClient.query('TRUNCATE pgserve_meta'); } catch { /* schema not yet created in odd cases */ }
-      const r = await daemon._adminClient.query(`
-        SELECT datname FROM pg_database
-        WHERE datname LIKE 'app_%' AND datistemplate = false
-      `);
-      for (const row of r.rows) {
-        try { await daemon._adminClient.query(`DROP DATABASE "${row.datname}"`); } catch { /* swallow */ }
-      }
-    }
-    // Reset audit log so each test reads only its own events.
-    try { fs.writeFileSync(auditFile, '', { mode: 0o600 }); } catch { /* swallow */ }
-    daemon.enforcementDisabled = false;
-  });
-  function makeProject(name, dirName = name) {
-    const dir = path.join(scratch, dirName);
-    fs.mkdirSync(dir, { recursive: true });
-    fs.writeFileSync(path.join(dir, 'package.json'), JSON.stringify({ name }));
-    return dir;
-  }
-  function pushOverride(projDir, scriptArgv1 = 'index.js') {
-    overridesQueue.push({
-      cwdOverride: projDir,
-      cmdlineOverride: ['bun', scriptArgv1],
-    });
-  }
-  async function makeClient({ database, expectError = false } = {}) {
-    const client = new Client({
-      host: controlSocketDir,
-      port: 5432,
-      database: database || 'postgres',
-      user: 'postgres',
-      password: 'postgres',
-    });
-    // pg.Client's end() can hang after a FATAL connect failure (it tries
-    // to send a Terminate message on a closed socket), so on the deny path
-    // we swallow connect's rejection and return immediately. The TCP
-    // socket is already FIN'd by the daemon.
-    if (expectError) {
-      // Suppress unhandled-error events on the underlying socket.
-      client.on('error', () => { /* swallow */ });
-      let err;
-      try { await client.connect(); } catch (e) { err = e; }
-      return { error: err };
-    }
-    await client.connect();
-    return { client };
-  }
-  function readAudit() {
-    if (!fs.existsSync(auditFile)) return [];
-    return fs.readFileSync(auditFile, 'utf8')
-      .split('\n')
-      .filter(Boolean)
-      .map((l) => JSON.parse(l));
-  }
-  test('two peers with different fingerprints get different DBs', async () => {
-    const projA = makeProject('proj-a');
-    const projB = makeProject('proj-b');
-    pushOverride(projA);
-    const { client: ca } = await makeClient();
-    const ra = await ca.query('SELECT current_database() AS db');
-    await ca.end();
-    pushOverride(projB);
-    const { client: cb } = await makeClient();
-    const rb = await cb.query('SELECT current_database() AS db');
-    await cb.end();
-    expect(ra.rows[0].db).toMatch(/^app_proj_a_[0-9a-f]{12}$/);
-    expect(rb.rows[0].db).toMatch(/^app_proj_b_[0-9a-f]{12}$/);
-    expect(ra.rows[0].db).not.toBe(rb.rows[0].db);
-    const events = readAudit();
-    const created = events.filter((e) => e.event === AUDIT_EVENTS.DB_CREATED);
-    expect(created.length).toBe(2);
-    expect(created.map((e) => e.database).sort()).toEqual(
-      [ra.rows[0].db, rb.rows[0].db].sort(),
-    );
-  });
-  test('same peer reconnecting reaches its existing DB (no second db_created)', async () => {
-    const projA = makeProject('reconnect-app');
-    pushOverride(projA);
-    const { client: c1 } = await makeClient();
-    const r1 = await c1.query('SELECT current_database() AS db');
-    await c1.end();
-    pushOverride(projA);
-    const { client: c2 } = await makeClient();
-    const r2 = await c2.query('SELECT current_database() AS db');
-    await c2.end();
-    expect(r2.rows[0].db).toBe(r1.rows[0].db);
-    const created = readAudit().filter((e) => e.event === AUDIT_EVENTS.DB_CREATED);
-    expect(created.length).toBe(1);
-  });
-  test('cross-fingerprint connection denied with SQLSTATE 28P01', async () => {
-    const projA = makeProject('tenant-a');
-    const projB = makeProject('tenant-b');
-    // Provision tenant A's DB first.
-    pushOverride(projA);
-    const { client: ca } = await makeClient();
-    const ra = await ca.query('SELECT current_database() AS db');
-    await ca.end();
-    const tenantADb = ra.rows[0].db;
-    // Now have tenant B try to connect explicitly into tenant A's DB.
-    pushOverride(projB);
-    const { error } = await makeClient({ database: tenantADb, expectError: true });
-    expect(error).toBeDefined();
-    expect(error.code).toBe('28P01');
-    const denied = readAudit().filter(
-      (e) => e.event === AUDIT_EVENTS.CONNECTION_DENIED_FINGERPRINT_MISMATCH,
-    );
-    expect(denied.length).toBe(1);
-    expect(denied[0].requested_database).toBe(tenantADb);
-    expect(denied[0].owned_database).toMatch(/^app_tenant_b_[0-9a-f]{12}$/);
-  });
-  test('kill-switch env: cross-fingerprint succeeds and emits audit event', async () => {
-    const projA = makeProject('killswitch-a');
-    const projB = makeProject('killswitch-b');
-    // Provision tenant A.
-    pushOverride(projA);
-    const { client: ca } = await makeClient();
-    const ra = await ca.query('SELECT current_database() AS db');
-    await ca.end();
-    const tenantADb = ra.rows[0].db;
-    // Flip the live kill-switch flag on the daemon (the env var is read
-    // once at construction; this is the test seam for the same effect).
-    daemon.enforcementDisabled = true;
-    pushOverride(projB);
-    const { client: cb } = await makeClient({ database: tenantADb });
-    const rb = await cb.query('SELECT current_database() AS db');
-    await cb.end();
-    // Bypass succeeded: tenant B's session reached tenant A's DB.
-    expect(rb.rows[0].db).toBe(tenantADb);
-    const events = readAudit();
-    const bypass = events.filter(
-      (e) => e.event === AUDIT_EVENTS.ENFORCEMENT_KILL_SWITCH_USED,
-    );
-    expect(bypass.length).toBe(1);
-    expect(bypass[0].owned_database).toMatch(/^app_killswitch_b_[0-9a-f]{12}$/);
-    expect(bypass[0].requested_database).toBe(tenantADb);
-    // No deny event should fire while the kill switch is active.
-    const denied = events.filter(
-      (e) => e.event === AUDIT_EVENTS.CONNECTION_DENIED_FINGERPRINT_MISMATCH,
-    );
-    expect(denied.length).toBe(0);
-  });
-  test('sanitizer: name "@scope/foo bar" produces app__scope_foo_bar_<hex>', async () => {
-    const projScoped = makeProject('@scope/foo bar', 'scoped-pkg');
-    pushOverride(projScoped);
-    const { client } = await makeClient();
-    const r = await client.query('SELECT current_database() AS db');
-    await client.end();
-    expect(r.rows[0].db).toMatch(/^app__scope_foo_bar_[0-9a-f]{12}$/);
-  });
-});
-// ---------------------------------------------------------------------------
-// Boot-time deprecation warning
-// ---------------------------------------------------------------------------
-describe('boot deprecation warning when kill switch is set', () => {
-  test('writes a deprecation message to stderr at start()', async () => {
-    const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'pgserve-killswitch-boot-'));
-    const controlDir = path.join(dir, 'sock');
-    fs.mkdirSync(controlDir, { recursive: true });
-    const captured = [];
-    const origWrite = process.stderr.write.bind(process.stderr);
-    process.stderr.write = (chunk, ...rest) => {
-      captured.push(typeof chunk === 'string' ? chunk : Buffer.from(chunk).toString('utf8'));
-      return origWrite(chunk, ...rest);
-    };
-    let d;
-    try {
-      d = new PgserveDaemon({
-        controlSocketDir: controlDir,
-        controlSocketPath: resolveControlSocketPath(controlDir),
-        pidLockPath: resolvePidLockPath(controlDir),
-        libpqCompatPath: resolveLibpqCompatPath(controlDir, 5432),
-        pgPort: 16780,
-        enforcementDisabled: true,
-        logger: createLogger({ level: 'warn' }),
-      });
-      await d.start();
-      const merged = captured.join('');
-      expect(merged).toContain(KILL_SWITCH_ENV);
-      expect(merged).toContain('DISABLED');
-      expect(merged).toContain('deprecated');
-    } finally {
-      process.stderr.write = origWrite;
-      try { if (d) await d.stop(); } catch { /* swallow */ }
-      try { fs.rmSync(dir, { recursive: true, force: true }); } catch { /* swallow */ }
-    }
-  });
-});

package/tests/wrapper-supervision.test.js DELETED Viewed

@@ -1,107 +0,0 @@
-/**
- * Wrapper supervision: postgres backend death surfaces to the wrapper
- *
- * Verifies that:
- *  1. PostgresManager extends EventEmitter and emits `backendExited` when
- *     the postgres child exits.
- *  2. `expected: true` is reported when the exit was initiated by stop().
- *  3. `expected: false` is reported when the child was killed externally
- *     (the case the wrapper needs to react to per pgserve#45).
- *  4. PgserveDaemon re-emits `backendDiedUnexpectedly` only for unexpected
- *     exits, not for clean stop().
- *
- * Tests use the real Bun.spawn'd postgres binary via PostgresManager because
- * the supervision contract is end-to-end — a unit test with a mocked process
- * would prove only that the JS plumbing fires.
- */
-import { PostgresManager } from '../src/postgres.js';
-import { PgserveDaemon } from '../src/daemon.js';
-import { EventEmitter } from 'events';
-import { test, expect } from 'bun:test';
-import fs from 'fs';
-import path from 'path';
-import os from 'os';
-function quietLogger() {
-  return {
-    info: () => {}, warn: () => {}, error: () => {}, debug: () => {},
-    child: () => quietLogger(),
-  };
-}
-test('PostgresManager extends EventEmitter', () => {
-  const mgr = new PostgresManager({});
-  expect(mgr).toBeInstanceOf(EventEmitter);
-});
-test('PostgresManager emits backendExited with expected=true after stop()', async () => {
-  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'pgserve-supv-stop-'));
-  const mgr = new PostgresManager({ dataDir: dir, logger: quietLogger() });
-  let event = null;
-  mgr.on('backendExited', (info) => { event = info; });
-  await mgr.start();
-  await mgr.stop();
-  // Give event loop a tick to flush exited.then handler if not already drained
-  await new Promise((r) => setTimeout(r, 50));
-  expect(event).not.toBeNull();
-  expect(event.expected).toBe(true);
-  fs.rmSync(dir, { recursive: true, force: true });
-}, 60000);
-// External-SIGKILL integration coverage runs on Linux only. On macOS,
-// Bun.spawn'd postgres reliably refuses to surface its `exited` promise
-// within the test deadline when killed by SIGKILL — Bun's posix_spawn
-// path on darwin holds parent reaping until grandchildren reap, which
-// postgres never does fast enough for a deterministic test. The
-// `expected=false` branch is still covered cross-platform by the
-// daemon-level re-emit test below, which feeds a synthetic
-// `backendExited` payload through a fake EventEmitter and bypasses the
-// OS signal-handling variability entirely.
-const linuxOnly = process.platform === 'linux' ? test : test.skip;
-linuxOnly('PostgresManager emits backendExited with expected=false on external SIGKILL (linux)', async () => {
-  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'pgserve-supv-kill-'));
-  const mgr = new PostgresManager({ dataDir: dir, logger: quietLogger() });
-  let event = null;
-  mgr.on('backendExited', (info) => { event = info; });
-  await mgr.start();
-  const childPid = mgr.process?.pid;
-  expect(childPid).toBeGreaterThan(0);
-  // External kill — _stopping stays false, so the handler must mark unexpected
-  process.kill(childPid, 'SIGKILL');
-  // Wait for the exit handler to fire (max 3s)
-  for (let i = 0; i < 60 && event === null; i++) {
-    await new Promise((r) => setTimeout(r, 50));
-  }
-  expect(event).not.toBeNull();
-  expect(event.expected).toBe(false);
-  // Cleanup: paths were nulled by the unexpected-exit branch, so stop() is a no-op
-  await mgr.stop().catch(() => {});
-  fs.rmSync(dir, { recursive: true, force: true });
-}, 60000);
-test('PgserveDaemon re-emits backendDiedUnexpectedly only on unexpected exit', () => {
-  // Pure plumbing test — synthesize PgserveDaemon and a fake pgManager that
-  // is just an EventEmitter; verify the wiring.
-  const fakePgManager = new EventEmitter();
-  // PgserveDaemon constructor needs a baseDir; passing a tmp dir avoids
-  // touching real config.
-  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'pgserve-supv-daemon-'));
-  const daemon = new PgserveDaemon({
-    baseDir: dir,
-    logger: quietLogger(),
-    pgManager: fakePgManager,
-    enforcementDisabled: true,
-  });
-  const events = [];
-  daemon.on('backendDiedUnexpectedly', (info) => events.push(info));
-  fakePgManager.emit('backendExited', { code: 0, expected: true });
-  expect(events).toHaveLength(0); // clean stop — no re-emit
-  fakePgManager.emit('backendExited', { code: 137, expected: false });
-  expect(events).toHaveLength(1);
-  expect(events[0]).toEqual({ code: 137, expected: false });
-  fs.rmSync(dir, { recursive: true, force: true });
-});