plenum 1.0.2 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +34 -26
  2. package/npm-shrinkwrap.json +2 -2
  3. package/package.json +2 -2
package/README.md CHANGED
@@ -10,8 +10,8 @@ Plenum is a lightweight, deterministic database control tool designed specifical
10
10
 
11
11
  Plenum enables AI agents to:
12
12
  - **Introspect database schemas** safely and deterministically
13
- - **Execute constrained SQL queries** with explicit permission requirements
14
- - **Maintain least-privilege access** with read-only mode as default
13
+ - **Execute read-only SQL queries** with safety constraints
14
+ - **Ensure strict read-only access** - all write and DDL operations are rejected
15
15
  - **Produce machine-parseable output** (JSON-only to stdout)
16
16
 
17
17
  Plenum is exposed via a local MCP (Model Context Protocol) server, making it seamlessly integrable with AI agent frameworks.
@@ -20,7 +20,7 @@ Plenum is exposed via a local MCP (Model Context Protocol) server, making it sea
20
20
 
21
21
  - **Agent-First Design**: JSON-only output, no interactive UX, deterministic behavior
22
22
  - **Vendor-Specific SQL**: No query abstraction layer - PostgreSQL SQL ≠ MySQL SQL ≠ SQLite SQL
23
- - **Explicit Capabilities**: Read-only by default, writes and DDL require explicit flags
23
+ - **Strictly Read-Only**: All write and DDL operations are rejected - guaranteed safe for AI agents
24
24
  - **Stateless Execution**: No persistent connections, no caching, no implicit state
25
25
  - **Three Database Engines**: PostgreSQL, MySQL, and SQLite support (first-class, equally constrained)
26
26
 
@@ -88,31 +88,39 @@ Returns JSON with:
88
88
  - Foreign keys
89
89
  - Indexes
90
90
 
91
- ### 3. `plenum query` - Constrained Query Execution
91
+ ### 3. `plenum query` - Read-Only Query Execution
92
92
 
93
- Execute SQL queries with explicit capability requirements:
93
+ Execute read-only SQL queries with safety constraints:
94
94
 
95
95
  ```bash
96
- # Read-only query (default, no flags needed)
96
+ # Read-only query
97
97
  plenum query --name prod --sql "SELECT * FROM users WHERE id = 1"
98
98
 
99
- # Write query (requires --allow-write)
100
- plenum query --name prod --sql "UPDATE users SET name = 'Alice' WHERE id = 1" \
101
- --allow-write
102
-
103
- # DDL query (requires --allow-ddl, which implies write)
104
- plenum query --name prod --sql "CREATE TABLE test (id INT PRIMARY KEY)" \
105
- --allow-ddl
106
-
107
- # With row limit and timeout
99
+ # With row limit (recommended for large tables)
108
100
  plenum query --name prod --sql "SELECT * FROM large_table" \
109
- --max-rows 1000 --timeout-ms 5000
101
+ --max-rows 100 --timeout-ms 5000
102
+
103
+ # Introspection queries
104
+ plenum query --name prod --sql "SHOW TABLES"
105
+ plenum query --name prod --sql "DESCRIBE users"
106
+
107
+ # Complex query with joins
108
+ plenum query --name prod --sql "
109
+ SELECT u.name, o.total
110
+ FROM users u
111
+ JOIN orders o ON u.id = o.user_id
112
+ WHERE o.status = 'completed'
113
+ " --max-rows 50
110
114
  ```
111
115
 
112
- **Capability Hierarchy:**
113
- - **Read-only** (default): SELECT queries only
114
- - **Write** (`--allow-write`): INSERT, UPDATE, DELETE (but NOT DDL)
115
- - **DDL** (`--allow-ddl`): CREATE, DROP, ALTER, TRUNCATE (includes write)
116
+ **Read-Only Enforcement:**
117
+ - SELECT queries are permitted
118
+ - SHOW, DESCRIBE, PRAGMA statements are permitted
119
+ - EXPLAIN queries are permitted
120
+ - ❌ INSERT, UPDATE, DELETE operations are **rejected**
121
+ - ❌ CREATE, DROP, ALTER operations are **rejected**
122
+
123
+ **For write operations:** Plenum will reject the query with a helpful error message. Construct the SQL and present it to the user for manual execution.
116
124
 
117
125
  ## Output Format
118
126
 
@@ -151,7 +159,7 @@ Plenum returns stable, machine-parseable error codes. Agents should check the `e
151
159
 
152
160
  | Code | Description | When It Occurs |
153
161
  |------|-------------|----------------|
154
- | `CAPABILITY_VIOLATION` | Operation blocked by capability constraints | Attempting write/DDL operations without appropriate flags |
162
+ | `CAPABILITY_VIOLATION` | Operation blocked - Plenum is read-only | Attempting any write or DDL operations (INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, etc.) |
155
163
  | `CONNECTION_FAILED` | Database connection failed | Invalid credentials, unreachable host, or database doesn't exist |
156
164
  | `QUERY_FAILED` | Query execution failed | SQL syntax errors, missing tables/columns, constraint violations |
157
165
  | `INVALID_INPUT` | Malformed input or missing parameters | Missing required flags, invalid engine type, etc. |
@@ -166,7 +174,7 @@ Plenum returns stable, machine-parseable error codes. Agents should check the `e
166
174
  "command": "query",
167
175
  "error": {
168
176
  "code": "CAPABILITY_VIOLATION",
169
- "message": "Write operations require --allow-write flag"
177
+ "message": "Plenum is read-only and cannot execute this query. Please run this query manually:\n\nINSERT INTO users (name) VALUES ('Alice')"
170
178
  }
171
179
  }
172
180
  ```
@@ -216,12 +224,12 @@ Plenum is built around strict architectural principles:
216
224
 
217
225
  ### Security Model
218
226
 
219
- Plenum's security boundary is **capability-based access control**, not SQL validation.
227
+ Plenum's security boundary is **strict read-only enforcement**, not SQL validation.
220
228
 
221
229
  **Plenum enforces:**
222
- - ✅ Operation type restrictions (read-only, write, DDL)
230
+ - ✅ **Strict read-only operation** - all write/DDL operations are rejected
223
231
  - ✅ Row limits (`max_rows`) and query timeouts (`timeout_ms`)
224
- - ✅ Pre-execution validation (no capability bypasses)
232
+ - ✅ Pre-execution validation (queries validated before execution)
225
233
  - ✅ Credential security (best-effort, no intentional logging)
226
234
 
227
235
  **Plenum does NOT enforce:**
@@ -230,7 +238,7 @@ Plenum's security boundary is **capability-based access control**, not SQL valid
230
238
  - ❌ Business logic constraints
231
239
  - ❌ Data access policies (row-level security, column masking)
232
240
 
233
- **Critical**: Agents must sanitize all user inputs before constructing SQL. Plenum assumes SQL passed to it is safe and passes it verbatim to database drivers.
241
+ **Critical**: Agents must sanitize all user inputs before constructing SQL. Plenum assumes read-only SQL passed to it is safe and passes it verbatim to database drivers.
234
242
 
235
243
  #### Credential Security
236
244
 
package/npm-shrinkwrap.json CHANGED
@@ -23,7 +23,7 @@
23
23
  "hasInstallScript": true,
24
24
  "license": "MIT OR Apache-2.0",
25
25
  "name": "plenum",
26
- "version": "1.0.2"
26
+ "version": "1.5.0"
27
27
  },
28
28
  "node_modules/@isaacs/balanced-match": {
29
29
  "engines": {
@@ -515,5 +515,5 @@
515
515
  }
516
516
  },
517
517
  "requires": true,
518
- "version": "1.0.2"
518
+ "version": "1.5.0"
519
519
  }
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "artifactDownloadUrl": "https://github.com/reflex-search/plenum/releases/download/v1.0.2",
2
+ "artifactDownloadUrl": "https://github.com/reflex-search/plenum/releases/download/v1.5.0",
3
3
  "author": "Plenum Contributors",
4
4
  "bin": {
5
5
  "plenum": "run-plenum.js"
@@ -92,7 +92,7 @@
92
92
  "zipExt": ".tar.xz"
93
93
  }
94
94
  },
95
- "version": "1.0.2",
95
+ "version": "1.5.0",
96
96
  "volta": {
97
97
  "node": "18.14.1",
98
98
  "npm": "9.5.0"