postgresai 0.14.0-beta.3 → 0.14.0-dev.11

package/lib/init.ts

@@ -1,12 +1,10 @@
+import * as readline from "readline";
 import { randomBytes } from "crypto";
 import { URL } from "url";
-import type { ConnectionOptions as TlsConnectionOptions } from "tls";
 import type { Client as PgClient } from "pg";
 import * as fs from "fs";
 import * as path from "path";
 
-export const DEFAULT_MONITORING_USER = "postgres_ai_mon";
-
 export type PgClientConfig = {
   connectionString?: string;
   host?: string;
@@ -14,7 +12,7 @@ export type PgClientConfig = {
   user?: string;
   password?: string;
   database?: string;
-  ssl?: boolean | TlsConnectionOptions;
+  ssl?: any;
 };
 
 export type AdminConnection = {
@@ -59,26 +57,15 @@ function applyTemplate(sql: string, vars: Record<string, string>): string {
 
 function quoteIdent(ident: string): string {
   // Always quote. Escape embedded quotes by doubling.
-  if (ident.includes("\0")) {
-    throw new Error("Identifier cannot contain null bytes");
-  }
   return `"${ident.replace(/"/g, "\"\"")}"`;
 }
 
 function quoteLiteral(value: string): string {
   // Single-quote and escape embedded quotes by doubling.
   // This is used where Postgres grammar requires a literal (e.g., CREATE/ALTER ROLE PASSWORD).
-  if (value.includes("\0")) {
-    throw new Error("Literal cannot contain null bytes");
-  }
   return `'${value.replace(/'/g, "''")}'`;
 }
 
-export function redactPasswordsInSql(sql: string): string {
-  // Replace PASSWORD '<literal>' (handles doubled quotes inside).
-  return sql.replace(/password\s+'(?:''|[^'])*'/gi, "password '<redacted>'");
-}
-
 export function maskConnectionString(dbUrl: string): string {
   // Hide password if present (postgresql://user:pass@host/db).
   try {
@@ -222,8 +209,19 @@ export function resolveAdminConnection(opts: {
   }
 
   if (!hasConnDetails) {
-    // Keep this message short: the CLI prints full help (including examples) on this error.
-    throw new Error("Connection is required.");
+    throw new Error(
+      [
+        "Connection is required.",
+        "",
+        "Examples:",
+        "  postgresai init postgresql://admin@host:5432/dbname",
+        "  postgresai init \"dbname=dbname host=host user=admin\"",
+        "  postgresai init -h host -p 5432 -U admin -d dbname",
+        "",
+        "Admin password:",
+        "  --admin-password <password>  (or set PGPASSWORD)",
+      ].join("\n")
+    );
   }
 
   const cfg: PgClientConfig = {};
@@ -242,19 +240,81 @@ export function resolveAdminConnection(opts: {
   return { clientConfig: cfg, display: describePgConfig(cfg) };
 }
 
-function generateMonitoringPassword(): string {
-  // URL-safe and easy to copy/paste; 24 bytes => 32 base64url chars (no padding).
-  // Note: randomBytes() throws on failure; we add a tiny sanity check for unexpected output.
-  const password = randomBytes(24).toString("base64url");
-  if (password.length < 30) {
-    throw new Error("Password generation failed: unexpected output length");
+export async function promptHidden(prompt: string): Promise<string> {
+  // Implement our own hidden input reader so:
+  // - prompt text is visible
+  // - only user input is masked
+  // - we don't rely on non-public readline internals
+  if (!process.stdin.isTTY) {
+    throw new Error("Cannot prompt for password in non-interactive mode");
   }
-  return password;
+
+  const stdin = process.stdin;
+  const stdout = process.stdout as NodeJS.WriteStream;
+
+  stdout.write(prompt);
+
+  return await new Promise<string>((resolve, reject) => {
+    let value = "";
+
+    const cleanup = () => {
+      try {
+        stdin.setRawMode(false);
+      } catch {
+        // ignore
+      }
+      stdin.removeListener("keypress", onKeypress);
+    };
+
+    const onKeypress = (str: string, key: any) => {
+      if (key?.ctrl && key?.name === "c") {
+        stdout.write("\n");
+        cleanup();
+        reject(new Error("Cancelled"));
+        return;
+      }
+
+      if (key?.name === "return" || key?.name === "enter") {
+        stdout.write("\n");
+        cleanup();
+        resolve(value);
+        return;
+      }
+
+      if (key?.name === "backspace") {
+        if (value.length > 0) {
+          value = value.slice(0, -1);
+          // Erase one mask char.
+          stdout.write("\b \b");
+        }
+        return;
+      }
+
+      // Ignore other control keys.
+      if (key?.ctrl || key?.meta) return;
+
+      if (typeof str === "string" && str.length > 0) {
+        value += str;
+        stdout.write("*");
+      }
+    };
+
+    readline.emitKeypressEvents(stdin);
+    stdin.setRawMode(true);
+    stdin.on("keypress", onKeypress);
+    stdin.resume();
+  });
+}
+
+function generateMonitoringPassword(): string {
+  // URL-safe and easy to copy/paste; length ~32 chars.
+  return randomBytes(24).toString("base64url");
 }
 
 export async function resolveMonitoringPassword(opts: {
   passwordFlag?: string;
   passwordEnv?: string;
+  prompt?: (prompt: string) => Promise<string>;
   monitoringUser: string;
 }): Promise<{ password: string; generated: boolean }> {
   const fromFlag = (opts.passwordFlag || "").trim();
@@ -272,9 +332,9 @@ export async function buildInitPlan(params: {
   monitoringUser?: string;
   monitoringPassword: string;
   includeOptionalPermissions: boolean;
+  roleExists?: boolean;
 }): Promise<InitPlan> {
-  // NOTE: kept async for API stability / potential future async template loading.
-  const monitoringUser = params.monitoringUser || DEFAULT_MONITORING_USER;
+  const monitoringUser = params.monitoringUser || "postgres_ai_mon";
   const database = params.database;
 
   const qRole = quoteIdent(monitoringUser);
@@ -284,26 +344,27 @@ export async function buildInitPlan(params: {
 
   const steps: InitStep[] = [];
 
-  const vars: Record<string, string> = {
+  const vars = {
     ROLE_IDENT: qRole,
     DB_IDENT: qDb,
   };
 
   // Role creation/update is done in one template file.
-  // Always use a single DO block to avoid race conditions between "role exists?" checks and CREATE USER.
-  // We:
-  // - create role if missing (and handle duplicate_object in case another session created it concurrently),
-  // - then ALTER ROLE to ensure the password is set to the desired value.
-  const roleStmt = `do $$ begin
+  // If roleExists is unknown, use a single DO block to create-or-alter safely.
+  let roleStmt: string | null = null;
+  if (params.roleExists === false) {
+    roleStmt = `create user ${qRole} with password ${qPw};`;
+  } else if (params.roleExists === true) {
+    roleStmt = `alter user ${qRole} with password ${qPw};`;
+  } else {
+    roleStmt = `do $$ begin
   if not exists (select 1 from pg_catalog.pg_roles where rolname = ${qRoleNameLit}) then
-    begin
-      create user ${qRole} with password ${qPw};
-    exception when duplicate_object then
-      null;
-    end;
+    create user ${qRole} with password ${qPw};
+  else
+    alter user ${qRole} with password ${qPw};
   end if;
-  alter user ${qRole} with password ${qPw};
 end $$;`;
+  }
 
   const roleSql = applyTemplate(loadSqlTemplate("01.role.sql"), { ...vars, ROLE_STMT: roleStmt });
   steps.push({ name: "01.role", sql: roleSql });
@@ -350,201 +411,31 @@ export async function applyInitPlan(params: {
         const msg = e instanceof Error ? e.message : String(e);
         const errAny = e as any;
         const wrapped: any = new Error(`Failed at step "${step.name}": ${msg}`);
-        // Preserve useful Postgres error fields so callers can provide better hints / diagnostics.
-        const pgErrorFields = [
-          "code",
-          "detail",
-          "hint",
-          "position",
-          "internalPosition",
-          "internalQuery",
-          "where",
-          "schema",
-          "table",
-          "column",
-          "dataType",
-          "constraint",
-          "file",
-          "line",
-          "routine",
-        ] as const;
-        if (errAny && typeof errAny === "object") {
-          for (const field of pgErrorFields) {
-            if (errAny[field] !== undefined) wrapped[field] = errAny[field];
-          }
-        }
-        if (e instanceof Error && e.stack) {
-          wrapped.stack = e.stack;
+        // Preserve Postgres error code so callers can provide better hints (e.g., 42501 insufficient_privilege).
+        if (errAny && typeof errAny === "object" && typeof errAny.code === "string") {
+          wrapped.code = errAny.code;
         }
         throw wrapped;
       }
     }
     await params.client.query("commit;");
   } catch (e) {
-    // Rollback errors should never mask the original failure.
-    try {
-      await params.client.query("rollback;");
-    } catch {
-      // ignore
-    }
+    await params.client.query("rollback;");
     throw e;
   }
 
   // Apply optional steps outside of the transaction so a failure doesn't abort everything.
   for (const step of params.plan.steps.filter((s) => s.optional)) {
     try {
-      // Run each optional step in its own mini-transaction to avoid partial application.
-      await params.client.query("begin;");
-      try {
-        await params.client.query(step.sql, step.params as any);
-        await params.client.query("commit;");
-        applied.push(step.name);
-      } catch {
-        try {
-          await params.client.query("rollback;");
-        } catch {
-          // ignore rollback errors
-        }
-        skippedOptional.push(step.name);
-        // best-effort: ignore
-      }
+      await params.client.query(step.sql, step.params as any);
+      applied.push(step.name);
     } catch {
-      // If we can't even begin/commit, treat as skipped.
       skippedOptional.push(step.name);
+      // best-effort: ignore
     }
   }
 
   return { applied, skippedOptional };
 }
 
-export type VerifyInitResult = {
-  ok: boolean;
-  missingRequired: string[];
-  missingOptional: string[];
-};
-
-export async function verifyInitSetup(params: {
-  client: PgClient;
-  database: string;
-  monitoringUser: string;
-  includeOptionalPermissions: boolean;
-}): Promise<VerifyInitResult> {
-  // Use a repeatable-read snapshot so all checks see a consistent view.
-  await params.client.query("begin isolation level repeatable read;");
-  try {
-    const missingRequired: string[] = [];
-    const missingOptional: string[] = [];
-
-    const role = params.monitoringUser;
-    const db = params.database;
-
-    const roleRes = await params.client.query("select 1 from pg_catalog.pg_roles where rolname = $1", [role]);
-    const roleExists = (roleRes.rowCount ?? 0) > 0;
-    if (!roleExists) {
-      missingRequired.push(`role "${role}" does not exist`);
-      // If role is missing, other checks will error or be meaningless.
-      return { ok: false, missingRequired, missingOptional };
-    }
-
-    const connectRes = await params.client.query(
-      "select has_database_privilege($1, $2, 'CONNECT') as ok",
-      [role, db]
-    );
-    if (!connectRes.rows?.[0]?.ok) {
-      missingRequired.push(`CONNECT on database "${db}"`);
-    }
-
-    const pgMonitorRes = await params.client.query(
-      "select pg_has_role($1, 'pg_monitor', 'member') as ok",
-      [role]
-    );
-    if (!pgMonitorRes.rows?.[0]?.ok) {
-      missingRequired.push("membership in role pg_monitor");
-    }
-
-    const pgIndexRes = await params.client.query(
-      "select has_table_privilege($1, 'pg_catalog.pg_index', 'SELECT') as ok",
-      [role]
-    );
-    if (!pgIndexRes.rows?.[0]?.ok) {
-      missingRequired.push("SELECT on pg_catalog.pg_index");
-    }
-
-    const viewExistsRes = await params.client.query("select to_regclass('public.pg_statistic') is not null as ok");
-    if (!viewExistsRes.rows?.[0]?.ok) {
-      missingRequired.push("view public.pg_statistic exists");
-    } else {
-      const viewPrivRes = await params.client.query(
-        "select has_table_privilege($1, 'public.pg_statistic', 'SELECT') as ok",
-        [role]
-      );
-      if (!viewPrivRes.rows?.[0]?.ok) {
-        missingRequired.push("SELECT on view public.pg_statistic");
-      }
-    }
-
-    const schemaUsageRes = await params.client.query(
-      "select has_schema_privilege($1, 'public', 'USAGE') as ok",
-      [role]
-    );
-    if (!schemaUsageRes.rows?.[0]?.ok) {
-      missingRequired.push("USAGE on schema public");
-    }
-
-    const rolcfgRes = await params.client.query("select rolconfig from pg_catalog.pg_roles where rolname = $1", [role]);
-    const rolconfig = rolcfgRes.rows?.[0]?.rolconfig;
-    const spLine = Array.isArray(rolconfig) ? rolconfig.find((v: any) => String(v).startsWith("search_path=")) : undefined;
-    if (typeof spLine !== "string" || !spLine) {
-      missingRequired.push("role search_path is set");
-    } else {
-      // We accept any ordering as long as public and pg_catalog are included.
-      const sp = spLine.toLowerCase();
-      if (!sp.includes("public") || !sp.includes("pg_catalog")) {
-        missingRequired.push("role search_path includes public and pg_catalog");
-      }
-    }
-
-    if (params.includeOptionalPermissions) {
-      // Optional RDS/Aurora extras
-      {
-        const extRes = await params.client.query("select 1 from pg_extension where extname = 'rds_tools'");
-        if ((extRes.rowCount ?? 0) === 0) {
-          missingOptional.push("extension rds_tools");
-        } else {
-          const fnRes = await params.client.query(
-            "select has_function_privilege($1, 'rds_tools.pg_ls_multixactdir()', 'EXECUTE') as ok",
-            [role]
-          );
-          if (!fnRes.rows?.[0]?.ok) {
-            missingOptional.push("EXECUTE on rds_tools.pg_ls_multixactdir()");
-          }
-        }
-      }
-
-      // Optional self-managed extras
-      const optionalFns = [
-        "pg_catalog.pg_stat_file(text)",
-        "pg_catalog.pg_stat_file(text, boolean)",
-        "pg_catalog.pg_ls_dir(text)",
-        "pg_catalog.pg_ls_dir(text, boolean, boolean)",
-      ];
-      for (const fn of optionalFns) {
-        const fnRes = await params.client.query("select has_function_privilege($1, $2, 'EXECUTE') as ok", [role, fn]);
-        if (!fnRes.rows?.[0]?.ok) {
-          missingOptional.push(`EXECUTE on ${fn}`);
-        }
-      }
-    }
-
-    return { ok: missingRequired.length === 0, missingRequired, missingOptional };
-  } finally {
-    // Read-only: rollback to release snapshot; do not mask original errors.
-    try {
-      await params.client.query("rollback;");
-    } catch {
-      // ignore
-    }
-  }
-}
-
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresai",
-  "version": "0.14.0-beta.3",
+  "version": "0.14.0-dev.11",
   "description": "postgres_ai CLI (Node.js)",
   "license": "Apache-2.0",
   "private": false,

package/sql/01.role.sql

@@ -1,15 +1,14 @@
 -- Role creation / password update (template-filled by cli/lib/init.ts)
 --
--- Always uses a race-safe pattern (create if missing, then always alter to set the password):
+-- Example expansions (for readability/review):
+--   create user "postgres_ai_mon" with password '...';
+--   alter user "postgres_ai_mon" with password '...';
 --   do $$ begin
---     if not exists (select 1 from pg_catalog.pg_roles where rolname = '...') then
---       begin
---         create user "..." with password '...';
---       exception when duplicate_object then
---         null;
---       end;
+--     if not exists (select 1 from pg_catalog.pg_roles where rolname = 'postgres_ai_mon') then
+--       create user "postgres_ai_mon" with password '...';
+--     else
+--       alter user "postgres_ai_mon" with password '...';
 --     end if;
---     alter user "..." with password '...';
 --   end $$;
 {{ROLE_STMT}}
 

package/test/init.integration.test.cjs

@@ -92,41 +92,25 @@ async function withTempPostgres(t) {
 
   const port = await getFreePort();
 
-  let postgresProc;
-  try {
-    postgresProc = spawn(
-      postgresBin,
-      ["-D", dataDir, "-k", socketDir, "-h", "127.0.0.1", "-p", String(port)],
-      {
-        stdio: ["ignore", "pipe", "pipe"],
-      }
-    );
-
-    // Register cleanup immediately so failures below don't leave a running postgres and hang CI.
-    t.after(async () => {
-      postgresProc.kill("SIGTERM");
-      try {
-        await waitFor(
-          async () => {
-            if (postgresProc.exitCode === null) throw new Error("still running");
-          },
-          { timeoutMs: 5000, intervalMs: 100 }
-        );
-      } catch {
-        postgresProc.kill("SIGKILL");
-      }
-      fs.rmSync(tmpRoot, { recursive: true, force: true });
-    });
-  } catch (e) {
-    // If anything goes wrong before cleanup is registered, ensure we don't leak a running postgres.
+  const postgresProc = spawn(postgresBin, ["-D", dataDir, "-k", socketDir, "-h", "127.0.0.1", "-p", String(port)], {
+    stdio: ["ignore", "pipe", "pipe"],
+  });
+
+  // Register cleanup immediately so failures below don't leave a running postgres and hang CI.
+  t.after(async () => {
+    postgresProc.kill("SIGTERM");
     try {
-      if (postgresProc) postgresProc.kill("SIGKILL");
+      await waitFor(
+        async () => {
+          if (postgresProc.exitCode === null) throw new Error("still running");
+        },
+        { timeoutMs: 5000, intervalMs: 100 }
+      );
     } catch {
-      // ignore
+      postgresProc.kill("SIGKILL");
     }
     fs.rmSync(tmpRoot, { recursive: true, force: true });
-    throw e;
-  }
+  });
 
   const { Client } = require("pg");
 
@@ -224,8 +208,7 @@ test(
     {
       const r = await runCliInit([pg.adminUri, "--print-password", "--skip-optional-permissions"]);
       assert.equal(r.status, 0, r.stderr || r.stdout);
-      assert.match(r.stderr, /Generated monitoring password for postgres_ai_mon/i);
-      assert.match(r.stderr, /PGAI_MON_PASSWORD=/);
+      assert.match(r.stdout, /Generated password for monitoring user/i);
     }
   }
 );
@@ -310,73 +293,10 @@ test("integration: init reports nicely when lacking permissions", { skip: !haveP
   const limitedUri = `postgresql://limited:${limitedPw}@127.0.0.1:${pg.port}/testdb`;
   const r = await runCliInit([limitedUri, "--password", "monpw", "--skip-optional-permissions"]);
   assert.notEqual(r.status, 0);
-  assert.match(r.stderr, /Error: init:/);
+  assert.match(r.stderr, /init failed:/);
   // Should include step context and hint.
   assert.match(r.stderr, /Failed at step "/);
-  assert.match(r.stderr, /Fix: connect as a superuser/i);
-});
-
-test("integration: init --verify returns 0 when ok and non-zero when missing", { skip: !havePostgresBinaries() }, async (t) => {
-  const pg = await withTempPostgres(t);
-  const { Client } = require("pg");
-
-  // Prepare: run init
-  {
-    const r = await runCliInit([pg.adminUri, "--password", "monpw", "--skip-optional-permissions"]);
-    assert.equal(r.status, 0, r.stderr || r.stdout);
-  }
-
-  // Verify should pass
-  {
-    const r = await runCliInit([pg.adminUri, "--verify", "--skip-optional-permissions"]);
-    assert.equal(r.status, 0, r.stderr || r.stdout);
-    assert.match(r.stdout, /init verify: OK/i);
-  }
-
-  // Break a required privilege and ensure verify fails
-  {
-    const c = new Client({ connectionString: pg.adminUri });
-    await c.connect();
-    // pg_catalog tables are often readable via PUBLIC by default; revoke from PUBLIC too so the failure is deterministic.
-    await c.query("revoke select on pg_catalog.pg_index from public");
-    await c.query("revoke select on pg_catalog.pg_index from postgres_ai_mon");
-    await c.end();
-  }
-  {
-    const r = await runCliInit([pg.adminUri, "--verify", "--skip-optional-permissions"]);
-    assert.notEqual(r.status, 0);
-    assert.match(r.stderr, /init verify failed/i);
-    assert.match(r.stderr, /pg_catalog\.pg_index/i);
-  }
-});
-
-test("integration: init --reset-password updates the monitoring role login password", { skip: !havePostgresBinaries() }, async (t) => {
-  const pg = await withTempPostgres(t);
-  const { Client } = require("pg");
-
-  // Initial setup with password pw1
-  {
-    const r = await runCliInit([pg.adminUri, "--password", "pw1", "--skip-optional-permissions"]);
-    assert.equal(r.status, 0, r.stderr || r.stdout);
-  }
-
-  // Reset to pw2
-  {
-    const r = await runCliInit([pg.adminUri, "--reset-password", "--password", "pw2", "--skip-optional-permissions"]);
-    assert.equal(r.status, 0, r.stderr || r.stdout);
-    assert.match(r.stdout, /password reset/i);
-  }
-
-  // Connect as monitoring user with new password should work
-  {
-    const c = new Client({
-      connectionString: `postgresql://postgres_ai_mon:pw2@127.0.0.1:${pg.port}/testdb`,
-    });
-    await c.connect();
-    const ok = await c.query("select 1 as ok");
-    assert.equal(ok.rows[0].ok, 1);
-    await c.end();
-  }
+  assert.match(r.stderr, /Hint: connect as a superuser/i);
 });