postgresai 0.14.0-dev.53 → 0.14.0-dev.55

package/dist/bin/postgres-ai.js

@@ -13064,7 +13064,7 @@ var {
 // package.json
 var package_default = {
   name: "postgresai",
-  version: "0.14.0-dev.53",
+  version: "0.14.0-dev.55",
   description: "postgres_ai CLI",
   license: "Apache-2.0",
   private: false,
@@ -13077,22 +13077,28 @@ var package_default = {
     url: "https://gitlab.com/postgres-ai/postgres_ai/-/issues"
   },
   bin: {
-    "postgres-ai": "./dist/bin/postgres-ai.js",
     postgresai: "./dist/bin/postgres-ai.js",
     pgai: "./dist/bin/postgres-ai.js"
   },
+  exports: {
+    ".": "./dist/bin/postgres-ai.js",
+    "./cli": "./dist/bin/postgres-ai.js"
+  },
   type: "module",
   engines: {
     node: ">=18"
   },
   scripts: {
-    build: `bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e "const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))" && cp -r sql dist/`,
+    "embed-metrics": "bun run scripts/embed-metrics.ts",
+    build: `bun run embed-metrics && bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e "const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))"`,
     prepublishOnly: "npm run build",
     start: "bun ./bin/postgres-ai.ts --help",
     "start:node": "node ./dist/bin/postgres-ai.js --help",
-    dev: "bun --watch ./bin/postgres-ai.ts",
-    test: "bun test",
-    typecheck: "bunx tsc --noEmit"
+    dev: "bun run embed-metrics && bun --watch ./bin/postgres-ai.ts",
+    test: "bun run embed-metrics && bun test",
+    "test:fast": "bun run embed-metrics && bun test --coverage=false",
+    "test:coverage": "bun run embed-metrics && bun test --coverage && echo 'Coverage report: cli/coverage/lcov-report/index.html'",
+    typecheck: "bun run embed-metrics && bunx tsc --noEmit"
   },
   dependencies: {
     "@modelcontextprotocol/sdk": "^1.20.2",
@@ -13104,6 +13110,8 @@ var package_default = {
     "@types/bun": "^1.1.14",
     "@types/js-yaml": "^4.0.9",
     "@types/pg": "^8.15.6",
+    ajv: "^8.17.1",
+    "ajv-formats": "^3.0.1",
     typescript: "^5.3.3"
   },
   publishConfig: {
@@ -13129,7 +13137,8 @@ function readConfig() {
   const config = {
     apiKey: null,
     baseUrl: null,
-    orgId: null
+    orgId: null,
+    defaultProject: null
   };
   const userConfigPath = getConfigPath();
   if (fs.existsSync(userConfigPath)) {
@@ -13139,6 +13148,7 @@ function readConfig() {
       config.apiKey = parsed.apiKey || null;
       config.baseUrl = parsed.baseUrl || null;
       config.orgId = parsed.orgId || null;
+      config.defaultProject = parsed.defaultProject || null;
       return config;
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -15858,9 +15868,10 @@ var safeLoadAll = renamed("safeLoadAll", "loadAll");
 var safeDump = renamed("safeDump", "dump");
 
 // bin/postgres-ai.ts
-import * as fs4 from "fs";
-import * as path4 from "path";
+import * as fs5 from "fs";
+import * as path5 from "path";
 import * as os3 from "os";
+import * as crypto2 from "crypto";
 
 // node_modules/pg/esm/index.mjs
 var import_lib = __toESM(require_lib2(), 1);
@@ -15876,9 +15887,10 @@ var Result = import_lib.default.Result;
 var TypeOverrides = import_lib.default.TypeOverrides;
 var defaults = import_lib.default.defaults;
 // package.json
+var version = "0.14.0-dev.55";
 var package_default2 = {
   name: "postgresai",
-  version: "0.14.0-dev.53",
+  version,
   description: "postgres_ai CLI",
   license: "Apache-2.0",
   private: false,
@@ -15891,22 +15903,28 @@ var package_default2 = {
     url: "https://gitlab.com/postgres-ai/postgres_ai/-/issues"
   },
   bin: {
-    "postgres-ai": "./dist/bin/postgres-ai.js",
     postgresai: "./dist/bin/postgres-ai.js",
     pgai: "./dist/bin/postgres-ai.js"
   },
+  exports: {
+    ".": "./dist/bin/postgres-ai.js",
+    "./cli": "./dist/bin/postgres-ai.js"
+  },
   type: "module",
   engines: {
     node: ">=18"
   },
   scripts: {
-    build: `bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e "const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))" && cp -r sql dist/`,
+    "embed-metrics": "bun run scripts/embed-metrics.ts",
+    build: `bun run embed-metrics && bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e "const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))"`,
     prepublishOnly: "npm run build",
     start: "bun ./bin/postgres-ai.ts --help",
     "start:node": "node ./dist/bin/postgres-ai.js --help",
-    dev: "bun --watch ./bin/postgres-ai.ts",
-    test: "bun test",
-    typecheck: "bunx tsc --noEmit"
+    dev: "bun run embed-metrics && bun --watch ./bin/postgres-ai.ts",
+    test: "bun run embed-metrics && bun test",
+    "test:fast": "bun run embed-metrics && bun test --coverage=false",
+    "test:coverage": "bun run embed-metrics && bun test --coverage && echo 'Coverage report: cli/coverage/lcov-report/index.html'",
+    typecheck: "bun run embed-metrics && bunx tsc --noEmit"
   },
   dependencies: {
     "@modelcontextprotocol/sdk": "^1.20.2",
@@ -15918,6 +15936,8 @@ var package_default2 = {
     "@types/bun": "^1.1.14",
     "@types/js-yaml": "^4.0.9",
     "@types/pg": "^8.15.6",
+    ajv: "^8.17.1",
+    "ajv-formats": "^3.0.1",
     typescript: "^5.3.3"
   },
   publishConfig: {
@@ -15943,7 +15963,8 @@ function readConfig2() {
   const config = {
     apiKey: null,
     baseUrl: null,
-    orgId: null
+    orgId: null,
+    defaultProject: null
   };
   const userConfigPath = getConfigPath2();
   if (fs2.existsSync(userConfigPath)) {
@@ -15953,6 +15974,7 @@ function readConfig2() {
       config.apiKey = parsed.apiKey || null;
       config.baseUrl = parsed.baseUrl || null;
       config.orgId = parsed.orgId || null;
+      config.defaultProject = parsed.defaultProject || null;
       return config;
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -15983,6 +16005,49 @@ function readConfig2() {
 }
 
 // lib/util.ts
+var HTTP_STATUS_MESSAGES = {
+  400: "Bad Request",
+  401: "Unauthorized - check your API key",
+  403: "Forbidden - access denied",
+  404: "Not Found",
+  408: "Request Timeout",
+  429: "Too Many Requests - rate limited",
+  500: "Internal Server Error",
+  502: "Bad Gateway - server temporarily unavailable",
+  503: "Service Unavailable - server temporarily unavailable",
+  504: "Gateway Timeout - server temporarily unavailable"
+};
+function isHtmlContent(text) {
+  const trimmed = text.trim();
+  return trimmed.startsWith("<!DOCTYPE") || trimmed.startsWith("<html") || trimmed.startsWith("<HTML");
+}
+function formatHttpError(operation, status, responseBody) {
+  const statusMessage = HTTP_STATUS_MESSAGES[status] || "Request failed";
+  let errMsg = `${operation}: HTTP ${status} - ${statusMessage}`;
+  if (responseBody) {
+    if (isHtmlContent(responseBody)) {
+      return errMsg;
+    }
+    try {
+      const errObj = JSON.parse(responseBody);
+      const message = errObj.message || errObj.error || errObj.detail;
+      if (message && typeof message === "string") {
+        errMsg += `
+${message}`;
+      } else {
+        errMsg += `
+${JSON.stringify(errObj, null, 2)}`;
+      }
+    } catch {
+      const trimmed = responseBody.trim();
+      if (trimmed.length > 0 && trimmed.length < 500) {
+        errMsg += `
+${trimmed}`;
+      }
+    }
+  }
+  return errMsg;
+}
 function maskSecret(secret) {
   if (!secret)
     return "";
@@ -16049,18 +16114,7 @@ async function fetchIssues(params) {
       throw new Error(`Failed to parse issues response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to fetch issues: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to fetch issues", response.status, data));
   }
 }
 async function fetchIssueComments(params) {
@@ -16101,18 +16155,7 @@ async function fetchIssueComments(params) {
       throw new Error(`Failed to parse issue comments response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to fetch issue comments: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to fetch issue comments", response.status, data));
   }
 }
 async function fetchIssue(params) {
@@ -16161,18 +16204,7 @@ async function fetchIssue(params) {
       throw new Error(`Failed to parse issue response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to fetch issue: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to fetch issue", response.status, data));
   }
 }
 async function createIssueComment(params) {
@@ -16226,18 +16258,7 @@ async function createIssueComment(params) {
       throw new Error(`Failed to parse create comment response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to create issue comment: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to create issue comment", response.status, data));
   }
 }
 
@@ -17104,10 +17125,10 @@ var ksuid = /^[A-Za-z0-9]{27}$/;
 var nanoid = /^[a-zA-Z0-9_-]{21}$/;
 var duration = /^P(?:(\d+W)|(?!.*W)(?=\d|T\d)(\d+Y)?(\d+M)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+([.,]\d+)?S)?)?)$/;
 var guid = /^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$/;
-var uuid = (version) => {
-  if (!version)
+var uuid = (version2) => {
+  if (!version2)
     return /^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$/;
-  return new RegExp(`^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-${version}[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$`);
+  return new RegExp(`^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-${version2}[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$`);
 };
 var email = /^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\-]*\.)+[A-Za-z]{2,}$/;
 var _emoji = `^(\\p{Extended_Pictographic}|\\p{Emoji_Component})+$`;
@@ -17576,7 +17597,7 @@ class Doc {
 }
 
 // node_modules/zod/v4/core/versions.js
-var version = {
+var version2 = {
   major: 4,
   minor: 2,
   patch: 1
@@ -17588,7 +17609,7 @@ var $ZodType = /* @__PURE__ */ $constructor("$ZodType", (inst, def) => {
   inst ?? (inst = {});
   inst._zod.def = def;
   inst._zod.bag = inst._zod.bag || {};
-  inst._zod.version = version;
+  inst._zod.version = version2;
   const checks = [...inst._zod.def.checks ?? []];
   if (inst._zod.traits.has("$ZodCheck")) {
     checks.unshift(inst);
@@ -23273,18 +23294,7 @@ async function fetchIssues2(params) {
       throw new Error(`Failed to parse issues response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to fetch issues: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to fetch issues", response.status, data));
   }
 }
 async function fetchIssueComments2(params) {
@@ -23325,18 +23335,7 @@ async function fetchIssueComments2(params) {
       throw new Error(`Failed to parse issue comments response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to fetch issue comments: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to fetch issue comments", response.status, data));
   }
 }
 async function fetchIssue2(params) {
@@ -23385,18 +23384,7 @@ async function fetchIssue2(params) {
       throw new Error(`Failed to parse issue response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to fetch issue: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to fetch issue", response.status, data));
   }
 }
 async function createIssueComment2(params) {
@@ -23450,18 +23438,7 @@ async function createIssueComment2(params) {
       throw new Error(`Failed to parse create comment response: ${data}`);
     }
   } else {
-    let errMsg = `Failed to create issue comment: HTTP ${response.status}`;
-    if (data) {
-      try {
-        const errObj = JSON.parse(data);
-        errMsg += `
-${JSON.stringify(errObj, null, 2)}`;
-      } catch {
-        errMsg += `
-${data}`;
-      }
-    }
-    throw new Error(errMsg);
+    throw new Error(formatHttpError("Failed to create issue comment", response.status, data));
   }
 }
 
@@ -24055,20 +24032,32 @@ function createCallbackServer(port = 0, expectedState = null, timeoutMs = 300000
   let actualPort = port;
   let resolveCallback;
   let rejectCallback;
+  let resolveReady;
+  let rejectReady;
   let serverInstance = null;
   const promise2 = new Promise((resolve4, reject) => {
     resolveCallback = resolve4;
     rejectCallback = reject;
   });
+  const ready = new Promise((resolve4, reject) => {
+    resolveReady = resolve4;
+    rejectReady = reject;
+  });
+  let timeoutId = null;
   const stopServer = () => {
+    if (timeoutId) {
+      clearTimeout(timeoutId);
+      timeoutId = null;
+    }
     if (serverInstance) {
       serverInstance.close();
       serverInstance = null;
     }
   };
-  const timeout = setTimeout(() => {
+  timeoutId = setTimeout(() => {
     if (!resolved) {
       resolved = true;
+      timeoutId = null;
       stopServer();
       rejectCallback(new Error("Authentication timeout. Please try again."));
     }
@@ -24091,7 +24080,10 @@ function createCallbackServer(port = 0, expectedState = null, timeoutMs = 300000
     const errorDescription = url.searchParams.get("error_description");
     if (error2) {
       resolved = true;
-      clearTimeout(timeout);
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+        timeoutId = null;
+      }
       setTimeout(() => stopServer(), 100);
       rejectCallback(new Error(`OAuth error: ${error2}${errorDescription ? ` - ${errorDescription}` : ""}`));
       res.writeHead(400, { "Content-Type": "text/html" });
@@ -24145,7 +24137,10 @@ function createCallbackServer(port = 0, expectedState = null, timeoutMs = 300000
     }
     if (expectedState && state !== expectedState) {
       resolved = true;
-      clearTimeout(timeout);
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+        timeoutId = null;
+      }
       setTimeout(() => stopServer(), 100);
       rejectCallback(new Error("State mismatch (possible CSRF attack)"));
       res.writeHead(400, { "Content-Type": "text/html" });
@@ -24172,7 +24167,10 @@ function createCallbackServer(port = 0, expectedState = null, timeoutMs = 300000
       return;
     }
     resolved = true;
-    clearTimeout(timeout);
+    if (timeoutId) {
+      clearTimeout(timeoutId);
+      timeoutId = null;
+    }
     resolveCallback({ code, state });
     setTimeout(() => stopServer(), 100);
     res.writeHead(200, { "Content-Type": "text/html" });
@@ -24197,15 +24195,32 @@ function createCallbackServer(port = 0, expectedState = null, timeoutMs = 300000
 </html>
     `);
   });
+  serverInstance.on("error", (err) => {
+    if (timeoutId) {
+      clearTimeout(timeoutId);
+      timeoutId = null;
+    }
+    if (err.code === "EADDRINUSE") {
+      rejectReady(new Error(`Port ${port} is already in use`));
+    } else {
+      rejectReady(new Error(`Server error: ${err.message}`));
+    }
+    if (!resolved) {
+      resolved = true;
+      rejectCallback(err);
+    }
+  });
   serverInstance.listen(port, "127.0.0.1", () => {
     const address = serverInstance?.address();
     if (address && typeof address === "object") {
       actualPort = address.port;
     }
+    resolveReady(actualPort);
   });
   return {
     server: { stop: stopServer },
     promise: promise2,
+    ready,
     getPort: () => actualPort
   };
 }
@@ -24213,6 +24228,1667 @@ function createCallbackServer(port = 0, expectedState = null, timeoutMs = 300000
 // bin/postgres-ai.ts
 import { createInterface } from "readline";
 import * as childProcess from "child_process";
+
+// lib/checkup.ts
+import * as fs4 from "fs";
+import * as path4 from "path";
+
+// lib/metrics-embedded.ts
+var METRICS = {
+  settings: {
+    description: "This metric collects various PostgreSQL server settings and configurations. It provides insights into the server's configuration, including version, memory settings, and other important parameters. This metric is useful for monitoring server settings and ensuring optimal performance. Note: For lock_timeout and statement_timeout, we use reset_val instead of setting because pgwatch overrides these during metric collection, which would mask the actual configured values.",
+    sqls: {
+      11: `with base as ( /* pgwatch_generated */
+  select
+    name,
+    -- Use reset_val for lock_timeout/statement_timeout because pgwatch overrides them
+    -- during collection (lock_timeout=100ms, statement_timeout per-metric).
+    case
+      when name in ('lock_timeout', 'statement_timeout') then reset_val
+      else setting
+    end as effective_setting,
+    unit,
+    category,
+    vartype,
+    -- For lock_timeout/statement_timeout, compare reset_val with boot_val
+    -- since source becomes 'session' during collection.
+    case
+      when name in ('lock_timeout', 'statement_timeout') then (reset_val = boot_val)
+      else (source = 'default')
+    end as is_default_bool
+  from pg_settings
+), with_numeric as (
+  select
+    *,
+    case
+      when effective_setting ~ '^-?[0-9]+$' then effective_setting::bigint
+      else null
+    end as numeric_value
+  from base
+)
+select
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  name as tag_setting_name,
+  effective_setting as tag_setting_value,
+  unit as tag_unit,
+  category as tag_category,
+  vartype as tag_vartype,
+  numeric_value,
+  case
+    when numeric_value is null then null
+    when unit = '8kB' then numeric_value * 8192
+    when unit = 'kB' then numeric_value * 1024
+    when unit = 'MB' then numeric_value * 1024 * 1024
+    when unit = 'B' then numeric_value
+    when unit = 'ms' then numeric_value::numeric / 1000
+    when unit = 's' then numeric_value::numeric
+    when unit = 'min' then numeric_value::numeric * 60
+    else null
+  end as setting_normalized,
+  case unit
+    when '8kB' then 'bytes'
+    when 'kB' then 'bytes'
+    when 'MB' then 'bytes'
+    when 'B' then 'bytes'
+    when 'ms' then 'seconds'
+    when 's' then 'seconds'
+    when 'min' then 'seconds'
+    else null
+  end as unit_normalized,
+  case when is_default_bool then 1 else 0 end as is_default,
+  1 as configured
+from with_numeric`
+    },
+    gauges: ["*"],
+    statement_timeout_seconds: 15
+  },
+  db_stats: {
+    description: "Retrieves key statistics from the PostgreSQL `pg_stat_database` view, providing insights into the current database's performance. It returns the number of backends, transaction commits and rollbacks, buffer reads and hits, tuple statistics, conflicts, temporary files and bytes, deadlocks, block read and write times, postmaster uptime, backup duration, recovery status, system identifier, and invalid indexes. This metric helps administrators monitor database activity and performance.",
+    sqls: {
+      11: `select /* pgwatch_generated */
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  numbackends,
+  xact_commit,
+  xact_rollback,
+  blks_read,
+  blks_hit,
+  tup_returned,
+  tup_fetched,
+  tup_inserted,
+  tup_updated,
+  tup_deleted,
+  conflicts,
+  temp_files,
+  temp_bytes,
+  deadlocks,
+  blk_read_time,
+  blk_write_time,
+  extract(epoch from (now() - pg_postmaster_start_time()))::int8 as postmaster_uptime_s,
+  case when pg_is_in_recovery() then 1 else 0 end as in_recovery_int,
+  system_identifier::text as tag_sys_id,
+  (select count(*) from pg_index i
+    where not indisvalid
+    and not exists ( /* leave out ones that are being actively rebuilt */
+      select * from pg_locks l
+      join pg_stat_activity a using (pid)
+      where l.relation = i.indexrelid
+      and a.state = 'active'
+      and a.query ~* 'concurrently'
+  )) as invalid_indexes
+from
+  pg_stat_database, pg_control_system()
+where
+  datname = current_database()`,
+      12: `select /* pgwatch_generated */
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  numbackends,
+  xact_commit,
+  xact_rollback,
+  blks_read,
+  blks_hit,
+  tup_returned,
+  tup_fetched,
+  tup_inserted,
+  tup_updated,
+  tup_deleted,
+  conflicts,
+  temp_files,
+  temp_bytes,
+  deadlocks,
+  blk_read_time,
+  blk_write_time,
+  extract(epoch from (now() - pg_postmaster_start_time()))::int8 as postmaster_uptime_s,
+  extract(epoch from (now() - pg_backup_start_time()))::int8 as backup_duration_s,
+  checksum_failures,
+  extract(epoch from (now() - checksum_last_failure))::int8 as checksum_last_failure_s,
+  case when pg_is_in_recovery() then 1 else 0 end as in_recovery_int,
+  system_identifier::text as tag_sys_id,
+  (select count(*) from pg_index i
+    where not indisvalid
+    and not exists ( /* leave out ones that are being actively rebuilt */
+      select * from pg_locks l
+      join pg_stat_activity a using (pid)
+      where l.relation = i.indexrelid
+      and a.state = 'active'
+      and a.query ~* 'concurrently'
+  )) as invalid_indexes
+from
+  pg_stat_database, pg_control_system()
+where
+  datname = current_database()`,
+      14: `select /* pgwatch_generated */
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  numbackends,
+  xact_commit,
+  xact_rollback,
+  blks_read,
+  blks_hit,
+  tup_returned,
+  tup_fetched,
+  tup_inserted,
+  tup_updated,
+  tup_deleted,
+  conflicts,
+  temp_files,
+  temp_bytes,
+  deadlocks,
+  blk_read_time,
+  blk_write_time,
+  extract(epoch from (now() - pg_postmaster_start_time()))::int8 as postmaster_uptime_s,
+  extract(epoch from (now() - pg_backup_start_time()))::int8 as backup_duration_s,
+  checksum_failures,
+  extract(epoch from (now() - checksum_last_failure))::int8 as checksum_last_failure_s,
+  case when pg_is_in_recovery() then 1 else 0 end as in_recovery_int,
+  system_identifier::text as tag_sys_id,
+  session_time::int8,
+  active_time::int8,
+  idle_in_transaction_time::int8,
+  sessions,
+  sessions_abandoned,
+  sessions_fatal,
+  sessions_killed,
+  (select count(*) from pg_index i
+    where not indisvalid
+    and not exists ( /* leave out ones that are being actively rebuilt */
+      select * from pg_locks l
+      join pg_stat_activity a using (pid)
+      where l.relation = i.indexrelid
+      and a.state = 'active'
+      and a.query ~* 'concurrently'
+  )) as invalid_indexes
+from
+  pg_stat_database, pg_control_system()
+where
+  datname = current_database()`,
+      15: `select /* pgwatch_generated */
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  numbackends,
+  xact_commit,
+  xact_rollback,
+  blks_read,
+  blks_hit,
+  tup_returned,
+  tup_fetched,
+  tup_inserted,
+  tup_updated,
+  tup_deleted,
+  conflicts,
+  temp_files,
+  temp_bytes,
+  deadlocks,
+  blk_read_time,
+  blk_write_time,
+  extract(epoch from (now() - pg_postmaster_start_time()))::int8 as postmaster_uptime_s,
+  checksum_failures,
+  extract(epoch from (now() - checksum_last_failure))::int8 as checksum_last_failure_s,
+  case when pg_is_in_recovery() then 1 else 0 end as in_recovery_int,
+  system_identifier::text as tag_sys_id,
+  session_time::int8,
+  active_time::int8,
+  idle_in_transaction_time::int8,
+  sessions,
+  sessions_abandoned,
+  sessions_fatal,
+  sessions_killed,
+  (select count(*) from pg_index i
+    where not indisvalid
+    and not exists ( /* leave out ones that are being actively rebuilt */
+      select * from pg_locks l
+      join pg_stat_activity a using (pid)
+      where l.relation = i.indexrelid
+      and a.state = 'active'
+      and a.query ~* 'concurrently'
+  )) as invalid_indexes
+from
+  pg_stat_database, pg_control_system()
+where
+  datname = current_database()`
+    },
+    gauges: ["*"],
+    statement_timeout_seconds: 15
+  },
+  db_size: {
+    description: "Retrieves the size of the current database and the size of the `pg_catalog` schema, providing insights into the storage usage of the database. It returns the size in bytes for both the current database and the catalog schema. This metric helps administrators monitor database size and storage consumption.",
+    sqls: {
+      11: `select /* pgwatch_generated */
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  pg_database_size(current_database()) as size_b,
+  (select sum(pg_total_relation_size(c.oid))::int8
+    from pg_class c join pg_namespace n on n.oid = c.relnamespace
+    where nspname = 'pg_catalog' and relkind = 'r'
+  ) as catalog_size_b`
+    },
+    gauges: ["*"],
+    statement_timeout_seconds: 300
+  },
+  pg_invalid_indexes: {
+    description: "This metric identifies invalid indexes in the database. It provides insights into the number of invalid indexes and their details. This metric helps administrators identify and fix invalid indexes to improve database performance.",
+    sqls: {
+      11: `with fk_indexes as ( /* pgwatch_generated */
+  select
+    schemaname as tag_schema_name,
+    (indexrelid::regclass)::text as tag_index_name,
+    (relid::regclass)::text as tag_table_name,
+    (confrelid::regclass)::text as tag_fk_table_ref,
+    array_to_string(indclass, ', ') as tag_opclasses
+  from
+    pg_stat_all_indexes
+  join pg_index using (indexrelid)
+  left join pg_constraint
+    on array_to_string(indkey, ',') = array_to_string(conkey, ',')
+      and schemaname = (connamespace::regnamespace)::text
+      and conrelid = relid
+      and contype = 'f'
+  where idx_scan = 0
+    and indisunique is false
+    and conkey is not null --conkey is not null then true else false end as is_fk_idx
+), data as (
+  select
+    pci.relname as tag_index_name,
+    pn.nspname as tag_schema_name,
+    pct.relname as tag_table_name,
+    quote_ident(pn.nspname) as tag_schema_name,
+    quote_ident(pci.relname) as tag_index_name,
+    quote_ident(pct.relname) as tag_table_name,
+    coalesce(nullif(quote_ident(pn.nspname), 'public') || '.', '') || quote_ident(pct.relname) as tag_relation_name,
+    pg_relation_size(pidx.indexrelid) index_size_bytes,
+    ((
+      select count(1)
+      from fk_indexes fi
+      where
+        fi.tag_fk_table_ref = pct.relname
+        and fi.tag_opclasses like (array_to_string(pidx.indclass, ', ') || '%')
+    ) > 0)::int as supports_fk
+  from pg_index pidx
+  join pg_class as pci on pci.oid = pidx.indexrelid
+  join pg_class as pct on pct.oid = pidx.indrelid
+  left join pg_namespace pn on pn.oid = pct.relnamespace
+  where pidx.indisvalid = false
+), data_total as (
+    select
+      sum(index_size_bytes) as index_size_bytes_sum
+    from data
+), num_data as (
+  select
+    row_number() over () num,
+    data.*
+  from data
+)
+select
+  (extract(epoch from now()) * 1e9)::int8 as epoch_ns,
+  current_database() as tag_datname,
+  num_data.*
+from num_data
+limit 1000;
+`
+    },
+    gauges: ["*"],
+    statement_timeout_seconds: 15
+  },
+  unused_indexes: {
+    description: "This metric identifies unused indexes in the database. It provides insights into the number of unused indexes and their details. This metric helps administrators identify and fix unused indexes to improve database performance.",
+    sqls: {
+      11: `with fk_indexes as ( /* pgwatch_generated */
+  select
+    n.nspname as schema_name,
+    ci.relname as index_name,
+    cr.relname as table_name,
+    (confrelid::regclass)::text as fk_table_ref,
+    array_to_string(indclass, ', ') as opclasses
+  from pg_index i
+  join pg_class ci on ci.oid = i.indexrelid and ci.relkind = 'i'
+  join pg_class cr on cr.oid = i.indrelid and cr.relkind = 'r'
+  join pg_namespace n on n.oid = ci.relnamespace
+  join pg_constraint cn on cn.conrelid = cr.oid
+  left join pg_stat_all_indexes as si on si.indexrelid = i.indexrelid
+  where
+    contype = 'f'
+    and i.indisunique is false
+    and conkey is not null
+    and ci.relpages > 5
+    and si.idx_scan < 10
+), table_scans as (
+  select relid,
+      tables.idx_scan + tables.seq_scan as all_scans,
+      ( tables.n_tup_ins + tables.n_tup_upd + tables.n_tup_del ) as writes,
+    pg_relation_size(relid) as table_size
+      from pg_stat_all_tables as tables
+      join pg_class c on c.oid = relid
+      where c.relpages > 5
+), indexes as (
+  select
+    i.indrelid,
+    i.indexrelid,
+    n.nspname as schema_name,
+    cr.relname as table_name,
+    ci.relname as index_name,
+    si.idx_scan,
+    pg_relation_size(i.indexrelid) as index_bytes,
+    ci.relpages,
+    (case when a.amname = 'btree' then true else false end) as idx_is_btree,
+    array_to_string(i.indclass, ', ') as opclasses
+  from pg_index i
+    join pg_class ci on ci.oid = i.indexrelid and ci.relkind = 'i'
+    join pg_class cr on cr.oid = i.indrelid and cr.relkind = 'r'
+    join pg_namespace n on n.oid = ci.relnamespace
+    join pg_am a on ci.relam = a.oid
+    left join pg_stat_all_indexes as si on si.indexrelid = i.indexrelid
+  where
+    i.indisunique = false
+    and i.indisvalid = true
+    and ci.relpages > 5
+), index_ratios as (
+  select
+    i.indexrelid as index_id,
+    i.schema_name,
+    i.table_name,
+    i.index_name,
+    idx_scan,
+    all_scans,
+    round(( case when all_scans = 0 then 0.0::numeric
+      else idx_scan::numeric/all_scans * 100 end), 2) as index_scan_pct,
+    writes,
+    round((case when writes = 0 then idx_scan::numeric else idx_scan::numeric/writes end), 2)
+      as scans_per_write,
+    index_bytes as index_size_bytes,
+    table_size as table_size_bytes,
+    i.relpages,
+    idx_is_btree,
+    i.opclasses,
+    (
+      select count(1)
+      from fk_indexes fi
+      where fi.fk_table_ref = i.table_name
+        and fi.schema_name = i.schema_name
+        and fi.opclasses like (i.opclasses || '%')
+    ) > 0 as supports_fk
+  from indexes i
+  join table_scans ts on ts.relid = i.indrelid
+)
+select
+  'Never Used Indexes' as tag_reason,
+  current_database() as tag_datname,
+  index_id,
+  schema_name as tag_schema_name,
+  table_name as tag_table_name,
+  index_name as tag_index_name,
+  pg_get_indexdef(index_id) as index_definition,
+  idx_scan,
+  all_scans,
+  index_scan_pct,
+  writes,
+  scans_per_write,
+  index_size_bytes,
+  table_size_bytes,
+  relpages,
+  idx_is_btree,
+  opclasses as tag_opclasses,
+  supports_fk
+from index_ratios
+where
+  idx_scan = 0
+  and idx_is_btree
+order by index_size_bytes desc
+limit 1000;
+`
+    },
+    gauges: ["*"],
+    statement_timeout_seconds: 15
+  },
+  redundant_indexes: {
+    description: "This metric identifies redundant indexes that can potentially be dropped to save storage space and improve write performance. It analyzes index relationships and finds indexes that are covered by other indexes, considering column order, operator classes, and foreign key constraints. Uses the exact logic from tmp.sql with JSON aggregation and proper thresholds.",
+    sqls: {
+      11: `with fk_indexes as ( /* pgwatch_generated */
+  select
+    n.nspname as schema_name,
+    ci.relname as index_name,
+    cr.relname as table_name,
+    (confrelid::regclass)::text as fk_table_ref,
+    array_to_string(indclass, ', ') as opclasses
+  from pg_index i
+  join pg_class ci on ci.oid = i.indexrelid and ci.relkind = 'i'
+  join pg_class cr on cr.oid = i.indrelid and cr.relkind = 'r'
+  join pg_namespace n on n.oid = ci.relnamespace
+  join pg_constraint cn on cn.conrelid = cr.oid
+  left join pg_stat_all_indexes as si on si.indexrelid = i.indexrelid
+  where
+    contype = 'f'
+    and i.indisunique is false
+    and conkey is not null
+    and ci.relpages > 5
+    and si.idx_scan < 10
+),
+-- Redundant indexes
+index_data as (
+  select
+    *,
+    indkey::text as columns,
+    array_to_string(indclass, ', ') as opclasses
+  from pg_index i
+  join pg_class ci on ci.oid = i.indexrelid and ci.relkind = 'i'
+  where indisvalid = true and ci.relpages > 5
+), redundant_indexes as (
+  select
+    i2.indexrelid as index_id,
+    tnsp.nspname as schema_name,
+    trel.relname as table_name,
+    pg_relation_size(trel.oid) as table_size_bytes,
+    irel.relname as index_name,
+    am1.amname as access_method,
+    (i1.indexrelid::regclass)::text as reason,
+    i1.indexrelid as reason_index_id,
+    pg_get_indexdef(i1.indexrelid) main_index_def,
+    pg_relation_size(i1.indexrelid) main_index_size_bytes,
+    pg_get_indexdef(i2.indexrelid) index_def,
+    pg_relation_size(i2.indexrelid) index_size_bytes,
+    s.idx_scan as index_usage,
+    quote_ident(tnsp.nspname) as formated_schema_name,
+    coalesce(nullif(quote_ident(tnsp.nspname), 'public') || '.', '') || quote_ident(irel.relname) as formated_index_name,
+    quote_ident(trel.relname) as formated_table_name,
+    coalesce(nullif(quote_ident(tnsp.nspname), 'public') || '.', '') || quote_ident(trel.relname) as formated_relation_name,
+    i2.opclasses
+  from (
+    select indrelid, indexrelid, opclasses, indclass, indexprs, indpred, indisprimary, indisunique, columns
+      from index_data
+      order by indexrelid
+    ) as i1
+    join index_data as i2 on (
+        i1.indrelid = i2.indrelid -- same table
+        and i1.indexrelid <> i2.indexrelid -- NOT same index
+    )
+    inner join pg_opclass op1 on i1.indclass[0] = op1.oid
+    inner join pg_opclass op2 on i2.indclass[0] = op2.oid
+    inner join pg_am am1 on op1.opcmethod = am1.oid
+    inner join pg_am am2 on op2.opcmethod = am2.oid
+    join pg_stat_all_indexes as s on s.indexrelid = i2.indexrelid
+    join pg_class as trel on trel.oid = i2.indrelid
+    join pg_namespace as tnsp on trel.relnamespace = tnsp.oid
+    join pg_class as irel on irel.oid = i2.indexrelid
+  where
+    not i2.indisprimary -- index 1 is not primary
+    and not i2.indisunique -- index 1 is not unique (unique indexes serve constraint purpose)
+    and  am1.amname = am2.amname -- same access type
+    and i1.columns like (i2.columns || '%') -- index 2 includes all columns from index 1
+    and i1.opclasses like (i2.opclasses || '%')
+    -- index expressions is same
+    and pg_get_expr(i1.indexprs, i1.indrelid) is not distinct from pg_get_expr(i2.indexprs, i2.indrelid)
+    -- index predicates is same
+    and pg_get_expr(i1.indpred, i1.indrelid) is not distinct from pg_get_expr(i2.indpred, i2.indrelid)
+), redundant_indexes_fk as (
+  select
+    ri.*,
+    ((
+      select count(1)
+      from fk_indexes fi
+      where
+        fi.fk_table_ref = ri.table_name
+        and fi.opclasses like (ri.opclasses || '%')
+    ) > 0)::int as supports_fk
+  from redundant_indexes ri
+),
+-- Cut recursive links
+redundant_indexes_tmp_num as (
+  select row_number() over () num, rig.*
+  from redundant_indexes_fk rig
+), redundant_indexes_tmp_links as (
+    select
+    ri1.*,
+    ri2.num as r_num
+    from redundant_indexes_tmp_num ri1
+    left join redundant_indexes_tmp_num ri2 on ri2.reason_index_id = ri1.index_id and ri1.reason_index_id = ri2.index_id
+), redundant_indexes_tmp_cut as (
+    select
+    *
+    from redundant_indexes_tmp_links
+    where num < r_num or r_num is null
+), redundant_indexes_cut_grouped as (
+  select
+    distinct(num),
+    *
+  from redundant_indexes_tmp_cut
+  order by index_size_bytes desc
+), redundant_indexes_grouped as (
+  select
+    index_id,
+    schema_name as tag_schema_name,
+    table_name,
+    table_size_bytes,
+    index_name as tag_index_name,
+    access_method as tag_access_method,
+    string_agg(distinct reason, ', ') as tag_reason,
+    index_size_bytes,
+    index_usage,
+    index_def as index_definition,
+    formated_index_name as tag_index_name,
+    formated_schema_name as tag_schema_name,
+    formated_table_name as tag_table_name,
+    formated_relation_name as tag_relation_name,
+    supports_fk::int as supports_fk,
+    json_agg(
+      distinct jsonb_build_object(
+        'index_name', reason,
+        'index_definition', main_index_def,
+        'index_size_bytes', main_index_size_bytes
+      )
+    )::text as redundant_to_json
+  from redundant_indexes_cut_grouped
+  group by
+    index_id,
+    table_size_bytes,
+    schema_name,
+    table_name,
+    index_name,
+    access_method,
+    index_def,
+    index_size_bytes,
+    index_usage,
+    formated_index_name,
+    formated_schema_name,
+    formated_table_name,
+    formated_relation_name,
+    supports_fk
+  order by index_size_bytes desc
+)
+select * from redundant_indexes_grouped
+limit 1000;
+`
+    },
+    gauges: ["*"],
+    statement_timeout_seconds: 15
+  },
+  stats_reset: {
+    description: "This metric tracks when statistics were last reset at the database level. It provides visibility into the freshness of statistics data, which is essential for understanding the reliability of usage metrics. A recent reset time indicates that usage statistics may not reflect long-term patterns. Note that Postgres tracks stats resets at the database level, not per-index or per-table.",
+    sqls: {
+      11: `select /* pgwatch_generated */
+  datname as tag_database_name,
+  extract(epoch from stats_reset)::int as stats_reset_epoch,
+  extract(epoch from now() - stats_reset)::int as seconds_since_reset
+from pg_stat_database
+where datname = current_database()
+  and stats_reset is not null;
+`
+    },
+    gauges: ["stats_reset_epoch", "seconds_since_reset"],
+    statement_timeout_seconds: 15
+  }
+};
+
+// lib/metrics-loader.ts
+function getMetricSql(metricName, pgMajorVersion = 16) {
+  const metric = METRICS[metricName];
+  if (!metric) {
+    throw new Error(`Metric "${metricName}" not found. Available metrics: ${Object.keys(METRICS).join(", ")}`);
+  }
+  const availableVersions = Object.keys(metric.sqls).map((v) => parseInt(v, 10)).sort((a, b) => b - a);
+  const matchingVersion = availableVersions.find((v) => v <= pgMajorVersion);
+  if (matchingVersion === undefined) {
+    throw new Error(`No compatible SQL version for metric "${metricName}" with PostgreSQL ${pgMajorVersion}. ` + `Available versions: ${availableVersions.join(", ")}`);
+  }
+  return metric.sqls[matchingVersion];
+}
+var METRIC_NAMES = {
+  H001: "pg_invalid_indexes",
+  H002: "unused_indexes",
+  H004: "redundant_indexes",
+  settings: "settings",
+  dbStats: "db_stats",
+  dbSize: "db_size",
+  statsReset: "stats_reset"
+};
+function transformMetricRow(row) {
+  const result = {};
+  for (const [key, value] of Object.entries(row)) {
+    if (key === "epoch_ns" || key === "num" || key === "tag_datname") {
+      continue;
+    }
+    const newKey = key.startsWith("tag_") ? key.slice(4) : key;
+    result[newKey] = value;
+  }
+  return result;
+}
+
+// lib/checkup.ts
+var __dirname = "/builds/postgres-ai/postgres_ai/cli/lib";
+var SECONDS_PER_DAY = 86400;
+var SECONDS_PER_HOUR = 3600;
+var SECONDS_PER_MINUTE = 60;
+function toBool(val) {
+  return val === true || val === 1 || val === "t" || val === "true";
+}
+function parseVersionNum(versionNum) {
+  if (!versionNum || versionNum.length < 6) {
+    return { major: "", minor: "" };
+  }
+  try {
+    const num = parseInt(versionNum, 10);
+    return {
+      major: Math.floor(num / 1e4).toString(),
+      minor: (num % 1e4).toString()
+    };
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    console.log(`[parseVersionNum] Warning: Failed to parse "${versionNum}": ${errorMsg}`);
+    return { major: "", minor: "" };
+  }
+}
+function formatBytes(bytes) {
+  if (bytes === 0)
+    return "0 B";
+  if (bytes < 0)
+    return `-${formatBytes(-bytes)}`;
+  if (!Number.isFinite(bytes))
+    return `${bytes} B`;
+  const units = ["B", "KiB", "MiB", "GiB", "TiB", "PiB"];
+  const i2 = Math.min(Math.floor(Math.log(bytes) / Math.log(1024)), units.length - 1);
+  return `${(bytes / Math.pow(1024, i2)).toFixed(2)} ${units[i2]}`;
+}
+function formatSettingPrettyValue(settingNormalized, unitNormalized, rawValue) {
+  if (settingNormalized === null || unitNormalized === null) {
+    return rawValue;
+  }
+  if (unitNormalized === "bytes") {
+    return formatBytes(settingNormalized);
+  }
+  if (unitNormalized === "seconds") {
+    const MS_PER_SECOND = 1000;
+    if (settingNormalized < 1) {
+      return `${(settingNormalized * MS_PER_SECOND).toFixed(0)} ms`;
+    } else if (settingNormalized < SECONDS_PER_MINUTE) {
+      return `${settingNormalized} s`;
+    } else {
+      return `${(settingNormalized / SECONDS_PER_MINUTE).toFixed(1)} min`;
+    }
+  }
+  return rawValue;
+}
+async function getPostgresVersion(client) {
+  const result = await client.query(`
+    select name, setting
+    from pg_settings
+    where name in ('server_version', 'server_version_num')
+  `);
+  let version3 = "";
+  let serverVersionNum = "";
+  for (const row of result.rows) {
+    if (row.name === "server_version") {
+      version3 = row.setting;
+    } else if (row.name === "server_version_num") {
+      serverVersionNum = row.setting;
+    }
+  }
+  const { major, minor } = parseVersionNum(serverVersionNum);
+  return {
+    version: version3,
+    server_version_num: serverVersionNum,
+    server_major_ver: major,
+    server_minor_ver: minor
+  };
+}
+async function getSettings(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.settings, pgMajorVersion);
+  const result = await client.query(sql);
+  const settings = {};
+  for (const row of result.rows) {
+    const name = row.tag_setting_name;
+    const settingValue = row.tag_setting_value;
+    const unit = row.tag_unit || "";
+    const category = row.tag_category || "";
+    const vartype = row.tag_vartype || "";
+    const settingNormalized = row.setting_normalized !== null ? parseFloat(row.setting_normalized) : null;
+    const unitNormalized = row.unit_normalized || null;
+    settings[name] = {
+      setting: settingValue,
+      unit,
+      category,
+      context: "",
+      vartype,
+      pretty_value: formatSettingPrettyValue(settingNormalized, unitNormalized, settingValue)
+    };
+  }
+  return settings;
+}
+async function getAlteredSettings(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.settings, pgMajorVersion);
+  const result = await client.query(sql);
+  const settings = {};
+  for (const row of result.rows) {
+    if (!toBool(row.is_default)) {
+      const name = row.tag_setting_name;
+      const settingValue = row.tag_setting_value;
+      const unit = row.tag_unit || "";
+      const category = row.tag_category || "";
+      const settingNormalized = row.setting_normalized !== null ? parseFloat(row.setting_normalized) : null;
+      const unitNormalized = row.unit_normalized || null;
+      settings[name] = {
+        value: settingValue,
+        unit,
+        category,
+        pretty_value: formatSettingPrettyValue(settingNormalized, unitNormalized, settingValue)
+      };
+    }
+  }
+  return settings;
+}
+async function getDatabaseSizes(client) {
+  const result = await client.query(`
+    select
+      datname,
+      pg_database_size(datname) as size_bytes
+    from pg_database
+    where datistemplate = false
+    order by size_bytes desc
+  `);
+  const sizes = {};
+  for (const row of result.rows) {
+    sizes[row.datname] = parseInt(row.size_bytes, 10);
+  }
+  return sizes;
+}
+async function getClusterInfo(client, pgMajorVersion = 16) {
+  const info = {};
+  const dbStatsSql = getMetricSql(METRIC_NAMES.dbStats, pgMajorVersion);
+  const statsResult = await client.query(dbStatsSql);
+  if (statsResult.rows.length > 0) {
+    const stats = statsResult.rows[0];
+    info.total_connections = {
+      value: String(stats.numbackends || 0),
+      unit: "connections",
+      description: "Current database connections"
+    };
+    info.total_commits = {
+      value: String(stats.xact_commit || 0),
+      unit: "transactions",
+      description: "Total committed transactions"
+    };
+    info.total_rollbacks = {
+      value: String(stats.xact_rollback || 0),
+      unit: "transactions",
+      description: "Total rolled back transactions"
+    };
+    const blocksHit = parseInt(stats.blks_hit || "0", 10);
+    const blocksRead = parseInt(stats.blks_read || "0", 10);
+    const totalBlocks = blocksHit + blocksRead;
+    const cacheHitRatio = totalBlocks > 0 ? (blocksHit / totalBlocks * 100).toFixed(2) : "0.00";
+    info.cache_hit_ratio = {
+      value: cacheHitRatio,
+      unit: "%",
+      description: "Buffer cache hit ratio"
+    };
+    info.blocks_read = {
+      value: String(blocksRead),
+      unit: "blocks",
+      description: "Total disk blocks read"
+    };
+    info.blocks_hit = {
+      value: String(blocksHit),
+      unit: "blocks",
+      description: "Total buffer cache hits"
+    };
+    info.tuples_returned = {
+      value: String(stats.tup_returned || 0),
+      unit: "rows",
+      description: "Total rows returned by queries"
+    };
+    info.tuples_fetched = {
+      value: String(stats.tup_fetched || 0),
+      unit: "rows",
+      description: "Total rows fetched by queries"
+    };
+    info.tuples_inserted = {
+      value: String(stats.tup_inserted || 0),
+      unit: "rows",
+      description: "Total rows inserted"
+    };
+    info.tuples_updated = {
+      value: String(stats.tup_updated || 0),
+      unit: "rows",
+      description: "Total rows updated"
+    };
+    info.tuples_deleted = {
+      value: String(stats.tup_deleted || 0),
+      unit: "rows",
+      description: "Total rows deleted"
+    };
+    info.total_deadlocks = {
+      value: String(stats.deadlocks || 0),
+      unit: "deadlocks",
+      description: "Total deadlocks detected"
+    };
+    info.temp_files_created = {
+      value: String(stats.temp_files || 0),
+      unit: "files",
+      description: "Total temporary files created"
+    };
+    const tempBytes = parseInt(stats.temp_bytes || "0", 10);
+    info.temp_bytes_written = {
+      value: formatBytes(tempBytes),
+      unit: "bytes",
+      description: "Total temporary file bytes written"
+    };
+    if (stats.postmaster_uptime_s) {
+      const uptimeSeconds = parseInt(stats.postmaster_uptime_s, 10);
+      const days = Math.floor(uptimeSeconds / SECONDS_PER_DAY);
+      const hours = Math.floor(uptimeSeconds % SECONDS_PER_DAY / SECONDS_PER_HOUR);
+      const minutes = Math.floor(uptimeSeconds % SECONDS_PER_HOUR / SECONDS_PER_MINUTE);
+      info.uptime = {
+        value: `${days} days ${hours}:${String(minutes).padStart(2, "0")}:${String(uptimeSeconds % SECONDS_PER_MINUTE).padStart(2, "0")}`,
+        unit: "interval",
+        description: "Server uptime"
+      };
+    }
+  }
+  const connResult = await client.query(`
+    select
+      coalesce(state, 'null') as state,
+      count(*) as count
+    from pg_stat_activity
+    group by state
+  `);
+  for (const row of connResult.rows) {
+    const stateKey = `connections_${row.state.replace(/\s+/g, "_")}`;
+    info[stateKey] = {
+      value: String(row.count),
+      unit: "connections",
+      description: `Connections in '${row.state}' state`
+    };
+  }
+  const uptimeResult = await client.query(`
+    select
+      pg_postmaster_start_time() as start_time,
+      current_timestamp - pg_postmaster_start_time() as uptime
+  `);
+  if (uptimeResult.rows.length > 0) {
+    const uptime = uptimeResult.rows[0];
+    const startTime = uptime.start_time instanceof Date ? uptime.start_time.toISOString() : String(uptime.start_time);
+    info.start_time = {
+      value: startTime,
+      unit: "timestamp",
+      description: "PostgreSQL server start time"
+    };
+    if (!info.uptime) {
+      info.uptime = {
+        value: String(uptime.uptime),
+        unit: "interval",
+        description: "Server uptime"
+      };
+    }
+  }
+  return info;
+}
+async function getInvalidIndexes(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.H001, pgMajorVersion);
+  const result = await client.query(sql);
+  return result.rows.map((row) => {
+    const transformed = transformMetricRow(row);
+    const indexSizeBytes = parseInt(String(transformed.index_size_bytes || 0), 10);
+    return {
+      schema_name: String(transformed.schema_name || ""),
+      table_name: String(transformed.table_name || ""),
+      index_name: String(transformed.index_name || ""),
+      relation_name: String(transformed.relation_name || ""),
+      index_size_bytes: indexSizeBytes,
+      index_size_pretty: formatBytes(indexSizeBytes),
+      supports_fk: toBool(transformed.supports_fk)
+    };
+  });
+}
+async function getUnusedIndexes(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.H002, pgMajorVersion);
+  const result = await client.query(sql);
+  return result.rows.map((row) => {
+    const transformed = transformMetricRow(row);
+    const indexSizeBytes = parseInt(String(transformed.index_size_bytes || 0), 10);
+    return {
+      schema_name: String(transformed.schema_name || ""),
+      table_name: String(transformed.table_name || ""),
+      index_name: String(transformed.index_name || ""),
+      index_definition: String(transformed.index_definition || ""),
+      reason: String(transformed.reason || ""),
+      idx_scan: parseInt(String(transformed.idx_scan || 0), 10),
+      index_size_bytes: indexSizeBytes,
+      idx_is_btree: toBool(transformed.idx_is_btree),
+      supports_fk: toBool(transformed.supports_fk),
+      index_size_pretty: formatBytes(indexSizeBytes)
+    };
+  });
+}
+async function getStatsReset(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.statsReset, pgMajorVersion);
+  const result = await client.query(sql);
+  const row = result.rows[0] || {};
+  const statsResetEpoch = row.stats_reset_epoch ? parseFloat(row.stats_reset_epoch) : null;
+  const secondsSinceReset = row.seconds_since_reset ? parseInt(row.seconds_since_reset, 10) : null;
+  const statsResetTime = statsResetEpoch ? new Date(statsResetEpoch * 1000).toISOString() : null;
+  const daysSinceReset = secondsSinceReset !== null ? Math.floor(secondsSinceReset / SECONDS_PER_DAY) : null;
+  let postmasterStartupEpoch = null;
+  let postmasterStartupTime = null;
+  let postmasterStartupError;
+  try {
+    const pmResult = await client.query(`
+      select
+        extract(epoch from pg_postmaster_start_time()) as postmaster_startup_epoch,
+        pg_postmaster_start_time()::text as postmaster_startup_time
+    `);
+    if (pmResult.rows.length > 0) {
+      postmasterStartupEpoch = pmResult.rows[0].postmaster_startup_epoch ? parseFloat(pmResult.rows[0].postmaster_startup_epoch) : null;
+      postmasterStartupTime = pmResult.rows[0].postmaster_startup_time || null;
+    }
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    postmasterStartupError = `Failed to query postmaster start time: ${errorMsg}`;
+    console.log(`[getStatsReset] Warning: ${postmasterStartupError}`);
+  }
+  const statsResult = {
+    stats_reset_epoch: statsResetEpoch,
+    stats_reset_time: statsResetTime,
+    days_since_reset: daysSinceReset,
+    postmaster_startup_epoch: postmasterStartupEpoch,
+    postmaster_startup_time: postmasterStartupTime
+  };
+  if (postmasterStartupError) {
+    statsResult.postmaster_startup_error = postmasterStartupError;
+  }
+  return statsResult;
+}
+async function getCurrentDatabaseInfo(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.dbSize, pgMajorVersion);
+  const result = await client.query(sql);
+  const row = result.rows[0] || {};
+  return {
+    datname: row.tag_datname || "postgres",
+    size_bytes: parseInt(row.size_b || "0", 10)
+  };
+}
+function isValidRedundantToItem(item) {
+  return typeof item === "object" && item !== null && !Array.isArray(item);
+}
+async function getRedundantIndexes(client, pgMajorVersion = 16) {
+  const sql = getMetricSql(METRIC_NAMES.H004, pgMajorVersion);
+  const result = await client.query(sql);
+  return result.rows.map((row) => {
+    const transformed = transformMetricRow(row);
+    const indexSizeBytes = parseInt(String(transformed.index_size_bytes || 0), 10);
+    const tableSizeBytes = parseInt(String(transformed.table_size_bytes || 0), 10);
+    let redundantTo = [];
+    let parseError;
+    try {
+      const jsonStr = String(transformed.redundant_to_json || "[]");
+      const parsed = JSON.parse(jsonStr);
+      if (Array.isArray(parsed)) {
+        redundantTo = parsed.filter(isValidRedundantToItem).map((item) => {
+          const sizeBytes = parseInt(String(item.index_size_bytes ?? 0), 10);
+          return {
+            index_name: String(item.index_name ?? ""),
+            index_definition: String(item.index_definition ?? ""),
+            index_size_bytes: sizeBytes,
+            index_size_pretty: formatBytes(sizeBytes)
+          };
+        });
+      }
+    } catch (err) {
+      const errorMsg = err instanceof Error ? err.message : String(err);
+      const indexName = String(transformed.index_name || "unknown");
+      parseError = `Failed to parse redundant_to_json: ${errorMsg}`;
+      console.log(`[H004] Warning: ${parseError} for index "${indexName}"`);
+    }
+    const result2 = {
+      schema_name: String(transformed.schema_name || ""),
+      table_name: String(transformed.table_name || ""),
+      index_name: String(transformed.index_name || ""),
+      relation_name: String(transformed.relation_name || ""),
+      access_method: String(transformed.access_method || ""),
+      reason: String(transformed.reason || ""),
+      index_size_bytes: indexSizeBytes,
+      table_size_bytes: tableSizeBytes,
+      index_usage: parseInt(String(transformed.index_usage || 0), 10),
+      supports_fk: toBool(transformed.supports_fk),
+      index_definition: String(transformed.index_definition || ""),
+      index_size_pretty: formatBytes(indexSizeBytes),
+      table_size_pretty: formatBytes(tableSizeBytes),
+      redundant_to: redundantTo
+    };
+    if (parseError) {
+      result2.redundant_to_parse_error = parseError;
+    }
+    return result2;
+  });
+}
+function createBaseReport(checkId, checkTitle, nodeName) {
+  const buildTs = resolveBuildTs();
+  return {
+    version: version || null,
+    build_ts: buildTs,
+    generation_mode: "express",
+    checkId,
+    checkTitle,
+    timestamptz: new Date().toISOString(),
+    nodes: {
+      primary: nodeName,
+      standbys: []
+    },
+    results: {}
+  };
+}
+function readTextFileSafe(p) {
+  try {
+    const value = fs4.readFileSync(p, "utf8").trim();
+    return value || null;
+  } catch {
+    return null;
+  }
+}
+function resolveBuildTs() {
+  const envPath = process.env.PGAI_BUILD_TS_FILE;
+  const p = envPath && envPath.trim() ? envPath.trim() : "/BUILD_TS";
+  const fromFile = readTextFileSafe(p);
+  if (fromFile)
+    return fromFile;
+  try {
+    const pkgRoot = path4.resolve(__dirname, "..");
+    const fromPkgFile = readTextFileSafe(path4.join(pkgRoot, "BUILD_TS"));
+    if (fromPkgFile)
+      return fromPkgFile;
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    console.warn(`[resolveBuildTs] Warning: path resolution failed: ${errorMsg}`);
+  }
+  try {
+    const pkgJsonPath = path4.resolve(__dirname, "..", "package.json");
+    const st = fs4.statSync(pkgJsonPath);
+    return st.mtime.toISOString();
+  } catch (err) {
+    if (process.env.DEBUG) {
+      const errorMsg = err instanceof Error ? err.message : String(err);
+      console.log(`[resolveBuildTs] Could not stat package.json, using current time: ${errorMsg}`);
+    }
+    return new Date().toISOString();
+  }
+}
+async function generateVersionReport(client, nodeName, checkId, checkTitle) {
+  const report = createBaseReport(checkId, checkTitle, nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  report.results[nodeName] = { data: { version: postgresVersion } };
+  return report;
+}
+async function generateSettingsReport(client, nodeName, checkId, checkTitle, fetchSettings) {
+  const report = createBaseReport(checkId, checkTitle, nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  const pgMajorVersion = parseInt(postgresVersion.server_major_ver, 10) || 16;
+  const settings = await fetchSettings(client, pgMajorVersion);
+  report.results[nodeName] = { data: settings, postgres_version: postgresVersion };
+  return report;
+}
+async function generateIndexReport(client, nodeName, checkId, checkTitle, indexFieldName, fetchIndexes, extraFields) {
+  const report = createBaseReport(checkId, checkTitle, nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  const pgMajorVersion = parseInt(postgresVersion.server_major_ver, 10) || 16;
+  const indexes = await fetchIndexes(client, pgMajorVersion);
+  const { datname: dbName, size_bytes: dbSizeBytes } = await getCurrentDatabaseInfo(client, pgMajorVersion);
+  const totalCount = indexes.length;
+  const totalSizeBytes = indexes.reduce((sum, idx) => sum + idx.index_size_bytes, 0);
+  const dbEntry = {
+    [indexFieldName]: indexes,
+    total_count: totalCount,
+    total_size_bytes: totalSizeBytes,
+    total_size_pretty: formatBytes(totalSizeBytes),
+    database_size_bytes: dbSizeBytes,
+    database_size_pretty: formatBytes(dbSizeBytes)
+  };
+  if (extraFields) {
+    Object.assign(dbEntry, await extraFields(client, pgMajorVersion));
+  }
+  report.results[nodeName] = { data: { [dbName]: dbEntry }, postgres_version: postgresVersion };
+  return report;
+}
+var generateA002 = (client, nodeName = "node-01") => generateVersionReport(client, nodeName, "A002", "Postgres major version");
+var generateA003 = (client, nodeName = "node-01") => generateSettingsReport(client, nodeName, "A003", "Postgres settings", getSettings);
+async function generateA004(client, nodeName = "node-01") {
+  const report = createBaseReport("A004", "Cluster information", nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  const pgMajorVersion = parseInt(postgresVersion.server_major_ver, 10) || 16;
+  report.results[nodeName] = {
+    data: {
+      general_info: await getClusterInfo(client, pgMajorVersion),
+      database_sizes: await getDatabaseSizes(client)
+    },
+    postgres_version: postgresVersion
+  };
+  return report;
+}
+var generateA007 = (client, nodeName = "node-01") => generateSettingsReport(client, nodeName, "A007", "Altered settings", getAlteredSettings);
+var generateA013 = (client, nodeName = "node-01") => generateVersionReport(client, nodeName, "A013", "Postgres minor version");
+var generateH001 = (client, nodeName = "node-01") => generateIndexReport(client, nodeName, "H001", "Invalid indexes", "invalid_indexes", getInvalidIndexes);
+var generateH002 = (client, nodeName = "node-01") => generateIndexReport(client, nodeName, "H002", "Unused indexes", "unused_indexes", getUnusedIndexes, async (c, v) => ({ stats_reset: await getStatsReset(c, v) }));
+var generateH004 = (client, nodeName = "node-01") => generateIndexReport(client, nodeName, "H004", "Redundant indexes", "redundant_indexes", getRedundantIndexes);
+async function generateD004(client, nodeName) {
+  const report = createBaseReport("D004", "pg_stat_statements and pg_stat_kcache settings", nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  const pgMajorVersion = parseInt(postgresVersion.server_major_ver, 10) || 16;
+  const allSettings = await getSettings(client, pgMajorVersion);
+  const pgssSettings = {};
+  for (const [name, setting] of Object.entries(allSettings)) {
+    if (name.startsWith("pg_stat_statements") || name.startsWith("pg_stat_kcache")) {
+      pgssSettings[name] = setting;
+    }
+  }
+  let pgssAvailable = false;
+  let pgssMetricsCount = 0;
+  let pgssTotalCalls = 0;
+  let pgssError = null;
+  const pgssSampleQueries = [];
+  try {
+    const extCheck = await client.query("select 1 from pg_extension where extname = 'pg_stat_statements'");
+    if (extCheck.rows.length > 0) {
+      pgssAvailable = true;
+      const statsResult = await client.query(`
+        select count(*) as cnt, coalesce(sum(calls), 0) as total_calls
+        from pg_stat_statements
+      `);
+      pgssMetricsCount = parseInt(statsResult.rows[0]?.cnt || "0", 10);
+      pgssTotalCalls = parseInt(statsResult.rows[0]?.total_calls || "0", 10);
+      const sampleResult = await client.query(`
+        select
+          queryid::text as queryid,
+          coalesce(usename, 'unknown') as "user",
+          coalesce(datname, 'unknown') as database,
+          calls
+        from pg_stat_statements s
+        left join pg_database d on s.dbid = d.oid
+        left join pg_user u on s.userid = u.usesysid
+        order by calls desc
+        limit 5
+      `);
+      for (const row of sampleResult.rows) {
+        pgssSampleQueries.push({
+          queryid: row.queryid,
+          user: row.user,
+          database: row.database,
+          calls: parseInt(row.calls, 10)
+        });
+      }
+    }
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    console.log(`[D004] Error querying pg_stat_statements: ${errorMsg}`);
+    pgssError = errorMsg;
+  }
+  let kcacheAvailable = false;
+  let kcacheMetricsCount = 0;
+  let kcacheTotalExecTime = 0;
+  let kcacheTotalUserTime = 0;
+  let kcacheTotalSystemTime = 0;
+  let kcacheError = null;
+  const kcacheSampleQueries = [];
+  try {
+    const extCheck = await client.query("select 1 from pg_extension where extname = 'pg_stat_kcache'");
+    if (extCheck.rows.length > 0) {
+      kcacheAvailable = true;
+      const statsResult = await client.query(`
+        select
+          count(*) as cnt,
+          coalesce(sum(exec_user_time + exec_system_time), 0) as total_exec_time,
+          coalesce(sum(exec_user_time), 0) as total_user_time,
+          coalesce(sum(exec_system_time), 0) as total_system_time
+        from pg_stat_kcache
+      `);
+      kcacheMetricsCount = parseInt(statsResult.rows[0]?.cnt || "0", 10);
+      kcacheTotalExecTime = parseFloat(statsResult.rows[0]?.total_exec_time || "0");
+      kcacheTotalUserTime = parseFloat(statsResult.rows[0]?.total_user_time || "0");
+      kcacheTotalSystemTime = parseFloat(statsResult.rows[0]?.total_system_time || "0");
+      const sampleResult = await client.query(`
+        select
+          queryid::text as queryid,
+          coalesce(usename, 'unknown') as "user",
+          (exec_user_time + exec_system_time) as exec_total_time
+        from pg_stat_kcache k
+        left join pg_user u on k.userid = u.usesysid
+        order by (exec_user_time + exec_system_time) desc
+        limit 5
+      `);
+      for (const row of sampleResult.rows) {
+        kcacheSampleQueries.push({
+          queryid: row.queryid,
+          user: row.user,
+          exec_total_time: parseFloat(row.exec_total_time)
+        });
+      }
+    }
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    console.log(`[D004] Error querying pg_stat_kcache: ${errorMsg}`);
+    kcacheError = errorMsg;
+  }
+  report.results[nodeName] = {
+    data: {
+      settings: pgssSettings,
+      pg_stat_statements_status: {
+        extension_available: pgssAvailable,
+        metrics_count: pgssMetricsCount,
+        total_calls: pgssTotalCalls,
+        sample_queries: pgssSampleQueries,
+        ...pgssError && { error: pgssError }
+      },
+      pg_stat_kcache_status: {
+        extension_available: kcacheAvailable,
+        metrics_count: kcacheMetricsCount,
+        total_exec_time: kcacheTotalExecTime,
+        total_user_time: kcacheTotalUserTime,
+        total_system_time: kcacheTotalSystemTime,
+        sample_queries: kcacheSampleQueries,
+        ...kcacheError && { error: kcacheError }
+      }
+    },
+    postgres_version: postgresVersion
+  };
+  return report;
+}
+async function generateF001(client, nodeName) {
+  const report = createBaseReport("F001", "Autovacuum: current settings", nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  const pgMajorVersion = parseInt(postgresVersion.server_major_ver, 10) || 16;
+  const allSettings = await getSettings(client, pgMajorVersion);
+  const autovacuumSettings = {};
+  for (const [name, setting] of Object.entries(allSettings)) {
+    if (name.includes("autovacuum") || name.includes("vacuum")) {
+      autovacuumSettings[name] = setting;
+    }
+  }
+  report.results[nodeName] = {
+    data: autovacuumSettings,
+    postgres_version: postgresVersion
+  };
+  return report;
+}
+async function generateG001(client, nodeName) {
+  const report = createBaseReport("G001", "Memory-related settings", nodeName);
+  const postgresVersion = await getPostgresVersion(client);
+  const pgMajorVersion = parseInt(postgresVersion.server_major_ver, 10) || 16;
+  const allSettings = await getSettings(client, pgMajorVersion);
+  const memorySettingNames = [
+    "shared_buffers",
+    "work_mem",
+    "maintenance_work_mem",
+    "effective_cache_size",
+    "wal_buffers",
+    "temp_buffers",
+    "max_connections",
+    "autovacuum_work_mem",
+    "hash_mem_multiplier",
+    "logical_decoding_work_mem",
+    "max_stack_depth",
+    "max_prepared_transactions",
+    "max_locks_per_transaction",
+    "max_pred_locks_per_transaction"
+  ];
+  const memorySettings = {};
+  for (const name of memorySettingNames) {
+    if (allSettings[name]) {
+      memorySettings[name] = allSettings[name];
+    }
+  }
+  let memoryUsage = {};
+  let memoryError = null;
+  try {
+    const memQuery = await client.query(`
+      select
+        pg_size_bytes(current_setting('shared_buffers')) as shared_buffers_bytes,
+        pg_size_bytes(current_setting('wal_buffers')) as wal_buffers_bytes,
+        pg_size_bytes(current_setting('work_mem')) as work_mem_bytes,
+        pg_size_bytes(current_setting('maintenance_work_mem')) as maintenance_work_mem_bytes,
+        pg_size_bytes(current_setting('effective_cache_size')) as effective_cache_size_bytes,
+        current_setting('max_connections')::int as max_connections
+    `);
+    if (memQuery.rows.length > 0) {
+      const row = memQuery.rows[0];
+      const sharedBuffersBytes = parseInt(row.shared_buffers_bytes, 10);
+      const walBuffersBytes = parseInt(row.wal_buffers_bytes, 10);
+      const workMemBytes = parseInt(row.work_mem_bytes, 10);
+      const maintenanceWorkMemBytes = parseInt(row.maintenance_work_mem_bytes, 10);
+      const effectiveCacheSizeBytes = parseInt(row.effective_cache_size_bytes, 10);
+      const maxConnections = row.max_connections;
+      const sharedMemoryTotal = sharedBuffersBytes + walBuffersBytes;
+      const maxWorkMemUsage = workMemBytes * maxConnections;
+      memoryUsage = {
+        shared_buffers_bytes: sharedBuffersBytes,
+        shared_buffers_pretty: formatBytes(sharedBuffersBytes),
+        wal_buffers_bytes: walBuffersBytes,
+        wal_buffers_pretty: formatBytes(walBuffersBytes),
+        shared_memory_total_bytes: sharedMemoryTotal,
+        shared_memory_total_pretty: formatBytes(sharedMemoryTotal),
+        work_mem_per_connection_bytes: workMemBytes,
+        work_mem_per_connection_pretty: formatBytes(workMemBytes),
+        max_work_mem_usage_bytes: maxWorkMemUsage,
+        max_work_mem_usage_pretty: formatBytes(maxWorkMemUsage),
+        maintenance_work_mem_bytes: maintenanceWorkMemBytes,
+        maintenance_work_mem_pretty: formatBytes(maintenanceWorkMemBytes),
+        effective_cache_size_bytes: effectiveCacheSizeBytes,
+        effective_cache_size_pretty: formatBytes(effectiveCacheSizeBytes)
+      };
+    }
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    console.log(`[G001] Error calculating memory usage: ${errorMsg}`);
+    memoryError = errorMsg;
+  }
+  report.results[nodeName] = {
+    data: {
+      settings: memorySettings,
+      analysis: {
+        estimated_total_memory_usage: memoryUsage,
+        ...memoryError && { error: memoryError }
+      }
+    },
+    postgres_version: postgresVersion
+  };
+  return report;
+}
+var REPORT_GENERATORS = {
+  A002: generateA002,
+  A003: generateA003,
+  A004: generateA004,
+  A007: generateA007,
+  A013: generateA013,
+  D004: generateD004,
+  F001: generateF001,
+  G001: generateG001,
+  H001: generateH001,
+  H002: generateH002,
+  H004: generateH004
+};
+var CHECK_INFO = {
+  A002: "Postgres major version",
+  A003: "Postgres settings",
+  A004: "Cluster information",
+  A007: "Altered settings",
+  A013: "Postgres minor version",
+  D004: "pg_stat_statements and pg_stat_kcache settings",
+  F001: "Autovacuum: current settings",
+  G001: "Memory-related settings",
+  H001: "Invalid indexes",
+  H002: "Unused indexes",
+  H004: "Redundant indexes"
+};
+async function generateAllReports(client, nodeName = "node-01", onProgress) {
+  const reports = {};
+  const entries = Object.entries(REPORT_GENERATORS);
+  const total = entries.length;
+  let index = 0;
+  for (const [checkId, generator] of entries) {
+    index += 1;
+    onProgress?.({
+      checkId,
+      checkTitle: CHECK_INFO[checkId] || checkId,
+      index,
+      total
+    });
+    reports[checkId] = await generator(client, nodeName);
+  }
+  return reports;
+}
+
+// lib/checkup-api.ts
+import * as https from "https";
+import { URL as URL3 } from "url";
+var DEFAULT_RETRY_CONFIG = {
+  maxAttempts: 3,
+  initialDelayMs: 1000,
+  maxDelayMs: 1e4,
+  backoffMultiplier: 2
+};
+function isRetryableError(err) {
+  if (err instanceof RpcError) {
+    return err.statusCode >= 500 && err.statusCode < 600;
+  }
+  if (typeof err === "object" && err !== null && "code" in err) {
+    const code = String(err.code);
+    if (["ECONNRESET", "ECONNREFUSED", "ENOTFOUND", "ETIMEDOUT"].includes(code)) {
+      return true;
+    }
+  }
+  if (err instanceof Error) {
+    const msg = err.message.toLowerCase();
+    return msg.includes("timeout") || msg.includes("timed out") || msg.includes("econnreset") || msg.includes("econnrefused") || msg.includes("enotfound") || msg.includes("socket hang up") || msg.includes("network");
+  }
+  return false;
+}
+async function withRetry(fn, config2 = {}, onRetry) {
+  const { maxAttempts, initialDelayMs, maxDelayMs, backoffMultiplier } = {
+    ...DEFAULT_RETRY_CONFIG,
+    ...config2
+  };
+  let lastError;
+  let delayMs = initialDelayMs;
+  for (let attempt = 1;attempt <= maxAttempts; attempt++) {
+    try {
+      return await fn();
+    } catch (err) {
+      lastError = err;
+      if (attempt === maxAttempts || !isRetryableError(err)) {
+        throw err;
+      }
+      if (onRetry) {
+        onRetry(attempt, err, delayMs);
+      }
+      await new Promise((resolve5) => setTimeout(resolve5, delayMs));
+      delayMs = Math.min(delayMs * backoffMultiplier, maxDelayMs);
+    }
+  }
+  throw lastError;
+}
+
+class RpcError extends Error {
+  rpcName;
+  statusCode;
+  payloadText;
+  payloadJson;
+  constructor(params) {
+    const { rpcName, statusCode, payloadText, payloadJson } = params;
+    super(`RPC ${rpcName} failed: HTTP ${statusCode}`);
+    this.name = "RpcError";
+    this.rpcName = rpcName;
+    this.statusCode = statusCode;
+    this.payloadText = payloadText;
+    this.payloadJson = payloadJson;
+  }
+}
+function formatRpcErrorForDisplay(err) {
+  const lines = [];
+  lines.push(`Error: RPC ${err.rpcName} failed: HTTP ${err.statusCode}`);
+  const obj = err.payloadJson && typeof err.payloadJson === "object" ? err.payloadJson : null;
+  const details = obj && typeof obj.details === "string" ? obj.details : "";
+  const hint = obj && typeof obj.hint === "string" ? obj.hint : "";
+  const message = obj && typeof obj.message === "string" ? obj.message : "";
+  if (message)
+    lines.push(`Message: ${message}`);
+  if (details)
+    lines.push(`Details: ${details}`);
+  if (hint)
+    lines.push(`Hint: ${hint}`);
+  if (!message && !details && !hint) {
+    const t = (err.payloadText || "").trim();
+    if (t)
+      lines.push(t);
+  }
+  return lines;
+}
+function unwrapRpcResponse(parsed) {
+  if (Array.isArray(parsed)) {
+    if (parsed.length === 1)
+      return unwrapRpcResponse(parsed[0]);
+    return parsed;
+  }
+  if (parsed && typeof parsed === "object") {
+    const obj = parsed;
+    if (obj.result !== undefined)
+      return obj.result;
+  }
+  return parsed;
+}
+var HTTP_TIMEOUT_MS = 30000;
+async function postRpc(params) {
+  const { apiKey, apiBaseUrl, rpcName, bodyObj, timeoutMs = HTTP_TIMEOUT_MS } = params;
+  if (!apiKey)
+    throw new Error("API key is required");
+  const base = normalizeBaseUrl(apiBaseUrl);
+  const url = new URL3(`${base}/rpc/${rpcName}`);
+  const body = JSON.stringify(bodyObj);
+  const headers = {
+    "access-token": apiKey,
+    Prefer: "return=representation",
+    "Content-Type": "application/json",
+    "Content-Length": Buffer.byteLength(body).toString()
+  };
+  const controller = new AbortController;
+  let timeoutId = null;
+  let settled = false;
+  return new Promise((resolve5, reject) => {
+    const settledReject = (err) => {
+      if (settled)
+        return;
+      settled = true;
+      if (timeoutId)
+        clearTimeout(timeoutId);
+      reject(err);
+    };
+    const settledResolve = (value) => {
+      if (settled)
+        return;
+      settled = true;
+      if (timeoutId)
+        clearTimeout(timeoutId);
+      resolve5(value);
+    };
+    const req = https.request(url, {
+      method: "POST",
+      headers,
+      signal: controller.signal
+    }, (res) => {
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+        timeoutId = null;
+      }
+      let data = "";
+      res.on("data", (chunk) => data += chunk);
+      res.on("end", () => {
+        if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
+          try {
+            const parsed = JSON.parse(data);
+            settledResolve(unwrapRpcResponse(parsed));
+          } catch {
+            settledReject(new Error(`Failed to parse RPC response: ${data}`));
+          }
+        } else {
+          const statusCode = res.statusCode || 0;
+          let payloadJson = null;
+          if (data) {
+            try {
+              payloadJson = JSON.parse(data);
+            } catch {
+              payloadJson = null;
+            }
+          }
+          settledReject(new RpcError({ rpcName, statusCode, payloadText: data, payloadJson }));
+        }
+      });
+      res.on("error", (err) => {
+        settledReject(err);
+      });
+    });
+    timeoutId = setTimeout(() => {
+      controller.abort();
+      req.destroy();
+      settledReject(new Error(`RPC ${rpcName} timed out after ${timeoutMs}ms (no response)`));
+    }, timeoutMs);
+    req.on("error", (err) => {
+      if (err.name === "AbortError" || err.code === "ABORT_ERR") {
+        settledReject(new Error(`RPC ${rpcName} timed out after ${timeoutMs}ms`));
+        return;
+      }
+      if (err.code === "ECONNREFUSED") {
+        settledReject(new Error(`RPC ${rpcName} failed: connection refused to ${url.host}`));
+      } else if (err.code === "ENOTFOUND") {
+        settledReject(new Error(`RPC ${rpcName} failed: DNS lookup failed for ${url.host}`));
+      } else if (err.code === "ECONNRESET") {
+        settledReject(new Error(`RPC ${rpcName} failed: connection reset by server`));
+      } else {
+        settledReject(err);
+      }
+    });
+    req.write(body);
+    req.end();
+  });
+}
+async function createCheckupReport(params) {
+  const { apiKey, apiBaseUrl, project, status } = params;
+  const bodyObj = {
+    access_token: apiKey,
+    project
+  };
+  if (status)
+    bodyObj.status = status;
+  const resp = await postRpc({
+    apiKey,
+    apiBaseUrl,
+    rpcName: "checkup_report_create",
+    bodyObj
+  });
+  const reportId = Number(resp?.report_id);
+  if (!Number.isFinite(reportId) || reportId <= 0) {
+    throw new Error(`Unexpected checkup_report_create response: ${JSON.stringify(resp)}`);
+  }
+  return { reportId };
+}
+async function uploadCheckupReportJson(params) {
+  const { apiKey, apiBaseUrl, reportId, filename, checkId, jsonText } = params;
+  const bodyObj = {
+    access_token: apiKey,
+    checkup_report_id: reportId,
+    filename,
+    check_id: checkId,
+    data: jsonText,
+    type: "json",
+    generate_issue: true
+  };
+  const resp = await postRpc({
+    apiKey,
+    apiBaseUrl,
+    rpcName: "checkup_report_file_post",
+    bodyObj
+  });
+  const chunkId = Number(resp?.report_chunck_id ?? resp?.report_chunk_id);
+  if (!Number.isFinite(chunkId) || chunkId <= 0) {
+    throw new Error(`Unexpected checkup_report_file_post response: ${JSON.stringify(resp)}`);
+  }
+  return { reportChunkId: chunkId };
+}
+
+// bin/postgres-ai.ts
 var rl = null;
 function getReadline() {
   if (!rl) {
@@ -24227,27 +25903,27 @@ function closeReadline() {
   }
 }
 async function execPromise(command) {
-  return new Promise((resolve5, reject) => {
+  return new Promise((resolve6, reject) => {
     childProcess.exec(command, (error2, stdout, stderr) => {
       if (error2) {
         const err = error2;
         err.code = error2.code ?? 1;
         reject(err);
       } else {
-        resolve5({ stdout, stderr });
+        resolve6({ stdout, stderr });
       }
     });
   });
 }
 async function execFilePromise(file, args) {
-  return new Promise((resolve5, reject) => {
+  return new Promise((resolve6, reject) => {
     childProcess.execFile(file, args, (error2, stdout, stderr) => {
       if (error2) {
         const err = error2;
         err.code = error2.code ?? 1;
         reject(err);
       } else {
-        resolve5({ stdout, stderr });
+        resolve6({ stdout, stderr });
       }
     });
   });
@@ -24288,17 +25964,181 @@ function spawn2(cmd, args, options) {
   };
 }
 async function question(prompt) {
-  return new Promise((resolve5) => {
+  return new Promise((resolve6) => {
     getReadline().question(prompt, (answer) => {
-      resolve5(answer);
+      resolve6(answer);
     });
   });
 }
+function expandHomePath(p) {
+  const s = (p || "").trim();
+  if (!s)
+    return s;
+  if (s === "~")
+    return os3.homedir();
+  if (s.startsWith("~/") || s.startsWith("~\\")) {
+    return path5.join(os3.homedir(), s.slice(2));
+  }
+  return s;
+}
+function createTtySpinner(enabled, initialText) {
+  if (!enabled) {
+    return {
+      update: () => {},
+      stop: () => {}
+    };
+  }
+  const frames = ["|", "/", "-", "\\"];
+  const startTs = Date.now();
+  let text = initialText;
+  let frameIdx = 0;
+  let stopped = false;
+  const render = () => {
+    if (stopped)
+      return;
+    const elapsedSec = ((Date.now() - startTs) / 1000).toFixed(1);
+    const frame = frames[frameIdx % frames.length] ?? frames[0] ?? "\u283F";
+    frameIdx += 1;
+    process.stdout.write(`\r\x1B[2K${frame} ${text} (${elapsedSec}s)`);
+  };
+  const timer = setInterval(render, 120);
+  render();
+  return {
+    update: (t) => {
+      text = t;
+      render();
+    },
+    stop: (finalText) => {
+      if (stopped)
+        return;
+      stopped = true;
+      clearInterval(timer);
+      process.stdout.write("\r\x1B[2K");
+      if (finalText && finalText.trim()) {
+        process.stdout.write(finalText);
+      }
+      process.stdout.write(`
+`);
+    }
+  };
+}
+function prepareOutputDirectory(outputOpt) {
+  if (!outputOpt)
+    return;
+  const outputDir = expandHomePath(outputOpt);
+  const outputPath = path5.isAbsolute(outputDir) ? outputDir : path5.resolve(process.cwd(), outputDir);
+  if (!fs5.existsSync(outputPath)) {
+    try {
+      fs5.mkdirSync(outputPath, { recursive: true });
+    } catch (e) {
+      const errAny = e;
+      const code = typeof errAny?.code === "string" ? errAny.code : "";
+      const msg = errAny instanceof Error ? errAny.message : String(errAny);
+      if (code === "EACCES" || code === "EPERM" || code === "ENOENT") {
+        console.error(`Error: Failed to create output directory: ${outputPath}`);
+        console.error(`Reason: ${msg}`);
+        console.error("Tip: choose a writable path, e.g. --output ./reports or --output ~/reports");
+        return null;
+      }
+      throw e;
+    }
+  }
+  return outputPath;
+}
+function prepareUploadConfig(opts, rootOpts, shouldUpload, uploadExplicitlyRequested) {
+  if (!shouldUpload)
+    return;
+  const { apiKey } = getConfig(rootOpts);
+  if (!apiKey) {
+    if (uploadExplicitlyRequested) {
+      console.error("Error: API key is required for upload");
+      console.error("Tip: run 'postgresai auth' or pass --api-key / set PGAI_API_KEY");
+      return null;
+    }
+    return;
+  }
+  const cfg = readConfig();
+  const { apiBaseUrl } = resolveBaseUrls2(rootOpts, cfg);
+  let project = (opts.project || cfg.defaultProject || "").trim();
+  let projectWasGenerated = false;
+  if (!project) {
+    project = `project_${crypto2.randomBytes(6).toString("hex")}`;
+    projectWasGenerated = true;
+    try {
+      writeConfig({ defaultProject: project });
+    } catch (e) {
+      const message = e instanceof Error ? e.message : String(e);
+      console.error(`Warning: Failed to save generated default project: ${message}`);
+    }
+  }
+  return {
+    config: { apiKey, apiBaseUrl, project },
+    projectWasGenerated
+  };
+}
+async function uploadCheckupReports(uploadCfg, reports, spinner, logUpload) {
+  spinner.update("Creating remote checkup report");
+  const created = await withRetry(() => createCheckupReport({
+    apiKey: uploadCfg.apiKey,
+    apiBaseUrl: uploadCfg.apiBaseUrl,
+    project: uploadCfg.project
+  }), { maxAttempts: 3 }, (attempt, err, delayMs) => {
+    const errMsg = err instanceof Error ? err.message : String(err);
+    logUpload(`[Retry ${attempt}/3] createCheckupReport failed: ${errMsg}, retrying in ${delayMs}ms...`);
+  });
+  const reportId = created.reportId;
+  logUpload(`Created remote checkup report: ${reportId}`);
+  const uploaded = [];
+  for (const [checkId, report] of Object.entries(reports)) {
+    spinner.update(`Uploading ${checkId}.json`);
+    const jsonText = JSON.stringify(report, null, 2);
+    const r = await withRetry(() => uploadCheckupReportJson({
+      apiKey: uploadCfg.apiKey,
+      apiBaseUrl: uploadCfg.apiBaseUrl,
+      reportId,
+      filename: `${checkId}.json`,
+      checkId,
+      jsonText
+    }), { maxAttempts: 3 }, (attempt, err, delayMs) => {
+      const errMsg = err instanceof Error ? err.message : String(err);
+      logUpload(`[Retry ${attempt}/3] Upload ${checkId}.json failed: ${errMsg}, retrying in ${delayMs}ms...`);
+    });
+    uploaded.push({ checkId, filename: `${checkId}.json`, chunkId: r.reportChunkId });
+  }
+  logUpload("Upload completed");
+  return { project: uploadCfg.project, reportId, uploaded };
+}
+function writeReportFiles(reports, outputPath) {
+  for (const [checkId, report] of Object.entries(reports)) {
+    const filePath = path5.join(outputPath, `${checkId}.json`);
+    fs5.writeFileSync(filePath, JSON.stringify(report, null, 2), "utf8");
+    console.log(`\u2713 ${checkId}: ${filePath}`);
+  }
+}
+function printUploadSummary(summary, projectWasGenerated, useStderr) {
+  const out = useStderr ? console.error : console.log;
+  out(`
+Checkup report uploaded`);
+  out(`======================
+`);
+  if (projectWasGenerated) {
+    out(`Project: ${summary.project} (generated and saved as default)`);
+  } else {
+    out(`Project: ${summary.project}`);
+  }
+  out(`Report ID: ${summary.reportId}`);
+  out("View in Console: console.postgres.ai \u2192 Support \u2192 checkup reports");
+  out("");
+  out("Files:");
+  for (const item of summary.uploaded) {
+    out(`- ${item.checkId}: ${item.filename}`);
+  }
+}
 function getDefaultMonitoringProjectDir() {
   const override = process.env.PGAI_PROJECT_DIR;
   if (override && override.trim())
     return override.trim();
-  return path4.join(getConfigDir(), "monitoring");
+  return path5.join(getConfigDir(), "monitoring");
 }
 async function downloadText(url) {
   const controller = new AbortController;
@@ -24315,12 +26155,12 @@ async function downloadText(url) {
 }
 async function ensureDefaultMonitoringProject() {
   const projectDir = getDefaultMonitoringProjectDir();
-  const composeFile = path4.resolve(projectDir, "docker-compose.yml");
-  const instancesFile = path4.resolve(projectDir, "instances.yml");
-  if (!fs4.existsSync(projectDir)) {
-    fs4.mkdirSync(projectDir, { recursive: true, mode: 448 });
+  const composeFile = path5.resolve(projectDir, "docker-compose.yml");
+  const instancesFile = path5.resolve(projectDir, "instances.yml");
+  if (!fs5.existsSync(projectDir)) {
+    fs5.mkdirSync(projectDir, { recursive: true, mode: 448 });
   }
-  if (!fs4.existsSync(composeFile)) {
+  if (!fs5.existsSync(composeFile)) {
     const refs = [
       process.env.PGAI_PROJECT_REF,
       package_default.version,
@@ -24332,36 +26172,36 @@ async function ensureDefaultMonitoringProject() {
       const url = `https://gitlab.com/postgres-ai/postgres_ai/-/raw/${encodeURIComponent(ref)}/docker-compose.yml`;
       try {
         const text = await downloadText(url);
-        fs4.writeFileSync(composeFile, text, { encoding: "utf8", mode: 384 });
+        fs5.writeFileSync(composeFile, text, { encoding: "utf8", mode: 384 });
         break;
       } catch (err) {
         lastErr = err;
       }
     }
-    if (!fs4.existsSync(composeFile)) {
+    if (!fs5.existsSync(composeFile)) {
       const msg = lastErr instanceof Error ? lastErr.message : String(lastErr);
       throw new Error(`Failed to bootstrap docker-compose.yml: ${msg}`);
     }
   }
-  if (!fs4.existsSync(instancesFile)) {
+  if (!fs5.existsSync(instancesFile)) {
     const header = `# PostgreSQL instances to monitor
 ` + `# Add your instances using: pgai mon targets add <connection-string> <name>
 
 `;
-    fs4.writeFileSync(instancesFile, header, { encoding: "utf8", mode: 384 });
+    fs5.writeFileSync(instancesFile, header, { encoding: "utf8", mode: 384 });
   }
-  const pgwatchConfig = path4.resolve(projectDir, ".pgwatch-config");
-  if (!fs4.existsSync(pgwatchConfig)) {
-    fs4.writeFileSync(pgwatchConfig, "", { encoding: "utf8", mode: 384 });
+  const pgwatchConfig = path5.resolve(projectDir, ".pgwatch-config");
+  if (!fs5.existsSync(pgwatchConfig)) {
+    fs5.writeFileSync(pgwatchConfig, "", { encoding: "utf8", mode: 384 });
   }
-  const envFile = path4.resolve(projectDir, ".env");
-  if (!fs4.existsSync(envFile)) {
+  const envFile = path5.resolve(projectDir, ".env");
+  if (!fs5.existsSync(envFile)) {
     const envText = `PGAI_TAG=${package_default.version}
 # PGAI_REGISTRY=registry.gitlab.com/postgres-ai/postgres_ai
 `;
-    fs4.writeFileSync(envFile, envText, { encoding: "utf8", mode: 384 });
+    fs5.writeFileSync(envFile, envText, { encoding: "utf8", mode: 384 });
   }
-  return { fs: fs4, path: path4, projectDir, composeFile, instancesFile };
+  return { fs: fs5, path: path5, projectDir, composeFile, instancesFile };
 }
 function getConfig(opts) {
   let apiKey = opts.apiKey || process.env.PGAI_API_KEY || "";
@@ -24393,6 +26233,16 @@ function printResult(result, json2) {
 }
 var program2 = new Command;
 program2.name("postgres-ai").description("PostgresAI CLI").version(package_default.version).option("--api-key <key>", "API key (overrides PGAI_API_KEY)").option("--api-base-url <url>", "API base URL for backend RPC (overrides PGAI_API_BASE_URL)").option("--ui-base-url <url>", "UI base URL for browser routes (overrides PGAI_UI_BASE_URL)");
+program2.command("set-default-project <project>").description("store default project for checkup uploads").action(async (project) => {
+  const value = (project || "").trim();
+  if (!value) {
+    console.error("Error: project is required");
+    process.exitCode = 1;
+    return;
+  }
+  writeConfig({ defaultProject: value });
+  console.log(`Default project saved: ${value}`);
+});
 program2.command("prepare-db [conn]").description("prepare database for monitoring: create monitoring user, required view(s), and grant permissions (idempotent)").option("--db-url <url>", "PostgreSQL connection URL (admin) to run the setup against (deprecated; pass it as positional arg)").option("-h, --host <host>", "PostgreSQL host (psql-like)").option("-p, --port <port>", "PostgreSQL port (psql-like)").option("-U, --username <username>", "PostgreSQL user (psql-like)").option("-d, --dbname <dbname>", "PostgreSQL database name (psql-like)").option("--admin-password <password>", "Admin connection password (otherwise uses PGPASSWORD if set)").option("--monitoring-user <name>", "Monitoring role name to create/update", DEFAULT_MONITORING_USER).option("--password <password>", "Monitoring role password (overrides PGAI_MON_PASSWORD)").option("--skip-optional-permissions", "Skip optional permissions (RDS/self-managed extras)", false).option("--verify", "Verify that monitoring role/permissions are in place (no changes)", false).option("--reset-password", "Reset monitoring role password only (no other changes)", false).option("--print-sql", "Print SQL plan and exit (no changes applied)", false).option("--print-password", "Print generated monitoring password (DANGEROUS in CI logs)", false).addHelpText("after", [
   "",
   "Examples:",
@@ -24663,16 +26513,117 @@ program2.command("prepare-db [conn]").description("prepare database for monitori
     }
   }
 });
+program2.command("checkup [conn]").description("generate health check reports directly from PostgreSQL (express mode)").option("--check-id <id>", `specific check to run: ${Object.keys(CHECK_INFO).join(", ")}, or ALL`, "ALL").option("--node-name <name>", "node name for reports", "node-01").option("--output <path>", "output directory for JSON files").option("--[no-]upload", "upload JSON results to PostgresAI (default: enabled; requires API key)", undefined).option("--project <project>", "project name or ID for remote upload (used with --upload; defaults to config defaultProject; auto-generated on first run)").option("--json", "output JSON to stdout (implies --no-upload)").addHelpText("after", [
+  "",
+  "Available checks:",
+  ...Object.entries(CHECK_INFO).map(([id, title]) => `  ${id}: ${title}`),
+  "",
+  "Examples:",
+  "  postgresai checkup postgresql://user:pass@host:5432/db",
+  "  postgresai checkup postgresql://user:pass@host:5432/db --check-id A003",
+  "  postgresai checkup postgresql://user:pass@host:5432/db --output ./reports",
+  "  postgresai checkup postgresql://user:pass@host:5432/db --project my_project",
+  "  postgresai set-default-project my_project",
+  "  postgresai checkup postgresql://user:pass@host:5432/db",
+  "  postgresai checkup postgresql://user:pass@host:5432/db --no-upload --json"
+].join(`
+`)).action(async (conn, opts, cmd) => {
+  if (!conn) {
+    cmd.outputHelp();
+    process.exitCode = 1;
+    return;
+  }
+  const shouldPrintJson = !!opts.json;
+  const uploadExplicitlyRequested = opts.upload === true;
+  const uploadExplicitlyDisabled = opts.upload === false || shouldPrintJson;
+  let shouldUpload = !uploadExplicitlyDisabled;
+  const outputPath = prepareOutputDirectory(opts.output);
+  if (outputPath === null) {
+    process.exitCode = 1;
+    return;
+  }
+  const rootOpts = program2.opts();
+  const uploadResult = prepareUploadConfig(opts, rootOpts, shouldUpload, uploadExplicitlyRequested);
+  if (uploadResult === null) {
+    process.exitCode = 1;
+    return;
+  }
+  const uploadCfg = uploadResult?.config;
+  const projectWasGenerated = uploadResult?.projectWasGenerated ?? false;
+  shouldUpload = !!uploadCfg;
+  const adminConn = resolveAdminConnection({
+    conn,
+    envPassword: process.env.PGPASSWORD
+  });
+  let client;
+  const spinnerEnabled = !!process.stdout.isTTY && shouldUpload;
+  const spinner = createTtySpinner(spinnerEnabled, "Connecting to Postgres");
+  try {
+    spinner.update("Connecting to Postgres");
+    const connResult = await connectWithSslFallback(Client, adminConn);
+    client = connResult.client;
+    let reports;
+    if (opts.checkId === "ALL") {
+      reports = await generateAllReports(client, opts.nodeName, (p) => {
+        spinner.update(`Running ${p.checkId}: ${p.checkTitle} (${p.index}/${p.total})`);
+      });
+    } else {
+      const checkId = opts.checkId.toUpperCase();
+      const generator = REPORT_GENERATORS[checkId];
+      if (!generator) {
+        spinner.stop();
+        console.error(`Unknown check ID: ${opts.checkId}`);
+        console.error(`Available: ${Object.keys(CHECK_INFO).join(", ")}, ALL`);
+        process.exitCode = 1;
+        return;
+      }
+      spinner.update(`Running ${checkId}: ${CHECK_INFO[checkId] || checkId}`);
+      reports = { [checkId]: await generator(client, opts.nodeName) };
+    }
+    let uploadSummary;
+    if (uploadCfg) {
+      const logUpload = (msg) => {
+        (shouldPrintJson ? console.error : console.log)(msg);
+      };
+      uploadSummary = await uploadCheckupReports(uploadCfg, reports, spinner, logUpload);
+    }
+    spinner.stop();
+    if (outputPath) {
+      writeReportFiles(reports, outputPath);
+    }
+    if (uploadSummary) {
+      printUploadSummary(uploadSummary, projectWasGenerated, shouldPrintJson);
+    }
+    if (shouldPrintJson || !shouldUpload && !opts.output) {
+      console.log(JSON.stringify(reports, null, 2));
+    }
+  } catch (error2) {
+    if (error2 instanceof RpcError) {
+      for (const line of formatRpcErrorForDisplay(error2)) {
+        console.error(line);
+      }
+    } else {
+      const message = error2 instanceof Error ? error2.message : String(error2);
+      console.error(`Error: ${message}`);
+    }
+    process.exitCode = 1;
+  } finally {
+    spinner.stop();
+    if (client) {
+      await client.end();
+    }
+  }
+});
 function resolvePaths() {
   const startDir = process.cwd();
   let currentDir = startDir;
   while (true) {
-    const composeFile = path4.resolve(currentDir, "docker-compose.yml");
-    if (fs4.existsSync(composeFile)) {
-      const instancesFile = path4.resolve(currentDir, "instances.yml");
-      return { fs: fs4, path: path4, projectDir: currentDir, composeFile, instancesFile };
+    const composeFile = path5.resolve(currentDir, "docker-compose.yml");
+    if (fs5.existsSync(composeFile)) {
+      const instancesFile = path5.resolve(currentDir, "instances.yml");
+      return { fs: fs5, path: path5, projectDir: currentDir, composeFile, instancesFile };
     }
-    const parentDir = path4.dirname(currentDir);
+    const parentDir = path5.dirname(currentDir);
     if (parentDir === currentDir)
       break;
     currentDir = parentDir;
@@ -24738,12 +26689,12 @@ async function runCompose(args) {
     return 1;
   }
   const env = { ...process.env };
-  const cfgPath = path4.resolve(projectDir, ".pgwatch-config");
-  if (fs4.existsSync(cfgPath)) {
+  const cfgPath = path5.resolve(projectDir, ".pgwatch-config");
+  if (fs5.existsSync(cfgPath)) {
     try {
-      const stats = fs4.statSync(cfgPath);
+      const stats = fs5.statSync(cfgPath);
       if (!stats.isDirectory()) {
-        const content = fs4.readFileSync(cfgPath, "utf8");
+        const content = fs5.readFileSync(cfgPath, "utf8");
         const match = content.match(/^grafana_password=([^\r\n]+)/m);
         if (match) {
           env.GF_SECURITY_ADMIN_PASSWORD = match[1].trim();
@@ -24751,13 +26702,13 @@ async function runCompose(args) {
       }
     } catch (err) {}
   }
-  return new Promise((resolve5) => {
+  return new Promise((resolve6) => {
     const child = spawn2(cmd[0], [...cmd.slice(1), "-f", composeFile, ...args], {
       stdio: "inherit",
       env,
       cwd: projectDir
     });
-    child.on("close", (code) => resolve5(code || 0));
+    child.on("close", (code) => resolve6(code || 0));
   });
 }
 program2.command("help", { isDefault: true }).description("show help").action(() => {
@@ -24775,17 +26726,31 @@ mon.command("local-install").description("install local monitoring stack (genera
   const { projectDir } = await resolveOrInitPaths();
   console.log(`Project directory: ${projectDir}
 `);
-  const envFile = path4.resolve(projectDir, ".env");
-  const imageTag = opts.tag || package_default.version;
-  const envLines = [`PGAI_TAG=${imageTag}`];
-  if (fs4.existsSync(envFile)) {
-    const existingEnv = fs4.readFileSync(envFile, "utf8");
+  const envFile = path5.resolve(projectDir, ".env");
+  let existingTag = null;
+  let existingRegistry = null;
+  let existingPassword = null;
+  if (fs5.existsSync(envFile)) {
+    const existingEnv = fs5.readFileSync(envFile, "utf8");
+    const tagMatch = existingEnv.match(/^PGAI_TAG=(.+)$/m);
+    if (tagMatch)
+      existingTag = tagMatch[1].trim();
+    const registryMatch = existingEnv.match(/^PGAI_REGISTRY=(.+)$/m);
+    if (registryMatch)
+      existingRegistry = registryMatch[1].trim();
     const pwdMatch = existingEnv.match(/^GF_SECURITY_ADMIN_PASSWORD=(.+)$/m);
-    if (pwdMatch) {
-      envLines.push(`GF_SECURITY_ADMIN_PASSWORD=${pwdMatch[1]}`);
-    }
+    if (pwdMatch)
+      existingPassword = pwdMatch[1].trim();
   }
-  fs4.writeFileSync(envFile, envLines.join(`
+  const imageTag = opts.tag || existingTag || package_default.version;
+  const envLines = [`PGAI_TAG=${imageTag}`];
+  if (existingRegistry) {
+    envLines.push(`PGAI_REGISTRY=${existingRegistry}`);
+  }
+  if (existingPassword) {
+    envLines.push(`GF_SECURITY_ADMIN_PASSWORD=${existingPassword}`);
+  }
+  fs5.writeFileSync(envFile, envLines.join(`
 `) + `
 `, { encoding: "utf8", mode: 384 });
   if (opts.tag) {
@@ -24821,7 +26786,7 @@ Use demo mode without API key: postgres-ai mon local-install --demo`);
     if (opts.apiKey) {
       console.log("Using API key provided via --api-key parameter");
       writeConfig({ apiKey: opts.apiKey });
-      fs4.writeFileSync(path4.resolve(projectDir, ".pgwatch-config"), `api_key=${opts.apiKey}
+      fs5.writeFileSync(path5.resolve(projectDir, ".pgwatch-config"), `api_key=${opts.apiKey}
 `, {
         encoding: "utf8",
         mode: 384
@@ -24842,7 +26807,7 @@ Use demo mode without API key: postgres-ai mon local-install --demo`);
           const trimmedKey = inputApiKey.trim();
           if (trimmedKey) {
             writeConfig({ apiKey: trimmedKey });
-            fs4.writeFileSync(path4.resolve(projectDir, ".pgwatch-config"), `api_key=${trimmedKey}
+            fs5.writeFileSync(path5.resolve(projectDir, ".pgwatch-config"), `api_key=${trimmedKey}
 `, {
               encoding: "utf8",
               mode: 384
@@ -24879,7 +26844,7 @@ Use demo mode without API key: postgres-ai mon local-install --demo`);
 # Add your instances using: postgres-ai mon targets add
 
 `;
-    fs4.writeFileSync(instancesPath, emptyInstancesContent, "utf8");
+    fs5.writeFileSync(instancesPath, emptyInstancesContent, "utf8");
     console.log(`Instances file: ${instancesPath}`);
     console.log(`Project directory: ${projectDir2}
 `);
@@ -24911,7 +26876,7 @@ Use demo mode without API key: postgres-ai mon local-install --demo`);
     node_name: ${instanceName}
     sink_type: ~sink_type~
 `;
-      fs4.appendFileSync(instancesPath, body, "utf8");
+      fs5.appendFileSync(instancesPath, body, "utf8");
       console.log(`\u2713 Monitoring target '${instanceName}' added
 `);
       console.log("Testing connection to the added instance...");
@@ -24966,7 +26931,7 @@ You can provide either:`);
     node_name: ${instanceName}
     sink_type: ~sink_type~
 `;
-            fs4.appendFileSync(instancesPath, body, "utf8");
+            fs5.appendFileSync(instancesPath, body, "utf8");
             console.log(`\u2713 Monitoring target '${instanceName}' added
 `);
             console.log("Testing connection to the added instance...");
@@ -25006,13 +26971,13 @@ You can provide either:`);
   console.log(`\u2713 Configuration updated
 `);
   console.log(opts.demo ? "Step 4: Configuring Grafana security..." : "Step 4: Configuring Grafana security...");
-  const cfgPath = path4.resolve(projectDir, ".pgwatch-config");
+  const cfgPath = path5.resolve(projectDir, ".pgwatch-config");
   let grafanaPassword = "";
   try {
-    if (fs4.existsSync(cfgPath)) {
-      const stats = fs4.statSync(cfgPath);
+    if (fs5.existsSync(cfgPath)) {
+      const stats = fs5.statSync(cfgPath);
       if (!stats.isDirectory()) {
-        const content = fs4.readFileSync(cfgPath, "utf8");
+        const content = fs5.readFileSync(cfgPath, "utf8");
         const match = content.match(/^grafana_password=([^\r\n]+)/m);
         if (match) {
           grafanaPassword = match[1].trim();
@@ -25025,15 +26990,15 @@ You can provide either:`);
 '`);
       grafanaPassword = password.trim();
       let configContent = "";
-      if (fs4.existsSync(cfgPath)) {
-        const stats = fs4.statSync(cfgPath);
+      if (fs5.existsSync(cfgPath)) {
+        const stats = fs5.statSync(cfgPath);
         if (!stats.isDirectory()) {
-          configContent = fs4.readFileSync(cfgPath, "utf8");
+          configContent = fs5.readFileSync(cfgPath, "utf8");
         }
       }
       const lines = configContent.split(/\r?\n/).filter((l) => !/^grafana_password=/.test(l));
       lines.push(`grafana_password=${grafanaPassword}`);
-      fs4.writeFileSync(cfgPath, lines.filter(Boolean).join(`
+      fs5.writeFileSync(cfgPath, lines.filter(Boolean).join(`
 `) + `
 `, "utf8");
     }
@@ -25147,7 +27112,7 @@ mon.command("health").description("health check for monitoring services").option
     if (attempt > 1) {
       console.log(`Retrying (attempt ${attempt}/${maxAttempts})...
 `);
-      await new Promise((resolve5) => setTimeout(resolve5, 5000));
+      await new Promise((resolve6) => setTimeout(resolve6, 5000));
     }
     allHealthy = true;
     for (const service of services) {
@@ -25195,11 +27160,11 @@ mon.command("config").description("show monitoring services configuration").acti
   console.log(`Project Directory: ${projectDir}`);
   console.log(`Docker Compose File: ${composeFile}`);
   console.log(`Instances File: ${instancesFile}`);
-  if (fs4.existsSync(instancesFile)) {
+  if (fs5.existsSync(instancesFile)) {
     console.log(`
 Instances configuration:
 `);
-    const text = fs4.readFileSync(instancesFile, "utf8");
+    const text = fs5.readFileSync(instancesFile, "utf8");
     process.stdout.write(text);
     if (!/\n$/.test(text))
       console.log();
@@ -25214,8 +27179,8 @@ mon.command("update").description("update monitoring stack").action(async () =>
   console.log(`Updating PostgresAI monitoring stack...
 `);
   try {
-    const gitDir = path4.resolve(process.cwd(), ".git");
-    if (!fs4.existsSync(gitDir)) {
+    const gitDir = path5.resolve(process.cwd(), ".git");
+    if (!fs5.existsSync(gitDir)) {
       console.error("Not a git repository. Cannot update.");
       process.exitCode = 1;
       return;
@@ -25341,13 +27306,13 @@ mon.command("check").description("monitoring services system readiness check").a
 var targets = mon.command("targets").description("manage databases to monitor");
 targets.command("list").description("list monitoring target databases").action(async () => {
   const { instancesFile: instancesPath, projectDir } = await resolveOrInitPaths();
-  if (!fs4.existsSync(instancesPath)) {
+  if (!fs5.existsSync(instancesPath)) {
     console.error(`instances.yml not found in ${projectDir}`);
     process.exitCode = 1;
     return;
   }
   try {
-    const content = fs4.readFileSync(instancesPath, "utf8");
+    const content = fs5.readFileSync(instancesPath, "utf8");
     const instances = load(content);
     if (!instances || !Array.isArray(instances) || instances.length === 0) {
       console.log("No monitoring targets configured");
@@ -25396,8 +27361,8 @@ targets.command("add [connStr] [name]").description("add monitoring target datab
   const db = m[5];
   const instanceName = name && name.trim() ? name.trim() : `${host}-${db}`.replace(/[^a-zA-Z0-9-]/g, "-");
   try {
-    if (fs4.existsSync(file)) {
-      const content2 = fs4.readFileSync(file, "utf8");
+    if (fs5.existsSync(file)) {
+      const content2 = fs5.readFileSync(file, "utf8");
       const instances = load(content2) || [];
       if (Array.isArray(instances)) {
         const exists = instances.some((inst) => inst.name === instanceName);
@@ -25409,7 +27374,7 @@ targets.command("add [connStr] [name]").description("add monitoring target datab
       }
     }
   } catch (err) {
-    const content2 = fs4.existsSync(file) ? fs4.readFileSync(file, "utf8") : "";
+    const content2 = fs5.existsSync(file) ? fs5.readFileSync(file, "utf8") : "";
     if (new RegExp(`^- name: ${instanceName}$`, "m").test(content2)) {
       console.error(`Monitoring target '${instanceName}' already exists`);
       process.exitCode = 1;
@@ -25428,20 +27393,20 @@ targets.command("add [connStr] [name]").description("add monitoring target datab
     node_name: ${instanceName}
     sink_type: ~sink_type~
 `;
-  const content = fs4.existsSync(file) ? fs4.readFileSync(file, "utf8") : "";
-  fs4.appendFileSync(file, (content && !/\n$/.test(content) ? `
+  const content = fs5.existsSync(file) ? fs5.readFileSync(file, "utf8") : "";
+  fs5.appendFileSync(file, (content && !/\n$/.test(content) ? `
 ` : "") + body, "utf8");
   console.log(`Monitoring target '${instanceName}' added`);
 });
 targets.command("remove <name>").description("remove monitoring target database").action(async (name) => {
   const { instancesFile: file } = await resolveOrInitPaths();
-  if (!fs4.existsSync(file)) {
+  if (!fs5.existsSync(file)) {
     console.error("instances.yml not found");
     process.exitCode = 1;
     return;
   }
   try {
-    const content = fs4.readFileSync(file, "utf8");
+    const content = fs5.readFileSync(file, "utf8");
     const instances = load(content);
     if (!instances || !Array.isArray(instances)) {
       console.error("Invalid instances.yml format");
@@ -25454,7 +27419,7 @@ targets.command("remove <name>").description("remove monitoring target database"
       process.exitCode = 1;
       return;
     }
-    fs4.writeFileSync(file, dump(filtered), "utf8");
+    fs5.writeFileSync(file, dump(filtered), "utf8");
     console.log(`Monitoring target '${name}' removed`);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
@@ -25464,13 +27429,13 @@ targets.command("remove <name>").description("remove monitoring target database"
 });
 targets.command("test <name>").description("test monitoring target database connectivity").action(async (name) => {
   const { instancesFile: instancesPath } = await resolveOrInitPaths();
-  if (!fs4.existsSync(instancesPath)) {
+  if (!fs5.existsSync(instancesPath)) {
     console.error("instances.yml not found");
     process.exitCode = 1;
     return;
   }
   try {
-    const content = fs4.readFileSync(instancesPath, "utf8");
+    const content = fs5.readFileSync(instancesPath, "utf8");
     const instances = load(content);
     if (!instances || !Array.isArray(instances)) {
       console.error("Invalid instances.yml format");
@@ -25513,8 +27478,15 @@ auth.command("login", { isDefault: true }).description("authenticate via browser
       process.exitCode = 1;
       return;
     }
+    const existingConfig = readConfig();
+    const existingProject = existingConfig.defaultProject;
     writeConfig({ apiKey: trimmedKey });
+    deleteConfigKeys(["orgId"]);
     console.log(`API key saved to ${getConfigPath()}`);
+    if (existingProject) {
+      console.log(`Note: Your default project "${existingProject}" has been preserved.`);
+      console.log(`      If this key belongs to a different account, use --project to specify a new one.`);
+    }
     return;
   }
   console.log(`Starting authentication flow...
@@ -25531,9 +27503,8 @@ auth.command("login", { isDefault: true }).description("authenticate via browser
     console.log("Starting local callback server...");
     const requestedPort = opts.port || 0;
     const callbackServer = createCallbackServer(requestedPort, params.state, 120000);
-    await new Promise((resolve5) => setTimeout(resolve5, 100));
-    const actualPort = callbackServer.getPort();
-    const redirectUri = `http://localhost:${actualPort}/callback`;
+    const actualPort = await callbackServer.ready;
+    const redirectUri = `http://127.0.0.1:${actualPort}/callback`;
     console.log(`Callback server listening on port ${actualPort}`);
     console.log("Initializing authentication session...");
     const initData = JSON.stringify({
@@ -25582,7 +27553,7 @@ Please verify the --api-base-url parameter.`);
       process.exit(1);
       return;
     }
-    const authUrl = `${uiBaseUrl}/cli/auth?state=${encodeURIComponent(params.state)}&code_challenge=${encodeURIComponent(params.codeChallenge)}&code_challenge_method=S256&redirect_uri=${encodeURIComponent(redirectUri)}`;
+    const authUrl = `${uiBaseUrl}/cli/auth?state=${encodeURIComponent(params.state)}&code_challenge=${encodeURIComponent(params.codeChallenge)}&code_challenge_method=S256&redirect_uri=${encodeURIComponent(redirectUri)}&api_url=${encodeURIComponent(apiBaseUrl)}`;
     if (opts.debug) {
       console.log(`Debug: Auth URL: ${authUrl}`);
     }
@@ -25651,15 +27622,28 @@ Please verify the --api-base-url parameter.`);
         const result = JSON.parse(exchangeBody);
         const apiToken = result.api_token || result?.[0]?.result?.api_token;
         const orgId = result.org_id || result?.[0]?.result?.org_id;
+        const existingConfig = readConfig();
+        const existingOrgId = existingConfig.orgId;
+        const existingProject = existingConfig.defaultProject;
+        const orgChanged = existingOrgId && existingOrgId !== orgId;
         writeConfig({
           apiKey: apiToken,
           baseUrl: apiBaseUrl,
           orgId
         });
+        if (orgChanged && existingProject) {
+          deleteConfigKeys(["defaultProject"]);
+          console.log(`
+Note: Organization changed (${existingOrgId} \u2192 ${orgId}).`);
+          console.log(`      Default project "${existingProject}" has been cleared.`);
+        }
         console.log(`
 Authentication successful!`);
         console.log(`API key saved to: ${getConfigPath()}`);
         console.log(`Organization ID: ${orgId}`);
+        if (!orgChanged && existingProject) {
+          console.log(`Default project: ${existingProject} (preserved)`);
+        }
         console.log(`
 You can now use the CLI without specifying an API key.`);
         process.exit(0);
@@ -25704,15 +27688,15 @@ To authenticate, run: pgai auth`);
 });
 auth.command("remove-key").description("remove API key").action(async () => {
   const newConfigPath = getConfigPath();
-  const hasNewConfig = fs4.existsSync(newConfigPath);
+  const hasNewConfig = fs5.existsSync(newConfigPath);
   let legacyPath;
   try {
     const { projectDir } = await resolveOrInitPaths();
-    legacyPath = path4.resolve(projectDir, ".pgwatch-config");
+    legacyPath = path5.resolve(projectDir, ".pgwatch-config");
   } catch {
-    legacyPath = path4.resolve(process.cwd(), ".pgwatch-config");
+    legacyPath = path5.resolve(process.cwd(), ".pgwatch-config");
   }
-  const hasLegacyConfig = fs4.existsSync(legacyPath) && fs4.statSync(legacyPath).isFile();
+  const hasLegacyConfig = fs5.existsSync(legacyPath) && fs5.statSync(legacyPath).isFile();
   if (!hasNewConfig && !hasLegacyConfig) {
     console.log("No API key configured");
     return;
@@ -25722,11 +27706,11 @@ auth.command("remove-key").description("remove API key").action(async () => {
   }
   if (hasLegacyConfig) {
     try {
-      const content = fs4.readFileSync(legacyPath, "utf8");
+      const content = fs5.readFileSync(legacyPath, "utf8");
       const filtered = content.split(/\r?\n/).filter((l) => !/^api_key=/.test(l)).join(`
 `).replace(/\n+$/g, `
 `);
-      fs4.writeFileSync(legacyPath, filtered, "utf8");
+      fs5.writeFileSync(legacyPath, filtered, "utf8");
     } catch (err) {
       console.warn(`Warning: Could not update legacy config: ${err instanceof Error ? err.message : String(err)}`);
     }
@@ -25737,7 +27721,7 @@ To authenticate again, run: pgai auth`);
 });
 mon.command("generate-grafana-password").description("generate Grafana password for monitoring services").action(async () => {
   const { projectDir } = await resolveOrInitPaths();
-  const cfgPath = path4.resolve(projectDir, ".pgwatch-config");
+  const cfgPath = path5.resolve(projectDir, ".pgwatch-config");
   try {
     const { stdout: password } = await execPromise(`openssl rand -base64 12 | tr -d '
 '`);
@@ -25748,17 +27732,17 @@ mon.command("generate-grafana-password").description("generate Grafana password
       return;
     }
     let configContent = "";
-    if (fs4.existsSync(cfgPath)) {
-      const stats = fs4.statSync(cfgPath);
+    if (fs5.existsSync(cfgPath)) {
+      const stats = fs5.statSync(cfgPath);
       if (stats.isDirectory()) {
         console.error(".pgwatch-config is a directory, expected a file. Skipping read.");
       } else {
-        configContent = fs4.readFileSync(cfgPath, "utf8");
+        configContent = fs5.readFileSync(cfgPath, "utf8");
       }
     }
     const lines = configContent.split(/\r?\n/).filter((l) => !/^grafana_password=/.test(l));
     lines.push(`grafana_password=${newPassword}`);
-    fs4.writeFileSync(cfgPath, lines.filter(Boolean).join(`
+    fs5.writeFileSync(cfgPath, lines.filter(Boolean).join(`
 `) + `
 `, "utf8");
     console.log("\u2713 New Grafana password generated and saved");
@@ -25780,19 +27764,19 @@ Note: This command requires 'openssl' to be installed`);
 });
 mon.command("show-grafana-credentials").description("show Grafana credentials for monitoring services").action(async () => {
   const { projectDir } = await resolveOrInitPaths();
-  const cfgPath = path4.resolve(projectDir, ".pgwatch-config");
-  if (!fs4.existsSync(cfgPath)) {
+  const cfgPath = path5.resolve(projectDir, ".pgwatch-config");
+  if (!fs5.existsSync(cfgPath)) {
     console.error("Configuration file not found. Run 'postgres-ai mon local-install' first.");
     process.exitCode = 1;
     return;
   }
-  const stats = fs4.statSync(cfgPath);
+  const stats = fs5.statSync(cfgPath);
   if (stats.isDirectory()) {
     console.error(".pgwatch-config is a directory, expected a file. Cannot read credentials.");
     process.exitCode = 1;
     return;
   }
-  const content = fs4.readFileSync(cfgPath, "utf8");
+  const content = fs5.readFileSync(cfgPath, "utf8");
   const lines = content.split(/\r?\n/);
   let password = "";
   for (const line of lines) {
@@ -25976,29 +27960,29 @@ mcp.command("install [client]").description("install MCP server configuration fo
     let configDir;
     switch (client) {
       case "cursor":
-        configPath = path4.join(homeDir, ".cursor", "mcp.json");
-        configDir = path4.dirname(configPath);
+        configPath = path5.join(homeDir, ".cursor", "mcp.json");
+        configDir = path5.dirname(configPath);
         break;
       case "windsurf":
-        configPath = path4.join(homeDir, ".windsurf", "mcp.json");
-        configDir = path4.dirname(configPath);
+        configPath = path5.join(homeDir, ".windsurf", "mcp.json");
+        configDir = path5.dirname(configPath);
         break;
       case "codex":
-        configPath = path4.join(homeDir, ".codex", "mcp.json");
-        configDir = path4.dirname(configPath);
+        configPath = path5.join(homeDir, ".codex", "mcp.json");
+        configDir = path5.dirname(configPath);
         break;
       default:
         console.error(`Configuration not implemented for: ${client}`);
         process.exitCode = 1;
         return;
     }
-    if (!fs4.existsSync(configDir)) {
-      fs4.mkdirSync(configDir, { recursive: true });
+    if (!fs5.existsSync(configDir)) {
+      fs5.mkdirSync(configDir, { recursive: true });
     }
     let config2 = { mcpServers: {} };
-    if (fs4.existsSync(configPath)) {
+    if (fs5.existsSync(configPath)) {
       try {
-        const content = fs4.readFileSync(configPath, "utf8");
+        const content = fs5.readFileSync(configPath, "utf8");
         config2 = JSON.parse(content);
         if (!config2.mcpServers) {
           config2.mcpServers = {};
@@ -26011,7 +27995,7 @@ mcp.command("install [client]").description("install MCP server configuration fo
       command: pgaiPath,
       args: ["mcp", "start"]
     };
-    fs4.writeFileSync(configPath, JSON.stringify(config2, null, 2), "utf8");
+    fs5.writeFileSync(configPath, JSON.stringify(config2, null, 2), "utf8");
     console.log(`\u2713 PostgresAI MCP server configured for ${client}`);
     console.log(`  Config file: ${configPath}`);
     console.log("");