postgresai 0.14.0-dev.70 → 0.14.0-dev.72

package/test/init.test.ts

@@ -152,6 +152,42 @@ describe("init module", () => {
     expect(plan.steps.some((s: { optional?: boolean }) => s.optional)).toBe(true);
   });
 
+  test("buildInitPlan skips role creation for supabase provider", async () => {
+    const plan = await init.buildInitPlan({
+      database: "mydb",
+      monitoringUser: DEFAULT_MONITORING_USER,
+      monitoringPassword: "pw",
+      includeOptionalPermissions: false,
+      provider: "supabase",
+    });
+    expect(plan.steps.some((s) => s.name === "01.role")).toBe(false);
+    expect(plan.steps.some((s) => s.name === "02.permissions")).toBe(true);
+  });
+
+  test("buildInitPlan removes ALTER USER for supabase provider", async () => {
+    const plan = await init.buildInitPlan({
+      database: "mydb",
+      monitoringUser: DEFAULT_MONITORING_USER,
+      monitoringPassword: "pw",
+      includeOptionalPermissions: false,
+      provider: "supabase",
+    });
+    const permStep = plan.steps.find((s) => s.name === "02.permissions");
+    expect(permStep).toBeDefined();
+    expect(permStep!.sql.toLowerCase()).not.toMatch(/alter user/);
+  });
+
+  test("buildInitPlan includes role creation for unknown provider", async () => {
+    const plan = await init.buildInitPlan({
+      database: "mydb",
+      monitoringUser: DEFAULT_MONITORING_USER,
+      monitoringPassword: "pw",
+      includeOptionalPermissions: false,
+      provider: "some-custom-provider",
+    });
+    expect(plan.steps.some((s) => s.name === "01.role")).toBe(true);
+  });
+
   test("resolveAdminConnection accepts positional URI", () => {
     const r = init.resolveAdminConnection({ conn: "postgresql://u:p@h:5432/d" });
     expect(r.clientConfig.connectionString).toBeTruthy();
@@ -290,6 +326,91 @@ describe("init module", () => {
     expect(calls[calls.length - 1].toLowerCase()).toBe("rollback;");
   });
 
+  test("verifyInitSetup skips search_path check for supabase provider", async () => {
+    const calls: string[] = [];
+    const client = {
+      query: async (sql: string, params?: any) => {
+        calls.push(String(sql));
+
+        if (String(sql).toLowerCase().startsWith("begin isolation level repeatable read")) {
+          return { rowCount: 1, rows: [] };
+        }
+        if (String(sql).toLowerCase() === "rollback;") {
+          return { rowCount: 1, rows: [] };
+        }
+        // Return empty rolconfig - would fail without provider=supabase
+        if (String(sql).includes("select rolconfig")) {
+          return { rowCount: 1, rows: [{ rolconfig: null }] };
+        }
+        if (String(sql).includes("from pg_catalog.pg_roles")) {
+          return { rowCount: 1, rows: [{ rolname: DEFAULT_MONITORING_USER }] };
+        }
+        if (String(sql).includes("has_database_privilege")) {
+          return { rowCount: 1, rows: [{ ok: true }] };
+        }
+        if (String(sql).includes("pg_has_role")) {
+          return { rowCount: 1, rows: [{ ok: true }] };
+        }
+        if (String(sql).includes("has_table_privilege")) {
+          return { rowCount: 1, rows: [{ ok: true }] };
+        }
+        if (String(sql).includes("to_regclass")) {
+          return { rowCount: 1, rows: [{ ok: true }] };
+        }
+        if (String(sql).includes("has_function_privilege")) {
+          return { rowCount: 1, rows: [{ ok: true }] };
+        }
+        if (String(sql).includes("has_schema_privilege")) {
+          return { rowCount: 1, rows: [{ ok: true }] };
+        }
+
+        throw new Error(`unexpected sql: ${sql} params=${JSON.stringify(params)}`);
+      },
+    };
+
+    // With provider=supabase, should pass even without search_path
+    const r = await init.verifyInitSetup({
+      client: client as any,
+      database: "mydb",
+      monitoringUser: DEFAULT_MONITORING_USER,
+      includeOptionalPermissions: false,
+      provider: "supabase",
+    });
+    expect(r.ok).toBe(true);
+    expect(r.missingRequired.length).toBe(0);
+    // Should not have queried for rolconfig since we skip search_path check
+    expect(calls.some((c) => c.includes("select rolconfig"))).toBe(false);
+  });
+
+  test("buildInitPlan preserves comments when filtering ALTER USER", async () => {
+    const plan = await init.buildInitPlan({
+      database: "mydb",
+      monitoringUser: DEFAULT_MONITORING_USER,
+      monitoringPassword: "pw",
+      includeOptionalPermissions: false,
+      provider: "supabase",
+    });
+    const permStep = plan.steps.find((s) => s.name === "02.permissions");
+    expect(permStep).toBeDefined();
+    // Should have removed ALTER USER but kept comments
+    expect(permStep!.sql.toLowerCase()).not.toMatch(/^\s*alter\s+user/m);
+    // Should still have comment lines
+    expect(permStep!.sql).toMatch(/^--/m);
+  });
+
+  test("validateProvider returns null for known providers", () => {
+    expect(init.validateProvider(undefined)).toBe(null);
+    expect(init.validateProvider("self-managed")).toBe(null);
+    expect(init.validateProvider("supabase")).toBe(null);
+  });
+
+  test("validateProvider returns warning for unknown providers", () => {
+    const warning = init.validateProvider("unknown-provider");
+    expect(warning).not.toBe(null);
+    expect(warning).toMatch(/Unknown provider/);
+    expect(warning).toMatch(/unknown-provider/);
+  });
+
   test("redactPasswordsInSql redacts password literals with embedded quotes", async () => {
     const plan = await init.buildInitPlan({
       database: "mydb",
@@ -319,6 +440,40 @@ describe("CLI commands", () => {
     expect(r.stdout).toMatch(new RegExp(`grant connect on database "mydb" to "${DEFAULT_MONITORING_USER}"`, "i"));
   });
 
+  test("cli: prepare-db --print-sql with --provider supabase skips role step", () => {
+    const r = runCli(["prepare-db", "--print-sql", "-d", "mydb", "--password", "monpw", "--provider", "supabase"]);
+    expect(r.status).toBe(0);
+    expect(r.stdout).toMatch(/provider: supabase/);
+    // Should not have 01.role step
+    expect(r.stdout).not.toMatch(/-- 01\.role/);
+    // Should have 02.permissions step
+    expect(r.stdout).toMatch(/-- 02\.permissions/);
+  });
+
+  test("cli: prepare-db warns about unknown provider", () => {
+    const r = runCli(["prepare-db", "--print-sql", "-d", "mydb", "--password", "monpw", "--provider", "unknown-cloud"]);
+    expect(r.status).toBe(0);
+    // Should warn about unknown provider
+    expect(r.stderr).toMatch(/Unknown provider.*unknown-cloud/);
+  });
+
+  test("cli: prepare-db --reset-password with supabase provider would have no role step", async () => {
+    // When using supabase provider, the role creation step is skipped.
+    // This means --reset-password (which only runs 01.role) would have no steps.
+    // The CLI should error in this case. We test the underlying plan logic here.
+    const plan = await (await import("../lib/init")).buildInitPlan({
+      database: "mydb",
+      monitoringUser: "mon",
+      monitoringPassword: "pw",
+      includeOptionalPermissions: false,
+      provider: "supabase",
+    });
+    // Simulate what --reset-password does: filter to only 01.role step
+    const resetPasswordSteps = plan.steps.filter((s) => s.name === "01.role");
+    // For supabase, this should be empty (role creation is skipped)
+    expect(resetPasswordSteps.length).toBe(0);
+  });
+
   test("pgai wrapper forwards to postgresai CLI", () => {
     const r = runPgai(["--help"]);
     expect(r.status).toBe(0);

package/test/issues.cli.test.ts

@@ -133,6 +133,43 @@ async function startFakeApi() {
         );
       }
 
+      // Action Items endpoints
+      if (req.method === "GET" && url.pathname.endsWith("/issue_action_items")) {
+        const issueIdParam = url.searchParams.get("issue_id");
+        const idParam = url.searchParams.get("id");
+        if (issueIdParam) {
+          // list_action_items
+          return new Response(
+            JSON.stringify([
+              { id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", issue_id: issueIdParam.replace("eq.", ""), title: "Action 1", is_done: false, status: "waiting_for_approval" },
+              { id: "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", issue_id: issueIdParam.replace("eq.", ""), title: "Action 2", is_done: true, status: "approved" },
+            ]),
+            { status: 200, headers: { "Content-Type": "application/json" } }
+          );
+        }
+        if (idParam) {
+          // view_action_item
+          const actionId = idParam.replace("eq.", "").replace("in.(", "").replace(")", "").split(",")[0];
+          return new Response(
+            JSON.stringify([
+              { id: actionId, issue_id: "11111111-1111-1111-1111-111111111111", title: "Test Action", description: "Test description", is_done: false, status: "waiting_for_approval", sql_action: "SELECT 1;", configs: [] },
+            ]),
+            { status: 200, headers: { "Content-Type": "application/json" } }
+          );
+        }
+      }
+
+      if (req.method === "POST" && url.pathname.endsWith("/rpc/issue_action_item_create")) {
+        return new Response(
+          JSON.stringify("cccccccc-cccc-cccc-cccc-cccccccccccc"),
+          { status: 200, headers: { "Content-Type": "application/json" } }
+        );
+      }
+
+      if (req.method === "POST" && url.pathname.endsWith("/rpc/issue_action_item_update")) {
+        return new Response("", { status: 200, headers: { "Content-Type": "application/json" } });
+      }
+
       return new Response("not found", { status: 404 });
     },
   });
@@ -312,3 +349,190 @@ describe("CLI issues command group", () => {
   });
 });
 
+describe("CLI action items commands", () => {
+  test("issues action-items fails fast when API key is missing", () => {
+    const r = runCli(["issues", "action-items", "00000000-0000-0000-0000-000000000000"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("API key is required");
+  });
+
+  test("issues action-items fails when issue_id is not a valid UUID", () => {
+    const r = runCli(["issues", "action-items", "invalid-id"], isolatedEnv({ PGAI_API_KEY: "test-key" }));
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("issueId must be a valid UUID");
+  });
+
+  test("issues action-items succeeds against a fake API", async () => {
+    const api = await startFakeApi();
+    try {
+      const r = await runCliAsync(
+        ["issues", "action-items", "11111111-1111-1111-1111-111111111111"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_API_BASE_URL: api.baseUrl,
+        })
+      );
+      expect(r.status).toBe(0);
+
+      const out = JSON.parse(r.stdout.trim());
+      expect(Array.isArray(out)).toBe(true);
+      expect(out.length).toBe(2);
+      expect(out[0].title).toBe("Action 1");
+    } finally {
+      api.stop();
+    }
+  });
+
+  test("issues view-action-item fails fast when API key is missing", () => {
+    const r = runCli(["issues", "view-action-item", "00000000-0000-0000-0000-000000000000"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("API key is required");
+  });
+
+  test("issues view-action-item fails when action_item_id is not a valid UUID", () => {
+    const r = runCli(["issues", "view-action-item", "invalid-id"], isolatedEnv({ PGAI_API_KEY: "test-key" }));
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("actionItemId is required and must be a valid UUID");
+  });
+
+  test("issues view-action-item succeeds against a fake API", async () => {
+    const api = await startFakeApi();
+    try {
+      const r = await runCliAsync(
+        ["issues", "view-action-item", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_API_BASE_URL: api.baseUrl,
+        })
+      );
+      expect(r.status).toBe(0);
+
+      const out = JSON.parse(r.stdout.trim());
+      expect(out[0].title).toBe("Test Action");
+      expect(out[0].sql_action).toBe("SELECT 1;");
+    } finally {
+      api.stop();
+    }
+  });
+
+  test("issues create-action-item fails fast when API key is missing", () => {
+    const r = runCli(["issues", "create-action-item", "00000000-0000-0000-0000-000000000000", "Test title"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("API key is required");
+  });
+
+  test("issues create-action-item fails when issue_id is not a valid UUID", () => {
+    const r = runCli(["issues", "create-action-item", "invalid-id", "Test title"], isolatedEnv({ PGAI_API_KEY: "test-key" }));
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("issueId must be a valid UUID");
+  });
+
+  test("issues create-action-item succeeds against a fake API", async () => {
+    const api = await startFakeApi();
+    try {
+      const r = await runCliAsync(
+        ["issues", "create-action-item", "11111111-1111-1111-1111-111111111111", "New action item", "--description", "Test description"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_API_BASE_URL: api.baseUrl,
+        })
+      );
+      expect(r.status).toBe(0);
+
+      const out = JSON.parse(r.stdout.trim());
+      expect(out.id).toBe("cccccccc-cccc-cccc-cccc-cccccccccccc");
+
+      const req = api.requests.find((x) => x.pathname.endsWith("/rpc/issue_action_item_create"));
+      expect(req).toBeTruthy();
+      expect(req!.headers["access-token"]).toBe("test-key");
+      expect(req!.bodyJson.issue_id).toBe("11111111-1111-1111-1111-111111111111");
+      expect(req!.bodyJson.title).toBe("New action item");
+      expect(req!.bodyJson.description).toBe("Test description");
+    } finally {
+      api.stop();
+    }
+  });
+
+  test("issues create-action-item interprets escape sequences", async () => {
+    const api = await startFakeApi();
+    try {
+      const r = await runCliAsync(
+        ["issues", "create-action-item", "11111111-1111-1111-1111-111111111111", "Title\\nwith newline", "--description", "Desc\\twith tab"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_API_BASE_URL: api.baseUrl,
+        })
+      );
+      expect(r.status).toBe(0);
+
+      const req = api.requests.find((x) => x.pathname.endsWith("/rpc/issue_action_item_create"));
+      expect(req).toBeTruthy();
+      expect(req!.bodyJson.title).toBe("Title\nwith newline");
+      expect(req!.bodyJson.description).toBe("Desc\twith tab");
+    } finally {
+      api.stop();
+    }
+  });
+
+  test("issues update-action-item fails fast when API key is missing", () => {
+    const r = runCli(["issues", "update-action-item", "00000000-0000-0000-0000-000000000000", "--done"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("API key is required");
+  });
+
+  test("issues update-action-item fails when action_item_id is not a valid UUID", () => {
+    const r = runCli(["issues", "update-action-item", "invalid-id", "--done"], isolatedEnv({ PGAI_API_KEY: "test-key" }));
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("actionItemId must be a valid UUID");
+  });
+
+  test("issues update-action-item fails when no update fields provided", () => {
+    const r = runCli(["issues", "update-action-item", "00000000-0000-0000-0000-000000000000"], isolatedEnv({ PGAI_API_KEY: "test-key" }));
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("At least one update option is required");
+  });
+
+  test("issues update-action-item succeeds with --done flag", async () => {
+    const api = await startFakeApi();
+    try {
+      const r = await runCliAsync(
+        ["issues", "update-action-item", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "--done"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_API_BASE_URL: api.baseUrl,
+        })
+      );
+      expect(r.status).toBe(0);
+
+      const req = api.requests.find((x) => x.pathname.endsWith("/rpc/issue_action_item_update"));
+      expect(req).toBeTruthy();
+      expect(req!.headers["access-token"]).toBe("test-key");
+      expect(req!.bodyJson.action_item_id).toBe("aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa");
+      expect(req!.bodyJson.is_done).toBe(true);
+    } finally {
+      api.stop();
+    }
+  });
+
+  test("issues update-action-item succeeds with --status flag", async () => {
+    const api = await startFakeApi();
+    try {
+      const r = await runCliAsync(
+        ["issues", "update-action-item", "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "--status", "approved", "--status-reason", "LGTM"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_API_BASE_URL: api.baseUrl,
+        })
+      );
+      expect(r.status).toBe(0);
+
+      const req = api.requests.find((x) => x.pathname.endsWith("/rpc/issue_action_item_update"));
+      expect(req).toBeTruthy();
+      expect(req!.bodyJson.status).toBe("approved");
+      expect(req!.bodyJson.status_reason).toBe("LGTM");
+    } finally {
+      api.stop();
+    }
+  });
+});
+