postgresai 0.14.0-dev.81 → 0.14.0-dev.83

package/bin/postgres-ai.ts

@@ -758,7 +758,7 @@ program
 
       const supabaseClient = new SupabaseClient(supabaseConfig);
 
-      // Fetch database URL for JSON output (non-blocking, best-effort)
+      // Fetch database URL for JSON output (best-effort, errors return null)
       let databaseUrl: string | null = null;
       if (jsonOutput) {
         databaseUrl = await fetchPoolerDatabaseUrl(supabaseConfig, opts.monitoringUser);
@@ -1648,12 +1648,13 @@ program
   .option("--check-id <id>", `specific check to run (see list below), or ALL`, "ALL")
   .option("--node-name <name>", "node name for reports", "node-01")
   .option("--output <path>", "output directory for JSON files")
-  .option("--[no-]upload", "upload JSON results to PostgresAI (default: enabled; requires API key)", undefined)
+  .option("--upload", "upload JSON results to PostgresAI (requires API key)")
+  .option("--no-upload", "disable upload to PostgresAI")
   .option(
     "--project <project>",
     "project name or ID for remote upload (used with --upload; defaults to config defaultProject; auto-generated on first run)"
   )
-  .option("--json", "output JSON to stdout (implies --no-upload)")
+  .option("--json", "output JSON to stdout")
   .addHelpText(
     "after",
     [
@@ -1678,7 +1679,9 @@ program
 
     const shouldPrintJson = !!opts.json;
     const uploadExplicitlyRequested = opts.upload === true;
-    const uploadExplicitlyDisabled = opts.upload === false || shouldPrintJson;
+    // Note: --json and --upload/--no-upload are independent flags.
+    // Use --no-upload to explicitly disable upload when using --json.
+    const uploadExplicitlyDisabled = opts.upload === false;
     let shouldUpload = !uploadExplicitlyDisabled;
 
     // Preflight: validate/create output directory BEFORE connecting / running checks.
@@ -1830,7 +1833,8 @@ async function resolveOrInitPaths(): Promise<PathResolution> {
  */
 function isDockerRunning(): boolean {
   try {
-    const result = spawnSync("docker", ["info"], { stdio: "pipe", timeout: 5000 });
+    // Note: timeout is supported by Bun but not in @types/bun
+    const result = spawnSync("docker", ["info"], { stdio: "pipe", timeout: 5000 } as Parameters<typeof spawnSync>[2]);
     return result.status === 0;
   } catch {
     return false;
@@ -1842,7 +1846,7 @@ function isDockerRunning(): boolean {
  */
 function getComposeCmd(): string[] | null {
   const tryCmd = (cmd: string, args: string[]): boolean =>
-    spawnSync(cmd, args, { stdio: "ignore", timeout: 5000 }).status === 0;
+    spawnSync(cmd, args, { stdio: "ignore", timeout: 5000 } as Parameters<typeof spawnSync>[2]).status === 0;
   if (tryCmd("docker-compose", ["version"])) return ["docker-compose"];
   if (tryCmd("docker", ["compose", "version"])) return ["docker", "compose"];
   return null;
@@ -1856,7 +1860,7 @@ function checkRunningContainers(): { running: boolean; containers: string[] } {
     const result = spawnSync(
       "docker",
       ["ps", "--filter", "name=grafana-with-datasources", "--filter", "name=pgwatch", "--format", "{{.Names}}"],
-      { stdio: "pipe", encoding: "utf8", timeout: 5000 }
+      { stdio: "pipe", encoding: "utf8", timeout: 5000 } as Parameters<typeof spawnSync>[2]
     );
 
     if (result.status === 0 && result.stdout) {

package/bun.lock

@@ -11,12 +11,12 @@
         "pg": "^8.16.3",
       },
       "devDependencies": {
-        "@types/bun": "^1.1.14",
+        "@types/bun": "^1.3.6",
         "@types/js-yaml": "^4.0.9",
         "@types/pg": "^8.15.6",
         "ajv": "^8.17.1",
         "ajv-formats": "^3.0.1",
-        "typescript": "^5.3.3",
+        "typescript": "^5.9.3",
       },
     },
   },
@@ -25,7 +25,7 @@
 
     "@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.25.1", "", { "dependencies": { "@hono/node-server": "^1.19.7", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", "jose": "^6.1.1", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.0" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1", "zod": "^3.25 || ^4.0" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ=="],
 
-    "@types/bun": ["@types/bun@1.3.5", "", { "dependencies": { "bun-types": "1.3.5" } }, "sha512-RnygCqNrd3srIPEWBd5LFeUYG7plCoH2Yw9WaZGyNmdTEei+gWaHqydbaIRkIkcbXwhBT94q78QljxN0Sk838w=="],
+    "@types/bun": ["@types/bun@1.3.6", "", { "dependencies": { "bun-types": "1.3.6" } }, "sha512-uWCv6FO/8LcpREhenN1d1b6fcspAB+cefwD7uti8C8VffIv0Um08TKMn98FynpTiU38+y2dUO55T11NgDt8VAA=="],
 
     "@types/js-yaml": ["@types/js-yaml@4.0.9", "", {}, "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg=="],
 
@@ -43,7 +43,7 @@
 
     "body-parser": ["body-parser@2.2.1", "", { "dependencies": { "bytes": "^3.1.2", "content-type": "^1.0.5", "debug": "^4.4.3", "http-errors": "^2.0.0", "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", "qs": "^6.14.0", "raw-body": "^3.0.1", "type-is": "^2.0.1" } }, "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw=="],
 
-    "bun-types": ["bun-types@1.3.5", "", { "dependencies": { "@types/node": "*" } }, "sha512-inmAYe2PFLs0SUbFOWSVD24sg1jFlMPxOjOSSCYqUgn4Hsc3rDc7dFvfVYjFPNHtov6kgUeulV4SxbuIV/stPw=="],
+    "bun-types": ["bun-types@1.3.6", "", { "dependencies": { "@types/node": "*" } }, "sha512-OlFwHcnNV99r//9v5IIOgQ9Uk37gZqrNMCcqEaExdkVq3Avwqok1bJFmvGMCkCE0FqzdY8VMOZpfpR3lwI+CsQ=="],
 
     "bytes": ["bytes@3.1.2", "", {}, "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="],
 

package/dist/bin/postgres-ai.js

@@ -13064,7 +13064,7 @@ var {
 // package.json
 var package_default = {
   name: "postgresai",
-  version: "0.14.0-dev.81",
+  version: "0.14.0-dev.83",
   description: "postgres_ai CLI",
   license: "Apache-2.0",
   private: false,
@@ -13098,7 +13098,7 @@ var package_default = {
     "start:node": "node ./dist/bin/postgres-ai.js --help",
     dev: "bun run embed-all && bun --watch ./bin/postgres-ai.ts",
     test: "bun run embed-all && bun test",
-    "test:fast": "bun run embed-all && bun test",
+    "test:fast": "bun run embed-all && bun test --coverage=false",
     "test:coverage": "bun run embed-all && bun test --coverage && echo 'Coverage report: cli/coverage/lcov-report/index.html'",
     typecheck: "bun run embed-all && bunx tsc --noEmit"
   },
@@ -13109,12 +13109,12 @@ var package_default = {
     pg: "^8.16.3"
   },
   devDependencies: {
-    "@types/bun": "^1.1.14",
+    "@types/bun": "^1.3.6",
     "@types/js-yaml": "^4.0.9",
     "@types/pg": "^8.15.6",
     ajv: "^8.17.1",
     "ajv-formats": "^3.0.1",
-    typescript: "^5.3.3"
+    typescript: "^5.9.3"
   },
   publishConfig: {
     access: "public"
@@ -15889,7 +15889,7 @@ var Result = import_lib.default.Result;
 var TypeOverrides = import_lib.default.TypeOverrides;
 var defaults = import_lib.default.defaults;
 // package.json
-var version = "0.14.0-dev.81";
+var version = "0.14.0-dev.83";
 var package_default2 = {
   name: "postgresai",
   version,
@@ -15926,7 +15926,7 @@ var package_default2 = {
     "start:node": "node ./dist/bin/postgres-ai.js --help",
     dev: "bun run embed-all && bun --watch ./bin/postgres-ai.ts",
     test: "bun run embed-all && bun test",
-    "test:fast": "bun run embed-all && bun test",
+    "test:fast": "bun run embed-all && bun test --coverage=false",
     "test:coverage": "bun run embed-all && bun test --coverage && echo 'Coverage report: cli/coverage/lcov-report/index.html'",
     typecheck: "bun run embed-all && bunx tsc --noEmit"
   },
@@ -15937,12 +15937,12 @@ var package_default2 = {
     pg: "^8.16.3"
   },
   devDependencies: {
-    "@types/bun": "^1.1.14",
+    "@types/bun": "^1.3.6",
     "@types/js-yaml": "^4.0.9",
     "@types/pg": "^8.15.6",
     ajv: "^8.17.1",
     "ajv-formats": "^3.0.1",
-    typescript: "^5.3.3"
+    typescript: "^5.9.3"
   },
   publishConfig: {
     access: "public"
@@ -25378,6 +25378,9 @@ class SupabaseClient {
 }
 async function fetchPoolerDatabaseUrl(config2, username) {
   const url = `${SUPABASE_API_BASE}/v1/projects/${encodeURIComponent(config2.projectRef)}/config/database/pooler`;
+  const suffix = `.${config2.projectRef}`;
+  const effectiveUsername = username.endsWith(suffix) ? username : `${username}${suffix}`;
+  const encodedUsername = encodeURIComponent(effectiveUsername);
   try {
     const response = await fetch(url, {
       method: "GET",
@@ -25392,13 +25395,13 @@ async function fetchPoolerDatabaseUrl(config2, username) {
     if (Array.isArray(data) && data.length > 0) {
       const pooler = data[0];
       if (pooler.db_host && pooler.db_port && pooler.db_name) {
-        return `postgresql://${username}@${pooler.db_host}:${pooler.db_port}/${pooler.db_name}`;
+        return `postgresql://${encodedUsername}@${pooler.db_host}:${pooler.db_port}/${pooler.db_name}`;
       }
       if (typeof pooler.connection_string === "string") {
         try {
           const connUrl = new URL(pooler.connection_string);
           const portPart = connUrl.port ? `:${connUrl.port}` : "";
-          return `postgresql://${username}@${connUrl.hostname}${portPart}${connUrl.pathname}`;
+          return `postgresql://${encodedUsername}@${connUrl.hostname}${portPart}${connUrl.pathname}`;
         } catch {
           return null;
         }
@@ -27103,7 +27106,7 @@ var CHECKUP_DICTIONARY_DATA = [
 ];
 
 // lib/checkup-dictionary.ts
-var dictionaryByCode = new Map(CHECKUP_DICTIONARY_DATA.map((entry) => [entry.code, entry]));
+var dictionaryByCode = new Map(CHECKUP_DICTIONARY_DATA.map((entry) => [entry.code.toUpperCase(), entry]));
 function buildCheckInfoMap() {
   const result = {};
   for (const entry of CHECKUP_DICTIONARY_DATA) {
@@ -27973,7 +27976,7 @@ async function generateAllReports(client, nodeName = "node-01", onProgress) {
 }
 
 // lib/checkup-dictionary.ts
-var dictionaryByCode2 = new Map(CHECKUP_DICTIONARY_DATA.map((entry) => [entry.code, entry]));
+var dictionaryByCode2 = new Map(CHECKUP_DICTIONARY_DATA.map((entry) => [entry.code.toUpperCase(), entry]));
 function getCheckupEntry(code) {
   return dictionaryByCode2.get(code.toUpperCase()) ?? null;
 }
@@ -29484,7 +29487,7 @@ program2.command("unprepare-db [conn]").description("remove monitoring setup: dr
     closeReadline();
   }
 });
-program2.command("checkup [conn]").description("generate health check reports directly from PostgreSQL (express mode)").option("--check-id <id>", `specific check to run (see list below), or ALL`, "ALL").option("--node-name <name>", "node name for reports", "node-01").option("--output <path>", "output directory for JSON files").option("--[no-]upload", "upload JSON results to PostgresAI (default: enabled; requires API key)", undefined).option("--project <project>", "project name or ID for remote upload (used with --upload; defaults to config defaultProject; auto-generated on first run)").option("--json", "output JSON to stdout (implies --no-upload)").addHelpText("after", [
+program2.command("checkup [conn]").description("generate health check reports directly from PostgreSQL (express mode)").option("--check-id <id>", `specific check to run (see list below), or ALL`, "ALL").option("--node-name <name>", "node name for reports", "node-01").option("--output <path>", "output directory for JSON files").option("--upload", "upload JSON results to PostgresAI (requires API key)").option("--no-upload", "disable upload to PostgresAI").option("--project <project>", "project name or ID for remote upload (used with --upload; defaults to config defaultProject; auto-generated on first run)").option("--json", "output JSON to stdout").addHelpText("after", [
   "",
   "Available checks:",
   ...Object.entries(CHECK_INFO).map(([id, title]) => `  ${id}: ${title}`),
@@ -29504,7 +29507,7 @@ program2.command("checkup [conn]").description("generate health check reports di
   }
   const shouldPrintJson = !!opts.json;
   const uploadExplicitlyRequested = opts.upload === true;
-  const uploadExplicitlyDisabled = opts.upload === false || shouldPrintJson;
+  const uploadExplicitlyDisabled = opts.upload === false;
   let shouldUpload = !uploadExplicitlyDisabled;
   const outputPath = prepareOutputDirectory(opts.output);
   if (outputPath === null) {

package/lib/checkup-dictionary.ts

@@ -32,9 +32,10 @@ export interface CheckupDictionaryEntry {
 /**
  * Module-level cache for O(1) lookups by code.
  * Initialized at module load time from embedded data.
+ * Keys are normalized to uppercase for case-insensitive lookups.
  */
 const dictionaryByCode: Map<string, CheckupDictionaryEntry> = new Map(
-  CHECKUP_DICTIONARY_DATA.map((entry) => [entry.code, entry])
+  CHECKUP_DICTIONARY_DATA.map((entry) => [entry.code.toUpperCase(), entry])
 );
 
 /**
@@ -49,7 +50,7 @@ export function getAllCheckupEntries(): CheckupDictionaryEntry[] {
 /**
  * Get a checkup dictionary entry by its code.
  *
- * @param code - The check code (e.g., "A001", "H002")
+ * @param code - The check code (e.g., "A001", "H002"). Lookup is case-insensitive.
  * @returns The dictionary entry or null if not found
  */
 export function getCheckupEntry(code: string): CheckupDictionaryEntry | null {

package/lib/mcp-server.ts

@@ -447,7 +447,7 @@ export async function startMcpServer(rootOpts?: RootOptsLike, extra?: { debug?:
   });
 
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  server.setRequestHandler(CallToolRequestSchema, async (req: any) => {
+  server.setRequestHandler(CallToolRequestSchema, async (req: any): Promise<any> => {
     return handleToolCall(req, rootOpts, extra);
   });
 

package/lib/supabase.ts

@@ -337,9 +337,14 @@ export class SupabaseClient {
  * Fetch the database pooler connection string from Supabase Management API.
  * Returns a postgresql:// URL with the specified username but no password.
  *
+ * Note: The username will be automatically suffixed with `.<projectRef>` if not
+ * already present, as required by Supabase pooler connections.
+ *
  * @param config Supabase configuration with projectRef and accessToken
- * @param username Username to include in the URL (e.g., monitoring user)
- * @returns Database URL without password (e.g., "postgresql://user@host:port/postgres")
+ * @param username Username to include in the URL (e.g., monitoring user).
+ *                 Will be transformed to `<username>.<projectRef>` format.
+ * @returns Database URL without password (e.g., "postgresql://user.project@host:port/postgres"),
+ *          or null if the API call fails or returns no pooler config.
  */
 export async function fetchPoolerDatabaseUrl(
   config: SupabaseConfig,
@@ -347,6 +352,14 @@ export async function fetchPoolerDatabaseUrl(
 ): Promise<string | null> {
   const url = `${SUPABASE_API_BASE}/v1/projects/${encodeURIComponent(config.projectRef)}/config/database/pooler`;
 
+  // For Supabase pooler connections, the username must include the project ref:
+  //   <user>.<project_ref>
+  // Example:
+  //   postgresql://postgres_ai_mon.xhaqmsvczjkkvkgdyast@aws-1-eu-west-1.pooler.supabase.com:6543/postgres
+  const suffix = `.${config.projectRef}`;
+  const effectiveUsername = username.endsWith(suffix) ? username : `${username}${suffix}`;
+  // URL-encode the username to handle special characters safely
+  const encodedUsername = encodeURIComponent(effectiveUsername);
   try {
     const response = await fetch(url, {
       method: "GET",
@@ -367,7 +380,7 @@ export async function fetchPoolerDatabaseUrl(
       const pooler = data[0];
       // Build URL from components if available
       if (pooler.db_host && pooler.db_port && pooler.db_name) {
-        return `postgresql://${username}@${pooler.db_host}:${pooler.db_port}/${pooler.db_name}`;
+        return `postgresql://${encodedUsername}@${pooler.db_host}:${pooler.db_port}/${pooler.db_name}`;
       }
       // Fallback: try to extract from connection_string if present
       if (typeof pooler.connection_string === "string") {
@@ -375,7 +388,7 @@ export async function fetchPoolerDatabaseUrl(
           const connUrl = new URL(pooler.connection_string);
           // Use provided username; handle empty port for default ports (e.g., 5432)
           const portPart = connUrl.port ? `:${connUrl.port}` : "";
-          return `postgresql://${username}@${connUrl.hostname}${portPart}${connUrl.pathname}`;
+          return `postgresql://${encodedUsername}@${connUrl.hostname}${portPart}${connUrl.pathname}`;
         } catch {
           return null;
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresai",
-  "version": "0.14.0-dev.81",
+  "version": "0.14.0-dev.83",
   "description": "postgres_ai CLI",
   "license": "Apache-2.0",
   "private": false,
@@ -34,7 +34,7 @@
     "start:node": "node ./dist/bin/postgres-ai.js --help",
     "dev": "bun run embed-all && bun --watch ./bin/postgres-ai.ts",
     "test": "bun run embed-all && bun test",
-    "test:fast": "bun run embed-all && bun test",
+    "test:fast": "bun run embed-all && bun test --coverage=false",
     "test:coverage": "bun run embed-all && bun test --coverage && echo 'Coverage report: cli/coverage/lcov-report/index.html'",
     "typecheck": "bun run embed-all && bunx tsc --noEmit"
   },
@@ -45,12 +45,12 @@
     "pg": "^8.16.3"
   },
   "devDependencies": {
-    "@types/bun": "^1.1.14",
+    "@types/bun": "^1.3.6",
     "@types/js-yaml": "^4.0.9",
     "@types/pg": "^8.15.6",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
-    "typescript": "^5.3.3"
+    "typescript": "^5.9.3"
   },
   "publishConfig": {
     "access": "public"

package/test/checkup.test.ts

@@ -1,5 +1,6 @@
 import { describe, test, expect } from "bun:test";
 import { resolve } from "path";
+import type { Client } from "pg";
 
 // Import from source directly since we're using Bun
 import * as checkup from "../lib/checkup";
@@ -947,6 +948,66 @@ describe("CLI tests", () => {
     expect(r.stdout).toMatch(/available checks/i);
     expect(r.stdout).toMatch(/A002/);
   });
+
+  test("checkup --help shows --upload and --no-upload options", () => {
+    const r = runCli(["checkup", "--help"]);
+    expect(r.status).toBe(0);
+    expect(r.stdout).toMatch(/--upload/);
+    expect(r.stdout).toMatch(/--no-upload/);
+  });
+
+  test("checkup --no-upload is recognized as valid option", () => {
+    // Should not produce "unknown option" error for --no-upload
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--no-upload"]);
+    // Connection will fail, but option parsing should succeed
+    expect(r.stderr).not.toMatch(/unknown option/i);
+    expect(r.stderr).not.toMatch(/did you mean/i);
+  });
+
+  test("checkup --upload is recognized as valid option", () => {
+    // Should not produce "unknown option" error for --upload
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--upload"]);
+    // Connection will fail, but option parsing should succeed
+    expect(r.stderr).not.toMatch(/unknown option/i);
+    expect(r.stderr).not.toMatch(/did you mean/i);
+  });
+
+  test("checkup --json does not imply --no-upload (decoupled behavior)", () => {
+    // Use empty config dir to ensure no API key is configured
+    const env = { XDG_CONFIG_HOME: "/tmp/postgresai-test-empty-config" };
+    // --json alone should NOT disable upload - when --upload is explicitly requested
+    // with --json, it should require API key (proving upload is not disabled)
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--json", "--upload"], env);
+    // Should fail with "API key is required" because upload is enabled
+    expect(r.stderr).toMatch(/API key is required/i);
+    expect(r.stderr).not.toMatch(/unknown option/i);
+  });
+
+  test("checkup --json --no-upload explicitly disables upload", () => {
+    // Use empty config dir to ensure no API key is configured
+    const env = { XDG_CONFIG_HOME: "/tmp/postgresai-test-empty-config" };
+    // --json with --no-upload should disable upload (no API key error)
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--json", "--no-upload"], env);
+    // Should NOT show "API key is required" because upload is disabled
+    expect(r.stderr).not.toMatch(/API key is required/i);
+    expect(r.stderr).not.toMatch(/unknown option/i);
+  });
+
+  test("checkup --upload requires API key", () => {
+    // Use empty config dir to ensure no API key is configured
+    const env = { XDG_CONFIG_HOME: "/tmp/postgresai-test-empty-config" };
+    // --upload explicitly requests upload, should fail without API key
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--upload"], env);
+    expect(r.stderr).toMatch(/API key is required/i);
+  });
+
+  test("checkup --no-upload does not require API key", () => {
+    // Use empty config dir to ensure no API key is configured
+    const env = { XDG_CONFIG_HOME: "/tmp/postgresai-test-empty-config" };
+    // --no-upload disables upload, should not require API key
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--no-upload"], env);
+    expect(r.stderr).not.toMatch(/API key is required/i);
+  });
 });
 
 // Tests for checkup-api module

package/test/init.test.ts

@@ -68,9 +68,9 @@ describe("init module", () => {
     expect(plan.database).toBe("mydb");
     const roleStep = plan.steps.find((s: { name: string }) => s.name === "01.role");
     expect(roleStep).toBeTruthy();
-    expect(roleStep.sql).toMatch(/do\s+\$\$/i);
-    expect(roleStep.sql).toMatch(/create\s+user/i);
-    expect(roleStep.sql).toMatch(/alter\s+user/i);
+    expect(roleStep!.sql).toMatch(/do\s+\$\$/i);
+    expect(roleStep!.sql).toMatch(/create\s+user/i);
+    expect(roleStep!.sql).toMatch(/alter\s+user/i);
     expect(plan.steps.some((s: { optional?: boolean }) => s.optional)).toBe(false);
   });
 
@@ -86,12 +86,12 @@ describe("init module", () => {
 
     const roleStep = plan.steps.find((s: { name: string }) => s.name === "01.role");
     expect(roleStep).toBeTruthy();
-    expect(roleStep.sql).toMatch(/create\s+user\s+"user ""with"" quotes ✓"/i);
-    expect(roleStep.sql).toMatch(/alter\s+user\s+"user ""with"" quotes ✓"/i);
+    expect(roleStep!.sql).toMatch(/create\s+user\s+"user ""with"" quotes ✓"/i);
+    expect(roleStep!.sql).toMatch(/alter\s+user\s+"user ""with"" quotes ✓"/i);
 
     const permStep = plan.steps.find((s: { name: string }) => s.name === "03.permissions");
     expect(permStep).toBeTruthy();
-    expect(permStep.sql).toMatch(/grant connect on database "db name ""with"" quotes ✓" to "user ""with"" quotes ✓"/i);
+    expect(permStep!.sql).toMatch(/grant connect on database "db name ""with"" quotes ✓" to "user ""with"" quotes ✓"/i);
   });
 
   test("buildInitPlan keeps backslashes in passwords (no unintended escaping)", async () => {
@@ -104,7 +104,7 @@ describe("init module", () => {
     });
     const roleStep = plan.steps.find((s: { name: string }) => s.name === "01.role");
     expect(roleStep).toBeTruthy();
-    expect(roleStep.sql).toContain(`password '${pw}'`);
+    expect(roleStep!.sql).toContain(`password '${pw}'`);
   });
 
   test("buildInitPlan rejects identifiers with null bytes", async () => {
@@ -138,8 +138,8 @@ describe("init module", () => {
     });
     const step = plan.steps.find((s: { name: string }) => s.name === "01.role");
     expect(step).toBeTruthy();
-    expect(step.sql).toMatch(/password 'pa''ss'/);
-    expect(step.params).toBeUndefined();
+    expect(step!.sql).toMatch(/password 'pa''ss'/);
+    expect(step!.params).toBeUndefined();
   });
 
   test("buildInitPlan includes optional steps when enabled", async () => {
@@ -420,7 +420,7 @@ describe("init module", () => {
     });
     const step = plan.steps.find((s: { name: string }) => s.name === "01.role");
     expect(step).toBeTruthy();
-    const redacted = init.redactPasswordsInSql(step.sql);
+    const redacted = init.redactPasswordsInSql(step!.sql);
     expect(redacted).toMatch(/password '<redacted>'/i);
   });
 

package/test/issues.test.ts

@@ -60,7 +60,7 @@ describe("createIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     const result = await createIssue({
       apiKey: "test-key",
@@ -93,7 +93,7 @@ describe("createIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       );
-    });
+    }) as unknown as typeof fetch;
 
     const result = await createIssue({
       apiKey: "test-key",
@@ -127,7 +127,7 @@ describe("createIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     await expect(
       createIssue({
@@ -194,7 +194,7 @@ describe("updateIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     const result = await updateIssue({
       apiKey: "test-key",
@@ -223,7 +223,7 @@ describe("updateIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     const result = await updateIssue({
       apiKey: "test-key",
@@ -252,7 +252,7 @@ describe("updateIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     const result = await updateIssue({
       apiKey: "test-key",
@@ -281,7 +281,7 @@ describe("updateIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     const result = await updateIssue({
       apiKey: "test-key",
@@ -313,7 +313,7 @@ describe("updateIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       );
-    });
+    }) as unknown as typeof fetch;
 
     await updateIssue({
       apiKey: "test-key",
@@ -345,7 +345,7 @@ describe("updateIssue", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     await expect(
       updateIssue({
@@ -414,7 +414,7 @@ describe("updateIssueComment", () => {
           headers: { "Content-Type": "application/json" },
         })
       );
-    });
+    }) as unknown as typeof fetch;
 
     const result = await updateIssueComment({
       apiKey: "test-key",
@@ -442,7 +442,7 @@ describe("updateIssueComment", () => {
           headers: { "Content-Type": "application/json" },
         })
       )
-    );
+    ) as unknown as typeof fetch;
 
     await expect(
       updateIssueComment({

package/test/mcp-server.test.ts

@@ -96,21 +96,21 @@ describe("MCP Server", () => {
       });
 
       // Mock fetch to verify API key is used
-      let capturedHeaders: HeadersInit | undefined;
+      let capturedHeaders: Record<string, string> | undefined;
       globalThis.fetch = mock((url: string, options?: RequestInit) => {
-        capturedHeaders = options?.headers;
+        capturedHeaders = options?.headers as Record<string, string> | undefined;
         return Promise.resolve(
           new Response(JSON.stringify([]), {
             status: 200,
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(createRequest("list_issues"), { apiKey: "test-api-key" });
 
       expect(capturedHeaders).toBeDefined();
-      expect((capturedHeaders as Record<string, string>)["access-token"]).toBe("test-api-key");
+      expect(capturedHeaders!["access-token"]).toBe("test-api-key");
 
       readConfigSpy.mockRestore();
     });
@@ -123,21 +123,21 @@ describe("MCP Server", () => {
         defaultProject: null,
       });
 
-      let capturedHeaders: HeadersInit | undefined;
+      let capturedHeaders: Record<string, string> | undefined;
       globalThis.fetch = mock((url: string, options?: RequestInit) => {
-        capturedHeaders = options?.headers;
+        capturedHeaders = options?.headers as Record<string, string> | undefined;
         return Promise.resolve(
           new Response(JSON.stringify([]), {
             status: 200,
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(createRequest("list_issues"));
 
       expect(capturedHeaders).toBeDefined();
-      expect((capturedHeaders as Record<string, string>)["access-token"]).toBe("config-api-key");
+      expect(capturedHeaders!["access-token"]).toBe("config-api-key");
 
       readConfigSpy.mockRestore();
     });
@@ -152,21 +152,21 @@ describe("MCP Server", () => {
         defaultProject: null,
       });
 
-      let capturedHeaders: HeadersInit | undefined;
+      let capturedHeaders: Record<string, string> | undefined;
       globalThis.fetch = mock((url: string, options?: RequestInit) => {
-        capturedHeaders = options?.headers;
+        capturedHeaders = options?.headers as Record<string, string> | undefined;
         return Promise.resolve(
           new Response(JSON.stringify([]), {
             status: 200,
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(createRequest("list_issues"));
 
       expect(capturedHeaders).toBeDefined();
-      expect((capturedHeaders as Record<string, string>)["access-token"]).toBe("env-api-key");
+      expect(capturedHeaders!["access-token"]).toBe("env-api-key");
 
       readConfigSpy.mockRestore();
     });
@@ -193,7 +193,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("list_issues"));
 
@@ -220,7 +220,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("list_issues"));
 
@@ -280,7 +280,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("view_issue", { issue_id: "nonexistent-id" }));
 
@@ -319,7 +319,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("view_issue", { issue_id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" }));
 
@@ -386,7 +386,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(
         createRequest("post_issue_comment", {
@@ -419,7 +419,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("post_issue_comment", {
@@ -504,7 +504,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(createRequest("create_issue", { title: "Test Issue" }));
 
@@ -532,7 +532,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(
         createRequest("create_issue", {
@@ -566,7 +566,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("create_issue", {
@@ -679,7 +679,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(
         createRequest("update_issue", {
@@ -712,7 +712,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_issue", { issue_id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", title: "New Title" })
@@ -740,7 +740,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_issue", { issue_id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", status: 1 })
@@ -771,7 +771,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_issue", { issue_id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", labels: ["new-label"] })
@@ -802,7 +802,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_issue", { issue_id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", status: 0 })
@@ -871,7 +871,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(
         createRequest("update_issue_comment", {
@@ -902,7 +902,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_issue_comment", {
@@ -999,7 +999,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("view_action_item", { action_item_id: "00000000-0000-0000-0000-000000000000" }));
 
@@ -1036,7 +1036,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("view_action_item", { action_item_id: "11111111-1111-1111-1111-111111111111" }));
 
@@ -1072,7 +1072,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("view_action_item", { action_item_ids: ["11111111-1111-1111-1111-111111111111", "22222222-2222-2222-2222-222222222222"] }));
 
@@ -1141,7 +1141,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(createRequest("list_action_items", { issue_id: "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" }));
 
@@ -1208,7 +1208,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("create_action_item", {
@@ -1243,7 +1243,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("create_action_item", {
@@ -1284,7 +1284,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       await handleToolCall(
         createRequest("create_action_item", {
@@ -1375,7 +1375,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_action_item", { action_item_id: "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", title: "New Title" })
@@ -1407,7 +1407,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_action_item", { action_item_id: "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", is_done: true })
@@ -1438,7 +1438,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         );
-      });
+      }) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("update_action_item", {
@@ -1492,7 +1492,7 @@ describe("MCP Server", () => {
             headers: { "Content-Type": "application/json" },
           })
         )
-      );
+      ) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("create_issue", { title: "Test Issue" })
@@ -1512,7 +1512,7 @@ describe("MCP Server", () => {
         defaultProject: null,
       });
 
-      globalThis.fetch = mock(() => Promise.reject(new Error("Network error")));
+      globalThis.fetch = mock(() => Promise.reject(new Error("Network error"))) as unknown as typeof fetch;
 
       const response = await handleToolCall(
         createRequest("create_issue", { title: "Test Issue" })

package/test/supabase.test.ts

@@ -2,6 +2,7 @@ import { describe, expect, test, beforeEach, afterEach, mock } from "bun:test";
 import {
   resolveSupabaseConfig,
   extractProjectRefFromUrl,
+  fetchPoolerDatabaseUrl,
   SupabaseClient,
   applyInitPlanViaSupabase,
   verifyInitSetupViaSupabase,
@@ -137,6 +138,146 @@ describe("Supabase module", () => {
     });
   });
 
+  describe("fetchPoolerDatabaseUrl", () => {
+    const originalFetch = globalThis.fetch;
+
+    afterEach(() => {
+      globalThis.fetch = originalFetch;
+    });
+
+    test("returns pooler db url with username including project ref (db_host/db_port/db_name response)", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(
+            JSON.stringify([
+              {
+                db_host: "aws-1-eu-west-1.pooler.supabase.com",
+                db_port: 6543,
+                db_name: "postgres",
+              },
+            ]),
+            { status: 200 }
+          )
+        )
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon"
+      );
+      expect(url).toBe(
+        "postgresql://postgres_ai_mon.xhaqmsvczjkkvkgdyast@aws-1-eu-west-1.pooler.supabase.com:6543/postgres"
+      );
+    });
+
+    test("does not double-append project ref if username already has it", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(
+            JSON.stringify([
+              {
+                db_host: "aws-1-eu-west-1.pooler.supabase.com",
+                db_port: 6543,
+                db_name: "postgres",
+              },
+            ]),
+            { status: 200 }
+          )
+        )
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon.xhaqmsvczjkkvkgdyast"
+      );
+      expect(url).toBe(
+        "postgresql://postgres_ai_mon.xhaqmsvczjkkvkgdyast@aws-1-eu-west-1.pooler.supabase.com:6543/postgres"
+      );
+    });
+
+    test("returns pooler db url via connection_string fallback path", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(
+            JSON.stringify([
+              {
+                // No db_host/db_port/db_name - uses connection_string fallback
+                connection_string:
+                  "postgresql://ignored@aws-1-eu-west-1.pooler.supabase.com:6543/postgres",
+              },
+            ]),
+            { status: 200 }
+          )
+        )
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon"
+      );
+      expect(url).toBe(
+        "postgresql://postgres_ai_mon.xhaqmsvczjkkvkgdyast@aws-1-eu-west-1.pooler.supabase.com:6543/postgres"
+      );
+    });
+
+    test("returns null for invalid connection_string URL", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(
+          new Response(
+            JSON.stringify([
+              {
+                connection_string: "not-a-valid-url",
+              },
+            ]),
+            { status: 200 }
+          )
+        )
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon"
+      );
+      expect(url).toBeNull();
+    });
+
+    test("returns null for empty API response", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(new Response(JSON.stringify([]), { status: 200 }))
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon"
+      );
+      expect(url).toBeNull();
+    });
+
+    test("returns null for API error response", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(new Response("Unauthorized", { status: 401 }))
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon"
+      );
+      expect(url).toBeNull();
+    });
+
+    test("returns null when fetch throws network error", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.reject(new Error("Network error"))
+      ) as unknown as typeof fetch;
+
+      const url = await fetchPoolerDatabaseUrl(
+        { projectRef: "xhaqmsvczjkkvkgdyast", accessToken: "token" },
+        "postgres_ai_mon"
+      );
+      expect(url).toBeNull();
+    });
+  });
+
   describe("SupabaseClient", () => {
     test("throws error when project ref is empty", () => {
       expect(() => new SupabaseClient({ projectRef: "", accessToken: "token" })).toThrow(