postgresai 0.15.0-dev.1 → 0.15.0-dev.10

package/lib/util.ts

@@ -70,15 +70,18 @@ export function maskSecret(secret: string): string {
 export interface RootOptsLike {
   apiBaseUrl?: string;
   uiBaseUrl?: string;
+  storageBaseUrl?: string;
 }
 
 export interface ConfigLike {
   baseUrl?: string | null;
+  storageBaseUrl?: string | null;
 }
 
 export interface ResolvedBaseUrls {
   apiBaseUrl: string;
   uiBaseUrl: string;
+  storageBaseUrl: string;
 }
 
 /**
@@ -105,17 +108,20 @@ export function normalizeBaseUrl(value: string): string {
 export function resolveBaseUrls(
   opts?: RootOptsLike,
   cfg?: ConfigLike,
-  defaults: { apiBaseUrl?: string; uiBaseUrl?: string } = {}
+  defaults: { apiBaseUrl?: string; uiBaseUrl?: string; storageBaseUrl?: string } = {}
 ): ResolvedBaseUrls {
   const defApi = defaults.apiBaseUrl || "https://postgres.ai/api/general/";
   const defUi = defaults.uiBaseUrl || "https://console.postgres.ai";
+  const defStorage = defaults.storageBaseUrl || "https://postgres.ai/storage";
 
   const apiCandidate = (opts?.apiBaseUrl || process.env.PGAI_API_BASE_URL || cfg?.baseUrl || defApi) as string;
   const uiCandidate = (opts?.uiBaseUrl || process.env.PGAI_UI_BASE_URL || defUi) as string;
+  const storageCandidate = (opts?.storageBaseUrl || process.env.PGAI_STORAGE_BASE_URL || cfg?.storageBaseUrl || defStorage) as string;
 
   return {
     apiBaseUrl: normalizeBaseUrl(apiCandidate),
     uiBaseUrl: normalizeBaseUrl(uiCandidate),
+    storageBaseUrl: normalizeBaseUrl(storageCandidate),
   };
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresai",
-  "version": "0.15.0-dev.1",
+  "version": "0.15.0-dev.10",
   "description": "postgres_ai CLI",
   "license": "Apache-2.0",
   "private": false,
@@ -28,7 +28,7 @@
     "embed-metrics": "bun run scripts/embed-metrics.ts",
     "embed-checkup-dictionary": "bun run scripts/embed-checkup-dictionary.ts",
     "embed-all": "bun run embed-metrics && bun run embed-checkup-dictionary",
-    "build": "bun run embed-all && bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e \"const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\" && cp -r ./sql ./dist/sql",
+    "build": "bun run embed-all && bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e \"const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\" && cp -r ./sql ./dist/sql && cp ../instances.demo.yml ./instances.demo.yml",
     "prepublishOnly": "npm run build",
     "start": "bun ./bin/postgres-ai.ts --help",
     "start:node": "node ./dist/bin/postgres-ai.js --help",
@@ -41,7 +41,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.20.2",
-    "commander": "^12.1.0",
+    "commander": "^14.0.3",
     "js-yaml": "^4.1.0",
     "pg": "^8.16.3"
   },
@@ -51,7 +51,7 @@
     "@types/pg": "^8.15.6",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
-    "typescript": "^5.9.3"
+    "typescript": "^6.0.2"
   },
   "publishConfig": {
     "access": "public"

package/scripts/embed-checkup-dictionary.ts

@@ -51,7 +51,16 @@ function generateTypeScript(data: CheckupDictionaryEntry[], sourceUrl: string):
   return lines.join("\n");
 }
 
+// Allowed hosts for fetch requests to prevent SSRF
+const ALLOWED_HOSTS = ["postgres.ai"];
+
 async function fetchWithTimeout(url: string, timeoutMs: number): Promise<Response> {
+  // Validate URL against allowlist to prevent SSRF
+  const parsed = new URL(url);
+  if (!ALLOWED_HOSTS.includes(parsed.hostname)) {
+    throw new Error(`Fetch blocked: host "${parsed.hostname}" is not in the allowlist`);
+  }
+
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
 

package/scripts/embed-metrics.ts

@@ -49,6 +49,8 @@ const REQUIRED_METRICS = [
   // Bloat estimation (F004, F005)
   "pg_table_bloat",
   "pg_btree_bloat",
+  // I/O statistics (I001)
+  "pg_stat_io",
 ];
 
 function main() {

package/test/PERMISSION_CHECK_TEST_SUMMARY.md

@@ -0,0 +1,139 @@
+# Permission Check Test Summary
+
+## Changes Made
+
+Changed all references from `public.pg_statistic` to `postgres_ai.pg_statistic` in:
+- `cli/lib/init.ts` - Permission check SQL query
+- `cli/test/init.test.ts` - All test expectations (28 occurrences)
+
+## Key Fix: Safe Schema Checking
+
+**Before (883fa95):**
+```sql
+exists (
+  select from pg_views
+  where schemaname = 'public' and viewname = 'pg_statistic'
+) as granted
+```
+
+**After (6db79f6) - INCORRECT, caused crashes:**
+```sql
+to_regclass('postgres_ai.pg_statistic') is not null as granted
+```
+
+**Current (this fix):**
+```sql
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  else to_regclass('postgres_ai.pg_statistic') is not null
+end as granted
+```
+
+### Why this fix matters
+
+**Issue with bare `to_regclass()`:**
+- Returns NULL when the schema doesn't exist ✓
+- Returns NULL when the view doesn't exist ✓
+- **Throws error** when the schema exists but user lacks USAGE privilege ✗
+
+**Fix:**
+- Check `has_schema_privilege()` first to avoid the permission error
+- Returns NULL safely in all cases where we can't check the view
+- Prevents crashes when postgres_ai schema exists but user lacks USAGE
+
+## Test Results
+
+### Unit Tests ✅
+```
+✓ 95 tests passed across 3 files
+  - 84 tests in init.test.ts (including 9 checkCurrentUserPermissions tests)
+  - 2 tests in config-consistency.test.ts
+  - 9 tests in permission-check-sql.test.ts
+```
+
+### Expected Behavior by Scenario
+
+| Scenario | User Permissions | postgres_ai Schema | Expected Result |
+|----------|-----------------|-------------------|-----------------|
+| 1. Superuser | superuser + postgres_ai.pg_statistic | ✓ Exists | ✅ PASS (clean) |
+| 2. pg_monitor, no schema access | pg_monitor only | ✗ No USAGE | ✅ PASS (warning) |
+| 3. No pg_monitor | minimal permissions | ✗ Doesn't exist | ✅ PASS (error + fix SQL) |
+| 8. After prepare-db | pg_monitor + postgres_ai grants | ✓ Exists + SELECT | ✅ PASS (clean) |
+
+### SQL Behavior Verification
+
+**Scenario 2 & 3: Schema doesn't exist or no USAGE**
+```sql
+-- Check privilege first, then to_regclass (no crash)
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  else to_regclass('postgres_ai.pg_statistic') is not null
+end  → NULL
+
+-- SELECT check is skipped (returns NULL, not treated as missing optional)
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  when to_regclass('postgres_ai.pg_statistic') is null then null
+  else has_table_privilege(current_user, 'postgres_ai.pg_statistic', 'select')
+end  → NULL
+```
+
+**Scenario 1 & 8: Schema exists with proper grants**
+```sql
+-- User has USAGE, to_regclass returns OID (view is visible)
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  else to_regclass('postgres_ai.pg_statistic') is not null
+end  → TRUE
+
+-- SELECT check is performed
+has_table_privilege(current_user, 'postgres_ai.pg_statistic', 'select')  → TRUE/FALSE
+```
+
+## Integration Test Limitations
+
+Integration tests cannot run due to locale configuration issues with `initdb`:
+```
+error: initdb: error: invalid locale settings; check LANG and LC_* environment variables
+```
+
+However, unit tests provide comprehensive coverage of the permission check logic, including:
+- All permission scenarios (granted, denied, skipped)
+- Multiple missing permissions
+- Error propagation
+- Fix command generation
+- Message formatting
+
+## Schema Consistency
+
+The change ensures consistency across the codebase:
+- ✅ `cli/lib/init.ts` - now checks postgres_ai.pg_statistic
+- ✅ `cli/lib/supabase.ts` - already checks postgres_ai.pg_statistic
+- ✅ `cli/sql/03.permissions.sql` - creates postgres_ai.pg_statistic
+- ✅ `config/target-db/init.sql` - creates postgres_ai.pg_statistic
+- ✅ `config/pgwatch-prometheus/metrics.yml` - references postgres_ai.pg_statistic
+
+## Commits
+
+1. **955cff2** - `fix: change public.pg_statistic to postgres_ai.pg_statistic`
+   - Updated permission check queries
+   - Updated all test expectations
+
+2. **6db79f6** - `fix: use to_regclass() for safe postgres_ai.pg_statistic check`
+   - Replaced pg_views query with to_regclass()
+   - ⚠️ This introduced a bug: crashes when schema exists but user lacks USAGE
+
+3. **[current]** - `fix: wrap to_regclass() with has_schema_privilege() check`
+   - Fixed crash when postgres_ai schema exists but user lacks USAGE privilege
+   - Added privilege check before calling to_regclass() in all locations
+   - Updated in: init.ts (3 places) and supabase.ts (1 place)
+
+## Verification Command
+
+```bash
+# Run all permission-related tests
+bun test test/init.test.ts test/config-consistency.test.ts test/permission-check-sql.test.ts
+
+# Verify no public.pg_statistic references remain (except in comments)
+git grep -n 'public\.pg_statistic' cli/
+```