postgresai 0.15.0-dev.1 → 0.15.0-dev.11

package/lib/storage.ts

@@ -0,0 +1,367 @@
+import * as fs from "fs";
+import * as path from "path";
+import { formatHttpError, maskSecret, normalizeBaseUrl } from "./util";
+
+const MAX_UPLOAD_SIZE = 500 * 1024 * 1024; // 500 MB
+const MAX_DOWNLOAD_SIZE = 500 * 1024 * 1024; // 500 MB
+
+const MIME_TYPES: Record<string, string> = {
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".bmp": "image/bmp",
+  ".ico": "image/x-icon",
+  ".pdf": "application/pdf",
+  ".json": "application/json",
+  ".xml": "application/xml",
+  ".zip": "application/zip",
+  ".gz": "application/gzip",
+  ".tar": "application/x-tar",
+  ".csv": "text/csv",
+  ".txt": "text/plain",
+  ".log": "text/plain",
+  ".sql": "application/sql",
+  ".html": "text/html",
+  ".css": "text/css",
+  ".js": "application/javascript",
+  ".ts": "application/typescript",
+  ".md": "text/markdown",
+  ".yaml": "application/x-yaml",
+  ".yml": "application/x-yaml",
+};
+
+export interface UploadFileMetadata {
+  originalName: string;
+  size: number;
+  mimeType: string;
+  uploadedAt: string;
+  duration: number;
+}
+
+export interface UploadResult {
+  success: boolean;
+  url: string;
+  metadata: UploadFileMetadata;
+  requestId: string;
+}
+
+export interface UploadFileParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  filePath: string;
+  debug?: boolean;
+}
+
+/**
+ * Upload a file to the storage service.
+ *
+ * @param params.apiKey - API token for authentication
+ * @param params.storageBaseUrl - Storage service base URL
+ * @param params.filePath - Local file path to upload
+ * @param params.debug - Enable debug logging
+ * @returns Upload result with URL and metadata
+ */
+export async function uploadFile(params: UploadFileParams): Promise<UploadResult> {
+  const { apiKey, storageBaseUrl, filePath, debug } = params;
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  if (!storageBaseUrl) {
+    throw new Error("storageBaseUrl is required");
+  }
+  if (!filePath) {
+    throw new Error("filePath is required");
+  }
+
+  const resolvedPath = path.resolve(filePath);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(`File not found: ${resolvedPath}`);
+  }
+  const stat = fs.statSync(resolvedPath);
+  if (!stat.isFile()) {
+    throw new Error(`Not a file: ${resolvedPath}`);
+  }
+  if (stat.size > MAX_UPLOAD_SIZE) {
+    throw new Error(`File too large: ${stat.size} bytes (max ${MAX_UPLOAD_SIZE})`);
+  }
+
+  const base = normalizeBaseUrl(storageBaseUrl);
+  // Warn but don't reject HTTP — CLI needs to work with localhost during development.
+  // Rejecting would require an --allow-insecure flag that adds friction for local setups.
+  if (new URL(base).protocol === "http:") {
+    console.error("Warning: storage URL uses HTTP — API key will be sent unencrypted");
+  }
+  const url = `${base}/upload`;
+
+  // readFileSync is intentional: FormData/Blob API requires the full buffer anyway,
+  // and the 500MB size check above prevents excessive memory use. Streaming would
+  // need a custom multipart encoder (no native stream support in fetch FormData).
+  const fileBuffer = fs.readFileSync(resolvedPath);
+  const fileName = path.basename(resolvedPath);
+
+  const ext = path.extname(fileName).toLowerCase();
+  const mimeType = MIME_TYPES[ext] || "application/octet-stream";
+
+  const formData = new FormData();
+  formData.append("file", new Blob([fileBuffer], { type: mimeType }), fileName);
+
+  const headers: Record<string, string> = {
+    "access-token": apiKey,
+  };
+
+  if (debug) {
+    const debugHeaders: Record<string, string> = { ...headers, "access-token": maskSecret(apiKey) };
+    console.error(`Debug: Storage base URL: ${base}`);
+    console.error(`Debug: POST URL: ${url}`);
+    console.error(`Debug: File: ${resolvedPath} (${stat.size} bytes, ${mimeType})`);
+    console.error(`Debug: Request headers: ${JSON.stringify(debugHeaders)}`);
+  }
+
+  const response = await fetch(url, {
+    method: "POST",
+    headers,
+    body: formData,
+  });
+
+  if (debug) {
+    console.error(`Debug: Response status: ${response.status}`);
+    console.error(`Debug: Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`);
+  }
+
+  const data = await response.text();
+
+  if (response.ok) {
+    try {
+      return JSON.parse(data) as UploadResult;
+    } catch {
+      throw new Error(`Failed to parse upload response: ${data}`);
+    }
+  } else {
+    throw new Error(formatHttpError("Failed to upload file", response.status, data));
+  }
+}
+
+export interface DownloadFileParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  fileUrl: string;
+  outputPath?: string;
+  debug?: boolean;
+}
+
+export interface DownloadResult {
+  savedTo: string;
+  size: number;
+  mimeType: string | null;
+}
+
+/**
+ * Download a file from the storage service.
+ *
+ * @param params.apiKey - API token for authentication
+ * @param params.storageBaseUrl - Storage service base URL
+ * @param params.fileUrl - File URL path (e.g. /files/123/xxx.png) or full URL
+ * @param params.outputPath - Local path to save the file (default: derive from URL)
+ * @param params.debug - Enable debug logging
+ * @returns Download result with saved path and size
+ */
+export async function downloadFile(params: DownloadFileParams): Promise<DownloadResult> {
+  const { apiKey, storageBaseUrl, fileUrl, outputPath, debug } = params;
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  if (!storageBaseUrl) {
+    throw new Error("storageBaseUrl is required");
+  }
+  if (!fileUrl) {
+    throw new Error("fileUrl is required");
+  }
+
+  const base = normalizeBaseUrl(storageBaseUrl);
+  // Warn but don't reject HTTP — same rationale as uploadFile (localhost dev).
+  if (new URL(base).protocol === "http:") {
+    console.error("Warning: storage URL uses HTTP — API key will be sent unencrypted");
+  }
+
+  // Support both full URLs and relative paths
+  let fullUrl: string;
+  if (fileUrl.startsWith("http://") || fileUrl.startsWith("https://")) {
+    if (!fileUrl.startsWith(base + "/")) {
+      throw new Error(`URL must be under storage base URL: ${base}`);
+    }
+    fullUrl = fileUrl;
+  } else {
+    // Relative path like /files/123/xxx.png
+    const relativePath = fileUrl.startsWith("/") ? fileUrl : `/${fileUrl}`;
+    fullUrl = `${base}${relativePath}`;
+  }
+
+  // Derive output filename from URL if not specified
+  const urlFilename = path.basename(new URL(fullUrl).pathname);
+  if (!urlFilename) {
+    throw new Error("Cannot derive filename from URL; please specify --output");
+  }
+  const saveTo = outputPath ? path.resolve(outputPath) : path.resolve(urlFilename);
+
+  // Path traversal guard only for URL-derived filenames (untrusted input).
+  // Explicit --output (-o) is trusted: the user intentionally chose the path,
+  // and restricting it to cwd would break legitimate use (e.g. -o /tmp/file.png).
+  if (!outputPath) {
+    const normalizedSave = path.normalize(saveTo);
+    const cwd = path.normalize(process.cwd());
+    // Append path.sep so that cwd "/home/u/proj" doesn't allow a sibling
+    // "/home/u/proj-evil/x" via plain prefix match.
+    if (normalizedSave !== cwd && !normalizedSave.startsWith(cwd + path.sep)) {
+      throw new Error("Derived output path escapes current directory; please specify --output");
+    }
+  }
+
+  const headers: Record<string, string> = {
+    "access-token": apiKey,
+  };
+
+  if (debug) {
+    const debugHeaders: Record<string, string> = { ...headers, "access-token": maskSecret(apiKey) };
+    console.error(`Debug: Storage base URL: ${base}`);
+    console.error(`Debug: GET URL: ${fullUrl}`);
+    console.error(`Debug: Output: ${saveTo}`);
+    console.error(`Debug: Request headers: ${JSON.stringify(debugHeaders)}`);
+  }
+
+  const response = await fetch(fullUrl, {
+    method: "GET",
+    headers,
+  });
+
+  if (debug) {
+    console.error(`Debug: Response status: ${response.status}`);
+    console.error(`Debug: Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`);
+  }
+
+  if (!response.ok) {
+    const data = await response.text();
+    throw new Error(formatHttpError("Failed to download file", response.status, data));
+  }
+
+  const contentLength = response.headers.get("content-length");
+  if (contentLength && parseInt(contentLength, 10) > MAX_DOWNLOAD_SIZE) {
+    throw new Error(`File too large: ${contentLength} bytes (max ${MAX_DOWNLOAD_SIZE})`);
+  }
+
+  const arrayBuffer = await response.arrayBuffer();
+  const buffer = Buffer.from(arrayBuffer);
+
+  // Create parent dirs for the output path. recursive:true is intentional —
+  // the user may specify -o deeply/nested/path.png and expect it to work,
+  // same as curl --create-dirs or wget -P.
+  const parentDir = path.dirname(saveTo);
+  if (!fs.existsSync(parentDir)) {
+    fs.mkdirSync(parentDir, { recursive: true });
+  }
+
+  fs.writeFileSync(saveTo, buffer);
+
+  return {
+    savedTo: saveTo,
+    size: buffer.length,
+    mimeType: response.headers.get("content-type"),
+  };
+}
+
+const IMAGE_EXTENSIONS = new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".svg", ".bmp", ".ico"]);
+
+/**
+ * Build a markdown link for a file URL.
+ * Returns `![name](url)` for images, `[name](url)` for other files.
+ */
+export function buildMarkdownLink(fileUrl: string, storageBaseUrl: string, filename?: string): string {
+  const base = normalizeBaseUrl(storageBaseUrl);
+  const normalizedFileUrl = fileUrl.startsWith("/") ? fileUrl : `/${fileUrl}`;
+  const fullUrl = (fileUrl.startsWith("http://") || fileUrl.startsWith("https://")) ? fileUrl : `${base}${normalizedFileUrl}`;
+  const name = filename || path.basename(new URL(fullUrl).pathname);
+  const safeName = name.replace(/[\[\]()]/g, "\\$&");
+  const ext = path.extname(name).toLowerCase();
+  // fullUrl is not escaped — storage URLs are server-generated (UUID-based paths
+  // like /files/641/1770646021425_019c42ba.png) and never contain parentheses.
+  // Escaping would break the URL for renderers that don't decode %29 in href.
+  if (IMAGE_EXTENSIONS.has(ext)) {
+    return `![${safeName}](${fullUrl})`;
+  }
+  return `[${safeName}](${fullUrl})`;
+}
+
+export interface UploadedAttachment {
+  path: string;
+  url: string;
+  markdown: string;
+  metadata: UploadFileMetadata;
+}
+
+export interface UploadAttachmentsParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  attachmentPaths: string[];
+  debug?: boolean;
+}
+
+/**
+ * Upload a list of local files to storage and return one markdown link per file.
+ *
+ * Shared by both the CLI `--attach` flag and the MCP `attachments` parameter so
+ * that the two surfaces produce identical output. Uploads are sequential (not
+ * parallel) so that on failure of file N, the error from `uploadFile` (which
+ * includes the resolved path, e.g. `File not found: /abs/path`) pinpoints
+ * which file failed. Note: any files already uploaded successfully before
+ * the failure remain on the storage server; a retry of the same call will
+ * re-upload them.
+ *
+ * Returns an empty array if `attachmentPaths` is empty (callers don't have to
+ * guard).
+ */
+export async function uploadAttachments(params: UploadAttachmentsParams): Promise<UploadedAttachment[]> {
+  const { apiKey, storageBaseUrl, attachmentPaths, debug } = params;
+  if (!attachmentPaths || attachmentPaths.length === 0) {
+    return [];
+  }
+  const out: UploadedAttachment[] = [];
+  for (const attachmentPath of attachmentPaths) {
+    const result = await uploadFile({
+      apiKey,
+      storageBaseUrl,
+      filePath: attachmentPath,
+      debug,
+    });
+    const markdown = buildMarkdownLink(result.url, storageBaseUrl, result.metadata.originalName);
+    out.push({
+      path: attachmentPath,
+      url: result.url,
+      markdown,
+      metadata: result.metadata,
+    });
+  }
+  return out;
+}
+
+/**
+ * Append uploaded-attachment markdown links to a body of content.
+ *
+ * - If `attachments` is empty, returns `content` unchanged.
+ * - If `content` is empty/whitespace, returns just the links.
+ * - Otherwise: `${content}\n\n${links joined by \n}`.
+ *
+ * One link per line keeps the renderer happy whether the surface is GFM
+ * (which collapses adjacent lines) or strict CommonMark.
+ */
+export function appendAttachmentsToContent(content: string, attachments: UploadedAttachment[]): string {
+  if (!attachments || attachments.length === 0) {
+    return content;
+  }
+  const links = attachments.map((a) => a.markdown).join("\n");
+  if (!content || !content.trim()) {
+    return links;
+  }
+  return `${content}\n\n${links}`;
+}

package/lib/supabase.ts

@@ -350,6 +350,10 @@ export async function fetchPoolerDatabaseUrl(
   config: SupabaseConfig,
   username: string
 ): Promise<string | null> {
+  // Validate projectRef format to prevent SSRF via crafted project references
+  if (!isValidProjectRef(config.projectRef)) {
+    throw new Error(`Invalid Supabase project reference format: "${config.projectRef}". Expected 10-30 alphanumeric characters.`);
+  }
   const url = `${SUPABASE_API_BASE}/v1/projects/${encodeURIComponent(config.projectRef)}/config/database/pooler`;
 
   // For Supabase pooler connections, the username must include the project ref:
@@ -669,7 +673,10 @@ export async function verifyInitSetupViaSupabase(params: {
 
   // Check pg_statistic view
   const viewExistsRes = await params.client.query(
-    "SELECT to_regclass('postgres_ai.pg_statistic') IS NOT NULL as ok",
+    `SELECT CASE
+      WHEN NOT has_schema_privilege(current_user, 'postgres_ai', 'USAGE') THEN NULL
+      ELSE to_regclass('postgres_ai.pg_statistic') IS NOT NULL
+    END as ok`,
     true
   );
   if (!viewExistsRes.rows?.[0]?.ok) {

package/lib/util.ts

@@ -70,15 +70,18 @@ export function maskSecret(secret: string): string {
 export interface RootOptsLike {
   apiBaseUrl?: string;
   uiBaseUrl?: string;
+  storageBaseUrl?: string;
 }
 
 export interface ConfigLike {
   baseUrl?: string | null;
+  storageBaseUrl?: string | null;
 }
 
 export interface ResolvedBaseUrls {
   apiBaseUrl: string;
   uiBaseUrl: string;
+  storageBaseUrl: string;
 }
 
 /**
@@ -105,17 +108,20 @@ export function normalizeBaseUrl(value: string): string {
 export function resolveBaseUrls(
   opts?: RootOptsLike,
   cfg?: ConfigLike,
-  defaults: { apiBaseUrl?: string; uiBaseUrl?: string } = {}
+  defaults: { apiBaseUrl?: string; uiBaseUrl?: string; storageBaseUrl?: string } = {}
 ): ResolvedBaseUrls {
   const defApi = defaults.apiBaseUrl || "https://postgres.ai/api/general/";
   const defUi = defaults.uiBaseUrl || "https://console.postgres.ai";
+  const defStorage = defaults.storageBaseUrl || "https://postgres.ai/storage";
 
   const apiCandidate = (opts?.apiBaseUrl || process.env.PGAI_API_BASE_URL || cfg?.baseUrl || defApi) as string;
   const uiCandidate = (opts?.uiBaseUrl || process.env.PGAI_UI_BASE_URL || defUi) as string;
+  const storageCandidate = (opts?.storageBaseUrl || process.env.PGAI_STORAGE_BASE_URL || cfg?.storageBaseUrl || defStorage) as string;
 
   return {
     apiBaseUrl: normalizeBaseUrl(apiCandidate),
     uiBaseUrl: normalizeBaseUrl(uiCandidate),
+    storageBaseUrl: normalizeBaseUrl(storageCandidate),
   };
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresai",
-  "version": "0.15.0-dev.1",
+  "version": "0.15.0-dev.11",
   "description": "postgres_ai CLI",
   "license": "Apache-2.0",
   "private": false,
@@ -28,7 +28,7 @@
     "embed-metrics": "bun run scripts/embed-metrics.ts",
     "embed-checkup-dictionary": "bun run scripts/embed-checkup-dictionary.ts",
     "embed-all": "bun run embed-metrics && bun run embed-checkup-dictionary",
-    "build": "bun run embed-all && bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e \"const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\" && cp -r ./sql ./dist/sql",
+    "build": "bun run embed-all && bun build ./bin/postgres-ai.ts --outdir ./dist/bin --target node && node -e \"const fs=require('fs');const f='./dist/bin/postgres-ai.js';fs.writeFileSync(f,fs.readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\" && cp -r ./sql ./dist/sql && cp ../instances.demo.yml ./instances.demo.yml",
     "prepublishOnly": "npm run build",
     "start": "bun ./bin/postgres-ai.ts --help",
     "start:node": "node ./dist/bin/postgres-ai.js --help",
@@ -41,7 +41,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.20.2",
-    "commander": "^12.1.0",
+    "commander": "^14.0.3",
     "js-yaml": "^4.1.0",
     "pg": "^8.16.3"
   },
@@ -51,7 +51,7 @@
     "@types/pg": "^8.15.6",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
-    "typescript": "^5.9.3"
+    "typescript": "^6.0.2"
   },
   "publishConfig": {
     "access": "public"

package/scripts/embed-checkup-dictionary.ts

@@ -51,7 +51,16 @@ function generateTypeScript(data: CheckupDictionaryEntry[], sourceUrl: string):
   return lines.join("\n");
 }
 
+// Allowed hosts for fetch requests to prevent SSRF
+const ALLOWED_HOSTS = ["postgres.ai"];
+
 async function fetchWithTimeout(url: string, timeoutMs: number): Promise<Response> {
+  // Validate URL against allowlist to prevent SSRF
+  const parsed = new URL(url);
+  if (!ALLOWED_HOSTS.includes(parsed.hostname)) {
+    throw new Error(`Fetch blocked: host "${parsed.hostname}" is not in the allowlist`);
+  }
+
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
 

package/scripts/embed-metrics.ts

@@ -49,6 +49,8 @@ const REQUIRED_METRICS = [
   // Bloat estimation (F004, F005)
   "pg_table_bloat",
   "pg_btree_bloat",
+  // I/O statistics (I001)
+  "pg_stat_io",
 ];
 
 function main() {

package/test/PERMISSION_CHECK_TEST_SUMMARY.md

@@ -0,0 +1,139 @@
+# Permission Check Test Summary
+
+## Changes Made
+
+Changed all references from `public.pg_statistic` to `postgres_ai.pg_statistic` in:
+- `cli/lib/init.ts` - Permission check SQL query
+- `cli/test/init.test.ts` - All test expectations (28 occurrences)
+
+## Key Fix: Safe Schema Checking
+
+**Before (883fa95):**
+```sql
+exists (
+  select from pg_views
+  where schemaname = 'public' and viewname = 'pg_statistic'
+) as granted
+```
+
+**After (6db79f6) - INCORRECT, caused crashes:**
+```sql
+to_regclass('postgres_ai.pg_statistic') is not null as granted
+```
+
+**Current (this fix):**
+```sql
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  else to_regclass('postgres_ai.pg_statistic') is not null
+end as granted
+```
+
+### Why this fix matters
+
+**Issue with bare `to_regclass()`:**
+- Returns NULL when the schema doesn't exist ✓
+- Returns NULL when the view doesn't exist ✓
+- **Throws error** when the schema exists but user lacks USAGE privilege ✗
+
+**Fix:**
+- Check `has_schema_privilege()` first to avoid the permission error
+- Returns NULL safely in all cases where we can't check the view
+- Prevents crashes when postgres_ai schema exists but user lacks USAGE
+
+## Test Results
+
+### Unit Tests ✅
+```
+✓ 95 tests passed across 3 files
+  - 84 tests in init.test.ts (including 9 checkCurrentUserPermissions tests)
+  - 2 tests in config-consistency.test.ts
+  - 9 tests in permission-check-sql.test.ts
+```
+
+### Expected Behavior by Scenario
+
+| Scenario | User Permissions | postgres_ai Schema | Expected Result |
+|----------|-----------------|-------------------|-----------------|
+| 1. Superuser | superuser + postgres_ai.pg_statistic | ✓ Exists | ✅ PASS (clean) |
+| 2. pg_monitor, no schema access | pg_monitor only | ✗ No USAGE | ✅ PASS (warning) |
+| 3. No pg_monitor | minimal permissions | ✗ Doesn't exist | ✅ PASS (error + fix SQL) |
+| 8. After prepare-db | pg_monitor + postgres_ai grants | ✓ Exists + SELECT | ✅ PASS (clean) |
+
+### SQL Behavior Verification
+
+**Scenario 2 & 3: Schema doesn't exist or no USAGE**
+```sql
+-- Check privilege first, then to_regclass (no crash)
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  else to_regclass('postgres_ai.pg_statistic') is not null
+end  → NULL
+
+-- SELECT check is skipped (returns NULL, not treated as missing optional)
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  when to_regclass('postgres_ai.pg_statistic') is null then null
+  else has_table_privilege(current_user, 'postgres_ai.pg_statistic', 'select')
+end  → NULL
+```
+
+**Scenario 1 & 8: Schema exists with proper grants**
+```sql
+-- User has USAGE, to_regclass returns OID (view is visible)
+case
+  when not has_schema_privilege(current_user, 'postgres_ai', 'USAGE') then null
+  else to_regclass('postgres_ai.pg_statistic') is not null
+end  → TRUE
+
+-- SELECT check is performed
+has_table_privilege(current_user, 'postgres_ai.pg_statistic', 'select')  → TRUE/FALSE
+```
+
+## Integration Test Limitations
+
+Integration tests cannot run due to locale configuration issues with `initdb`:
+```
+error: initdb: error: invalid locale settings; check LANG and LC_* environment variables
+```
+
+However, unit tests provide comprehensive coverage of the permission check logic, including:
+- All permission scenarios (granted, denied, skipped)
+- Multiple missing permissions
+- Error propagation
+- Fix command generation
+- Message formatting
+
+## Schema Consistency
+
+The change ensures consistency across the codebase:
+- ✅ `cli/lib/init.ts` - now checks postgres_ai.pg_statistic
+- ✅ `cli/lib/supabase.ts` - already checks postgres_ai.pg_statistic
+- ✅ `cli/sql/03.permissions.sql` - creates postgres_ai.pg_statistic
+- ✅ `config/target-db/init.sql` - creates postgres_ai.pg_statistic
+- ✅ `config/pgwatch-prometheus/metrics.yml` - references postgres_ai.pg_statistic
+
+## Commits
+
+1. **955cff2** - `fix: change public.pg_statistic to postgres_ai.pg_statistic`
+   - Updated permission check queries
+   - Updated all test expectations
+
+2. **6db79f6** - `fix: use to_regclass() for safe postgres_ai.pg_statistic check`
+   - Replaced pg_views query with to_regclass()
+   - ⚠️ This introduced a bug: crashes when schema exists but user lacks USAGE
+
+3. **[current]** - `fix: wrap to_regclass() with has_schema_privilege() check`
+   - Fixed crash when postgres_ai schema exists but user lacks USAGE privilege
+   - Added privilege check before calling to_regclass() in all locations
+   - Updated in: init.ts (3 places) and supabase.ts (1 place)
+
+## Verification Command
+
+```bash
+# Run all permission-related tests
+bun test test/init.test.ts test/config-consistency.test.ts test/permission-check-sql.test.ts
+
+# Verify no public.pg_statistic references remain (except in comments)
+git grep -n 'public\.pg_statistic' cli/
+```