postgresai 0.15.0-dev.2 → 0.15.0-dev.4

package/lib/storage.ts

@@ -0,0 +1,291 @@
+import * as fs from "fs";
+import * as path from "path";
+import { formatHttpError, maskSecret, normalizeBaseUrl } from "./util";
+
+const MAX_UPLOAD_SIZE = 500 * 1024 * 1024; // 500 MB
+const MAX_DOWNLOAD_SIZE = 500 * 1024 * 1024; // 500 MB
+
+const MIME_TYPES: Record<string, string> = {
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".bmp": "image/bmp",
+  ".ico": "image/x-icon",
+  ".pdf": "application/pdf",
+  ".json": "application/json",
+  ".xml": "application/xml",
+  ".zip": "application/zip",
+  ".gz": "application/gzip",
+  ".tar": "application/x-tar",
+  ".csv": "text/csv",
+  ".txt": "text/plain",
+  ".log": "text/plain",
+  ".sql": "application/sql",
+  ".html": "text/html",
+  ".css": "text/css",
+  ".js": "application/javascript",
+  ".ts": "application/typescript",
+  ".md": "text/markdown",
+  ".yaml": "application/x-yaml",
+  ".yml": "application/x-yaml",
+};
+
+export interface UploadFileMetadata {
+  originalName: string;
+  size: number;
+  mimeType: string;
+  uploadedAt: string;
+  duration: number;
+}
+
+export interface UploadResult {
+  success: boolean;
+  url: string;
+  metadata: UploadFileMetadata;
+  requestId: string;
+}
+
+export interface UploadFileParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  filePath: string;
+  debug?: boolean;
+}
+
+/**
+ * Upload a file to the storage service.
+ *
+ * @param params.apiKey - API token for authentication
+ * @param params.storageBaseUrl - Storage service base URL
+ * @param params.filePath - Local file path to upload
+ * @param params.debug - Enable debug logging
+ * @returns Upload result with URL and metadata
+ */
+export async function uploadFile(params: UploadFileParams): Promise<UploadResult> {
+  const { apiKey, storageBaseUrl, filePath, debug } = params;
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  if (!storageBaseUrl) {
+    throw new Error("storageBaseUrl is required");
+  }
+  if (!filePath) {
+    throw new Error("filePath is required");
+  }
+
+  const resolvedPath = path.resolve(filePath);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(`File not found: ${resolvedPath}`);
+  }
+  const stat = fs.statSync(resolvedPath);
+  if (!stat.isFile()) {
+    throw new Error(`Not a file: ${resolvedPath}`);
+  }
+  if (stat.size > MAX_UPLOAD_SIZE) {
+    throw new Error(`File too large: ${stat.size} bytes (max ${MAX_UPLOAD_SIZE})`);
+  }
+
+  const base = normalizeBaseUrl(storageBaseUrl);
+  // Warn but don't reject HTTP — CLI needs to work with localhost during development.
+  // Rejecting would require an --allow-insecure flag that adds friction for local setups.
+  if (new URL(base).protocol === "http:") {
+    console.error("Warning: storage URL uses HTTP — API key will be sent unencrypted");
+  }
+  const url = `${base}/upload`;
+
+  // readFileSync is intentional: FormData/Blob API requires the full buffer anyway,
+  // and the 500MB size check above prevents excessive memory use. Streaming would
+  // need a custom multipart encoder (no native stream support in fetch FormData).
+  const fileBuffer = fs.readFileSync(resolvedPath);
+  const fileName = path.basename(resolvedPath);
+
+  const ext = path.extname(fileName).toLowerCase();
+  const mimeType = MIME_TYPES[ext] || "application/octet-stream";
+
+  const formData = new FormData();
+  formData.append("file", new Blob([fileBuffer], { type: mimeType }), fileName);
+
+  const headers: Record<string, string> = {
+    "access-token": apiKey,
+  };
+
+  if (debug) {
+    const debugHeaders: Record<string, string> = { ...headers, "access-token": maskSecret(apiKey) };
+    console.error(`Debug: Storage base URL: ${base}`);
+    console.error(`Debug: POST URL: ${url}`);
+    console.error(`Debug: File: ${resolvedPath} (${stat.size} bytes, ${mimeType})`);
+    console.error(`Debug: Request headers: ${JSON.stringify(debugHeaders)}`);
+  }
+
+  const response = await fetch(url, {
+    method: "POST",
+    headers,
+    body: formData,
+  });
+
+  if (debug) {
+    console.error(`Debug: Response status: ${response.status}`);
+    console.error(`Debug: Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`);
+  }
+
+  const data = await response.text();
+
+  if (response.ok) {
+    try {
+      return JSON.parse(data) as UploadResult;
+    } catch {
+      throw new Error(`Failed to parse upload response: ${data}`);
+    }
+  } else {
+    throw new Error(formatHttpError("Failed to upload file", response.status, data));
+  }
+}
+
+export interface DownloadFileParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  fileUrl: string;
+  outputPath?: string;
+  debug?: boolean;
+}
+
+export interface DownloadResult {
+  savedTo: string;
+  size: number;
+  mimeType: string | null;
+}
+
+/**
+ * Download a file from the storage service.
+ *
+ * @param params.apiKey - API token for authentication
+ * @param params.storageBaseUrl - Storage service base URL
+ * @param params.fileUrl - File URL path (e.g. /files/123/xxx.png) or full URL
+ * @param params.outputPath - Local path to save the file (default: derive from URL)
+ * @param params.debug - Enable debug logging
+ * @returns Download result with saved path and size
+ */
+export async function downloadFile(params: DownloadFileParams): Promise<DownloadResult> {
+  const { apiKey, storageBaseUrl, fileUrl, outputPath, debug } = params;
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  if (!storageBaseUrl) {
+    throw new Error("storageBaseUrl is required");
+  }
+  if (!fileUrl) {
+    throw new Error("fileUrl is required");
+  }
+
+  const base = normalizeBaseUrl(storageBaseUrl);
+  // Warn but don't reject HTTP — same rationale as uploadFile (localhost dev).
+  if (new URL(base).protocol === "http:") {
+    console.error("Warning: storage URL uses HTTP — API key will be sent unencrypted");
+  }
+
+  // Support both full URLs and relative paths
+  let fullUrl: string;
+  if (fileUrl.startsWith("http://") || fileUrl.startsWith("https://")) {
+    if (!fileUrl.startsWith(base + "/")) {
+      throw new Error(`URL must be under storage base URL: ${base}`);
+    }
+    fullUrl = fileUrl;
+  } else {
+    // Relative path like /files/123/xxx.png
+    const relativePath = fileUrl.startsWith("/") ? fileUrl : `/${fileUrl}`;
+    fullUrl = `${base}${relativePath}`;
+  }
+
+  // Derive output filename from URL if not specified
+  const urlFilename = path.basename(new URL(fullUrl).pathname);
+  if (!urlFilename) {
+    throw new Error("Cannot derive filename from URL; please specify --output");
+  }
+  const saveTo = outputPath ? path.resolve(outputPath) : path.resolve(urlFilename);
+
+  // Path traversal guard only for URL-derived filenames (untrusted input).
+  // Explicit --output (-o) is trusted: the user intentionally chose the path,
+  // and restricting it to cwd would break legitimate use (e.g. -o /tmp/file.png).
+  if (!outputPath) {
+    const normalizedSave = path.normalize(saveTo);
+    if (!normalizedSave.startsWith(path.normalize(process.cwd()))) {
+      throw new Error("Derived output path escapes current directory; please specify --output");
+    }
+  }
+
+  const headers: Record<string, string> = {
+    "access-token": apiKey,
+  };
+
+  if (debug) {
+    const debugHeaders: Record<string, string> = { ...headers, "access-token": maskSecret(apiKey) };
+    console.error(`Debug: Storage base URL: ${base}`);
+    console.error(`Debug: GET URL: ${fullUrl}`);
+    console.error(`Debug: Output: ${saveTo}`);
+    console.error(`Debug: Request headers: ${JSON.stringify(debugHeaders)}`);
+  }
+
+  const response = await fetch(fullUrl, {
+    method: "GET",
+    headers,
+  });
+
+  if (debug) {
+    console.error(`Debug: Response status: ${response.status}`);
+    console.error(`Debug: Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`);
+  }
+
+  if (!response.ok) {
+    const data = await response.text();
+    throw new Error(formatHttpError("Failed to download file", response.status, data));
+  }
+
+  const contentLength = response.headers.get("content-length");
+  if (contentLength && parseInt(contentLength, 10) > MAX_DOWNLOAD_SIZE) {
+    throw new Error(`File too large: ${contentLength} bytes (max ${MAX_DOWNLOAD_SIZE})`);
+  }
+
+  const arrayBuffer = await response.arrayBuffer();
+  const buffer = Buffer.from(arrayBuffer);
+
+  // Create parent dirs for the output path. recursive:true is intentional —
+  // the user may specify -o deeply/nested/path.png and expect it to work,
+  // same as curl --create-dirs or wget -P.
+  const parentDir = path.dirname(saveTo);
+  if (!fs.existsSync(parentDir)) {
+    fs.mkdirSync(parentDir, { recursive: true });
+  }
+
+  fs.writeFileSync(saveTo, buffer);
+
+  return {
+    savedTo: saveTo,
+    size: buffer.length,
+    mimeType: response.headers.get("content-type"),
+  };
+}
+
+const IMAGE_EXTENSIONS = new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".svg", ".bmp", ".ico"]);
+
+/**
+ * Build a markdown link for a file URL.
+ * Returns `![name](url)` for images, `[name](url)` for other files.
+ */
+export function buildMarkdownLink(fileUrl: string, storageBaseUrl: string, filename?: string): string {
+  const base = normalizeBaseUrl(storageBaseUrl);
+  const normalizedFileUrl = fileUrl.startsWith("/") ? fileUrl : `/${fileUrl}`;
+  const fullUrl = (fileUrl.startsWith("http://") || fileUrl.startsWith("https://")) ? fileUrl : `${base}${normalizedFileUrl}`;
+  const name = filename || path.basename(new URL(fullUrl).pathname);
+  const safeName = name.replace(/[\[\]()]/g, "\\$&");
+  const ext = path.extname(name).toLowerCase();
+  // fullUrl is not escaped — storage URLs are server-generated (UUID-based paths
+  // like /files/641/1770646021425_019c42ba.png) and never contain parentheses.
+  // Escaping would break the URL for renderers that don't decode %29 in href.
+  if (IMAGE_EXTENSIONS.has(ext)) {
+    return `![${safeName}](${fullUrl})`;
+  }
+  return `[${safeName}](${fullUrl})`;
+}

package/lib/util.ts

@@ -70,15 +70,18 @@ export function maskSecret(secret: string): string {
 export interface RootOptsLike {
   apiBaseUrl?: string;
   uiBaseUrl?: string;
+  storageBaseUrl?: string;
 }
 
 export interface ConfigLike {
   baseUrl?: string | null;
+  storageBaseUrl?: string | null;
 }
 
 export interface ResolvedBaseUrls {
   apiBaseUrl: string;
   uiBaseUrl: string;
+  storageBaseUrl: string;
 }
 
 /**
@@ -105,17 +108,20 @@ export function normalizeBaseUrl(value: string): string {
 export function resolveBaseUrls(
   opts?: RootOptsLike,
   cfg?: ConfigLike,
-  defaults: { apiBaseUrl?: string; uiBaseUrl?: string } = {}
+  defaults: { apiBaseUrl?: string; uiBaseUrl?: string; storageBaseUrl?: string } = {}
 ): ResolvedBaseUrls {
   const defApi = defaults.apiBaseUrl || "https://postgres.ai/api/general/";
   const defUi = defaults.uiBaseUrl || "https://console.postgres.ai";
+  const defStorage = defaults.storageBaseUrl || "https://postgres.ai/storage";
 
   const apiCandidate = (opts?.apiBaseUrl || process.env.PGAI_API_BASE_URL || cfg?.baseUrl || defApi) as string;
   const uiCandidate = (opts?.uiBaseUrl || process.env.PGAI_UI_BASE_URL || defUi) as string;
+  const storageCandidate = (opts?.storageBaseUrl || process.env.PGAI_STORAGE_BASE_URL || cfg?.storageBaseUrl || defStorage) as string;
 
   return {
     apiBaseUrl: normalizeBaseUrl(apiCandidate),
     uiBaseUrl: normalizeBaseUrl(uiCandidate),
+    storageBaseUrl: normalizeBaseUrl(storageCandidate),
   };
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresai",
-  "version": "0.15.0-dev.2",
+  "version": "0.15.0-dev.4",
   "description": "postgres_ai CLI",
   "license": "Apache-2.0",
   "private": false,

package/test/checkup.test.ts

@@ -1098,6 +1098,34 @@ describe("CLI tests", () => {
     expect(r.stderr).not.toMatch(/connection string required/i);
     expect(r.stderr).not.toMatch(/unknown option/i);
   });
+
+  // Tests for --output flag behavior (suppresses stdout when specified)
+  test("checkup --output option is recognized", () => {
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--no-upload", "--output", "/tmp/test-output"]);
+    // Connection will fail, but option parsing should succeed
+    expect(r.stderr).not.toMatch(/unknown option/i);
+    expect(r.stderr).not.toMatch(/did you mean/i);
+  });
+
+  test("checkup --json --output should NOT output JSON to stdout (writes to files only)", () => {
+    // This is a behavioral test - when --output is specified along with --json,
+    // JSON should only be written to files, not to stdout.
+    // We verify by checking the help text describes this behavior
+    const r = runCli(["checkup", "--help"]);
+    expect(r.status).toBe(0);
+    expect(r.stdout).toMatch(/--output/);
+    expect(r.stdout).toMatch(/--json/);
+  });
+
+  test("checkup --output creates directory if it doesn't exist", () => {
+    const env = { XDG_CONFIG_HOME: "/tmp/postgresai-test-empty-config" };
+    // Use a temp directory that might not exist
+    const tempDir = `/tmp/postgresai-test-output-${Date.now()}`;
+    const r = runCli(["checkup", "postgresql://test:test@localhost:5432/test", "--no-upload", "--json", "--output", tempDir], env);
+    // Connection will fail, but directory creation should be attempted before connection
+    // The error should be about connection, not about directory
+    expect(r.stderr).not.toMatch(/Failed to create output directory/i);
+  });
 });
 
 // Tests for checkup-api module

package/test/init.test.ts

@@ -1067,7 +1067,7 @@ describe("CLI commands", () => {
 
     // Should indicate auto-yes mode without API key
     expect(r.stdout).toMatch(/Auto-yes mode: no API key provided/);
-    expect(r.stdout).toMatch(/Reports will be generated locally only/);
+    expect(r.stderr).toMatch(/Reports will be generated locally only/);
   });
 
   test("cli: mon local-install --demo with global --api-key shows error", () => {

package/test/issues.cli.test.ts

@@ -1,6 +1,6 @@
 import { describe, test, expect } from "bun:test";
 import { resolve } from "path";
-import { mkdtempSync } from "fs";
+import { mkdtempSync, writeFileSync, existsSync, readFileSync } from "fs";
 import { tmpdir } from "os";
 
 function runCli(args: string[], env: Record<string, string> = {}) {
@@ -536,3 +536,232 @@ describe("CLI action items commands", () => {
   });
 });
 
+async function startFakeStorageServer() {
+  const requests: Array<{
+    method: string;
+    pathname: string;
+    headers: Record<string, string>;
+  }> = [];
+
+  const server = Bun.serve({
+    hostname: "127.0.0.1",
+    port: 0,
+    async fetch(req) {
+      const url = new URL(req.url);
+      const headers: Record<string, string> = {};
+      for (const [k, v] of req.headers.entries()) headers[k.toLowerCase()] = v;
+
+      // Consume body to avoid warnings
+      await req.arrayBuffer().catch(() => {});
+
+      requests.push({
+        method: req.method,
+        pathname: url.pathname,
+        headers,
+      });
+
+      // Upload endpoint
+      if (req.method === "POST" && url.pathname === "/upload") {
+        if (!headers["access-token"]) {
+          return new Response(
+            JSON.stringify({ code: "INVALID_API_TOKEN", message: "Missing token" }),
+            { status: 401, headers: { "Content-Type": "application/json" } }
+          );
+        }
+
+        return new Response(
+          JSON.stringify({
+            success: true,
+            url: "/files/123/1707500000000_test-uuid.png",
+            metadata: {
+              originalName: "test-file.png",
+              size: 16,
+              mimeType: "image/png",
+              uploadedAt: "2025-02-09T12:00:00.000Z",
+              duration: 50,
+            },
+            requestId: "req-test-123",
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } }
+        );
+      }
+
+      // Download endpoint
+      if (req.method === "GET" && url.pathname.startsWith("/files/")) {
+        if (!headers["access-token"]) {
+          return new Response(
+            JSON.stringify({ code: "INVALID_API_TOKEN", message: "Missing token" }),
+            { status: 401, headers: { "Content-Type": "application/json" } }
+          );
+        }
+
+        return new Response(Buffer.from("fake-file-content"), {
+          status: 200,
+          headers: { "Content-Type": "image/png" },
+        });
+      }
+
+      return new Response("not found", { status: 404 });
+    },
+  });
+
+  const storageBaseUrl = `http://${server.hostname}:${server.port}`;
+
+  return {
+    storageBaseUrl,
+    requests,
+    stop: () => server.stop(true),
+  };
+}
+
+describe("CLI issues files commands", () => {
+  test("issues files upload fails fast when API key is missing", () => {
+    const r = runCli(["issues", "files", "upload", "/tmp/test.png"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("API key is required");
+  });
+
+  test("issues files upload fails when file does not exist", () => {
+    const r = runCli(
+      ["issues", "files", "upload", "/tmp/nonexistent-file-99999.png"],
+      isolatedEnv({ PGAI_API_KEY: "test-key" })
+    );
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("File not found");
+  });
+
+  test("issues files upload succeeds and shows URL and markdown", async () => {
+    const storage = await startFakeStorageServer();
+    const tmpFile = resolve(mkdtempSync(resolve(tmpdir(), "upload-test-")), "screenshot.png");
+    writeFileSync(tmpFile, "fake-png-content");
+
+    try {
+      const r = await runCliAsync(
+        ["issues", "files", "upload", tmpFile],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_STORAGE_BASE_URL: storage.storageBaseUrl,
+        })
+      );
+
+      expect(r.status).toBe(0);
+      const out = `${r.stdout}\n${r.stderr}`;
+      expect(out).toContain("URL:");
+      expect(out).toContain("/files/123/");
+      expect(out).toContain("Markdown:");
+      expect(out).toContain("![");
+
+      const uploadReq = storage.requests.find((x) => x.pathname === "/upload");
+      expect(uploadReq).toBeTruthy();
+      expect(uploadReq!.headers["access-token"]).toBe("test-key");
+      expect(uploadReq!.method).toBe("POST");
+    } finally {
+      storage.stop();
+    }
+  });
+
+  test("issues files upload --json returns structured JSON", async () => {
+    const storage = await startFakeStorageServer();
+    const tmpFile = resolve(mkdtempSync(resolve(tmpdir(), "upload-json-test-")), "data.txt");
+    writeFileSync(tmpFile, "test-content");
+
+    try {
+      const r = await runCliAsync(
+        ["issues", "files", "upload", tmpFile, "--json"],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_STORAGE_BASE_URL: storage.storageBaseUrl,
+        })
+      );
+
+      expect(r.status).toBe(0);
+      const out = JSON.parse(r.stdout.trim());
+      expect(out.success).toBe(true);
+      expect(out.url).toContain("/files/");
+      expect(out.metadata.originalName).toBe("test-file.png");
+      expect(out.metadata.mimeType).toBe("image/png");
+    } finally {
+      storage.stop();
+    }
+  });
+
+  test("issues files download fails fast when API key is missing", () => {
+    const r = runCli(["issues", "files", "download", "/files/123/test.png"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("API key is required");
+  });
+
+  test("issues files download succeeds and saves file", async () => {
+    const storage = await startFakeStorageServer();
+    const tmpOutDir = mkdtempSync(resolve(tmpdir(), "download-test-"));
+    const outputPath = resolve(tmpOutDir, "downloaded.png");
+
+    try {
+      const r = await runCliAsync(
+        ["issues", "files", "download", "/files/123/image.png", "-o", outputPath],
+        isolatedEnv({
+          PGAI_API_KEY: "test-key",
+          PGAI_STORAGE_BASE_URL: storage.storageBaseUrl,
+        })
+      );
+
+      expect(r.status).toBe(0);
+      const out = `${r.stdout}\n${r.stderr}`;
+      expect(out).toContain("Saved:");
+      expect(out).not.toContain("Size:");
+      expect(out).not.toContain("Type:");
+
+      expect(existsSync(outputPath)).toBe(true);
+      expect(readFileSync(outputPath).toString()).toBe("fake-file-content");
+
+      const downloadReq = storage.requests.find((x) => x.pathname.startsWith("/files/"));
+      expect(downloadReq).toBeTruthy();
+      expect(downloadReq!.headers["access-token"]).toBe("test-key");
+      expect(downloadReq!.method).toBe("GET");
+    } finally {
+      storage.stop();
+    }
+  });
+
+  test("issues help shows files subcommand", () => {
+    const r = runCli(["issues", "--help"], isolatedEnv());
+    expect(r.status).toBe(0);
+    const out = `${r.stdout}\n${r.stderr}`;
+    expect(out).toContain("files");
+  });
+
+  test("issues files help shows upload and download", () => {
+    const r = runCli(["issues", "files", "--help"], isolatedEnv());
+    expect(r.status).toBe(0);
+    const out = `${r.stdout}\n${r.stderr}`;
+    expect(out).toContain("upload");
+    expect(out).toContain("download");
+  });
+});
+
+describe("CLI set-storage-url command", () => {
+  test("saves valid URL to config", () => {
+    const env = isolatedEnv();
+    const r = runCli(["set-storage-url", "https://v2.postgres.ai/storage"], env);
+    expect(r.status).toBe(0);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("Storage URL saved: https://v2.postgres.ai/storage");
+
+    // Verify persisted in config
+    const cfgPath = resolve(env.XDG_CONFIG_HOME, "postgresai", "config.json");
+    const cfg = JSON.parse(readFileSync(cfgPath, "utf-8"));
+    expect(cfg.storageBaseUrl).toBe("https://v2.postgres.ai/storage");
+  });
+
+  test("normalizes trailing slash", () => {
+    const env = isolatedEnv();
+    const r = runCli(["set-storage-url", "https://example.com/storage/"], env);
+    expect(r.status).toBe(0);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("Storage URL saved: https://example.com/storage");
+  });
+
+  test("rejects invalid URL", () => {
+    const r = runCli(["set-storage-url", "not-a-url"], isolatedEnv());
+    expect(r.status).toBe(1);
+    expect(`${r.stdout}\n${r.stderr}`).toContain("invalid URL");
+  });
+});