postgresai 0.15.0-dev.3 → 0.15.0-dev.5

package/lib/storage.ts

@@ -0,0 +1,291 @@
+import * as fs from "fs";
+import * as path from "path";
+import { formatHttpError, maskSecret, normalizeBaseUrl } from "./util";
+
+const MAX_UPLOAD_SIZE = 500 * 1024 * 1024; // 500 MB
+const MAX_DOWNLOAD_SIZE = 500 * 1024 * 1024; // 500 MB
+
+const MIME_TYPES: Record<string, string> = {
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".bmp": "image/bmp",
+  ".ico": "image/x-icon",
+  ".pdf": "application/pdf",
+  ".json": "application/json",
+  ".xml": "application/xml",
+  ".zip": "application/zip",
+  ".gz": "application/gzip",
+  ".tar": "application/x-tar",
+  ".csv": "text/csv",
+  ".txt": "text/plain",
+  ".log": "text/plain",
+  ".sql": "application/sql",
+  ".html": "text/html",
+  ".css": "text/css",
+  ".js": "application/javascript",
+  ".ts": "application/typescript",
+  ".md": "text/markdown",
+  ".yaml": "application/x-yaml",
+  ".yml": "application/x-yaml",
+};
+
+export interface UploadFileMetadata {
+  originalName: string;
+  size: number;
+  mimeType: string;
+  uploadedAt: string;
+  duration: number;
+}
+
+export interface UploadResult {
+  success: boolean;
+  url: string;
+  metadata: UploadFileMetadata;
+  requestId: string;
+}
+
+export interface UploadFileParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  filePath: string;
+  debug?: boolean;
+}
+
+/**
+ * Upload a file to the storage service.
+ *
+ * @param params.apiKey - API token for authentication
+ * @param params.storageBaseUrl - Storage service base URL
+ * @param params.filePath - Local file path to upload
+ * @param params.debug - Enable debug logging
+ * @returns Upload result with URL and metadata
+ */
+export async function uploadFile(params: UploadFileParams): Promise<UploadResult> {
+  const { apiKey, storageBaseUrl, filePath, debug } = params;
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  if (!storageBaseUrl) {
+    throw new Error("storageBaseUrl is required");
+  }
+  if (!filePath) {
+    throw new Error("filePath is required");
+  }
+
+  const resolvedPath = path.resolve(filePath);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(`File not found: ${resolvedPath}`);
+  }
+  const stat = fs.statSync(resolvedPath);
+  if (!stat.isFile()) {
+    throw new Error(`Not a file: ${resolvedPath}`);
+  }
+  if (stat.size > MAX_UPLOAD_SIZE) {
+    throw new Error(`File too large: ${stat.size} bytes (max ${MAX_UPLOAD_SIZE})`);
+  }
+
+  const base = normalizeBaseUrl(storageBaseUrl);
+  // Warn but don't reject HTTP — CLI needs to work with localhost during development.
+  // Rejecting would require an --allow-insecure flag that adds friction for local setups.
+  if (new URL(base).protocol === "http:") {
+    console.error("Warning: storage URL uses HTTP — API key will be sent unencrypted");
+  }
+  const url = `${base}/upload`;
+
+  // readFileSync is intentional: FormData/Blob API requires the full buffer anyway,
+  // and the 500MB size check above prevents excessive memory use. Streaming would
+  // need a custom multipart encoder (no native stream support in fetch FormData).
+  const fileBuffer = fs.readFileSync(resolvedPath);
+  const fileName = path.basename(resolvedPath);
+
+  const ext = path.extname(fileName).toLowerCase();
+  const mimeType = MIME_TYPES[ext] || "application/octet-stream";
+
+  const formData = new FormData();
+  formData.append("file", new Blob([fileBuffer], { type: mimeType }), fileName);
+
+  const headers: Record<string, string> = {
+    "access-token": apiKey,
+  };
+
+  if (debug) {
+    const debugHeaders: Record<string, string> = { ...headers, "access-token": maskSecret(apiKey) };
+    console.error(`Debug: Storage base URL: ${base}`);
+    console.error(`Debug: POST URL: ${url}`);
+    console.error(`Debug: File: ${resolvedPath} (${stat.size} bytes, ${mimeType})`);
+    console.error(`Debug: Request headers: ${JSON.stringify(debugHeaders)}`);
+  }
+
+  const response = await fetch(url, {
+    method: "POST",
+    headers,
+    body: formData,
+  });
+
+  if (debug) {
+    console.error(`Debug: Response status: ${response.status}`);
+    console.error(`Debug: Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`);
+  }
+
+  const data = await response.text();
+
+  if (response.ok) {
+    try {
+      return JSON.parse(data) as UploadResult;
+    } catch {
+      throw new Error(`Failed to parse upload response: ${data}`);
+    }
+  } else {
+    throw new Error(formatHttpError("Failed to upload file", response.status, data));
+  }
+}
+
+export interface DownloadFileParams {
+  apiKey: string;
+  storageBaseUrl: string;
+  fileUrl: string;
+  outputPath?: string;
+  debug?: boolean;
+}
+
+export interface DownloadResult {
+  savedTo: string;
+  size: number;
+  mimeType: string | null;
+}
+
+/**
+ * Download a file from the storage service.
+ *
+ * @param params.apiKey - API token for authentication
+ * @param params.storageBaseUrl - Storage service base URL
+ * @param params.fileUrl - File URL path (e.g. /files/123/xxx.png) or full URL
+ * @param params.outputPath - Local path to save the file (default: derive from URL)
+ * @param params.debug - Enable debug logging
+ * @returns Download result with saved path and size
+ */
+export async function downloadFile(params: DownloadFileParams): Promise<DownloadResult> {
+  const { apiKey, storageBaseUrl, fileUrl, outputPath, debug } = params;
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  if (!storageBaseUrl) {
+    throw new Error("storageBaseUrl is required");
+  }
+  if (!fileUrl) {
+    throw new Error("fileUrl is required");
+  }
+
+  const base = normalizeBaseUrl(storageBaseUrl);
+  // Warn but don't reject HTTP — same rationale as uploadFile (localhost dev).
+  if (new URL(base).protocol === "http:") {
+    console.error("Warning: storage URL uses HTTP — API key will be sent unencrypted");
+  }
+
+  // Support both full URLs and relative paths
+  let fullUrl: string;
+  if (fileUrl.startsWith("http://") || fileUrl.startsWith("https://")) {
+    if (!fileUrl.startsWith(base + "/")) {
+      throw new Error(`URL must be under storage base URL: ${base}`);
+    }
+    fullUrl = fileUrl;
+  } else {
+    // Relative path like /files/123/xxx.png
+    const relativePath = fileUrl.startsWith("/") ? fileUrl : `/${fileUrl}`;
+    fullUrl = `${base}${relativePath}`;
+  }
+
+  // Derive output filename from URL if not specified
+  const urlFilename = path.basename(new URL(fullUrl).pathname);
+  if (!urlFilename) {
+    throw new Error("Cannot derive filename from URL; please specify --output");
+  }
+  const saveTo = outputPath ? path.resolve(outputPath) : path.resolve(urlFilename);
+
+  // Path traversal guard only for URL-derived filenames (untrusted input).
+  // Explicit --output (-o) is trusted: the user intentionally chose the path,
+  // and restricting it to cwd would break legitimate use (e.g. -o /tmp/file.png).
+  if (!outputPath) {
+    const normalizedSave = path.normalize(saveTo);
+    if (!normalizedSave.startsWith(path.normalize(process.cwd()))) {
+      throw new Error("Derived output path escapes current directory; please specify --output");
+    }
+  }
+
+  const headers: Record<string, string> = {
+    "access-token": apiKey,
+  };
+
+  if (debug) {
+    const debugHeaders: Record<string, string> = { ...headers, "access-token": maskSecret(apiKey) };
+    console.error(`Debug: Storage base URL: ${base}`);
+    console.error(`Debug: GET URL: ${fullUrl}`);
+    console.error(`Debug: Output: ${saveTo}`);
+    console.error(`Debug: Request headers: ${JSON.stringify(debugHeaders)}`);
+  }
+
+  const response = await fetch(fullUrl, {
+    method: "GET",
+    headers,
+  });
+
+  if (debug) {
+    console.error(`Debug: Response status: ${response.status}`);
+    console.error(`Debug: Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`);
+  }
+
+  if (!response.ok) {
+    const data = await response.text();
+    throw new Error(formatHttpError("Failed to download file", response.status, data));
+  }
+
+  const contentLength = response.headers.get("content-length");
+  if (contentLength && parseInt(contentLength, 10) > MAX_DOWNLOAD_SIZE) {
+    throw new Error(`File too large: ${contentLength} bytes (max ${MAX_DOWNLOAD_SIZE})`);
+  }
+
+  const arrayBuffer = await response.arrayBuffer();
+  const buffer = Buffer.from(arrayBuffer);
+
+  // Create parent dirs for the output path. recursive:true is intentional —
+  // the user may specify -o deeply/nested/path.png and expect it to work,
+  // same as curl --create-dirs or wget -P.
+  const parentDir = path.dirname(saveTo);
+  if (!fs.existsSync(parentDir)) {
+    fs.mkdirSync(parentDir, { recursive: true });
+  }
+
+  fs.writeFileSync(saveTo, buffer);
+
+  return {
+    savedTo: saveTo,
+    size: buffer.length,
+    mimeType: response.headers.get("content-type"),
+  };
+}
+
+const IMAGE_EXTENSIONS = new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".svg", ".bmp", ".ico"]);
+
+/**
+ * Build a markdown link for a file URL.
+ * Returns `![name](url)` for images, `[name](url)` for other files.
+ */
+export function buildMarkdownLink(fileUrl: string, storageBaseUrl: string, filename?: string): string {
+  const base = normalizeBaseUrl(storageBaseUrl);
+  const normalizedFileUrl = fileUrl.startsWith("/") ? fileUrl : `/${fileUrl}`;
+  const fullUrl = (fileUrl.startsWith("http://") || fileUrl.startsWith("https://")) ? fileUrl : `${base}${normalizedFileUrl}`;
+  const name = filename || path.basename(new URL(fullUrl).pathname);
+  const safeName = name.replace(/[\[\]()]/g, "\\$&");
+  const ext = path.extname(name).toLowerCase();
+  // fullUrl is not escaped — storage URLs are server-generated (UUID-based paths
+  // like /files/641/1770646021425_019c42ba.png) and never contain parentheses.
+  // Escaping would break the URL for renderers that don't decode %29 in href.
+  if (IMAGE_EXTENSIONS.has(ext)) {
+    return `![${safeName}](${fullUrl})`;
+  }
+  return `[${safeName}](${fullUrl})`;
+}

package/lib/util.ts

@@ -70,15 +70,18 @@ export function maskSecret(secret: string): string {
 export interface RootOptsLike {
   apiBaseUrl?: string;
   uiBaseUrl?: string;
+  storageBaseUrl?: string;
 }
 
 export interface ConfigLike {
   baseUrl?: string | null;
+  storageBaseUrl?: string | null;
 }
 
 export interface ResolvedBaseUrls {
   apiBaseUrl: string;
   uiBaseUrl: string;
+  storageBaseUrl: string;
 }
 
 /**
@@ -105,17 +108,20 @@ export function normalizeBaseUrl(value: string): string {
 export function resolveBaseUrls(
   opts?: RootOptsLike,
   cfg?: ConfigLike,
-  defaults: { apiBaseUrl?: string; uiBaseUrl?: string } = {}
+  defaults: { apiBaseUrl?: string; uiBaseUrl?: string; storageBaseUrl?: string } = {}
 ): ResolvedBaseUrls {
   const defApi = defaults.apiBaseUrl || "https://postgres.ai/api/general/";
   const defUi = defaults.uiBaseUrl || "https://console.postgres.ai";
+  const defStorage = defaults.storageBaseUrl || "https://postgres.ai/storage";
 
   const apiCandidate = (opts?.apiBaseUrl || process.env.PGAI_API_BASE_URL || cfg?.baseUrl || defApi) as string;
   const uiCandidate = (opts?.uiBaseUrl || process.env.PGAI_UI_BASE_URL || defUi) as string;
+  const storageCandidate = (opts?.storageBaseUrl || process.env.PGAI_STORAGE_BASE_URL || cfg?.storageBaseUrl || defStorage) as string;
 
   return {
     apiBaseUrl: normalizeBaseUrl(apiCandidate),
     uiBaseUrl: normalizeBaseUrl(uiCandidate),
+    storageBaseUrl: normalizeBaseUrl(storageCandidate),
   };
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "postgresai",
-  "version": "0.15.0-dev.3",
+  "version": "0.15.0-dev.5",
   "description": "postgres_ai CLI",
   "license": "Apache-2.0",
   "private": false,

package/test/compose-cmd.test.ts

@@ -0,0 +1,120 @@
+import { describe, test, expect } from "bun:test";
+
+/**
+ * Test getComposeCmd() selection logic.
+ * WARNING: This replicates the logic from postgres-ai.ts. If the production
+ * function changes, this replica must be updated to match.
+ * Since the function is internal to postgres-ai.ts, we replicate its logic
+ * with an injectable command checker (same pattern as monitoring.test.ts).
+ */
+function getComposeCmd(
+  tryCmd: (cmd: string, args: string[]) => boolean,
+): string[] | null {
+  if (tryCmd("docker", ["compose", "version"])) return ["docker", "compose"];
+  if (tryCmd("docker-compose", ["version"])) return ["docker-compose"];
+  return null;
+}
+
+describe("getComposeCmd", () => {
+  test("prefers docker compose V2 when both are available", () => {
+    const result = getComposeCmd(() => true);
+    expect(result).toEqual(["docker", "compose"]);
+  });
+
+  test("falls back to docker-compose V1 when V2 is unavailable", () => {
+    const result = getComposeCmd((cmd, args) => {
+      // V2 plugin fails, V1 standalone succeeds
+      if (cmd === "docker" && args[0] === "compose") return false;
+      if (cmd === "docker-compose") return true;
+      return false;
+    });
+    expect(result).toEqual(["docker-compose"]);
+  });
+
+  test("returns null when neither is available", () => {
+    const result = getComposeCmd(() => false);
+    expect(result).toBeNull();
+  });
+
+  test("does not check V1 when V2 succeeds", () => {
+    const calls: Array<{ cmd: string; args: string[] }> = [];
+    getComposeCmd((cmd, args) => {
+      calls.push({ cmd, args });
+      return cmd === "docker" && args[0] === "compose";
+    });
+    expect(calls).toHaveLength(1);
+    expect(calls[0]).toEqual({ cmd: "docker", args: ["compose", "version"] });
+  });
+
+  test("checks V2 first, then V1", () => {
+    const calls: Array<{ cmd: string; args: string[] }> = [];
+    getComposeCmd((cmd, args) => {
+      calls.push({ cmd, args });
+      return false;
+    });
+    expect(calls).toHaveLength(2);
+    expect(calls[0]).toEqual({ cmd: "docker", args: ["compose", "version"] });
+    expect(calls[1]).toEqual({ cmd: "docker-compose", args: ["version"] });
+  });
+});
+
+/**
+ * Test the monitoring startup sequence's container cleanup logic.
+ * Before "up --force-recreate", stopped containers from "run --rm" dependencies
+ * (e.g. config-init) must be removed to avoid docker-compose v1's
+ * KeyError: 'ContainerConfig' bug.
+ *
+ * We replicate the relevant sequence from the monitoring start command
+ * with an injectable runCompose to verify ordering and error tolerance.
+ */
+async function monitoringStartSequence(
+  runCompose: (args: string[]) => Promise<number>,
+): Promise<number> {
+  // Best-effort: remove stopped containers left by "run --rm" dependencies
+  await runCompose(["rm", "-f", "-s", "config-init"]);
+  // Start services
+  const code = await runCompose(["up", "-d", "--force-recreate"]);
+  return code;
+}
+
+describe("monitoring start: config-init cleanup", () => {
+  test("calls rm before up", async () => {
+    const calls: string[][] = [];
+    await monitoringStartSequence(async (args) => {
+      calls.push(args);
+      return 0;
+    });
+    expect(calls).toHaveLength(2);
+    expect(calls[0]).toEqual(["rm", "-f", "-s", "config-init"]);
+    expect(calls[1]).toEqual(["up", "-d", "--force-recreate"]);
+  });
+
+  test("continues to up even when rm fails", async () => {
+    const calls: string[][] = [];
+    await monitoringStartSequence(async (args) => {
+      calls.push(args);
+      // rm returns non-zero (container doesn't exist)
+      if (args[0] === "rm") return 1;
+      return 0;
+    });
+    expect(calls).toHaveLength(2);
+    expect(calls[0][0]).toBe("rm");
+    expect(calls[1][0]).toBe("up");
+  });
+
+  test("returns up exit code, not rm exit code", async () => {
+    // rm fails but up succeeds → overall success
+    const result1 = await monitoringStartSequence(async (args) => {
+      if (args[0] === "rm") return 1;
+      return 0;
+    });
+    expect(result1).toBe(0);
+
+    // rm succeeds but up fails → overall failure
+    const result2 = await monitoringStartSequence(async (args) => {
+      if (args[0] === "up") return 2;
+      return 0;
+    });
+    expect(result2).toBe(2);
+  });
+});

package/test/init.test.ts

@@ -1067,7 +1067,7 @@ describe("CLI commands", () => {
 
     // Should indicate auto-yes mode without API key
     expect(r.stdout).toMatch(/Auto-yes mode: no API key provided/);
-    expect(r.stdout).toMatch(/Reports will be generated locally only/);
+    expect(r.stderr).toMatch(/Reports will be generated locally only/);
   });
 
   test("cli: mon local-install --demo with global --api-key shows error", () => {