postgresai 0.15.0 → 0.16.0-rc.1

package/test/monitoring.test.ts

@@ -16,6 +16,10 @@ import {
   extractSslmode,
   InstancesParseError,
 } from "../lib/instances";
+import {
+  registerMonitoringInstance,
+  resolveAdoptedProject,
+} from "../bin/postgres-ai";
 
 /**
  * Test updatePgwatchConfig function behavior.
@@ -190,14 +194,20 @@ describe("updatePgwatchConfig", () => {
 describe("registerMonitoringInstance", () => {
   let originalFetch: typeof global.fetch;
   let fetchCalls: Array<{ url: string; options: RequestInit }>;
+  // Each test sets `respond(call) => Response`; defaults to a 200 with no body.
+  let respond: (call: { url: string; options: RequestInit }) => Response;
+  const apiBaseUrl = "https://api.example.com";
+  const registerUrl = `${apiBaseUrl}/rpc/monitoring_instance_register`;
 
   beforeEach(() => {
     originalFetch = global.fetch;
     fetchCalls = [];
-    // Mock fetch to capture calls
+    respond = () => new Response(JSON.stringify({ project_id: 7 }), { status: 200 });
+    // Mock fetch to capture calls and return the test-configured response.
     global.fetch = async (url: RequestInfo | URL, options?: RequestInit) => {
-      fetchCalls.push({ url: url.toString(), options: options || {} });
-      return new Response(JSON.stringify({ success: true }), { status: 200 });
+      const call = { url: url.toString(), options: options || {} };
+      fetchCalls.push(call);
+      return respond(call);
     };
   });
 
@@ -205,72 +215,141 @@ describe("registerMonitoringInstance", () => {
     global.fetch = originalFetch;
   });
 
-  test("sends POST request with correct URL and body", async () => {
-    // Simulate what registerMonitoringInstance does
-    const apiKey = "test-api-key";
-    const projectName = "my-project";
-    const apiBaseUrl = "https://api.example.com";
-
-    await fetch(`${apiBaseUrl}/rpc/monitoring_instance_register`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        api_token: apiKey,
-        project_name: projectName,
-      }),
-    });
+  // retryDelayMs: 0 keeps the retry path instant under test.
+  const opts = (extra?: Record<string, unknown>) => ({ apiBaseUrl, retryDelayMs: 0, ...extra });
+
+  test("posts api_token + project_name in the body (never in headers), legacy mode", async () => {
+    await registerMonitoringInstance("secret-key-12345", "my-project", opts());
 
     expect(fetchCalls.length).toBe(1);
-    expect(fetchCalls[0].url).toBe("https://api.example.com/rpc/monitoring_instance_register");
+    expect(fetchCalls[0].url).toBe(registerUrl);
     expect(fetchCalls[0].options.method).toBe("POST");
 
     const headers = fetchCalls[0].options.headers as Record<string, string>;
     expect(headers["Content-Type"]).toBe("application/json");
-    // Verify API key is NOT in headers (only in body per security review)
+    // API key only in body, never in an access-token header (security review).
     expect(headers["access-token"]).toBeUndefined();
 
     const body = JSON.parse(fetchCalls[0].options.body as string);
-    expect(body.api_token).toBe("test-api-key");
+    expect(body.api_token).toBe("secret-key-12345");
     expect(body.project_name).toBe("my-project");
   });
 
-  test("includes api_token in body, not in header", async () => {
-    const apiKey = "secret-key-12345";
-    const projectName = "test-project";
-    const apiBaseUrl = "https://postgres.ai/api/general";
-
-    await fetch(`${apiBaseUrl}/rpc/monitoring_instance_register`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        api_token: apiKey,
-        project_name: projectName,
-      }),
-    });
+  test("honors a custom apiBaseUrl for the endpoint path", async () => {
+    await registerMonitoringInstance("key", "proj", opts({ apiBaseUrl: "https://custom.api.com/v2" }));
+    expect(fetchCalls[0].url).toBe("https://custom.api.com/v2/rpc/monitoring_instance_register");
+  });
 
+  // Issue platform-all#311: console-provisioned installs pass instance_id so
+  // the platform adopts the provisioned instance instead of self-registering
+  // a duplicate under an auto-created "postgres-ai-monitoring" project.
+  test("includes instance_id in body when adopting a provisioned instance", async () => {
+    const instanceId = "019eb300-3f2a-7a75-b54d-4f10572b25b8";
+
+    await registerMonitoringInstance("key", "postgres-ai-monitoring", opts({ instanceId }));
+
+    const body = JSON.parse(fetchCalls[0].options.body as string);
+    expect(body.instance_id).toBe(instanceId);
+    // instance_id rides in the body next to api_token — never in headers.
     const headers = fetchCalls[0].options.headers as Record<string, string>;
-    // Verify no access-token header
-    expect(Object.keys(headers)).not.toContain("access-token");
+    expect(headers["instance-id"]).toBeUndefined();
+  });
+
+  test("omits instance_id from the body for legacy self-registration", async () => {
+    await registerMonitoringInstance("key", "my-project", opts());
 
-    // Verify token is in body
     const body = JSON.parse(fetchCalls[0].options.body as string);
-    expect(body.api_token).toBe("secret-key-12345");
+    // PostgREST matches the 3-arg function via its default — the key must be
+    // ABSENT (not null) so legacy CLIs and the new one hit the same overload.
+    expect("instance_id" in body).toBe(false);
   });
 
-  test("uses correct endpoint path", async () => {
-    const apiBaseUrl = "https://custom.api.com/v2";
+  test("a 200 with {project_id, project_name} returns a populated result", async () => {
+    respond = () => new Response(JSON.stringify({ project_id: 42, project_name: "prod-db", created: false }), { status: 200 });
 
-    await fetch(`${apiBaseUrl}/rpc/monitoring_instance_register`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ api_token: "key", project_name: "proj" }),
-    });
+    const reg = await registerMonitoringInstance("key", "p", opts({ instanceId: "i" }));
 
-    expect(fetchCalls[0].url).toBe("https://custom.api.com/v2/rpc/monitoring_instance_register");
+    expect(reg).toEqual({ instanceId: undefined, projectId: 42, projectName: "prod-db", created: false });
+  });
+
+  test("a non-JSON 200 returns {} (success, but no fields) — not null", async () => {
+    respond = () => new Response("<html>oops</html>", { status: 200 });
+
+    const reg = await registerMonitoringInstance("key", "p", opts({ instanceId: "i" }));
+
+    expect(reg).toEqual({});
+  });
+
+  test("mistyped fields are dropped at runtime (project_id must be a number)", async () => {
+    // A spoofed/older platform returning a string id must not poison the
+    // persistence decision, which prefers a numeric project_id.
+    respond = () => new Response(JSON.stringify({ project_id: "13", project_name: "ok-name", created: "yes" }), { status: 200 });
+
+    const reg = await registerMonitoringInstance("key", "p", opts({ instanceId: "i" }));
+
+    expect(reg).toEqual({ instanceId: undefined, projectId: undefined, projectName: "ok-name", created: undefined });
+  });
+
+  test("when adopting, a first non-OK response triggers one retry that succeeds", async () => {
+    respond = (call) => {
+      // First attempt 503, second 200.
+      return fetchCalls.length === 1
+        ? new Response("upstream down", { status: 503 })
+        : new Response(JSON.stringify({ project_id: 9 }), { status: 200 });
+    };
+
+    const reg = await registerMonitoringInstance("key", "p", opts({ instanceId: "i" }));
+
+    expect(fetchCalls.length).toBe(2);
+    expect(reg).toEqual({ instanceId: undefined, projectId: 9, projectName: undefined, created: undefined });
+  });
+
+  test("when adopting, two failures exhaust the retry and return null", async () => {
+    respond = () => new Response("upstream down", { status: 503 });
+
+    const reg = await registerMonitoringInstance("key", "p", opts({ instanceId: "i" }));
+
+    expect(fetchCalls.length).toBe(2); // one initial + one retry
+    expect(reg).toBeNull();
+  });
+
+  test("legacy mode does NOT retry — a single failure returns null after one attempt", async () => {
+    respond = () => new Response("upstream down", { status: 503 });
+
+    const reg = await registerMonitoringInstance("key", "p", opts());
+
+    expect(fetchCalls.length).toBe(1);
+    expect(reg).toBeNull();
+  });
+});
+
+describe("resolveAdoptedProject — what gets persisted to .pgwatch-config", () => {
+  test("prefers the numeric project_id over the name (survives renames)", () => {
+    expect(resolveAdoptedProject({ projectId: 42, projectName: "prod-db" })).toBe("42");
+  });
+
+  test("project_id === 0 is a valid id and is honored", () => {
+    expect(resolveAdoptedProject({ projectId: 0, projectName: "prod-db" })).toBe("0");
+  });
+
+  test("falls back to project_name when there is no id", () => {
+    expect(resolveAdoptedProject({ projectName: "prod-db" })).toBe("prod-db");
+  });
+
+  test("returns null for a null response", () => {
+    expect(resolveAdoptedProject(null)).toBeNull();
+  });
+
+  test("returns null for a fieldless (succeeded-but-empty) response", () => {
+    expect(resolveAdoptedProject({})).toBeNull();
+  });
+
+  test("rejects a project_name with a newline (config-file injection, CWE-93)", () => {
+    expect(resolveAdoptedProject({ projectName: "prod\ninjected=evil" })).toBeNull();
+  });
+
+  test("rejects a project_name containing '='", () => {
+    expect(resolveAdoptedProject({ projectName: "a=b" })).toBeNull();
   });
 });
 

package/test/schema-validation.test.ts

@@ -70,6 +70,35 @@ describe("Schema validation", () => {
     });
   }
 
+  // F003 (Autovacuum: dead tuples) - test empty and with data
+  test("F003 validates with empty data", async () => {
+    const mockClient = createMockClient({ deadTuplesRows: [] });
+    const report = await checkup.REPORT_GENERATORS.F003(mockClient as any, "node-01");
+    validateAgainstSchema(report, "F003");
+  });
+
+  test("F003 validates with sample data", async () => {
+    const mockClient = createMockClient({
+      deadTuplesRows: [
+        {
+          tag_schemaname: "public",
+          tag_relname: "events",
+          n_live_tup: "6361538",
+          n_dead_tup: "8270000",
+          dead_pct: 56.52,
+          last_autovacuum: "0",
+          last_vacuum: "1704067200",
+          autovacuum_count: "0",
+          vacuum_count: "1",
+          autovacuum_disabled: 1,
+          table_size_b: "2147483648",
+        },
+      ],
+    });
+    const report = await checkup.REPORT_GENERATORS.F003(mockClient as any, "node-01");
+    validateAgainstSchema(report, "F003");
+  });
+
   // Settings reports (D004, F001, G001) - single test each
   for (const checkId of ["D004", "F001", "G001"]) {
     test(`${checkId} validates against schema`, async () => {

package/test/test-utils.ts

@@ -17,6 +17,7 @@ export interface MockClientOptions {
   redundantIndexesRows?: any[];
   tableBloatRows?: any[];
   indexBloatRows?: any[];
+  deadTuplesRows?: any[];
   vacuumStatsRows?: any[];
   deadlockStatsRows?: any[];
   pgStatStatementsExtensionRows?: any[];
@@ -58,6 +59,7 @@ export function createMockClient(options: MockClientOptions = {}) {
     redundantIndexesRows = [],
     tableBloatRows = [],
     indexBloatRows = [],
+    deadTuplesRows = [],
     vacuumStatsRows = [],
     deadlockStatsRows = [{ deadlocks: "0", conflicts: "0", stats_reset: null }],
     pgStatStatementsExtensionRows = [],
@@ -119,6 +121,12 @@ export function createMockClient(options: MockClientOptions = {}) {
       if (sql.includes("redundant_indexes_grouped") && sql.includes("columns like")) {
         return { rows: redundantIndexesRows };
       }
+      // F003: dead tuples metric from metrics.yml.
+      // Must be matched BEFORE the F004/F005 vacuum-stats route below: the
+      // pg_dead_tuples SQL also contains "pg_stat_user_tables" and "last_vacuum".
+      if (sql.includes("autovacuum_disabled") && sql.includes("n_dead_tup")) {
+        return { rows: deadTuplesRows };
+      }
       // F004/F005: bloat metrics from metrics.yml
       if (sql.includes("tag_idxname") && sql.includes("bloat_size")) {
         return { rows: indexBloatRows };

package/test/util.test.ts

@@ -0,0 +1,44 @@
+import { describe, expect, test } from "bun:test";
+
+import { formatHttpError } from "../lib/util";
+
+describe("formatHttpError", () => {
+  test("appends auth remediation hint on 401 with JSON body", () => {
+    const msg = formatHttpError(
+      "Failed to fetch issues",
+      401,
+      '{"hint": "Please check validity of token", "details": "Invalid token"}'
+    );
+
+    expect(msg).toContain("HTTP 401");
+    expect(msg).toContain("Run 'postgresai auth'");
+    expect(msg).toContain("PGAI_API_KEY");
+  });
+
+  test("appends auth remediation hint on 401 with HTML body (early-return path)", () => {
+    const msg = formatHttpError("Failed to fetch issues", 401, "<html><body>Unauthorized</body></html>");
+
+    expect(msg).toContain("HTTP 401");
+    expect(msg).toContain("Run 'postgresai auth'");
+  });
+
+  test("appends auth remediation hint on 401 without body", () => {
+    const msg = formatHttpError("Failed to fetch issues", 401);
+
+    expect(msg).toContain("Run 'postgresai auth'");
+  });
+
+  test("does not append auth hint for non-401 statuses", () => {
+    expect(formatHttpError("Failed to fetch issues", 403, '{"message": "denied"}')).not.toContain(
+      "Run 'postgresai auth'"
+    );
+    expect(formatHttpError("Failed to fetch issues", 500)).not.toContain("Run 'postgresai auth'");
+  });
+
+  test("keeps structured JSON error details before the hint", () => {
+    const msg = formatHttpError("Failed to fetch issues", 401, '{"message": "Invalid token"}');
+
+    expect(msg.indexOf("Invalid token")).toBeGreaterThan(-1);
+    expect(msg.indexOf("Invalid token")).toBeLessThan(msg.indexOf("Run 'postgresai auth'"));
+  });
+});