spindb 0.9.0 → 0.9.2

package/cli/commands/stop.ts

@@ -4,7 +4,7 @@ import { processManager } from '../../core/process-manager'
 import { getEngine } from '../../engines'
 import { promptContainerSelect } from '../ui/prompts'
 import { createSpinner } from '../ui/spinner'
-import { success, error, warning } from '../ui/theme'
+import { uiSuccess, uiError, uiWarning } from '../ui/theme'
 
 export const stopCommand = new Command('stop')
   .description('Stop a container')
@@ -17,7 +17,7 @@ export const stopCommand = new Command('stop')
         const running = containers.filter((c) => c.status === 'running')
 
         if (running.length === 0) {
-          console.log(warning('No running containers found'))
+          console.log(uiWarning('No running containers found'))
           return
         }
 
@@ -34,7 +34,7 @@ export const stopCommand = new Command('stop')
           spinner.succeed(`Stopped "${container.name}"`)
         }
 
-        console.log(success(`Stopped ${running.length} container(s)`))
+        console.log(uiSuccess(`Stopped ${running.length} container(s)`))
         return
       }
 
@@ -45,7 +45,7 @@ export const stopCommand = new Command('stop')
         const running = containers.filter((c) => c.status === 'running')
 
         if (running.length === 0) {
-          console.log(warning('No running containers found'))
+          console.log(uiWarning('No running containers found'))
           return
         }
 
@@ -59,7 +59,7 @@ export const stopCommand = new Command('stop')
 
       const config = await containerManager.getConfig(containerName)
       if (!config) {
-        console.error(error(`Container "${containerName}" not found`))
+        console.error(uiError(`Container "${containerName}" not found`))
         process.exit(1)
       }
 
@@ -67,7 +67,7 @@ export const stopCommand = new Command('stop')
         engine: config.engine,
       })
       if (!running) {
-        console.log(warning(`Container "${containerName}" is not running`))
+        console.log(uiWarning(`Container "${containerName}" is not running`))
         return
       }
 
@@ -80,9 +80,9 @@ export const stopCommand = new Command('stop')
       await containerManager.updateConfig(containerName, { status: 'stopped' })
 
       spinner.succeed(`Container "${containerName}" stopped`)
-    } catch (err) {
-      const e = err as Error
-      console.error(error(e.message))
+    } catch (error) {
+      const e = error as Error
+      console.error(uiError(e.message))
       process.exit(1)
     }
   })

package/cli/commands/url.ts

@@ -3,7 +3,7 @@ import { containerManager } from '../../core/container-manager'
 import { platformService } from '../../core/platform-service'
 import { getEngine } from '../../engines'
 import { promptContainerSelect } from '../ui/prompts'
-import { error, warning, success } from '../ui/theme'
+import { uiError, uiWarning, uiSuccess } from '../ui/theme'
 
 export const urlCommand = new Command('url')
   .alias('connection-string')
@@ -24,7 +24,7 @@ export const urlCommand = new Command('url')
           const containers = await containerManager.list()
 
           if (containers.length === 0) {
-            console.log(warning('No containers found'))
+            console.log(uiWarning('No containers found'))
             return
           }
 
@@ -38,13 +38,16 @@ export const urlCommand = new Command('url')
 
         const config = await containerManager.getConfig(containerName)
         if (!config) {
-          console.error(error(`Container "${containerName}" not found`))
+          console.error(uiError(`Container "${containerName}" not found`))
           process.exit(1)
         }
 
         const engine = getEngine(config.engine)
         const databaseName = options.database || config.database
-        const connectionString = engine.getConnectionString(config, databaseName)
+        const connectionString = engine.getConnectionString(
+          config,
+          databaseName,
+        )
 
         if (options.json) {
           const jsonOutput =
@@ -72,10 +75,10 @@ export const urlCommand = new Command('url')
           const copied = await platformService.copyToClipboard(connectionString)
           if (copied) {
             console.log(connectionString)
-            console.error(success('Copied to clipboard'))
+            console.error(uiSuccess('Copied to clipboard'))
           } else {
             console.log(connectionString)
-            console.error(warning('Could not copy to clipboard'))
+            console.error(uiWarning('Could not copy to clipboard'))
           }
         } else {
           process.stdout.write(connectionString)
@@ -83,9 +86,9 @@ export const urlCommand = new Command('url')
             console.log()
           }
         }
-      } catch (err) {
-        const e = err as Error
-        console.error(error(e.message))
+      } catch (error) {
+        const e = error as Error
+        console.error(uiError(e.message))
         process.exit(1)
       }
     },

package/cli/helpers.ts

@@ -1,7 +1,7 @@
 import { existsSync } from 'fs'
 import { readdir, lstat } from 'fs/promises'
 import { join } from 'path'
-import { exec } from 'child_process'
+import { exec, execFile } from 'child_process'
 import { promisify } from 'util'
 import { paths } from '../config/paths'
 import {
@@ -11,6 +11,7 @@ import {
 } from '../engines/mysql/binary-detection'
 
 const execAsync = promisify(exec)
+const execFileAsync = promisify(execFile)
 
 export type InstalledPostgresEngine = {
   engine: 'postgresql'
@@ -30,7 +31,17 @@ export type InstalledMysqlEngine = {
   isMariaDB: boolean
 }
 
-export type InstalledEngine = InstalledPostgresEngine | InstalledMysqlEngine
+export type InstalledSqliteEngine = {
+  engine: 'sqlite'
+  version: string
+  path: string
+  source: 'system'
+}
+
+export type InstalledEngine =
+  | InstalledPostgresEngine
+  | InstalledMysqlEngine
+  | InstalledSqliteEngine
 
 async function getPostgresVersion(binPath: string): Promise<string | null> {
   const postgresPath = join(binPath, 'bin', 'postgres')
@@ -39,7 +50,7 @@ async function getPostgresVersion(binPath: string): Promise<string | null> {
   }
 
   try {
-    const { stdout } = await execAsync(`"${postgresPath}" --version`)
+    const { stdout } = await execFileAsync(postgresPath, ['--version'])
     const match = stdout.match(/\(PostgreSQL\)\s+([\d.]+)/)
     return match ? match[1] : null
   } catch {
@@ -47,7 +58,9 @@ async function getPostgresVersion(binPath: string): Promise<string | null> {
   }
 }
 
-export async function getInstalledPostgresEngines(): Promise<InstalledPostgresEngine[]> {
+export async function getInstalledPostgresEngines(): Promise<
+  InstalledPostgresEngine[]
+> {
   const binDir = paths.bin
 
   if (!existsSync(binDir)) {
@@ -125,6 +138,33 @@ async function getInstalledMysqlEngine(): Promise<InstalledMysqlEngine | null> {
   }
 }
 
+async function getInstalledSqliteEngine(): Promise<InstalledSqliteEngine | null> {
+  try {
+    // TODO: Use 'where sqlite3' on Windows when adding Windows support
+    const { stdout: whichOutput } = await execAsync('which sqlite3')
+    const sqlitePath = whichOutput.trim()
+    if (!sqlitePath) {
+      return null
+    }
+
+    const { stdout: versionOutput } = await execFileAsync(sqlitePath, [
+      '--version',
+    ])
+    // sqlite3 --version outputs: "3.43.2 2023-10-10 12:14:04 ..."
+    const versionMatch = versionOutput.match(/^([\d.]+)/)
+    const version = versionMatch ? versionMatch[1] : 'unknown'
+
+    return {
+      engine: 'sqlite',
+      version,
+      path: sqlitePath,
+      source: 'system',
+    }
+  } catch {
+    return null
+  }
+}
+
 export function compareVersions(a: string, b: string): number {
   const partsA = a.split('.').map((p) => parseInt(p, 10) || 0)
   const partsB = b.split('.').map((p) => parseInt(p, 10) || 0)
@@ -148,5 +188,10 @@ export async function getInstalledEngines(): Promise<InstalledEngine[]> {
     engines.push(mysqlEngine)
   }
 
+  const sqliteEngine = await getInstalledSqliteEngine()
+  if (sqliteEngine) {
+    engines.push(sqliteEngine)
+  }
+
   return engines
 }

package/cli/ui/prompts.ts

@@ -258,7 +258,8 @@ export async function promptContainerSelect(
  */
 function sanitizeDatabaseName(name: string): string {
   // Replace invalid characters with underscores
-  let sanitized = name.replace(/[^a-zA-Z0-9_-]/g, '_')
+  // Note: hyphens are excluded because they require quoting in SQL
+  let sanitized = name.replace(/[^a-zA-Z0-9_]/g, '_')
   // Ensure it starts with a letter or underscore
   if (sanitized && !/^[a-zA-Z_]/.test(sanitized)) {
     sanitized = '_' + sanitized
@@ -267,6 +268,10 @@ function sanitizeDatabaseName(name: string): string {
   sanitized = sanitized.replace(/_+/g, '_')
   // Trim trailing underscores
   sanitized = sanitized.replace(/_+$/, '')
+  // Fallback if result is empty (e.g., input was "---")
+  if (!sanitized) {
+    sanitized = 'db'
+  }
   return sanitized
 }
 
@@ -284,7 +289,9 @@ export async function promptDatabaseName(
     engine === 'mysql' ? 'Database (schema) name:' : 'Database name:'
 
   // Sanitize the default name to ensure it's valid
-  const sanitizedDefault = defaultName ? sanitizeDatabaseName(defaultName) : undefined
+  const sanitizedDefault = defaultName
+    ? sanitizeDatabaseName(defaultName)
+    : undefined
 
   const { database } = await inquirer.prompt<{ database: string }>([
     {
@@ -295,8 +302,9 @@ export async function promptDatabaseName(
       validate: (input: string) => {
         if (!input) return 'Database name is required'
         // PostgreSQL database naming rules (also valid for MySQL)
-        if (!/^[a-zA-Z_][a-zA-Z0-9_-]*$/.test(input)) {
-          return 'Database name must start with a letter or underscore and contain only letters, numbers, underscores, and hyphens'
+        // Hyphens excluded to avoid requiring quoted identifiers in SQL
+        if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(input)) {
+          return 'Database name must start with a letter or underscore and contain only letters, numbers, and underscores'
         }
         if (input.length > 63) {
           return 'Database name must be 63 characters or less'
@@ -414,7 +422,11 @@ export async function promptSqlitePath(
 ): Promise<string | undefined> {
   const defaultPath = `./${containerName}.sqlite`
 
-  console.log(chalk.gray('  SQLite databases are stored as files in your project directory.'))
+  console.log(
+    chalk.gray(
+      '  SQLite databases are stored as files in your project directory.',
+    ),
+  )
   console.log(chalk.gray(`  Default: ${defaultPath}`))
   console.log()
 
@@ -490,7 +502,8 @@ export async function promptSqlitePath(
       {
         type: 'list',
         name: 'overwrite',
-        message: 'A file already exists at this location. What would you like to do?',
+        message:
+          'A file already exists at this location. What would you like to do?',
         choices: [
           { name: 'Choose a different path', value: 'different' },
           { name: 'Cancel', value: 'cancel' },
@@ -696,8 +709,8 @@ export async function promptInstallDependencies(
 
       return false
     }
-  } catch (err) {
-    const e = err as Error
+  } catch (error) {
+    const e = error as Error
     console.log()
     console.log(chalk.red(`  Installation failed: ${e.message}`))
     console.log()

package/cli/ui/spinner.ts

@@ -27,10 +27,10 @@ export async function withSpinner<T>(
     })
     spinner.succeed()
     return result
-  } catch (err) {
-    const error = err as Error
-    spinner.fail(error.message)
-    throw error
+  } catch (error) {
+    const e = error as Error
+    spinner.fail(e.message)
+    throw e
   }
 }
 

package/cli/ui/theme.ts

@@ -60,28 +60,28 @@ ${chalk.cyan('└' + line + '┘')}
 /**
  * Format a success message
  */
-export function success(message: string): string {
+export function uiSuccess(message: string): string {
   return `${theme.icons.success} ${message}`
 }
 
 /**
  * Format an error message
  */
-export function error(message: string): string {
+export function uiError(message: string): string {
   return `${theme.icons.error} ${chalk.red(message)}`
 }
 
 /**
  * Format a warning message
  */
-export function warning(message: string): string {
+export function uiWarning(message: string): string {
   return `${theme.icons.warning} ${chalk.yellow(message)}`
 }
 
 /**
  * Format an info message
  */
-export function info(message: string): string {
+export function uiInfo(message: string): string {
   return `${theme.icons.info} ${message}`
 }
 

package/core/binary-manager.ts

@@ -6,7 +6,11 @@ import { exec } from 'child_process'
 import { promisify } from 'util'
 import { paths } from '../config/paths'
 import { defaults } from '../config/defaults'
-import { Engine, type ProgressCallback, type InstalledBinary } from '../types'
+import {
+  type Engine,
+  type ProgressCallback,
+  type InstalledBinary,
+} from '../types'
 
 const execAsync = promisify(exec)
 

package/core/container-manager.ts

@@ -1,5 +1,14 @@
 import { existsSync } from 'fs'
-import { mkdir, readdir, readFile, writeFile, rm, cp, unlink } from 'fs/promises'
+import {
+  mkdir,
+  readdir,
+  readFile,
+  writeFile,
+  rm,
+  cp,
+  unlink,
+  rename as fsRename,
+} from 'fs/promises'
 import { paths } from '../config/paths'
 import { processManager } from './process-manager'
 import { portManager } from './port-manager'
@@ -76,7 +85,7 @@ export class ContainerManager {
 
     if (engine) {
       // SQLite uses registry instead of filesystem
-      if (engine === 'sqlite') {
+      if (engine === Engine.SQLite) {
         return this.getSqliteConfig(name)
       }
 
@@ -201,7 +210,7 @@ export class ContainerManager {
 
     if (engine) {
       // SQLite uses registry
-      if (engine === 'sqlite') {
+      if (engine === Engine.SQLite) {
         return sqliteRegistry.exists(name)
       }
       const configPath = paths.getContainerConfigPath(name, { engine })
@@ -366,26 +375,35 @@ export class ContainerManager {
 
     await cp(sourcePath, targetPath, { recursive: true })
 
-    // Update target config
-    const config = await this.getConfig(targetName, { engine })
-    if (!config) {
-      throw new Error('Failed to read cloned container config')
-    }
+    // If anything fails after copy, clean up the target directory
+    try {
+      // Update target config
+      const config = await this.getConfig(targetName, { engine })
+      if (!config) {
+        throw new Error('Failed to read cloned container config')
+      }
 
-    config.name = targetName
-    config.created = new Date().toISOString()
-    config.clonedFrom = sourceName
+      config.name = targetName
+      config.created = new Date().toISOString()
+      config.clonedFrom = sourceName
 
-    // Assign new port (excluding ports already used by other containers)
-    const engineDefaults = getEngineDefaults(engine)
-    const { port } = await portManager.findAvailablePortExcludingContainers({
-      portRange: engineDefaults.portRange,
-    })
-    config.port = port
+      // Assign new port (excluding ports already used by other containers)
+      const engineDefaults = getEngineDefaults(engine)
+      const { port } = await portManager.findAvailablePortExcludingContainers({
+        portRange: engineDefaults.portRange,
+      })
+      config.port = port
 
-    await this.saveConfig(targetName, { engine }, config)
+      await this.saveConfig(targetName, { engine }, config)
 
-    return config
+      return config
+    } catch (error) {
+      // Clean up the copied directory on failure
+      await rm(targetPath, { recursive: true, force: true }).catch(() => {
+        // Ignore cleanup errors
+      })
+      throw error
+    }
   }
 
   /**
@@ -419,7 +437,15 @@ export class ContainerManager {
         throw new Error(`SQLite container "${oldName}" not found in registry`)
       }
 
-      // Remove old entry and add new one with updated name
+      // Move container directory first (if it exists) - do filesystem ops before registry
+      // This way if the move fails, registry is unchanged
+      const oldContainerPath = paths.getContainerPath(oldName, { engine })
+      const newContainerPath = paths.getContainerPath(newName, { engine })
+      if (existsSync(oldContainerPath)) {
+        await this.atomicMoveDirectory(oldContainerPath, newContainerPath)
+      }
+
+      // Now update registry - remove old entry and add new one with updated name
       await sqliteRegistry.remove(oldName)
       await sqliteRegistry.add({
         name: newName,
@@ -428,14 +454,6 @@ export class ContainerManager {
         lastVerified: entry.lastVerified,
       })
 
-      // Rename container directory if it exists (created by containerManager.create)
-      const oldContainerPath = paths.getContainerPath(oldName, { engine })
-      const newContainerPath = paths.getContainerPath(newName, { engine })
-      if (existsSync(oldContainerPath)) {
-        await cp(oldContainerPath, newContainerPath, { recursive: true })
-        await rm(oldContainerPath, { recursive: true, force: true })
-      }
-
       // Return updated config
       return {
         ...sourceConfig,
@@ -453,8 +471,7 @@ export class ContainerManager {
     const oldPath = paths.getContainerPath(oldName, { engine })
     const newPath = paths.getContainerPath(newName, { engine })
 
-    await cp(oldPath, newPath, { recursive: true })
-    await rm(oldPath, { recursive: true, force: true })
+    await this.atomicMoveDirectory(oldPath, newPath)
 
     // Update config with new name
     const config = await this.getConfig(newName, { engine })
@@ -468,6 +485,40 @@ export class ContainerManager {
     return config
   }
 
+  /**
+   * Move a directory atomically when possible, with copy+delete fallback.
+   * Uses fs.rename which is atomic on same filesystem, falls back to
+   * copy+delete for cross-filesystem moves (with cleanup on failure).
+   */
+  private async atomicMoveDirectory(
+    sourcePath: string,
+    targetPath: string,
+  ): Promise<void> {
+    try {
+      // Try atomic rename first (only works on same filesystem)
+      await fsRename(sourcePath, targetPath)
+    } catch (error) {
+      const e = error as NodeJS.ErrnoException
+      if (e.code === 'EXDEV') {
+        // Cross-filesystem move - fall back to copy+delete
+        await cp(sourcePath, targetPath, { recursive: true })
+        try {
+          await rm(sourcePath, { recursive: true, force: true })
+        } catch {
+          // If delete fails after copy, we have duplicates
+          // Try to clean up the target to avoid inconsistency
+          await rm(targetPath, { recursive: true, force: true }).catch(() => {})
+          throw new Error(
+            `Failed to complete move: source and target may both exist. ` +
+              `Please manually remove one of: ${sourcePath} or ${targetPath}`,
+          )
+        }
+      } else {
+        throw error
+      }
+    }
+  }
+
   /**
    * Validate container name
    */

package/core/error-handler.ts

@@ -56,6 +56,7 @@ export const ErrorCodes = {
   CONTAINER_CREATE_FAILED: 'CONTAINER_CREATE_FAILED',
   INIT_FAILED: 'INIT_FAILED',
   DATABASE_CREATE_FAILED: 'DATABASE_CREATE_FAILED',
+  INVALID_DATABASE_NAME: 'INVALID_DATABASE_NAME',
 
   // Dependency errors
   DEPENDENCY_MISSING: 'DEPENDENCY_MISSING',
@@ -308,3 +309,33 @@ export function createDependencyMissingError(
     { toolName, engine },
   )
 }
+
+/**
+ * Validate a database name to prevent SQL injection.
+ * Database names must start with a letter and contain only
+ * alphanumeric characters and underscores.
+ *
+ * Note: Hyphens are excluded because they require quoted identifiers
+ * in SQL, which is error-prone for users.
+ */
+export function isValidDatabaseName(name: string): boolean {
+  // Must start with a letter to be valid in all database systems
+  // Hyphens excluded to avoid requiring quoted identifiers in SQL
+  return /^[a-zA-Z][a-zA-Z0-9_]*$/.test(name)
+}
+
+/**
+ * Assert that a database name is valid, throwing SpinDBError if not.
+ * Use this at the entry points where database names are accepted.
+ */
+export function assertValidDatabaseName(name: string): void {
+  if (!isValidDatabaseName(name)) {
+    throw new SpinDBError(
+      ErrorCodes.INVALID_DATABASE_NAME,
+      `Invalid database name: "${name}"`,
+      'error',
+      'Database names must start with a letter and contain only letters, numbers, and underscores',
+      { databaseName: name },
+    )
+  }
+}

package/core/platform-service.ts

@@ -11,7 +11,7 @@
  */
 
 import { homedir, platform as osPlatform, arch as osArch } from 'os'
-import { execSync, exec, spawn } from 'child_process'
+import { execSync, execFileSync, exec, spawn } from 'child_process'
 import { promisify } from 'util'
 import { existsSync } from 'fs'
 
@@ -205,7 +205,7 @@ class DarwinPlatformService extends BasePlatformService {
     let getentResult: string | null = null
     if (sudoUser) {
       try {
-        getentResult = execSync(`getent passwd ${sudoUser}`, {
+        getentResult = execFileSync('getent', ['passwd', sudoUser], {
           encoding: 'utf-8',
         })
       } catch {
@@ -347,7 +347,7 @@ class LinuxPlatformService extends BasePlatformService {
     let getentResult: string | null = null
     if (sudoUser) {
       try {
-        getentResult = execSync(`getent passwd ${sudoUser}`, {
+        getentResult = execFileSync('getent', ['passwd', sudoUser], {
           encoding: 'utf-8',
         })
       } catch {

package/core/port-manager.ts

@@ -27,6 +27,8 @@ export class PortManager {
       const server = net.createServer()
 
       server.once('error', (err: NodeJS.ErrnoException) => {
+        // Always close the server to prevent resource leaks
+        server.close()
         if (err.code === 'EADDRINUSE') {
           resolve(false)
         } else {

package/core/process-manager.ts

@@ -1,7 +1,7 @@
 import { exec, spawn } from 'child_process'
 import { promisify } from 'util'
 import { existsSync } from 'fs'
-import { readFile } from 'fs/promises'
+import { readFile, rm } from 'fs/promises'
 import { paths } from '../config/paths'
 import { logDebug } from './error-handler'
 import type { ProcessResult, StatusResult } from '../types'
@@ -42,6 +42,9 @@ export class ProcessManager {
   ): Promise<ProcessResult> {
     const { superuser = 'postgres' } = options
 
+    // Track if directory existed before initdb (to know if we should clean up)
+    const dirExistedBefore = existsSync(dataDir)
+
     const args = [
       '-D',
       dataDir,
@@ -52,6 +55,21 @@ export class ProcessManager {
       '--no-locale',
     ]
 
+    // Helper to clean up data directory on failure
+    const cleanupOnFailure = async () => {
+      // Only clean up if initdb created the directory (it didn't exist before)
+      if (!dirExistedBefore && existsSync(dataDir)) {
+        try {
+          await rm(dataDir, { recursive: true, force: true })
+          logDebug(`Cleaned up data directory after initdb failure: ${dataDir}`)
+        } catch (cleanupErr) {
+          logDebug(
+            `Failed to clean up data directory: ${cleanupErr instanceof Error ? cleanupErr.message : String(cleanupErr)}`,
+          )
+        }
+      }
+    }
+
     return new Promise((resolve, reject) => {
       const proc = spawn(initdbPath, args, {
         stdio: ['ignore', 'pipe', 'pipe'],
@@ -67,15 +85,19 @@ export class ProcessManager {
         stderr += data.toString()
       })
 
-      proc.on('close', (code) => {
+      proc.on('close', async (code) => {
         if (code === 0) {
           resolve({ stdout, stderr })
         } else {
+          await cleanupOnFailure()
           reject(new Error(`initdb failed with code ${code}: ${stderr}`))
         }
       })
 
-      proc.on('error', reject)
+      proc.on('error', async (err) => {
+        await cleanupOnFailure()
+        reject(err)
+      })
     })
   }