sqlprism 1.2.0__tar.gz → 1.2.2__tar.gz

{sqlprism-1.2.0 → sqlprism-1.2.2}/.github/workflows/ci.yml

@@ -41,7 +41,7 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: matrix.python-version == '3.12'
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           files: coverage.xml
           token: ${{ secrets.CODECOV_TOKEN }}

{sqlprism-1.2.0 → sqlprism-1.2.2}/.github/workflows/docs.yml

@@ -37,7 +37,7 @@ jobs:
         run: uv run mkdocs build
 
       - name: Upload Pages artifact
-        uses: actions/upload-pages-artifact@v4
+        uses: actions/upload-pages-artifact@v5
         with:
           path: site/
 

{sqlprism-1.2.0 → sqlprism-1.2.2}/.gitignore

@@ -1,9 +1,15 @@
 # Claude
 .claude/research/
 .claude/plans/
+.claude/specs/
+.claude/worktrees/
 .claude/settings.local.json
+.claude/*.lock
 .mcp.json
 
+# User config (personal paths)
+sqlprism.yml
+
 # Coverage
 .coverage
 coverage_html/

sqlprism-1.2.2/CHANGELOG.md

@@ -0,0 +1,94 @@
+# Changelog
+
+All notable changes to this project are documented here. The format is based on
+[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project
+follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.2.2] — 2026-04-21
+
+### Changed
+- CLI commands now share `_open_graph_for_write` / `_open_graph_for_read`
+  context-manager helpers, replacing the ad-hoc "load config + resolve
+  db_path + open graph" prologue across `reindex`, `reindex-file`,
+  `reindex-sqlmesh`, `reindex-dbt`, `status`, `conventions`, and the five
+  query subcommands (#137).
+- Split `tests/test_indexer.py`, `tests/test_conventions.py`, and
+  `tests/test_mcp_tools.py` into smaller per-feature files; shared MCP
+  reset fixture moved to `tests/conftest.py` (#136).
+- Expand ruff rules to include `B` (bugbear) and `RUF`; narrow
+  `pytest.raises(Exception)` to `ValidationError` in tests (#134).
+
+### Fixed
+- `graph.py` snippet reader now narrows the except to `OSError` and logs
+  at debug instead of silently swallowing; `dbt.py` replaces broad
+  `except (ImportError, OSError, Exception)` with `yaml.YAMLError` +
+  `OSError` and logs failures (#134).
+
+### Docs
+- Align `CLAUDE.md` on Python 3.11+; replace placeholder `<repo-url>`
+  with real clone URL; drop hardcoded tool count from README and guides;
+  add `CONTRIBUTING.md`, `CHANGELOG.md`, and `SECURITY.md` (#134).
+
+## [1.2.1] — 2026-04-21
+
+### Fixed
+- `find_path` / `find_bottlenecks` / `check_impact` no longer follow `defines`
+  (non-dataflow) edges or `inserts_into` self-loops when tracing dependencies
+  (#127).
+- Cross-repo trace now walks the name-quotient graph so dependency traversal
+  crosses shadow `ref()` nodes between federated repos (#131).
+- dbt `schema.yml` column definitions are persisted into the graph; column
+  inference from `CREATE TABLE AS SELECT` is also picked up (#125).
+- sqlmesh column-definition resolution aligned with the dbt path (#124).
+
+## [1.2.0] — 2026-03-26
+
+### Added
+- **Conventions engine**: layer detection, naming-pattern inference, reference
+  rules, common columns, and column-style inference. Exposed via
+  `get_conventions` MCP tool and the `sqlprism conventions --init/--refresh/--diff`
+  CLI. YAML overrides can be loaded and merged on top of inferred conventions.
+- **Semantic tags**: clustering and auto-labeling of models, with
+  `search_by_tag` and `list_tags` MCP tools.
+- **Similarity & placement**: `find_similar_models` and `suggest_placement`
+  MCP tools to support new-model authoring workflows.
+
+### Changed
+- Upgraded `sqlglot` to v30 with the `[c]` (native) extension for faster
+  parsing.
+
+## [1.1.0] — 2026-03-16
+
+### Added
+- **Cross-repo federation**: `cross_repo_edges` and `name_collisions` surfaced
+  via `get_index_status`; synthetic shadow nodes for referenced-but-unindexed
+  models.
+- **YAML config support** with discovery order; `sqlprism.yml` recognised
+  alongside legacy JSON.
+- **Graph-analytics tools**: `find_critical_models` (PageRank),
+  `detect_cycles`, `find_subgraphs` (weakly connected components), and
+  `find_bottlenecks` (fan-in/out analysis), backed by DuckPGQ.
+- **Column & context tools**: `get_schema`, `get_context`, `check_impact`,
+  `find_path`, and DuckPGQ-backed `trace_dependencies`.
+- `ty` type checker added to CI.
+
+## [1.0.1] — 2026-03-15
+
+### Fixed
+- Patch release following v1.0.0; see git history for details.
+
+## [1.0.0] — 2026-03-12
+
+### Added
+- Initial release: DuckDB-backed knowledge graph for SQL, dbt, and sqlmesh
+  repos. MCP server with parsing, indexing, lineage, impact analysis, and
+  column tracing.
+
+[Unreleased]: https://github.com/darkcofy/sqlprism/compare/v1.2.1...HEAD
+[1.2.1]: https://github.com/darkcofy/sqlprism/compare/v1.2.0...v1.2.1
+[1.2.0]: https://github.com/darkcofy/sqlprism/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/darkcofy/sqlprism/compare/v1.0.1...v1.1.0
+[1.0.1]: https://github.com/darkcofy/sqlprism/compare/v1.0.0...v1.0.1
+[1.0.0]: https://github.com/darkcofy/sqlprism/releases/tag/v1.0.0

{sqlprism-1.2.0 → sqlprism-1.2.2}/CLAUDE.md

@@ -4,7 +4,7 @@ SQL knowledge graph MCP server — indexes SQL, dbt, and sqlmesh repos into a Du
 
 ## Quick Reference
 
-- **Language**: Python 3.12+
+- **Language**: Python 3.11+
 - **Package manager**: uv
 - **Lint**: `uv run ruff check .`
 - **Type check**: `uv run ty check`
@@ -18,7 +18,7 @@ src/sqlprism/
   core/
     graph.py       — DuckDB storage layer (MVCC, repo_type tracking)
     indexer.py      — Orchestrates parsing + indexing; file-level reindex with repo-type dispatch
-    mcp_tools.py   — MCP server tools (24 tools, non-blocking reindex, per-repo debounce)
+    mcp_tools.py   — MCP server tools (non-blocking reindex, per-repo debounce)
     conventions.py — Convention inference engine (layers, naming, references, tags, overrides)
   languages/
     sql.py         — sqlglot-based SQL parser

sqlprism-1.2.2/CONTRIBUTING.md

@@ -0,0 +1,78 @@
+# Contributing to SQLPrism
+
+Thanks for your interest. This document covers the workflow, conventions, and
+checks that apply to all changes.
+
+## Development setup
+
+Requirements:
+
+- Python 3.11+
+- [uv](https://docs.astral.sh/uv/) package manager
+
+```bash
+git clone https://github.com/darkcofy/sqlprism.git
+cd sqlprism
+uv sync
+```
+
+This installs the package and dev dependencies (pytest, ruff, ty, mkdocs) into
+a local `.venv`.
+
+## Running checks locally
+
+Every PR must pass these before it is marked ready:
+
+```bash
+uv run ruff check .       # lint
+uv run ty check           # type check
+uv run pytest tests/ -v   # tests
+```
+
+To run a single test:
+
+```bash
+uv run pytest tests/test_indexer.py::test_name -v
+```
+
+Coverage is configured with a floor of 80% (`[tool.coverage.report] fail_under`).
+
+## Branch and PR conventions
+
+Branch names follow the pattern `<type>-<issue>-<short-description>`:
+
+- `feat-11-indexer-reindex-files`
+- `fix-131-trace-cross-repo-shadow-nodes`
+- `chore-134-critical-review-fixes`
+
+Valid types:
+
+- `feat` — new functionality or enhancement
+- `fix` — bug fix
+- `chore` — maintenance, refactors, docs, hygiene
+
+PR titles should mirror the branch name style. The PR body should link the
+issue with `Closes #<number>`. Open PRs as drafts first; mark them ready once
+`ruff`, `ty`, and `pytest` all pass locally.
+
+## Issue conventions
+
+Issues use a BDD format where applicable: `Given / When / Then` scenarios
+with concrete acceptance criteria. This makes it easier to decompose an issue
+into tasks and to know when it is done.
+
+## Documentation
+
+User-facing docs live under `docs/` and are published with MkDocs Material.
+Preview locally:
+
+```bash
+uv run mkdocs serve
+```
+
+Architectural or longer-form notes can also live under `docs/architecture/`.
+
+## Reporting security issues
+
+See [SECURITY.md](SECURITY.md). Please do not file public issues for
+suspected vulnerabilities.

{sqlprism-1.2.0 → sqlprism-1.2.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sqlprism
-Version: 1.2.0
+Version: 1.2.2
 Summary: SQL codebase indexer with column-level lineage, impact analysis, and MCP server support
 Project-URL: Homepage, https://github.com/darkcofy/sqlprism
 Project-URL: Documentation, https://darkcofy.github.io/sqlprism/
@@ -74,6 +74,8 @@ uv run sqlprism reindex                 # index plain SQL repos
 
 For [dbt](https://www.getdbt.com/) and [SQLMesh](https://sqlmesh.com/) projects, use `reindex-dbt` and `reindex-sqlmesh` respectively. See the [CLI guide](https://darkcofy.github.io/sqlprism/guide/cli/) for full options.
 
+> **Prerequisite:** dbt and SQLMesh are **not** dependencies of sqlprism. The renderers shell out to `dbt compile` / `sqlmesh` inside the target project's own virtualenv (via `uv run` by default). Install the renderer in that project — for example `uv add dbt-core dbt-<adapter>` or `uv add sqlmesh` — before running `reindex-dbt` / `reindex-sqlmesh`. If the renderer is missing, sqlprism will raise a clear error pointing at the project directory.
+
 ### 3. Connect your MCP client
 
 **Claude Code:**
@@ -239,7 +241,7 @@ Full reference: [CLI guide](https://darkcofy.github.io/sqlprism/guide/cli/)
 
 Full reference: [MCP tools guide](https://darkcofy.github.io/sqlprism/guide/mcp-tools/)
 
-When running as an MCP server (`sqlprism serve`), 24 tools are exposed:
+When running as an MCP server (`sqlprism serve`), the following tools are exposed:
 
 | Tool | Description |
 |---|---|
@@ -282,7 +284,7 @@ src/sqlprism/
   core/
     graph.py            <- DuckDB storage layer (MVCC), queries, snippets, repo_type tracking
     indexer.py          <- Orchestrator: scan -> checksum -> parse -> store; file-level reindex with repo-type dispatch
-    mcp_tools.py        <- FastMCP tool definitions (24 tools, non-blocking reindex, per-repo debounce)
+    mcp_tools.py        <- FastMCP tool definitions (non-blocking reindex, per-repo debounce)
     conventions.py      <- Convention inference engine: layers, naming, references, tags, overrides
   cli.py                <- Click CLI: serve, reindex, reindex-file, reindex-sqlmesh, reindex-dbt, conventions, status, init
 ```
@@ -303,7 +305,7 @@ SQLPrism optionally integrates with [DuckPGQ](https://github.com/cwida/duckpgq)
 
 ```bash
 uv sync
-uv run pytest                          # run tests (510+ tests)
+uv run pytest                          # run tests (630+ tests)
 uv run pytest --cov=sqlprism           # run with coverage report
 uv run pytest --cov=sqlprism --cov-report=html:coverage_html  # HTML report
 ```

{sqlprism-1.2.0 → sqlprism-1.2.2}/README.md

@@ -46,6 +46,8 @@ uv run sqlprism reindex                 # index plain SQL repos
 
 For [dbt](https://www.getdbt.com/) and [SQLMesh](https://sqlmesh.com/) projects, use `reindex-dbt` and `reindex-sqlmesh` respectively. See the [CLI guide](https://darkcofy.github.io/sqlprism/guide/cli/) for full options.
 
+> **Prerequisite:** dbt and SQLMesh are **not** dependencies of sqlprism. The renderers shell out to `dbt compile` / `sqlmesh` inside the target project's own virtualenv (via `uv run` by default). Install the renderer in that project — for example `uv add dbt-core dbt-<adapter>` or `uv add sqlmesh` — before running `reindex-dbt` / `reindex-sqlmesh`. If the renderer is missing, sqlprism will raise a clear error pointing at the project directory.
+
 ### 3. Connect your MCP client
 
 **Claude Code:**
@@ -211,7 +213,7 @@ Full reference: [CLI guide](https://darkcofy.github.io/sqlprism/guide/cli/)
 
 Full reference: [MCP tools guide](https://darkcofy.github.io/sqlprism/guide/mcp-tools/)
 
-When running as an MCP server (`sqlprism serve`), 24 tools are exposed:
+When running as an MCP server (`sqlprism serve`), the following tools are exposed:
 
 | Tool | Description |
 |---|---|
@@ -254,7 +256,7 @@ src/sqlprism/
   core/
     graph.py            <- DuckDB storage layer (MVCC), queries, snippets, repo_type tracking
     indexer.py          <- Orchestrator: scan -> checksum -> parse -> store; file-level reindex with repo-type dispatch
-    mcp_tools.py        <- FastMCP tool definitions (24 tools, non-blocking reindex, per-repo debounce)
+    mcp_tools.py        <- FastMCP tool definitions (non-blocking reindex, per-repo debounce)
     conventions.py      <- Convention inference engine: layers, naming, references, tags, overrides
   cli.py                <- Click CLI: serve, reindex, reindex-file, reindex-sqlmesh, reindex-dbt, conventions, status, init
 ```
@@ -275,7 +277,7 @@ SQLPrism optionally integrates with [DuckPGQ](https://github.com/cwida/duckpgq)
 
 ```bash
 uv sync
-uv run pytest                          # run tests (510+ tests)
+uv run pytest                          # run tests (630+ tests)
 uv run pytest --cov=sqlprism           # run with coverage report
 uv run pytest --cov=sqlprism --cov-report=html:coverage_html  # HTML report
 ```

sqlprism-1.2.2/SECURITY.md

@@ -0,0 +1,42 @@
+# Security policy
+
+## Supported versions
+
+SQLPrism is pre-1.x in spirit (published as 1.x with a "Beta" development
+status). Only the latest minor release on the `main` branch receives security
+fixes.
+
+| Version | Supported |
+|---------|-----------|
+| 1.2.x   | Yes       |
+| < 1.2   | No        |
+
+## Reporting a vulnerability
+
+Please **do not** open a public GitHub issue for suspected vulnerabilities.
+
+Instead, email the maintainer at **alfjohnfred@gmail.com** with:
+
+- A description of the issue and its potential impact.
+- Steps to reproduce, or a minimal proof of concept.
+- Any relevant logs, stack traces, or affected commits.
+
+You can expect an acknowledgement within **72 hours**. If the report is
+confirmed, we will work on a fix and coordinate a release; you will be
+credited in the `CHANGELOG.md` entry unless you prefer to remain anonymous.
+
+## Scope
+
+In scope:
+
+- Arbitrary code execution, SQL injection, or path traversal in the parser,
+  indexer, CLI, or MCP server.
+- Secret leakage through logs, snippets, or the graph store.
+- Unsafe subprocess handling in the dbt / sqlmesh renderers.
+
+Out of scope:
+
+- Vulnerabilities in upstream dependencies (DuckDB, sqlglot, dbt, sqlmesh) —
+  please report those to the respective projects.
+- Findings that require the attacker to already control the machine running
+  `sqlprism serve`.

{sqlprism-1.2.0 → sqlprism-1.2.2}/docs/getting-started/installation.md

@@ -8,7 +8,7 @@
 ## Install from Source
 
 ```bash
-git clone <repo-url>
+git clone https://github.com/darkcofy/sqlprism.git
 cd sqlprism
 uv sync
 ```

{sqlprism-1.2.0 → sqlprism-1.2.2}/docs/guide/cli.md

@@ -34,7 +34,7 @@ sqlprism status [--config PATH] [--db PATH]
 
 ### `sqlprism serve`
 
-Starts the MCP server, exposing all 24 tools to any MCP client.
+Starts the MCP server, exposing all tools to any MCP client.
 
 ```bash
 sqlprism serve [--config PATH] [--db PATH] [--transport stdio|streamable-http] [--port 8000]

{sqlprism-1.2.0 → sqlprism-1.2.2}/docs/guide/mcp-tools.md

@@ -1,6 +1,6 @@
 # MCP Tools
 
-When running as an MCP server (`sqlprism serve`), 24 tools are exposed. Any MCP client (Claude Code, Claude Desktop, Cursor, Continue.dev) can call these.
+When running as an MCP server (`sqlprism serve`), the tools below are exposed. Any MCP client (Claude Code, Claude Desktop, Cursor, Continue.dev) can call these.
 
 ## Query Tools
 

{sqlprism-1.2.0 → sqlprism-1.2.2}/docs/index.md

@@ -24,7 +24,7 @@ On a 200-model SQLMesh project, a column impact query returns **75 structured re
 ## Quick Start
 
 ```bash
-git clone <repo-url> && cd sqlprism
+git clone https://github.com/darkcofy/sqlprism.git && cd sqlprism
 uv sync
 uv run sqlprism init       # creates sqlprism.yml
 # edit config to add your repos

{sqlprism-1.2.0 → sqlprism-1.2.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "sqlprism"
-version = "1.2.0"
+version = "1.2.2"
 description = "SQL codebase indexer with column-level lineage, impact analysis, and MCP server support"
 license = "Apache-2.0"
 requires-python = ">=3.11"
@@ -49,7 +49,7 @@ target-version = "py311"
 line-length = 120
 
 [tool.ruff.lint]
-select = ["E", "F", "I", "N", "W", "UP"]
+select = ["E", "F", "I", "N", "W", "UP", "B", "RUF"]
 
 [tool.pytest.ini_options]
 asyncio_mode = "auto"