Merge branch 'main' into fix/doom-loop-escalation

Author: anandgupta42

packages/drivers/src/index.ts

@@ -2,7 +2,7 @@
 export type { Connector, ConnectorResult, SchemaColumn, ConnectionConfig } from "./types"
 
 // Re-export config normalization
-export { normalizeConfig } from "./normalize"
+export { normalizeConfig, sanitizeConnectionString } from "./normalize"
 
 // Re-export driver connect functions
 export { connect as connectPostgres } from "./postgres"

packages/drivers/src/normalize.ts

@@ -111,6 +111,95 @@ const DRIVER_ALIASES: Record<string, AliasMap> = {
   // duckdb and sqlite have simple configs — no aliases needed
 }
 
+// ---------------------------------------------------------------------------
+// Connection string password encoding
+// ---------------------------------------------------------------------------
+
+/**
+ * URI-style connection strings (postgres://, mongodb://, etc.) embed
+ * credentials in the userinfo section: `scheme://user:password@host/db`.
+ * If the password contains special characters (@, #, :, /, ?, etc.) and
+ * they are NOT percent-encoded, drivers will mis-parse the URI and fail
+ * with cryptic auth errors.
+ *
+ * This function detects an unencoded password in the userinfo portion and
+ * re-encodes it so the connection string is valid.  Already-encoded
+ * passwords (containing %XX sequences) are left untouched.
+ */
+export function sanitizeConnectionString(connectionString: string): string {
+  // Only touch scheme://... URIs.
+  const schemeMatch = connectionString.match(/^[a-zA-Z][a-zA-Z0-9+.-]*:\/\//)
+  if (!schemeMatch) return connectionString
+
+  const scheme = schemeMatch[0]
+  const afterScheme = connectionString.slice(scheme.length)
+
+  // Find the userinfo/host separator. A password can legitimately contain
+  // '@', '#', '/', '?', or ':' characters, so the URI spec is ambiguous
+  // when those are unencoded. We use the LAST '@' as the separator because
+  // that correctly handles the common case of passwords with special
+  // characters (the stated purpose of this function — see issue #589).
+  //
+  // The known trade-off: if the query string or path also contains an
+  // unencoded '@' (e.g. `?email=alice@example.com`), the rightmost '@'
+  // is NOT the userinfo separator. We detect this ambiguous case below
+  // with a guard and bail to avoid corrupting the URI.
+  const lastAt = afterScheme.lastIndexOf("@")
+  if (lastAt < 0) return connectionString // No userinfo — nothing to fix
+
+  const beforeAt = afterScheme.slice(0, lastAt)
+  const afterAt = afterScheme.slice(lastAt + 1)
+
+  // Ambiguity guard: if the content AFTER the '@' has no path/query/
+  // fragment delimiter ('/', '?', or '#') but the content BEFORE the
+  // '@' does, then the '@' is almost certainly inside a path, query,
+  // or fragment — not the userinfo separator. Bail and leave the URI
+  // untouched so the caller can pre-encode explicitly.
+  //
+  // Examples that trigger the guard (correctly left alone):
+  //   postgresql://u:p@host/db?email=alice@example.com   ('@' in query)
+  //   postgresql://u:p@host:5432/db@archive              ('@' in path)
+  //   postgresql://u:p@host/db#at@frag                   ('@' in fragment)
+  //
+  // Examples that pass the guard (correctly encoded):
+  //   postgresql://u:p@ss@host/db            (last '@' has '/' after)
+  //   postgresql://u:f@ke#PLACEHOLDER@host/db (last '@' has '/' after)
+  const afterAtHasDelim = /[/?#]/.test(afterAt)
+  const beforeAtHasDelim = /[/?#]/.test(beforeAt)
+  if (!afterAtHasDelim && beforeAtHasDelim) {
+    return connectionString
+  }
+
+  // Idempotent re-encoding: decode any existing percent-escapes and
+  // re-encode. Already-encoded values round-trip unchanged; raw values
+  // with special characters get encoded. Malformed percent sequences
+  // fall back to encoding the raw input.
+  const encodeIdempotent = (v: string): string => {
+    if (v.length === 0) return v
+    try {
+      return encodeURIComponent(decodeURIComponent(v))
+    } catch {
+      return encodeURIComponent(v)
+    }
+  }
+
+  // Split userinfo on the FIRST ':' only (password may contain ':').
+  const colonIdx = beforeAt.indexOf(":")
+  let encodedUserinfo: string
+  if (colonIdx < 0) {
+    // Username-only userinfo: still encode if it contains special chars
+    // (e.g. email addresses used as usernames).
+    encodedUserinfo = encodeIdempotent(beforeAt)
+  } else {
+    const user = beforeAt.slice(0, colonIdx)
+    const password = beforeAt.slice(colonIdx + 1)
+    encodedUserinfo = `${encodeIdempotent(user)}:${encodeIdempotent(password)}`
+  }
+
+  const rebuilt = `${scheme}${encodedUserinfo}@${afterAt}`
+  return rebuilt === connectionString ? connectionString : rebuilt
+}
+
 // ---------------------------------------------------------------------------
 // Core logic
 // ---------------------------------------------------------------------------
@@ -178,6 +267,15 @@ export function normalizeConfig(config: ConnectionConfig): ConnectionConfig {
   const aliases = DRIVER_ALIASES[type]
   let result = aliases ? applyAliases(config, aliases) : { ...config }
 
+  // Sanitize connection_string: if the password contains special characters
+  // (@, #, :, /, etc.) that are not percent-encoded, URI-based drivers will
+  // mis-parse the string and fail with cryptic auth errors.  This is the
+  // single integration point — every caller of normalizeConfig() gets the
+  // fix automatically.
+  if (typeof result.connection_string === "string") {
+    result.connection_string = sanitizeConnectionString(result.connection_string)
+  }
+
   // Type-specific post-processing
   // Note: MySQL SSL fields (ssl_ca, ssl_cert, ssl_key) are NOT constructed
   // into an ssl object here. They stay as top-level fields so the credential

packages/drivers/test/clickhouse-unit.test.ts

@@ -203,6 +203,38 @@ describe("ClickHouse driver unit tests", () => {
       await connector.execute("SELECT 'it''s -- LIMIT 5' FROM t", 10)
       expect(mockQueryCalls[0].query).toContain("LIMIT 11")
     })
+
+    test("leading block comment does NOT bypass LIMIT injection", async () => {
+      mockQueryResult = [{ id: 1 }]
+      await connector.execute("/* analytics query */ SELECT * FROM t", 10)
+      expect(mockQueryCalls[0].query).toContain("LIMIT 11")
+    })
+
+    test("multi-line block comment before SELECT does NOT bypass LIMIT", async () => {
+      mockQueryResult = [{ id: 1 }]
+      await connector.execute("/*\n * Report query\n * Author: test\n */\nSELECT * FROM t", 10)
+      expect(mockQueryCalls[0].query).toContain("LIMIT 11")
+    })
+
+    test("backslash-escaped string does NOT break LIMIT check", async () => {
+      mockQueryResult = [{ id: 1 }]
+      await connector.execute("SELECT 'path\\\\to\\'s -- LIMIT 5' FROM t", 10)
+      expect(mockQueryCalls[0].query).toContain("LIMIT 11")
+    })
+
+    test("leading comment does NOT misroute SELECT as DDL", async () => {
+      mockQueryResult = [{ id: 1 }]
+      await connector.execute("-- INSERT note\nSELECT * FROM t", 10)
+      expect(mockQueryCalls.length).toBe(1)
+      expect(mockCommandCalls.length).toBe(0)
+    })
+
+    test("block comment containing DDL keyword does NOT misroute SELECT", async () => {
+      mockQueryResult = [{ id: 1 }]
+      await connector.execute("/* DROP TABLE note */ SELECT * FROM t", 10)
+      expect(mockQueryCalls.length).toBe(1)
+      expect(mockCommandCalls.length).toBe(0)
+    })
   })
 
   // --- Truncation detection ---
@@ -285,6 +317,31 @@ describe("ClickHouse driver unit tests", () => {
       const cols = await connector.describeTable("default", "t")
       expect(cols[0].nullable).toBe(false)
     })
+
+    test("LowCardinality(Nullable(FixedString(32))) IS nullable — nested inner type", async () => {
+      mockQueryResult = [{ name: "col1", type: "LowCardinality(Nullable(FixedString(32)))" }]
+      const cols = await connector.describeTable("default", "t")
+      expect(cols[0].nullable).toBe(true)
+    })
+
+    test("Map(String, Nullable(UInt32)) is NOT nullable at column level", async () => {
+      // The map values are nullable, but the column itself is not
+      mockQueryResult = [{ name: "col1", type: "Map(String, Nullable(UInt32))" }]
+      const cols = await connector.describeTable("default", "t")
+      expect(cols[0].nullable).toBe(false)
+    })
+
+    test("Tuple(Nullable(String), UInt32) is NOT nullable at column level", async () => {
+      mockQueryResult = [{ name: "col1", type: "Tuple(Nullable(String), UInt32)" }]
+      const cols = await connector.describeTable("default", "t")
+      expect(cols[0].nullable).toBe(false)
+    })
+
+    test("handles empty/missing type gracefully", async () => {
+      mockQueryResult = [{ name: "col1", type: undefined }]
+      const cols = await connector.describeTable("default", "t")
+      expect(cols[0].nullable).toBe(false)
+    })
   })
 
   // --- Connection guard ---

packages/opencode/src/altimate/observability/tracing.ts

@@ -1000,6 +1000,32 @@ export class Trace {
     }
   }
 
+  /**
+   * List traces with pagination support.
+   * Returns a page of traces plus total count for building pagination UI.
+   */
+  static async listTracesPaginated(
+    dir?: string,
+    options?: { offset?: number; limit?: number },
+  ): Promise<{
+    traces: Array<{ sessionId: string; file: string; trace: TraceFile }>
+    total: number
+    offset: number
+    limit: number
+  }> {
+    const all = await Trace.listTraces(dir)
+    const rawOffset = options?.offset ?? 0
+    const rawLimit = options?.limit ?? 20
+    const offset = Number.isFinite(rawOffset) ? Math.max(0, Math.trunc(rawOffset)) : 0
+    const limit = Number.isFinite(rawLimit) ? Math.max(1, Math.trunc(rawLimit)) : 20
+    return {
+      traces: all.slice(offset, offset + limit),
+      total: all.length,
+      offset,
+      limit,
+    }
+  }
+
   static async loadTrace(sessionId: string, dir?: string): Promise<TraceFile | null> {
     const tracesDir = dir ?? DEFAULT_TRACES_DIR
     try {

packages/opencode/src/cli/cmd/trace.ts

@@ -49,13 +49,23 @@ function truncate(str: string, len: number): string {
 }
 
 // altimate_change start — trace: list session traces (recordings/recaps of agent sessions)
-function listTraces(traces: Array<{ sessionId: string; trace: TraceFile }>, tracesDir?: string) {
-  if (traces.length === 0) {
+function listTraces(
+  traces: Array<{ sessionId: string; trace: TraceFile }>,
+  pagination: { total: number; offset: number; limit: number },
+  tracesDir?: string,
+) {
+  if (traces.length === 0 && pagination.total === 0) {
     UI.println("No traces found. Run a command with tracing enabled:")
     UI.println("  altimate-code run \"your prompt here\"")
     return
   }
 
+  if (traces.length === 0 && pagination.total > 0) {
+    UI.println(`No traces on this page (offset ${pagination.offset} past end of ${pagination.total} traces).`)
+    UI.println(UI.Style.TEXT_DIM + `Try: altimate-code trace list --offset 0 --limit ${pagination.limit}` + UI.Style.TEXT_NORMAL)
+    return
+  }
+
   // Header
   const header = [
     "DATE".padEnd(13),
@@ -97,8 +107,13 @@ function listTraces(traces: Array<{ sessionId: string; trace: TraceFile }>, trac
   }
 
   UI.empty()
-  // altimate_change start — trace: session trace messages
-  UI.println(UI.Style.TEXT_DIM + `${traces.length} trace(s) in ${Trace.getTracesDir(tracesDir)}` + UI.Style.TEXT_NORMAL)
+  // altimate_change start — trace: session trace messages with pagination footer
+  const rangeStart = pagination.offset + 1
+  const rangeEnd = pagination.offset + traces.length
+  UI.println(UI.Style.TEXT_DIM + `Showing ${rangeStart}-${rangeEnd} of ${pagination.total} trace(s) in ${Trace.getTracesDir(tracesDir)}` + UI.Style.TEXT_NORMAL)
+  if (rangeEnd < pagination.total) {
+    UI.println(UI.Style.TEXT_DIM + `Next page: altimate-code trace list --offset ${rangeEnd} --limit ${pagination.limit}` + UI.Style.TEXT_NORMAL)
+  }
   UI.println(UI.Style.TEXT_DIM + "View a trace: altimate-code trace view <session-id>" + UI.Style.TEXT_NORMAL)
   // altimate_change end
 }
@@ -134,6 +149,11 @@ export const TraceCommand = cmd({
         describe: "number of traces to show",
         default: 20,
       })
+      .option("offset", {
+        type: "number",
+        describe: "number of traces to skip (for pagination)",
+        default: 0,
+      })
       .option("live", {
         type: "boolean",
         describe: "auto-refresh the viewer as the trace updates (for in-progress sessions)",
@@ -148,8 +168,16 @@ export const TraceCommand = cmd({
     const tracesDir = (cfg as any).tracing?.dir as string | undefined
 
     if (action === "list") {
-      const traces = await Trace.listTraces(tracesDir)
-      listTraces(traces.slice(0, args.limit || 20), tracesDir)
+      // Use nullish coalescing so an explicit 0 is preserved and reaches
+      // listTracesPaginated() for clamping. `args.offset || 0` would
+      // treat `--offset 0` as unset (no semantic change, harmless), but
+      // `args.limit || 20` would promote `--limit 0` to 20 instead of
+      // letting the API clamp it to 1.
+      const page = await Trace.listTracesPaginated(tracesDir, {
+        offset: args.offset ?? 0,
+        limit: args.limit ?? 20,
+      })
+      listTraces(page.traces, page, tracesDir)
       return
     }
 
@@ -168,7 +196,7 @@ export const TraceCommand = cmd({
       if (!match) {
         UI.error(`Trace not found: ${args.id}`)
         UI.println("Available traces:")
-        listTraces(traces.slice(0, 10), tracesDir)
+        listTraces(traces.slice(0, 10), { total: traces.length, offset: 0, limit: 10 }, tracesDir)
         process.exit(1)
       }
 

packages/opencode/src/cli/cmd/tui/component/dialog-trace-list.tsx

@@ -47,7 +47,16 @@ export function DialogTraceList(props: {
     }
     // altimate_change end
 
-    const items = traces() ?? []
+    // Cap rendered items for TUI perf — DialogSelect creates reactive
+    // nodes per item via <For>, so very large trace directories
+    // (thousands of entries) can cause noticeable lag. Users with more
+    // than MAX_TUI_ITEMS traces should use `altimate-code trace list
+    // --offset N` from the CLI to navigate the full set.
+    const MAX_TUI_ITEMS = 500
+    const allItems = traces() ?? []
+    const items =
+      allItems.length > MAX_TUI_ITEMS ? allItems.slice(0, MAX_TUI_ITEMS) : allItems
+    const truncated = allItems.length > MAX_TUI_ITEMS
     const today = new Date().toDateString()
     const result: Array<{ title: string; value: string; category: string; footer: string }> = []
 
@@ -61,7 +70,7 @@ export function DialogTraceList(props: {
       })
     }
 
-    result.push(...items.slice(0, 50).map((item) => {
+    result.push(...items.map((item) => {
         const rawStartedAt = item.trace.startedAt
         const parsedDate = typeof rawStartedAt === "string" || typeof rawStartedAt === "number"
           ? new Date(rawStartedAt)
@@ -96,6 +105,16 @@ export function DialogTraceList(props: {
         }
       }))
 
+    // Append truncation hint if we capped the list
+    if (truncated) {
+      result.push({
+        title: `... ${allItems.length - MAX_TUI_ITEMS} more not shown`,
+        value: "__truncated__",
+        category: "Older",
+        footer: `Showing ${MAX_TUI_ITEMS} of ${allItems.length} — use CLI --offset to navigate`,
+      })
+    }
+
     return result
   })
 
@@ -113,7 +132,7 @@ export function DialogTraceList(props: {
       options={options()}
       current={props.currentSessionID}
       onSelect={(option) => {
-        if (option.value === "__error__") {
+        if (option.value === "__error__" || option.value === "__truncated__") {
           dialog.clear()
           return
         }