fix: address all code review feedback for VSCode extension

Ajit Pratap Singh · claude · Ajit Pratap Singh · commit 368df3d5cd66 · 2025-11-27T00:28:40.000+05:30
Security & Reliability fixes: - Use stdin for SQL content in analyzeCommand (prevents cmd line injection/length issues) - Add executable validation before LSP server start - Add LSP server retry mechanism with exponential backoff (3 retries) - Add 30-second timeout for analyze command to prevent hanging - Increase output buffer to 5MB for large analysis results UX improvements: - Improve validateCommand with proper diagnostic counting - Show progress indicator during analysis - Better status bar feedback (error/retry/running states) - Open Problems panel when validation finds issues - Remove broken image reference from README - Update license reference to AGPL-3.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/vscode-extension/README.md b/vscode-extension/README.md
@@ -5,9 +5,7 @@ High-performance SQL parsing, validation, formatting, and analysis powered by [G
 ## Features
 
 ### Real-time SQL Validation
-Get instant feedback on SQL syntax errors as you type. Errors are highlighted directly in the editor with detailed messages.
-
-![Validation](images/validation.gif)
+Get instant feedback on SQL syntax errors as you type. Errors are highlighted directly in the editor with detailed messages in the Problems panel.
 
 ### SQL Formatting
 Format your SQL code with customizable indentation and keyword casing.
@@ -118,7 +116,7 @@ Contributions are welcome! Please see our [Contributing Guide](https://github.co
 
 ## License
 
-MIT License - see [LICENSE](https://github.com/ajitpratap0/GoSQLX/blob/main/LICENSE)
+GNU Affero General Public License v3.0 (AGPL-3.0) - see [LICENSE](https://github.com/ajitpratap0/GoSQLX/blob/main/LICENSE)
 
 ## Release Notes
 
diff --git a/vscode-extension/src/extension.ts b/vscode-extension/src/extension.ts
@@ -62,9 +62,45 @@ export async function activate(context: vscode.ExtensionContext): Promise<void>
     outputChannel.appendLine('GoSQLX extension activated');
 }
 
-async function startLanguageServer(context: vscode.ExtensionContext): Promise<void> {
+// Validate that the gosqlx executable exists and is runnable
+async function validateExecutable(executablePath: string): Promise<boolean> {
+    return new Promise<boolean>((resolve) => {
+        const child = spawn(executablePath, ['--version'], { stdio: 'pipe' });
+        const timeout = setTimeout(() => {
+            child.kill();
+            resolve(false);
+        }, 5000); // 5 second timeout
+
+        child.on('close', (code) => {
+            clearTimeout(timeout);
+            resolve(code === 0);
+        });
+
+        child.on('error', () => {
+            clearTimeout(timeout);
+            resolve(false);
+        });
+    });
+}
+
+async function startLanguageServer(context: vscode.ExtensionContext, retryCount: number = 0): Promise<void> {
     const config = vscode.workspace.getConfiguration('gosqlx');
     const executablePath = config.get<string>('executablePath', 'gosqlx');
+    const maxRetries = 3;
+
+    // Validate executable before starting
+    const isValid = await validateExecutable(executablePath);
+    if (!isValid) {
+        const message = `GoSQLX executable not found or not working: ${executablePath}`;
+        outputChannel.appendLine(message);
+        vscode.window.showErrorMessage(
+            `${message}. Please install gosqlx: go install github.com/ajitpratap0/GoSQLX/cmd/gosqlx@latest`
+        );
+        statusBarItem.text = '$(error) GoSQLX';
+        statusBarItem.tooltip = 'GoSQLX: Executable not found';
+        statusBarItem.show();
+        return;
+    }
 
     // Server options - spawn the gosqlx lsp command
     // Use cross-platform temp directory for debug logs
@@ -113,17 +149,34 @@ async function startLanguageServer(context: vscode.ExtensionContext): Promise<vo
 
     try {
         await client.start();
+        statusBarItem.text = '$(database) GoSQLX';
+        statusBarItem.tooltip = 'GoSQLX Language Server - Running';
         statusBarItem.show();
         outputChannel.appendLine('GoSQLX Language Server started successfully');
         vscode.window.showInformationMessage('GoSQLX Language Server started');
     } catch (error) {
         const message = error instanceof Error ? error.message : String(error);
         outputChannel.appendLine(`Failed to start GoSQLX Language Server: ${message}`);
+
+        // Retry logic
+        if (retryCount < maxRetries) {
+            const retryDelay = Math.pow(2, retryCount) * 1000; // Exponential backoff
+            outputChannel.appendLine(`Retrying in ${retryDelay / 1000} seconds... (attempt ${retryCount + 1}/${maxRetries})`);
+            statusBarItem.text = '$(sync~spin) GoSQLX';
+            statusBarItem.tooltip = `GoSQLX: Retrying... (${retryCount + 1}/${maxRetries})`;
+            statusBarItem.show();
+
+            await new Promise(resolve => setTimeout(resolve, retryDelay));
+            return startLanguageServer(context, retryCount + 1);
+        }
+
         vscode.window.showErrorMessage(
-            `Failed to start GoSQLX Language Server: ${message}. ` +
+            `Failed to start GoSQLX Language Server after ${maxRetries} attempts: ${message}. ` +
             'Make sure gosqlx is installed and in your PATH.'
         );
-        statusBarItem.hide();
+        statusBarItem.text = '$(error) GoSQLX';
+        statusBarItem.tooltip = 'GoSQLX: Failed to start';
+        statusBarItem.show();
     }
 }
 
@@ -166,27 +219,44 @@ async function validateCommand(): Promise<void> {
     outputChannel.appendLine(`Validating: ${uri.fsPath}`);
 
     try {
-        // Force re-validation by making a small edit and undoing it
-        // This triggers the LSP to re-analyze the document
-        const document = editor.document;
-
-        // Alternative: Request diagnostics refresh if the LSP supports it
-        // Send a didChange notification to trigger revalidation
-        await vscode.commands.executeCommand('editor.action.triggerSuggest');
-        await new Promise(resolve => setTimeout(resolve, 100));
+        // Force document sync by saving if dirty, or touch the document
+        if (editor.document.isDirty) {
+            // If document has unsaved changes, the LSP should already have diagnostics
+            // Just wait a moment for any pending diagnostics
+            await new Promise(resolve => setTimeout(resolve, 200));
+        }
 
         // Get current diagnostics for the document
         const diagnostics = vscode.languages.getDiagnostics(uri);
-        const sqlDiagnostics = diagnostics.filter(d => d.source === 'gosqlx' || d.source === 'GoSQLX');
+        const sqlDiagnostics = diagnostics.filter(d =>
+            d.source === 'gosqlx' || d.source === 'GoSQLX' || d.source === undefined
+        );
 
         if (sqlDiagnostics.length === 0) {
             vscode.window.showInformationMessage('SQL validation complete. No issues found.');
         } else {
             const errorCount = sqlDiagnostics.filter(d => d.severity === vscode.DiagnosticSeverity.Error).length;
             const warningCount = sqlDiagnostics.filter(d => d.severity === vscode.DiagnosticSeverity.Warning).length;
-            vscode.window.showWarningMessage(
-                `SQL validation found ${errorCount} error(s) and ${warningCount} warning(s). Check the Problems panel.`
-            );
+            const infoCount = sqlDiagnostics.length - errorCount - warningCount;
+
+            let message = 'SQL validation complete: ';
+            const parts: string[] = [];
+            if (errorCount > 0) { parts.push(`${errorCount} error(s)`); }
+            if (warningCount > 0) { parts.push(`${warningCount} warning(s)`); }
+            if (infoCount > 0) { parts.push(`${infoCount} info`); }
+
+            if (parts.length === 0) {
+                vscode.window.showInformationMessage('SQL validation complete. No issues found.');
+            } else if (errorCount > 0) {
+                vscode.window.showErrorMessage(`${message}${parts.join(', ')}. Check the Problems panel.`);
+            } else {
+                vscode.window.showWarningMessage(`${message}${parts.join(', ')}. Check the Problems panel.`);
+            }
+        }
+
+        // Focus the Problems panel if there are issues
+        if (sqlDiagnostics.length > 0) {
+            await vscode.commands.executeCommand('workbench.actions.view.problems');
         }
     } catch (error) {
         const message = error instanceof Error ? error.message : String(error);
@@ -228,61 +298,84 @@ async function analyzeCommand(): Promise<void> {
     const config = vscode.workspace.getConfiguration('gosqlx');
     const executablePath = config.get<string>('executablePath', 'gosqlx');
 
-    try {
-        // Use spawn with argument array to prevent command injection
-        const result = await new Promise<{ stdout: string; stderr: string }>((resolve, reject) => {
-            const child = spawn(executablePath, ['analyze', text]);
-
-            let stdout = '';
-            let stderr = '';
-            let outputSize = 0;
-            const maxSize = 1024 * 1024; // 1MB limit
-
-            if (child.stdout) {
-                child.stdout.on('data', (data: Buffer) => {
-                    outputSize += data.length;
-                    if (outputSize < maxSize) {
-                        stdout += data.toString();
+    // Show progress indicator
+    await vscode.window.withProgress({
+        location: vscode.ProgressLocation.Notification,
+        title: 'Analyzing SQL...',
+        cancellable: false
+    }, async () => {
+        try {
+            // Use stdin to send SQL content - safer than command line arguments
+            const result = await new Promise<{ stdout: string; stderr: string }>((resolve, reject) => {
+                const child = spawn(executablePath, ['analyze'], {
+                    stdio: ['pipe', 'pipe', 'pipe']
+                });
+
+                let stdout = '';
+                let stderr = '';
+                let outputSize = 0;
+                const maxSize = 5 * 1024 * 1024; // 5MB limit for large analysis results
+
+                // Set a timeout to prevent hanging
+                const timeout = setTimeout(() => {
+                    child.kill();
+                    reject(new Error('Analysis timed out after 30 seconds'));
+                }, 30000);
+
+                if (child.stdout) {
+                    child.stdout.on('data', (data: Buffer) => {
+                        outputSize += data.length;
+                        if (outputSize < maxSize) {
+                            stdout += data.toString();
+                        }
+                    });
+                }
+
+                if (child.stderr) {
+                    child.stderr.on('data', (data: Buffer) => {
+                        stderr += data.toString();
+                    });
+                }
+
+                child.on('close', (code: number | null) => {
+                    clearTimeout(timeout);
+                    if (code === 0 || code === null) {
+                        resolve({ stdout, stderr });
+                    } else {
+                        reject(new Error(`Process exited with code ${code}: ${stderr || 'Unknown error'}`));
                     }
                 });
-            }
 
-            if (child.stderr) {
-                child.stderr.on('data', (data: Buffer) => {
-                    stderr += data.toString();
+                child.on('error', (err: Error) => {
+                    clearTimeout(timeout);
+                    reject(err);
                 });
-            }
 
-            child.on('close', (code: number | null) => {
-                if (code === 0 || code === null) {
-                    resolve({ stdout, stderr });
-                } else {
-                    reject(new Error(`Process exited with code ${code}: ${stderr}`));
+                // Send SQL content via stdin - avoids command line length limits and injection risks
+                if (child.stdin) {
+                    child.stdin.write(text);
+                    child.stdin.end();
                 }
             });
 
-            child.on('error', (err: Error) => {
-                reject(err);
+            if (result.stderr) {
+                outputChannel.appendLine(`Analysis stderr: ${result.stderr}`);
+            }
+
+            // Show analysis results in a new document
+            const doc = await vscode.workspace.openTextDocument({
+                content: result.stdout || 'No analysis output',
+                language: 'markdown'
             });
-        });
+            await vscode.window.showTextDocument(doc, { preview: true });
 
-        if (result.stderr) {
-            outputChannel.appendLine(`Analysis stderr: ${result.stderr}`);
+            outputChannel.appendLine(`Analyzed: ${editor.document.uri.fsPath}`);
+        } catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            vscode.window.showErrorMessage(`Analysis failed: ${message}`);
+            outputChannel.appendLine(`Analysis error: ${message}`);
         }
-
-        // Show analysis results in a new document
-        const doc = await vscode.workspace.openTextDocument({
-            content: result.stdout || 'No analysis output',
-            language: 'markdown'
-        });
-        await vscode.window.showTextDocument(doc, { preview: true });
-
-        outputChannel.appendLine(`Analyzed: ${editor.document.uri.fsPath}`);
-    } catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        vscode.window.showErrorMessage(`Analysis failed: ${message}`);
-        outputChannel.appendLine(`Analysis error: ${message}`);
-    }
+    });
 }
 
 export async function deactivate(): Promise<void> {
