docs(plans): phased plan for de-vendoring the SQL-safety kernel (18.1)#258
Merged
Conversation
Plan-first per roadmap 18.1. Recon against the tree found: - bind_params.py / extension_utils.py / index.py (~1,114 LOC) are dead — no consumer outside _vendor/ — so they're deleted, not re-implemented. - The real rebuild is safe_sql.py (pglast allowlist validator) + sql_driver.py (SqlDriver / DbConnPool / obfuscate_password). - The consumer seam is 4 names across ~74 files, so the swap is stable- seam + mechanical import rewrite; tool snapshots stay unchanged. Plan proposes 2 large PRs (parity-first additive kernel, then swing + delete + close the _vendor quality-gate carve-outs + ADR/doc updates), with the 760-LOC adversarial test_safe_sql.py as the acceptance spec. Linked from feature-shortlist 18.1. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0122yLZLJ8t4W43sdN6BmTZc
…plan - Re-architecture: split the first-party kernel into driver / allowlist (policy-as-data) / safety modules — policy separated from mechanism so the security surface is auditable in one table. Behaviour stays identical (faithful re-author), pinned by the adversarial suite. - Security-review gate (mandatory, between PR 1 and PR 2): differential accept/reject verdict test old-vs-new (0 divergence), allowlist audit vs threat model, fuzz pass, /security-review, threat-model note in the new ADR. The kernel does not swing live on a green suite alone. - DoD updated to require the re-architecture + the security sign-off. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0122yLZLJ8t4W43sdN6BmTZc
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive plan for de-vendoring the SQL-safety kernel and replacing it with a first-party implementation. It updates the feature shortlist with a phased plan link and adds a detailed planning document (docs/plans/devendor-sql-kernel.md) outlining the target design, re-architecture, security-review gates, and testing strategy. No review comments were provided, so there is no feedback to address.
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The plan doc is very detailed; consider adding a short TL;DR section up top (bulleted timeline + key constraints) so future readers can quickly orient before diving into the full narrative.
- In the "Security-review gate" section, it may help to explicitly assign ownership (role/team) and success criteria for each step (e.g., who runs
/security-review, who signs off on the allowlist audit) so this process is operationally actionable rather than aspirational.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The plan doc is very detailed; consider adding a short TL;DR section up top (bulleted timeline + key constraints) so future readers can quickly orient before diving into the full narrative.
- In the "Security-review gate" section, it may help to explicitly assign ownership (role/team) and success criteria for each step (e.g., who runs `/security-review`, who signs off on the allowlist audit) so this process is operationally actionable rather than aspirational.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Plan-first deliverable for roadmap 18.1 — replace the vendored
crystaldba/postgres-mcpSQL-safety kernel (src/mcpg/_vendor/sql/) with a first-party implementation MCPg owns, removing the last vendored runtime code.Recon against the tree found the effort is smaller and safer than the roadmap entry assumed:
bind_params.py/extension_utils.py/index.py(~1,114 LOC) are dead — no consumer outside_vendor/— so they're deleted, not rebuilt.safe_sql.py(pglast allowlist validator) +sql_driver.py(SqlDriver/DbConnPool/obfuscate_password).The plan proposes 2 large PRs with a mandatory security-review gate between them:
mcpg.sql(re-architected intodriver/allowlist-as-data /safety) + port the 760-LOC adversarial suite against it, proving parity while_vendor/stays live._vendor/+tests/vendor/wholesale, remove the 5 quality-gate carve-outs (so the allowlist finally gets coverage +mypy --strict+ bandit), regen the module map, supersede ADR-0001 with a new ADR.Security-review gate (before PR 2): differential accept/reject verdict test old-vs-new (0 divergence), allowlist audit vs threat model, fuzz pass,
/security-review, threat-model note in the new ADR.Roadmap linkage
Advances roadmap row: 18.1 (planning artifact; linked from
docs/feature-shortlist.md§18).Checklist
src/mcpg/_vendor/🤖 Generated with Claude Code
Generated by Claude Code
Summary by Sourcery
Document a phased plan to replace the vendored SQL-safety kernel with a first-party implementation and link it into the feature roadmap.
Documentation: