feat(prepare-db): add helper functions and per-step transactions

claude · claude · commit e3c14714393b · 2025-12-26T04:18:46.000Z
- Add postgres_ai schema for organizing our objects - Move pg_statistic view from public to postgres_ai schema - Add postgres_ai.explain_generic() function (SECURITY DEFINER) for collecting generic query plans with optional HypoPG index testing - Update search_path to include postgres_ai first - Change transaction model to wrap each step in its own begin/commit instead of grouping non-optional steps in a single transaction - Update verification to check for postgres_ai schema and new function Relates to: https://gitlab.com/postgres-ai/postgres_ai/-/issues/68
diff --git a/cli/lib/init.ts b/cli/lib/init.ts
@@ -485,6 +485,12 @@ end $$;`;
     sql: applyTemplate(loadSqlTemplate("02.permissions.sql"), vars),
   });
 
+  // Helper functions (SECURITY DEFINER) for plan analysis and table info
+  steps.push({
+    name: "05.helpers",
+    sql: applyTemplate(loadSqlTemplate("05.helpers.sql"), vars),
+  });
+
   if (params.includeOptionalPermissions) {
     steps.push(
       {
@@ -511,78 +517,70 @@ export async function applyInitPlan(params: {
   const applied: string[] = [];
   const skippedOptional: string[] = [];
 
-  // Apply non-optional steps in a single transaction.
-  await params.client.query("begin;");
-  try {
-    for (const step of params.plan.steps.filter((s) => !s.optional)) {
+  // Helper to wrap a step execution in begin/commit
+  const executeStep = async (step: InitStep): Promise<void> => {
+    await params.client.query("begin;");
+    try {
+      await params.client.query(step.sql, step.params as any);
+      await params.client.query("commit;");
+    } catch (e) {
+      // Rollback errors should never mask the original failure.
       try {
-        await params.client.query(step.sql, step.params as any);
-        applied.push(step.name);
-      } catch (e) {
-        const msg = e instanceof Error ? e.message : String(e);
-        const errAny = e as any;
-        const wrapped: any = new Error(`Failed at step "${step.name}": ${msg}`);
-        // Preserve useful Postgres error fields so callers can provide better hints / diagnostics.
-        const pgErrorFields = [
-          "code",
-          "detail",
-          "hint",
-          "position",
-          "internalPosition",
-          "internalQuery",
-          "where",
-          "schema",
-          "table",
-          "column",
-          "dataType",
-          "constraint",
-          "file",
-          "line",
-          "routine",
-        ] as const;
-        if (errAny && typeof errAny === "object") {
-          for (const field of pgErrorFields) {
-            if (errAny[field] !== undefined) wrapped[field] = errAny[field];
-          }
-        }
-        if (e instanceof Error && e.stack) {
-          wrapped.stack = e.stack;
-        }
-        throw wrapped;
+        await params.client.query("rollback;");
+      } catch {
+        // ignore
       }
+      throw e;
     }
-    await params.client.query("commit;");
-  } catch (e) {
-    // Rollback errors should never mask the original failure.
+  };
+
+  // Apply non-optional steps, each in its own transaction
+  for (const step of params.plan.steps.filter((s) => !s.optional)) {
     try {
-      await params.client.query("rollback;");
-    } catch {
-      // ignore
+      await executeStep(step);
+      applied.push(step.name);
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      const errAny = e as any;
+      const wrapped: any = new Error(`Failed at step "${step.name}": ${msg}`);
+      // Preserve useful Postgres error fields so callers can provide better hints / diagnostics.
+      const pgErrorFields = [
+        "code",
+        "detail",
+        "hint",
+        "position",
+        "internalPosition",
+        "internalQuery",
+        "where",
+        "schema",
+        "table",
+        "column",
+        "dataType",
+        "constraint",
+        "file",
+        "line",
+        "routine",
+      ] as const;
+      if (errAny && typeof errAny === "object") {
+        for (const field of pgErrorFields) {
+          if (errAny[field] !== undefined) wrapped[field] = errAny[field];
+        }
+      }
+      if (e instanceof Error && e.stack) {
+        wrapped.stack = e.stack;
+      }
+      throw wrapped;
     }
-    throw e;
   }
 
-  // Apply optional steps outside of the transaction so a failure doesn't abort everything.
+  // Apply optional steps, each in its own transaction (failure doesn't abort)
   for (const step of params.plan.steps.filter((s) => s.optional)) {
     try {
-      // Run each optional step in its own mini-transaction to avoid partial application.
-      await params.client.query("begin;");
-      try {
-        await params.client.query(step.sql, step.params as any);
-        await params.client.query("commit;");
-        applied.push(step.name);
-      } catch {
-        try {
-          await params.client.query("rollback;");
-        } catch {
-          // ignore rollback errors
-        }
-        skippedOptional.push(step.name);
-        // best-effort: ignore
-      }
+      await executeStep(step);
+      applied.push(step.name);
     } catch {
-      // If we can't even begin/commit, treat as skipped.
       skippedOptional.push(step.name);
+      // best-effort: ignore
     }
   }
 
@@ -642,16 +640,25 @@ export async function verifyInitSetup(params: {
       missingRequired.push("SELECT on pg_catalog.pg_index");
     }
 
-    const viewExistsRes = await params.client.query("select to_regclass('public.pg_statistic') is not null as ok");
+    // Check postgres_ai schema exists and is usable
+    const schemaExistsRes = await params.client.query(
+      "select has_schema_privilege($1, 'postgres_ai', 'USAGE') as ok",
+      [role]
+    );
+    if (!schemaExistsRes.rows?.[0]?.ok) {
+      missingRequired.push("USAGE on schema postgres_ai");
+    }
+
+    const viewExistsRes = await params.client.query("select to_regclass('postgres_ai.pg_statistic') is not null as ok");
     if (!viewExistsRes.rows?.[0]?.ok) {
-      missingRequired.push("view public.pg_statistic exists");
+      missingRequired.push("view postgres_ai.pg_statistic exists");
     } else {
       const viewPrivRes = await params.client.query(
-        "select has_table_privilege($1, 'public.pg_statistic', 'SELECT') as ok",
+        "select has_table_privilege($1, 'postgres_ai.pg_statistic', 'SELECT') as ok",
         [role]
       );
       if (!viewPrivRes.rows?.[0]?.ok) {
-        missingRequired.push("SELECT on view public.pg_statistic");
+        missingRequired.push("SELECT on view postgres_ai.pg_statistic");
       }
     }
 
@@ -669,13 +676,22 @@ export async function verifyInitSetup(params: {
     if (typeof spLine !== "string" || !spLine) {
       missingRequired.push("role search_path is set");
     } else {
-      // We accept any ordering as long as public and pg_catalog are included.
+      // We accept any ordering as long as postgres_ai, public, and pg_catalog are included.
       const sp = spLine.toLowerCase();
-      if (!sp.includes("public") || !sp.includes("pg_catalog")) {
-        missingRequired.push("role search_path includes public and pg_catalog");
+      if (!sp.includes("postgres_ai") || !sp.includes("public") || !sp.includes("pg_catalog")) {
+        missingRequired.push("role search_path includes postgres_ai, public and pg_catalog");
       }
     }
 
+    // Check for explain_generic helper function
+    const explainFnRes = await params.client.query(
+      "select has_function_privilege($1, 'postgres_ai.explain_generic(text, text, text)', 'EXECUTE') as ok",
+      [role]
+    );
+    if (!explainFnRes.rows?.[0]?.ok) {
+      missingRequired.push("EXECUTE on postgres_ai.explain_generic(text, text, text)");
+    }
+
     if (params.includeOptionalPermissions) {
       // Optional RDS/Aurora extras
       {
diff --git a/cli/sql/02.permissions.sql b/cli/sql/02.permissions.sql
@@ -7,8 +7,12 @@ grant connect on database {{DB_IDENT}} to {{ROLE_IDENT}};
 grant pg_monitor to {{ROLE_IDENT}};
 grant select on pg_catalog.pg_index to {{ROLE_IDENT}};
 
--- Optional, for bloat analysis: expose pg_statistic via a view
-create or replace view public.pg_statistic as
+-- Create postgres_ai schema for our objects
+create schema if not exists postgres_ai;
+grant usage on schema postgres_ai to {{ROLE_IDENT}};
+
+-- For bloat analysis: expose pg_statistic via a view
+create or replace view postgres_ai.pg_statistic as
 select
     n.nspname as schemaname,
     c.relname as tablename,
@@ -22,12 +26,12 @@ join pg_catalog.pg_namespace n on n.oid = c.relnamespace
 join pg_catalog.pg_attribute a on a.attrelid = s.starelid and a.attnum = s.staattnum
 where a.attnum > 0 and not a.attisdropped;
 
-grant select on public.pg_statistic to {{ROLE_IDENT}};
+grant select on postgres_ai.pg_statistic to {{ROLE_IDENT}};
 
 -- Hardened clusters sometimes revoke PUBLIC on schema public
 grant usage on schema public to {{ROLE_IDENT}};
 
--- Keep search_path predictable
-alter user {{ROLE_IDENT}} set search_path = "$user", public, pg_catalog;
+-- Keep search_path predictable; postgres_ai first so our objects are found
+alter user {{ROLE_IDENT}} set search_path = postgres_ai, "$user", public, pg_catalog;
 
 
diff --git a/cli/sql/05.helpers.sql b/cli/sql/05.helpers.sql
@@ -0,0 +1,109 @@
+-- Helper functions for postgres_ai monitoring user (template-filled by cli/lib/init.ts)
+-- These functions use SECURITY DEFINER to allow the monitoring user to perform
+-- operations they don't have direct permissions for.
+
+/*
+ * pgai_explain_generic
+ *
+ * Function to get generic explain plans with optional HypoPG index testing.
+ * Requires: PostgreSQL 16+ (for generic_plan option), HypoPG extension (optional).
+ *
+ * Usage examples:
+ *   -- Basic generic plan
+ *   select postgres_ai.explain_generic('select * from users where id = $1');
+ *
+ *   -- JSON format
+ *   select postgres_ai.explain_generic('select * from users where id = $1', 'json');
+ *
+ *   -- Test a hypothetical index
+ *   select postgres_ai.explain_generic(
+ *     'select * from users where email = $1',
+ *     'text',
+ *     'create index on users (email)'
+ *   );
+ */
+create or replace function postgres_ai.explain_generic(
+  in query text,
+  in format text default 'text',
+  in hypopg_index text default null,
+  out result text
+)
+language plpgsql
+security definer
+set search_path = pg_catalog, public
+as $$
+declare
+  v_line record;
+  v_lines text[] := '{}';
+  v_explain_query text;
+  v_hypo_result record;
+  v_version int;
+  v_hypopg_available boolean;
+begin
+  -- Check PostgreSQL version (generic_plan requires 16+)
+  select current_setting('server_version_num')::int into v_version;
+
+  if v_version < 160000 then
+    raise exception 'generic_plan requires PostgreSQL 16+, current version: %',
+      current_setting('server_version');
+  end if;
+
+  -- Check if HypoPG extension is available
+  if hypopg_index is not null then
+    select exists(
+      select 1 from pg_extension where extname = 'hypopg'
+    ) into v_hypopg_available;
+
+    if not v_hypopg_available then
+      raise exception 'HypoPG extension is required for hypothetical index testing but is not installed';
+    end if;
+
+    -- Create hypothetical index
+    select * into v_hypo_result from hypopg_create_index(hypopg_index);
+    raise notice 'Created hypothetical index: % (oid: %)',
+      v_hypo_result.indexname, v_hypo_result.indexrelid;
+  end if;
+
+  -- Build and execute explain query based on format
+  begin
+    if lower(format) = 'json' then
+      v_explain_query := 'explain (verbose, settings, generic_plan, format json) ' || query;
+      execute v_explain_query into result;
+    else
+      v_explain_query := 'explain (verbose, settings, generic_plan) ' || query;
+
+      for v_line in execute v_explain_query loop
+        v_lines := array_append(v_lines, v_line."QUERY PLAN");
+      end loop;
+
+      result := array_to_string(v_lines, e'\n');
+    end if;
+  exception when others then
+    -- Clean up hypothetical index before re-raising
+    if hypopg_index is not null then
+      perform hypopg_reset();
+    end if;
+    raise;
+  end;
+
+  -- Clean up hypothetical index
+  if hypopg_index is not null then
+    perform hypopg_reset();
+  end if;
+end;
+$$;
+
+comment on function postgres_ai.explain_generic(text, text, text) is
+  'Returns generic EXPLAIN plan with optional HypoPG index testing (requires PG16+)';
+
+-- Grant execute to the monitoring user
+grant execute on function postgres_ai.explain_generic(text, text, text) to {{ROLE_IDENT}};
+
+-- Placeholder for table info collection function (to be implemented separately)
+-- This will collect information about a specified table including:
+-- - Table structure (columns, types, constraints)
+-- - Index information
+-- - Statistics
+-- - Size information
+
+
diff --git a/cli/test/init.test.cjs b/cli/test/init.test.cjs
