feat(db): add --db-url flag to db advisors command

Adds the --db-url flag to db advisors, matching the pattern used by
other db commands (lint, diff, dump, etc.). Switches from a dedicated
bool to the standard flag.Changed detection for --linked routing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Rodriguespn

cmd/db.go

@@ -258,14 +258,12 @@ var (
 		Value:   "none",
 	}
 
-	advisorLinked bool
-
 	dbAdvisorsCmd = &cobra.Command{
 		Use:   "advisors",
 		Short: "Checks database for security and performance issues",
 		Long:  "Inspects the database for common security and performance issues such as missing RLS policies, unindexed foreign keys, exposed auth.users, and more.",
 		PreRunE: func(cmd *cobra.Command, args []string) error {
-			if advisorLinked {
+			if flag := cmd.Flags().Lookup("linked"); flag != nil && flag.Changed {
 				fsys := afero.NewOsFs()
 				if _, err := utils.LoadAccessTokenFS(fsys); err != nil {
 					utils.CmdSuggestion = fmt.Sprintf("Run %s first.", utils.Aqua("supabase login"))
@@ -276,7 +274,7 @@ var (
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if advisorLinked {
+			if flag := cmd.Flags().Lookup("linked"); flag != nil && flag.Changed {
 				return advisors.RunLinked(cmd.Context(), advisorType.Value, advisorLevel.Value, advisorFailOn.Value, flags.ProjectRef)
 			}
 			return advisors.RunLocal(cmd.Context(), advisorType.Value, advisorLevel.Value, advisorFailOn.Value, flags.DbConfig)
@@ -393,9 +391,10 @@ func init() {
 	dbTestCmd.MarkFlagsMutuallyExclusive("db-url", "linked", "local")
 	// Build advisors command
 	advisorsFlags := dbAdvisorsCmd.Flags()
-	advisorsFlags.BoolVar(&advisorLinked, "linked", false, "Checks the linked project for issues.")
+	advisorsFlags.String("db-url", "", "Checks the database specified by the connection string (must be percent-encoded).")
+	advisorsFlags.Bool("linked", false, "Checks the linked project for issues.")
 	advisorsFlags.Bool("local", true, "Checks the local database for issues.")
-	dbAdvisorsCmd.MarkFlagsMutuallyExclusive("linked", "local")
+	dbAdvisorsCmd.MarkFlagsMutuallyExclusive("db-url", "linked", "local")
 	advisorsFlags.Var(&advisorType, "type", "Type of advisors to check: all, security, performance.")
 	advisorsFlags.Var(&advisorLevel, "level", "Minimum issue level to display: info, warn, error.")
 	advisorsFlags.Var(&advisorFailOn, "fail-on", "Issue level to exit with non-zero status: none, info, warn, error.")

internal/db/advisors/advisors_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/h2non/gock"
+	"github.com/jackc/pgconn"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/supabase/cli/internal/testing/apitest"
@@ -16,6 +17,14 @@ import (
 	"github.com/supabase/cli/pkg/pgtest"
 )
 
+var dbConfig = pgconn.Config{
+	Host:     "127.0.0.1",
+	Port:     5432,
+	User:     "admin",
+	Password: "password",
+	Database: "postgres",
+}
+
 func TestQueryLints(t *testing.T) {
 	t.Run("parses lint results from local database", func(t *testing.T) {
 		utils.Config.Hostname = "127.0.0.1"
@@ -299,3 +308,70 @@ func TestFetchLinkedAdvisors(t *testing.T) {
 		assert.Error(t, err)
 	})
 }
+
+func TestRunLocalWithDbUrl(t *testing.T) {
+	t.Run("runs advisors against custom db-url", func(t *testing.T) {
+		utils.Config.Hostname = "127.0.0.1"
+		utils.Config.Db.Port = 5432
+
+		conn := pgtest.NewConn()
+		defer conn.Close(t)
+		conn.Query("begin").Reply("BEGIN").
+			Query(lintsSQL).
+			Reply("SELECT 1",
+				[]any{
+					"rls_disabled_in_public",
+					"RLS disabled in public",
+					"ERROR",
+					"EXTERNAL",
+					[]string{"SECURITY"},
+					"Detects tables in the public schema without RLS.",
+					"Table public.users has RLS disabled",
+					"https://supabase.com/docs/guides/database/database-linter?lint=0013_rls_disabled_in_public",
+					[]byte(`{"schema":"public","name":"users","type":"table"}`),
+					"rls_disabled_in_public_public_users",
+				},
+			).
+			Query("rollback").Reply("ROLLBACK")
+
+		err := RunLocal(context.Background(), "all", "info", "none", dbConfig, conn.Intercept)
+		assert.NoError(t, err)
+	})
+
+	t.Run("returns no issues for empty results", func(t *testing.T) {
+		conn := pgtest.NewConn()
+		defer conn.Close(t)
+		conn.Query("begin").Reply("BEGIN").
+			Query(lintsSQL).
+			Reply("SELECT 0").
+			Query("rollback").Reply("ROLLBACK")
+
+		err := RunLocal(context.Background(), "all", "info", "none", dbConfig, conn.Intercept)
+		assert.NoError(t, err)
+	})
+
+	t.Run("fails on error level when fail-on is set", func(t *testing.T) {
+		conn := pgtest.NewConn()
+		defer conn.Close(t)
+		conn.Query("begin").Reply("BEGIN").
+			Query(lintsSQL).
+			Reply("SELECT 1",
+				[]any{
+					"rls_disabled_in_public",
+					"RLS disabled in public",
+					"ERROR",
+					"EXTERNAL",
+					[]string{"SECURITY"},
+					"Detects tables in the public schema without RLS.",
+					"Table public.users has RLS disabled",
+					"https://supabase.com/docs",
+					[]byte(`{}`),
+					"test_key",
+				},
+			).
+			Query("rollback").Reply("ROLLBACK")
+
+		err := RunLocal(context.Background(), "all", "info", "error", dbConfig, conn.Intercept)
+		assert.ErrorContains(t, err, "fail-on is set to error")
+	})
+}