Release/260330

[codeErrorSleep]

Summary by CodeRabbit

Release Notes

• New Features

  • Added multi-platform build support (Linux, macOS, Windows).
  • Enhanced connection string parsing to respect embedded host:port notation.

• Bug Fixes

  • Improved MySQL connection resilience with fallback for environments with prepared statement protocol limitations.

• Improvements

  • Expanded integration testing coverage for MariaDB, ClickHouse, MSSQL, DuckDB, and SQLite databases.
  • Restructured CI pipeline for faster feedback and more granular quality gates.

• Chores

  • Bumped version to 0.3.1.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR establishes a comprehensive multi-layered testing and CI/CD infrastructure for DbPaw. It introduces restructured GitHub Actions workflows with parallel job execution, adds new test orchestration scripts (test:smoke, test:ci), implements database-specific integration test suites for ClickHouse/MariaDB/MSSQL/DuckDB/SQLite, fixes embedded port parsing and MySQL prepared-statement fallback behavior, updates development/contribution documentation, and bumps the version to 0.3.1.

Changes

Cohort / File(s)	Summary
CI/CD Workflows .github/workflows/build-multiplatform.yml, .github/workflows/ci.yml	Added new multi-platform build workflow for Linux/macOS/Windows. Restructured CI from single sequential job to three parallel jobs (smoke → integration → ci-success aggregator) with per-database integration test matrix and improved Docker failure diagnostics.
Documentation & Guidance TESTING.md, CLAUDE.md, docs/zh/Development/DEVELOPMENT.md, docs/zh/Community/CONTRIBUTING.md, docs/zh/Development/DBPAW_HARNESS_ADOPTION_PLAN.md	Added comprehensive testing strategy and architecture documentation. Updated development workflow recommendations to use new test:smoke gate. Introduced Harness-based quality and process improvement roadmap.
Build & Version Configuration package.json, src-tauri/tauri.conf.json, tsconfig.node.json, vite.config.js, vite.config.ts, tsconfig.node.tsbuildinfo, tsconfig.tsbuildinfo, vite.config.d.ts	Bumped version 0.3.0 → 0.3.1. Updated build scripts to run typecheck before Vite build. Added new test orchestration scripts (test:smoke, test:ci). Added Vite/Tailwind config and TypeScript build metadata.
Connection & Driver Logic src-tauri/src/connection_input/mod.rs, src/lib/connection-form/rules.ts, src-tauri/src/db/drivers/mysql.rs	Fixed embedded port parsing to always use embedded port when present. Added MySQL test_connection fallback when prepared-statement protocol is unsupported (via raw_sql retry).
Database Integration Tests (Command-Layer) src-tauri/tests/clickhouse_command_integration.rs, src-tauri/tests/mariadb_command_integration.rs, src-tauri/tests/mssql_command_integration.rs, src-tauri/tests/duckdb_command_integration.rs, src-tauri/tests/sqlite_command_integration.rs	Added comprehensive command-layer integration tests for five databases, covering connection validation, table/database listing, query execution, pagination, and error handling via ephemeral containers or local files.
Existing Test Updates src-tauri/tests/mysql_integration.rs, src-tauri/tests/clickhouse_integration.rs, src-tauri/tests/sqlite_integration.rs, src-tauri/tests/postgres_integration.rs, src-tauri/tests/mysql_stateful_command_integration.rs, src-tauri/tests/common/...	Added MySQL prepared-statement fallback test. Reformatted test assertions and SQL construction for readability. Updated import ordering in stateful tests.
Test Infrastructure scripts/test-integration.sh	Added *_command_integration test executions for MariaDB, ClickHouse, MSSQL, DuckDB, and SQLite to the test matrix.
Frontend Components & Formatting src/components/business/DataGrid/TableView.tsx, src/components/business/DataGrid/tableView/utils.unit.test.ts, src/components/business/Sidebar/ConnectionList.tsx, src/lib/i18n/locales/ja.ts	Reformatted SQL generation callbacks and JSX rendering for readability. Removed file-picker filters from SSH key selection. Updated expected SQL test outputs for quoting consistency. Reformatted Japanese translation string.
Rust Code Formatting src-tauri/src/commands/metadata.rs, src-tauri/src/commands/transfer.rs, src-tauri/src/db/local.rs	Reformatted function signatures and struct literals for multi-line readability without logic changes.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• Release/260325 #49: Overlaps in modified files and functions (CI workflows, command modules, driver logic, connection input parsing, MySQL fallback, numerous test suites, and version bumps), suggesting this PR is part of a coordinated release cycle.

Poem

🐰 A testing warren takes shape,
Smoke gates and integrations in every cape,
Five databases dance, connection strings heed,
Quality layers bloom where tests plant their seed,
From ClickHouse to SQLite, the harness runs deep—
Now DbPaw's assurance runs wider and steep! 🧪

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Release/260330' is vague and generic, using a branch-naming convention that doesn't clearly convey the purpose or scope of the release to someone scanning PR history.	Replace with a descriptive title that summarizes the main changes, such as 'Release v0.3.1: Add multi-platform CI/CD and testing improvements' or similar.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/260330

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

In general, the fix is to add a permissions: block to the workflow (either at the root level or for the specific job) specifying the minimal permissions the GITHUB_TOKEN needs. For a pure build-and-artifact-upload workflow like this, contents: read is typically sufficient, since no step pushes code, creates releases, or modifies issues or pull requests.

The single best way to fix this without changing functionality is to add a root-level permissions: block right after the name: declaration. This will apply to all jobs in the workflow that do not set their own permissions. Based on the shown steps (checkout, caching, installing dependencies, building, and uploading artifacts), the workflow only needs read access to repository contents, so we set:

permissions:
  contents: read

You only need to edit .github/workflows/build-multiplatform.yml, inserting these lines near the top; no imports or additional methods are required.

In general, this is fixed by explicitly defining a permissions block for the workflow (or each job) that grants only the minimal required scopes to GITHUB_TOKEN. For pure CI (checkout, cache, build, test, diagnostics), contents: read is typically sufficient. Since nothing in the provided workflow needs to write to the repository or perform privileged GitHub API operations, we can safely set permissions: contents: read at the workflow root so it applies to all jobs.

The best minimal fix without changing existing functionality is to add a root-level permissions block between the on: section and the jobs: section in .github/workflows/ci.yml. Concretely, insert:

permissions:
  contents: read

after line 10 (the last line of the on: block). This will cause all jobs (smoke, integration, and ci-success) to run with a read-only GITHUB_TOKEN. No additional methods, imports, or definitions are needed, and no existing steps need modification.

In general, the fix is to add an explicit permissions block that grants only the minimal required scopes to the GITHUB_TOKEN. For a pure CI workflow that only reads the repository contents and runs tests, contents: read is typically sufficient. Adding this at the workflow root means all jobs (including integration) inherit these restricted permissions unless overridden.

The single best fix here without changing existing functionality is to add a root-level permissions section after the on: block and before jobs::

permissions:
  contents: read

This documents that the workflow needs only read access to repository contents and constrains GITHUB_TOKEN for smoke, integration, and ci-success. No other scopes appear needed given the current steps: all jobs only use actions/checkout, caching, language toolchains, and shell commands; none interact with issues, PRs, or packages. All modifications are within .github/workflows/ci.yml around the top of the file; no additional methods, imports, or definitions are required.

In general, the problem is fixed by explicitly specifying a permissions block in the workflow, limiting the GITHUB_TOKEN to only what is needed. For a pure CI workflow that just checks out code, uses caches, runs tests, and prints logs, contents: read is typically sufficient. Since none of the jobs perform write operations against the GitHub API (no pushes, PR writes, or issue updates), we can safely set read-only permissions at the workflow root, which then apply to all jobs (smoke, integration, and ci-success).

The best fix with minimal functional change is to add a top-level permissions section right after the name: CI (or anywhere at the root level) in .github/workflows/ci.yml and set contents: read. This documents the intended permissions and ensures that the workflow remains constrained even if organization defaults change. No additional imports, methods, or other changes are needed: only that YAML addition. All existing steps (checkout, cache, bun, rust, Docker diagnostics, and shell checks) will continue to work with read-only repository contents permissions.

Concretely:

• Edit .github/workflows/ci.yml.
• Insert:

permissions:
  contents: read

• Place it at the root level, between name: CI and on:, keeping existing indentation and structure unchanged.

[qodo-code-review]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: CI Success

Failed stage: Check all jobs succeeded [❌]

Failed test name: ""

Failure summary: The workflow step explicitly failed the job because it detected that the smoke test job result was not success. - In the script shown around lines 41–45, it checks if [ "failure" != "success" ]; then and then prints Smoke tests failed and exits with code 1. - This is confirmed by the log line Smoke tests failed (line 53) followed by Process completed with exit code 1 (line 54).

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 28: Metadata: read 29: Models: read 30: Packages: write 31: Pages: write 32: PullRequests: write 33: RepositoryProjects: write 34: SecurityEvents: write 35: Statuses: write 36: ##[endgroup] 37: Secret source: Actions 38: Prepare workflow directory 39: Prepare all required actions 40: Complete job name: CI Success 41: ##[group]Run if [ "failure" != "success" ]; then 42: �[36;1mif [ "failure" != "success" ]; then�[0m 43: �[36;1m echo "Smoke tests failed"�[0m 44: �[36;1m exit 1�[0m 45: �[36;1mfi�[0m 46: �[36;1mif [ "skipped" != "success" ]; then�[0m 47: �[36;1m echo "Integration tests failed"�[0m 48: �[36;1m exit 1�[0m 49: �[36;1mfi�[0m 50: �[36;1mecho "All CI checks passed!"�[0m 51: shell: /usr/bin/bash -e {0} 52: ##[endgroup] 53: Smoke tests failed 54: ##[error]Process completed with exit code 1. 55: Cleaning up orphan processes

[coderabbitai]

Actionable comments posted: 11

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lib/connection-form/rules.ts (1)

55-62: ⚠️ Potential issue | 🟡 Minor

Reject out-of-range embedded ports before overriding the form port.

This now replaces a valid fallbackPort for any digit-only suffix, including 0 or values above 65535. host="db:99999" will normalize to an invalid port instead of keeping the separate port field.

🔢 Example guard

   const [hostPart, portPart] = host.split(":");
   if (!hostPart || !portPart || !/^\d+$/.test(portPart)) {
     return { host, port: fallbackPort };
   }
+  const parsedPort = Number(portPart);
+  if (!Number.isInteger(parsedPort) || parsedPort < 1 || parsedPort > 65535) {
+    return { host, port: fallbackPort };
+  }
   return {
     host: hostPart,
-    port: Number(portPart),
+    port: parsedPort,
   };
 };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/connection-form/rules.ts` around lines 55 - 62, The host/port split
logic currently accepts any digit-only portPart and overrides the form port with
it; change the validation in the block that uses hostPart, portPart and
fallbackPort so it also checks numeric range (1–65535) and treats out-of-range
or zero values as invalid — i.e., if portPart is missing, non-numeric, <=0, or
>65535, return { host, port: fallbackPort } instead of converting portPart to a
Number; only return { host: hostPart, port: Number(portPart) } when the portPart
passes both the /^\d+$/ test and the 1..65535 range check.

🧹 Nitpick comments (3)

vite.config.d.ts (1)

1-2: This declaration file is orphaned given the existing vite.config.ts.

This .d.ts file is a TypeScript declaration for the compiled vite.config.js. However, since vite.config.ts already exists and Vite prioritizes .ts over .js, both this file and vite.config.js will be ignored. See the review comment on vite.config.js for details.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vite.config.d.ts` around lines 1 - 2, The vite.config.d.ts declaration is
orphaned because vite.config.ts is present; remove this file (and the compiled
vite.config.js if still checked in) to avoid Vite ignoring the TS config and
confusing consumers; if any typings from import("vite").UserConfigFnPromise or
the exported symbol _default are required, move or re-export them from
vite.config.ts or a proper types file instead of keeping vite.config.d.ts.

package.json (1)

14-18: lint:web is narrower than its callers imply.

test:smoke and the CI smoke job treat lint as the web lint gate, but this command only checks root/config/workflow files and skips src/**/*. Since format still targets the source tree, source formatting drift will not fail bun run lint.

♻️ One possible adjustment

-    "lint:web": "prettier --check \"package.json\" \"package-lock.json\" \"tsconfig*.json\" \"vite.config.ts\" \"src-tauri/tauri.conf.json\" \"src-tauri/capabilities/**/*.json\" \".github/workflows/*.{yml,yaml}\"",
+    "lint:web": "prettier --check \"src/**/*.{ts,tsx,js,jsx,json,css}\" \"package.json\" \"package-lock.json\" \"tsconfig*.json\" \"vite.config.ts\" \"src-tauri/tauri.conf.json\" \"src-tauri/capabilities/**/*.json\" \".github/workflows/*.{yml,yaml}\"",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 14 - 18, The lint:web script is too narrow (it
only checks root/config files) but callers like the lint script and test:smoke
expect it to gate source formatting; update the "lint:web" npm script to include
the repository source files (e.g., add patterns for src/**/*, tests/**/* or
specific extensions used by the project) so its file globs match the same tree
that the format script checks and will fail when source formatting drifts;
ensure you modify the "lint:web" entry (notably the "lint:web" and preserve
"lint" -> "bun run lint:web" behavior) to include the source globs.

.github/workflows/build-multiplatform.yml (1)

30-33: Pin Bun instead of following latest.

Using bun-version: latest makes tag builds drift over time: the same v* tag can start producing different artifacts or fail after an upstream Bun release. Prefer a repo-managed version and have both CI and release workflows consume that.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-multiplatform.yml around lines 30 - 33, The workflow
uses "Setup Bun" with bun-version: latest which causes drift; change the step to
use a pinned version variable instead (e.g., replace bun-version: latest with
bun-version: ${{ vars.BUN_VERSION }} or a repository secret/variable) and update
any release/CI workflows to consume the same repo-managed BUN_VERSION value;
specifically update the "Setup Bun" step and ensure any references to
bun-version use a shared repo variable or workflow input so CI and release
workflows remain consistent.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-multiplatform.yml:
- Around line 65-71: The upload step named "Upload artifacts" using
actions/upload-artifact@v4 should fail when no files are found; update that step
(the "Upload artifacts" job step referencing actions/upload-artifact@v4) to
include the if-no-files-found: error option so the workflow errors out instead
of only warning when the src-tauri/target/release/bundle/ path is empty.

In @.github/workflows/ci.yml:
- Around line 7-16: Add a workflow-level permissions block to restrict the
GITHUB_TOKEN to least privilege by adding "permissions: contents: read" at the
top-level of the YAML (so it applies to all jobs: smoke, integration,
ci-success); locate the root of the workflow (near the existing "push" and
"jobs:" keys) and insert the "permissions" stanza so actions/checkout@v4
continues to work while preventing broader token access.

In `@src-tauri/tests/duckdb_command_integration.rs`:
- Around line 10-17: duckdb_test_path() currently returns the caller-supplied
path verbatim but the test cleanup later always unconditionally deletes that
path; change the API so the code can tell if the file was created by the test
(for example have duckdb_test_path return (PathBuf, bool) or provide an
is_temp_created flag) and update the cleanup blocks in this test file to only
remove the DB file when that flag is true (leave caller-supplied
DUCKDB_IT_DB_PATH untouched); adjust call sites in this file to destructure the
returned tuple (or read the flag) and only perform fs::remove_file when the path
was created by the test.
- Around line 96-112: The test
test_duckdb_command_test_connection_invalid_file_path_returns_error currently
uses a tautological assertion; change it to assert a real failure by making the
input deterministically invalid and asserting result.is_err(). Specifically,
update the ConnectionForm (used by connection::test_connection_ephemeral) to use
a path that DuckDB will always reject as a database file (e.g., a directory path
like "/" or a freshly created tempdir path rather than a nonexistent file) and
replace assert!(result.is_ok() || result.is_err()) with
assert!(result.is_err()); if result.is_err(), keep the existing check that the
error string (from result.err().unwrap_or_default()) is non-empty to ensure
meaningful error reporting.

In `@src-tauri/tests/mssql_command_integration.rs`:
- Around line 35-61: The DDL runs against whatever database is set in
ConnectionForm (currently defaulting to master), so update the test helpers to
avoid touching master: either set the connection to use tempdb before connecting
(modify ConnectionForm to set database = "tempdb" prior to MssqlDriver::connect
in prepare_query_test_table and other test helpers) or fully-qualify object
names with tempdb (use "tempdb..{table}" in the DROP/CREATE/INSERT statements
inside prepare_query_test_table and the other affected blocks at 64-75, 234-251,
276-300) so all DDL runs against tempdb instead of master.

In `@src-tauri/tests/mysql_integration.rs`:
- Around line 1081-1094: The Err branch in the prepare-probe test (the block
starting with "Err(err) =>") should also assert that the environment indicates
fallback mode by checking that the MYSQL_EXPECT_PREPARED_UNSUPPORTED variable is
set to "1"; update the Err(err) arm to, after computing err_text and before
calling driver.test_connection().await, assert that
std::env::var("MYSQL_EXPECT_PREPARED_UNSUPPORTED") yields Ok("1".to_string())
(or otherwise compare to "1"), so failures from an unexpected probe result are
not silently masked, then proceed to call
driver.test_connection().await.expect(...).

In `@src-tauri/tests/sqlite_command_integration.rs`:
- Around line 19-25: The helper unique_table_name currently builds names from
epoch milliseconds which can collide under parallel runs; change
unique_table_name to append a UUID (e.g. Uuid::new_v4()) to the existing
millis-based prefix to guarantee uniqueness, and add the corresponding import
from the uuid crate (Uuid) and ensure the uuid crate is in Cargo.toml; update
references to unique_table_name in tests as needed.

In `@TESTING.md`:
- Around line 332-339: Update the stale P0 checklist entry: remove or replace
the item "Add command integration tests for MariaDB, MSSQL, ClickHouse, SQLite,
DuckDB" under the "P0 (High Priority)" heading and instead state the actual
remaining gap (e.g., flaky tests, missing edge-case command tests, data-setup
patterns, or any other specific DBs not exercised) so it matches the coverage
table and the tests invoked by scripts/test-integration.sh; ensure the new
wording explicitly references the unresolved gap so readers can reconcile
TESTING.md with the coverage table and scripts.

In `@tsconfig.node.tsbuildinfo`:
- Line 1: The committed artifact tsconfig.node.tsbuildinfo is TypeScript
incremental build cache and must be removed from the PR and ignored; remove the
file from the commit (unstage/remove it from the repo), add
tsconfig.node.tsbuildinfo to .gitignore (or update existing ignore patterns like
*.tsbuildinfo), and ensure you run the equivalent of git rm --cached for that
filename so it no longer appears in future commits before amending the PR.

In `@tsconfig.tsbuildinfo`:
- Line 1: The commit improperly includes the generated TypeScript build cache
file tsconfig.tsbuildinfo; remove it from the repository and stop tracking it by
removing it from Git's index (e.g., git rm --cached tsconfig.tsbuildinfo) and
committing that removal, then add tsconfig.tsbuildinfo to .gitignore so it isn't
re-added; ensure the change references the tracked file name
tsconfig.tsbuildinfo so reviewers can verify it was removed and .gitignore
updated.

In `@vite.config.js`:
- Around line 1-75: This file is the compiled JavaScript output of the
TypeScript Vite config (notice __awaiter/__generator shims and export default
defineConfig(...)), so remove this build artifact to avoid redundancy and drift:
delete vite.config.js (and vite.config.d.ts if present) from the repo so Vite
uses the source vite.config.ts (ensure defineConfig/import
react/tailwindcss/path references remain only in the .ts file); if you need JS
config for a special tool, explain why and keep only the intentionally required
file.

---

Outside diff comments:
In `@src/lib/connection-form/rules.ts`:
- Around line 55-62: The host/port split logic currently accepts any digit-only
portPart and overrides the form port with it; change the validation in the block
that uses hostPart, portPart and fallbackPort so it also checks numeric range
(1–65535) and treats out-of-range or zero values as invalid — i.e., if portPart
is missing, non-numeric, <=0, or >65535, return { host, port: fallbackPort }
instead of converting portPart to a Number; only return { host: hostPart, port:
Number(portPart) } when the portPart passes both the /^\d+$/ test and the
1..65535 range check.

---

Nitpick comments:
In @.github/workflows/build-multiplatform.yml:
- Around line 30-33: The workflow uses "Setup Bun" with bun-version: latest
which causes drift; change the step to use a pinned version variable instead
(e.g., replace bun-version: latest with bun-version: ${{ vars.BUN_VERSION }} or
a repository secret/variable) and update any release/CI workflows to consume the
same repo-managed BUN_VERSION value; specifically update the "Setup Bun" step
and ensure any references to bun-version use a shared repo variable or workflow
input so CI and release workflows remain consistent.

In `@package.json`:
- Around line 14-18: The lint:web script is too narrow (it only checks
root/config files) but callers like the lint script and test:smoke expect it to
gate source formatting; update the "lint:web" npm script to include the
repository source files (e.g., add patterns for src/**/*, tests/**/* or specific
extensions used by the project) so its file globs match the same tree that the
format script checks and will fail when source formatting drifts; ensure you
modify the "lint:web" entry (notably the "lint:web" and preserve "lint" -> "bun
run lint:web" behavior) to include the source globs.

In `@vite.config.d.ts`:
- Around line 1-2: The vite.config.d.ts declaration is orphaned because
vite.config.ts is present; remove this file (and the compiled vite.config.js if
still checked in) to avoid Vite ignoring the TS config and confusing consumers;
if any typings from import("vite").UserConfigFnPromise or the exported symbol
_default are required, move or re-export them from vite.config.ts or a proper
types file instead of keeping vite.config.d.ts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2ad6a8fb-1961-46df-a39b-3a8d77650911

📥 Commits

Reviewing files that changed from the base of the PR and between 1a20667 and c925cab.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (39)

• .github/workflows/build-multiplatform.yml
• .github/workflows/ci.yml
• CLAUDE.md
• TESTING.md
• docs/zh/Community/CONTRIBUTING.md
• docs/zh/Development/DBPAW_HARNESS_ADOPTION_PLAN.md
• docs/zh/Development/DEVELOPMENT.md
• package.json
• scripts/test-integration.sh
• src-tauri/src/commands/metadata.rs
• src-tauri/src/commands/transfer.rs
• src-tauri/src/connection_input/mod.rs
• src-tauri/src/db/drivers/mysql.rs
• src-tauri/src/db/local.rs
• src-tauri/tauri.conf.json
• src-tauri/tests/clickhouse_command_integration.rs
• src-tauri/tests/clickhouse_integration.rs
• src-tauri/tests/common/postgres_context.rs
• src-tauri/tests/common/shared.rs
• src-tauri/tests/duckdb_command_integration.rs
• src-tauri/tests/mariadb_command_integration.rs
• src-tauri/tests/mssql_command_integration.rs
• src-tauri/tests/mysql_integration.rs
• src-tauri/tests/mysql_stateful_command_integration.rs
• src-tauri/tests/postgres_integration.rs
• src-tauri/tests/sqlite_command_integration.rs
• src-tauri/tests/sqlite_integration.rs
• src/components/business/DataGrid/TableView.tsx
• src/components/business/DataGrid/tableView/utils.unit.test.ts
• src/components/business/Sidebar/ConnectionList.tsx
• src/lib/connection-form/rules.ts
• src/lib/connection-form/rules.unit.test.ts
• src/lib/i18n/locales/ja.ts
• tsconfig.node.json
• tsconfig.node.tsbuildinfo
• tsconfig.tsbuildinfo
• vite.config.d.ts
• vite.config.js
• vite.config.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

actions/upload-artifact@v4 if-no-files-found parameter

💡 Result:

The if-no-files-found parameter in actions/upload-artifact@v4 controls the action's behavior when no files match the provided path. It is optional with a default value of warn. Available options: - warn: Outputs a warning but does not fail the action (default). - error: Fails the action with an error message. - ignore: Outputs no warnings or errors, and the action does not fail. Example usage: - uses: actions/upload-artifact@v4 with: name: my-artifact path: path/to/artifact/ if-no-files-found: error This feature allows customization of the response when no files are found for upload, improving workflow reliability.

Citations:

• 1: https://github.com/actions/upload-artifact
• 2: https://git.telodendria.io/actions/upload-artifact/src/branch/v4-beta/README.md?display=source

---

Fail the workflow when no bundle is uploaded.

actions/upload-artifact@v4 defaults to warn mode when files are missing, allowing the workflow to pass even if the bundle directory is empty. Add if-no-files-found: error to catch missing artifacts immediately instead of silently passing.

📦 Make missing artifacts fail fast

       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
           name: dbpaw-${{ matrix.platform }}
           path: |
             src-tauri/target/release/bundle/
+          if-no-files-found: error
           retention-days: 7

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: dbpaw-${{ matrix.platform }}
	path: |
	src-tauri/target/release/bundle/
	retention-days: 7
	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: dbpaw-${{ matrix.platform }}
	path: |
	src-tauri/target/release/bundle/
	if-no-files-found: error
	retention-days: 7

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 11-71: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-multiplatform.yml around lines 65 - 71, The upload
step named "Upload artifacts" using actions/upload-artifact@v4 should fail when
no files are found; update that step (the "Upload artifacts" job step
referencing actions/upload-artifact@v4) to include the if-no-files-found: error
option so the workflow errors out instead of only warning when the
src-tauri/target/release/bundle/ path is empty.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Locate and read the CI workflow file
fd 'ci\.yml' --type f

Repository: codeErrorSleep/dbpaw

Length of output: 46

---

🏁 Script executed:

# Read the full CI workflow file to understand structure and existing permissions
cat -n '.github/workflows/ci.yml'

Repository: codeErrorSleep/dbpaw

Length of output: 4280

---

Set explicit GITHUB_TOKEN permissions in this workflow.

Currently, the workflow lacks an explicit permissions block at the workflow level. This means it depends on the repository or organization's default token policy, which may grant excessive permissions. Adding permissions: contents: read at the workflow level ensures all jobs (smoke, integration, and ci-success) operate with least-privilege access, since the only GitHub API interaction is actions/checkout@v4, which requires only read access to repository contents.

🔐 Suggested hardening

 on:
   pull_request:
     branches:
       - main
   push:
     branches:
       - main
+
+permissions:
+  contents: read

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	push:
	branches:
	- main
	jobs:
	test:
	# Fast smoke tests run first to fail fast
	smoke:
	name: Smoke Tests (typecheck, lint, unit)
	runs-on: ubuntu-22.04
	timeout-minutes: 40
	timeout-minutes: 10
	push:
	branches:
	- main
	permissions:
	contents: read
	jobs:
	# Fast smoke tests run first to fail fast
	smoke:
	name: Smoke Tests (typecheck, lint, unit)
	runs-on: ubuntu-22.04
	timeout-minutes: 10

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 7 - 16, Add a workflow-level
permissions block to restrict the GITHUB_TOKEN to least privilege by adding
"permissions: contents: read" at the top-level of the YAML (so it applies to all
jobs: smoke, integration, ci-success); locate the root of the workflow (near the
existing "push" and "jobs:" keys) and insert the "permissions" stanza so
actions/checkout@v4 continues to work while preventing broader token access.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't delete caller-supplied DuckDB databases.

duckdb_test_path() returns DUCKDB_IT_DB_PATH verbatim, but the cleanup blocks later in this file unconditionally remove that path. Pointing the suite at a real database file will delete it after the run. Track whether the path was created by the test and only remove temp-owned files.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src-tauri/tests/duckdb_command_integration.rs` around lines 10 - 17,
duckdb_test_path() currently returns the caller-supplied path verbatim but the
test cleanup later always unconditionally deletes that path; change the API so
the code can tell if the file was created by the test (for example have
duckdb_test_path return (PathBuf, bool) or provide an is_temp_created flag) and
update the cleanup blocks in this test file to only remove the DB file when that
flag is true (leave caller-supplied DUCKDB_IT_DB_PATH untouched); adjust call
sites in this file to destructure the returned tuple (or read the flag) and only
perform fs::remove_file when the path was created by the test.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Make the invalid-path test assert a real failure.

assert!(result.is_ok() || result.is_err()) is tautological, so this test never verifies the error path. Use a deterministic bad input and assert is_err().

🧪 Example

 async fn test_duckdb_command_test_connection_invalid_file_path_returns_error() {
+    let invalid_path = env::temp_dir();
     let form = ConnectionForm {
         driver: "duckdb".to_string(),
-        file_path: Some("/nonexistent/path/to/database.db".to_string()),
+        file_path: Some(invalid_path.to_string_lossy().to_string()),
         ..Default::default()
     };

     let result = connection::test_connection_ephemeral(form).await;
-
-    // DuckDB might succeed with nonexistent path (creates file), so we adjust expectations
-    // Alternative: test with read-only or permissions issue
-    assert!(result.is_ok() || result.is_err());
-    if result.is_err() {
-        let error = result.err().unwrap_or_default();
-        assert!(!error.trim().is_empty());
-    }
+    assert!(result.is_err());
+    let error = result.err().unwrap_or_default();
+    assert!(!error.trim().is_empty());
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src-tauri/tests/duckdb_command_integration.rs` around lines 96 - 112, The
test test_duckdb_command_test_connection_invalid_file_path_returns_error
currently uses a tautological assertion; change it to assert a real failure by
making the input deterministically invalid and asserting result.is_err().
Specifically, update the ConnectionForm (used by
connection::test_connection_ephemeral) to use a path that DuckDB will always
reject as a database file (e.g., a directory path like "/" or a freshly created
tempdir path rather than a nonexistent file) and replace assert!(result.is_ok()
|| result.is_err()) with assert!(result.is_err()); if result.is_err(), keep the
existing check that the error string (from result.err().unwrap_or_default()) is
non-empty to ensure meaningful error reporting.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't run scratch-table DDL in master.

These unqualified CREATE/DROP TABLE statements use whatever database is in form. In the current test context that defaults to master (src-tauri/tests/common/mssql_context.rs:40-83 and src-tauri/tests/common/mssql_context.rs:85-97), so a failed or interrupted run can leave junk tables in a system database when IT_REUSE_LOCAL_DB points at a real instance. Please switch the suite to tempdb or a dedicated scratch database before issuing DDL.

Also applies to: 64-75, 234-251, 276-300

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src-tauri/tests/mssql_command_integration.rs` around lines 35 - 61, The DDL
runs against whatever database is set in ConnectionForm (currently defaulting to
master), so update the test helpers to avoid touching master: either set the
connection to use tempdb before connecting (modify ConnectionForm to set
database = "tempdb" prior to MssqlDriver::connect in prepare_query_test_table
and other test helpers) or fully-qualify object names with tempdb (use
"tempdb..{table}" in the DROP/CREATE/INSERT statements inside
prepare_query_test_table and the other affected blocks at 64-75, 234-251,
276-300) so all DDL runs against tempdb instead of master.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

unique_table_name is collision-prone under parallel runs.

Using only epoch milliseconds can generate duplicate table names in concurrent tests; use a UUID suffix for deterministic uniqueness.

Suggested patch

 fn unique_table_name(prefix: &str) -> String {
-    let millis = SystemTime::now()
-        .duration_since(UNIX_EPOCH)
-        .expect("time should be after unix epoch")
-        .as_millis();
-    format!("{}_{}", prefix, millis)
+    format!("{}_{}", prefix, Uuid::new_v4().simple())
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src-tauri/tests/sqlite_command_integration.rs` around lines 19 - 25, The
helper unique_table_name currently builds names from epoch milliseconds which
can collide under parallel runs; change unique_table_name to append a UUID (e.g.
Uuid::new_v4()) to the existing millis-based prefix to guarantee uniqueness, and
add the corresponding import from the uuid crate (Uuid) and ensure the uuid
crate is in Cargo.toml; update references to unique_table_name in tests as
needed.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Update the stale backlog item.

Line 333 says command integration tests are still missing for MariaDB, MSSQL, ClickHouse, SQLite, and DuckDB, but this file’s coverage table already marks those command suites as covered, and scripts/test-integration.sh includes them as well. This should point at the remaining gap instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@TESTING.md` around lines 332 - 339, Update the stale P0 checklist entry:
remove or replace the item "Add command integration tests for MariaDB, MSSQL,
ClickHouse, SQLite, DuckDB" under the "P0 (High Priority)" heading and instead
state the actual remaining gap (e.g., flaky tests, missing edge-case command
tests, data-setup patterns, or any other specific DBs not exercised) so it
matches the coverage table and the tests invoked by scripts/test-integration.sh;
ensure the new wording explicitly references the unresolved gap so readers can
reconcile TESTING.md with the coverage table and scripts.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Do not commit TypeScript incremental build cache artifacts.

tsconfig.node.tsbuildinfo is generated state and should be excluded from version control to avoid PR churn and merge conflicts.

Suggested cleanup

# .gitignore
+*.tsbuildinfo

Also remove tsconfig.node.tsbuildinfo from this PR.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tsconfig.node.tsbuildinfo` at line 1, The committed artifact
tsconfig.node.tsbuildinfo is TypeScript incremental build cache and must be
removed from the PR and ignored; remove the file from the commit (unstage/remove
it from the repo), add tsconfig.node.tsbuildinfo to .gitignore (or update
existing ignore patterns like *.tsbuildinfo), and ensure you run the equivalent
of git rm --cached for that filename so it no longer appears in future commits
before amending the PR.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid committing TypeScript build cache artifacts.

tsconfig.tsbuildinfo is generated state and tends to cause noisy, non-deterministic diffs. Please remove it from VCS and add it to .gitignore to keep PRs stable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tsconfig.tsbuildinfo` at line 1, The commit improperly includes the generated
TypeScript build cache file tsconfig.tsbuildinfo; remove it from the repository
and stop tracking it by removing it from Git's index (e.g., git rm --cached
tsconfig.tsbuildinfo) and committing that removal, then add tsconfig.tsbuildinfo
to .gitignore so it isn't re-added; ensure the change references the tracked
file name tsconfig.tsbuildinfo so reviewers can verify it was removed and
.gitignore updated.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Remove this compiled build artifact — vite.config.ts already exists and takes precedence.

This file appears to be the TypeScript-compiled output of vite.config.ts (note the __awaiter/__generator helper shims). Vite resolves config files in the order: .ts > .mts > .mjs > .js, so this .js file will be silently ignored.

Issues with keeping this file:

1. Redundancy: vite.config.ts is the source of truth and takes precedence
2. Drift risk: If .ts is modified, this .js file becomes stale
3. Build artifacts shouldn't be versioned: Compiled output belongs in .gitignore

Recommended action

Remove vite.config.js and vite.config.d.ts from the repository:

git rm vite.config.js vite.config.d.ts

If there's a specific reason these files are needed (e.g., for a build tool that doesn't support TypeScript configs), please clarify.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vite.config.js` around lines 1 - 75, This file is the compiled JavaScript
output of the TypeScript Vite config (notice __awaiter/__generator shims and
export default defineConfig(...)), so remove this build artifact to avoid
redundancy and drift: delete vite.config.js (and vite.config.d.ts if present)
from the repo so Vite uses the source vite.config.ts (ensure defineConfig/import
react/tailwindcss/path references remain only in the .ts file); if you need JS
config for a special tool, explain why and keep only the intentionally required
file.