Skip to content

On-demand plan fetch for bad actor findings (#604)#609

Merged
erikdarlingdata merged 1 commit intodevfrom
feature/on-demand-plan-fetch-604
Mar 17, 2026
Merged

On-demand plan fetch for bad actor findings (#604)#609
erikdarlingdata merged 1 commit intodevfrom
feature/on-demand-plan-fetch-604

Conversation

@erikdarlingdata
Copy link
Owner

@erikdarlingdata erikdarlingdata commented Mar 17, 2026

Summary

  • Fetches execution plans live from SQL Server only for queries that surface as high-impact findings
  • No plan storage needed — IPlanFetcher interface calls sys.dm_exec_query_plan(plan_handle) on demand
  • Platform-agnostic: IPlanFetcher interface for both Lite (SqlPlanFetcher) and future Dashboard port
  • PlanAnalyzer (30 rules) runs against fetched plans, surfacing warnings and missing indexes in drill_down.plan_analysis
  • Only BAD_ACTOR findings get plan analysis (1 plan per finding, not bulk)

Design

  • IPlanFetcher — interface with FetchPlanXmlAsync(serverId, planHandle)
  • SqlPlanFetcher — Lite implementation using ServerManager for SQL connections
  • DrillDownCollector — looks up plan_handle from DuckDB, fetches XML via IPlanFetcher, runs PlanAnalyzer
  • AnalysisService — accepts optional IPlanFetcher parameter, passes to DrillDownCollector

Limitation

Plans must be in SQL Server's plan cache at analysis time. Evicted plans (completed/old queries) return nothing — this is expected behavior, not a bug.

Test plan

  • dotnet build — 0 errors
  • dotnet test — 138 tests pass
  • Code path verified: correctly returns nothing when plans are evicted from cache
  • Full verification requires active workload with plans in cache (HammerDB)

Closes #604

🤖 Generated with Claude Code

@erikdarlingdata @claude
On-demand plan fetch for bad actor findings (#604)
646e0ec 
Replaces the stored-plan-XML approach with live SQL Server fetches.
Only queries that surface as high-impact findings get their plans
analyzed — no storage overhead, no retention concerns.

Architecture:
- IPlanFetcher interface — platform-agnostic, both Lite and Dashboard
  can implement (Lite via ServerManager, Dashboard via DatabaseService)
- SqlPlanFetcher — Lite implementation, fetches via
  sys.dm_exec_query_plan(plan_handle) on the monitored server
- DrillDownCollector looks up plan_handle from DuckDB, then calls
  IPlanFetcher to get XML live, then runs PlanAnalyzer (30 rules)
- Results include warnings and missing indexes with CREATE statements

Only runs for BAD_ACTOR findings (1 plan per finding). Returns nothing
if the plan has been evicted from cache (expected for completed queries).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@erikdarlingdata erikdarlingdata merged commit 1b3a47f into dev Mar 17, 2026
@erikdarlingdata erikdarlingdata deleted the feature/on-demand-plan-fetch-604 branch March 17, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erikdarlingdata