Skip to content

v2.3.0 - Transaction status tool and schema validation hardening#75

Merged
neverinfamous merged 17 commits intomainfrom
release/v2.3.0
Mar 9, 2026
Merged

v2.3.0 - Transaction status tool and schema validation hardening#75
neverinfamous merged 17 commits intomainfrom
release/v2.3.0

Conversation

@neverinfamous
Copy link
Owner

@neverinfamous neverinfamous commented Mar 9, 2026

v2.3.0 - Transaction Status & Schema Validation Hardening

Highlights

  • New pg_transaction_status tool — Check active transaction state (active, aborted, not_found) without modifying it
  • 3 introspection tools now fail-fast on nonexistent schemaspg_dependency_graph, pg_topological_sort, and pg_constraint_analysis return structured {success: false} errors instead of silently returning empty results
  • Anomaly detection NaN safety — Passing invalid string values for numeric params now gracefully falls back to defaults instead of crashing
  • SQL injection hardening — Replaced ad-hoc string escaping with validateIdentifier() in diagnostics and anomaly detection tools
  • Dependency updatesjose 6.2.0 → 6.2.1, npm-bundled tar 7.5.10 → 7.5.11, minimatch pinned to 10.2.4

Added

  • pg_transaction_status — Read-only tool to probe active managed transactions via SELECT 1, returning {status, transactionId, active, message}. Exposed in Code Mode as pg.transactions.status(). Transaction tools: 7 → 8

Fixed

  • 3 introspection tools (pg_dependency_graph, pg_topological_sort, pg_constraint_analysis) now return {success: false} for nonexistent schemas via shared checkSchemaExists() helper
  • pg_constraint_analysis returns {success: false} for nonexistent tables via shared checkTableExists() helper
  • pg_cascade_simulator returns clean {success: false} error instead of mixing error and success fields
  • pg_migration_record now inserts with explicit status: 'recorded' instead of defaulting to 'applied'; added 'recorded' to CHECK constraint, Zod enum, and dashboard counts
  • 3 anomaly detection tools (pg_detect_query_anomalies, pg_detect_bloat_risk, pg_detect_connection_spike) handle NaN for wrong-type numeric params via safeNum() helper
  • Migration tool icons now use correct "migration" group instead of "introspection"
  • SQL injection fix: validateIdentifier() replaces ad-hoc .replace() in diagnostics.ts and anomaly-detection.ts
  • InvalidFtsConfigError now properly exported from fts-config.ts
  • Tool counts updated from 227 → 231 across documentation

Changed

  • jose: 6.2.0 → 6.2.1
  • Dockerfile: npm-bundled tar 7.5.10 → 7.5.11, minimatch pinned to 10.2.4
  • package.json overrides: exactly pinned tar to 7.5.11 and minimatch to 10.2.4

Full Compare

Install:

npm install -g @neverinfamous/postgres-mcp@2.3.0

Docker:

docker pull writenotenow/postgres-mcp:v2.3.0

Chris & Mike added 15 commits March 9, 2026 06:59
fix: address Copilot PR review - SQL injection, stale tool counts, ic…
eaa6e6e 
…on groups, FTS export
docs: fix README formatting issues and remove inapplicable notes
f997351
feat: add pg_transaction_status tool (read-only transaction state check)
9efd992
docs: update tool counts 231→232 (add pg_transaction_status to ToolCo…
9df8c76 
…nstants)
fix: anomaly detection NaN coercion for wrong-type numeric params
75d9a8e 
pg_detect_query_anomalies({threshold: 'abc'}), pg_detect_query_anomalies({minCalls: 'abc'}),
pg_detect_bloat_risk({minRows: 'abc'}), and pg_detect_connection_spike({warningPercent: 'abc'})
now silently fall back to default values instead of producing raw MCP -32602 Output validation
errors. Number('abc') produced NaN which propagated through Math.max()/Math.min() into SQL
queries causing PostgreSQL errors. Added safeNum() helper with NaN fallback to default.
fix(migration): pg_migration_record uses 'recorded' status instead of…
079f1b6 
… 'applied'
docs: update README, DOCKER_README, and migration code mode aliases
5846fe8
docs: update pg_migration_record description and test checklist for '…
e3baf49 
…recorded' status
fix: 3 introspection tools return {success: false} for nonexistent sc…
e5833df 
…hema

pg_dependency_graph, pg_topological_sort, and pg_constraint_analysis
now return structured {success: false, error} for nonexistent schemas
instead of silently returning empty results.

Extracted shared checkSchemaExists() helper from pg_schema_snapshot
inline validation. Refactored pg_schema_snapshot to use the same
shared helper. Updated 3 unit tests.

Also includes pg_transaction_status ServerInstructions docs.
fix(introspection): pg_constraint_analysis returns {success: false} f…
7bb23c1 
…or nonexistent tables

- Add checkTableExists() helper to graph.ts mirroring checkSchemaExists()
- Validate table existence in pg_constraint_analysis before running queries
- Remove hint-based fallback for nonexistent tables
- Update unit test to expect structured error response
test: improve branch coverage across core, jsonb, and schema tools (+…
115e568 
…132 tests)
fix(pg_cascade_simulator): clean error response for nonexistent tables
72a3c14
docs: update test coverage badges to 3750 tests, 96.18% coverage
0bb30f6
chore: update dependencies and security patches
41d6609
v2.3.0 - Transaction status tool and schema validation hardening
2d32ca2
Copilot AI review requested due to automatic review settings March 9, 2026 17:54
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 9, 2026
View reviewed changes

This comment was marked as resolved.

Sign in to view

@neverinfamous neverinfamous merged commit d8d73f4 into main Mar 9, 2026
8 checks passed
@neverinfamous neverinfamous deleted the release/v2.3.0 branch March 9, 2026 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@neverinfamous