supabase-community
diff --git a/‎crates/pgls_analyser/src/lib.rs‎
Lines changed: 3 additions & 1 deletion b/‎crates/pgls_analyser/src/lib.rs‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎crates/pgls_analyser/tests/rules_tests.rs‎
Lines changed: 7 additions & 5 deletions b/‎crates/pgls_analyser/tests/rules_tests.rs‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎crates/pgls_splinter/src/convert.rs‎
Lines changed: 1 addition & 1 deletion b/‎crates/pgls_splinter/src/convert.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/pgls_splinter/src/lib.rs‎
Lines changed: 1 addition & 1 deletion b/‎crates/pgls_splinter/src/lib.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/pgls_splinter/src/query.rs‎
Lines changed: 1 addition & 1 deletion b/‎crates/pgls_splinter/src/query.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/pgls_splinter/src/rules/performance/auth_rls_initplan.rs‎
Lines changed: 0 additions & 1 deletion b/‎crates/pgls_splinter/src/rules/performance/auth_rls_initplan.rs‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎crates/pgls_splinter/src/rules/performance/duplicate_index.rs‎
Lines changed: 0 additions & 1 deletion b/‎crates/pgls_splinter/src/rules/performance/duplicate_index.rs‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎crates/pgls_splinter/src/rules/performance/multiple_permissive_policies.rs‎
Lines changed: 0 additions & 1 deletion b/‎crates/pgls_splinter/src/rules/performance/multiple_permissive_policies.rs‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎crates/pgls_splinter/src/rules/performance/no_primary_key.rs‎
Lines changed: 0 additions & 1 deletion b/‎crates/pgls_splinter/src/rules/performance/no_primary_key.rs‎
Lines changed: 0 additions & 1 deletion
@@ -116,7 +116,9 @@ impl<'a> Analyser<'a> {
 mod tests {
     use core::slice;
 
-    use pgls_analyse::{AnalyserOptions, AnalysisFilter, RuleFilter};
+    use pgls_analyse::{AnalysisFilter, RuleFilter};
+
+    use crate::LinterOptions;
     use pgls_console::{
         Markup,
         fmt::{Formatter, Termcolor},
 
@@ -1,8 +1,10 @@
 use core::slice;
 use std::{collections::HashMap, fmt::Write, fs::read_to_string, path::Path};
 
-use pgls_analyse::{AnalyserOptions, AnalysisFilter, RuleDiagnostic, RuleFilter};
-use pgls_analyser::{AnalysableStatement, Analyser, AnalyserConfig, AnalyserParams};
+use pgls_analyse::{AnalysisFilter, RuleFilter};
+use pgls_analyser::{
+    AnalysableStatement, Analyser, AnalyserConfig, AnalyserParams, LinterDiagnostic, LinterOptions,
+};
 use pgls_console::StdDisplay;
 use pgls_diagnostics::PrintDiagnostic;
 
@@ -25,7 +27,7 @@ fn rule_test(full_path: &'static str, _: &str, _: &str) {
     let query =
         read_to_string(full_path).unwrap_or_else(|_| panic!("Failed to read file: {full_path} "));
 
-    let options = AnalyserOptions::default();
+    let options = LinterOptions::default();
     let analyser = Analyser::new(AnalyserConfig {
         options: &options,
         filter,
@@ -79,7 +81,7 @@ fn parse_test_path(path: &Path) -> (String, String, String) {
     (group.into(), rule.into(), fname.into())
 }
 
-fn write_snapshot(snapshot: &mut String, query: &str, diagnostics: &[RuleDiagnostic]) {
+fn write_snapshot(snapshot: &mut String, query: &str, diagnostics: &[LinterDiagnostic]) {
     writeln!(snapshot, "# Input").unwrap();
     writeln!(snapshot, "```").unwrap();
     writeln!(snapshot, "{query}").unwrap();
@@ -140,7 +142,7 @@ impl Expectation {
         );
     }
 
-    fn assert(&self, diagnostics: &[RuleDiagnostic]) {
+    fn assert(&self, diagnostics: &[LinterDiagnostic]) {
         match self {
             Self::NoDiagnostics => {
                 if !diagnostics.is_empty() {
 
@@ -1,4 +1,4 @@
-use pgls_diagnostics::{Category, DatabaseObjectOwned, Severity, category};
+use pgls_diagnostics::{DatabaseObjectOwned, Severity};
 use serde_json::Value;
 
 use crate::{SplinterAdvices, SplinterDiagnostic, SplinterQueryResult};
 
@@ -62,7 +62,7 @@ pub async fn run_splinter(
     }
 
     // Check if Supabase roles exist (anon, authenticated, service_role)
-    let has_supabase_roles = params.schema_cache.map_or(false, |cache| {
+    let has_supabase_roles = params.schema_cache.is_some_and(|cache| {
         let required_roles = ["anon", "authenticated", "service_role"];
         required_roles.iter().all(|role_name| {
             cache
 
@@ -1,5 +1,5 @@
 use serde_json::Value;
-use sqlx::{PgPool, Row};
+use sqlx::Row;
 
 /// Raw query result from the Splinter SQL query.
 /// This struct represents a single linting issue found in the database.
 
@@ -2,7 +2,6 @@
 
 #![doc = r" Generated file, do not edit by hand, see `xtask/codegen`"]
 use crate::rule::SplinterRule;
-use pgls_analyse::RuleMeta;
 ::pgls_analyse::declare_rule! { # [doc = "/// # Auth RLS Initialization Plan\n///\n/// Detects if calls to \\`current_setting()\\` and \\`auth.<function>()\\` in RLS policies are being unnecessarily re-evaluated for each row\n/// \n/// **Note:** This rule requires Supabase roles (`anon`, `authenticated`, `service_role`). \n/// It will be automatically skipped if these roles don't exist in your database.\n///\n/// ## SQL Query\n///\n/// ```sql\n/// (\n/// with policies as (\n///     select\n///         nsp.nspname as schema_name,\n///         pb.tablename as table_name,\n///         pc.relrowsecurity as is_rls_active,\n///         polname as policy_name,\n///         polpermissive as is_permissive, -- if not, then restrictive\n///         (select array_agg(r::regrole) from unnest(polroles) as x(r)) as roles,\n///         case polcmd\n///             when 'r' then 'SELECT'\n///             when 'a' then 'INSERT'\n///             when 'w' then 'UPDATE'\n///             when 'd' then 'DELETE'\n///             when '*' then 'ALL'\n///         end as command,\n///         qual,\n///         with_check\n///     from\n///         pg_catalog.pg_policy pa\n///         join pg_catalog.pg_class pc\n///             on pa.polrelid = pc.oid\n///         join pg_catalog.pg_namespace nsp\n///             on pc.relnamespace = nsp.oid\n///         join pg_catalog.pg_policies pb\n///             on pc.relname = pb.tablename\n///             and nsp.nspname = pb.schemaname\n///             and pa.polname = pb.policyname\n/// )\n/// select\n///     'auth_rls_initplan' as \"name!\",\n///     'Auth RLS Initialization Plan' as \"title!\",\n///     'WARN' as \"level!\",\n///     'EXTERNAL' as \"facing!\",\n///     array['PERFORMANCE'] as \"categories!\",\n///     'Detects if calls to \\`current_setting()\\` and \\`auth.<function>()\\` in RLS policies are being unnecessarily re-evaluated for each row' as \"description!\",\n///     format(\n///         'Table \\`%s.%s\\` has a row level security policy \\`%s\\` that re-evaluates current_setting() or auth.<function>() for each row. This produces suboptimal query performance at scale. Resolve the issue by replacing \\`auth.<function>()\\` with \\`(select auth.<function>())\\`. See [docs](https://supabase.com/docs/guides/database/postgres/row-level-security#call-functions-with-select) for more info.',\n///         schema_name,\n///         table_name,\n///         policy_name\n///     ) as \"detail!\",\n///     'https://supabase.com/docs/guides/database/database-linter?lint=0003_auth_rls_initplan' as \"remediation!\",\n///     jsonb_build_object(\n///         'schema', schema_name,\n///         'name', table_name,\n///         'type', 'table'\n///     ) as \"metadata!\",\n///     format('auth_rls_init_plan_%s_%s_%s', schema_name, table_name, policy_name) as \"cache_key!\"\n/// from\n///     policies\n/// where\n///     is_rls_active\n///     -- NOTE: does not include realtime in support of monitoring policies on realtime.messages\n///     and schema_name not in (\n///         '_timescaledb_cache', '_timescaledb_catalog', '_timescaledb_config', '_timescaledb_internal', 'auth', 'cron', 'extensions', 'graphql', 'graphql_public', 'information_schema', 'net', 'pgmq', 'pgroonga', 'pgsodium', 'pgsodium_masks', 'pgtle', 'pgbouncer', 'pg_catalog', 'pgtle', 'repack', 'storage', 'supabase_functions', 'supabase_migrations', 'tiger', 'topology', 'vault'\n///     )\n///     and (\n///         -- Example: auth.uid()\n///         (\n///             qual like '%auth.uid()%'\n///             and lower(qual) not like '%select auth.uid()%'\n///         )\n///         or (\n///             qual like '%auth.jwt()%'\n///             and lower(qual) not like '%select auth.jwt()%'\n///         )\n///         or (\n///             qual like '%auth.role()%'\n///             and lower(qual) not like '%select auth.role()%'\n///         )\n///         or (\n///             qual like '%auth.email()%'\n///             and lower(qual) not like '%select auth.email()%'\n///         )\n///         or (\n///             qual like '%current\\_setting(%)%'\n///             and lower(qual) not like '%select current\\_setting(%)%'\n///         )\n///         or (\n///             with_check like '%auth.uid()%'\n///             and lower(with_check) not like '%select auth.uid()%'\n///         )\n///         or (\n///             with_check like '%auth.jwt()%'\n///             and lower(with_check) not like '%select auth.jwt()%'\n///         )\n///         or (\n///             with_check like '%auth.role()%'\n///             and lower(with_check) not like '%select auth.role()%'\n///         )\n///         or (\n///             with_check like '%auth.email()%'\n///             and lower(with_check) not like '%select auth.email()%'\n///         )\n///         or (\n///             with_check like '%current\\_setting(%)%'\n///             and lower(with_check) not like '%select current\\_setting(%)%'\n///         )\n///     ))\n/// ```\n///\n/// ## Configuration\n///\n/// Enable or disable this rule in your configuration:\n///\n/// ```json\n/// {\n///   \"splinter\": {\n///     \"rules\": {\n///       \"performance\": {\n///         \"authRlsInitplan\": \"warn\"\n///       }\n///     }\n///   }\n/// }\n/// ```\n///\n/// ## Remediation\n///\n/// See: <https://supabase.com/docs/guides/database/database-linter?lint=0003_auth_rls_initplan>"] pub AuthRlsInitplan { version : "1.0.0" , name : "authRlsInitplan" , severity : pgls_diagnostics :: Severity :: Warning , } }
 impl SplinterRule for AuthRlsInitplan {
     fn sql_file_path() -> &'static str {
 
@@ -2,7 +2,6 @@
 
 #![doc = r" Generated file, do not edit by hand, see `xtask/codegen`"]
 use crate::rule::SplinterRule;
-use pgls_analyse::RuleMeta;
 ::pgls_analyse::declare_rule! { # [doc = "/// # Duplicate Index\n///\n/// Detects cases where two ore more identical indexes exist.\n///\n/// ## SQL Query\n///\n/// ```sql\n/// (\n/// select\n///     'duplicate_index' as \"name!\",\n///     'Duplicate Index' as \"title!\",\n///     'WARN' as \"level!\",\n///     'EXTERNAL' as \"facing!\",\n///     array['PERFORMANCE'] as \"categories!\",\n///     'Detects cases where two ore more identical indexes exist.' as \"description!\",\n///     format(\n///         'Table \\`%s.%s\\` has identical indexes %s. Drop all except one of them',\n///         n.nspname,\n///         c.relname,\n///         array_agg(pi.indexname order by pi.indexname)\n///     ) as \"detail!\",\n///     'https://supabase.com/docs/guides/database/database-linter?lint=0009_duplicate_index' as \"remediation!\",\n///     jsonb_build_object(\n///         'schema', n.nspname,\n///         'name', c.relname,\n///         'type', case\n///             when c.relkind = 'r' then 'table'\n///             when c.relkind = 'm' then 'materialized view'\n///             else 'ERROR'\n///         end,\n///         'indexes', array_agg(pi.indexname order by pi.indexname)\n///     ) as \"metadata!\",\n///     format(\n///         'duplicate_index_%s_%s_%s',\n///         n.nspname,\n///         c.relname,\n///         array_agg(pi.indexname order by pi.indexname)\n///     ) as \"cache_key!\"\n/// from\n///     pg_catalog.pg_indexes pi\n///     join pg_catalog.pg_namespace n\n///         on n.nspname  = pi.schemaname\n///     join pg_catalog.pg_class c\n///         on pi.tablename = c.relname\n///         and n.oid = c.relnamespace\n///     left join pg_catalog.pg_depend dep\n///         on c.oid = dep.objid\n///         and dep.deptype = 'e'\n/// where\n///     c.relkind in ('r', 'm') -- tables and materialized views\n///     and n.nspname not in (\n///         '_timescaledb_cache', '_timescaledb_catalog', '_timescaledb_config', '_timescaledb_internal', 'auth', 'cron', 'extensions', 'graphql', 'graphql_public', 'information_schema', 'net', 'pgmq', 'pgroonga', 'pgsodium', 'pgsodium_masks', 'pgtle', 'pgbouncer', 'pg_catalog', 'pgtle', 'realtime', 'repack', 'storage', 'supabase_functions', 'supabase_migrations', 'tiger', 'topology', 'vault'\n///     )\n///     and dep.objid is null -- exclude tables owned by extensions\n/// group by\n///     n.nspname,\n///     c.relkind,\n///     c.relname,\n///     replace(pi.indexdef, pi.indexname, '')\n/// having\n///     count(*) > 1)\n/// ```\n///\n/// ## Configuration\n///\n/// Enable or disable this rule in your configuration:\n///\n/// ```json\n/// {\n///   \"splinter\": {\n///     \"rules\": {\n///       \"performance\": {\n///         \"duplicateIndex\": \"warn\"\n///       }\n///     }\n///   }\n/// }\n/// ```\n///\n/// ## Remediation\n///\n/// See: <https://supabase.com/docs/guides/database/database-linter?lint=0009_duplicate_index>"] pub DuplicateIndex { version : "1.0.0" , name : "duplicateIndex" , severity : pgls_diagnostics :: Severity :: Warning , } }
 impl SplinterRule for DuplicateIndex {
     fn sql_file_path() -> &'static str {
 
@@ -2,7 +2,6 @@
 
 #![doc = r" Generated file, do not edit by hand, see `xtask/codegen`"]
 use crate::rule::SplinterRule;
-use pgls_analyse::RuleMeta;
 ::pgls_analyse::declare_rule! { # [doc = "/// # Multiple Permissive Policies\n///\n/// Detects if multiple permissive row level security policies are present on a table for the same \\`role\\` and \\`action\\` (e.g. insert). Multiple permissive policies are suboptimal for performance as each policy must be executed for every relevant query.\n///\n/// ## SQL Query\n///\n/// ```sql\n/// (\n/// select\n///     'multiple_permissive_policies' as \"name!\",\n///     'Multiple Permissive Policies' as \"title!\",\n///     'WARN' as \"level!\",\n///     'EXTERNAL' as \"facing!\",\n///     array['PERFORMANCE'] as \"categories!\",\n///     'Detects if multiple permissive row level security policies are present on a table for the same \\`role\\` and \\`action\\` (e.g. insert). Multiple permissive policies are suboptimal for performance as each policy must be executed for every relevant query.' as \"description!\",\n///     format(\n///         'Table \\`%s.%s\\` has multiple permissive policies for role \\`%s\\` for action \\`%s\\`. Policies include \\`%s\\`',\n///         n.nspname,\n///         c.relname,\n///         r.rolname,\n///         act.cmd,\n///         array_agg(p.polname order by p.polname)\n///     ) as \"detail!\",\n///     'https://supabase.com/docs/guides/database/database-linter?lint=0006_multiple_permissive_policies' as \"remediation!\",\n///     jsonb_build_object(\n///         'schema', n.nspname,\n///         'name', c.relname,\n///         'type', 'table'\n///     ) as \"metadata!\",\n///     format(\n///         'multiple_permissive_policies_%s_%s_%s_%s',\n///         n.nspname,\n///         c.relname,\n///         r.rolname,\n///         act.cmd\n///     ) as \"cache_key!\"\n/// from\n///     pg_catalog.pg_policy p\n///     join pg_catalog.pg_class c\n///         on p.polrelid = c.oid\n///     join pg_catalog.pg_namespace n\n///         on c.relnamespace = n.oid\n///     join pg_catalog.pg_roles r\n///         on p.polroles @> array[r.oid]\n///         or p.polroles = array[0::oid]\n///     left join pg_catalog.pg_depend dep\n///         on c.oid = dep.objid\n///         and dep.deptype = 'e',\n///     lateral (\n///         select x.cmd\n///         from unnest((\n///             select\n///                 case p.polcmd\n///                     when 'r' then array['SELECT']\n///                     when 'a' then array['INSERT']\n///                     when 'w' then array['UPDATE']\n///                     when 'd' then array['DELETE']\n///                     when '*' then array['SELECT', 'INSERT', 'UPDATE', 'DELETE']\n///                     else array['ERROR']\n///                 end as actions\n///         )) x(cmd)\n///     ) act(cmd)\n/// where\n///     c.relkind = 'r' -- regular tables\n///     and p.polpermissive -- policy is permissive\n///     and n.nspname not in (\n///         '_timescaledb_cache', '_timescaledb_catalog', '_timescaledb_config', '_timescaledb_internal', 'auth', 'cron', 'extensions', 'graphql', 'graphql_public', 'information_schema', 'net', 'pgmq', 'pgroonga', 'pgsodium', 'pgsodium_masks', 'pgtle', 'pgbouncer', 'pg_catalog', 'pgtle', 'realtime', 'repack', 'storage', 'supabase_functions', 'supabase_migrations', 'tiger', 'topology', 'vault'\n///     )\n///     and r.rolname not like 'pg_%'\n///     and r.rolname not like 'supabase%admin'\n///     and not r.rolbypassrls\n///     and dep.objid is null -- exclude tables owned by extensions\n/// group by\n///     n.nspname,\n///     c.relname,\n///     r.rolname,\n///     act.cmd\n/// having\n///     count(1) > 1)\n/// ```\n///\n/// ## Configuration\n///\n/// Enable or disable this rule in your configuration:\n///\n/// ```json\n/// {\n///   \"splinter\": {\n///     \"rules\": {\n///       \"performance\": {\n///         \"multiplePermissivePolicies\": \"warn\"\n///       }\n///     }\n///   }\n/// }\n/// ```\n///\n/// ## Remediation\n///\n/// See: <https://supabase.com/docs/guides/database/database-linter?lint=0006_multiple_permissive_policies>"] pub MultiplePermissivePolicies { version : "1.0.0" , name : "multiplePermissivePolicies" , severity : pgls_diagnostics :: Severity :: Warning , } }
 impl SplinterRule for MultiplePermissivePolicies {
     fn sql_file_path() -> &'static str {
 
@@ -2,7 +2,6 @@
 
 #![doc = r" Generated file, do not edit by hand, see `xtask/codegen`"]
 use crate::rule::SplinterRule;
-use pgls_analyse::RuleMeta;
 ::pgls_analyse::declare_rule! { # [doc = "/// # No Primary Key\n///\n/// Detects if a table does not have a primary key. Tables without a primary key can be inefficient to interact with at scale.\n///\n/// ## SQL Query\n///\n/// ```sql\n/// (\n/// select\n///     'no_primary_key' as \"name!\",\n///     'No Primary Key' as \"title!\",\n///     'INFO' as \"level!\",\n///     'EXTERNAL' as \"facing!\",\n///     array['PERFORMANCE'] as \"categories!\",\n///     'Detects if a table does not have a primary key. Tables without a primary key can be inefficient to interact with at scale.' as \"description!\",\n///     format(\n///         'Table \\`%s.%s\\` does not have a primary key',\n///         pgns.nspname,\n///         pgc.relname\n///     ) as \"detail!\",\n///     'https://supabase.com/docs/guides/database/database-linter?lint=0004_no_primary_key' as \"remediation!\",\n///      jsonb_build_object(\n///         'schema', pgns.nspname,\n///         'name', pgc.relname,\n///         'type', 'table'\n///     ) as \"metadata!\",\n///     format(\n///         'no_primary_key_%s_%s',\n///         pgns.nspname,\n///         pgc.relname\n///     ) as \"cache_key!\"\n/// from\n///     pg_catalog.pg_class pgc\n///     join pg_catalog.pg_namespace pgns\n///         on pgns.oid = pgc.relnamespace\n///     left join pg_catalog.pg_index pgi\n///         on pgi.indrelid = pgc.oid\n///     left join pg_catalog.pg_depend dep\n///         on pgc.oid = dep.objid\n///         and dep.deptype = 'e'\n/// where\n///     pgc.relkind = 'r' -- regular tables\n///     and pgns.nspname not in (\n///         '_timescaledb_cache', '_timescaledb_catalog', '_timescaledb_config', '_timescaledb_internal', 'auth', 'cron', 'extensions', 'graphql', 'graphql_public', 'information_schema', 'net', 'pgmq', 'pgroonga', 'pgsodium', 'pgsodium_masks', 'pgtle', 'pgbouncer', 'pg_catalog', 'pgtle', 'realtime', 'repack', 'storage', 'supabase_functions', 'supabase_migrations', 'tiger', 'topology', 'vault'\n///     )\n///     and dep.objid is null -- exclude tables owned by extensions\n/// group by\n///     pgc.oid,\n///     pgns.nspname,\n///     pgc.relname\n/// having\n///     max(coalesce(pgi.indisprimary, false)::int) = 0)\n/// ```\n///\n/// ## Configuration\n///\n/// Enable or disable this rule in your configuration:\n///\n/// ```json\n/// {\n///   \"splinter\": {\n///     \"rules\": {\n///       \"performance\": {\n///         \"noPrimaryKey\": \"warn\"\n///       }\n///     }\n///   }\n/// }\n/// ```\n///\n/// ## Remediation\n///\n/// See: <https://supabase.com/docs/guides/database/database-linter?lint=0004_no_primary_key>"] pub NoPrimaryKey { version : "1.0.0" , name : "noPrimaryKey" , severity : pgls_diagnostics :: Severity :: Information , } }
 impl SplinterRule for NoPrimaryKey {
     fn sql_file_path() -> &'static str {
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-use pgls_diagnostics::{Category, DatabaseObjectOwned, Severity, category};`
	`1`	`+use pgls_diagnostics::{DatabaseObjectOwned, Severity};`
`2`	`2`	`use serde_json::Value;`
`3`	`3`
`4`	`4`	`use crate::{SplinterAdvices, SplinterDiagnostic, SplinterQueryResult};`
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ pub async fn run_splinter(`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`// Check if Supabase roles exist (anon, authenticated, service_role)`
`65`		`- let has_supabase_roles = params.schema_cache.map_or(false, \|cache\| {`
	`65`	`+ let has_supabase_roles = params.schema_cache.is_some_and(\|cache\| {`
`66`	`66`	`let required_roles = ["anon", "authenticated", "service_role"];`
`67`	`67`	`required_roles.iter().all(\|role_name\| {`
`68`	`68`	`cache`