chore: integrate splinter runtime with analyse

Author: psteinroe

Cargo.lock

@@ -1,10 +1,15 @@
+pub mod linter;
+pub mod splinter;
+
+pub use crate::analyser::linter::*;
 use biome_deserialize::Merge;
 use biome_deserialize_macros::Deserializable;
 use pgls_analyser::RuleOptions;
 use pgls_diagnostics::Severity;
 #[cfg(feature = "schema")]
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
+use std::str::FromStr;
 
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
 #[cfg_attr(feature = "schema", derive(JsonSchema))]
@@ -295,3 +300,127 @@ impl<T: Default> Merge for RuleWithFixOptions<T> {
         self.options = other.options;
     }
 }
+
+#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
+pub enum RuleSelector {
+    LinterGroup(linter::RuleGroup),
+    LinterRule(linter::RuleGroup, &'static str),
+    SplinterGroup(splinter::RuleGroup),
+    SplinterRule(splinter::RuleGroup, &'static str),
+}
+
+impl From<RuleSelector> for RuleFilter<'static> {
+    fn from(value: RuleSelector) -> Self {
+        match value {
+            RuleSelector::LinterGroup(group) => RuleFilter::Group(group.as_str()),
+            RuleSelector::LinterRule(group, name) => RuleFilter::Rule(group.as_str(), name),
+            RuleSelector::SplinterGroup(group) => RuleFilter::Group(group.as_str()),
+            RuleSelector::SplinterRule(group, name) => RuleFilter::Rule(group.as_str(), name),
+        }
+    }
+}
+
+impl<'a> From<&'a RuleSelector> for RuleFilter<'static> {
+    fn from(value: &'a RuleSelector) -> Self {
+        match value {
+            RuleSelector::LinterGroup(group) => RuleFilter::Group(group.as_str()),
+            RuleSelector::LinterRule(group, name) => RuleFilter::Rule(group.as_str(), name),
+            RuleSelector::SplinterGroup(group) => RuleFilter::Group(group.as_str()),
+            RuleSelector::SplinterRule(group, name) => RuleFilter::Rule(group.as_str(), name),
+        }
+    }
+}
+
+impl FromStr for RuleSelector {
+    type Err = &'static str;
+    fn from_str(selector: &str) -> Result<Self, Self::Err> {
+        // Check for explicit prefixes
+        if let Some(linter_selector) = selector.strip_prefix("lint/") {
+            return parse_linter_selector(linter_selector);
+        }
+        if let Some(splinter_selector) = selector.strip_prefix("splinter/") {
+            return parse_splinter_selector(splinter_selector);
+        }
+
+        // No prefix: try linter first (for backward compatibility), then splinter
+        parse_linter_selector(selector)
+            .or_else(|_| parse_splinter_selector(selector))
+            .map_err(|_| "This rule or group doesn't exist in linter or splinter.")
+    }
+}
+
+fn parse_linter_selector(selector: &str) -> Result<RuleSelector, &'static str> {
+    if let Some((group_name, rule_name)) = selector.split_once('/') {
+        let group = linter::RuleGroup::from_str(group_name)?;
+        if let Some(rule_name) = linter::Rules::has_rule(group, rule_name) {
+            Ok(RuleSelector::LinterRule(group, rule_name))
+        } else {
+            Err("This linter rule doesn't exist.")
+        }
+    } else {
+        let group = linter::RuleGroup::from_str(selector)?;
+        Ok(RuleSelector::LinterGroup(group))
+    }
+}
+
+fn parse_splinter_selector(selector: &str) -> Result<RuleSelector, &'static str> {
+    if let Some((group_name, rule_name)) = selector.split_once('/') {
+        let group = splinter::RuleGroup::from_str(group_name)?;
+        if let Some(rule_name) = splinter::Rules::has_rule(group, rule_name) {
+            Ok(RuleSelector::SplinterRule(group, rule_name))
+        } else {
+            Err("This splinter rule doesn't exist.")
+        }
+    } else {
+        let group = splinter::RuleGroup::from_str(selector)?;
+        Ok(RuleSelector::SplinterGroup(group))
+    }
+}
+
+impl serde::Serialize for RuleSelector {
+    fn serialize<S: serde::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
+        match self {
+            RuleSelector::LinterGroup(group) => serializer.serialize_str(group.as_str()),
+            RuleSelector::LinterRule(group, rule_name) => {
+                let group_name = group.as_str();
+                serializer.serialize_str(&format!("{group_name}/{rule_name}"))
+            }
+            RuleSelector::SplinterGroup(group) => {
+                serializer.serialize_str(&format!("splinter/{}", group.as_str()))
+            }
+            RuleSelector::SplinterRule(group, rule_name) => {
+                let group_name = group.as_str();
+                serializer.serialize_str(&format!("splinter/{group_name}/{rule_name}"))
+            }
+        }
+    }
+}
+
+impl<'de> serde::Deserialize<'de> for RuleSelector {
+    fn deserialize<D: serde::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
+        struct Visitor;
+        impl serde::de::Visitor<'_> for Visitor {
+            type Value = RuleSelector;
+            fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
+                formatter.write_str("<group>/<ruyle_name>")
+            }
+            fn visit_str<E: serde::de::Error>(self, v: &str) -> Result<Self::Value, E> {
+                match RuleSelector::from_str(v) {
+                    Ok(result) => Ok(result),
+                    Err(error) => Err(serde::de::Error::custom(error)),
+                }
+            }
+        }
+        deserializer.deserialize_str(Visitor)
+    }
+}
+
+#[cfg(feature = "schema")]
+impl schemars::JsonSchema for RuleSelector {
+    fn schema_name() -> String {
+        "RuleCode".to_string()
+    }
+    fn json_schema(r#gen: &mut schemars::r#gen::SchemaGenerator) -> schemars::schema::Schema {
+        String::json_schema(r#gen)
+    }
+}

PLAN.md

@@ -11,11 +11,12 @@ repository.workspace = true
 version              = "0.0.0"
 
 [dependencies]
-pgls_analyse.workspace     = true
-pgls_diagnostics.workspace = true
-serde.workspace            = true
-serde_json.workspace       = true
-sqlx.workspace             = true
+pgls_analyse.workspace      = true
+pgls_diagnostics.workspace  = true
+pgls_schema_cache.workspace = true
+serde.workspace             = true
+serde_json.workspace        = true
+sqlx.workspace              = true
 
 [build-dependencies]
 ureq = "2.10"

crates/pgls_configuration/src/rules/configuration.rs

@@ -11,15 +11,12 @@ impl From<SplinterQueryResult> for SplinterDiagnostic {
         let (schema, object_name, object_type, additional_metadata) =
             extract_metadata_fields(&result.metadata);
 
-        // for now, we just take the first category as the group
-        let group = result
-            .categories
-            .first()
-            .map(|s| s.to_lowercase())
-            .unwrap_or_else(|| "unknown".to_string());
+        // Look up category from generated registry function
+        let category = crate::registry::get_rule_category(&result.name)
+            .expect("Rule name should map to a valid category");
 
         SplinterDiagnostic {
-            category: rule_name_to_category(&result.name, &group),
+            category,
             message: result.detail.into(),
             severity,
             db_object: object_name.as_ref().map(|name| DatabaseObjectOwned {
@@ -49,68 +46,6 @@ fn parse_severity(level: &str) -> Severity {
     }
 }
 
-/// Convert rule name and group to a Category
-/// Note: Rule names use snake_case, but categories use camelCase
-fn rule_name_to_category(name: &str, group: &str) -> &'static Category {
-    // we cannot use convert_case here because category! macro requires a string literal
-    match (group, name) {
-        ("performance", "unindexed_foreign_keys") => {
-            category!("splinter/performance/unindexedForeignKeys")
-        }
-        ("performance", "auth_rls_initplan") => {
-            category!("splinter/performance/authRlsInitplan")
-        }
-        ("performance", "no_primary_key") => category!("splinter/performance/noPrimaryKey"),
-        ("performance", "unused_index") => category!("splinter/performance/unusedIndex"),
-        ("performance", "duplicate_index") => category!("splinter/performance/duplicateIndex"),
-        ("performance", "table_bloat") => category!("splinter/performance/tableBloat"),
-        ("performance", "multiple_permissive_policies") => {
-            category!("splinter/performance/multiplePermissivePolicies")
-        }
-        ("security", "auth_users_exposed") => category!("splinter/security/authUsersExposed"),
-        ("security", "extension_versions_outdated") => {
-            category!("splinter/security/extensionVersionsOutdated")
-        }
-        ("security", "policy_exists_rls_disabled") => {
-            category!("splinter/security/policyExistsRlsDisabled")
-        }
-        ("security", "rls_enabled_no_policy") => {
-            category!("splinter/security/rlsEnabledNoPolicy")
-        }
-        ("security", "security_definer_view") => {
-            category!("splinter/security/securityDefinerView")
-        }
-        ("security", "function_search_path_mutable") => {
-            category!("splinter/security/functionSearchPathMutable")
-        }
-        ("security", "rls_disabled_in_public") => {
-            category!("splinter/security/rlsDisabledInPublic")
-        }
-        ("security", "extension_in_public") => category!("splinter/security/extensionInPublic"),
-        ("security", "rls_references_user_metadata") => {
-            category!("splinter/security/rlsReferencesUserMetadata")
-        }
-        ("security", "materialized_view_in_api") => {
-            category!("splinter/security/materializedViewInApi")
-        }
-        ("security", "foreign_table_in_api") => {
-            category!("splinter/security/foreignTableInApi")
-        }
-        ("security", "unsupported_reg_types") => {
-            category!("splinter/security/unsupportedRegTypes")
-        }
-        ("security", "insecure_queue_exposed_in_api") => {
-            category!("splinter/security/insecureQueueExposedInApi")
-        }
-        ("security", "fkey_to_auth_unique") => category!("splinter/security/fkeyToAuthUnique"),
-        _ => {
-            // Log a warning for unknown rules but provide a fallback
-            eprintln!("Warning: Unknown splinter rule: {}/{}", group, name);
-            category!("splinter/performance/unindexedForeignKeys") // Fallback to first rule
-        }
-    }
-}
-
 /// Extract common metadata fields and return the rest as additional_metadata
 fn extract_metadata_fields(
     metadata: &Value,

crates/pgls_splinter/Cargo.toml

@@ -5,6 +5,8 @@ pub mod registry;
 pub mod rule;
 pub mod rules;
 
+use pgls_analyse::{AnalysisFilter, RegistryVisitor, RuleMeta};
+use pgls_schema_cache::SchemaCache;
 use sqlx::PgPool;
 
 pub use diagnostics::{SplinterAdvices, SplinterDiagnostic};
@@ -14,41 +16,103 @@ pub use rule::SplinterRule;
 #[derive(Debug)]
 pub struct SplinterParams<'a> {
     pub conn: &'a PgPool,
+    pub schema_cache: Option<&'a SchemaCache>,
 }
 
-async fn check_supabase_roles(conn: &PgPool) -> Result<bool, sqlx::Error> {
-    let required_roles = ["anon", "authenticated", "service_role"];
+/// Visitor that collects enabled splinter rules based on filter
+struct SplinterRuleCollector<'a> {
+    filter: &'a AnalysisFilter<'a>,
+    enabled_rules: Vec<String>, // rule names in camelCase
+}
 
-    let existing_roles: Vec<String> =
-        sqlx::query_scalar("SELECT rolname FROM pg_roles WHERE rolname = ANY($1)")
-            .bind(&required_roles[..])
-            .fetch_all(conn)
-            .await?;
+impl<'a> RegistryVisitor for SplinterRuleCollector<'a> {
+    fn record_category<C: pgls_analyse::GroupCategory>(&mut self) {
+        if self.filter.match_category::<C>() {
+            C::record_groups(self);
+        }
+    }
 
-    // Check if all required roles exist
-    let all_exist = required_roles
-        .iter()
-        .all(|role| existing_roles.contains(&(*role).to_string()));
+    fn record_group<G: pgls_analyse::RuleGroup>(&mut self) {
+        if self.filter.match_group::<G>() {
+            G::record_rules(self);
+        }
+    }
 
-    Ok(all_exist)
+    fn record_rule<R: RuleMeta>(&mut self) {
+        if self.filter.match_rule::<R>() {
+            self.enabled_rules.push(R::METADATA.name.to_string());
+        }
+    }
 }
 
 pub async fn run_splinter(
     params: SplinterParams<'_>,
+    filter: &AnalysisFilter<'_>,
 ) -> Result<Vec<SplinterDiagnostic>, sqlx::Error> {
-    let mut all_results = Vec::new();
+    // Use visitor pattern to collect enabled rules
+    let mut collector = SplinterRuleCollector {
+        filter,
+        enabled_rules: Vec::new(),
+    };
+    crate::registry::visit_registry(&mut collector);
+
+    // If no rules are enabled, return early
+    if collector.enabled_rules.is_empty() {
+        return Ok(Vec::new());
+    }
+
+    // Check if Supabase roles exist (anon, authenticated, service_role)
+    let has_supabase_roles = params.schema_cache.map_or(false, |cache| {
+        let required_roles = ["anon", "authenticated", "service_role"];
+        required_roles.iter().all(|role_name| {
+            cache
+                .roles
+                .iter()
+                .any(|role| role.name.as_str() == *role_name)
+        })
+    });
+
+    // Build dynamic SQL query from enabled rules
+    // Filter out Supabase-specific rules if Supabase roles don't exist
+    // SQL content is embedded at compile time using include_str! for performance
+    let mut sql_queries = Vec::new();
 
-    let generic_results = query::load_generic_splinter_results(params.conn).await?;
-    all_results.extend(generic_results);
+    for rule_name in &collector.enabled_rules {
+        // Skip Supabase-specific rules if Supabase roles don't exist
+        if !has_supabase_roles && crate::registry::rule_requires_supabase(rule_name) {
+            continue;
+        }
 
-    // Only run Supabase-specific rules if the required roles exist
-    let has_supabase_roles = check_supabase_roles(params.conn).await?;
-    if has_supabase_roles {
-        let supabase_results = query::load_supabase_splinter_results(params.conn).await?;
-        all_results.extend(supabase_results);
+        // Get embedded SQL content (compile-time included)
+        if let Some(sql) = crate::registry::get_sql_content(rule_name) {
+            sql_queries.push(sql);
+        }
     }
 
-    let diagnostics: Vec<SplinterDiagnostic> = all_results.into_iter().map(Into::into).collect();
+    // If no SQL files could be read, return early
+    if sql_queries.is_empty() {
+        return Ok(Vec::new());
+    }
+
+    // Combine SQL queries with UNION ALL
+    let combined_sql = sql_queries.join("\n\nUNION ALL\n\n");
+
+    // Execute the combined query
+    let mut tx = params.conn.begin().await?;
+
+    // Set search path as done in the original implementation
+    sqlx::query("set local search_path = ''")
+        .execute(&mut *tx)
+        .await?;
+
+    let results = sqlx::query_as::<_, SplinterQueryResult>(&combined_sql)
+        .fetch_all(&mut *tx)
+        .await?;
+
+    tx.commit().await?;
+
+    // Convert results to diagnostics
+    let diagnostics: Vec<SplinterDiagnostic> = results.into_iter().map(Into::into).collect();
 
     Ok(diagnostics)
 }