Merge pull request #115 from Maxteabag/warning-operationsf

Add query alert mode

Author: Maxteabag

config/settings.template.json

@@ -7,6 +7,7 @@
   "process_worker_warm_on_idle": true,
   "process_worker_auto_shutdown_s": 0,
   "ui_stall_watchdog_ms": 0,
+  "query_alert_mode": 0,
   "allow_plaintext_credentials": false,
   "mock": {
     "enabled": true,

sqlit/domains/query/app/alerts.py

@@ -0,0 +1,132 @@
+"""Query alert classification and alert mode helpers."""
+
+from __future__ import annotations
+
+import re
+from enum import IntEnum
+
+from sqlit.domains.query.app.multi_statement import split_statements
+
+
+class AlertMode(IntEnum):
+    """Alert mode thresholds (user-configured)."""
+
+    OFF = 0
+    DELETE = 1
+    WRITE = 2
+
+
+class AlertSeverity(IntEnum):
+    """Severity classification for a query."""
+
+    NONE = 0
+    WRITE = 1
+    DELETE = 2
+
+
+_DELETE_KEYWORDS = ("DELETE",)
+_WRITE_KEYWORDS = (
+    "CREATE",
+    "ALTER",
+    "DROP",
+    "TRUNCATE",
+    "RENAME",
+    "INSERT",
+    "UPDATE",
+    "MERGE",
+    "REPLACE",
+    "UPSERT",
+    "DELETE",
+)
+
+_DELETE_RE = re.compile(r"\b(?:%s)\b" % "|".join(_DELETE_KEYWORDS), re.IGNORECASE)
+_WRITE_RE = re.compile(r"\b(?:%s)\b" % "|".join(_WRITE_KEYWORDS), re.IGNORECASE)
+
+_SINGLE_QUOTE_RE = re.compile(r"'[^']*'")
+_DOUBLE_QUOTE_RE = re.compile(r'"[^"]*"')
+_BACKTICK_RE = re.compile(r"`[^`]*`")
+_BRACKET_RE = re.compile(r"\[[^\]]*]")
+_LINE_COMMENT_RE = re.compile(r"--[^\n]*")
+_BLOCK_COMMENT_RE = re.compile(r"/\*.*?\*/", re.DOTALL)
+
+
+def parse_alert_mode(value: str | int | None) -> AlertMode | None:
+    """Parse a user-provided alert mode value."""
+    if value is None:
+        return None
+    if isinstance(value, int):
+        return _coerce_alert_mode(value)
+    raw = str(value).strip().lower()
+    if not raw:
+        return None
+    if raw in {"0", "off", "none", "disable", "disabled"}:
+        return AlertMode.OFF
+    if raw in {"1", "delete", "destructive", "danger"}:
+        return AlertMode.DELETE
+    if raw in {"2", "write", "writes", "edit", "update"}:
+        return AlertMode.WRITE
+    return None
+
+
+def format_alert_mode(mode: AlertMode) -> str:
+    """Human-readable alert mode."""
+    if mode == AlertMode.DELETE:
+        return "delete"
+    if mode == AlertMode.WRITE:
+        return "write"
+    return "off"
+
+
+def should_confirm(mode: AlertMode, severity: AlertSeverity) -> bool:
+    """Return True if the given severity should prompt confirmation."""
+    if mode == AlertMode.DELETE:
+        return severity == AlertSeverity.DELETE
+    if mode == AlertMode.WRITE:
+        return severity in {AlertSeverity.WRITE, AlertSeverity.DELETE}
+    return False
+
+
+def classify_query_alert(sql: str) -> AlertSeverity:
+    """Classify a SQL query for alerting."""
+    if not sql:
+        return AlertSeverity.NONE
+    highest = AlertSeverity.NONE
+    for statement in split_statements(sql):
+        severity = _classify_statement(statement)
+        if severity == AlertSeverity.DELETE:
+            return severity
+        if severity.value > highest.value:
+            highest = severity
+    return highest
+
+
+def _classify_statement(statement: str) -> AlertSeverity:
+    cleaned = _strip_comments_and_literals(statement)
+    if not cleaned:
+        return AlertSeverity.NONE
+    if _DELETE_RE.search(cleaned):
+        return AlertSeverity.DELETE
+    if _WRITE_RE.search(cleaned):
+        return AlertSeverity.WRITE
+    return AlertSeverity.NONE
+
+
+def _strip_comments_and_literals(sql: str) -> str:
+    """Remove comments and quoted literals/identifiers for keyword scanning."""
+    cleaned = _LINE_COMMENT_RE.sub("", sql)
+    cleaned = _BLOCK_COMMENT_RE.sub("", cleaned)
+    cleaned = _SINGLE_QUOTE_RE.sub("''", cleaned)
+    cleaned = _DOUBLE_QUOTE_RE.sub('""', cleaned)
+    cleaned = _BACKTICK_RE.sub("``", cleaned)
+    cleaned = _BRACKET_RE.sub("[]", cleaned)
+    return cleaned
+
+
+def _coerce_alert_mode(value: int) -> AlertMode | None:
+    try:
+        mode = AlertMode(int(value))
+    except (TypeError, ValueError):
+        return None
+    if mode in {AlertMode.OFF, AlertMode.DELETE, AlertMode.WRITE}:
+        return mode
+    return None

sqlit/domains/query/ui/mixins/query_execution.py

@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING, Any, Callable
 
 from sqlit.domains.explorer.ui.tree import db_switching as tree_db_switching
 from sqlit.domains.process_worker.ui.mixins.process_worker_lifecycle import (
@@ -58,16 +58,19 @@ def action_execute_query_atomic(self: QueryMixinHost) -> None:
             self.notify("No query to execute", severity="warning")
             return
 
-        if hasattr(self, "_query_worker") and self._query_worker is not None:
-            self._query_worker.cancel()
+        def _proceed() -> None:
+            if hasattr(self, "_query_worker") and self._query_worker is not None:
+                self._query_worker.cancel()
 
-        self._start_query_spinner()
+            self._start_query_spinner()
 
-        self._query_worker = self.run_worker(
-            self._run_query_atomic_async(query),
-            name="query_execution_atomic",
-            exclusive=True,
-        )
+            self._query_worker = self.run_worker(
+                self._run_query_atomic_async(query),
+                name="query_execution_atomic",
+                exclusive=True,
+            )
+
+        self._maybe_confirm_query(query, _proceed)
 
     def action_execute_single_statement(self: QueryMixinHost) -> None:
         """Execute only the SQL statement at the current cursor position."""
@@ -96,16 +99,19 @@ def action_execute_single_statement(self: QueryMixinHost) -> None:
             self.notify("No statement found at cursor", severity="warning")
             return
 
-        if hasattr(self, "_query_worker") and self._query_worker is not None:
-            self._query_worker.cancel()
+        def _proceed() -> None:
+            if hasattr(self, "_query_worker") and self._query_worker is not None:
+                self._query_worker.cancel()
 
-        self._start_query_spinner()
+            self._start_query_spinner()
 
-        self._query_worker = self.run_worker(
-            self._run_query_async(statement, keep_insert_mode=False),
-            name="query_execution_single",
-            exclusive=True,
-        )
+            self._query_worker = self.run_worker(
+                self._run_query_async(statement, keep_insert_mode=False),
+                name="query_execution_single",
+                exclusive=True,
+            )
+
+        self._maybe_confirm_query(statement, _proceed)
 
     def _execute_query_common(self: QueryMixinHost, keep_insert_mode: bool) -> None:
         """Common query execution logic."""
@@ -119,15 +125,71 @@ def _execute_query_common(self: QueryMixinHost, keep_insert_mode: bool) -> None:
             self.notify("No query to execute", severity="warning")
             return
 
-        if hasattr(self, "_query_worker") and self._query_worker is not None:
-            self._query_worker.cancel()
+        def _proceed() -> None:
+            if hasattr(self, "_query_worker") and self._query_worker is not None:
+                self._query_worker.cancel()
+
+            self._start_query_spinner()
+
+            self._query_worker = self.run_worker(
+                self._run_query_async(query, keep_insert_mode),
+                name="query_execution",
+                exclusive=True,
+            )
+
+        self._maybe_confirm_query(query, _proceed)
+
+    def _maybe_confirm_query(self: QueryMixinHost, query: str, proceed: Callable[[], None]) -> None:
+        """Confirm query execution based on alert mode, then call proceed."""
+        from sqlit.domains.query.app.alerts import (
+            AlertMode,
+            AlertSeverity,
+            classify_query_alert,
+            format_alert_mode,
+            should_confirm,
+        )
+        from sqlit.shared.ui.screens.confirm import ConfirmScreen
 
-        self._start_query_spinner()
+        raw_mode = getattr(self.services.runtime, "query_alert_mode", 0) or 0
+        try:
+            mode = AlertMode(int(raw_mode))
+        except ValueError:
+            mode = AlertMode.OFF
+
+        if mode == AlertMode.OFF:
+            proceed()
+            return
+
+        severity = classify_query_alert(query)
+        if severity == AlertSeverity.NONE or not should_confirm(mode, severity):
+            proceed()
+            return
+
+        title = "Confirm query"
+        if severity == AlertSeverity.DELETE:
+            title = "Confirm DELETE query"
+        elif severity == AlertSeverity.WRITE:
+            title = "Confirm write query"
+
+        description = None
+        snippet = query.strip().splitlines()[0] if query.strip() else ""
+        if snippet:
+            if len(snippet) > 120:
+                snippet = snippet[:117] + "..."
+            description = snippet
+
+        def _on_result(confirmed: bool | None) -> None:
+            if confirmed:
+                proceed()
+                return
+            self.notify(
+                f"Query cancelled (alert mode: {format_alert_mode(mode)})",
+                severity="warning",
+            )
 
-        self._query_worker = self.run_worker(
-            self._run_query_async(query, keep_insert_mode),
-            name="query_execution",
-            exclusive=True,
+        self.push_screen(
+            ConfirmScreen(title, description, yes_label="Run", no_label="Cancel"),
+            _on_result,
         )
 
     def _start_query_spinner(self: QueryMixinHost) -> None:

sqlit/domains/shell/app/commands/__init__.py

@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 from .router import dispatch_command, register_command_handler
+from . import alert as _alert
 from . import credentials as _credentials
 from . import debug as _debug
 from . import watchdog as _watchdog

sqlit/domains/shell/app/commands/alert.py

@@ -0,0 +1,50 @@
+"""Query alert mode command handlers."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from sqlit.domains.query.app.alerts import AlertMode, format_alert_mode, parse_alert_mode
+
+from .router import register_command_handler
+
+
+def _handle_alert_command(app: Any, cmd: str, args: list[str]) -> bool:
+    if cmd not in {"alert", "alerts"}:
+        return False
+
+    value = args[0].lower() if args else ""
+    if not value:
+        _show_alert_status(app)
+        return True
+
+    mode = parse_alert_mode(value)
+    if mode is None:
+        app.notify("Usage: :alert off|delete|write", severity="warning")
+        return True
+
+    _set_alert_mode(app, mode)
+    return True
+
+
+def _show_alert_status(app: Any) -> None:
+    mode = _get_alert_mode(app)
+    label = format_alert_mode(mode)
+    app.notify(f"Query alerts: {label}")
+
+
+def _set_alert_mode(app: Any, mode: AlertMode) -> None:
+    app.services.runtime.query_alert_mode = int(mode)
+    try:
+        app.services.settings_store.set("query_alert_mode", int(mode))
+    except Exception:
+        pass
+    app.notify(f"Query alerts set to {format_alert_mode(mode)}")
+
+
+def _get_alert_mode(app: Any) -> AlertMode:
+    raw = getattr(app.services.runtime, "query_alert_mode", 0) or 0
+    return AlertMode(int(raw))
+
+
+register_command_handler(_handle_alert_command)

sqlit/domains/shell/app/main.py

@@ -748,6 +748,7 @@ def _show_command_list(self) -> None:
                 "Use 'plaintext' to store passwords in ~/.sqlit/ (protected folder), 'keyring' to use system keyring.",
             ),
             ("Appearance", ":theme", "Open theme selection", ""),
+            ("Query", ":alert off|delete|write", "Confirm before risky queries", "Modes: off, delete, write"),
             ("Query", ":run, :r", "Execute query", ""),
             ("Query", ":run!, :r!", "Execute query (stay in INSERT)", ""),
             (

sqlit/domains/shell/app/startup_flow.py

@@ -56,16 +56,12 @@ def run_on_mount(app: AppProtocol) -> None:
             )
         except (TypeError, ValueError):
             app.services.runtime.ui_stall_watchdog_ms = 0.0
-    if "show_line_numbers" in settings:
-        try:
-            app.query_input.show_line_numbers = bool(settings.get("show_line_numbers"))
-        except Exception:
-            pass
-    if "relative_line_numbers" in settings:
-        try:
-            app.query_input.relative_line_numbers = bool(settings.get("relative_line_numbers"))
-        except Exception:
-            pass
+    if "query_alert_mode" in settings:
+        from sqlit.domains.query.app.alerts import parse_alert_mode
+
+        mode = parse_alert_mode(settings.get("query_alert_mode"))
+        if mode is not None:
+            app.services.runtime.query_alert_mode = int(mode)
     app._startup_stamp("settings_applied")
 
     apply_mock_settings(app, settings)

sqlit/domains/shell/state/machine.py

@@ -310,5 +310,16 @@ def binding(key: str, desc: str, indent: int = 4) -> str:
         lines.append(section("COMMAND MODE"))
         lines.append(binding(":", "Enter command mode"))
         lines.append(binding(":commands", "Show command list"))
+        lines.append("")
+
+        # ═══════════════════════════════════════════════════════════════════
+        # SETTINGS
+        # ═══════════════════════════════════════════════════════════════════
+        lines.append(section("SETTINGS"))
+        lines.append(binding(":alert off|delete|write", "Confirm risky queries"))
+        lines.append(binding(":set number, :set nu", "Show line numbers"))
+        lines.append(binding(":set nonumber, :set nonu", "Hide line numbers"))
+        lines.append(binding(":set relativenumber, :set rnu", "Show relative line numbers"))
+        lines.append(binding(":set norelativenumber, :set nornu", "Show absolute line numbers"))
 
         return "\n".join(lines)

sqlit/shared/app/runtime.py

@@ -43,6 +43,7 @@ class RuntimeConfig:
     process_worker_warm_on_idle: bool = True
     process_worker_auto_shutdown_s: float = 0.0
     ui_stall_watchdog_ms: float = 0.0
+    query_alert_mode: int = 0
     mock: MockConfig = field(default_factory=MockConfig)
 
     @classmethod