Merged
Conversation
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds a Changes
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/adapter-mariadb/src/mariadb.test.ts`:
- Around line 11-14: The global vi.mock('mariadb') call is hoisted and prevents
the real driver from being exercised by tests like the credential-sanitization
case; scope or replace it. Remove or move the top-level vi.mock('mariadb', ...)
out of the file and instead mock only inside the tests that construct the
adapter (e.g., the constructor-specific describe/it blocks), or replace the
global mock with vi.spyOn(mariadb, 'createPool') inside those tests so the
credential-sanitization test still imports the real mariadb parser and throws a
real parse error; update tests that expect createPool behavior to
restore/teardown the spy/mock after each test.
- Around line 72-87: The test currently asserts the selected method was called
but not that the other method was not called; update the test for
PrismaMariaDbAdapter.executeRaw to also assert the non-selected client method on
mockClient (i.e., if expectedMethod === 'execute' assert mockClient.query was
not called, and vice versa) so the test ensures exclusive routing between
mockClient.execute and mockClient.query for each useTextProtocol case.
In `@packages/adapter-mariadb/src/mariadb.ts`:
- Around line 136-140: Add a JSDoc comment to the exported PrismaMariadbOptions
type describing the new useTextProtocol option: explain what enabling
useTextProtocol does (switches the driver to the MariaDB text protocol instead
of the binary protocol), list the visible behavioral differences/limitations
callers accept (e.g., potential performance or type/encoding differences,
limited support for certain column types or prepared statement features), and
advise when to use it or that it is opt-in with breaking tradeoffs; place the
comment directly above the PrismaMariadbOptions declaration and reference the
useTextProtocol field name in the text so it appears in generated API docs.
- Around line 223-225: The code currently only sets prepareCacheLength = 0 for
object configs but skips the string-config path; update the
constructor/initialization that sets this.#config so that when this.#config is a
string you replace it with an equivalent config object that includes
prepareCacheLength: 0 (or wrap the string into { connectionString: <string>,
prepareCacheLength: 0 }) so the default applies in both branches; reference the
private field this.#config and the prepareCacheLength property in your change
and add a regression test that constructs the factory with a connection string
and asserts the prepareCacheLength default (and that the leak-mitigation
behavior is exercised) to cover the string-config path.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 5cb89331-8b0d-41e2-85d4-1735844493fb
📒 Files selected for processing (2)
packages/adapter-mariadb/src/mariadb.test.tspackages/adapter-mariadb/src/mariadb.ts
Contributor
size-limit report 📦
|
Contributor
There was a problem hiding this comment.
♻️ Duplicate comments (2)
packages/adapter-mariadb/src/mariadb.ts (1)
136-150:⚠️ Potential issue | 🟡 MinorUse JSDoc here, and keep the
databasedocs truthful.
/* ... */will not be picked up as documentation for this exported type, and the text on Lines 138-139 promises connection-string inference that this file never performs—getConnectionInfo()only readsthis.mariadbOptions?.databaseon Line 172.📝 Suggested doc update
+/** + * Adapter-specific options that are not forwarded to the MariaDB pool. + */ export type PrismaMariadbOptions = { - /* - * The name of the database to connect to. If not provided, the adapter will attempt to infer - * it from the connection string. - */ + /** Database name reported through `getConnectionInfo()`. */ database?: string - /* - * Whether to use the text protocol for all queries. If false or not set, the adapter will use - * the binary protocol. - */ + /** + * Use the driver's text protocol (`query`) instead of the binary protocol (`execute`). + * This avoids prepared statements, but opts into the text-protocol edge cases. + */ useTextProtocol?: boolean - /* - * The callback to be attached to the connection's 'error' event. - */ + /** Callback attached to transaction connection `error` events. */ onConnectionError?: (err: mariadb.SqlError) => void }As per coding guidelines, "Use documentation comments for exported items in TypeScript/JavaScript files".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/adapter-mariadb/src/mariadb.ts` around lines 136 - 150, Replace the /* ... */ comments on the exported type PrismaMariadbOptions with JSDoc /** ... */ comments and make the `database` description truthful (state that it is optional and used directly by getConnectionInfo() / read from this.mariadbOptions?.database rather than inferred from a connection string); also add JSDoc entries for `useTextProtocol` and `onConnectionError` (mention it is a callback receiving mariadb.SqlError) so the exported type has proper tooling-visible documentation and accurate behavior descriptions.packages/adapter-mariadb/src/mariadb.test.ts (1)
79-87:⚠️ Potential issue | 🟠 Major
vi.mock()insidebeforeAll()is still hoisted file-wide.Vitest hoists
vi.mock()calls, so the credential-sanitization case at Lines 37-52 still will not hit the real MariaDB parser; oncefactory.connect()resolves against the mocked module, Lines 47-50 only observe the test's own failure path. Usevi.spyOn(mariadb, 'createPool')inside these constructor tests, or move them to a separate file that can safely mock the module.🧪 Safer test shape
-import { describe, expect, test, vi, beforeAll, afterAll } from 'vitest' +import { afterEach, describe, expect, test, vi } from 'vitest'describe('PrismaMariaDbAdapterFactory constructor', () => { - beforeAll(() => { - vi.mock('mariadb', () => ({ - createPool: vi.fn(), - })) - }) - - afterAll(() => { - vi.doUnmock('mariadb') + afterEach(() => { + vi.restoreAllMocks() })- const mockCreatePool = vi.mocked(mariadb.createPool) - mockCreatePool.mockReturnValue({ + const mockCreatePool = vi.spyOn(mariadb, 'createPool').mockReturnValue({ query: vi.fn().mockResolvedValue([['8.0.13']]), end: vi.fn(), } as unknown as mariadb.Pool)Does Vitest hoist `vi.mock()` calls even when they are declared inside `beforeAll()` or a `describe()` block?🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/adapter-mariadb/src/mariadb.test.ts` around lines 79 - 87, The vi.mock call in mariadb.test.ts is hoisted so the constructor tests never exercise the real MariaDB parser; replace the file-wide vi.mock in beforeAll/afterAll with a per-test spy or isolate the tests: inside the constructor/credential-sanitization tests use vi.spyOn(require('mariadb'), 'createPool') (or import mariadb and spyOn(mariadb, 'createPool')) to stub behavior only for that test, or move those constructor tests into a separate file where you can safely mock the module; ensure factory.connect and the code paths around the parser/credential handling now run against the real module unless explicitly spied.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@packages/adapter-mariadb/src/mariadb.test.ts`:
- Around line 79-87: The vi.mock call in mariadb.test.ts is hoisted so the
constructor tests never exercise the real MariaDB parser; replace the file-wide
vi.mock in beforeAll/afterAll with a per-test spy or isolate the tests: inside
the constructor/credential-sanitization tests use vi.spyOn(require('mariadb'),
'createPool') (or import mariadb and spyOn(mariadb, 'createPool')) to stub
behavior only for that test, or move those constructor tests into a separate
file where you can safely mock the module; ensure factory.connect and the code
paths around the parser/credential handling now run against the real module
unless explicitly spied.
In `@packages/adapter-mariadb/src/mariadb.ts`:
- Around line 136-150: Replace the /* ... */ comments on the exported type
PrismaMariadbOptions with JSDoc /** ... */ comments and make the `database`
description truthful (state that it is optional and used directly by
getConnectionInfo() / read from this.mariadbOptions?.database rather than
inferred from a connection string); also add JSDoc entries for `useTextProtocol`
and `onConnectionError` (mention it is a callback receiving mariadb.SqlError) so
the exported type has proper tooling-visible documentation and accurate behavior
descriptions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: fbb1aa6d-4104-4f61-a68e-1e7139599007
📒 Files selected for processing (2)
packages/adapter-mariadb/src/mariadb.test.tspackages/adapter-mariadb/src/mariadb.ts
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/adapter-mariadb/src/mariadb.test.ts (1)
45-50:⚠️ Potential issue | 🟠 MajorDon’t catch your own
expect.fail()here.If
factory.connect()resolves, Line 47 throws and thiscatchimmediately swallows that assertion, so the test still passes as long as the thrown message does not contain the password.🧪 One safe way to capture the rejection
- try { - await factory.connect() - expect.fail('Expected connection to fail') - } catch (error) { - const errorMessage = String(error) - expect(errorMessage).not.toContain(secretPassword) - } + const result = await factory.connect().then( + () => ({ status: 'resolved' as const }), + (error) => ({ status: 'rejected' as const, error }), + ) + + expect(result.status).toBe('rejected') + if (result.status === 'rejected') { + expect(String(result.error)).not.toContain(secretPassword) + }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/adapter-mariadb/src/mariadb.test.ts` around lines 45 - 50, The current try/catch swallows the expect.fail() when factory.connect() unexpectedly resolves; instead create the connection promise (const connPromise = factory.connect()), assert rejection with Jest's rejects matcher (await expect(connPromise).rejects.toBeDefined()), then capture the error via const error = await connPromise.catch(e => e) and assert expect(String(error)).not.toContain(secretPassword); remove the expect.fail() and the surrounding try/catch so the test reliably fails if connect() resolves and still checks the error message for the secret.
♻️ Duplicate comments (1)
packages/adapter-mariadb/src/mariadb.test.ts (1)
79-87:⚠️ Potential issue | 🟠 Major
vi.mock()here still affects the whole module.Vitest documents that
vi.mock()is hoisted wherever it appears—even inside hooks—and thatvi.doMock()only affects subsequent dynamic imports. With the staticimport * as mariadbat Line 1, thisbeforeAllblock does not keep the mock local to this suite, so the credential-sanitization test above can still exercise the mocked driver instead of the real parser. Usevi.spyOn(mariadb, 'createPool')here, or switch tovi.doMock()plus a dynamic import of the code under test. (vitest.dev)🔧 One way to keep the mock local to this suite
-import { describe, expect, test, vi, beforeAll, afterAll } from 'vitest' +import { afterAll, afterEach, describe, expect, test, vi } from 'vitest' describe('PrismaMariaDbAdapterFactory constructor', () => { - beforeAll(() => { - vi.mock('mariadb', () => ({ - createPool: vi.fn(), - })) - }) + const mockCreatePool = vi.spyOn(mariadb, 'createPool') + + afterEach(() => { + mockCreatePool.mockReset() + }) afterAll(() => { - vi.doUnmock('mariadb') + mockCreatePool.mockRestore() })🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/adapter-mariadb/src/mariadb.test.ts` around lines 79 - 87, The test uses vi.mock('mariadb') inside beforeAll which is hoisted and thus affects the statically imported mariadb module globally; replace that with a local spy or a dynamic mock: either change the setup to vi.spyOn(mariadb, 'createPool') (referencing the imported mariadb and its createPool) so only the createPool function is stubbed for this suite, or switch to vi.doMock('mariadb') and perform a dynamic import of the code under test so the mock only applies to this suite (adjust test file to import the module-under-test after calling vi.doMock).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/adapter-mariadb/src/mariadb.test.ts`:
- Around line 56-61: The test uses a string-indexed lookup
flagToMethod[String(!!flag)] which forces method to be a plain string; replace
the string-indexed object with an explicitly typed mapping or direct tuple
entries so method is typed as the literal union 'query'|'execute' — e.g. create
an array of test cases like [{ flag: false, method: 'execute' }, { flag:
undefined, method: 'execute' }, { flag: true, method: 'query' }] or use a
Map<boolean, 'query'|'execute'> and build test.each from that; update references
to method, flagToMethod and mockClient[method]/mockClient[flagToMethod[!flag]]
to use the new typed entries so TypeScript no longer widens method to string
(also apply the same change where flagToMethod is used on the other occurrence
around line 73).
---
Outside diff comments:
In `@packages/adapter-mariadb/src/mariadb.test.ts`:
- Around line 45-50: The current try/catch swallows the expect.fail() when
factory.connect() unexpectedly resolves; instead create the connection promise
(const connPromise = factory.connect()), assert rejection with Jest's rejects
matcher (await expect(connPromise).rejects.toBeDefined()), then capture the
error via const error = await connPromise.catch(e => e) and assert
expect(String(error)).not.toContain(secretPassword); remove the expect.fail()
and the surrounding try/catch so the test reliably fails if connect() resolves
and still checks the error message for the secret.
---
Duplicate comments:
In `@packages/adapter-mariadb/src/mariadb.test.ts`:
- Around line 79-87: The test uses vi.mock('mariadb') inside beforeAll which is
hoisted and thus affects the statically imported mariadb module globally;
replace that with a local spy or a dynamic mock: either change the setup to
vi.spyOn(mariadb, 'createPool') (referencing the imported mariadb and its
createPool) so only the createPool function is stubbed for this suite, or switch
to vi.doMock('mariadb') and perform a dynamic import of the code under test so
the mock only applies to this suite (adjust test file to import the
module-under-test after calling vi.doMock).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: dde62ff4-f669-4f98-96a8-f771e27482c9
📒 Files selected for processing (1)
packages/adapter-mariadb/src/mariadb.test.ts
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (1)
packages/adapter-mariadb/src/mariadb.test.ts (1)
87-105: 🧹 Nitpick | 🔵 TrivialReplace the string-indexed
flagToMethodlookup with typed cases.
String(!!flag)widens the key tostring, somethodstops being the literal union'query' | 'execute'and the indexed assertions lose type safety. Build thetest.eachtable with explicit typed entries instead.♻️ Possible fix
- const flagToMethod = { - true: 'query', - false: 'execute', - } - - test.each([false, undefined, true].map((flag) => ({ flag, method: flagToMethod[String(!!flag)] })))( + test.each([ + { flag: false, method: 'execute' as const, otherMethod: 'query' as const }, + { flag: undefined, method: 'execute' as const, otherMethod: 'query' as const }, + { flag: true, method: 'query' as const, otherMethod: 'execute' as const }, + ])( 'should use client.$method when useTextProtocol is $flag', - async ({ flag, method }) => { + async ({ flag, method, otherMethod }) => { const mockClient = { execute: vi.fn().mockResolvedValue({ meta: [], affectedRows: 1 }), query: vi.fn().mockResolvedValue({ meta: [], affectedRows: 1 }), } as unknown as mariadb.Pool const adapter = new PrismaMariaDbAdapter(mockClient, { supportsRelationJoins: true }, { useTextProtocol: flag }) await adapter.executeRaw({ sql: 'SELECT 1', args: [], argTypes: [] }) expect(mockClient[method]).toHaveBeenCalledWith(expect.objectContaining({ sql: 'SELECT 1' }), []) - expect(mockClient[flagToMethod[String(!flag)]]).not.toHaveBeenCalled() + expect(mockClient[otherMethod]).not.toHaveBeenCalled() }, )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/adapter-mariadb/src/mariadb.test.ts` around lines 87 - 105, The test uses a string-indexed lookup (flagToMethod[String(!!flag)]) which widens the key to string and loses the literal type of method; change the test data to a typed table of explicit entries (e.g., [{ flag: false, method: 'execute' }, { flag: undefined, method: 'execute' }, { flag: true, method: 'query' }]) instead of using String(!!flag) and flagToMethod, then update the test.each call to iterate that typed array so method is typed as 'query' | 'execute' and the assertions against mockClient[method] and mockClient[flagToMethod[String(!flag)]] remain type-safe when calling PrismaMariaDbAdapter(...).executeRaw and verifying mockClient calls.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/adapter-mariadb/src/credentials.test.ts`:
- Around line 13-19: The test currently calls await factory.connect() inside a
try/catch and swallows the thrown assertion from expect.fail(), so replace the
try/catch with a direct rejection assertion: assert that factory.connect()
rejects (e.g., use your test framework's promise-rejection assertion like await
expect(factory.connect()).rejects.toThrow() or equivalent) and then inspect the
rejection value to ensure String(error) (or errorMessage) does not contain
secretPassword; reference the existing factory.connect(), expect.fail(),
secretPassword and errorMessage symbols when making the change so a successful
connect cannot slip through.
In `@packages/adapter-mariadb/src/mariadb.ts`:
- Around line 224-230: In the mariadb PoolAdapter constructor string branch,
wrap the new URL(config) call in a try-catch and throw a sanitized error message
(remove or redact credentials) instead of letting Node's TypeError with an input
property leak the original connection string; follow the same sanitized-error
pattern used in connect() and ensure you still call
rewriteConnectionString(url).toString() when the URL parses successfully. Update
the constructor code around the new URL(config) usage in the PoolAdapter
(constructor) and add a regression test that supplies a malformed connection
string to the constructor to assert it throws the sanitized error rather than
exposing credentials.
---
Duplicate comments:
In `@packages/adapter-mariadb/src/mariadb.test.ts`:
- Around line 87-105: The test uses a string-indexed lookup
(flagToMethod[String(!!flag)]) which widens the key to string and loses the
literal type of method; change the test data to a typed table of explicit
entries (e.g., [{ flag: false, method: 'execute' }, { flag: undefined, method:
'execute' }, { flag: true, method: 'query' }]) instead of using String(!!flag)
and flagToMethod, then update the test.each call to iterate that typed array so
method is typed as 'query' | 'execute' and the assertions against
mockClient[method] and mockClient[flagToMethod[String(!flag)]] remain type-safe
when calling PrismaMariaDbAdapter(...).executeRaw and verifying mockClient
calls.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: c0adfb4d-5d52-40a0-b0e4-c22e68614049
📒 Files selected for processing (3)
packages/adapter-mariadb/src/credentials.test.tspackages/adapter-mariadb/src/mariadb.test.tspackages/adapter-mariadb/src/mariadb.ts
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
packages/adapter-mariadb/src/mariadb.ts (1)
232-236:⚠️ Potential issue | 🟠 MajorRemove the raw parse error from this debug path.
Line 233 logs the full
URLparse exception object. For malformed DSNs, that object can include the original connection string, so credentials can still leak beforeconnect()reaches its sanitized error handling. Log a constant/redacted message here instead of the raw error.🛡️ Minimal fix
- } catch (error) { - debug('Error parsing connection string: %O', error) + } catch { + debug('Error parsing connection string') // If we can't parse the connection string, use it as-is and let the driver fail with // its own error. this.#config = config }In Node.js, when `new URL()` throws `ERR_INVALID_URL`, does the thrown error expose the original input string via an `input` property?🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/adapter-mariadb/src/mariadb.ts` around lines 232 - 236, In the catch block that currently calls debug('Error parsing connection string: %O', error) (inside the URL/DSN parsing logic in mariadb.ts), remove the raw error object from the log and replace it with a constant/redacted message (e.g., "Error parsing connection string; using raw DSN") so the original connection string or credentials cannot be leaked; keep the fallback assignment this.#config = config and do not change the subsequent behavior of connect() or its sanitized error handling.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/adapter-mariadb/src/mariadb.ts`:
- Around line 312-316: rewriteConnectionString currently breaks public API by
changing from string->string to URL->URL and mutating the passed URL; restore
backward compatibility or make it internal: either (A) revert the exported API
to accept a string and return a string (parse, clone/modify, and return the new
connection string) so callers are unaffected, or (B) keep the URL-based
implementation but unexport rewriteConnectionString (remove from public exports)
and update any public callers to use a new non-exported helper; in either case
ensure the function does NOT mutate its input (create and modify a new URL/clone
before changing protocol) and update any callsites/tests that relied on the old
behavior.
---
Duplicate comments:
In `@packages/adapter-mariadb/src/mariadb.ts`:
- Around line 232-236: In the catch block that currently calls debug('Error
parsing connection string: %O', error) (inside the URL/DSN parsing logic in
mariadb.ts), remove the raw error object from the log and replace it with a
constant/redacted message (e.g., "Error parsing connection string; using raw
DSN") so the original connection string or credentials cannot be leaked; keep
the fallback assignment this.#config = config and do not change the subsequent
behavior of connect() or its sanitized error handling.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 17fba10f-f7fb-4ef9-825b-9d269f9c241e
📒 Files selected for processing (1)
packages/adapter-mariadb/src/mariadb.ts
aqrln
approved these changes
Mar 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a
useTextProtocoloption that allows the user to use the text protocol if they don't care about some edge case issues it has.Also defaults
prepareCacheLengthto 0 when it's not provided due to users reporting the driver to leak statements.Fixes #29364
Summary by CodeRabbit
New Features
Behavior Change
Tests