Add query lint and check commands

2026-06-15 01:55:13 +02:00 · 2026-04-13 00:37:44 +03:00 · 2026-04-13 00:37:44 +03:00 · 1bf55fa52d
commit 1bf55fa52d
parent 4abe9e3627
7 changed files with 1088 additions and 9 deletions
--- a/crates/omnigraph-cli/src/main.rs
+++ b/crates/omnigraph-cli/src/main.rs
@ -7,9 +7,13 @@ use clap::{Arg, ArgAction, Args, CommandFactory, FromArgMatches, Parser, Subcomm
 use color_eyre::eyre::{Result, bail};
 use omnigraph::db::{Omnigraph, ReadTarget, RunId, SnapshotId};
 use omnigraph::loader::LoadMode;
-use omnigraph_compiler::json_params_to_param_map;
 use omnigraph_compiler::query::parser::parse_query;
-use omnigraph_compiler::{JsonParamMode, ParamMap, SchemaMigrationPlan, SchemaMigrationStep};
+use omnigraph_compiler::schema::parser::parse_schema;
+use omnigraph_compiler::{
+    JsonParamMode, ParamMap, QueryLintOutput, QueryLintQueryKind, QueryLintSchemaSource,
+    QueryLintSeverity, QueryLintStatus, SchemaMigrationPlan, SchemaMigrationStep, build_catalog,
+    json_params_to_param_map, lint_query_file,
+};
 use omnigraph_server::api::{
    BranchCreateOutput, BranchCreateRequest, BranchDeleteOutput, BranchListOutput,
    BranchMergeOutput, BranchMergeRequest, ChangeOutput, ChangeRequest, CommitListOutput,
@ -104,6 +108,11 @@ enum Command {
        #[command(subcommand)]
        command: SchemaCommand,
    },
+    /// Query validation and linting
+    Query {
+        #[command(subcommand)]
+        command: QueryCommand,
+    },
    /// Show repo snapshot
    Snapshot {
        /// Repo URI
@ -296,6 +305,26 @@ enum SchemaCommand {
    },
 }

+#[derive(Debug, Subcommand)]
+enum QueryCommand {
+    /// Validate queries and report higher-level drift warnings
+    #[command(visible_alias = "check")]
+    Lint {
+        /// Repo URI
+        uri: Option<String>,
+        #[arg(long)]
+        target: Option<String>,
+        #[arg(long)]
+        config: Option<PathBuf>,
+        #[arg(long)]
+        query: PathBuf,
+        #[arg(long)]
+        schema: Option<PathBuf>,
+        #[arg(long)]
+        json: bool,
+    },
+}
+
 #[derive(Debug, Subcommand)]
 enum RunCommand {
    /// List transactional runs
@ -476,6 +505,70 @@ fn print_schema_apply_human(output: &SchemaApplyOutput) {
    }
 }

+fn query_kind_label(kind: QueryLintQueryKind) -> &'static str {
+    match kind {
+        QueryLintQueryKind::Read => "read",
+        QueryLintQueryKind::Mutation => "mutation",
+    }
+}
+
+fn severity_label(severity: QueryLintSeverity) -> &'static str {
+    match severity {
+        QueryLintSeverity::Error => "ERROR",
+        QueryLintSeverity::Warning => "WARN ",
+        QueryLintSeverity::Info => "INFO ",
+    }
+}
+
+fn print_query_lint_human(output: &QueryLintOutput) {
+    for result in &output.results {
+        match result.status {
+            QueryLintStatus::Ok => {
+                println!(
+                    "OK    query `{}` ({})",
+                    result.name,
+                    query_kind_label(result.kind)
+                );
+            }
+            QueryLintStatus::Error => {
+                println!(
+                    "ERROR query `{}`: {}",
+                    result.name,
+                    result.error.as_deref().unwrap_or("unknown error")
+                );
+            }
+        }
+
+        for warning in &result.warnings {
+            println!("WARN  query `{}`: {}", result.name, warning);
+        }
+    }
+
+    for finding in &output.findings {
+        println!("{} {}", severity_label(finding.severity), finding.message);
+    }
+
+    println!(
+        "INFO  Lint complete: {} queries processed ({} error(s), {} warning(s), {} info item(s))",
+        output.queries_processed, output.errors, output.warnings, output.infos
+    );
+}
+
+fn finish_query_lint(output: &QueryLintOutput, json: bool) -> Result<()> {
+    if json {
+        print_json(output)?;
+    } else {
+        print_query_lint_human(output);
+    }
+
+    if output.status == QueryLintStatus::Error {
+        io::stdout().flush()?;
+        std::process::exit(1);
+    }
+
+    Ok(())
+}
+
 fn ensure_local_repo_parent(uri: &str) -> Result<()> {
    if !uri.contains("://") {
        fs::create_dir_all(uri)?;
@ -735,18 +828,30 @@ fn resolve_read_target(
    ))
 }

+fn resolve_query_path(
+    config: &OmnigraphConfig,
+    explicit_query: Option<&PathBuf>,
+    alias_query: Option<&str>,
+) -> Result<PathBuf> {
+    explicit_query
+        .map(PathBuf::from)
+        .or_else(|| alias_query.map(PathBuf::from))
+        .ok_or_else(|| {
+            color_eyre::eyre::eyre!("exactly one of --query or --alias must be provided")
+        })
+        .and_then(|query_path| config.resolve_query_path(&query_path))
+}
+
 fn resolve_query_source(
    config: &OmnigraphConfig,
    explicit_query: Option<&PathBuf>,
    alias_query: Option<&str>,
 ) -> Result<String> {
-    let query_path = explicit_query
-        .map(PathBuf::from)
-        .or_else(|| alias_query.map(PathBuf::from))
-        .ok_or_else(|| {
-            color_eyre::eyre::eyre!("exactly one of --query or --alias must be provided")
-        })?;
-    Ok(fs::read_to_string(config.resolve_query_path(&query_path)?)?)
+    Ok(fs::read_to_string(resolve_query_path(
+        config,
+        explicit_query,
+        alias_query,
+    )?)?)
 }

 fn parse_alias_value(value: &str) -> Value {
@ -1312,6 +1417,47 @@ fn query_params_from_json(
        .map_err(|err| color_eyre::eyre::eyre!(err.to_string()))
 }

+async fn execute_query_lint(
+    config: &OmnigraphConfig,
+    cli_uri: Option<String>,
+    cli_target: Option<&str>,
+    schema_path: Option<&PathBuf>,
+    query_path: &PathBuf,
+) -> Result<QueryLintOutput> {
+    let resolved_query_path = resolve_query_path(config, Some(query_path), None)?;
+    let query_source = fs::read_to_string(&resolved_query_path)?;
+    let query_path = resolved_query_path.to_string_lossy().into_owned();
+
+    if let Some(schema_path) = schema_path {
+        let schema_source = fs::read_to_string(schema_path)?;
+        let schema =
+            parse_schema(&schema_source).map_err(|err| color_eyre::eyre::eyre!(err.to_string()))?;
+        let catalog =
+            build_catalog(&schema).map_err(|err| color_eyre::eyre::eyre!(err.to_string()))?;
+        return Ok(lint_query_file(
+            &catalog,
+            &query_source,
+            query_path,
+            QueryLintSchemaSource::file(schema_path.to_string_lossy().into_owned()),
+        ));
+    }
+
+    let has_repo_target =
+        cli_uri.is_some() || cli_target.is_some() || config.cli_target_name().is_some();
+    if !has_repo_target {
+        bail!("query lint requires --schema <schema.pg> or a resolvable repo target");
+    }
+
+    let uri = resolve_local_uri(config, cli_uri, cli_target, "query lint")?;
+    let db = Omnigraph::open(&uri).await?;
+    Ok(lint_query_file(
+        db.catalog(),
+        &query_source,
+        query_path,
+        QueryLintSchemaSource::repo(uri),
+    ))
+}
+
 async fn execute_read(
    uri: &str,
    query_source: &str,
@ -1858,6 +2004,22 @@ async fn main() -> Result<()> {
                }
            }
        },
+        Command::Query { command } => match command {
+            QueryCommand::Lint {
+                uri,
+                target,
+                config,
+                query,
+                schema,
+                json,
+            } => {
+                let config = load_cli_config(config.as_ref())?;
+                let output =
+                    execute_query_lint(&config, uri, target.as_deref(), schema.as_ref(), &query)
+                        .await?;
+                finish_query_lint(&output, json)?;
+            }
+        },
        Command::Snapshot {
            uri,
            target,
--- a/crates/omnigraph-cli/tests/cli.rs
+++ b/crates/omnigraph-cli/tests/cli.rs
@ -537,6 +537,312 @@ fn schema_apply_rejects_when_non_main_branch_exists() {
    assert!(stderr.contains("schema apply requires a repo with only main"));
 }

+#[test]
+fn query_lint_json_with_schema_reports_warnings() {
+    let temp = tempdir().unwrap();
+    let schema_path = temp.path().join("schema.pg");
+    let query_path = temp.path().join("queries.gq");
+    write_file(
+        &schema_path,
+        r#"
+node Policy {
+    slug: String @key
+    name: String?
+    effectiveTo: DateTime?
+}
+"#,
+    );
+    write_query_file(
+        &query_path,
+        r#"
+query update_policy($slug: String, $name: String) {
+    update Policy set { name: $name } where slug = $slug
+}
+"#,
+    );
+
+    let output = output_success(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("--schema")
+            .arg(&schema_path)
+            .arg("--json"),
+    );
+    let payload: Value = serde_json::from_slice(&output.stdout).unwrap();
+
+    assert_eq!(payload["status"], "ok");
+    assert_eq!(payload["schema_source"]["kind"], "file");
+    assert_eq!(payload["queries_processed"], 1);
+    assert_eq!(payload["warnings"], 1);
+    assert_eq!(payload["findings"][0]["code"], "L201");
+    assert_eq!(
+        payload["findings"][0]["message"],
+        "Policy.effectiveTo exists in schema but no update query sets it"
+    );
+}
+
+#[test]
+fn query_check_alias_matches_lint_output() {
+    let temp = tempdir().unwrap();
+    let schema_path = temp.path().join("schema.pg");
+    let query_path = temp.path().join("queries.gq");
+    write_file(
+        &schema_path,
+        r#"
+node Person {
+    name: String
+}
+"#,
+    );
+    write_query_file(
+        &query_path,
+        r#"
+query list_people() {
+    match { $p: Person }
+    return { $p.name }
+}
+"#,
+    );
+
+    let lint_output = output_success(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("--schema")
+            .arg(&schema_path)
+            .arg("--json"),
+    );
+    let check_output = output_success(
+        cli()
+            .arg("query")
+            .arg("check")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("--schema")
+            .arg(&schema_path)
+            .arg("--json"),
+    );
+
+    assert_eq!(stdout_string(&lint_output), stdout_string(&check_output));
+}
+
+#[test]
+fn query_lint_can_use_local_repo_via_positional_uri() {
+    let temp = tempdir().unwrap();
+    let repo = repo_path(temp.path());
+    let query_path = temp.path().join("queries.gq");
+    init_repo(&repo);
+    write_query_file(
+        &query_path,
+        r#"
+query list_people() {
+    match { $p: Person }
+    return { $p.name }
+}
+"#,
+    );
+
+    let output = output_success(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("--json")
+            .arg(&repo),
+    );
+    let payload: Value = serde_json::from_slice(&output.stdout).unwrap();
+
+    assert_eq!(payload["status"], "ok");
+    assert_eq!(payload["schema_source"]["kind"], "repo");
+    assert_eq!(
+        payload["schema_source"]["uri"].as_str(),
+        Some(repo.to_string_lossy().as_ref())
+    );
+}
+
+#[test]
+fn query_lint_can_resolve_repo_and_query_from_config() {
+    let temp = tempdir().unwrap();
+    let repo = repo_path(temp.path());
+    let config_path = temp.path().join("omnigraph.yaml");
+    init_repo(&repo);
+    write_query_file(
+        &temp.path().join("queries.gq"),
+        r#"
+query list_people() {
+    match { $p: Person }
+    return { $p.name }
+}
+"#,
+    );
+    write_config(&config_path, &local_yaml_config(&repo));
+
+    let output = output_success(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg("queries.gq")
+            .arg("--config")
+            .arg(&config_path)
+            .arg("--json"),
+    );
+    let payload: Value = serde_json::from_slice(&output.stdout).unwrap();
+
+    assert_eq!(payload["status"], "ok");
+    assert_eq!(payload["schema_source"]["kind"], "repo");
+    assert_eq!(
+        payload["schema_source"]["uri"].as_str(),
+        Some(repo.to_string_lossy().as_ref())
+    );
+}
+
+#[test]
+fn query_lint_rejects_http_targets_without_schema() {
+    let temp = tempdir().unwrap();
+    let query_path = temp.path().join("queries.gq");
+    write_query_file(
+        &query_path,
+        r#"
+query list_people() {
+    match { $p: Person }
+    return { $p.name }
+}
+"#,
+    );
+
+    let output = output_failure(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("http://127.0.0.1:8080"),
+    );
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    assert!(
+        stderr.contains("query lint is only supported against local repo URIs in this milestone")
+    );
+}
+
+#[test]
+fn query_lint_requires_schema_or_resolvable_repo_target() {
+    let temp = tempdir().unwrap();
+    let query_path = temp.path().join("queries.gq");
+    write_query_file(
+        &query_path,
+        r#"
+query list_people() {
+    match { $p: Person }
+    return { $p.name }
+}
+"#,
+    );
+
+    let output = output_failure(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path),
+    );
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    assert!(
+        stderr.contains("query lint requires --schema <schema.pg> or a resolvable repo target")
+    );
+}
+
+#[test]
+fn query_lint_human_output_reports_warnings() {
+    let temp = tempdir().unwrap();
+    let schema_path = temp.path().join("schema.pg");
+    let query_path = temp.path().join("queries.gq");
+    write_file(
+        &schema_path,
+        r#"
+node Policy {
+    slug: String @key
+    name: String?
+    effectiveTo: DateTime?
+}
+"#,
+    );
+    write_query_file(
+        &query_path,
+        r#"
+query update_policy($slug: String, $name: String) {
+    update Policy set { name: $name } where slug = $slug
+}
+"#,
+    );
+
+    let output = output_success(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("--schema")
+            .arg(&schema_path),
+    );
+    let stdout = stdout_string(&output);
+
+    assert!(stdout.contains("OK    query `update_policy` (mutation)"));
+    assert!(
+        stdout.contains("WARN  Policy.effectiveTo exists in schema but no update query sets it")
+    );
+    assert!(stdout.contains(
+        "INFO  Lint complete: 1 queries processed (0 error(s), 1 warning(s), 0 info item(s))"
+    ));
+}
+
+#[test]
+fn query_lint_human_output_reports_strict_validation_errors() {
+    let temp = tempdir().unwrap();
+    let schema_path = temp.path().join("schema.pg");
+    let query_path = temp.path().join("queries.gq");
+    write_file(
+        &schema_path,
+        r#"
+node Policy {
+    slug: String @key
+    name: String?
+}
+"#,
+    );
+    write_query_file(
+        &query_path,
+        r#"
+query bad_update($slug: String) {
+    update Policy set { priority_level: "high" } where slug = $slug
+}
+"#,
+    );
+
+    let output = output_failure(
+        cli()
+            .arg("query")
+            .arg("lint")
+            .arg("--query")
+            .arg(&query_path)
+            .arg("--schema")
+            .arg(&schema_path),
+    );
+    let stdout = stdout_string(&output);
+
+    assert!(stdout.contains("ERROR query `bad_update`:"));
+    assert!(stdout.contains("Policy"));
+    assert!(stdout.contains(
+        "INFO  Lint complete: 1 queries processed (1 error(s), 0 warning(s), 0 info item(s))"
+    ));
+}
+
 #[test]
 fn load_json_outputs_summary_for_main_branch() {
    let temp = tempdir().unwrap();