mini/WEEK1_TESTING.md

Week 1 Foundation - Testing Guide

Components Built

1. Database Schema (migrations/01_init_complete.sql)

• 7 tables: sites, posts, pages, generation_jobs, geo_clusters, geo_locations
• Foreign keys with CASCADE deletes
• Indexes for performance
• Auto-update triggers for timestamps
• PostGIS integration

2. Migration System

• src/lib/db/migrate.ts - Transaction wrapper
• POST /api/god/schema/init - Initialization endpoint
• Auto-rollback on failure

3. SQL Sanitizer (src/lib/db/sanitizer.ts)

• Blocks: DROP DATABASE, ALTER USER, DELETE without WHERE
• Warnings: TRUNCATE, DROP TABLE, UPDATE without WHERE
• Maintenance mode for allowed dangerous ops

4. Enhanced SQL Endpoint (src/pages/api/god/sql.ts)

• Multi-statement transactions
• SQL sanitization
• Mechanic integration
• Queue injection

5. Enhanced Mechanic (src/lib/db/mechanic.ts)

• killLocks() - Terminate stuck queries
• vacuumAnalyze() - Cleanup after large ops
• getTableBloat() - Monitor database health

---

Testing Checklist

Test 1: Schema Initialization

curl -X POST http://localhost:4321/api/god/schema/init \
  -H "X-God-Token: YOUR_TOKEN"

Expected: Creates all 7 tables

---

Test 2: Basic SQL Execution

curl -X POST http://localhost:4321/api/god/sql \
  -H "X-God-Token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query": "SELECT * FROM sites LIMIT 1"}'

Expected: Returns the default admin site

---

Test 3: SQL Sanitization (Blocked)

curl -X POST http://localhost:4321/api/god/sql \
  -H "X-God-Token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query": "DROP DATABASE arc_net"}'

Expected: 403 error - "Blocked dangerous command"

---

Test 4: Multi-Statement Transaction

curl -X POST http://localhost:4321/api/god/sql \
  -H "X-God-Token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "INSERT INTO sites (domain, name) VALUES ('\''test1.com'\'', '\''Test 1'\''); INSERT INTO sites (domain, name) VALUES ('\''test2.com'\'', '\''Test 2'\'');"
  }'

Expected: Both inserts succeed or both rollback

---

Test 5: Transaction Rollback Test

curl -X POST http://localhost:4321/api/god/sql \
  -H "X-God-Token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "INSERT INTO sites (domain, name) VALUES ('\''test3.com'\'', '\''Test'\''); INSERT INTO sites (domain, name) VALUES ('\''test3.com'\'', '\''Duplicate'\'');"
  }'

Expected: Unique constraint error, BOTH inserts rolled back

---

Test 6: Mechanic Integration

curl -X POST http://localhost:4321/api/god/sql \
  -H "X-God-Token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "DELETE FROM sites WHERE domain LIKE '\''test%'\''",
    "run_mechanic": "vacuum"
  }'

Expected: Deletes test sites + runs VACUUM ANALYZE

---

Test 7: Queue Injection (requires BullMQ)

curl -X POST http://localhost:4321/api/god/sql \
  -H "X-God-Token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "SELECT id, domain FROM sites WHERE status='\''active'\''",
    "push_to_queue": "test_job"
  }'

Expected: Rows pushed to BullMQ generation queue

---

Manual Verification

Check Database Schema

SELECT table_name 
FROM information_schema.tables 
WHERE table_schema = 'public' 
ORDER BY table_name;

Should show:

• generation_jobs
• geo_clusters
• geo_locations
• pages
• posts
• sites

Check Indexes

SELECT tablename, indexname 
FROM pg_indexes 
WHERE schemaname = 'public';

Check Triggers

SELECT trigger_name, event_object_table 
FROM information_schema.triggers 
WHERE trigger_schema = 'public';

Should show update_*_updated_at triggers

---

Success Criteria

• ✅ All 7 tables created
• ✅ Transactions commit/rollback correctly
• ✅ Dangerous SQL is blocked
• ✅ Mechanic functions work
• ✅ Queue injection adds jobs to BullMQ

---

Week 1 Complete! 🎉