c-relay/docs/sql_test_design.md

# SQL Query Test Script Design

## Overview

Test script for validating the SQL query admin API functionality. Tests query validation, execution, error handling, and security features.

## Script: tests/sql_test.sh

### Test Categories

#### 1. Query Validation Tests
- ✅ Valid SELECT queries accepted
- ❌ INSERT statements blocked
- ❌ UPDATE statements blocked
- ❌ DELETE statements blocked
- ❌ DROP statements blocked
- ❌ CREATE statements blocked
- ❌ ALTER statements blocked
- ❌ PRAGMA write operations blocked

#### 2. Query Execution Tests
- ✅ Simple SELECT query
- ✅ SELECT with WHERE clause
- ✅ SELECT with JOIN
- ✅ SELECT with ORDER BY and LIMIT
- ✅ Query against views
- ✅ Query with aggregate functions (COUNT, SUM, AVG)

#### 3. Response Format Tests
- ✅ Response includes request_id
- ✅ Response includes query_type
- ✅ Response includes columns array
- ✅ Response includes rows array
- ✅ Response includes row_count
- ✅ Response includes execution_time_ms

#### 4. Error Handling Tests
- ❌ Invalid SQL syntax
- ❌ Non-existent table
- ❌ Non-existent column
- ❌ Query timeout (if configurable)

#### 5. Security Tests
- ❌ SQL injection attempts blocked
- ❌ Nested query attacks blocked
- ❌ Comment-based attacks blocked

#### 6. Concurrent Query Tests
- ✅ Multiple queries in parallel
- ✅ Responses correctly correlated to requests

## Script Structure

```bash
#!/bin/bash

# SQL Query Admin API Test Script
# Tests the sql_query command functionality

set -e

RELAY_URL="${RELAY_URL:-ws://localhost:8888}"
ADMIN_PRIVKEY="${ADMIN_PRIVKEY:-}"
RELAY_PUBKEY="${RELAY_PUBKEY:-}"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Test counters
TESTS_RUN=0
TESTS_PASSED=0
TESTS_FAILED=0

# Helper functions
print_test() {
    echo -e "${YELLOW}TEST: $1${NC}"
    TESTS_RUN=$((TESTS_RUN + 1))
}

print_pass() {
    echo -e "${GREEN}✓ PASS: $1${NC}"
    TESTS_PASSED=$((TESTS_PASSED + 1))
}

print_fail() {
    echo -e "${RED}✗ FAIL: $1${NC}"
    TESTS_FAILED=$((TESTS_FAILED + 1))
}

# Send SQL query command
send_sql_query() {
    local query="$1"
    # Implementation using nostr CLI tools or curl
    # Returns response JSON
}

# Test functions
test_valid_select() {
    print_test "Valid SELECT query"
    local response=$(send_sql_query "SELECT * FROM events LIMIT 1")
    if echo "$response" | grep -q '"query_type":"sql_query"'; then
        print_pass "Valid SELECT accepted"
    else
        print_fail "Valid SELECT rejected"
    fi
}

test_blocked_insert() {
    print_test "INSERT statement blocked"
    local response=$(send_sql_query "INSERT INTO events VALUES (...)")
    if echo "$response" | grep -q '"error"'; then
        print_pass "INSERT correctly blocked"
    else
        print_fail "INSERT not blocked"
    fi
}

# ... more test functions ...

# Main test execution
main() {
    echo "================================"
    echo "SQL Query Admin API Tests"
    echo "================================"
    echo ""
    
    # Check prerequisites
    if [ -z "$ADMIN_PRIVKEY" ]; then
        echo "Error: ADMIN_PRIVKEY not set"
        exit 1
    fi
    
    # Run test suites
    echo "1. Query Validation Tests"
    test_valid_select
    test_blocked_insert
    test_blocked_update
    test_blocked_delete
    test_blocked_drop
    
    echo ""
    echo "2. Query Execution Tests"
    test_simple_select
    test_select_with_where
    test_select_with_join
    test_select_views
    
    echo ""
    echo "3. Response Format Tests"
    test_response_format
    test_request_id_correlation
    
    echo ""
    echo "4. Error Handling Tests"
    test_invalid_syntax
    test_nonexistent_table
    
    echo ""
    echo "5. Security Tests"
    test_sql_injection
    
    echo ""
    echo "6. Concurrent Query Tests"
    test_concurrent_queries
    
    # Print summary
    echo ""
    echo "================================"
    echo "Test Summary"
    echo "================================"
    echo "Tests Run:    $TESTS_RUN"
    echo "Tests Passed: $TESTS_PASSED"
    echo "Tests Failed: $TESTS_FAILED"
    
    if [ $TESTS_FAILED -eq 0 ]; then
        echo -e "${GREEN}All tests passed!${NC}"
        exit 0
    else
        echo -e "${RED}Some tests failed${NC}"
        exit 1
    fi
}

main "$@"
```

## Test Data Setup

The script should work with the existing relay database without requiring special test data, using:
- Existing events table
- Existing views (event_stats, recent_events, etc.)
- Existing config table

## Usage

```bash
# Set environment variables
export ADMIN_PRIVKEY="your_admin_private_key_hex"
export RELAY_PUBKEY="relay_public_key_hex"
export RELAY_URL="ws://localhost:8888"

# Run tests
./tests/sql_test.sh

# Run specific test category
./tests/sql_test.sh validation
./tests/sql_test.sh security
```

## Integration with CI/CD

The script should:
- Return exit code 0 on success, 1 on failure
- Output TAP (Test Anything Protocol) format for CI integration
- Be runnable in automated test pipelines
- Not require manual intervention

## Dependencies

- `bash` (version 4+)
- `curl` or `websocat` for WebSocket communication
- `jq` for JSON parsing
- Nostr CLI tools (optional, for event signing)
- Running c-relay instance

## Example Output

```
================================
SQL Query Admin API Tests
================================

1. Query Validation Tests
TEST: Valid SELECT query
✓ PASS: Valid SELECT accepted
TEST: INSERT statement blocked
✓ PASS: INSERT correctly blocked
TEST: UPDATE statement blocked
✓ PASS: UPDATE correctly blocked

2. Query Execution Tests
TEST: Simple SELECT query
✓ PASS: Query executed successfully
TEST: SELECT with WHERE clause
✓ PASS: WHERE clause works correctly

...

================================
Test Summary
================================
Tests Run:    24
Tests Passed: 24
Tests Failed: 0
All tests passed!