Harden embedded postgres adoption on startup

packages/db/src/client.ts

@@ -50,6 +50,21 @@ export function createDb(url: string) {
   return drizzlePg(sql, { schema });
 }
 
+export async function getPostgresDataDirectory(url: string): Promise<string | null> {
+  const sql = createUtilitySql(url);
+  try {
+    const rows = await sql<{ data_directory: string | null }[]>`
+      SELECT current_setting('data_directory', true) AS data_directory
+    `;
+    const actual = rows[0]?.data_directory;
+    return typeof actual === "string" && actual.length > 0 ? actual : null;
+  } catch {
+    return null;
+  } finally {
+    await sql.end();
+  }
+}
+
 async function listMigrationFiles(): Promise<string[]> {
   const entries = await readdir(MIGRATIONS_FOLDER, { withFileTypes: true });
   return entries

packages/db/src/index.ts

@@ -1,5 +1,6 @@
 export {
   createDb,
+  getPostgresDataDirectory,
   ensurePostgresDatabase,
   inspectMigrations,
   applyPendingMigrations,

packages/db/src/migration-runtime.ts

@@ -1,8 +1,7 @@
 import { existsSync, readFileSync, rmSync } from "node:fs";
 import { createServer } from "node:net";
 import path from "node:path";
-import postgres from "postgres";
-import { ensurePostgresDatabase } from "./client.js";
+import { ensurePostgresDatabase, getPostgresDataDirectory } from "./client.js";
 import { resolveDatabaseTarget } from "./runtime-config.js";
 
 type EmbeddedPostgresInstance = {
@@ -99,25 +98,6 @@ async function loadEmbeddedPostgresCtor(): Promise<EmbeddedPostgresCtor> {
   }
 }
 
-async function matchesEmbeddedDataDir(
-  adminConnectionString: string,
-  expectedDataDir: string,
-): Promise<boolean> {
-  const sql = postgres(adminConnectionString, { max: 1, onnotice: () => {} });
-  try {
-    const rows = await sql<{ data_directory: string | null }[]>`
-      SELECT current_setting('data_directory', true) AS data_directory
-    `;
-    const actual = rows[0]?.data_directory;
-    if (typeof actual !== "string" || actual.length === 0) return false;
-    return path.resolve(actual) === path.resolve(expectedDataDir);
-  } catch {
-    return false;
-  } finally {
-    await sql.end();
-  }
-}
-
 async function ensureEmbeddedPostgresConnection(
   dataDir: string,
   preferredPort: number,
@@ -132,7 +112,10 @@ async function ensureEmbeddedPostgresConnection(
 
   if (!runningPid && existsSync(pgVersionFile)) {
     try {
-      const matchesDataDir = await matchesEmbeddedDataDir(preferredAdminConnectionString, dataDir);
+      const actualDataDir = await getPostgresDataDirectory(preferredAdminConnectionString);
+      const matchesDataDir =
+        typeof actualDataDir === "string" &&
+        path.resolve(actualDataDir) === path.resolve(dataDir);
       if (!matchesDataDir) {
         throw new Error("reachable postgres does not use the expected embedded data directory");
       }

server/src/index.ts

@@ -10,6 +10,7 @@ import { and, eq } from "drizzle-orm";
 import {
   createDb,
   ensurePostgresDatabase,
+  getPostgresDataDirectory,
   inspectMigrations,
   applyPendingMigrations,
   reconcilePendingMigrationHistory,
@@ -322,6 +323,13 @@ export async function startServer(): Promise<StartedServer> {
     } else {
       const configuredAdminConnectionString = `postgres://paperclip:paperclip@127.0.0.1:${configuredPort}/postgres`;
       try {
+        const actualDataDir = await getPostgresDataDirectory(configuredAdminConnectionString);
+        if (
+          typeof actualDataDir !== "string" ||
+          resolve(actualDataDir) !== resolve(dataDir)
+        ) {
+          throw new Error("reachable postgres does not use the expected embedded data directory");
+        }
         await ensurePostgresDatabase(configuredAdminConnectionString, "paperclip");
         logger.warn(
           `Embedded PostgreSQL appears to already be reachable without a pid file; reusing existing server on configured port ${configuredPort}`,