Harden PRAGMA table/foreign-key introspection + typed FK lookup for ER diagram

[Bowlerr]

Summary

This PR improves how we introspect SQLite schema metadata by:

• Switching ER diagram FK discovery to a typed dbService.getForeignKeys(tableName) API (instead of parsing raw executeQuery results).
• Safely quoting table identifiers when building PRAGMA statements to support edge-case table names and reduce injection/parse issues.

Changes

✅ ER diagram: use typed FK results

• Replaced:

  • executeQuery(\PRAGMA foreign_key_list(${table.name}))+foreignKeys.values[...] indexing

• With:

  • dbService.getForeignKeys(table.name) returning a typed array
  • Mapping uses explicit properties: fk.column, fk.referencedTable, fk.referencedColumn

• Debug logging updated to match the new data shape and be more readable.

🔒 DatabaseService: quote identifiers in PRAGMA calls

• Added quoteIdentifier(identifier: string):

  • Wraps identifiers in double quotes
  • Escapes embedded quotes (" → "")

• Updated PRAGMA usages to quote tableName:

  • PRAGMA table_info(...) (both direct prepare + SQLCipher-safe executeQuery path)
  • PRAGMA foreign_key_list(...)

Why

• Correctness: Table names with spaces, reserved keywords, hyphens, or quotes can break PRAGMA calls when interpolated raw.
• Safety: Although inputs come from schema enumeration, quoting identifiers prevents accidental SQL parsing issues and guards against unsafe interpolation patterns.
• Maintainability: The ER diagram code no longer relies on magic array indexes (fk[3], fk[2], fk[4]) and the executeQuery return shape.

Solves this issue: #8

Summary by CodeRabbit

• Refactor
  • Improved database identifier handling with safer escaping for table names and schema operations.
  • Refactored foreign key retrieval logic for better maintainability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR refactors foreign key retrieval to use a dedicated database service method instead of direct SQL queries. A new helper method safely quotes SQL identifiers in PRAGMA queries, improving SQL safety and reducing code duplication across schema operations.

Changes

Cohort / File(s)	Summary
SQL Identifier Safety src/databaseService.ts	Introduces quoteIdentifier() helper to safely escape and wrap identifiers in double quotes; updates PRAGMA queries for table info and foreign keys to use this method instead of raw interpolation
Foreign Key API Refactoring src/databaseEditorProvider.ts	Updates foreign key retrieval to call dbService.getForeignKeys() instead of executing raw PRAGMA queries; adapts data processing to use named properties (fk.column, fk.referencedTable, fk.referencedColumn) instead of array indices

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

• [0.2.15] - Fix regression in foreign key handling  #2: Modifies src/databaseEditorProvider.ts to change how metadata is obtained from the database service; shares the same pattern of centralising schema query logic.

Poem

🐰 A helper method hops into view,
To quote identifiers just right and true,
No more raw table names in the query,
SQL safety's our fervent worry! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the main changes: hardening PRAGMA introspection with identifier quoting and introducing a typed foreign-key lookup API for ER diagrams.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}