Skip to content

Latest commit

 

History

History
65 lines (53 loc) · 2.02 KB

File metadata and controls

65 lines (53 loc) · 2.02 KB

QueryWise Roadmap

Vision

Make QueryWise the best terminal database client. AI-native features no competitor has, plus all the table-stakes features developers expect.

Audit Findings (March 2026)

Security

  • SQL injection risk in schema introspection (format! with table names)
  • No timeout on AI API requests (hung server blocks TUI)
  • No retry logic for AI calls
  • No input validation layer

Architecture

  • app.rs is 23KB monolith — needs decomposition
  • No structured error types (all anyhow)
  • No logging/tracing
  • No connection pooling
  • Empty ui/components module

Priority Queue

Phase 1: Security & Stability

  1. Sanitize table name interpolation in schema queries
  2. Add 30s timeout + 5s connect timeout to AI providers
  3. Add retry with exponential backoff (3 attempts, 1s/2s/4s)
  4. Add structured error types (QueryWiseError enum)
  5. Add tracing for observability

Phase 2: Architecture

  1. Decompose app.rs into command modules (query, explain, export)
  2. Connection pooling with health checks
  3. Input validation layer
  4. Extract reusable UI components from renderer.rs
  5. Integration tests with in-memory SQLite

Phase 3: Star-Worthy Features

  1. SQL syntax highlighting (biggest visual impact)
  2. Tab completion for table/column names
  3. Multi-line query editor (Shift+Enter)
  4. Clipboard copy (Ctrl+Y)
  5. Query bookmarks (Ctrl+B)
  6. Saved connections manager
  7. Configurable color themes
  8. Query plan visualization (:plan)
  9. Streaming results for large datasets
  10. Vim keybindings mode

Phase 4: Launch

  1. Demo GIF in README
  2. Publish to crates.io
  3. Homebrew formula
  4. Show HN post
  5. Blog post on dev.to

Competitive Edge

QueryWise is the only TUI database client with:

  • Natural language to SQL
  • Self-healing queries (auto-fix on error)
  • AI query explanation
  • Local LLM support (Ollama)
  • Safe mode (blocks destructive queries)

Once we add syntax highlighting, tab completion, and multi-line editing, we're strictly better than pgcli, usql, and dbcli.