jaypatrick · jaypatrick · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026 · Copilot
diff --git a/worker/handlers/health.test.ts b/worker/handlers/health.test.ts
@@ -34,12 +34,12 @@ Deno.test('handleHealth - returns JSON response', async () => {
 });
 
 Deno.test('handleHealth - overall status healthy when all services healthy', async () => {
-    const mockPrisma = { $queryRaw: async () => [{ '?column?': 1 }] };
+    const mockPrisma = { $queryRaw: async () => [{ db_name: 'adblock-compiler' }] };
     const s = stub(_internals, 'createPrismaClient', () => mockPrisma as unknown as ReturnType<typeof _internals.createPrismaClient>);
     try {
         const env = makeEnv({
             BETTER_AUTH_SECRET: 'test-secret',
-            HYPERDRIVE: { connectionString: 'postgresql://test' } as unknown as HyperdriveBinding,
+            HYPERDRIVE: { connectionString: 'postgresql://test', host: 'ep-test-pooler.eastus2.azure.neon.tech' } as unknown as HyperdriveBinding,
             ADBLOCK_COMPILER: {} as DurableObjectNamespace,
         });
         const res = await handleHealth(env);
@@ -60,12 +60,12 @@ Deno.test('handleHealth - database down when env.HYPERDRIVE is missing', async (
 });
 
 Deno.test('handleHealth - auth provider is "better-auth" when BETTER_AUTH_SECRET is set', async () => {
-    const mockPrisma = { $queryRaw: async () => [{ '?column?': 1 }] };
+    const mockPrisma = { $queryRaw: async () => [{ db_name: 'adblock-compiler' }] };
     const s = stub(_internals, 'createPrismaClient', () => mockPrisma as unknown as ReturnType<typeof _internals.createPrismaClient>);
     try {
         const env = makeEnv({
             BETTER_AUTH_SECRET: 'my-test-secret',
-            HYPERDRIVE: { connectionString: 'postgresql://test' } as unknown as HyperdriveBinding,
+            HYPERDRIVE: { connectionString: 'postgresql://test', host: 'ep-test-pooler.eastus2.azure.neon.tech' } as unknown as HyperdriveBinding,
         });
         const res = await handleHealth(env);
         const body = await res.json() as { services: { auth: { provider: string; status: string } } };
@@ -132,6 +132,71 @@ Deno.test('handleHealth - includes ISO timestamp in response', async () => {
     assertEquals(isNaN(Date.parse(body.timestamp)), false);
 });
 
+Deno.test('handleHealth - database degraded when connected to wrong database', async () => {
+    const mockPrisma = { $queryRaw: async () => [{ db_name: 'neondb' }] };
+    const s = stub(_internals, 'createPrismaClient', () => mockPrisma as unknown as ReturnType<typeof _internals.createPrismaClient>);
+    try {
+        const env = makeEnv({
+            HYPERDRIVE: { connectionString: 'postgresql://test', host: 'ep-test-pooler.eastus2.azure.neon.tech' } as unknown as HyperdriveBinding,
+        });
+        const res = await handleHealth(env);
+        const body = await res.json() as { services: { database: { status: string } } };
+        assertEquals(body.services.database.status, 'degraded');
+    } finally {
+        s.restore();
+    }
+});
+
+Deno.test('handleHealth - database response includes db_name when healthy', async () => {
+    const mockPrisma = { $queryRaw: async () => [{ db_name: 'adblock-compiler' }] };
+    const s = stub(_internals, 'createPrismaClient', () => mockPrisma as unknown as ReturnType<typeof _internals.createPrismaClient>);
+    try {
+        const env = makeEnv({
+            HYPERDRIVE: { connectionString: 'postgresql://test', host: 'ep-test-pooler.eastus2.azure.neon.tech' } as unknown as HyperdriveBinding,
+        });
+        const res = await handleHealth(env);
+        const body = await res.json() as { services: { database: { status: string; db_name: string } } };
+        assertEquals(body.services.database.status, 'healthy');
+        assertEquals(body.services.database.db_name, 'adblock-compiler');
+    } finally {
+        s.restore();
+    }
+});
+
+Deno.test('handleHealth - database response includes hyperdrive_host when healthy', async () => {
+    const mockPrisma = { $queryRaw: async () => [{ db_name: 'adblock-compiler' }] };
+    const s = stub(_internals, 'createPrismaClient', () => mockPrisma as unknown as ReturnType<typeof _internals.createPrismaClient>);
+    try {
+        const env = makeEnv({
+            HYPERDRIVE: { connectionString: 'postgresql://test', host: 'ep-test-pooler.eastus2.azure.neon.tech' } as unknown as HyperdriveBinding,
+        });
+        const res = await handleHealth(env);
+        const body = await res.json() as { services: { database: { hyperdrive_host: string } } };
+        assertEquals(body.services.database.hyperdrive_host, 'ep-test-pooler.eastus2.azure.neon.tech');
+    } finally {
+        s.restore();
+    }
+});
+
+Deno.test('handleHealth - database down when $queryRaw throws', async () => {
+    const mockPrisma = {
+        $queryRaw: async () => {
+            throw new Error('connection refused');
+        },
+    };
+    const s = stub(_internals, 'createPrismaClient', () => mockPrisma as unknown as ReturnType<typeof _internals.createPrismaClient>);
+    try {
+        const env = makeEnv({
+            HYPERDRIVE: { connectionString: 'postgresql://test', host: 'ep-test-pooler.eastus2.azure.neon.tech' } as unknown as HyperdriveBinding,
+        });
+        const res = await handleHealth(env);
+        const body = await res.json() as { services: { database: { status: string } } };
+        assertEquals(body.services.database.status, 'down');
+    } finally {
+        s.restore();
+    }
+});
+
 // ============================================================================
 // handleHealthLatest
 // ============================================================================

diff --git a/worker/handlers/health.ts b/worker/handlers/health.ts
@@ -26,6 +26,7 @@ import type { Env } from '../types.ts';
 export async function handleHealth(env: Env): Promise<Response> {
     type ServiceStatus = 'healthy' | 'degraded' | 'down';
     type ServiceResult = { status: ServiceStatus; latency_ms?: number };
+    type DatabaseResult = ServiceResult & { db_name?: string; hyperdrive_host?: string };
 
     const probe = async (fn: () => Promise<void>): Promise<ServiceResult> => {
         const t0 = Date.now();
@@ -37,13 +38,46 @@ export async function handleHealth(env: Env): Promise<Response> {
         }
     };
 
+    // Extended database probe: verify connectivity AND confirm we're on the correct
+    // production database. Returns db_name and hyperdrive_host for observability.
+    const databaseProbe = async (): Promise<DatabaseResult> => {
+        if (!env.HYPERDRIVE) {
+            return { status: 'down' };
+        }
+        const t0 = Date.now();
+        try {
+            const prisma = _internals.createPrismaClient(env.HYPERDRIVE.connectionString);
+            const rows = await prisma.$queryRaw<Array<{ db_name: string }>>`
+                SELECT current_database() AS db_name
+            `;
+            const dbName = rows[0]?.db_name ?? 'unknown';
+            const latency_ms = Date.now() - t0;
+            // Fail-fast guard: warn if connected to wrong database
+            if (dbName !== 'adblock-compiler') {
+                return {
+                    status: 'degraded',
+                    latency_ms,
+                    db_name: dbName,
+                    hyperdrive_host: env.HYPERDRIVE.host,
+                };
+            }
+            return {
+                status: 'healthy',
+                latency_ms,
+                db_name: dbName,
+                hyperdrive_host: env.HYPERDRIVE.host,
+            };
+        } catch {
+            return {
+                status: 'down',
+                latency_ms: Date.now() - t0,
+                hyperdrive_host: env.HYPERDRIVE?.host,
+            };
+        }
+    };
+
     const [database, cache] = await Promise.all([
-        env.HYPERDRIVE
-            ? probe(async () => {
-                const prisma = _internals.createPrismaClient(env.HYPERDRIVE!.connectionString);
-                await prisma.$queryRaw`SELECT 1`;
-            })
-            : Promise.resolve<ServiceResult>({ status: 'down' }),
+        databaseProbe(),
         probe(async () => {
             await env.COMPILATION_CACHE.list({ limit: 1 });
         }),

diff --git a/worker/lib/prisma-config.test.ts b/worker/lib/prisma-config.test.ts
@@ -76,12 +76,34 @@ Deno.test('PrismaClientConfigSchema returns parsed data on success', () => {
 // PrismaClientConfigSchema — rejection paths: protocol
 // ---------------------------------------------------------------------------
 
-Deno.test('PrismaClientConfigSchema rejects postgres:// shorthand protocol', () => {
-    // Schema uses startsWith("postgresql://"), so the shorter alias is rejected.
+Deno.test('PrismaClientConfigSchema validates postgres:// shorthand (Hyperdrive scheme)', () => {
+    // Cloudflare Hyperdrive returns postgres:// from its .connectionString property.
+    // Both postgres:// and postgresql:// are valid PostgreSQL DSNs and must be accepted.
     const result = PrismaClientConfigSchema.safeParse({
         connectionString: 'postgres://user:pass@host:5432/db',
     });
-    assertEquals(result.success, false);
+    assertEquals(result.success, true);
+});
+
+Deno.test('PrismaClientConfigSchema validates postgres:// with SSL query param (Hyperdrive + Neon)', () => {
+    const result = PrismaClientConfigSchema.safeParse({
+        connectionString: 'postgres://user:pass@ep-xxx-pooler.eastus2.azure.neon.tech:5432/adblock-compiler?sslmode=require',
+    });
+    assertEquals(result.success, true);
+});
+
+Deno.test('PrismaClientConfigSchema validates postgres:// without port', () => {
+    const result = PrismaClientConfigSchema.safeParse({
+        connectionString: 'postgres://user:pass@host/db',
+    });
+    assertEquals(result.success, true);
+});
+
+Deno.test('PrismaClientConfigSchema validates postgres:// localhost URL', () => {
+    const result = PrismaClientConfigSchema.safeParse({
+        connectionString: 'postgres://localhost:5432/mydb',
+    });
+    assertEquals(result.success, true);
 });
 
 Deno.test('PrismaClientConfigSchema rejects mysql:// protocol', () => {

diff --git a/worker/lib/prisma-config.ts b/worker/lib/prisma-config.ts
@@ -9,8 +9,19 @@ import { z } from 'zod';
 
 /**
  * Schema for validating Hyperdrive connection string configuration.
- * Ensures the connection string is a valid PostgreSQL URL.
+ * Accepts both the canonical postgresql:// and the postgres:// alias.
+ *
+ * Cloudflare Hyperdrive returns postgres:// from its .connectionString property
+ * (the scheme field in the Hyperdrive config is "postgres"), while local dev
+ * and direct Neon URLs use postgresql://. Both are valid PostgreSQL DSNs and
+ * are accepted by @prisma/adapter-pg.
  */
 export const PrismaClientConfigSchema = z.object({
-    connectionString: z.string().url().startsWith('postgresql://'),
+    connectionString: z
+        .string()
+        .url()
+        .refine(
+            (s) => s.startsWith('postgresql://') || s.startsWith('postgres://'),
+            { message: 'Connection string must start with postgresql:// or postgres://' },
+        ),
 });
diff --git a/worker/lib/prisma.test.ts b/worker/lib/prisma.test.ts
@@ -1,6 +1,13 @@
 import { assertEquals } from '@std/assert';
 import { PrismaClientConfigSchema } from './prisma-config.ts';
 
+Deno.test('PrismaClientConfigSchema validates postgres:// shorthand (Hyperdrive)', () => {
+    const result = PrismaClientConfigSchema.safeParse({
+        connectionString: 'postgres://user:pass@localhost:5432/db',
+    });
+    assertEquals(result.success, true);
+});
+
 Deno.test('PrismaClientConfigSchema validates valid PostgreSQL URL', () => {
     const result = PrismaClientConfigSchema.safeParse({
         connectionString: 'postgresql://user:pass@localhost:5432/db',