In [24]:
import sys
import dagger
from dagger import dag

In [25]:
init_user_sh = """
#!/bin/bash

psql -U ${POSTGRES_USER} <<-END
    CREATE USER ${DB_ANON_ROLE};
    GRANT USAGE ON SCHEMA ${DB_SCHEMA} TO ${DB_ANON_ROLE};
    ALTER DEFAULT PRIVILEGES IN SCHEMA ${DB_SCHEMA} GRANT SELECT ON TABLES TO ${DB_ANON_ROLE};
    GRANT SELECT ON ALL SEQUENCES IN SCHEMA ${DB_SCHEMA} TO ${DB_ANON_ROLE};
    GRANT SELECT ON ALL TABLES IN SCHEMA ${DB_SCHEMA} TO ${DB_ANON_ROLE};
END
"""

In [26]:
def exec_sql(sql_file: str) -> dagger.Container:
    postgresdb = (
        dag.container()
        .from_("postgres:17.0-alpine")
        .with_env_variable("POSTGRES_USER", "postgres")
        .with_env_variable("POSTGRES_PASSWORD", "postgres")
        .with_env_variable("POSTGRES_DB", "postgres")
        .as_service(use_entrypoint=True)
    )

    sh_wait_ready = "while ! pg_isready -h postgres -U postgres; do sleep 1; done"

    container = (
        dag.container()
        .from_("alpine:3.21.3")
        .with_exec(["apk", "--update", "add", "postgresql-client", "curl"])
        .with_env_variable("PGPASSWORD", "postgres")
        .with_service_binding("postgres", postgresdb)
        .with_exec(["sh", "-c", sh_wait_ready])
        .with_workdir("/app")
        .with_new_file("script.sql", sql_file)
        .with_exec(
            ["psql", "-h", "postgres", "-U", "postgres", "-d", "postgres", "-f", "script.sql"],
            expect=dagger.ReturnType.ANY,
        )
    )
    return container

In [None]:
from dotenv import load_dotenv
from anthropic import Anthropic
import os

load_dotenv()  # take environment variables from .env

# Now you can access your API key
api_key = os.environ.get("ANTHROPIC_API_KEY")
print("API key loaded:", bool(api_key))

client = Anthropic(api_key=api_key)

message = client.messages.create(
    model="claude-3-7-sonnet-20250219",
    max_tokens=4096,
    messages=[
        {"role": "user", "content":
            """
            Generate a ready to use SQL script for an application based on PostgREST and HTMX:
            'Generate a SPA for a simple team task tracker'
            
            LLM Guide: Generating PostgREST + HTMX Applications

Goal: Generate HTML code using HTMX attributes to interact with a PostgreSQL database exposed via a PostgREST API.

Core Concepts:

PostgREST: Auto-generates a REST API from a PostgreSQL database schema (tables, views, functions). Maps HTTP methods to SQL (GET->SELECT, POST->INSERT, PATCH->UPDATE, DELETE->DELETE).
HTMX: Extends HTML with attributes (hx-*) to perform AJAX requests, swap content, and handle events directly in HTML, minimizing JavaScript.
Key Synergy: Use HTMX attributes to call PostgREST endpoints. Prioritize having PostgREST functions return HTML snippets for HTMX to swap directly into the page.
1. PostgREST API Endpoints

Tables/Views:
GET /tablename: Retrieve all rows.
POST /tablename: Insert a new row (data in request body).
PATCH /tablename?{filter}: Update matching rows (data in request body).
DELETE /tablename?{filter}: Delete matching rows.
Filtering: ?column=operator.value (e.g., ?id=eq.123, ?name=like.*Doe*). Combine with &. Use or=(filter1,filter2).
Sorting: ?order=column.direction (e.g., ?order=created_at.desc). Multiple: ?order=city.asc,name.desc.
Pagination:
?limit=N&offset=M
Headers: Range: items=start-end (Use hx-headers='{"Range": "items=0-9"}')
Functions (RPC):
GET /rpc/function_name?param1=value1: Call read-only function with URL parameters.
POST /rpc/function_name: Call function, parameters usually in JSON request body.
Crucial: Functions returning text/html are ideal for HTMX. Use Accept: text/html header (hx-headers='{"Accept": "text/html"}').
URL Encoding: Use percent-encoding (%20 for space, etc.) for table/column/function names or filter values with special characters.
2. Essential HTMX Attributes

hx-get="{api_url}": Perform GET request.
hx-post="{api_url}": Perform POST request (often on <form>).
hx-put="{api_url}": Perform PUT request.
hx-patch="{api_url}": Perform PATCH request (preferred for updates).
hx-delete="{api_url}": Perform DELETE request.
hx-target="{css_selector}": Element to place the response into (e.g., #results, .list-item, this, closest tr).
hx-swap="{strategy}": How to place the response:
innerHTML (default): Replace content inside target.
outerHTML: Replace the entire target element.
beforeend: Append inside target.
afterbegin: Prepend inside target.
beforebegin: Insert before target.
afterend: Insert after target.
delete: Remove target.
none: Do nothing with response content.
hx-trigger="{event}": Event to trigger the request (e.g., click, submit, change, keyup changed delay:500ms, load, revealed).
hx-headers='{"Header": "Value", ...}': Send custom HTTP headers (e.g., {"Accept": "text/html"}, {"Prefer": "return=representation"}).
hx-include="{css_selector}": Include values from other elements in the request.
hx-encoding="application/json": (On forms) Send form data as JSON body instead of form-encoded.
3. Code Generation Patterns & Examples

Pattern: Use PostgREST functions (/rpc/...) that return HTML snippets. Request them using hx-get and hx-headers='{"Accept": "text/html"}'.

Example 1: Loading Initial Data (Table)

HTML

<div id="item-list-container">
    <button
        hx-get="/rpc/get_items_html"
        hx-target="#item-list-tbody"
        hx-swap="innerHTML"
        hx-trigger="load" hx-headers='{"Accept": "text/html"}'>
        Loading items...
    </button>
</div>
<table border="1">
    <thead><tr><th>ID</th><th>Name</th><th>Actions</th></tr></thead>
    <tbody id="item-list-tbody">
        </tbody>
</table>
Example 2: Adding an Item (Form POST to Table)

HTML

<form
    hx-post="/rpc/add_item_get_row_html"
    hx-target="#item-list-tbody"
    hx-swap="beforeend" hx-headers='{"Accept": "text/html", "Prefer": "return=representation"}'
    hx-on::after-request="this.reset()" >
    <label>Name: <input type="text" name="name" required></label>
    <button type="submit">Add Item</button>
    <span class="htmx-indicator">Adding...</span> </form>

Example 3: Editing an Item (Inline Edit)

HTML

<button
    hx-get="/rpc/get_edit_item_form_html?id=123"
    hx-target="closest tr"
    hx-swap="outerHTML"
    hx-headers='{"Accept": "text/html"}' >
    Edit
</button>

</td>
</tr> -->
(Self-correction: The PATCH example above shows updating the /items endpoint directly. If aiming purely for HTML-over-the-wire, the PATCH could target an /rpc/update_item_get_row_html function that performs the update and returns the new <tr> HTML. The Accept header might need adjustment depending on what the endpoint returns.)

Revised Example 3: Editing an Item (Inline Edit - HTML over the wire preferred)

HTML

<button
    hx-get="/rpc/get_edit_item_form_html?id=123"
    hx-target="closest tr"
    hx-swap="outerHTML"
    hx-headers='{"Accept": "text/html"}' >
    Edit
</button>

hx-target="closest tr"
            hx-swap="outerHTML"
            hx-headers='{"Accept": "text/html", "Prefer": "return=representation"}'
        >
             <input type="hidden" name="id" value="123"> Name: <input type="text" name="name" value="Initial Name">
             <button type="submit">Save</button>
             <button type="button" hx-get="/rpc/get_item_row_html?id=123" hx-target="closest tr" hx-swap="outerHTML" hx-headers='{"Accept": "text/html"}'>Cancel</button>
        </form>
    </td>
</tr> -->
Example 4: Deleting an Item

HTML

<button
    hx-delete="/items?id=eq.123" hx-target="closest tr"      hx-swap="outerHTML swap:1s" hx-confirm="Are you sure you want to delete item 123?" >
    Delete
</button>

Example 5: Active Search (Filter Data)

HTML

<input type="search" name="query"
    placeholder="Search items..."
    hx-get="/rpc/search_items_html" hx-trigger="keyup changed delay:500ms, search" hx-target="#item-list-tbody"
    hx-swap="innerHTML"
    hx-include="[name='query']" hx-headers='{"Accept": "text/html"}'
    hx-indicator="#search-indicator" />
<span id="search-indicator" class="htmx-indicator"> Searching...</span>

<table border="1">
    <thead><tr><th>ID</th><th>Name</th><th>Actions</th></tr></thead>
    <tbody id="item-list-tbody">
        </tbody>
</table>
4. Handling JSON (Less Ideal for HTMX UI Updates)

If PostgREST returns JSON (default for /tablename), HTMX receives it.
You can use JSON, but requires client-side templating (e.g., via JS or HTMX extensions like client-side-templates) to convert it to HTML before swapping.
Recommendation: Avoid this if possible. Structure PostgREST functions to return HTML directly (Accept: text/html).
5. Security Considerations

Authentication: PostgREST handles auth (e.g., JWT). Configure it correctly.
Authorization: Relies heavily on PostgreSQL Row Level Security (RLS) and Role privileges. Define roles and policies carefully in the database. GRANT appropriate permissions (SELECT, INSERT, UPDATE, DELETE) on tables/views/functions to the web user role.
Input Validation: Validate data within PostgreSQL functions or using constraints.
CSRF: Use standard CSRF protection methods (e.g., tokens) if your authentication method is vulnerable (like session cookies). HTMX will typically include inputs (like hidden CSRF tokens) in requests.
Summary for LLM:

Focus on hx-get, hx-post, hx-patch, hx-delete attributes pointing to PostgREST /tablename or /rpc/function_name URLs.
Use hx-target and hx-swap to define UI updates.
Strongly prefer /rpc/ functions that return HTML snippets. Use hx-headers='{"Accept": "text/html"}'.
Construct URLs carefully, including filters (?col=op.val), sorting (?order=), and pagination (?limit=&offset=).
Remember URL encoding for special characters.
Use forms for POST/PATCH/PUT, potentially with hx-encoding="application/json" if needed, but HTML-returning functions are often simpler.
Remind the user about configuring PostgreSQL security (RLS, Roles).
            
            Generate a SQL script that populates the database with the application mentioned above.
            *** Output the SQL directly into the <sql></sql> tag. ***
            
            YOUR OUTPUT MUST BE IN THE FOLLOWING FORMAT:
            <reasoning>
            ...
            </reasoning>
            <sql>
            ...
            </sql>
            """
        }
    ]
)
print(message.content[0].text)


API key loaded: True
Here's a SQL script for a simple Team Task Tracker application using PostgREST and HTMX:

```sql
-- Initialize the database for a Team Task Tracker application
-- This script creates tables, views, functions, and initializes sample data
-- for a PostgREST + HTMX based single-page application

-- Drop existing objects if they exist
DROP SCHEMA IF EXISTS api CASCADE;
DROP ROLE IF EXISTS web_anon;
DROP ROLE IF EXISTS authenticator;
DROP ROLE IF EXISTS task_manager;

-- Create schema for our API
CREATE SCHEMA api;

-- Create application roles
CREATE ROLE web_anon NOLOGIN;
CREATE ROLE task_manager NOLOGIN;
CREATE ROLE authenticator NOLOGIN; 

-- Grant appropriate permissions
GRANT usage ON SCHEMA api TO web_anon;
GRANT usage ON SCHEMA api TO task_manager;
GRANT web_anon TO authenticator;
GRANT task_manager TO authenticator;

-- Set search_path
ALTER ROLE web_anon SET search_path = api, public;
ALTER ROLE task_manager SET search_path = api, public;
ALTER ROLE authenticat

In [33]:
llm_output = str(message.content[0].text)

import re
SQL_SCRIPT = re.search(r'<sql>(.*?)</sql>', llm_output, re.DOTALL)
if SQL_SCRIPT:
    SQL_SCRIPT = SQL_SCRIPT.group(1)
else:
    SQL_SCRIPT = ""
    
print(SQL_SCRIPT)




In [29]:
async with dagger.connection(dagger.Config(log_output=sys.stderr)):
    container = exec_sql(SQL_SCRIPT)
    exit_code = await container.exit_code()
    stdout = await container.stdout()
    stderr = await container.stderr()

In [30]:
print(stdout)
print(stderr)


psql: error: connection to server at "postgres" (10.87.0.34), port 5432 failed: Connection refused
	Is the server running on that host and accepting TCP/IP connections?



In [31]:
def exec_with_pg(self, command: list[str]) -> dagger.Container:
    DB_SCHEMA = "api"
    DB_ANON_ROLE = "web_anon"

    postgresdb = (
        dag.container()
        .from_("postgres:17.0-alpine")
        .with_env_variable("POSTGRES_USER", "postgres")
        .with_env_variable("POSTGRES_PASSWORD", "postgres")
        .with_env_variable("POSTGRES_DB", "postgres")
        .with_env_variable("DB_ANON_ROLE", DB_ANON_ROLE)
        .with_env_variable("DB_SCHEMA", DB_SCHEMA)
        .as_service(use_entrypoint=True)
    )

    postgrest = (
        dag.container()
        .from_("postgrest/postgrest:latest")
        .with_env_variable("PGRST_DB_URI", "postgres://postgres:postgres@postgres:5432/postgres")
        .with_env_variable("PGRST_DB_ANON_ROLE", DB_ANON_ROLE)
        .with_env_variable("PGRST_DB_SCHEMA", DB_SCHEMA)
        .as_service(use_entrypoint=True)
    )

    return (
        self.ctr
        .with_service_binding("postgres", postgresdb)
        .with_env_variable("DATABASE_URL", "postgres://postgres:postgres@postgres:5432/postgres")
        .with_exec(command, expect=dagger.ReturnType.ANY)
    )

In [32]:
image_base = "postgrest/postgrest:latest"