feat: verified query optimization via altimate_core_rewrite verify_equivalence mode

[anandgupta42]

What does this PR do?

Adds verified query optimization as a mode of the existing altimate_core_rewrite tool (rather than a separate, overlapping tool).

altimate_core_rewrite gains a verify_equivalence option. When true, each proposed rewrite is checked against the original via altimate_core.equivalence, and only rewrites that return strict equivalent === true are labeled verified-safe to apply — the rest are returned but labeled "review before applying." The gate is conservative: it never promises "safe" unless equivalence proves it, so a verified rewrite can be applied without changing results.

Design note (review feedback): the first cut was a standalone altimate_verified_optimize tool, but that overlapped with sql_optimize and altimate_core_rewrite — three near-identical "optimize a query" tools would confuse the agent's tool selection (a documented failure mode). Folding verification into altimate_core_rewrite as a mode keeps the tool surface clean: verification is an option, not a competing tool.

Also wires the query-optimize skill to call altimate_core_rewrite with verify_equivalence: true, folding its old manual rewrite→equivalence steps into one verified call.

Current altimate_core.equivalence coverage is limited (tracked in altimate-core-internal #137); this is sound today (won't ship a wrong rewrite) and surfaces more verified wins as that engine coverage improves.

Type of change

• New feature (non-breaking change which adds functionality)

Issue for this PR

Closes #917

How did you verify your code works?

• 18 tests (test/altimate/altimate-core-rewrite-verify.test.ts) exercising verify mode:
  • gate logic (verified vs unverified partitioning, no-op/dedup filtering, mixed, no-schema, engine-error)
  • adversarial block: the gate trusts only strict equivalent === true — rejects "true", 1, {}, undefined, null, with specific reasons (missing-field / non-boolean / not-equivalent); fails safe when the equivalence handler throws (partial-failure resilience)
  • real-engine integration test against the altimate-core native binary (auto-skips if absent)
• verify_equivalence defaults to false → existing altimate_core_rewrite behavior is unchanged (regression-checked against tool-formatters + tool-error-propagation-complete).
• tsgo typecheck clean; marker guard clean.

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have added tests that prove my feature works
• New and existing unit tests pass locally with my changes

Summary by CodeRabbit

Release Notes

• New Features

  • Query optimization now verifies rewrite equivalence, classifying results as verified (safe to apply) or unverified (requires manual review).
  • Schema inspection enhances rewrite safety when available.

• Bug Fixes

  • Improved error handling for rewrite operations.

• Documentation

  • Updated query optimization workflow documentation.

[cubic-dev-ai]

2 issues found across 3 files

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[dev-punia-altimate]

Multi-Persona Review — Verdict: ship-with-notes

This PR introduces a well-designed, safety-critical tool for verified SQL optimization with strong test coverage and alignment with industry best practices. Two high-confidence bugs were identified: missing type validation for equivalence responses and potential deduplication issues with case-sensitive identifiers. A CLAUDE.md compliance gap exists. All findings are non-critical and fixable without blocking deployment.

14/14 agents completed · 220s · 3 findings (0 critical, 1 high, 1 medium)

High

• [code-reviewer, web-researcher] The equivalence check does not validate that 'equivalent' is a boolean before comparison, risking misclassification of malformed responses from the engine as 'not equivalent' instead of 'invalid input'. → packages/opencode/src/altimate/tools/altimate-verified-optimize.ts:45
  • 💡 Add explicit type validation: if typeof ed.equivalent !== 'boolean', treat as unverified with reason 'equivalence engine returned invalid response'.

Medium

• [code-reviewer] SQL normalization in deduplication may incorrectly merge distinct rewrites if the dialect supports case-sensitive identifiers or quoted identifiers. → packages/opencode/src/altimate/tools/altimate-verified-optimize.ts:72
  • 💡 Clarify in comments that normalization assumes case-insensitive semantics, or restrict normalization to non-quoted parts.

Low

• [code-reviewer] New tool lacks a CLAUDE.md file documenting safety guarantees, failure modes, and behavior, violating project conventions for trust-gating tools. → packages/opencode/src/altimate/tools/altimate-verified-optimize.ts:1
  • 💡 Create a CLAUDE.md file in the same directory detailing conservative gate logic, error handling, and safety properties.

---

_{Multi-Persona Review · vllm:qwen3-next-80b (waves) + vllm-fallback (synth) ·}

[dev-punia-altimate]

[HIGH · code-reviewer, web-researcher] The equivalence check does not validate that 'equivalent' is a boolean before comparison, risking misclassification of malformed responses from the engine as 'not equivalent' instead of 'invalid input'.

💡 Suggestion: Add explicit type validation: if typeof ed.equivalent !== 'boolean', treat as unverified with reason 'equivalence engine returned invalid response'.

_{Confidence: 95/100}

[dev-punia-altimate]

[MEDIUM · code-reviewer] SQL normalization in deduplication may incorrectly merge distinct rewrites if the dialect supports case-sensitive identifiers or quoted identifiers.

💡 Suggestion: Clarify in comments that normalization assumes case-insensitive semantics, or restrict normalization to non-quoted parts.

_{Confidence: 80/100}

[dev-punia-altimate]

[LOW · code-reviewer] New tool lacks a CLAUDE.md file documenting safety guarantees, failure modes, and behavior, violating project conventions for trust-gating tools.

💡 Suggestion: Create a CLAUDE.md file in the same directory detailing conservative gate logic, error handling, and safety properties.

_{Confidence: 75/100}

[dev-punia-altimate]

❌ Tests — Failures Detected

TypeScript — 15 failure(s)

• connection_refused [1.00ms]
• timeout [1.00ms]
• permission_denied
• parse_error
• network_error
• auth_failure
• rate_limit [1.00ms]
• internal_error
• empty_error
• connection_refused
• timeout
• permission_denied
• parse_error
• network_error [1.00ms]
• auth_failure

Next Step

Please address the failing cases above and re-run verification.

cc @anandgupta42

[coderabbitai]

Warning

Review limit reached

@anandgupta42, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 5 minutes and 20 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2b5fb693-7305-4112-b206-3e6c6cd67ab4

📥 Commits

Reviewing files that changed from the base of the PR and between 01d65e3 and b4bea7f.

📒 Files selected for processing (2)

• packages/opencode/src/altimate/tools/altimate-core-rewrite.ts
• packages/opencode/test/altimate/altimate-core-rewrite-verify.test.ts

📝 Walkthrough

Walkthrough

This PR introduces verified query optimization by adding a verify_equivalence flag to AltimateCoreRewriteTool. When enabled, rewrites are automatically checked for semantic equivalence, and only those verified as equivalent === true are marked safe to apply; others are presented as unverified with specific reasons. The query-optimize skill is updated to use this unified rewrite-with-verification approach.

Changes

Verified Query Rewrite Flow

Layer / File(s)	Summary
Rewrite verification implementation packages/opencode/src/altimate/tools/altimate-core-rewrite.ts	AltimateCoreRewriteTool gains a verify_equivalence optional parameter. Execute now conditionally routes to verifyRewrites, which deduplicates candidate rewrites, calls altimate_core.equivalence for each (guarded on schema availability), classifies only strict equivalent === true as verified, records unverified rewrites with specific reasons, and formatVerified renders human-readable VERIFIED/UNVERIFIED sections with per-rewrite confidence and availability notes.
Verification gate and behavior tests packages/opencode/test/altimate/altimate-core-rewrite-verify.test.ts	Comprehensive Bun test suite validates the verification gate using mocked dispatcher handlers, ensuring only equivalent === true yields verified results while false/missing/invalid/non-boolean equivalence responses are recorded as unverified. Tests cover error handling, filtering, deduplication, mixed verified/unverified outcomes, partial success when some equivalence calls throw, and an optional real end-to-end integration when altimate-core is available.
Query-optimize skill updated to unified rewrite flow .opencode/skills/query-optimize/SKILL.md	Skill documentation replaced separate sql_optimize and altimate_core_equivalence tools with a single altimate_core_rewrite call using verify_equivalence: true. Instructions now guide users on presenting verified-equivalent rewrites as safe to apply and listing unverified rewrites separately with a note to avoid manual application without review.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🐰 A rewrite flows in with questions to ask,
"Are you the same?" we check with our tasks,
Verified or not, we'll truthfully say,
Safety in SQL, the rewritten way! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is missing the required 'PINEAPPLE' keyword at the very top, as mandated by the template for AI-generated contributions.	Add the word 'PINEAPPLE' at the very top of the PR description before any other content, as required by the template for AI-generated contributions.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'feat: verified query optimization via altimate_core_rewrite verify_equivalence mode' clearly and concisely summarizes the main change: adding verified query optimization as a verify_equivalence mode to the altimate_core_rewrite tool.
Linked Issues check	✅ Passed	The PR fully implements the requirements from issue #917: added verify_equivalence mode to altimate_core_rewrite that checks rewrites against equivalence, labels only strict 'equivalent === true' as verified, updated query-optimize skill to use this mode, and added comprehensive tests.
Out of Scope Changes check	✅ Passed	All changes are directly related to issue #917: skill documentation updates, altimate-core-rewrite tool enhancement with verify_equivalence parameter, and comprehensive test coverage for the new verification flow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/verified-optimize

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/opencode/src/altimate/tools/altimate-core-rewrite.ts`:
- Around line 74-91: The deduplication currently lowercases SQL via the norm
helper, which can collapse case-sensitive differences; update norm to only
normalize whitespace/trim (remove .toLowerCase()), and ensure the seen set and
candidate filter use that case-preserving norm (references: norm, args.sql,
seen, raw, candidates, suggestions) so duplicates are based on
whitespace-normalized-but-case-preserved SQL strings.
- Around line 28-35: The current check uses the truthiness of "error" and misses
failure payloads like error: "" — update the handling in the
altimate-core-rewrite flow to explicitly check for a failure flag (e.g., if
result?.success === false || data?.success === false) alongside the existing
error variable (result, data, error) and return the error-shaped response (title
"Rewrite: ERROR", metadata with success: false and counts 0, and output using
the error string) whenever success === false, even if error is an empty string;
keep the existing fallback truthy error branch for backward compatibility.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 576dbe94-a94e-4bf0-bb5f-456736c68071

📥 Commits

Reviewing files that changed from the base of the PR and between 5c1fedf and 01d65e3.

📒 Files selected for processing (3)

• .opencode/skills/query-optimize/SKILL.md
• packages/opencode/src/altimate/tools/altimate-core-rewrite.ts
• packages/opencode/test/altimate/altimate-core-rewrite-verify.test.ts

[anandgupta42]

Addressed the review against the current file (altimate-core-rewrite.ts verify mode) in b4bea7f:

Fixed (real findings on current code)

• MAJOR (coderabbit): success === false handling. An { success: false, error: "" } rewrite payload had a falsy error and fell through to the success path. Now fails on an explicit success === false regardless of the error string. + regression test.
• MINOR (coderabbit + multi-persona): case-folding dedup. Whitespace-only normalization now; no .toLowerCase(), so two rewrites differing only by a case-sensitive string literal / quoted identifier stay distinct and are both verified (were being collapsed). + test asserting case-sensitive literals both survive.

Already addressed (these targeted the deleted standalone altimate-verified-optimize.ts; the current verify-mode code already does this)

• cubic P1 / "thrown equivalence aborts the tool": there's a per-candidate try/catch — a thrown equivalence check fails that candidate closed as unverified, not the whole tool.
• multi-persona HIGH / "validate equivalent is boolean": the gate is strict equivalent === true, with an explicit typeof ed.equivalent !== "boolean" → "non-boolean" reason and a "missing field" reason. Malformed responses are classed unverified with a specific reason.

Noted, not changed

• multi-persona LOW / per-tool CLAUDE.md: this is now a mode (verify_equivalence) of the existing altimate_core_rewrite tool, not a new standalone tool, so a dedicated CLAUDE.md isn't the right convention here; the safety contract is documented in the function doc-comments. Happy to add one if preferred.

Tests now 20/20 (was 18); typecheck clean.