--- name: alibabacloud-dms-skill description: | Alibaba Cloud DMS Database Read/Write Skill. Use this skill to search for target databases in DMS and execute SQL queries and data modifications. Triggers: "DMS query", "database query", "execute SQL", "search database", "DMS SQL", "insert data", "update data". --- # Alibaba Cloud DMS Database Read/Write Search for target databases and execute SQL queries and data modifications via Alibaba Cloud DMS OpenAPI. ## Scenario Description This skill implements the following workflow: 1. **Search Target Database** — Search databases by keyword to get Database ID 2. **Execute SQL Query** — Execute SQL statements on the target database ### Architecture ``` User Request → Search Database → Get Database ID → Execute SQL → Return Results ``` ## Prerequisites ### AI-Mode Lifecycle (MUST follow in order) This skill MUST run inside an AI-Mode session. Treat the following five steps as a strict lifecycle — do not skip, reorder, or interleave the setup steps with command execution: ``` 1. aliyun configure ai-mode enable # Enable AI-Mode 2. aliyun configure ai-mode set-user-agent AlibabaCloud-Agent-Skills/alibabacloud-dms-skill # Register skill User-Agent 3. aliyun configure set --auto-plugin-install true && aliyun plugin update # Plugin update 4. # Execute commands 5. aliyun configure ai-mode disable # Disable AI-Mode (Cleanup) ``` Steps 1–3 belong to setup (this section). Step 4 is covered by [Core Workflow](#core-workflow). Step 5 is covered by [Cleanup](#cleanup). ### Pre-checks > **Pre-check 0: Aliyun CLI >= 3.3.3 required** > Run `aliyun version` to verify >= 3.3.3. If not installed or version too low, > run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to install/update, > or see `references/cli-installation-guide.md` for installation instructions. > **Pre-check 1: Enable AI-Mode** > [MUST] run `aliyun configure ai-mode enable` to enable AI-Mode before any other configuration or command. > This activates the AI-Mode session that downstream OpenAPI services use to recognize agent-issued traffic. > **Pre-check 2: Register skill User-Agent under AI-Mode** > [MUST] run `aliyun configure ai-mode set-user-agent AlibabaCloud-Agent-Skills/alibabacloud-dms-skill` > to register this skill's identifier as the AI-Mode User-Agent for the current session. > Run this immediately after `ai-mode enable` and before any plugin update or DMS command. > **Pre-check 3: Aliyun CLI plugin update required** > [MUST] run `aliyun configure set --auto-plugin-install true` to enable automatic plugin installation. > [MUST] run `aliyun plugin update` to ensure that any existing plugins are always up-to-date. > Plugin update MUST happen AFTER AI-Mode is enabled and the User-Agent is registered, so the plugin manager itself reports the correct identifier. - Aliyun CLI >= 3.3.3 - jq (for JSON parsing): `brew install jq` - Credentials configured via `aliyun configure` > **Pre-check 4: Alibaba Cloud Credentials Required** > > **Security Rules:** > - **NEVER** read, echo, or print AK/SK values (e.g., `echo $ALIBABA_CLOUD_ACCESS_KEY_ID` is FORBIDDEN) > - **NEVER** ask the user to input AK/SK directly in the conversation or command line > - **NEVER** use `aliyun configure set` with literal credential values > - **ONLY** use `aliyun configure list` to check credential status > > ```bash > aliyun configure list > ``` > Check the output for a valid profile (AK, STS, or OAuth identity). > > **If no valid profile exists, STOP here.** > 1. Obtain credentials from [Alibaba Cloud Console](https://ram.console.aliyun.com/manage/ak) > 2. Configure credentials **outside of this session** (via `aliyun configure` in terminal or environment variables in shell profile) > 3. Return and re-run after `aliyun configure list` shows a valid profile **[MUST] Per-command CLI User-Agent** — In addition to the AI-Mode User-Agent registered in Pre-check 2, every `aliyun` CLI command invocation in step 4 MUST also include: `--user-agent AlibabaCloud-Agent-Skills/alibabacloud-dms-skill` The per-command flag and the AI-Mode session-level setting are complementary — both MUST be present so the identifier is sent on every request even if the AI-Mode session expires. ## RAM Permissions > **[MUST] RAM Permission Pre-check:** Verify that the current user has the following RAM permissions before execution. > See `references/ram-policies.md` for the complete permission list. ## Parameter Confirmation > **IMPORTANT: Parameter Confirmation** — Before executing any command or API call, > ALL user-customizable parameters (e.g., database keyword, SQL statement, db-id, etc.) > MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval. | Parameter | Required/Optional | Description | Default | |-----------|------------------|-------------|---------| | keyword | Required | Database search keyword (1-128 chars, alphanumeric) | - | | db-id | Required | Database ID (positive integer, obtained from search) | - | | sql | Required | SQL statement to execute (1-10000 chars) | - | | logic | Optional | Whether to use logic database mode | false | | force | Optional | Confirm write operations (INSERT/UPDATE/DELETE) | false | | dry-run | Optional | Preview write operations without executing | false | ## Core Workflow ### Task 1: Search Target Database Search for databases by keyword to get the Database ID: ```bash ./scripts/search_database.sh --json ``` Example: ```bash # Search for databases containing "mydb" ./scripts/search_database.sh mydb --json ``` The output includes `database_id`, `schema_name`, `db_type`, `host`, `port`, etc. ### Task 2: Execute SQL Query Execute SQL using the Database ID obtained in the previous step: ```bash ./scripts/execute_query.sh --db-id --sql "" ``` #### Write Operation Protection For write operations (INSERT/UPDATE/DELETE), the script implements protective pre-check: | Parameter | Description | |-----------|-------------| | `--force` | Required to confirm and execute write operations | | `--dry-run` | Preview write operations without executing | **DDL Operations (DROP/TRUNCATE/ALTER/RENAME) are completely blocked** — these must be executed via DMS Console. Examples: ```bash # Read operations (no confirmation needed) ./scripts/execute_query.sh --db-id 78059000 --sql "SHOW TABLES" ./scripts/execute_query.sh --db-id 78059000 --sql "SELECT * FROM users LIMIT 10" --json # Write operations - preview first (recommended) ./scripts/execute_query.sh --db-id 78059000 --sql "INSERT INTO users (name) VALUES ('test')" --dry-run # Write operations - execute with confirmation ./scripts/execute_query.sh --db-id 78059000 --sql "INSERT INTO users (name) VALUES ('test')" --force ./scripts/execute_query.sh --db-id 78059000 --sql "UPDATE users SET name='test' WHERE id=1" --force ./scripts/execute_query.sh --db-id 78059000 --sql "DELETE FROM users WHERE id=1" --force # Logic database mode ./scripts/execute_query.sh --db-id 78059000 --sql "SELECT 1" --logic ``` ### Complete Example ```bash # 1. Search database (assuming searching for "order") ./scripts/search_database.sh order --json # Example output: # [{"DatabaseId": "78059000", "SchemaName": "order_db", ...}] # 2. Execute query ./scripts/execute_query.sh --db-id 78059000 --sql "SELECT COUNT(*) FROM orders" ``` ## Success Verification After executing SQL, check the returned results: 1. Script return code is 0 2. Output contains query results (column names and row data) 3. No error messages ```bash # Verify query success ./scripts/execute_query.sh --db-id --sql "SELECT 1" --json # Expected output: [{"Success": true, "RowCount": 1, ...}] ``` ## Cleanup This skill performs read and write operations but does not create persistent resources, so no database resources need to be released. However, the AI-Mode lifecycle requires an explicit teardown step: > **[MUST] Disable AI-Mode after all tasks complete** > Run `aliyun configure ai-mode disable` once all DMS commands in this skill session have finished > (success or failure). This terminates the AI-Mode session and prevents the registered > `AlibabaCloud-Agent-Skills/alibabacloud-dms-skill` User-Agent from leaking into subsequent unrelated CLI usage. ```bash aliyun configure ai-mode disable ``` ## Write Operation Safety | Operation Type | Behavior | |---------------|----------| | SELECT / SHOW / DESC | Execute directly | | INSERT / UPDATE / DELETE | Require `--force` or `--dry-run` | | DROP / TRUNCATE / ALTER / RENAME | **Blocked** — use DMS Console | ## Available Scripts | Script | Description | |--------|-------------| | `scripts/search_database.sh` | Search databases by keyword | | `scripts/execute_query.sh` | Execute SQL queries | > **Note:** Scripts use aliyun-cli credentials configured via `aliyun configure`. ## Best Practices 1. **Confirm database** — Verify the target database before executing SQL 2. **Use --json parameter** — Facilitates programmatic processing of output 3. **Preview write operations** — Always use `--dry-run` first for INSERT/UPDATE/DELETE 4. **Explicit confirmation** — Use `--force` only after reviewing the preview 5. **Avoid DDL operations** — DROP/TRUNCATE/ALTER/RENAME are blocked; use DMS Console instead ## Reference Links | Document | Description | |----------|-------------| | [references/cli-installation-guide.md](references/cli-installation-guide.md) | CLI Installation Guide | | [references/ram-policies.md](references/ram-policies.md) | RAM Permission Policies | | [references/related-apis.md](references/related-apis.md) | Related API List | | [references/acceptance-criteria.md](references/acceptance-criteria.md) | Acceptance Criteria |