Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/cli/src/commands/integrations/edit-integration.ts`:
- Around line 293-297: The catch around resolveEnvVarRefsFromMap is swallowing
the underlying error and letting validation run on unresolved env:... tokens;
instead re-throw a contextual error so callers see the real cause: catch the
error from resolveEnvVarRefsFromMap(integrationRawJson, envVars), build and
throw a new Error (or re-throw the original) with context like "Failed to
resolve env var references for integrationRawJson" and include the original
error message, or alternatively append the original error to the thrown Error;
ensure you remove the silent debug-only behavior so downstream schema validation
failures are avoided.

In `@packages/cli/src/commands/integrations/integrations-prompts/mongodb.ts`:
- Around line 16-24: The safeUrlParse function currently checks for
ReferenceError in its catch block but new URL(...) throws TypeError for
malformed URLs; update the catch to detect TypeError (e.g., if (error instanceof
TypeError) return null) so malformed URLs return null instead of rethrowing, and
apply the same change to the second occurrence of this logic elsewhere in the
file (the other try/catch at the later block).
- Around line 153-156: The port prompt should be skipped for SRV URIs: update
the logic around promptForOptionalStringPortField (variable portRaw) to only
call it when prefix !== SRV_PREFIX, and when prefix === SRV_PREFIX set port to
undefined (instead of using defaultValues?.port or
parsedFromConnectionString?.port). Also ensure the code that later builds the
connection string (where port is included) uses this port variable so SRV URIs
are not rendered as host:port; this change applies to both the initial prompt
block (portRaw) and the later port handling used to construct the URI.
- Around line 43-59: Tighten the prefix typing by introducing a literal union
type MongoPrefix = 'mongodb://' | 'mongodb+srv://' and use it instead of plain
string for the prefix parameter in buildMongoConnectionString and any other
functions/signatures referenced at the same spots (the parameter at the function
signature around buildMongoConnectionString and the select call occurrences
around the other locations), and update the select<string> usage to
select<MongoPrefix> (or change the constants to have as const and use typeof
constants union) so only the two valid prefixes are allowed; keep all other
parameter types the same.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@packages/cli/src/commands/integrations/integrations-prompts/prompt-for-ssh-fields.ts`:
- Around line 12-32: The returned SSH object currently has duplicate keys
(sshPort and sshUser twice) and marks fields optional even though
promptForRequiredStringField and promptForRequiredStringPortField guarantee
non-empty strings; fix by removing the conditional spread fragments and only
return a single object with sshEnabled: true and the concrete keys sshHost,
sshPort, sshUser (no conditional spreads), and update the function return type
to Promise<{ sshEnabled: true; sshHost: string; sshPort: string; sshUser: string
} | null> so types reflect required values; reference variables and helpers:
sshEnabled, sshHost, sshPort, sshUser, promptForRequiredStringField,
promptForRequiredStringPortField, and ensure no duplicate keys remain in the
return object.

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@packages/cli/src/commands/integrations/integrations-prompts/prompt-for-ssh-fields.ts`:
- Around line 12-30: The function currently types its SSH return as optional
fields but always collects required values (sshHost, sshPort, sshUser) and then
uses conditional spreads; update the return type for this function to require
sshHost, sshPort, and sshUser when sshEnabled is true (e.g. { sshEnabled: true;
sshHost: string; sshPort: string; sshUser: string }), and simplify the return in
the block where sshEnabled === true to directly return { sshEnabled: true,
sshHost, sshPort, sshUser } (remove the conditional spread logic and any dead
branches); adjust any callers/types if necessary to match the stricter shape.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@packages/cli/src/commands/integrations/tests/add-integration.mariadb.test.ts`:
- Around line 78-232: Add two new tests alongside the existing ones: 1) an
error/validation flow that simulates entering an invalid port then correcting it
— reuse createIntegration and fillBaseFields, after the SSH/SSL prompts type an
invalid port (e.g., "notaport"), assert the CLI shows a validation/error
message, then type a valid port (e.g., "3306") and finish the flow, finally
assert the written YAML contains the corrected port; and 2) a special-character
case that supplies values with quotes, newlines and shell-sensitive characters
for name/password/caCertificateText (e.g., "My \"Weird\" DB", "p@ss\nword$!",
and multiline cert content), run createIntegration with envFile, finish prompts
(enable SSL to capture cert), then assert the YAML and .env capture those values
correctly (env ref for password and caCertificateText) and that special
characters are properly preserved/escaped. Reference the existing test
helpers/symbols createIntegration, fillBaseFields, screen, and readFile to
implement these checks.
- Around line 120-174: The SSH-enabled test for creates mariadb integration with
SSH tunnel enabled currently asserts only the YAML file; update it to also read
and assert the .env file at envFilePath (used earlier) to ensure secrets were
persisted — specifically check the DB password key
(env:AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__PASSWORD) and any SSH-related secret
entries that should be written, using the mocked mockUUID to construct expected
env var names; place these assertions after awaiting promise returned by
createIntegration so both YAML and .env are verified.

In
`@packages/cli/src/commands/integrations/tests/add-integration.mindsdb.test.ts`:
- Around line 120-174: The test case for "creates mindsdb integration with SSH
tunnel enabled" is missing the assertion that the saved password was written to
the .env file; after awaiting promise and before or after asserting yamlContent,
read the envFilePath (using readFile(envFilePath, 'utf-8')) and add an
expectation that its contents include the generated env var key and password
(the same key used in other tests, e.g.
AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__PASSWORD) or use toMatchInlineSnapshot to
assert the exact env content; this ensures the createIntegration flow (invoked
via createIntegration and filled by fillBaseFields) actually persisted the
password to the .env file.

In
`@packages/cli/src/commands/integrations/tests/add-integration.mongodb.test.ts`:
- Around line 31-50: The fillMongoCredentials helper currently accepts and
destructures a redundant type parameter (type/default 'mongodb') that is never
used; remove the type property from the inputs type, the default destructuring
(delete "type?: string" and "type = 'mongodb'"), and eliminate any references to
type inside fillMongoCredentials, then update all test callers of
fillMongoCredentials in this file to stop passing a type field (or adjust calls
if they rely on that field); keep the remaining defaults (name, host, port,
user, password, database) intact and run tests to confirm nothing else expects
the removed parameter.

In `@packages/cli/src/commands/integrations/tests/add-integration.mysql.test.ts`:
- Around line 120-174: The test for SSH tunnel creates an envFile but never
asserts its contents; after awaiting promise, read the envFilePath (used in the
test) and assert it contains the expected environment variable line that matches
the UUID-derived key used in the YAML (constructed from mockUUID, e.g.
AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__PASSWORD) and the secret value supplied by
fillBaseFields; add this check alongside the existing yamlContent assertion by
calling readFile(envFilePath, 'utf-8') and expect(...) toContain the exact env
var assignment.

In `@packages/cli/src/commands/integrations/tests/add-integration.pgsql.test.ts`:
- Around line 178-236: The test "creates integration with SSH tunnel enabled" is
missing the .env file assertion: after awaiting promise and reading yamlContent,
also read envFilePath (the envFile passed into createIntegration) and assert its
contents include the expected environment variable mapping used in the YAML (the
env var key shown as AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__PASSWORD derived from
the mocked UUID 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee'), e.g. ensure the .env
file contains a line like
AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__PASSWORD=<password> to match the YAML
password reference.

In
`@packages/cli/src/commands/integrations/tests/add-integration.snowflake.test.ts`:
- Around line 239-284: The test for Native Snowflake OAuth collects a client
secret but never asserts the .env file was written; after awaiting promise in
the "creates snowflake integration with Native Snowflake OAuth auth" test (the
test that calls createIntegration, fillTypeAndName, and fillOptionalFields), add
code to read the env file at envFilePath and assert it contains the expected
CLIENTSECRET entry (the env var name used in the YAML:
AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__CLIENTSECRET) and the correct value
"native-client-secret"; keep the existing YAML assertion but add an assertion
like
expect(envContent).toContain('AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__CLIENTSECRET=native-client-secret')
so the test verifies both the integrations YAML and the .env output.

In
`@packages/cli/src/commands/integrations/tests/edit-integration.snowflake.test.ts`:
- Around line 11-253: The tests in edit-integration.snowflake.test.ts only cover
happy paths; add new test cases using the existing helpers (editIntegration,
screen, EXISTING_PASSWORD_YAML, EXISTING_KEY_PAIR_YAML, envFilePath/tempDir) to
cover (1) submitting empty/invalid required fields (e.g., blank Account Name,
blank Username, missing password/privateKey) and asserting the CLI shows
validation errors and does not write the file, (2) entering
credentials/identifiers containing special characters and verifying they are
preserved in integrations.yaml and .env, and (3) simulating a validation-failure
flow (mock any validator used by editIntegration or trigger an invalid
authMethod) and assert the correct error messages are shown and file remains
unchanged; reuse the same screen interaction pattern (screen.type,
screen.keypress, screen.next) and the final readFile/assert checks used in the
existing its.
- Around line 56-253: Add assertions to each test ("edits snowflake password
integration keeping all defaults", "updates account name when user types new
value", and "edits snowflake service account key pair integration keeping
defaults") to lock in that editIntegration does not mutate process.env: set a
sentinel env var (e.g., process.env.__EDIT_INTEGRATION_SENTINEL = '1') before
calling editIntegration (the promise assignment that calls editIntegration) and
after awaiting the flow (after await promise) assert the sentinel still equals
'1'. Reference the editIntegration call and corresponding EXISTING_PASSWORD_YAML
/ EXISTING_KEY_PAIR_YAML setup in each test so the checks are added immediately
before the promise is created and immediately after the promise resolves.

---

Duplicate comments:
In
`@packages/cli/src/commands/integrations/tests/add-integration.snowflake.test.ts`:
- Around line 233-235: The service-account .env inline snapshot in the test
fails because the private-key placeholder changed; update the inline snapshot
for envContent in add-integration.snowflake.test.ts to match the new PRIVATEKEY
placeholder format used by the code (adjust the quoted FAKE_PRIVATE_KEY line and
any surrounding newlines/escaping so the snapshot string exactly matches the
generated env content produced by the service-account flow, referencing the
envContent variable in the test).

In
`@packages/cli/src/commands/integrations/tests/edit-integration.snowflake.test.ts`:
- Around line 101-118: Replace the inline snapshot assertions in
edit-integration.snowflake.test.ts (the
expect(yamlContent).toMatchInlineSnapshot(...) calls) with exact string
comparisons using dedent: import dedent from 'ts-dedent' at the top, then change
each toMatchInlineSnapshot to expect(yamlContent).toEqual(dedent(`...`)) with
the same YAML text inside; apply the same replacement for the other occurrences
noted (the blocks around the other toMatchInlineSnapshot calls referenced) so
all multiline YAML comparisons use ts-dedent instead of inline snapshots.

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@packages/cli/src/commands/integrations/tests/add-integration.snowflake.test.ts`:
- Around line 239-284: The test creates a Native Snowflake OAuth integration but
never asserts that the client secret was written to the env file; after awaiting
promise and before finishing the test, read the envFilePath (using
readFile(envFilePath, 'utf-8')) and add an expectation that the env content
contains the generated env var key with the secret, e.g.
expect(envContent).toContain('AAAAAAAA_BBBB_CCCC_DDDD_EEEEEEEEEEEE__CLIENTSECRET=native-client-secret'),
referencing the mockUUID value and the existing
createIntegration/fillTypeAndName/fillOptionalFields flow.

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@packages/cli/src/commands/integrations/tests/edit-integration.snowflake.test.ts`:
- Around line 80-352: Add a regression assertion around each
editIntegration(...) invocation to ensure process.env is not mutated: capture a
shallow snapshot of process.env before calling editIntegration (e.g., copy
keys/values) and after awaiting the editIntegration promise compare the current
process.env to the snapshot and fail the test if any added/changed/deleted keys
are detected; update tests referencing editIntegration (examples: the tests
calling editIntegration({ file, envFile, id: 'sf-id-001' }), editIntegration({
id: 'sf-id-002' }), editIntegration({ id: 'sf-id-003' })) to include this
pre/post assertion.
- Around line 76-352: The tests currently only exercise happy paths; add
negative and special-character cases to the same test file by creating new
it(...) tests that call editIntegration({ file, envFile, id }) (same pattern as
existing tests) and drive the interactive prompts via
screen.type/screen.keypress, then assert validation error messages are shown
(via screen.getScreen()) and that no file writes occur (no changes to
integrations.yaml via readFile) and env file remains unchanged (readFile on
envFilePath). Specifically add tests that: 1) submit empty required fields
(e.g., empty Account Name, Username or Client ID) and expect the CLI to display
a validation error and abort without updating the YAML; 2) provide invalid
characters or malicious input in credentials (passwords, privateKey) and expect
validation failure messages and no writes; and 3) confirm that when validation
passes for special-character credentials the env file is updated correctly (read
envFilePath) and the YAML contains env:VAR references (matching existing
expectations). Use the existing constants EXISTING_PASSWORD_YAML,
EXISTING_KEY_PAIR_YAML, EXISTING_OKTA_YAML and the same promise/await pattern so
tests integrate consistently with the existing screen-driven flow.

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@packages/cli/src/commands/integrations/tests/add-integration.mariadb.test.ts`:
- Around line 78-238: Add two tests after the existing happy-paths: one "invalid
port → correction" test that uses createIntegration, fillBaseFields and screen
to type a non-numeric port (e.g., "notaport"), assert the prompt shows a
validation error, then type the corrected port "3306" and complete creation,
finally assert the YAML contains port: "3306"; and one "special-character
serialization" test that sets name, password and caCertificateText to values
containing quotes, newlines and unicode via fillBaseFields and the SSL flow (use
screen.type for CA text), complete createIntegration, then assert the written
YAML and .env (readFile) preserve/serialize those special characters correctly
(check env var name generation via the mocked crypto.randomUUID and that env
values contain the original special characters); use the same helpers/variables
from the diff (createIntegration, fillBaseFields, screen, tempDir,
vi.spyOn(crypto,'randomUUID')) to locate where to add the tests.

In
`@packages/cli/src/commands/integrations/tests/edit-integration.snowflake.test.ts`:
- Around line 11-356: Add tests exercising edge/error and special-character
scenarios for editIntegration: create new it() cases that call editIntegration({
file, envFile, id }) using the existing fixtures (EXISTING_PASSWORD_YAML,
EXISTING_OKTA_YAML, EXISTING_KEY_PAIR_YAML) to cover (1) submitting empty
required fields (e.g., leave Username or Account Name blank) and asserting the
command fails or prompts with validation error, (2) providing invalid values
(e.g., malformed accountName or whitespace-only) and asserting expected error
handling, and (3) entering values with special characters/unicode for name,
username, and secrets and verifying those characters persist in
integrations.yaml and .env; reference the interactive helpers screen,
screen.type, screen.keypress and verify outputs via readFile/expect like the
other tests to validate behavior.
- Around line 121-138: Replace the inline snapshot assertions that use
toMatchInlineSnapshot with dedent-based explicit string comparisons: import
dedent from 'ts-dedent', then change
expect(yamlContent).toMatchInlineSnapshot(`...`) to
expect(yamlContent).toEqual(dedent(`...`)) using the same YAML literal content
(trim any leading/trailing blank lines so dedent produces the exact string) for
the yamlContent assertions and apply the same transformation to the other
multiline assertions in this test file that currently use inline snapshots or
raw multiline toEqual; keep the variable name yamlContent and the assertion
targeting logic unchanged.
- Around line 76-119: Before and after invoking the edit flow (the
editIntegration call that returns promise), capture a shallow snapshot of
process.env (e.g., const envBefore = { ...process.env }) and after await promise
assert the environment was not mutated (e.g.,
expect(process.env).toEqual(envBefore]); apply this sentinel pattern around each
editIntegration invocation in the test (the promise variable created by
editIntegration in this file) so dotenv resolution does not leak into global
process.env during the editIntegration flows.

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@packages/cli/src/commands/integrations/add-integration.test.ts`:
- Around line 19-31: The test for promptForIntegrationType is missing a
regression assertion that non-configurable integration types (e.g.
"pandas-dataframe") are not shown; update the 'promptForIntegrationType' test to
assert the rendered picker does NOT contain hidden types before selecting
'pgsql' (use the same screen utilities used in the test to check absence of
"pandas-dataframe"), then proceed with typing and asserting the selected result
as before so the behavior is locked by the test.
- Around line 33-62: The tests for promptForIntegrationName cover required-field
validation but lack a case verifying names with special characters; add a new it
test under describe('promptForIntegrationName') that calls
promptForIntegrationName(), asserts the prompt appears via screen.getScreen(),
types a name containing a variety of special characters (e.g. punctuation,
symbols, spaces), sends the enter key, awaits the promise result and asserts the
returned string exactly matches the typed special-character name to prevent
regressions in CLI input handling for the promptForIntegrationName flow.

---

Duplicate comments:
In `@packages/cli/src/commands/integrations/integrations-prompts/mongodb.ts`:
- Around line 19-21: The current bare catch in the URL parsing block swallows
all errors; change it to catch the thrown error object and only handle the URL
parsing TypeError from new URL(), returning null for that specific case, while
re-throwing any other error types so programming errors aren't masked; update
the catch in the mongodb URL parsing section (the try surrounding new URL(...))
to check err instanceof TypeError and return null, otherwise throw err.

In
`@packages/cli/src/commands/integrations/integrations-prompts/prompt-for-ssh-fields.ts`:
- Around line 7-12: The return type of promptForSshFields is incorrect: when
sshEnabled is true the helpers promptForRequiredStringField and
promptForRequiredStringPortField guarantee sshHost, sshPort and sshUser are
non-empty, so update the Promise return type from { sshEnabled: true; sshHost?:
string; sshPort?: string; sshUser?: string } | null to reflect non-optional
fields (e.g., { sshEnabled: true; sshHost: string; sshPort: string; sshUser:
string } | null) and ensure any code paths constructing that object in
promptForSshFields return those required string properties.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@packages/cli/src/commands/integrations/tests/add-integration.snowflake.test.ts`:
- Around line 183-356: Add a new test case in the same file following the
pattern of the existing tests (use createIntegration, mock randomUUID via
vi.spyOn(crypto, 'randomUUID'), await fillTypeAndName(), interact with the
prompt to choose 'Key Pair' as the Authentication method via screen.type('Key
Pair') and screen.keypress('enter'), then fill the expected prompts for key-pair
auth (e.g., username, Private Key (PEM), Private Key Passphrase), call await
fillOptionalFields(), await the createIntegration promise, and assert the
resulting YAML and .env contents mirror the other tests but with
metadata.authMethod set to key-pair and the private key stored in env with the
UUID-based variable like ...__PRIVATEKEY; reference the existing helpers and
symbols createIntegration, fillTypeAndName, fillOptionalFields, screen, and
vi.spyOn(crypto, 'randomUUID') so the test structure matches the other snowflake
auth tests.
- Line 2: Replace the Date.now()-based temp directory creation that uses mkdir
with the atomic mkdtemp API: update the import to pull mkdtemp from
'node:fs/promises' (remove or keep mkdir only if still used), then create the
temp directory with mkdtemp(path.join(os.tmpdir(), 'your-prefix-')) instead of
mkdir(...) and Date.now(); keep existing cleanup with rm and file reads via
readFile. Locate the temp-dir creation in add-integration.snowflake.test.ts (the
code currently using mkdir + Date.now()) and swap it to mkdtemp, ensuring you
import os/path helpers if not already present.

In
`@packages/cli/src/commands/integrations/tests/edit-integration.snowflake.test.ts`:
- Line 7: The vi.mock invocation currently uses the wrong relative path
("vi.mock('../../output', ...)") which resolves to a non-existent module; update
that mock call to use the correct relative path "vi.mock('../../../output',
...)" so it matches the actual import in the test subject. Locate the vi.mock
line (e.g., in edit-integration.snowflake.test.ts and the other integration test
suites) and change "../../output" to "../../../output" while keeping the mocked
object ({ debug: vi.fn(), log: vi.fn(), output: vi.fn(), error: vi.fn()})
unchanged.

---

Outside diff comments:
In `@packages/cli/src/commands/integrations/edit-integration.ts`:
- Around line 305-307: The code currently takes runtime input from
promptForIntegrationConfig() (newConfig) and writes it to disk without
validation; validate newConfig against the same schema/parser used for
existingConfigResult.data before mutating any YAML or .env files. Specifically,
after calling promptForIntegrationConfig(configForPrompt) run the integration
config schema validation (the same parser/validator used to parse
existingConfigResult.data) and only proceed to the YAML/.env writer functions if
validation succeeds; on validation failure reject the change (or re-prompt) and
do not call the routines that update the disk.
- Around line 321-337: The bug is that when secretCount === 0 the code skips
calling updateDotEnv and old secret entries remain in .env; always ensure .env
is updated to remove any previously stored secret keys even when no secrets
remain. Change the call site around secretCount (symbols: secretCount,
updateDotEnv, envFilePath, secrets) to always invoke updateDotEnv and pass a way
to remove absent keys (e.g., call updateDotEnv(envFilePath, secrets,
{removeMissing: true}) or call a new helper to strip known integration-related
keys when secrets is empty), and if needed modify updateDotEnv to delete keys
that are not present in the provided secrets map so deleted secret-backed fields
are removed from disk.

---

Duplicate comments:
In `@packages/cli/src/commands/integrations/edit-integration.ts`:
- Around line 291-295: The current try/catch around resolveEnvVarRefsFromMap
swallows errors (integrationRawJson, resolveEnvVarRefsFromMap) and only logs via
debug, which masks env-ref resolution failures; update the catch to re-throw a
new Error (or re-throw the original error) with contextual text like "Failed to
resolve env: refs in integration metadata" plus the original error message so
callers/validation see the real failure instead of continuing with unresolved
env: tokens and raw references.
- Around line 247-249: The default branch currently throws an error that
stringifies existingConfig (after env refs were resolved), risking leaking
secrets; replace that throw with a constant, non-sensitive message. Locate the
default case containing "existingConfig satisfies never" in edit-integration.ts
(the code handling integration types) and change the Error payload to a fixed
string like "Unsupported integration type" or similar, keeping the satisfies
never check but removing JSON.stringify(existingConfig) from the thrown message.

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@packages/cli/src/commands/integrations/tests/edit-integration.mongodb.test.ts`:
- Around line 1-15: Move the test so it is colocated with the module under test:
rename/move the test file currently named edit-integration.mongodb.test.ts so it
sits next to the source that exports editIntegration (the test imports
editIntegration and mocks ../../output), ensuring the test file uses the
.test.ts extension and imports remain correct; update any import paths in the
test to reference the local source file instead of the shared tests directory
and run the test suite to confirm paths and mocks (e.g., references to
editIntegration and the mocked output functions) resolve after relocation.
- Around line 395-397: The two long literal strings in the assertions inside
edit-integration.mongodb.test.ts (the expect calls checking envContent for
'MONGO_ID_001__RAWCONNECTIONSTRING=...' and
'MONGO_ID_001__CONNECTION_STRING=...') exceed Biome's line-length rules; break
each long literal across multiple shorter string segments (e.g., concatenate
with '+' or use an array.join('') expression) so the runtime string remains
identical but each source line is under the formatter limit, updating the two
expect(...) comparisons accordingly.
- Around line 317-319: The long string literals in the assertions (the two
expect(envContent).toContain(...) calls that include
'MONGO_ID_001__CONNECTION_STRING=...' and 'MONGO_ID_001__PASSWORD=...') need to
be broken across multiple source lines to satisfy the formatter; split each long
quoted literal into concatenated pieces (e.g. 'mongodb://new-user:new-pass@' +
'new-mongo.example.com:27017/new-db') or use a multi-line template concatenation
so the produced runtime string is identical but the source line length is
reduced, leaving the expect(envContent).toContain(...) calls and their arguments
functionally unchanged.

In `@packages/cli/src/commands/integrations/tests/edit-integration.pgsql.test.ts`:
- Around line 1-15: The test file is misplaced under a tests/ subfolder; move
the test so it's colocated with the source next to the module it exercises (the
editIntegration tests should live alongside the edit-integration module).
Relocate
packages/cli/src/commands/integrations/tests/edit-integration.pgsql.test.ts to
packages/cli/src/commands/integrations/edit-integration.pgsql.test.ts (keeping
the same test contents and imports such as editIntegration and the vi.mock of
../../output), update any relative imports if needed, and ensure the test
filename ends with .test.ts to match the project's colocated test convention.