trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

security: remove credential SQL comments and add DATABASE_URL fail-fast check

Browse source 
- Remove hardcoded SQL comments containing 'ml_user' and 'ml_password'
- Remove fallback default credentials in DATABASE_URL construction
- Add fail-fast validation: raise RuntimeError if DATABASE_URL env var is missing or empty
- Mark task 1.4 as complete in code-review-fix/tasks.md
This commit is contained in:
Marko Djordjevic 2026-02-18 10:56:49 +01:00
parent 55ee9c936a
commit 9bc82b822c
2 changed files with 7 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
openspec/changes/code-review-fix/tasks.md
View file

@ -3,7 +3,7 @@
- [x] 1.1 `[haiku]` Add `.env` to `.gitignore` and run `git rm --cached .env` to untrack it
- [x] 1.2 `[haiku]` Add `models/` and `*.pkl` to `.gitignore`
- [x] 1.3 `[haiku]` Replace real credentials in `.env.example` with placeholders (`POSTGRES_PASSWORD=change_me_to_a_strong_password`)
- [ ] 1.4 `[haiku]` Remove SQL comment with credentials from `services/ml/app/db.py` and add fail-fast check for missing `DATABASE_URL`
- [x] 1.4 `[haiku]` Remove SQL comment with credentials from `services/ml/app/db.py` and add fail-fast check for missing `DATABASE_URL`
- [ ] 1.5 `[sonnet]` Update `docker-compose.yml` to use `${POSTGRES_USER}`, `${POSTGRES_PASSWORD}`, `${POSTGRES_DB}` env var interpolation in all DATABASE_URL values
- [ ] 1.6 `[haiku]` Bind PostgreSQL port to `127.0.0.1:5432:5432` in `docker-compose.yml`
- [ ] 1.7 `[haiku]` Bind MLflow port to `127.0.0.1:5000:5000` in `docker-compose.yml`