security: remove credential SQL comments and add DATABASE_URL fail-fast check

- Remove hardcoded SQL comments containing 'ml_user' and 'ml_password'
- Remove fallback default credentials in DATABASE_URL construction
- Add fail-fast validation: raise RuntimeError if DATABASE_URL env var is missing or empty
- Mark task 1.4 as complete in code-review-fix/tasks.md

services/ml/app/db.py

@@ -15,20 +15,13 @@ from sqlalchemy.orm import sessionmaker, Session
 from sqlalchemy.sql import func
 
 
-# CREATE DATABASE ml_service;
-# CREATE USER ml_user WITH ENCRYPTED PASSWORD 'ml_password';
-# GRANT ALL PRIVILEGES ON DATABASE ml_service TO ml_user;
-
-
 # Database connection configuration from environment
-DATABASE_URL = os.getenv(
-    "DATABASE_URL",
-    f"postgresql://{os.getenv('POSTGRES_USER', 'ml_user')}:"
-    f"{os.getenv('POSTGRES_PASSWORD', 'ml_password')}@"
-    f"{os.getenv('POSTGRES_HOST', 'localhost')}:"
-    f"{os.getenv('POSTGRES_PORT', '5432')}/"
-    f"{os.getenv('POSTGRES_DB', 'ml_service')}"
-)
+DATABASE_URL = os.getenv("DATABASE_URL")
+if not DATABASE_URL:
+    raise RuntimeError(
+        "DATABASE_URL environment variable is required. "
+        "Please set it to a valid PostgreSQL connection string."
+    )
 
 # Create SQLAlchemy engine
 engine = create_engine(