Add --ssl-reject-unauthorized flag for trusting self signed certs#25
Open
matteius wants to merge 3 commits intoexecuteautomation:mainfrom
Open
Add --ssl-reject-unauthorized flag for trusting self signed certs#25matteius wants to merge 3 commits intoexecuteautomation:mainfrom
matteius wants to merge 3 commits intoexecuteautomation:mainfrom
Conversation
Root cause: pg.Client holds a single connection open forever with no idle timeout, no statement timeout, and no lifecycle management. Every MCP tool invocation that touches the DB opens a connection that never closes, eventually exhausting all server connection slots. Fix: - Replace pg.Client with pg.Pool (max: 1) so idle connections are reaped after 10s via idleTimeoutMillis - Add statement_timeout (30s) to kill runaway queries — prevents the multi-hour zombie SELECT/INSERT queries seen in production - Add idle_in_transaction_session_timeout (60s) to kill abandoned transactions (stuck ROLLBACK/COMMIT) - Add pool error handler to prevent silent crashes - Verify connectivity on init with SELECT 1 + proper client.release()
…ction_and_trigger Aligns the tool surface with the "safe migrations only" policy used by host projects. Previously only CREATE TABLE / ALTER TABLE / INSERT-UPDATE-DELETE were exposed, which forced out-of-band psql for any migration involving enums, indexes, or audit-immutability triggers. All three new channels prefix-gate their inputs, reject DROP / ALTER / REPLACE / TRUNCATE / REINDEX in the body (word-boundary match, so identifiers containing those substrings between underscores are still allowed), and reject multi-statement submissions. Validators are exported as pure functions (validateCreateType, validateCreateIndex, validateFunctionAndTrigger) so they can be tested without a DB connection; the async wrappers call the validator, then dbExec. 19-case smoke test suite covers accept/reject paths. create_function_and_trigger runs the function first, then the trigger; a trigger failure leaves the function in place with a clear error message. CREATE OR REPLACE is allowed for the function (trigger helpers must be idempotent) but not for the trigger itself (triggers have no OR REPLACE — callers must pick unique trigger names). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.