925cb0d7d6
- Q3: prod void DB role NOSUPERUSER (vector marked trusted; deploy/README documents it) - Q4: buildChildEnv allow-list for the claude subprocess (no OWNER_TOKEN/DATABASE_URL/secrets leak) - Q5: pending-change approve claims-before-applying + reopens on failure (no re-approvable dup) - Q6: /capture/upload validates space_id (UUID+existence); pg pool statement_timeout 30s - Q9: disabled failing syncoid-donatello timer on Z Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
20 lines
705 B
JavaScript
20 lines
705 B
JavaScript
import pg from 'pg';
|
|
import 'dotenv/config';
|
|
import { log } from '../log.js';
|
|
|
|
export const pool = new pg.Pool({
|
|
connectionString: process.env.DATABASE_URL,
|
|
max: 10,
|
|
idleTimeoutMillis: 30_000,
|
|
// Server-side cap so a pathological query can't pin a connection indefinitely.
|
|
// Generous enough for migrations + hybrid search on this homelab-scale DB.
|
|
statement_timeout: 30_000
|
|
});
|
|
|
|
// An idle pooled client can emit 'error' (DB restart, replication failover on
|
|
// the .215 cluster). With no listener, EventEmitter throws and the process
|
|
// crashes. Log and let pg discard the dead client; the pool reconnects lazily.
|
|
pool.on('error', (err) => {
|
|
log.error({ err }, 'idle pg client error');
|
|
});
|