- Notifications
You must be signed in to change notification settings - Fork0
PermalinkChoose a base ref {{ refName }}default Choose a head ref {{ refName }}default Checking mergeability… Don’t worry, you can still create the pull request.
Comparing changes
Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also orlearn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also.Learn more about diff comparisons here.
base repository:postgres-ai/postgres_ai
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
Uh oh!
There was an error while loading.Please reload this page.
base:main
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}defaultLoading
...
head repository:postgres-ai/postgres_ai
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
Uh oh!
There was an error while loading.Please reload this page.
compare:fix/remove-hardcoded-credentials
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}defaultLoading
Uh oh!
There was an error while loading.Please reload this page.
- 10commits
- 10files changed
- 2contributors
Commits on Sep 30, 2025
fix: Remove hardcoded credentials and implement environment variables
This commit addresses Critical Issue#1 from the security audit byremoving all hardcoded credentials and replacing them with environmentvariables.Changes:- Created .env.example template with all required environment variables- Added init-sql-generator service to process SQL templates with envsubst- Created init-template.sql files for sink-postgres and target-db- Updated docker-compose.yml to use environment variables for all credentials- Updated Grafana datasources.yml to use environment variables- Updated .gitignore to exclude .env and generated init.sql files- Added comprehensive SECURITY_SETUP.md documentationSecurity improvements:- No credentials stored in version control- All passwords configurable via .env file- Template system allows secure credential injection- Documentation for secure deployment practicesCloses#1🤖 Generated with [Claude Code](https://claude.com/claude-code)Co-Authored-By: Claude <noreply@anthropic.com>
docs: Update README and fix pgwatch-postgres configuration
Changes:- Added Environment Configuration section to README explaining .env usage- Updated Access points section with correct default credentials- Fixed pgwatch-postgres command to use simple array format with docker-compose variable substitution instead of shell interpolation- Added create_issues.sh script for issue managementTesting:- All services start successfully with default environment variables- Grafana accessible at localhost:3000 (monitor/changeme)- Prometheus collecting metrics from pgwatch- PostgreSQL databases initialized with correct credentials- pgwatch-postgres now connects successfully to sink databaseRelated to MR !56🤖 Generated with [Claude Code](https://claude.com/claude-code)Co-Authored-By: Claude <noreply@anthropic.com>
refactor: Remove unnecessary files and fix documentation style
Removed:- SECURITY_SETUP.md (unnecessary extra file, info moved to .env.example)- create_issues.sh (issues already created, script no longer needed)Updated:- README.md: Removed emoji from section title, removed reference to deleted SECURITY_SETUP.md, now references .env.example directlyFollows project core principles: avoid creating extra files unlessabsolutely necessary.Related to MR !56Co-Authored-By: Claude <noreply@anthropic.com>
style: Use consistent Postgres terminology in configuration
Changed 'PostgreSQL' to 'Postgres' in .env.example to align withproject terminology standards (prefer 'Postgres' over 'PostgreSQL').Also updated section headers to use sentence-style capitalization.Related to MR !56Co-Authored-By: Claude <noreply@anthropic.com>
style: Apply SQL style guide to template files
Changed all SQL keywords to lowercase per project SQL style guide:- create/grant/alter instead of CREATE/GRANT/ALTER- select/from/where/join instead of SELECT/FROM/WHERE/JOIN- Data types: timestamptz/text/jsonb instead of TIMESTAMPTZ/TEXT/JSONB- PL/pgSQL keywords: declare/begin/end/if/return (lowercase)Added explicit 'as' for aliases in queries.Improved formatting for multi-line statements with proper indentation.Follows .cursor/rules/development__db-sql-style-guide.mdcRelated to MR !56Co-Authored-By: Claude <noreply@anthropic.com>
style: Add backticks to technical terms in README
Added backticks around technical terms for better readability:- Connection strings: postgresql://...- Service names: pgwatch-postgres- Configuration files: pg_hba- Extensions: pg_stat_statementsImproves clarity and follows documentation best practices.Related to MR !56Co-Authored-By: Claude <noreply@anthropic.com>
fix: Correct version number to v0.10
Changed 'As of v2.0' to 'As of v0.10' to reflect actual projectversioning.Related to MR !56Co-Authored-By: Claude <noreply@anthropic.com>
docs: Add production .env setup reminder to Quick start
Added explicit reminder to configure .env before running quickstartin production. Links to Environment configuration section for details.Related to MR !56🤖 Generated with [Claude Code](https://claude.com/claude-code)Co-Authored-By: Claude <noreply@anthropic.com>
fix: Address MR review comments
- Remove hardcoded password from instances.yml, use environment variables- Update sources-generator to process environment variables with envsubst- Remove version reference from README (assume fresh install)- Change nano to vi in README installation instructionsRelated to MR !56🤖 Generated with [Claude Code](https://claude.com/claude-code)Co-Authored-By: Claude <noreply@anthropic.com>
fix: Resolve envsubst and password consistency issues
Three critical fixes for production deployment:1. Fixed envsubst to only substitute specific variables - Added explicit variable lists to envsubst commands - Prevents substitution of PostgreSQL $user keyword - Resolves "zero-length delimited identifier" error2. Fixed password consistency across services - Changed TARGET_MONITOR_PASSWORD default from monitor_pass to changeme - Ensures init-sql-generator and sources-generator use same password - Resolves authentication failures between pgwatch and target-db3. Added sslmode=disable to connection string - Postgres containers don't have SSL configured by default - Prevents TLS connection errorsTested with clean installation:- All 8 services start successfully- Grafana accessible with monitor/changeme credentials- pgwatch-postgres connects and fetches metrics- No authentication or initialization errorsRelated to MR !56🤖 Generated with [Claude Code](https://claude.com/claude-code)Co-Authored-By: Claude <noreply@anthropic.com>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:git diff main...fix/remove-hardcoded-credentials
Uh oh!
There was an error while loading.Please reload this page.