Skip to content

fix: update database URL configuration to use environment variable #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ssdeanx merged 1 commit into from
Apr 15, 2026
Merged

fix: update database URL configuration to use environment variable #137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/components/page-header.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,13 @@ export function PageHeader({
initial={{ opacity: 0, scale: 0.8 }}
animate={{ opacity: 0.15, scale: 1 }}
transition={{ duration: 1.5, ease: 'easeOut' }}
className="absolute left-1/2 top-0 -z-10 h-[400px] w-[400px] -translate-x-1/2 -translate-y-1/2 rounded-full bg-primary/30 blur-[100px]"
className="absolute left-1/2 top-0 -z-10 h-100 w-100 -translate-x-1/2 -translate-y-1/2 rounded-full bg-primary/30 blur-[100px]"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

These changes to the CSS classes are unrelated to the PR's objective of updating database configuration. Additionally, h-100 and w-100 are not standard Tailwind CSS utilities (the default scale ends at 96). Unless these are custom-defined in your configuration, this change will likely cause the decorative orb to have no height or width.

Suggested change
className="absolute left-1/2 top-0 -z-10 h-100 w-100 -translate-x-1/2 -translate-y-1/2 rounded-full bg-primary/30 blur-[100px]"
className="absolute left-1/2 top-0 -z-10 h-[400px] w-[400px] -translate-x-1/2 -translate-y-1/2 rounded-full bg-primary/30 blur-[100px]"

/>
<motion.div
initial={{ opacity: 0 }}
animate={{ opacity: 0.1 }}
transition={{ duration: 2, delay: 0.3 }}
className="absolute bottom-0 right-0 -z-10 h-[300px] w-[300px] translate-x-1/4 translate-y-1/4 rounded-full bg-blue-500/30 blur-[80px]"
className="absolute bottom-0 right-0 -z-10 h-75 w-75 translate-x-1/4 translate-y-1/4 rounded-full bg-blue-500/30 blur-[80px]"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The classes h-75 and w-75 are not standard Tailwind CSS utilities. This change is out of scope for this PR and likely introduces a UI regression where the background decoration loses its dimensions.

Suggested change
className="absolute bottom-0 right-0 -z-10 h-75 w-75 translate-x-1/4 translate-y-1/4 rounded-full bg-blue-500/30 blur-[80px]"
className="absolute bottom-0 right-0 -z-10 h-[300px] w-[300px] translate-x-1/4 translate-y-1/4 rounded-full bg-blue-500/30 blur-[80px]"

Comment on lines +60 to +66
/>
</>
)}
Expand Down
8 changes: 4 additions & 4 deletions src/mastra/config/libsql.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import { createGraphRAGTool, createVectorQueryTool } from '@mastra/rag'

export const libsqlstorage = new LibSQLStore({
id: 'libsql-storage',
url: 'file:./database.db',
url: process.env.DB ?? 'file:./database.db',
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The database URL fallback logic process.env.DB ?? 'file:./database.db' is repeated multiple times in this file (lines 13, 25, 129, and 130). Consider extracting this into a constant at the top of the file to improve maintainability and ensure consistency across storage, vector, and logging configurations.

maxRetries: 5, // Optional retry configuration for transient errors
initialBackoffMs: 100, // Initial backoff for retries
//disableInit: process.env.DB_DISABLE_INIT === 'true', // Disable auto-init if specified
Comment on lines +13 to 16
Expand All @@ -22,7 +22,7 @@ export const libsqlstorage = new LibSQLStore({
// Create a new vector store instance
export const libsqlvector = new LibSQLVector({
id: 'libsql-vector',
url: 'file:./database.db',
url: process.env.DB ?? 'file:./database.db',
// Optional: for Turso cloud databases
authToken: process.env.TURSO_AUTH_TOKEN,
syncInterval: 10000, // Sync every 10 seconds (optional)
Expand Down Expand Up @@ -126,8 +126,8 @@ export const LibsqlMemory = new Memory({
})

log.info('LibSQLStore and Memory initialized with LibSQLVector support', {
storage: 'file:./database.db',
vector: 'file:./database.db',
storage: process.env.DB ?? 'file:./database.db',
Copy link
Copy Markdown
Contributor

@kilo-code-bot kilo-code-bot Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Potential security vulnerability - logging database URL may expose credentials

The database URL logged here may contain sensitive information like usernames and passwords if process.env.DB is a connection string. Consider redacting or masking sensitive parts of the URL before logging.

Suggested change
storage: process.env.DB ?? 'file:./database.db',
storage: '[REDACTED]',

vector: process.env.DB ?? 'file:./database.db',
Comment on lines +129 to +130
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

Logging the raw database URL from process.env.DB can expose sensitive information, such as credentials, in the application logs. It is recommended to mask the connection string or log only the non-sensitive parts (e.g., the hostname).

Comment on lines 128 to +130
// schema: process.env.DB_SCHEMA ?? 'mastra',
// maxConnections: parseInt(process.env.DB_MAX_CONNECTIONS ?? '20'),
memoryOptions: {
Expand Down
Loading