@trycompai/db 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/ssl-config.d.ts +0 -1
  2. package/dist/ssl-config.d.ts.map +1 -1
  3. package/dist/ssl-config.js +11 -6
  4. package/package.json +1 -2
  5. package/certs/rds-global-bundle.pem +0 -2736
  6. package/dist/rds-ca-bundle.d.ts +0 -2
  7. package/dist/rds-ca-bundle.d.ts.map +0 -1
  8. package/dist/rds-ca-bundle.js +0 -9
package/dist/ssl-config.d.ts CHANGED
@@ -1,5 +1,4 @@
1
1
  export type SslConfig = undefined | {
2
- ca: string;
3
2
  checkServerIdentity: () => undefined;
4
3
  } | {
5
4
  rejectUnauthorized: false;
package/dist/ssl-config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ssl-config.d.ts","sourceRoot":"","sources":["../src/ssl-config.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,SAAS,GACjB,SAAS,GACT;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,mBAAmB,EAAE,MAAM,SAAS,CAAA;CAAE,GACpD;IAAE,kBAAkB,EAAE,KAAK,CAAA;CAAE,CAAC;AAgBlC,wBAAgB,gBAAgB,CAC9B,WAAW,EAAE,MAAM,EACnB,GAAG,GAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAe,GAC5C,SAAS,CAQX"}
1
+ {"version":3,"file":"ssl-config.d.ts","sourceRoot":"","sources":["../src/ssl-config.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GACjB,SAAS,GACT;IAAE,mBAAmB,EAAE,MAAM,SAAS,CAAA;CAAE,GACxC;IAAE,kBAAkB,EAAE,KAAK,CAAA;CAAE,CAAC;AAgBlC,wBAAgB,gBAAgB,CAC9B,WAAW,EAAE,MAAM,EACnB,GAAG,GAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAe,GAC5C,SAAS,CAcX"}
package/dist/ssl-config.js CHANGED
@@ -1,7 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.resolveSslConfig = resolveSslConfig;
4
- const rds_ca_bundle_1 = require("./rds-ca-bundle");
5
4
  const LOCAL_HOSTNAMES = new Set(['localhost', '127.0.0.1', '::1']);
6
5
  function isLocalhostUrl(connectionString) {
7
6
  try {
@@ -20,9 +19,15 @@ function resolveSslConfig(databaseUrl, env = process.env) {
20
19
  return undefined;
21
20
  if (env.PRISMA_ALLOW_INSECURE_TLS === '1')
22
21
  return { rejectUnauthorized: false };
23
- // Verified TLS using the inlined AWS RDS CA bundle. Skip the hostname check
24
- // because connections may traverse an AWS NLB whose hostname isn't in the
25
- // RDS Proxy cert's SAN list. The chain check still rejects forged or
26
- // wrong-CA certs.
27
- return { ca: rds_ca_bundle_1.RDS_CA_BUNDLE, checkServerIdentity: () => undefined };
22
+ // Verified TLS via Node's default trust store, which includes Amazon Root
23
+ // CA 1 where AWS RDS Proxy chains terminate. Hostname check is skipped
24
+ // because connections traverse an AWS NLB whose hostname isn't in the RDS
25
+ // Proxy cert's SAN list; the chain check still rejects forged or wrong-CA
26
+ // certs.
27
+ //
28
+ // Previously this returned `{ ca: RDS_CA_BUNDLE, ... }` — but `ssl.ca`
29
+ // *replaces* Node's trust store rather than augmenting it, and the bundle
30
+ // only contains regional RDS CAs (not Amazon Root CA 1), so RDS Proxy
31
+ // chain validation failed at runtime (P1011 / TlsConnectionError).
32
+ return { checkServerIdentity: () => undefined };
28
33
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@trycompai/db",
3
3
  "description": "Database package with Prisma client and schema for Comp AI",
4
- "version": "2.2.0",
4
+ "version": "2.3.0",
5
5
  "dependencies": {
6
6
  "@prisma/adapter-pg": "7.6.0",
7
7
  "@prisma/client": "7.6.0",
@@ -36,7 +36,6 @@
36
36
  },
37
37
  "files": [
38
38
  "dist",
39
- "certs",
40
39
  "README.md",
41
40
  "INTEGRATION_GUIDE.md"
42
41
  ],