Fix: Disable SSL for localhost PostgreSQL connections on macOS #42
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Document minimum uv version to avoid uv.lock parse failures when building from source.
Keep CONTRIBUTING prerequisites concise while retaining the minimum uv version.
Add automatic Docker socket path detection to support Docker Desktop on macOS and other platforms where the default /var/run/docker.sock is not available. The fix checks for the Docker Desktop socket at ~/.docker/run/docker.sock and sets DOCKER_HOST accordingly. This resolves connection errors when running 'deadend init' on macOS with Docker Desktop installed. Changes: - Added os import for path and environment variable handling - Added socket path detection logic before Docker client initialization - Formatted code with black and isort per contributing guidelines
Users no longer need to manually enter the database URL during initialization. The DB_URL now defaults to the pgvector container connection string (postgresql://postgres:postgres@localhost:54320/codeindexerdb) that gets automatically set up during the init process. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Users no longer need to manually enter the database URL during initialization. The DB_URL now defaults to the pgvector container connection string (postgresql://postgres:postgres@localhost:54320/codeindexerdb) that gets automatically set up during the init process. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
The Python sandbox was previously hardcoded to download only the Linux binary, causing "Exec format error" on macOS systems. This change adds platform detection and downloads the appropriate binary for Linux, macOS (Darwin), and Windows. Changes: - Add platform.system() detection to identify the OS - Create SANDBOX_CONFIGS dict with platform-specific binary URLs and SHA256 checksums - Add get_sandbox_config() function to return the correct configuration - Update download_python_sandbox() to use platform-specific configuration - Include macOS binary SHA256: 9dc49652b1314978544e3e56eef67610d10a2fbb51ecaf06bc10f9c27ad75d7c Fixes the issue where macOS users could not run the chat command due to attempting to execute a Linux binary. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fixes asyncpg SSL negotiation issue on macOS where connections to localhost PostgreSQL fail with "ClientConfigurationError: sslmode parameter must be one of: disable, allow, prefer, require, verify-ca, verify-full". The issue occurs because: - Docker Desktop on macOS uses VM-based networking with port forwarding - asyncpg attempts SSL negotiation by default, even for localhost - Local PostgreSQL containers typically don't have SSL certificates configured - asyncpg doesn't accept 'sslmode' as a URL parameter (unlike psycopg2) Solution: - Detect localhost connections (localhost, 127.0.0.1, ::1) - Pass ssl=False via connect_args to SQLAlchemy's create_async_engine() - Only affects local development, doesn't impact remote/production databases This fix is safe for Linux users as explicitly disabling SSL for localhost is harmless and doesn't change their working behavior. Tested on macOS with Docker Desktop and local pgvector container. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes asyncpg SSL negotiation failure on macOS when connecting to local PostgreSQL containers.
Problem
On macOS, the chat command fails with:
This error occurs because:
sslmodeas a URL parameter (unlike psycopg2) - it requiresssl=True/Falsevia connection argumentsSolution
localhost,127.0.0.1,::1)ssl=Falseviaconnect_argsto SQLAlchemy'screate_async_engine()Why Linux Users Don't Experience This
On Linux, Docker uses native bridge networking where localhost connections don't trigger the same SSL negotiation behavior in asyncpg.
Safety
Testing
Changes
deadend_cli/deadend_agent/src/deadend_agent/rag/db_cruds.pyssl=Falseinconnect_argsfor localhost connections🤖 Generated with Claude Code