release(secrets-mcp): 0.5.17 — 取消生产环境强制 PG TLS 校验

移除 SECRETS_ENV=production 时对 verify-ca/verify-full 的硬性要求，仍可通过 SECRETS_DATABASE_SSL_MODE 显式选择模式。 Made-with: Cursor
2026-04-10 17:10:55 +08:00
parent ff2ea91e72
commit 137a4d42b0
4 changed files with 3 additions and 26 deletions
--- a/crates/secrets-core/src/config.rs
+++ b/crates/secrets-core/src/config.rs
@@ -8,7 +8,6 @@ pub struct DatabaseConfig {
    pub url: String,
    pub ssl_mode: Option<PgSslMode>,
    pub ssl_root_cert: Option<PathBuf>,
-    pub enforce_strict_tls: bool,
 }

 /// Resolve database URL from environment.
@@ -63,20 +62,10 @@ fn resolve_ssl_root_cert_from_env() -> Result<Option<PathBuf>> {
    Ok(Some(path))
 }

-fn is_production_env() -> bool {
-    matches!(
-        env_var_non_empty("SECRETS_ENV")
-            .as_deref()
-            .map(|value| value.to_ascii_lowercase()),
-        Some(value) if value == "prod" || value == "production"
-    )
-}
-
 pub fn resolve_db_config(override_url: &str) -> Result<DatabaseConfig> {
    Ok(DatabaseConfig {
        url: resolve_db_url(override_url)?,
        ssl_mode: parse_ssl_mode_from_env()?,
        ssl_root_cert: resolve_ssl_root_cert_from_env()?,
-        enforce_strict_tls: is_production_env(),
    })
 }