Problem
prisma.config.ts:4-6 contains plaintext credentials:
const databaseUrl =
process.env.DATABASE_URL ?? "postgresql://dispatch:dispatch@localhost:5432/dispatch";
While this is a default fallback for local dev, it's a supply-chain risk if the file is ever included in error reports or screenshots.
Recommended Fix
Remove the fallback entirely; require DATABASE_URL to be set explicitly. Or use a clearly-labeled placeholder like postgresql://user:placeholder@localhost:5432/dispatch.
Acceptance Criteria
Parent: #235 (Weekly tech debt audit: 2026-05-27)
Labels: audit
Problem
prisma.config.ts:4-6contains plaintext credentials:While this is a default fallback for local dev, it's a supply-chain risk if the file is ever included in error reports or screenshots.
Recommended Fix
Remove the fallback entirely; require
DATABASE_URLto be set explicitly. Or use a clearly-labeled placeholder likepostgresql://user:placeholder@localhost:5432/dispatch.Acceptance Criteria
DATABASE_URLis required at runtime (fails with clear error if not set)Parent: #235 (Weekly tech debt audit: 2026-05-27)
Labels:
audit