GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity
Files
ae973910b99000179a75237764debad39cd66318
gt-ai-os-community/scripts/postgresql/tenant-extensions.sql
HackWeasel b9dfb86260 GT AI OS Community Edition v2.0.33 
Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-12 17:04:45 -05:00

72 lines
2.4 KiB
SQL
Raw Blame History

-- GT 2.0 Tenant Cluster Extensions Initialization
-- Installs all extensions for tenant database including PGVector
-- Requires pgvector/pgvector:pg15 Docker image
-- Enable logging
\set ON_ERROR_STOP on
\set ECHO all
-- NOTE: Removed \c gt2_tenants - Docker entrypoint runs this script
-- against POSTGRES_DB (gt2_tenants) automatically.
-- Vector extension for embeddings (PGVector) - Required for RAG/embeddings
CREATE EXTENSION IF NOT EXISTS vector;
-- Full-text search support
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS unaccent;
-- Statistics and monitoring
CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
CREATE EXTENSION IF NOT EXISTS pg_buffercache;
-- UUID generation
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-- JSON support enhancements
CREATE EXTENSION IF NOT EXISTS "btree_gin";
CREATE EXTENSION IF NOT EXISTS "btree_gist";
-- Security extensions
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
-- Verify critical extensions are loaded
DO $$
DECLARE
ext_count INTEGER;
BEGIN
-- Check vector extension
SELECT COUNT(*) INTO ext_count FROM pg_extension WHERE extname = 'vector';
IF ext_count = 0 THEN
RAISE EXCEPTION 'Vector extension not loaded - PGVector support required for embeddings';
ELSE
RAISE NOTICE 'Vector extension loaded successfully - PGVector enabled';
END IF;
-- Check pg_trgm extension
SELECT COUNT(*) INTO ext_count FROM pg_extension WHERE extname = 'pg_trgm';
IF ext_count = 0 THEN
RAISE EXCEPTION 'pg_trgm extension not loaded - Full-text search support required';
ELSE
RAISE NOTICE 'pg_trgm extension loaded successfully - Full-text search enabled';
END IF;
-- Check pg_stat_statements extension
SELECT COUNT(*) INTO ext_count FROM pg_extension WHERE extname = 'pg_stat_statements';
IF ext_count = 0 THEN
RAISE WARNING 'pg_stat_statements extension not loaded - Query monitoring limited';
ELSE
RAISE NOTICE 'pg_stat_statements extension loaded successfully - Query monitoring enabled';
END IF;
END $$;
-- Log completion
DO $$
BEGIN
RAISE NOTICE '=== GT 2.0 TENANT EXTENSIONS SETUP ===';
RAISE NOTICE 'Extensions configured in tenant database:';
RAISE NOTICE '- gt2_tenants: PGVector + full-text search + monitoring + crypto';
RAISE NOTICE 'All critical extensions verified and loaded';
RAISE NOTICE '======================================';
END $$;
View Git Blame Copy Permalink