From 2175de2a2c77d2b894a1e28dd98e88c762e49504 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 19 Mar 2026 23:21:39 +0000 Subject: [PATCH 1/2] Initial plan From 1daf6a30a4d0cfcb7c0b9b7161035f4309238167 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 19 Mar 2026 23:29:48 +0000 Subject: [PATCH 2/2] Fix get_client(): safe URI lookup and gated TLS bypass via DOCUMENTDB_ALLOW_INVALID_CERTS Co-authored-by: khelanmodi <141972056+khelanmodi@users.noreply.github.com> --- clinical-note-similarity-py/.env.example | 5 ++++- clinical-note-similarity-py/utils/db.py | 10 ++++++++-- fraud-detection-agent-py/.env.example | 5 ++++- fraud-detection-agent-py/utils/db.py | 10 ++++++++-- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/clinical-note-similarity-py/.env.example b/clinical-note-similarity-py/.env.example index d02edf7..25511b0 100644 --- a/clinical-note-similarity-py/.env.example +++ b/clinical-note-similarity-py/.env.example @@ -1,6 +1,9 @@ -DOCUMENTDB_URI=mongodb://:@localhost:10260/?tls=true&tlsAllowInvalidCertificates=true&authMechanism=SCRAM-SHA-256 +DOCUMENTDB_URI=mongodb://:@localhost:10260/?tls=true&authMechanism=SCRAM-SHA-256 DOCUMENTDB_DATABASE=clinicaldb DOCUMENTDB_COLLECTION=notes +# Set to "true" only when using a local container with a self-signed certificate. +# Leave unset or "false" for real deployments with a valid TLS certificate. +DOCUMENTDB_ALLOW_INVALID_CERTS=false OLLAMA_BASE_URL=http://127.0.0.1:11434 OLLAMA_EMBEDDING_MODEL=nomic-embed-text FLASK_PORT=5001 diff --git a/clinical-note-similarity-py/utils/db.py b/clinical-note-similarity-py/utils/db.py index 8fde1e2..8e64970 100644 --- a/clinical-note-similarity-py/utils/db.py +++ b/clinical-note-similarity-py/utils/db.py @@ -1,11 +1,17 @@ import os +import sys from pymongo import MongoClient def get_client() -> MongoClient: - uri = os.environ["DOCUMENTDB_URI"] - return MongoClient(uri, tlsAllowInvalidCertificates=True) + uri = os.getenv("DOCUMENTDB_URI") + if not uri: + sys.exit("Error: DOCUMENTDB_URI environment variable is not set. Please configure it before running.") + allow_invalid_certs = os.getenv("DOCUMENTDB_ALLOW_INVALID_CERTS", "false").lower() in ("1", "true", "yes") + if allow_invalid_certs: + return MongoClient(uri, tlsAllowInvalidCertificates=True) + return MongoClient(uri) def get_collection(client: MongoClient): diff --git a/fraud-detection-agent-py/.env.example b/fraud-detection-agent-py/.env.example index b44816e..2666396 100644 --- a/fraud-detection-agent-py/.env.example +++ b/fraud-detection-agent-py/.env.example @@ -1,6 +1,9 @@ -DOCUMENTDB_URI=mongodb://:@localhost:10260/?tls=true&tlsAllowInvalidCertificates=true&authMechanism=SCRAM-SHA-256 +DOCUMENTDB_URI=mongodb://:@localhost:10260/?tls=true&authMechanism=SCRAM-SHA-256 DOCUMENTDB_DATABASE=frauddb DOCUMENTDB_COLLECTION=transactions +# Set to "true" only when using a local container with a self-signed certificate. +# Leave unset or "false" for real deployments with a valid TLS certificate. +DOCUMENTDB_ALLOW_INVALID_CERTS=false OLLAMA_BASE_URL=http://127.0.0.1:11434 OLLAMA_EMBEDDING_MODEL=nomic-embed-text OLLAMA_LLM_MODEL=llama3.2 diff --git a/fraud-detection-agent-py/utils/db.py b/fraud-detection-agent-py/utils/db.py index a194aff..559ed18 100644 --- a/fraud-detection-agent-py/utils/db.py +++ b/fraud-detection-agent-py/utils/db.py @@ -1,11 +1,17 @@ import os +import sys from pymongo import MongoClient def get_client() -> MongoClient: - uri = os.environ["DOCUMENTDB_URI"] - return MongoClient(uri, tlsAllowInvalidCertificates=True) + uri = os.getenv("DOCUMENTDB_URI") + if not uri: + sys.exit("Error: DOCUMENTDB_URI environment variable is not set. Please configure it before running.") + allow_invalid_certs = os.getenv("DOCUMENTDB_ALLOW_INVALID_CERTS", "false").lower() in ("1", "true", "yes") + if allow_invalid_certs: + return MongoClient(uri, tlsAllowInvalidCertificates=True) + return MongoClient(uri) def get_collection(client: MongoClient):