From 90da26745b556f795da11e032097fb927877b28e Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBook-Pro.local>
Date: Mon, 11 May 2026 20:56:38 +0200
Subject: [PATCH] fix(mc-api): NODE_TLS_REJECT_UNAUTHORIZED=0 for self-signed
 cert

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../app/api/sdk/v1/master-controls/route.ts      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/admin-compliance/app/api/sdk/v1/master-controls/route.ts b/admin-compliance/app/api/sdk/v1/master-controls/route.ts
index 7dc329b..bc6f47f 100644
--- a/admin-compliance/app/api/sdk/v1/master-controls/route.ts
+++ b/admin-compliance/app/api/sdk/v1/master-controls/route.ts
@@ -1,14 +1,14 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { Pool } from 'pg'
 
-const pool = new Pool({
-  connectionString: process.env.COMPLIANCE_DATABASE_URL ||
-    process.env.DATABASE_URL ||
-    'postgresql://breakpilot:breakpilot123@bp-core-postgres:5432/breakpilot_db',
-  ssl: process.env.COMPLIANCE_DATABASE_URL?.includes('sslmode=require')
-    ? { rejectUnauthorized: false }
-    : false,
-})
+// Disable SSL rejection for self-signed certs
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
+
+const dbUrl = process.env.COMPLIANCE_DATABASE_URL ||
+  process.env.DATABASE_URL ||
+  'postgresql://breakpilot:breakpilot123@bp-core-postgres:5432/breakpilot_db'
+
+const pool = new Pool({ connectionString: dbUrl })
 
 /**
  * MC API that returns data in the same format as the canonical controls