From d88330b050e8945bdb56864b276ec918d9ca8d6d Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBook-Pro.local>
Date: Mon, 27 Apr 2026 08:07:10 +0200
Subject: [PATCH] fix: Self-Signed SSL Zertifikat in SDK State Store
 akzeptieren
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Die Hetzner PostgreSQL nutzt ein Self-Signed Zertifikat. Der Node.js
pg Pool lehnte es ab (DEPTH_ZERO_SELF_SIGNED_CERT), wodurch der SDK
State nicht laden konnte → Application Error in ALLEN Modulen.

Fix: rejectUnauthorized: false wenn sslmode=require in der URL.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 admin-compliance/app/api/sdk/v1/state/route.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/admin-compliance/app/api/sdk/v1/state/route.ts b/admin-compliance/app/api/sdk/v1/state/route.ts
index 93b1b19..0d18e6f 100644
--- a/admin-compliance/app/api/sdk/v1/state/route.ts
+++ b/admin-compliance/app/api/sdk/v1/state/route.ts
@@ -97,6 +97,10 @@ class PostgreSQLStateStore implements StateStore {
       max: 5,
       // Set search_path for compliance schema
       options: '-c search_path=compliance,core,public',
+      // Accept self-signed certificates (Hetzner PostgreSQL)
+      ssl: connectionString.includes('sslmode=require')
+        ? { rejectUnauthorized: false }
+        : false,
     })
   }