From 29155028f88879d0a0f0d8a4013a4989557c59b7 Mon Sep 17 00:00:00 2001
From: Mathew Goldsborough <1759329+mgoldsborough@users.noreply.github.com>
Date: Wed, 13 May 2026 15:58:30 -1000
Subject: [PATCH] fix(manifest): bridge database_url credential to DATABASE_URL
 env; require it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The manifest declared `user_config.database_url` but did not declare
`mcp_config.env: { DATABASE_URL: "${user_config.database_url}" }`, so
setting the URL via the Configure UI wrote to the workspace credential
store but never reached the bundle subprocess. The Python code only
reads `DATABASE_URL` from `os.environ`; without the env-substitution
mapping there was no path from credential file to env var.

In practice the bundle only worked when operators bypassed the
Configure flow entirely and set `DATABASE_URL` on the platform process
env (via K8s Secret + `allowedEnv: ["DATABASE_URL"]` passthrough),
which is the wrong primary path — it's per-tenant ops config instead
of per-workspace user config.

This commit:

- Adds the missing `mcp_config.env` mapping so the Configure UI value
  flows through `prepareServer` env substitution at spawn time.
- Marks `database_url` as `required: true` in `user_config`. Existing
  installs with the field unset will fail `prepareServer` at next
  spawn with a clear "missing required configuration" error and the
  `nb config set` hint — much better than the silent "DATABASE_URL is
  not set" stack trace at first tool call.
- Drops the manifest description's reference to the
  host-env-passthrough workaround. Configure UI is now the canonical
  path.

Operators who currently rely solely on host-env passthrough on
production tenants need to set the credential via Configure UI (or
`nb config set ... database_url=...`) for affected workspaces. The
platform's set_user_config handler already auto-respawns the bundle
after a credential write — surfaced in v0.4.3 because the credential
now actually does something.

Bump 0.4.2 → 0.4.3.
---
 CHANGELOG.md   | 20 ++++++++++++++++++++
 manifest.json  | 11 +++++++----
 pyproject.toml |  2 +-
 uv.lock        |  2 +-
 4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6651665..72a497b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,26 @@ All notable changes to this bundle. Versions follow the mpak v0.x.y convention
 (see `mcp-servers/VERSIONING.md`): minor bumps may include breaking changes
 during the unstable channel.
 
+## 0.4.3
+
+### Fixed
+
+- **`database_url` set via Configure now reaches the bundle.** The manifest
+  was missing the `mcp_config.env` mapping that bridges the `user_config`
+  field to the `DATABASE_URL` env var the Python code reads. Setting the
+  URL via the UI was a silent no-op; only the host-env passthrough
+  (`allowedEnv: ["DATABASE_URL"]` + a process-env `DATABASE_URL`) worked.
+  Configure-UI is now the canonical path.
+
+### Changed (breaking for misconfigured installs)
+
+- **`database_url` is now `required: true` in `user_config`.** Existing
+  workspaces with the field unset will fail `prepareServer` at next spawn
+  with a clear "missing required configuration" error and the
+  `nb config set` hint. Operators who relied solely on the host-env
+  passthrough should now set the credential via Configure UI (or the
+  CLI). Workspaces that already have the credential saved are unaffected.
+
 ## 0.4.0
 
 ### Removed (breaking)
diff --git a/manifest.json b/manifest.json
index 64dac7a..c1a3352 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,7 +1,7 @@
 {
   "manifest_version": "0.4",
   "name": "@nimblebraininc/synapse-db-query",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "Natural-language Postgres query app with dynamic Vega-Lite visualizations",
   "author": {
     "name": "NimbleBrain Inc",
@@ -22,7 +22,10 @@
       "args": [
         "-m",
         "synapse_db_query.server"
-      ]
+      ],
+      "env": {
+        "DATABASE_URL": "${user_config.database_url}"
+      }
     }
   },
   "tools": [
@@ -47,9 +50,9 @@
     "database_url": {
       "type": "string",
       "title": "Database URL",
-      "description": "Postgres connection string for a read-only role (postgresql://user:pass@host:port/db). Optional — you may instead provide DATABASE_URL via the host environment and add `allowedEnv: [\"DATABASE_URL\"]` to the bundle entry in workspace.json.",
+      "description": "Postgres connection string for a read-only role (postgresql://user:pass@host:port/db). Resolved into the bundle's `DATABASE_URL` env var at spawn time via `mcp_config.env` substitution.",
       "sensitive": true,
-      "required": false
+      "required": true
     }
   },
   "_meta": {
diff --git a/pyproject.toml b/pyproject.toml
index 881a7c5..c9ddd46 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "synapse-db-query"
-version = "0.4.2"
+version = "0.4.3"
 description = "Natural-language Postgres query app with dynamic Vega-Lite visualizations"
 readme = "README.md"
 license = {text = "MIT"}
diff --git a/uv.lock b/uv.lock
index c6505f5..91a038d 100644
--- a/uv.lock
+++ b/uv.lock
@@ -1124,7 +1124,7 @@ wheels = [
 
 [[package]]
 name = "synapse-db-query"
-version = "0.4.0"
+version = "0.4.3"
 source = { editable = "." }
 dependencies = [
     { name = "fastmcp" },