Remove the secrets: block from values.yaml so no plaintext credentials
live in the chart or git history. Update values-prod.yaml to replace the
--set secrets.* instructions with a pointer to the create-secrets.sh script.
passlib 1.7.4 (unmaintained since 2020) is incompatible with bcrypt>=4.0:
- bcrypt 4.x removed bcrypt.__about__ (passlib version probe fails)
- bcrypt 4.x enforces 72-byte password limit strictly, crashing
passlib's detect_wrap_bug() compatibility test during context init
Pinning bcrypt<4.0.0 is the standard workaround until passlib is replaced.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When the alembic console-script entry point runs, Python sets sys.path[0]
to the entry point directory (/usr/local/bin/), not the WORKDIR. Without
PYTHONPATH=/app, `from app.models import Base` in alembic/env.py fails
with ModuleNotFoundError. uvicorn is unaffected as it adds CWD to
sys.path itself.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Named interfaces without index signatures cannot be directly cast to
Record<string, unknown>. Use `as unknown as` double-cast to satisfy
TypeScript strict mode for the AnyEntity[] and Dispatch casts in
ConfigDetail.tsx, and the Config -> Record<string, unknown> cast in
ConfigList.tsx.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
