From d55b02ab5cbaa68163bd7df20252453c555d2232 Mon Sep 17 00:00:00 2001
From: Wira Basalamah <wirabasalamah@wimac.local>
Date: Thu, 4 Jun 2026 11:45:16 +0700
Subject: [PATCH] Allow PG env vars in production preflight

---
 scripts/check-production-env.mjs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/scripts/check-production-env.mjs b/scripts/check-production-env.mjs
index bc13eb4..32671b3 100644
--- a/scripts/check-production-env.mjs
+++ b/scripts/check-production-env.mjs
@@ -5,7 +5,6 @@ const required = [
   "ADMIN_SESSION_SECRET",
   "MERCHANT_SESSION_SECRET",
   "INTEGRATION_WEBHOOK_SECRET",
-  "DATABASE_URL",
   "MQTT_BROKER_URL",
   "MQTT_USERNAME",
   "MQTT_PASSWORD",
@@ -33,6 +32,13 @@ for (const name of required) {
   }
 }
 
+const pgVars = ["PGHOST", "PGPORT", "PGUSER", "PGPASSWORD", "PGDATABASE"];
+const hasDatabaseUrl = Boolean(process.env.DATABASE_URL);
+const missingPgVars = pgVars.filter((name) => !process.env[name]);
+if (!hasDatabaseUrl && missingPgVars.length) {
+  errors.push(`DATABASE_URL or ${pgVars.join("/")} is required`);
+}
+
 for (const [name, value] of insecureDefaults.entries()) {
   if (name === "ADMIN_TOKEN" && process.env.ADMIN_AUTH_ALLOW_LEGACY_TOKEN === "false") {
     continue;
@@ -89,6 +95,10 @@ if (process.env.DATABASE_URL && !/^postgres(ql)?:\/\//.test(process.env.DATABASE
   errors.push("DATABASE_URL must be a postgres connection string");
 }
 
+if (!process.env.DATABASE_URL && process.env.PGPORT && !Number.isInteger(Number(process.env.PGPORT))) {
+  errors.push("PGPORT must be a number");
+}
+
 if (process.env.MQTT_BROKER_URL && !/^mqtts:\/\//.test(process.env.MQTT_BROKER_URL)) {
   warnings.push("MQTT_BROKER_URL should use mqtts:// for production");
 }