Thoughts

Session 40 Codebase Audit: Railway Postgres password was hardcoded in plaintext in 5 pipeline scripts (render-batch.mjs, generate-visuals-batch.mjs, queue-manage.mjs, youtube-publish.mjs, blog-insert.mjs) and committed to git history. Fixed by creating shared lib/db.mjs that reads DATABASE_URL from .env. Password needs to be rotated in Railway dashboard since the old one is in git history. After rotating, update .env with the new connection string. All 5 scripts now use the shared module. Full audit fixed 21 issues: FRAMINGS bug, duplicate types, shared modules for DB/R2/validation/preflight, removed dead code, added manifest validation, preflight CLI checks, Hedra temp cleanup. Net: 336 lines added, 362 removed, zero TypeScript errors.