chore: update project configuration and improve documentation

- Updated .gitignore to include .codex directory.
- Changed Gitleaks configuration title to reflect the new project name.
- Enhanced SSL configuration logic in db.js for better handling of local and non-local connections.
- Updated roleMenuTemplates.js to improve conflict handling in SQL insertions.
- Adjusted links in safeSend.js and sanitizeMentions.js to point to the new repository.
- Modified Pricing.tsx to reflect updated pricing tiers.
- Updated header.tsx to link to the new project repository.

Author: BillChirico

.gitignore

@@ -38,5 +38,6 @@ web/.env.local
 web/.env.*.local
 web/tsconfig.tsbuildinfo
 
-# OpenClaw
+# Tools
 openclaw-studio/
+.codex/

.gitleaks.toml

@@ -1,7 +1,7 @@
-# Gitleaks configuration for bills-bot
+# Gitleaks configuration for volvox-bot
 # https://github.com/gitleaks/gitleaks
 
-title = "bills-bot gitleaks config"
+title = "volvox-bot gitleaks config"
 
 # Extend the default ruleset — adds standard rules for AWS, GCP, GitHub tokens, etc.
 [extend]

src/db.js

@@ -24,32 +24,65 @@ let leakDetectionInterval = null;
  * Selects the SSL configuration for a pg.Pool based on DATABASE_SSL and the connection string.
  *
  * DATABASE_SSL values:
- *   "false" / "off"      → SSL disabled
- *   "no-verify"          → SSL enabled but server certificate not verified
- *   "true" / "on" / unset → SSL enabled with server certificate verification
+ *   "false" / "off" / "disable" → SSL disabled
+ *   "no-verify"                 → SSL enabled but server certificate not verified
+ *   "true" / "on" / "require"   → SSL enabled with server certificate verification
  *
- * Connections whose host contains "railway.internal" always disable SSL.
+ * If DATABASE_SSL is unset, SSL is disabled for local connections and enabled
+ * with full certificate verification for non-local connections.
  *
  * @param {string} connectionString - Database connection URL
  * @returns {false|{rejectUnauthorized: boolean}} `false` to disable SSL, or an object with `rejectUnauthorized` indicating whether server certificates must be verified
  */
 function getSslConfig(connectionString) {
-  // Railway internal connections never need SSL
-  if (connectionString.includes('railway.internal')) {
+  let hostname = '';
+  let sslMode = '';
+
+  try {
+    const connectionUrl = new URL(connectionString);
+    hostname = connectionUrl.hostname.toLowerCase();
+    sslMode = (connectionUrl.searchParams.get('sslmode') || '').toLowerCase().trim();
+  } catch {
+    // Ignore malformed URLs and fall back to safe defaults.
+  }
+
+  // Explicit sslmode=disable in connection string takes precedence.
+  if (sslMode === 'disable' || sslMode === 'off' || sslMode === 'false') {
+    return false;
+  }
+
+  // Railway internal connections never need SSL.
+  if (hostname.includes('railway.internal') || connectionString.includes('railway.internal')) {
     return false;
   }
 
   const sslEnv = (process.env.DATABASE_SSL || '').toLowerCase().trim();
 
-  if (sslEnv === 'false' || sslEnv === 'off') {
+  if (sslEnv === 'false' || sslEnv === 'off' || sslEnv === 'disable' || sslEnv === '0') {
     return false;
   }
 
   if (sslEnv === 'no-verify') {
     return { rejectUnauthorized: false };
   }
 
-  // Default: SSL with full verification
+  if (sslEnv === 'true' || sslEnv === 'on' || sslEnv === 'require' || sslEnv === '1') {
+    return { rejectUnauthorized: true };
+  }
+
+  // Local development databases commonly run without TLS.
+  if (!sslEnv && ['localhost', '127.0.0.1', '::1'].includes(hostname)) {
+    return false;
+  }
+
+  if (sslEnv) {
+    warn('Unrecognized DATABASE_SSL value, using secure default', {
+      value: sslEnv,
+      source: 'database_ssl',
+    });
+  }
+
+  // Default: SSL with full verification.
   return { rejectUnauthorized: true };
 }
 

src/modules/roleMenuTemplates.js

@@ -244,7 +244,7 @@ export async function seedBuiltinTemplates() {
       `INSERT INTO role_menu_templates
          (name, description, category, created_by_guild_id, is_builtin, is_shared, options)
        VALUES ($1, $2, $3, NULL, TRUE, TRUE, $4::jsonb)
-       ON CONFLICT ON CONSTRAINT idx_rmt_name_guild DO NOTHING`,
+       ON CONFLICT (LOWER(name), COALESCE(created_by_guild_id, '__builtin__')) DO NOTHING`,
       [tpl.name, tpl.description, tpl.category, JSON.stringify(tpl.options)],
     );
   }

src/utils/safeSend.js

@@ -7,7 +7,7 @@
  * truncated instead — Discord only allows a single response per interaction
  * method call (reply/editReply/followUp).
  *
- * @see https://github.com/BillChirico/bills-bot/issues/61
+ * @see https://github.com/VolvoxLLC/volvox-bot/issues/61
  */
 
 import { error as logError, warn as logWarn } from '../logger.js';

src/utils/sanitizeMentions.js

@@ -4,7 +4,7 @@
  * Even though allowedMentions is set at the Client level, this ensures
  * the raw text never contains these pings.
  *
- * @see https://github.com/BillChirico/bills-bot/issues/61
+ * @see https://github.com/VolvoxLLC/volvox-bot/issues/61
  */
 
 /**

tests/db.test.js

@@ -227,10 +227,31 @@ describe('db module', () => {
       expect(pgMocks.poolConfig.ssl).toEqual({ rejectUnauthorized: false });
     });
 
-    it('should use rejectUnauthorized: true by default', async () => {
+    it('should disable SSL by default for localhost connections', async () => {
       process.env.DATABASE_URL = 'postgresql://test@localhost/db';
       delete process.env.DATABASE_SSL;
       await dbModule.initDb();
+      expect(pgMocks.poolConfig.ssl).toBe(false);
+    });
+
+    it('should use rejectUnauthorized: true by default for non-local hosts', async () => {
+      process.env.DATABASE_URL = 'postgresql://test@db.example.com/db';
+      delete process.env.DATABASE_SSL;
+      await dbModule.initDb();
+      expect(pgMocks.poolConfig.ssl).toEqual({ rejectUnauthorized: true });
+    });
+
+    it('should disable SSL when connection string uses sslmode=disable', async () => {
+      process.env.DATABASE_URL = 'postgresql://test@db.example.com/db?sslmode=disable';
+      delete process.env.DATABASE_SSL;
+      await dbModule.initDb();
+      expect(pgMocks.poolConfig.ssl).toBe(false);
+    });
+
+    it('should allow explicit DATABASE_SSL=true override for localhost', async () => {
+      process.env.DATABASE_URL = 'postgresql://test@localhost/db';
+      process.env.DATABASE_SSL = 'true';
+      await dbModule.initDb();
       expect(pgMocks.poolConfig.ssl).toEqual({ rejectUnauthorized: true });
     });
   });

web/src/components/landing/Pricing.tsx

@@ -20,7 +20,7 @@ const tiers = [
   },
   {
     name: './configure',
-    price: { monthly: 12, annual: 115 },
+    price: { monthly: 14.99, annual: 115 },
     description: 'For growing communities that ship.',
     cta: 'npm install',
     href: null, // Will use bot invite URL
@@ -36,7 +36,7 @@ const tiers = [
   },
   {
     name: 'make install',
-    price: { monthly: 49, annual: 470 },
+    price: { monthly: 49.99, annual: 470 },
     description: 'For communities that mean business.',
     cta: 'curl | bash',
     href: null, // Will use bot invite URL

web/src/components/layout/header.tsx

@@ -87,7 +87,7 @@ export function Header() {
               <DropdownMenuSeparator />
               <DropdownMenuItem asChild>
                 <a
-                  href="https://github.com/BillChirico/bills-bot"
+                  href="https://github.com/VolvoxLLC/volvox-bot"
                   target="_blank"
                   rel="noopener noreferrer"
                   className="flex items-center"