GitMesh Agents uses PostgreSQL via Drizzle ORM. There are three ways to run the database, from simplest to most production-ready.
If you don't set DATABASE_URL, the server automatically starts an embedded PostgreSQL instance and manages a local data directory.
pnpm devThat's it. On first start the server:
- Creates a
~/.gitmesh-agents/instances/default/db/directory for storage - Ensures the
gitmesh-agentsdatabase exists - Runs migrations automatically for empty databases
- Starts serving requests
Data persists across restarts in ~/.gitmesh-agents/instances/default/db/. To reset local dev data, delete that directory.
This mode is ideal for local development and one-command installs.
Docker note: the Docker quickstart image also uses embedded PostgreSQL by default. Persist /gitmesh-agents to keep DB state across container restarts (see doc/DOCKER.md).
For a full PostgreSQL server locally, use the included Docker Compose setup:
docker compose up -dThis starts PostgreSQL 17 on localhost:5432. Then set the connection string:
cp .env.example .env
# .env already contains:
# DATABASE_URL=postgres://gitmesh:gitmesh@localhost:5433/gitmeshRun migrations (once the migration generation issue is fixed) or use drizzle-kit push:
DATABASE_URL=postgres://gitmesh:gitmesh@localhost:5433/gitmesh \
npx drizzle-kit pushStart the server:
pnpm devFor production, use a hosted PostgreSQL provider. Supabase is a good option with a free tier.
- Create a project at database.new
- Go to Project Settings > Database > Connection string
- Copy the URI and replace the password placeholder with your database password
Supabase offers two connection modes:
Direct connection (port 5432) — use for migrations and one-off scripts:
postgres://postgres.[PROJECT-REF]:[PASSWORD]@aws-0-[REGION].pooler.supabase.com:5432/postgres
Connection pooling via Supavisor (port 6543) — use for the application:
postgres://postgres.[PROJECT-REF]:[PASSWORD]@aws-0-[REGION].pooler.supabase.com:6543/postgres
Set DATABASE_URL in your .env:
DATABASE_URL=postgres://postgres.[PROJECT-REF]:[PASSWORD]@aws-0-[REGION].pooler.supabase.com:6543/postgresIf using connection pooling (port 6543), the postgres client must disable prepared statements. Update lib/data/src/client.ts:
export function createDb(url: string) {
const sql = postgres(url, { prepare: false });
return drizzlePg(sql, { schema });
}# Use the direct connection (port 5432) for schema changes
DATABASE_URL=postgres://postgres.[PROJECT-REF]:[PASSWORD]@...5432/postgres \
npx drizzle-kit push- 500 MB database storage
- 200 concurrent connections
- Projects pause after 1 week of inactivity
See Supabase pricing for current details.
The database mode is controlled by DATABASE_URL:
DATABASE_URL |
Mode |
|---|---|
| Not set | Embedded PostgreSQL (~/.gitmesh-agents/instances/default/db/) |
postgres://...localhost... |
Local Docker PostgreSQL |
postgres://...supabase.com... |
Hosted Supabase |
Your Drizzle schema (lib/data/src/schema/) stays the same regardless of mode.
GitMesh Agents stores secret metadata and versions in:
project_secretsproject_secret_versions
For local/default installs, the active provider is local_encrypted:
- Secret material is encrypted at rest with a local master key.
- Default key file:
~/.gitmesh-agents/instances/default/secrets/master.key(auto-created if missing). - CLI config location:
~/.gitmesh-agents/instances/default/config.jsonundersecrets.localEncrypted.keyFilePath.
Optional overrides:
GITMESH_SECRETS_MASTER_KEY(32-byte key as base64, hex, or raw 32-char string)GITMESH_SECRETS_MASTER_KEY_FILE(custom key file path)
Strict mode to block new inline sensitive env values:
GITMESH_SECRETS_STRICT_MODE=trueYou can set strict mode and provider defaults via:
pnpm gitmesh-agents configure --section secretsInline secret migration command:
pnpm secrets:migrate-inline-env --apply