Add runtime environment variable validation with fail-fast startup behavior.

[Koder-Kartik]

📋 Description

Add runtime environment variable validation with fail-fast startup behavior.

Previously, missing or invalid environment variables were not checked during startup, which could cause silent runtime errors or blank screens. This update introduces validation to ensure required variables exist before the app initializes.

🔧 Changes Made

• Added runtime validation for required environment variables.
• App now throws clear errors if required variables are missing.
• Implemented fail-fast startup checks in Supabase client setup.
• Updated .env.example to reflect required configuration.
• Minor README clarification for environment setup.

✅ Acceptance Criteria

• Missing/invalid required env vars stop startup.
• Error messages clearly identify invalid keys.
• README documents required environment configuration.

🧪 How to Test

1. Remove VITE_SUPABASE_URL from .env.local.
2. Run npm run dev.
3. App should stop immediately with:
   Missing environment variable: VITE_SUPABASE_URL

📸 Notes

No functional changes to features — only startup validation and developer experience improvements.

closes #25

Summary by CodeRabbit

• New Features

  • Backend now validates required environment variables at startup and exits with detailed error messages if validation fails.

• Documentation

  • Added Environment Validation subsection describing startup validation behavior and error handling for missing or invalid configuration.

[vercel]

@Koder-Kartik is attempting to deploy a commit to the Revon Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR implements fail-fast environment validation. A new backend/env.js module loads and validates required variables (VITE_SUPABASE_URL as valid URL, VITE_SUPABASE_ANON_KEY with minimum length 10) using Zod, terminating startup with detailed errors if validation fails. The server imports this module at initialization, and services/supabase.ts transitions from combined warnings to separate error guards.

Changes

Cohort / File(s)	Summary
Documentation README.md	Adds Environment Validation subsection describing backend validation of required env variables at startup with process termination on failure.
Environment Configuration & Validation backend/env.js, backend/server.js	New env.js module validates environment variables against Zod schema (VITE_SUPABASE_URL, VITE_SUPABASE_ANON_KEY, optional PORT); server.js imports it at startup to ensure validation before any logic executes.
Error Handling services/supabase.ts	Replaces combined environment variable warning with two separate error guards that throw distinct errors for missing VITE_SUPABASE_URL or VITE_SUPABASE_ANON_KEY, enabling specific error identification.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Environment variables now stand tall and true,
Validated at startup, no chaos will ensue,
Zod schemas check each required key,
Fail-fast and clear for all to see! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and accurately describes the main change: adding runtime environment variable validation with fail-fast startup behavior.
Linked Issues check	✅ Passed	All coding objectives from issue #25 are met: env validation is implemented via backend/env.js with Zod schema, fail-fast startup checks are in place, and error messages identify missing/invalid keys.
Out of Scope Changes check	✅ Passed	All changes directly support the linked issue #25 objectives: README documentation, backend/env.js validation, server.js integration, and services/supabase.ts error handling.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

services/supabase.ts (1)

7-16: Clarify the error message for non-local environments.

The current text suggests creating .env.local, which is accurate for local dev but misleading in deployed environments. Consider wording that covers both.

💡 Suggested wording

-        "Missing environment variable: VITE_SUPABASE_URL. Create a .env.local file."
+        "Missing environment variable: VITE_SUPABASE_URL. Set it in the environment or .env.local."
...
-        "Missing environment variable: VITE_SUPABASE_ANON_KEY. Create a .env.local file."
+        "Missing environment variable: VITE_SUPABASE_ANON_KEY. Set it in the environment or .env.local."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@services/supabase.ts` around lines 7 - 16, Update the thrown Error messages
for the missing variables supabaseUrl and supabaseAnonKey so they don’t assume a
local .env.local file; change the text to mention the missing environment
variable name and provide neutral guidance such as “set this variable in your
environment or deployment configuration” (or similar) so it applies to both
local and deployed environments; ensure you edit the error strings in the blocks
that check supabaseUrl and supabaseAnonKey.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/env.js`:
- Around line 6-10: The project is missing the zod dependency and env validation
currently allows PORT as a string which can produce NaN at runtime; add "zod" to
package.json dependencies and update the env validation (the envSchema object)
to validate/coerce PORT to a number (or use z.preprocess/coerce to ensure PORT
is parsed as a number) so the app fails fast with a clear error instead of
starting with NaN when PORT is invalid.

In `@backend/server.js`:
- Line 4: The current call to require("./env") in server.js will fail under ESM;
replace it with an ES module import by using a top-level import of the env
module (ensure the filename/extension matches what's on disk, e.g., "./env.js"
if necessary) or use a dynamic import() if you need conditional loading; update
the reference to require("./env") in server.js so the environment variables are
loaded via an ES module import instead of require.

---

Nitpick comments:
In `@services/supabase.ts`:
- Around line 7-16: Update the thrown Error messages for the missing variables
supabaseUrl and supabaseAnonKey so they don’t assume a local .env.local file;
change the text to mention the missing environment variable name and provide
neutral guidance such as “set this variable in your environment or deployment
configuration” (or similar) so it applies to both local and deployed
environments; ensure you edit the error strings in the blocks that check
supabaseUrl and supabaseAnonKey.

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between bef8c77 and db5fd9e.

📒 Files selected for processing (4)

• README.md
• backend/env.js
• backend/server.js
• services/supabase.ts

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat -n backend/env.js

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 792

---

🏁 Script executed:

rg -n '"zod"' package.json package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null | head -20

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 62

---

🏁 Script executed:

rg -n 'PORT' backend/ --type js --type ts -A 2 -B 2

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 551

---

🏁 Script executed:

find . -name "package.json" -type f | head -5 | xargs -I {} sh -c 'echo "=== {} ===" && cat {}'

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 935

---

🏁 Script executed:

rg -n 'z\.coerce' --type js --type ts

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 62

---

🏁 Script executed:

find . -name "package-lock.json" -o -name "pnpm-lock.yaml" -o -name "yarn.lock" | head -1 | xargs -I {} sh -c 'echo "Found: {}" && grep -A 5 '"'"'"zod"'"'"' {} | head -30'

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 106

---

🏁 Script executed:

rg -n 'require.*zod|import.*zod' --type js --type ts

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 126

---

🏁 Script executed:

ls -la package-lock.json | head -5 && grep '"zod"' package-lock.json | head -10

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 147

---

🏁 Script executed:

find . -path ./node_modules -prune -o -name "*.json" -type f -exec grep -l '"zod"' {} \;

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 62

---

🏁 Script executed:

cat package-lock.json | head -50

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 1706

---

🏁 Script executed:

rg -n 'zod' backend/ frontend/ src/ --type js --type ts 2>/dev/null | head -20

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 126

---

Add zod to dependencies in package.json — backend/env.js will fail at runtime without it.

The environment validation module requires zod but it's not listed in package.json. Once added, consider validating PORT as a number to prevent the server from attempting to listen on NaN if an invalid value is provided:

 const envSchema = z.object({
   VITE_SUPABASE_URL: z.string().url(),
   VITE_SUPABASE_ANON_KEY: z.string().min(10),
-  PORT: z.string().optional()
+  PORT: z.coerce.number().int().positive().optional()
 });

This ensures fail-fast validation with a clear error message instead of silent NaN at startup.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const envSchema = z.object({
	VITE_SUPABASE_URL: z.string().url(),
	VITE_SUPABASE_ANON_KEY: z.string().min(10),
	PORT: z.string().optional()
	});
	const envSchema = z.object({
	VITE_SUPABASE_URL: z.string().url(),
	VITE_SUPABASE_ANON_KEY: z.string().min(10),
	PORT: z.coerce.number().int().positive().optional()
	});

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/env.js` around lines 6 - 10, The project is missing the zod
dependency and env validation currently allows PORT as a string which can
produce NaN at runtime; add "zod" to package.json dependencies and update the
env validation (the envSchema object) to validate/coerce PORT to a number (or
use z.preprocess/coerce to ensure PORT is parsed as a number) so the app fails
fast with a clear error instead of starting with NaN when PORT is invalid.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Check if backend/server.js exists and read its content
head -20 backend/server.js

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 942

---

🏁 Script executed:

# Check package.json for module type configuration
cat package.json | grep -A 5 -B 5 '"type"'

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 296

---

🏁 Script executed:

# Verify what ./env refers to (file or directory)
ls -la backend/ | grep env

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 137

---

🏁 Script executed:

# Check if there are ESM imports in backend/server.js
rg -n "^import\s|from\s" backend/server.js

Repository: fuzziecoder/Brocode-Party-Update-App

Length of output: 203

---

require("./env") will break in ESM modules.

This file uses ES module imports and is configured as ESM ("type": "module" in package.json), so require() will throw "require is not defined" at runtime. Use an ESM import statement instead.

🔧 Suggested fix

-require("./env"); 
+import './env.js';

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/server.js` at line 4, The current call to require("./env") in
server.js will fail under ESM; replace it with an ES module import by using a
top-level import of the env module (ensure the filename/extension matches what's
on disk, e.g., "./env.js" if necessary) or use a dynamic import() if you need
conditional loading; update the reference to require("./env") in server.js so
the environment variables are loaded via an ES module import instead of require.