PR I: boot-time env assertions + fix ci.yml for post-webapp layout #13

Open

nsatoshi wants to merge 1 commits from devin/1776880983-pr-i-boot-assertions-ci into main

pull from: devin/1776880983-pr-i-boot-assertions-ci

merge into: d-bis:main

d-bis:main

d-bis:devin/1776919187-responsive-uiux-system

d-bis:devin/1776918348-pr-ab-complete-phoenix-scaffolding

d-bis:sync/currencicombo-phoenix-e2e

d-bis:devin/1776898782-pr-aa-phoenix-migration

d-bis:devin/1776896284-pr-z-deploy-sandbox

d-bis:devin/1776890754-pr-t-evaluator-consolidation

d-bis:devin/1776883227-pr-s-obligations

d-bis:devin/1776883027-pr-r-fin-sandbox

d-bis:devin/1776882556-pr-q-e2e

d-bis:devin/1776882394-pr-p-rules-engine

d-bis:devin/1776882169-pr-o-eip712

d-bis:devin/1776881860-pr-n-swift-msgid

d-bis:devin/1776881763-pr-m-role-binding

d-bis:devin/1776881508-pr-l-participants

d-bis:devin/1776881375-pr-k-phase-timeouts

d-bis:devin/1776881249-pr-j-redis-event-bus

d-bis:devin/1776533597-fix-undo-redo-history

d-bis:develop

Conversation 0 Commits 1 Files Changed 4 +287 -93

nsatoshi commented 2026-04-22 18:06:41 +00:00

Owner

Copy Link

Closes gap-analysis v2 §8.1 / §8.4 / §8.6 and §10.1 / §10.2 / §10.4.

What

• assertProductionEnv() in orchestrator/src/config/env.ts fails-fast in NODE_ENV=production when SESSION_SECRET / EVENT_BUS_HMAC_SECRET / CHAIN_138_RPC_URL / NOTARY_REGISTRY_ADDRESS / ORCHESTRATOR_PRIVATE_KEY / DATABASE_URL is missing or uses a dev placeholder.
• New EVENT_BUS_HMAC_SECRET env added to the schema.
• .github/workflows/ci.yml rewritten: portal jobs target repo root (post-webapp/ gitlink removal), orchestrator type-check + test job added, contracts kept.
• 7 unit tests for assertProductionEnv; full suite 87/87 green, tsc --noEmit clean.

Why

The pre-existing notary/event-bus code silently degraded to the deterministic mock / dev placeholder when envs were absent. In prod that would turn the Ledger Anchor back into a lie (gap-analysis §8.1) and sign events with a known key (§8.4). This PR makes those failures loud at boot time.

The old ci.yml still pointed at the webapp/ gitlink that PR #4 removed; CI would fail on every PR. Rewritten to match the current monorepo layout.

First of a sequence closing all remaining gap-analysis items (PRs I–S).

Closes gap-analysis v2 §8.1 / §8.4 / §8.6 and §10.1 / §10.2 / §10.4. ## What - `assertProductionEnv()` in `orchestrator/src/config/env.ts` fails-fast in `NODE_ENV=production` when `SESSION_SECRET` / `EVENT_BUS_HMAC_SECRET` / `CHAIN_138_RPC_URL` / `NOTARY_REGISTRY_ADDRESS` / `ORCHESTRATOR_PRIVATE_KEY` / `DATABASE_URL` is missing or uses a dev placeholder. - New `EVENT_BUS_HMAC_SECRET` env added to the schema. - `.github/workflows/ci.yml` rewritten: portal jobs target repo root (post-webapp/ gitlink removal), orchestrator type-check + test job added, contracts kept. - 7 unit tests for `assertProductionEnv`; full suite 87/87 green, `tsc --noEmit` clean. ## Why The pre-existing notary/event-bus code silently degraded to the deterministic mock / dev placeholder when envs were absent. In prod that would turn the Ledger Anchor back into a lie (gap-analysis §8.1) and sign events with a known key (§8.4). This PR makes those failures loud at boot time. The old `ci.yml` still pointed at the `webapp/` gitlink that PR #4 removed; CI would fail on every PR. Rewritten to match the current monorepo layout. First of a sequence closing all remaining gap-analysis items (PRs I–S).

nsatoshi added 1 commit 2026-04-22 18:06:41 +00:00

Add boot-time env assertions + fix ci.yml for post-webapp layout ... d6d74f2267

Closes gap-analysis v2 §8.1 / §8.4 / §8.6 and §10.1 / §10.2.

- assertProductionEnv() in config/env.ts fails-fast in NODE_ENV=production
  when SESSION_SECRET / EVENT_BUS_HMAC_SECRET / CHAIN_138_RPC_URL /
  NOTARY_REGISTRY_ADDRESS / ORCHESTRATOR_PRIVATE_KEY / DATABASE_URL is
  missing or uses the dev placeholder. Catches the silent-degrade-to-mock
  failure mode that would turn the Ledger Anchor back into a lie.
- New EVENT_BUS_HMAC_SECRET env added to the schema.
- .github/workflows/ci.yml rewritten: portal jobs target repo root (not
  the removed webapp/ gitlink), orchestrator type-check + test job
  added, contracts jobs kept as-is.
- 7 unit tests for assertProductionEnv; full suite 87/87 green.

Some checks failed

Hide all checks

CI / Portal Lint (pull_request) Failing after 33s

Details

CI / Portal Type Check (pull_request) Successful in 57s

Details

CI / Portal Build (pull_request) Failing after 33s

Details

CI / Orchestrator Type Check (pull_request) Failing after 5s

Details

CI / Orchestrator Build (pull_request) Failing after 5s

Details

CI / Orchestrator Test (pull_request) Failing after 5s

Details

CI / Contracts Compile (pull_request) Failing after 12s

Details

CI / Contracts Test (pull_request) Failing after 7s

Details

Code Quality / SonarQube Analysis (pull_request) Failing after 20s

Details

Code Quality / Code Quality Checks (pull_request) Failing after 5s

Details

Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 4s

Details

Security Scan / OWASP ZAP Scan (pull_request) Failing after 4s

Details

This pull request has changes conflicting with the target branch.

• .github/workflows/ci.yml
• orchestrator/src/config/env.ts
• orchestrator/src/index.ts

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin devin/1776880983-pr-i-boot-assertions-ci:devin/1776880983-pr-i-boot-assertions-ci

git checkout devin/1776880983-pr-i-boot-assertions-ci

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

70rn4710n A.r.yavari SEG nsatoshi

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: d-bis/CurrenciCombo#13