d-bis/CurrenciCombo

PR I: boot-time env assertions + fix ci.yml for post-webapp layout #13

Open

nsatoshi wants to merge 1 commits from devin/1776880983-pr-i-boot-assertions-ci into main

Author	SHA1	Message	Date
Devin	d6d74f2267	Add boot-time env assertions + fix ci.yml for post-webapp layout Some checks failed CI / Portal Lint (pull_request) Failing after 33s Details CI / Portal Type Check (pull_request) Successful in 57s Details CI / Portal Build (pull_request) Failing after 33s Details CI / Orchestrator Type Check (pull_request) Failing after 5s Details CI / Orchestrator Build (pull_request) Failing after 5s Details CI / Orchestrator Test (pull_request) Failing after 5s Details CI / Contracts Compile (pull_request) Failing after 12s Details CI / Contracts Test (pull_request) Failing after 7s Details Code Quality / SonarQube Analysis (pull_request) Failing after 20s Details Code Quality / Code Quality Checks (pull_request) Failing after 5s Details Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 4s Details Security Scan / OWASP ZAP Scan (pull_request) Failing after 4s Details Closes gap-analysis v2 §8.1 / §8.4 / §8.6 and §10.1 / §10.2. - assertProductionEnv() in config/env.ts fails-fast in NODE_ENV=production when SESSION_SECRET / EVENT_BUS_HMAC_SECRET / CHAIN_138_RPC_URL / NOTARY_REGISTRY_ADDRESS / ORCHESTRATOR_PRIVATE_KEY / DATABASE_URL is missing or uses the dev placeholder. Catches the silent-degrade-to-mock failure mode that would turn the Ledger Anchor back into a lie. - New EVENT_BUS_HMAC_SECRET env added to the schema. - .github/workflows/ci.yml rewritten: portal jobs target repo root (not the removed webapp/ gitlink), orchestrator type-check + test job added, contracts jobs kept as-is. - 7 unit tests for assertProductionEnv; full suite 87/87 green.	2026-04-22 18:06:08 +00:00