Skip to content

Harden production startup checks, tighten health response, and document export limit#33

Open
Spbd1 wants to merge 1 commit into
codex/add-smoke-test-script-for-vps-deploymentfrom
codex/conduct-final-production-readiness-review
Open

Harden production startup checks, tighten health response, and document export limit#33
Spbd1 wants to merge 1 commit into
codex/add-smoke-test-script-for-vps-deploymentfrom
codex/conduct-final-production-readiness-review

Conversation

@Spbd1

@Spbd1 Spbd1 commented May 11, 2026

Copy link
Copy Markdown
Owner

Motivation

  • Prevent accidental use of example secrets or an unconfigured database in production by failing closed at startup rather than silently accepting defaults.
  • Reduce the surface of exposed operational details on the public health endpoint while keeping a no-store cache policy.
  • Make the export helper behavior explicit and add an optional default page size for the JSON export script.

Description

  • Add a startup validation script scripts/validate-production-env.mjs and run it before next start via the start script in package.json to refuse example ADMIN_EXPORT_TOKEN and example Postgres password values and to require DATABASE_URL when ENABLE_SERVER_SUBMISSION=true.
  • Simplify the public health endpoint to return only a minimal liveness payload (ok, service, timestamp) with Cache-Control: no-store in app/api/health/route.ts.
  • Add EXPORT_SUBMISSIONS_LIMIT to .env.example and document it in README.md, and update docs/DEPLOYMENT.md and docs/VPS_DEPLOYMENT.md to describe the new startup validation behavior and guidance for replacing example secrets.

Testing

  • Ran npm run typecheck which completed successfully (no type errors).
  • Ran npm run lint which reported no ESLint warnings or errors.
  • Built the app with npm run build which completed successfully and produced the expected route outputs.
  • Validated sample export with npm run validate:sample which succeeded against the sample JSON.
  • Exercised the new startup validation script: running NODE_ENV=production with example placeholder secrets failed as expected, and running with non-placeholder values succeeded and allowed npm run start to launch; curl http://127.0.0.1:3000/api/health returned the minimal JSON with Cache-Control: no-store.
  • Docker-related commands (docker compose config, docker compose build, docker compose up -d, docker compose exec app npm run db:migrate) could not be executed in this environment because the docker CLI is not installed and are therefore marked as not runtime-verified here.

Codex Task

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Spbd1