docs(auth): #85 replace stale Supabase project ref with placeholder#87
Closed
TortoiseWolfe wants to merge 1 commit into
Closed
docs(auth): #85 replace stale Supabase project ref with placeholder#87TortoiseWolfe wants to merge 1 commit into
TortoiseWolfe wants to merge 1 commit into
Conversation
The Supabase project the repo currently points at is huvitqubafsrazpjxsax, but docs/AUTH-SETUP.md and three other docs files still referenced an older project ref (vswxgxbjodpgwfgsjrhq, 28 instances in AUTH-SETUP.md alone) across dashboard URLs, OAuth callback URIs, and env-var examples. Stale refs in fork-onboarding docs are worse than just inaccurate: - A fresh forker who follows AUTH-SETUP.md verbatim ends up on someone else's Supabase dashboard URL (404 or "access denied"), not their own. - Every Supabase project rotation in this repo's history would have required a doc-wide ref swap (it didn't happen the last time, hence this issue). Replaced all owner-specific refs with <YOUR-PROJECT-REF> placeholders. Matches the existing YOUR_PROJECT_REF convention already used at docs/prp-docs/archive/completed/payment-integration-prp.md:443. Files touched (32 refs total across 5 files): - docs/AUTH-SETUP.md (28 refs, including 5 OAuth callback URLs that GitHub/Google must accept for the fix in issue #85 to even land) - docs/specs/016-user-authentication/quickstart.md (1 ref, env example) - docs/specs/016-user-authentication/contracts/auth-api.yaml (1 ref, OpenAPI server URL) - docs/specs/016-user-authentication/contracts/profile-api.yaml (1 ref, OpenAPI server URL) - docs/features/payment-integration.md (1 ref, example "Project ID" format placeholder — replaced with generic abcdefghi… since the surrounding text reads "alphanumeric code like ..." and a literal <YOUR-PROJECT-REF> placeholder would have read awkwardly) Deliberately not touched: - docs/specs/023-user-messaging-system/IMPLEMENTATION-STATUS.md:119 contains a stale ref inside a captured error trace. Rewriting it would falsify the historical incident record. Left as-is. Verification: grep -rn "vswxgxbjodpgwfgsjrhq\|huvitqubafsrazpjxsax" docs/ → only the one IMPLEMENTATION-STATUS.md hit remains (by design) Scope: This PR handles only the in-repo doc cleanup half of #85. The other half (repairing the Supabase project's OAuth provider config — Client IDs are currently literal "placeholder_*" strings, confirmed via Management API) is external to the repo and requires Supabase dashboard access. That work is in flight and will close #85 once smoke-tested. Refs: #85 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
Owner
Author
TortoiseWolfe
added a commit
that referenced
this pull request
May 14, 2026
#92) Two small hygiene changes that lock in this session's learnings. 1. .gitignore — add `.screenshots/`. The existing `screenshots/` entry on line 120 didn't match the dot-prefixed variant, so .screenshots/ has been showing up in every `git status` run for weeks. One-line fix. 2. CLAUDE.md — new section "CI & E2E Stability (Round 10 Lessons, 2026-05-13)" between "Supabase Database Migrations" and "Important Notes", capturing: - NEVER merge a PR while another PR's CI is running against the same backend. The concurrency mutex in e2e.yml protects this now, but the rule still applies for any other shared backend introduced later. - NEVER bypass commit hooks. Husky + lint-staged + gitleaks catch real bugs; --no-verify is explicitly forbidden without user opt-in. - Programmatic `el.scrollTop = N` does NOT fire scroll events in WebKit reliably. The fix pattern (dispatch the scroll event explicitly) is now applied at 4 sites in tests/e2e/messaging/, and any future test code touching scrollTop should follow it. - Branch hygiene — delete_branch_on_merge=true, fetch --prune after merge, no floating unmerged branches, avoid stacked PRs (PR #87 auto-close footgun documented). - CI logs API ≠ UI. The Actions list page is misleading for in-progress matrix runs; use `gh run view --json` for authoritative state. Plus a small fix on the existing "Important Notes" bullet — the line claiming "E2E tests are local-only, not in CI pipeline" was stale. E2E now runs on every push and PR across 28 shards (chromium + firefox + webkit). Updated to reflect reality and point at the new CI section. Verification: - `git check-ignore .screenshots/` confirms it's now matched by the new line 121 entry - `git status` no longer shows .screenshots/ as untracked - Pre-commit hooks ran clean (prettier + gitleaks) Refs: PR #89 (concurrency mutex), PR #87 (stacked-PR autoclose footgun), memory entries feedback_branch_hygiene.md and lesson_concurrent_ci_shared_backend.md Co-authored-by: TurtleWolfe <TurtleWolfe@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
vswxgxbjodpgwfgsjrhqreferences in 5 docs files with<YOUR-PROJECT-REF>placeholders so fork-onboarding docs work for any forker (not just the original owner's Supabase project).YOUR_PROJECT_REFconvention already used atdocs/prp-docs/archive/completed/payment-integration-prp.md:443.Why
docs/AUTH-SETUP.mdwas the worst offender (28 stale refs) — it gives step-by-step Supabase setup instructions with dashboard URLs hardcoded to the original project. A fresh forker following it verbatim ends up on someone else's Supabase dashboard (404 / access denied), not their own. Every project rotation in this repo's history would have required a doc-wide ref swap; it didn't happen last time, hence issue #85's "Related" section flagged this.Stacking note
This PR is stacked on #86 (Docker pnpm pin). It has to be — without that fix, the Docker container can't build, so commit hooks can't run, so the change physically can't land per CLAUDE.md's Docker-first rule. GitHub will auto-retarget the base to
mainafter #86 merges.Scope
This PR is the in-repo half of #85. The other half — repairing the Supabase project's OAuth provider config (
external_google_client_idandexternal_github_client_idare currently literal"placeholder_*"strings, confirmed today via Management API) — is external to the repo. It requires Supabase dashboard access and rides on the operator. The full #85 closure depends on both.Files touched
docs/AUTH-SETUP.mddocs/specs/016-user-authentication/quickstart.mddocs/specs/016-user-authentication/contracts/auth-api.yamldocs/specs/016-user-authentication/contracts/profile-api.yamldocs/features/payment-integration.mdabcdefghijklmnopqrstsince the surrounding text reads "alphanumeric code like ..." and a literal<YOUR-PROJECT-REF>placeholder would have read awkwardly)Deliberately not touched:
docs/specs/023-user-messaging-system/IMPLEMENTATION-STATUS.md:119contains a stale ref inside a captured error trace from a historical incident. Rewriting it would falsify the historical record.Test plan
grep -rn "vswxgxbjodpgwfgsjrhq" docs/→ only the one IMPLEMENTATION-STATUS.md hit remains (by design)docs/AUTH-SETUP.mdPrerequisites + OAuth callback table + env example for readability after substitutionRefs: #85
🤖 Generated with Claude Code