Summary
The ANON_KEY → PUBLISHABLE_KEY rename (commit 546618f) was applied to all three Supabase client modules (lib/supabase/client.ts, server.ts, middleware.ts) and to .env.example, but two files were missed:
| File |
Problem |
.env.local |
Still sets NEXT_PUBLIC_SUPABASE_ANON_KEY — the Supabase client reads NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY, so it gets undefined at runtime when running next dev without Doppler. |
.attractor/qa-report/gherkin.spec.ts (line 131) |
Expects NEXT_PUBLIC_SUPABASE_ANON_KEY in .env.example, but .env.example now uses NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY. This causes a false-negative failure in the QA pipeline. |
Additionally, two minor housekeeping items:
.env.local contains PORT=3000 which is unnecessary (Next.js defaults to 3000 and it is not referenced in .env.example or any config).tsconfig.base.json exists at the repo root but is never referenced by tsconfig.json — it is orphaned and should be removed.
What needs to be done
.env.local — Rename NEXT_PUBLIC_SUPABASE_ANON_KEY to NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY (keep the same value). Remove the PORT=3000 line..attractor/qa-report/gherkin.spec.ts line 131 — Change "NEXT_PUBLIC_SUPABASE_ANON_KEY" to "NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY" in the expectedVars array.- (Housekeeping) Delete the orphaned
tsconfig.base.json.
Why it matters
- Critical for local development without Doppler: All three Supabase client modules read
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY. Because .env.local still sets the old name (ANON_KEY), the Supabase client receives undefined and every authenticated request fails at runtime.
- QA correctness: The Playwright spec will fail its "list all 7 variable names" assertion when run against the current
.env.example, creating a false-negative signal in the QA pipeline.
- Repo hygiene: The orphaned
tsconfig.base.json is confusing for contributors and adds dead configuration.
Acceptance criteria
Dependencies
None — this is a standalone fix.
Gherkin Specs
Feature: Fix NEXT_PUBLIC_SUPABASE_ANON_KEY → PUBLISHABLE_KEY mismatch in .env.local and stale QA test
As a developer contributing to virtual-agent
I want .env.local and the QA spec to use the renamed NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY variable
So that local development without Doppler works correctly and the QA pipeline does not produce false-negative failures
# ── AC #1 — .env.local uses NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY ─────
Scenario: .env.local sets NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY instead of ANON_KEY
Given the file ".env.local" exists at the repo root
Then it should contain "NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY"
And it should not contain "NEXT_PUBLIC_SUPABASE_ANON_KEY"
# ── AC #2 — .env.local does not contain PORT=3000 ───────────────────
Scenario: .env.local does not contain PORT=3000
Given the file ".env.local" exists at the repo root
Then it should not contain "PORT=3000"
# ── AC #3 — QA spec expects NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY ─────
Scenario: gherkin.spec.ts expects NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY in expectedVars
Given the file ".attractor/qa-report/gherkin.spec.ts" exists
Then the "expectedVars" array should include "NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY"
And the "expectedVars" array should not include "NEXT_PUBLIC_SUPABASE_ANON_KEY"
# ── AC #4 — No remaining SUPABASE_ANON_KEY references in source ─────
Scenario: No source or env files reference SUPABASE_ANON_KEY
Given the virtual-agent repo root
When I run "grep -r SUPABASE_ANON_KEY --include='*.ts' --include='*.tsx' --include='.env*' . | grep -v node_modules/"
Then the command should produce zero output
# ── AC #5 — Orphaned tsconfig.base.json is deleted ──────────────────
Scenario: tsconfig.base.json does not exist at the repo root
Given the virtual-agent repo root
Then the file "tsconfig.base.json" should not exist
Scenario: tsconfig.json still works after tsconfig.base.json removal
Given the file "tsconfig.json" exists at the repo root
And "tsconfig.base.json" does not exist
When I run "bun run build" from the repo root
Then the command should exit with code 0
# ── AC #6 — bun test still passes ───────────────────────────────────
Scenario: bun test passes with zero failures
Given the virtual-agent repo root
When I run "bun test" from the repo root
Then the command should exit with code 0
And all tests should pass with 0 failures
# ── AC #7 — next dev initializes Supabase client from .env.local ────
Scenario: next dev without Doppler correctly initializes the Supabase client
Given .env.local exists with NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY set
And Doppler is not running
When the developer runs "next dev"
Then the Next.js dev server should start without errors
And the Supabase client should receive a defined value for NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY
And the login page should render at /loginCoverage Summary
| AC # |
Criterion |
Scenarios |
| 1 |
.env.local uses PUBLISHABLE_KEY (not ANON_KEY) |
1 scenario — verifies presence of new key and absence of old key |
| 2 |
.env.local does not contain PORT=3000 |
1 scenario — asserts PORT=3000 is absent |
| 3 |
gherkin.spec.ts expectedVars updated |
1 scenario — checks the array includes PUBLISHABLE_KEY and excludes ANON_KEY |
| 4 |
Zero SUPABASE_ANON_KEY hits in codebase |
1 scenario — runs grep -r across .ts, .tsx, .env* and expects zero output |
| 5 |
tsconfig.base.json deleted; build succeeds |
2 scenarios — (a) file must not exist, (b) bun run build exits 0 without it |
| 6 |
bun test passes |
1 scenario — exit code 0, 0 failures |
| 7 |
next dev without Doppler initializes Supabase client |
1 scenario — dev server starts, client gets defined PUBLISHABLE_KEY value, /login renders |
Total: 9 scenarios covering all 7 acceptance criteria.
Summary
The
ANON_KEY→PUBLISHABLE_KEYrename (commit546618f) was applied to all three Supabase client modules (lib/supabase/client.ts,server.ts,middleware.ts) and to.env.example, but two files were missed:.env.localNEXT_PUBLIC_SUPABASE_ANON_KEY— the Supabase client readsNEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY, so it getsundefinedat runtime when runningnext devwithout Doppler..attractor/qa-report/gherkin.spec.ts(line 131)NEXT_PUBLIC_SUPABASE_ANON_KEYin.env.example, but.env.examplenow usesNEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY. This causes a false-negative failure in the QA pipeline.Additionally, two minor housekeeping items:
.env.localcontainsPORT=3000which is unnecessary (Next.js defaults to 3000 and it is not referenced in.env.exampleor any config).tsconfig.base.jsonexists at the repo root but is never referenced bytsconfig.json— it is orphaned and should be removed.What needs to be done
.env.local— RenameNEXT_PUBLIC_SUPABASE_ANON_KEYtoNEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY(keep the same value). Remove thePORT=3000line..attractor/qa-report/gherkin.spec.tsline 131 — Change"NEXT_PUBLIC_SUPABASE_ANON_KEY"to"NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY"in theexpectedVarsarray.tsconfig.base.json.Why it matters
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY. Because.env.localstill sets the old name (ANON_KEY), the Supabase client receivesundefinedand every authenticated request fails at runtime..env.example, creating a false-negative signal in the QA pipeline.tsconfig.base.jsonis confusing for contributors and adds dead configuration.Acceptance criteria
.env.localusesNEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY(notANON_KEY) with the same value.env.localdoes not containPORT=3000.attractor/qa-report/gherkin.spec.tsexpectsNEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEYat line 131grep -r SUPABASE_ANON_KEY --include="*.ts" --include="*.tsx" --include=".env*" . | grep -v node_modules/returns zero hitstsconfig.base.jsonis deleted;tsconfig.jsonstill works (bun run buildsucceeds)bun teststill passes (193 tests, 0 failures)next dev(without Doppler) correctly initializes the Supabase client using the.env.localvaluesDependencies
None — this is a standalone fix.
Gherkin Specs
Coverage Summary
.env.localusesPUBLISHABLE_KEY(notANON_KEY).env.localdoes not containPORT=3000PORT=3000is absentgherkin.spec.tsexpectedVarsupdatedPUBLISHABLE_KEYand excludesANON_KEYSUPABASE_ANON_KEYhits in codebasegrep -racross.ts,.tsx,.env*and expects zero outputtsconfig.base.jsondeleted; build succeedsbun run buildexits 0 without itbun testpassesnext devwithout Doppler initializes Supabase client/loginrendersTotal: 9 scenarios covering all 7 acceptance criteria.