unchained/mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: remove dummy Clerk key; tighten AuthProvider guard

Browse Source
This commit is contained in:
Ishaan (OpenClaw)
2026-02-06 22:42:03 +00:00
parent 9f0dd01b65
commit b88936ae9c
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/ci.yml vendored
View File

@@ -50,7 +50,4 @@ jobs:
env: env:
# Keep CI builds deterministic and secretless. # Keep CI builds deterministic and secretless.
NEXT_TELEMETRY_DISABLED: "1" NEXT_TELEMETRY_DISABLED: "1"
# Clerk is required at Next build/prerender time in this repo.
# Use a dummy publishable key so forks/PRs can still validate.
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: "pk_test_00000000000000000000000000000000"
run: make check run: make check

10
frontend/src/components/providers/AuthProvider.tsx
View File

@@ -8,7 +8,15 @@ function isLikelyValidClerkPublishableKey(key: string | undefined): key is strin
// Clerk publishable keys look like: pk_test_... or pk_live_... // Clerk publishable keys look like: pk_test_... or pk_live_...
// In CI we want builds to stay secretless; if the key isn't present/valid, // In CI we want builds to stay secretless; if the key isn't present/valid,
// we skip Clerk entirely so `next build` can prerender. // we skip Clerk entirely so `next build` can prerender.
return /^pk_(test|live)_[A-Za-z0-9]+$/.test(key); //
// Note: Clerk appears to validate key *contents*, not just shape. We therefore
// use a conservative heuristic to avoid treating obvious placeholders as valid.
const m = /^pk_(test|live)_([A-Za-z0-9]+)$/.exec(key);
if (!m) return false;
const body = m[2];
if (body.length < 16) return false;
if (/^0+$/.test(body)) return false;
return true;
} }
export function AuthProvider({ children }: { children: ReactNode }) { export function AuthProvider({ children }: { children: ReactNode }) {