Skip to content

chore(auth): document required server env vars (force deploy)#2633

Merged
koala73 merged 1 commit intomainfrom
fix/force-vercel-deploy
Apr 2, 2026
Merged

chore(auth): document required server env vars (force deploy)#2633
koala73 merged 1 commit intomainfrom
fix/force-vercel-deploy

Conversation

@koala73
Copy link
Copy Markdown
Owner

@koala73 koala73 commented Apr 2, 2026

Forces Vercel to rebuild with the CLERK_PUBLISHABLE_KEY env var that was added separately. Fixes 401 on /api/notification-channels introduced by #2024.

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 2, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
worldmonitor Ignored Ignored Apr 2, 2026 10:03pm

Request Review

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 2, 2026
edited
Loading

Greptile Summary

This PR adds a single documentation comment to server/auth-session.ts identifying CLERK_PUBLISHABLE_KEY and CLERK_JWT_ISSUER_DOMAIN as required server-side environment variables. The functional purpose is to trigger a Vercel rebuild so that the separately-added CLERK_PUBLISHABLE_KEY env var is picked up, restoring correct JWT audience validation on /api/notification-channels (broken since #2024 when CLERK_PUBLISHABLE_KEY was added to getAllowedAudiences() but not yet provisioned in Vercel).

Key points:

  • The only code change is one comment line — no logic is modified.
  • The underlying logic (getAllowedAudiences consuming CLERK_PUBLISHABLE_KEY) was already in place; this deploy makes the env var available so that function returns a non-empty audience set.
  • One pre-existing style issue found: the Clerk API fetch inside lookupPlanFromClerk is missing a User-Agent header, which violates the project's documented convention in AGENTS.md.

Confidence Score: 5/5

Safe to merge — change is a doc comment only, with no logic or behaviour altered.

The diff is a single comment line addition with no executable code changes. The sole risk is that the Vercel rebuild may not behave as expected if the env var was not correctly provisioned separately, but that is outside the scope of this code change.

No files require special attention.

Important Files Changed

Filename Overview
server/auth-session.ts Single-line doc comment added to file header documenting CLERK_PUBLISHABLE_KEY and CLERK_JWT_ISSUER_DOMAIN as required server env vars; no logic changes introduced.

Sequence Diagram

sequenceDiagram
    participant Client
    participant EdgeGW as Vercel Edge Gateway
    participant AuthSession as server/auth-session.ts
    participant ClerkJWKS as Clerk JWKS Endpoint
    participant ClerkAPI as Clerk Backend API

    Client->>EdgeGW: Request with Bearer token
    EdgeGW->>AuthSession: validateBearerToken(token)
    AuthSession->>ClerkJWKS: Fetch JWKS (cached, lazy via getJWKS())
    ClerkJWKS-->>AuthSession: Public keys
    AuthSession->>AuthSession: jwtVerify(token, jwks, { issuer, audience: [convex, CLERK_PUBLISHABLE_KEY] })
    alt JWT has `plan` claim
        AuthSession-->>EdgeGW: { valid: true, userId, role }
    else Standard session token
        AuthSession->>ClerkAPI: GET /v1/users/:userId (Bearer CLERK_SECRET_KEY)
        ClerkAPI-->>AuthSession: User public_metadata.plan
        AuthSession-->>EdgeGW: { valid: true, userId, role }
    end
    EdgeGW-->>Client: Response
Loading

Comments Outside Diff (1)

  1. server/auth-session.ts, line 76-78 (link)

    P2 Missing User-Agent header in server-side fetch

    AGENTS.md lists "Always include User-Agent header in server-side fetch calls" as a critical convention, but the Clerk API request in lookupPlanFromClerk omits it. This is a pre-existing issue in this file that was not introduced by this PR, but it's worth fixing while touching the file.

    Context Used: AGENTS.md (source)

    Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Reviews (1): Last reviewed commit: "chore(auth): document required server en..." | Re-trigger Greptile

@koala73 koala73 merged commit a0a6abf into main Apr 2, 2026
8 checks passed
@koala73 koala73 deleted the fix/force-vercel-deploy branch April 2, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@koala73