refactor: nuxt config split and project config polish

[toddeTV]

Summary by CodeRabbit

• Configuration

  • Environment variables for admin credentials and JWT secret now require manual setup instead of providing defaults.
  • Debug flags now default to false instead of true in configuration examples.

• Documentation

  • Removed development commands reference section from setup guide.

• Refactor

  • Internal configuration structure reorganized for better maintainability.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates project configuration and environment setup: environment variable examples now omit sensitive defaults (admin credentials, JWT secret), debug flags are annotated with false defaults, the Nuxt configuration is refactored into typed config objects, build scripts are streamlined, and development documentation is simplified.

Changes

Configuration and Setup Updates

Layer / File(s)	Summary
Environment Defaults .env.example	Server-side secrets (NUXT_ADMIN_USERNAME, NUXT_ADMIN_PASSWORD, NUXT_JWT_SECRET) and NUXT_PUBLIC_EMOJI_COOLDOWN_MS are changed from example values to blank entries; debug flag comments now indicate false defaults.
Nuxt Configuration Structure nuxt.config.ts	Config is refactored into two typed objects (configBase, configModules) and composed via spreads in defineNuxtConfig, moving eslint and i18n into configModules and base settings into configBase.
Build Scripts & Dependencies package.json	Removed nuxi, nuxt, and preview scripts; removed vue-router from dependencies; added @stylistic/eslint-plugin to dev dependencies.
Documentation docs/setup-local.md	Removed the "Development Commands" section listing vp run commands.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the two main changes: refactoring the Nuxt configuration structure and polishing project configuration files (.env.example, package.json, documentation).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

nuxt.config.ts (1)

5-57: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Remove hardcoded auth fallbacks from runtimeConfig.

adminUsername, adminPassword, and jwtSecret still have fixed defaults. If env vars are missing, the app silently falls back to predictable credentials/signing secret, which is a production security risk.

Suggested change

   runtimeConfig: {
-    adminPassword: '123',
-    adminUsername: 'admin',
-    jwtSecret: 'tryUJ0zQbstPbTOrezme+Fv+KndzDNRx5lmSeelr2ial2/2yV8HqLeQ2felJafqf',
+    adminPassword: '',
+    adminUsername: '',
+    jwtSecret: '',

Also add a startup/auth-path guard that throws when these values are empty, so misconfiguration fails fast instead of weakening auth. As per coding guidelines: “Runtime env vars configured via .env file.”

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nuxt.config.ts` around lines 5 - 57, Replace the hardcoded fallbacks in
configBase.runtimeConfig (adminUsername, adminPassword, jwtSecret) so they are
sourced from environment variables (e.g., process.env.ADMIN_USERNAME,
process.env.ADMIN_PASSWORD, process.env.JWT_SECRET) instead of fixed literals;
do not supply predictable defaults. Add a startup guard (e.g., a small validate
function invoked when exporting the Nuxt config or in a top-level init step)
that checks configBase.runtimeConfig.adminUsername, adminPassword and jwtSecret
and throws an error if any are missing/empty to fail fast on misconfiguration.
Ensure you update references to runtimeConfig in the export so the values flow
correctly into Nuxt at runtime.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@nuxt.config.ts`:
- Around line 5-57: Replace the hardcoded fallbacks in configBase.runtimeConfig
(adminUsername, adminPassword, jwtSecret) so they are sourced from environment
variables (e.g., process.env.ADMIN_USERNAME, process.env.ADMIN_PASSWORD,
process.env.JWT_SECRET) instead of fixed literals; do not supply predictable
defaults. Add a startup guard (e.g., a small validate function invoked when
exporting the Nuxt config or in a top-level init step) that checks
configBase.runtimeConfig.adminUsername, adminPassword and jwtSecret and throws
an error if any are missing/empty to fail fast on misconfiguration. Ensure you
update references to runtimeConfig in the export so the values flow correctly
into Nuxt at runtime.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 3cfa1b67-993b-4679-a2c2-3624efe1cd04

📥 Commits

Reviewing files that changed from the base of the PR and between de80fdd and 2aebb1a.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml, !pnpm-lock.yaml

📒 Files selected for processing (4)

• .env.example
• docs/setup-local.md
• nuxt.config.ts
• package.json

💤 Files with no reviewable changes (1)

• docs/setup-local.md