YOYYOY

Proof

Supabase key hygiene — service role isolation

Agentic Commerce Systems·rails·agentic·agentic-commerce-os

2025-12-20

Isolated service-role usage to server-only contexts, standardised environment naming, and removed accidental client exposure paths.

Objective

Objective: ensure no privileged keys can reach the client bundle.

Actions taken:

  • Standardised naming: NEXT*PUBLIC*\* for client-safe only; server keys kept unprefixed.
  • Removed service-role access from any client-facing code paths.
  • Confirmed server-only usage patterns for admin operations.
Result

Result: reduced blast radius and clearer key governance boundaries.

Next: add automated checks (lint/CI) to prevent regressions.