diff --git a/frontend/db/index.ts b/frontend/db/index.ts
index 57d807e1..5e76ca23 100644
--- a/frontend/db/index.ts
+++ b/frontend/db/index.ts
@@ -26,7 +26,7 @@ if (process.env.NODE_ENV !== 'test') {
 
 const IS_LOCAL_ENV = APP_ENV === 'local';
 
-0const STRICT_LOCAL_DB_GUARD = process.env.SHOP_STRICT_LOCAL_DB === '1';
+const STRICT_LOCAL_DB_GUARD = process.env.SHOP_STRICT_LOCAL_DB === '1';
 const REQUIRED_LOCAL_DB_URL = process.env.SHOP_REQUIRED_DATABASE_URL_LOCAL;
 
 if (STRICT_LOCAL_DB_GUARD) {
diff --git a/frontend/scripts/generate-env.sh b/frontend/scripts/generate-env.sh
new file mode 100644
index 00000000..953d8216
--- /dev/null
+++ b/frontend/scripts/generate-env.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+# Generate .env from .env.example allowlist using current environment.
+# Only variables listed in .env.example are included — no platform internals leak.
+grep '^[A-Z]' .env.example | cut -d= -f1 | while read -r var; do
+  val="${!var}"
+  [ -n "$val" ] && printf '%s=%s\n' "$var" "$val"
+done > .env
diff --git a/netlify.toml b/netlify.toml
index 8c30c95f..e071879d 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -1,13 +1,10 @@
 [build]
   base = "frontend"
-  command = "npm ci --include=optional && npm run build"
+  command = "bash scripts/generate-env.sh && npm ci --include=optional && npm run build"
   publish = ".next"
 
 [build.environment]
   NODE_VERSION = "20.19.0"
 
 [[plugins]]
-  package = "@netlify/plugin-nextjs"
-
-[[plugins]]
-  package = "netlify-plugin-bundle-env"
+  package = "@netlify/plugin-nextjs"
\ No newline at end of file