Summary
Firebase config silently falls back to empty strings when required NEXT_PUBLIC_FIREBASE_* environment variables are missing.
Evidence
src/lib/firebase/config.ts:7-12 uses process.env.NEXT_PUBLIC_FIREBASE_* || '' for all Firebase config values..env.example documents the required variables as placeholders.
Impact
A deployment with missing environment variables can fail later with confusing Firebase runtime errors instead of failing fast with a clear configuration message. This is not a secret exposure issue, but it weakens operational reliability.
Minimal Fix
- Validate all required
NEXT_PUBLIC_FIREBASE_* values before initializing Firebase.
- Throw a clear error naming the missing variable(s).
- Keep
.env.local ignored and continue committing only .env.example placeholders.
Acceptance Criteria
- Missing required Firebase env vars produce a clear error during local startup/build/runtime initialization.
- Valid env vars initialize Firebase exactly as before.
- No real keys are committed.
Summary
Firebase config silently falls back to empty strings when required
NEXT_PUBLIC_FIREBASE_*environment variables are missing.Evidence
src/lib/firebase/config.ts:7-12usesprocess.env.NEXT_PUBLIC_FIREBASE_* || ''for all Firebase config values..env.exampledocuments the required variables as placeholders.Impact
A deployment with missing environment variables can fail later with confusing Firebase runtime errors instead of failing fast with a clear configuration message. This is not a secret exposure issue, but it weakens operational reliability.
Minimal Fix
NEXT_PUBLIC_FIREBASE_*values before initializing Firebase..env.localignored and continue committing only.env.exampleplaceholders.Acceptance Criteria