feat: provide safe defaults for env-based config; no .env required in VSIX

zakmandhro · zakmandhro · commit 17c0df0baccf · 2025-08-08T12:18:33.000-07:00
diff --git a/src/utils/appConfig.ts b/src/utils/appConfig.ts
@@ -5,14 +5,29 @@ const rootPath = (filename: string) => path.resolve(__dirname, `../${filename}`)
 
 require('dotenv').config({ path: rootPath('.env') })
 
+// Helper to read from env with a safe default so production doesn't require a .env file
+const fromEnv = (key: string, fallback: string): string => {
+  const val = process.env[key]
+  return typeof val === 'string' && val.length > 0 ? val : fallback
+}
+
 export const AppConfig = {
   app: {
-    sessionSecret: process.env.SESSIONS_SECRET_KEY as string,
-    clientIdentifier: process.env.CLIENT_IDENTIFIER as string,
+    // Key name for VS Code SecretStorage. Not a credential; safe to default.
+    sessionSecret: fromEnv('SESSIONS_SECRET_KEY', 'pullflow.session'),
+    // Public identifier for the client used during auth redirects.
+    clientIdentifier: fromEnv('CLIENT_IDENTIFIER', 'com.pullflow.vscode'),
   },
   pullflow: {
-    baseUrl: process.env['PULLFLOW_APP_URL'] as string,
-    graphqlUrl: `${process.env['PULLFLOW_APP_URL']}/api/graphql`,
-    telemetryUrl: process.env['PULLFLOW_TELEMETRY_URL'] as string,
+    // Public service endpoints; default to production URLs.
+    baseUrl: fromEnv('PULLFLOW_APP_URL', 'https://app.pullflow.com'),
+    graphqlUrl: `${fromEnv(
+      'PULLFLOW_APP_URL',
+      'https://app.pullflow.com'
+    )}/api/graphql`,
+    telemetryUrl: fromEnv(
+      'PULLFLOW_TELEMETRY_URL',
+      'https://collector.pullflow.cloud'
+    ),
   },
 }
