fix: load Supabase client config from env

[adm01-debug]

Resumo

• Remove URL e publishable key hardcoded do Supabase client.
• Passa a usar VITE_SUPABASE_URL e VITE_SUPABASE_PUBLISHABLE_KEY.
• Adiciona erro explícito quando as variáveis obrigatórias não estão configuradas.

Validação

• npm ci
• npm run build com env vars explícitas

Observação

• npm run typecheck e o hook local de pre-push falharam por problema existente no Windows: spawnSync npx ENOENT.

---

Summary by cubic

Load Supabase client config from environment variables to remove hardcoded credentials and fail fast when they’re missing. Improves security and makes deployments easier to configure.

• Migration
  • Define VITE_SUPABASE_URL and VITE_SUPABASE_PUBLISHABLE_KEY in your .env or hosting env.
  • Builds will error if these variables are not set.

^{Written for commit a7fe004. Summary will update on new commits. Review in cubic}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
we-dream-big	Ready	Preview, Comment	May 23, 2026 12:17pm

[coderabbitai]

Warning

Review limit reached

@adm01-debug, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 2 reviews/hour. Refill in 12 minutes.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f83102a2-c66e-471c-b717-0e3a67ea56f6

📥 Commits

Reviewing files that changed from the base of the PR and between 2a3cb71 and a7fe004.

📒 Files selected for processing (1)

• src/integrations/supabase/client.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/security-hardening-2026-05-23

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[supabase]

This pull request has been ignored for the connected project doufsxqlfjyuvxuezpln because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.

---

Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

[cubic-dev-ai]

No issues found across 1 file

_{Re-trigger cubic}

[Copilot]

Pull request overview

This PR removes hardcoded Supabase client configuration from the frontend and switches to Vite-provided environment variables, adding a clear fail-fast error when required config is missing—improving security and deploy configurability.

Changes:

• Replace hardcoded Supabase URL/key with import.meta.env.VITE_SUPABASE_URL and import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY.
• Throw an explicit error at module init when either required env var is missing.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.