From 2ab48f5ebfa463326802945fcdb93753942dad33 Mon Sep 17 00:00:00 2001
From: HiLleywyn <lleywyn@proton.me>
Date: Sat, 9 May 2026 03:33:52 +0000
Subject: [PATCH 1/2] Mobile: blank seed URLs, fail-fast on missing API URL

The Railway "Not Found" the APK was hitting was my fault: I baked guessed
production URLs into apps/mobile/.env.production that don't exist for this
project. The Capacitor app loaded that bogus URL as its initial page and
got Railway's domain-not-provisioned splash.

Cleaning up:

* apps/mobile/.env.production now ships with all three URLs blank, with
  comments naming each variable and showing example placeholders. The
  user fills them in, or sets repo variables in GitHub Actions, before
  building.
* The android and ios workflows now hard-fail with a GitHub Actions
  ::error:: annotation if VITE_API_BASE is unset, and emit a ::warning::
  if TEMPEST_WEB_URL is unset (the APK still builds in bundled mode;
  passkey login won't be available, but at least the app loads).
* docs/MOBILE.md gains a "Configuring URLs" section that names each
  variable and where to put it.

After this lands, set:
  - VITE_API_BASE     to the live tempest-api URL
  - VITE_GATEWAY_URL  to the live tempest-gateway wss:// URL + /gateway
  - TEMPEST_WEB_URL   to the live tempest-web URL (optional, enables
                       passkey login)
either as repo vars or in apps/mobile/.env.production, and the next
APK build will load the real domains.
---
 .github/workflows/android.yml | 14 +++++++++++++-
 .github/workflows/ios.yml     | 12 +++++++++++-
 apps/mobile/.env.production   | 30 +++++++++++++++++-------------
 docs/MOBILE.md                | 17 +++++++++++++++++
 4 files changed, 58 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
index 7f975f6..5e15291 100644
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@@ -63,10 +63,22 @@ jobs:
           if [ -f apps/mobile/.env.production ]; then
             set -a; . apps/mobile/.env.production; set +a
           fi
+          if [ -z "$VITE_API_BASE" ]; then
+            echo "::error::VITE_API_BASE is unset. Set it as a repo variable in" \
+                 "Settings -> Secrets and variables -> Actions -> Variables, or" \
+                 "edit apps/mobile/.env.production. Without it the APK has no" \
+                 "API URL and login will fail with a 404 on /auth/start_login."
+            exit 1
+          fi
           echo "VITE_API_BASE=$VITE_API_BASE" >> "$GITHUB_ENV"
           echo "VITE_GATEWAY_URL=$VITE_GATEWAY_URL" >> "$GITHUB_ENV"
           echo "TEMPEST_WEB_URL=$TEMPEST_WEB_URL" >> "$GITHUB_ENV"
-          echo "Building web bundle against API=$VITE_API_BASE GW=$VITE_GATEWAY_URL WEB=$TEMPEST_WEB_URL"
+          if [ -z "$TEMPEST_WEB_URL" ]; then
+            echo "::warning::TEMPEST_WEB_URL is unset. The APK will fall back to" \
+                 "the bundled web/dist; passkey login will be unavailable until" \
+                 "you point it at your live tempest-web origin."
+          fi
+          echo "Building APK with API=$VITE_API_BASE GW=$VITE_GATEWAY_URL WEB=$TEMPEST_WEB_URL"
 
       - name: Build web bundle
         env:
diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml
index 4c95f54..9e861b3 100644
--- a/.github/workflows/ios.yml
+++ b/.github/workflows/ios.yml
@@ -43,10 +43,20 @@ jobs:
           if [ -f apps/mobile/.env.production ]; then
             set -a; . apps/mobile/.env.production; set +a
           fi
+          if [ -z "$VITE_API_BASE" ]; then
+            echo "::error::VITE_API_BASE is unset. Set it as a repo variable" \
+                 "or in apps/mobile/.env.production."
+            exit 1
+          fi
           echo "VITE_API_BASE=$VITE_API_BASE" >> "$GITHUB_ENV"
           echo "VITE_GATEWAY_URL=$VITE_GATEWAY_URL" >> "$GITHUB_ENV"
           echo "TEMPEST_WEB_URL=$TEMPEST_WEB_URL" >> "$GITHUB_ENV"
-          echo "Building web bundle against API=$VITE_API_BASE GW=$VITE_GATEWAY_URL WEB=$TEMPEST_WEB_URL"
+          if [ -z "$TEMPEST_WEB_URL" ]; then
+            echo "::warning::TEMPEST_WEB_URL is unset. The IPA will fall back" \
+                 "to the bundled web/dist; passkey login will be unavailable" \
+                 "until you point it at your live tempest-web origin."
+          fi
+          echo "Building IPA with API=$VITE_API_BASE GW=$VITE_GATEWAY_URL WEB=$TEMPEST_WEB_URL"
 
       - name: Build web bundle
         env:
diff --git a/apps/mobile/.env.production b/apps/mobile/.env.production
index 80a5463..ff10c53 100644
--- a/apps/mobile/.env.production
+++ b/apps/mobile/.env.production
@@ -1,18 +1,22 @@
-# Default API + Gateway URLs the mobile build embeds when the workflow has
-# no repo vars set. Override per-deploy by setting VITE_API_BASE /
-# VITE_GATEWAY_URL as repository variables in GitHub
+# Default URLs the mobile build embeds. Override per-deploy by setting them
+# as repository variables in GitHub
 # (Settings -> Secrets and variables -> Actions -> Variables), or by
 # editing this file before tagging a release.
 #
-# Example (replace with the URLs printed by `railway up`):
-#   VITE_API_BASE=https://tempest-api-production-2899.up.railway.app
-#   VITE_GATEWAY_URL=wss://tempest-gateway-production-1213ce.up.railway.app/gateway
+# VITE_API_BASE     - absolute URL of the deployed tempest-api (REST).
+# VITE_GATEWAY_URL  - absolute wss:// URL of the deployed tempest-gateway,
+#                     including the /gateway path.
+# TEMPEST_WEB_URL   - absolute URL of the deployed tempest-web. When set,
+#                     the Capacitor app loads this URL as its initial page
+#                     so WebAuthn / passkeys see a real HTTPS origin and
+#                     work. When unset, the app uses the bundled web/dist
+#                     and passkey login is unavailable.
 #
-# TEMPEST_WEB_URL controls whether Capacitor loads the live deployment as
-# the initial page (recommended; passkeys / WebAuthn work over the real
-# HTTPS origin) or falls back to the bundled web/dist (faster first paint,
-# but passkeys refuse to run on https://localhost).
+# Example values (replace with the URLs printed by `railway up`):
+#   VITE_API_BASE=https://tempest-api-production-XXXX.up.railway.app
+#   VITE_GATEWAY_URL=wss://tempest-gateway-production-XXXX.up.railway.app/gateway
+#   TEMPEST_WEB_URL=https://tempest-web-production-XXXX.up.railway.app
 
-VITE_API_BASE=https://tempest-api-production-2899.up.railway.app
-VITE_GATEWAY_URL=wss://tempest-gateway-production-1213ce.up.railway.app/gateway
-TEMPEST_WEB_URL=https://tempest-web-production-1213ce.up.railway.app
+VITE_API_BASE=
+VITE_GATEWAY_URL=
+TEMPEST_WEB_URL=
diff --git a/docs/MOBILE.md b/docs/MOBILE.md
index c0ff667..ab031f3 100644
--- a/docs/MOBILE.md
+++ b/docs/MOBILE.md
@@ -66,6 +66,23 @@ The CI workflow patches the generated Xcode project to keep iPad
 support universal even if the Capacitor template ever regresses, and
 forces `UIRequiresFullScreen=NO` so iPad multitasking works.
 
+## Configuring URLs
+
+Three values control where the mobile build talks to:
+
+| Var                | Purpose                                                                                  |
+| ------------------ | ---------------------------------------------------------------------------------------- |
+| `VITE_API_BASE`    | Absolute URL of the deployed `tempest-api`. Required.                                    |
+| `VITE_GATEWAY_URL` | Absolute `wss://` URL of the deployed `tempest-gateway`, including `/gateway` path.      |
+| `TEMPEST_WEB_URL`  | Absolute URL of the deployed `tempest-web`. Optional. Set it to enable passkey login.    |
+
+Set them either as repo variables in GitHub
+(`Settings` → `Secrets and variables` → `Actions` → `Variables`) or by
+editing `apps/mobile/.env.production`. The CI workflow refuses to build
+without `VITE_API_BASE` and emits a warning if `TEMPEST_WEB_URL` is
+unset (the APK still builds, but passkey login is unavailable - see
+below).
+
 ## Passkeys / WebAuthn on mobile
 
 WebAuthn refuses to run on the synthetic `https://localhost` origin

From cb7227276f7c30a79d914711eaf3a0860efbccd2 Mon Sep 17 00:00:00 2001
From: HiLleywyn <lleywyn@proton.me>
Date: Sat, 9 May 2026 03:38:06 +0000
Subject: [PATCH 2/2] Mobile: fill in the actual Railway service URLs

apps/mobile/.env.production now points at the real tempest-api,
tempest-gateway, and tempest-web Railway domains so a fresh APK build
loads the live web origin (passkey login works) and the embedded API +
gateway URLs are right.
---
 apps/mobile/.env.production | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/apps/mobile/.env.production b/apps/mobile/.env.production
index ff10c53..32c0905 100644
--- a/apps/mobile/.env.production
+++ b/apps/mobile/.env.production
@@ -11,12 +11,7 @@
 #                     so WebAuthn / passkeys see a real HTTPS origin and
 #                     work. When unset, the app uses the bundled web/dist
 #                     and passkey login is unavailable.
-#
-# Example values (replace with the URLs printed by `railway up`):
-#   VITE_API_BASE=https://tempest-api-production-XXXX.up.railway.app
-#   VITE_GATEWAY_URL=wss://tempest-gateway-production-XXXX.up.railway.app/gateway
-#   TEMPEST_WEB_URL=https://tempest-web-production-XXXX.up.railway.app
 
-VITE_API_BASE=
-VITE_GATEWAY_URL=
-TEMPEST_WEB_URL=
+VITE_API_BASE=https://tempest-api-production-2899.up.railway.app
+VITE_GATEWAY_URL=wss://tempest-gateway-production.up.railway.app/gateway
+TEMPEST_WEB_URL=https://web-production-1213ce.up.railway.app