Gastown's development secrets (NEXTAUTH_SECRET, GASTOWN_JWT_SECRET) are hardcoded directly in services/gastown/wrangler.jsonc under env.dev.vars instead of being managed by the pnpm dev:env sync pipeline. This means:
- Secrets drift from
.env.local — the source of truth for local dev secrets
- Changes to shared secrets (e.g. rotating
NEXTAUTH_SECRET) require manual edits to wrangler.jsonc instead of being picked up automatically by pnpm dev:env
- Gastown is excluded from cross-worker consistency checks that verify shared secrets match across services
Steps to reproduce:
- Run
pnpm dev:env and observe that Gastown does not appear in the output
- Check
services/gastown/wrangler.jsonc lines 137-138, see hardcoded NEXTAUTH_SECRET and GASTOWN_JWT_SECRET values in env.dev.vars
- Verify
services/gastown/.dev.vars.example does not exist
- Uupdate
.env.local with new secret values
- Run
pnpm dev:env again, Gastown still uses the old hardcoded values, not the updated ones from .env.local
Gastown's development secrets (
NEXTAUTH_SECRET,GASTOWN_JWT_SECRET) are hardcoded directly inservices/gastown/wrangler.jsoncunderenv.dev.varsinstead of being managed by thepnpm dev:envsync pipeline. This means:.env.local— the source of truth for local dev secretsNEXTAUTH_SECRET) require manual edits towrangler.jsoncinstead of being picked up automatically bypnpm dev:envSteps to reproduce:
pnpm dev:envand observe that Gastown does not appear in the outputservices/gastown/wrangler.jsonclines 137-138, see hardcodedNEXTAUTH_SECRETandGASTOWN_JWT_SECRETvalues inenv.dev.varsservices/gastown/.dev.vars.exampledoes not exist.env.localwith new secret valuespnpm dev:envagain, Gastown still uses the old hardcoded values, not the updated ones from.env.local