Skip to content

πŸš€ v1.25.0 β€” Unified Environment Detection & Hardened Audit CSP

Choose a tag to compare

View all tags
@SunDevil311 SunDevil311 released this 03 Nov 06:42
· 45 commits to master since this release
v1.25.0
6a98293
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

✨ Added

  • Unified environment detection utility (src/lib/utils/env.js)

    • Normalizes process.env / import.meta.env usage across server & client.
    • Provides consistent flags: isDev, isProd, isAudit, isCI, isTest.
    • Fully typed with JSDoc and safe for browser contexts.

  • Hybrid analytics guard in posthog.js

    • Disables tracking automatically in audit mode or on *.audit.netwk.pro.
    • Centralized environment logic via detectEnvironment().

πŸ”’ Changed

  • CSP overhaul for audit mode (hooks.server.js)

    • Removes analytics domains and routes CSP reports to /api/mock-csp.
    • Preserves full HSTS and core production security headers.
    • Clear separation between test, audit, and prod modes.

  • Refined environment handling

    • Prevents mismatched behavior between SSR and client builds.
    • Fallbacks gracefully to 'unknown' when unset.

  • Branch Guard workflow improvements

    • Skips merge commits and Dependabot updates.
    • Cleaner logs, lighter permissions, and reliable protection checks.

πŸ› Fixed

  • Resolved client crash from process.env in browser context.
    • Defensive process checks prevent runtime reference errors.

🧠 Developer Experience

  • Simplified environment config across analytics, CSP, and runtime logic.
  • Verified .env.audit / PUBLIC_ENV_MODE compatibility with Vercel builds.

Deployment Note:

For audit builds, ensure Vercel includes:

ENV_MODE=audit
PUBLIC_ENV_MODE=audit

Audit deployments now retain full HTTPS and CSP security β€” without telemetry or external reporting.

Assets 2
Loading