fix(shared): validate SOURCEBOT_ENCRYPTION_KEY length

[brendan-kellam]

Fixes SOU-1311

SOURCEBOT_ENCRYPTION_KEY is used directly as the 32-byte key for AES-256-CBC encryption. A wrong-length key previously surfaced as an opaque RangeError: Invalid key length deep inside an encryption call. This validates the key is exactly 32 characters at startup, failing fast with an actionable message.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Startup now validates the encryption key length (exact 32 characters) and fails fast with a clear, actionable error message instead of allowing a runtime encryption error.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c989abb7-56db-4449-9987-c7ebd55735a7

📥 Commits

Reviewing files that changed from the base of the PR and between def438b and 1b7cffe.

📒 Files selected for processing (1)

• packages/shared/vitest.config.ts

✅ Files skipped from review due to trivial changes (1)

• packages/shared/vitest.config.ts

---

Walkthrough

This PR adds strict validation for the SOURCEBOT_ENCRYPTION_KEY environment variable, requiring exactly 32 characters at startup with a custom error message. The server env schema constraint is tightened, the test Vitest env value was updated to match, and the changelog documents the fail-fast validation behavior.

Changes

Encryption Key Length Validation

Layer / File(s)	Summary
Enforce 32-character encryption key length at startup packages/shared/src/env.server.ts, packages/shared/vitest.config.ts, CHANGELOG.md	SOURCEBOT_ENCRYPTION_KEY schema constraint updated to z.string().length(32) with a custom error message; Vitest env test value adjusted to a 32-character string; changelog documents the fail-fast startup validation preventing runtime encryption errors.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding validation for SOURCEBOT_ENCRYPTION_KEY length in the shared package.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch brendan/fix-SOU-1311

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}