You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- PASS: No secrets or `.env.local` files were committed or modified.
17
+
- PASS: Browser pages continue to use backend API contracts only; no browser-owned auth/provider/data logic was added.
18
+
- PASS: No silent fallback was added.
19
+
- FAIL: Real configured Supabase DEV readiness could not be validated as `ready=true` from this machine because the live connectivity check fails before HTTP with `UNABLE_TO_VERIFY_LEAF_SIGNATURE`.
- Coverage WARN: Node server runtime JS is not collected by browser V8 coverage; browser account auth JS remains covered by the focused auth Playwright run.
41
+
42
+
## Manual Validation Notes
43
+
- Fake Supabase provider validation proves:
44
+
-`/api/auth/status` returns `ready=true` when Auth connectivity and identity tables are reachable.
45
+
- Create Account provisions one app `users` row, one default `roles` row when needed, and one `user_roles` row.
46
+
- Sign In resolves a session using the provisioned identity record and role.
47
+
- Missing identity rows fail with the generic production-safe browser message.
48
+
- Real DEV validation is blocked by local Node TLS trust, not by missing environment values. Required env presence was verified without printing secret values.
49
+
50
+
## Skipped Lanes
51
+
- Full samples smoke: SKIP. Auth identity bootstrap/provisioning does not touch samples or sample manifests.
0 commit comments