Fix env validation

[Kavyamanchanpally]

Summary

Added build-time environment validation to prevent accidental exposure of sensitive credentials during production builds.

Closes #1462

---

Type of Change

• Bug fix
• New feature
• Documentation update
• Refactor / code cleanup

---

Changes Made

• Added scripts/validate-env.js for environment variable validation

• Added a new validate-env npm script

• Updated the build process to run validation before next build

• Detects sensitive environment variables such as:

  • private_key
  • secret
  • supabase_secret
  • github_token
  • token
  • password
  • api_key

• Blocks the build when sensitive credentials are detected

• Displays clear validation messages during build execution

---

How to Test

Steps for the reviewer to verify this works:

1. Run:

   npm run validate-env

2. Verify validation passes when no sensitive environment variables are present.

3. Add a sensitive environment variable (example):

   SUPABASE_SECRET=test123

4. Run:

   npm run build

5. Verify the build is blocked and an error message is displayed.

6. Remove the sensitive variable and run:

   npm run build

7. Verify the application builds successfully.

---

Checklist

• Linked issue in summary
• Build validation tested locally
• npm run build passes successfully
• Self-reviewed the changes
• No unrelated files modified
• Added/updated tests if applicable

---

Security Checklist

• Sensitive environment variables are detected
• Build process is blocked on validation failure
• No secrets are exposed to client-side bundles
• Validation runs automatically before production builds

---

Additional Notes

This change adds an additional security layer to the build pipeline by preventing accidental inclusion of sensitive credentials in production builds.

[vercel]

@Kavyamanchanpally is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[Priyanshu-byte-coder]

This PR now has a merge conflict with main after #2171 was merged (which added the same scripts/validate-env.js). Please check if your changes are still needed and rebase:

git fetch origin
git rebase origin/main