fix(backend): harden runtime config and verification access

2026-03-19 16:36:28 +01:00
parent 8d0ef309e6
commit 2f25d10368
15 changed files with 262 additions and 14 deletions
--- a/backend/core-api/src/app.js
+++ b/backend/core-api/src/app.js
@@ -5,10 +5,12 @@ import { requestContext } from './middleware/request-context.js';
 import { errorHandler, notFoundHandler } from './middleware/error-handler.js';
 import { healthRouter } from './routes/health.js';
 import { createCoreRouter, createLegacyCoreRouter } from './routes/core.js';
+import { assertSafeRuntimeConfig } from './lib/runtime-safety.js';

 const logger = pino({ level: process.env.LOG_LEVEL || 'info' });

 export function createApp() {
+  assertSafeRuntimeConfig();
  const app = express();

  app.use(requestContext);