server/utils/oidc-provider.ts throws at module-load when
OIDC_COOKIE_SECRET is unset and NODE_ENV is 'production'. Vite
substitutes process.env.NODE_ENV as a literal at build time, so
'production' is baked into the .output bundle regardless of the
runtime NODE_ENV=development env. Setting OIDC_COOKIE_SECRET
clears the throw; the value isn't used for real OIDC traffic
in CI since no test exercises the OIDC interaction routes.
Backgrounding 'node .output/server/index.mjs &' swallowed startup
crashes — failures presented as a useless 30s 'Wait for server'
timeout. Pipe stderr to a log file and cat it on failure so the
next crash is one click away.
server/plugins/validate-env.js process.exit(1)s on boot when these
are missing — the playwright job's 'Start server' step backgrounds
the process and returns instantly, so the crash was silent until
'Wait for server' timed out at 30s.
Stub values are safe: ALLOW_DEV_TEST_ENDPOINTS=true short-circuits
the Resend call in invite.post.js, and Helcim API calls are mocked
at the page.route level in join-flow.spec.js.
Without this flag, server/middleware/03.rate-limit.js applies the
100-req/60s general limit to /api/dev/test-login and trips during
parallel e2e runs. The invite.post.js dev short-circuit also
depends on this env var to skip the Resend call (no RESEND_API_KEY
in CI).
