Next.js auth middleware, Sentry wiring, and a build-time crash fix

Dshamir adds Next.js auth middleware, client-side error tracking, and an accessibility skip-link to the frontend, then fixes a build-time crash where the Supabase client threw on empty env vars during static page generation.

securitychat-ui

The main commit (5755ec9) adds middleware.ts for route-level auth protection, errorTracking.ts for Sentry initialization on the client side, and a skip-link component for keyboard navigation. A bundle analyzer wraps next.config.ts behind ANALYZE=true. These are parallel to the backend hardening work - same tools, different layer.

The build crash (d52b4e5) is the most portable piece. The Supabase client in supabase.ts was constructed with process.env.NEXT_PUBLIC_SUPABASE_URL || "", and createClient("") throws during Next.js static page generation when the env var is absent. The fix substitutes placeholder values:

const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL || "https://placeholder.supabase.co";
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY || "placeholder";

These produce a no-op client at build time rather than crashing. It is a common problem when a Next.js app initializes SDK clients at module load time - the build environment does not have runtime secrets.

The Sentry dependency bump (87b7d2c) is the other notable change: @sentry/nextjs was at ^9.27.0, which has a peer dependency on next@^13-15. The frontend runs Next.js 16, so the peer conflict broke builds. The upgrade to ^10.53.1 resolves it.

So what The build-crash fix is a one-line change worth knowing about if you hit the same `createClient("")` failure during CI or Docker builds. The Sentry v9 -> v10 upgrade is necessary for Next.js 16 compatibility. The auth middleware and skip-link are lightweight and importable; the bundle analyzer is dev tooling you may already have.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

3 commits from Dshamir/AI-Legal, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
5755ec93 [P4] feat: add auth middleware, error tracking, accessibility, bundle analyzer Dshamir 2026-05-23 ↗ GitHub
87b7d2c2 [P4] chore: add Sentry and bundle-analyzer dependencies Dshamir 2026-05-23 ↗ GitHub
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d52b4e52 [P4] fix: use placeholder Supabase URL to prevent build-time crash Dshamir 2026-05-23 ↗ GitHub
commit body
The Supabase client was created with an empty string URL when env vars
were missing, causing createClient to throw during Next.js static page
generation. Uses placeholder values that safely no-op at build time.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-523.md from inside the repo you want the changes in.

⬇ Download capture-thread-523.md