Next.js auth middleware, Sentry wiring, and a build-time crash fix
Dshamir adds Next.js auth middleware, client-side error tracking, and an accessibility skip-link to the frontend, then fixes a build-time crash where the Supabase client threw on empty env vars during static page generation.
The main commit (5755ec9) adds middleware.ts for route-level auth protection, errorTracking.ts for Sentry initialization on the client side, and a skip-link component for keyboard navigation. A bundle analyzer wraps next.config.ts behind ANALYZE=true. These are parallel to the backend hardening work - same tools, different layer.
The build crash (d52b4e5) is the most portable piece. The Supabase client in supabase.ts was constructed with process.env.NEXT_PUBLIC_SUPABASE_URL || "", and createClient("") throws during Next.js static page generation when the env var is absent. The fix substitutes placeholder values:
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL || "https://placeholder.supabase.co";
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY || "placeholder";
These produce a no-op client at build time rather than crashing. It is a common problem when a Next.js app initializes SDK clients at module load time - the build environment does not have runtime secrets.
The Sentry dependency bump (87b7d2c) is the other notable change: @sentry/nextjs was at ^9.27.0, which has a peer dependency on next@^13-15. The frontend runs Next.js 16, so the peer conflict broke builds. The upgrade to ^10.53.1 resolves it.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?