Skip to content

fix: strip quoted env var values before Zod validation#484

Closed
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1774737408-fix-e2e-tests
Closed

fix: strip quoted env var values before Zod validation#484
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1774737408-fix-e2e-tests

Conversation

@devin-ai-integration
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration bot commented Mar 28, 2026

Summary

Infisical export (and some .env loaders) can produce env var values wrapped in literal single quotes, e.g.:

NEXT_PUBLIC_SUPPORT_EMAIL='support@codebuff.com'

This sets the value to the string 'support@codebuff.com' (quotes included), which fails Zod v4's z.email() and z.url() validators at module load time in common/src/env.ts, crashing all downstream imports (SDK, agents, etc.) before any test code runs.

Fix: Add a stripEnvQuotes() function in two places:

  1. common/src/env-schema.ts — wraps each process.env.* read in clientProcessEnv so quoted values are sanitized before schema validation. This runs in all environments.
  2. sdk/test/setup-env.ts — strips quotes from existing env vars before setting test defaults. This runs only via the test preload.

Review & Testing Checklist for Human

  • Bun compile-time injection: The clientProcessEnv comment notes Bun statically replaces process.env.NEXT_PUBLIC_* references. Verify that wrapping them in stripEnvQuotes(process.env.NEXT_PUBLIC_*) doesn't break Bun's compile-time substitution (e.g. in next build or bun build).
  • No false positives: Confirm no env var legitimately uses wrapping single/double quotes as part of its value. The function only strips if the first and last characters are matching quote pairs.
  • E2E CI passes: The real validation is that the nightly-e2e and freebuff-e2e workflows pass with these changes in place.

Notes

  • The stripEnvQuotes logic is duplicated across the two files with slightly different signatures (one returns a value, the other mutates process.env in place). Could be extracted to a shared util if preferred, but kept separate to minimize import surface.
  • SDK e2e tests pass locally (28/28). Agent e2e tests that still fail locally do so because of missing API keys (expected without secrets), not env validation.

Link to Devin session: https://app.devin.ai/sessions/703473308c2c41e2a915b61e6c597c30

@devin-ai-integration @jahooma
fix: strip quoted env var values before Zod validation
d862e0a 
Infisical export and some .env loaders produce values wrapped in single
quotes (e.g. NEXT_PUBLIC_SUPPORT_EMAIL='support@codebuff.com'), causing
Zod format validators (z.email(), z.url()) to reject them.

- Add stripEnvQuotes() to common/src/env-schema.ts so clientProcessEnv
  values are sanitised before schema validation runs
- Add the same stripping logic to sdk/test/setup-env.ts preload so test
  environment values are also cleaned up early

Co-Authored-By: James <james@codebuff.com>
@devin-ai-integration
Copy link
Copy Markdown
Author

devin-ai-integration bot commented Mar 28, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@jahooma jahooma closed this Mar 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brandonkachen brandonkachen Awaiting requested review from brandonkachen brandonkachen is a code owner

@jahooma jahooma Awaiting requested review from jahooma jahooma is a code owner

@charleslien charleslien Awaiting requested review from charleslien charleslien is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jahooma