From f24ef038ef03a6270c42e6581b75e2a4e63e8bc3 Mon Sep 17 00:00:00 2001
From: Vadym Samoilenko <vadymsamoilenko@oliver.agency>
Date: Mon, 2 Mar 2026 11:21:32 +0000
Subject: [PATCH] Validate critical env vars in deploy.sh before deployment

The script previously only checked that backend/.env existed, allowing
deployments with unset or placeholder values. This meant GEMINI_API_KEY
could be missing, causing every analysis to fail at 80% with a
PERMISSION_DENIED error from the Gemini API.

Now checks GEMINI_API_KEY, AZURE_TENANT_ID, AZURE_CLIENT_ID, and
DATABASE_URL are set to real values before any build step runs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 deploy.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/deploy.sh b/deploy.sh
index 93abc04..d57a30e 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -81,6 +81,25 @@ if [ ! -f backend/.env ]; then
 fi
 echo "  ✓ backend/.env exists"
 
+# Validate that critical backend env vars are actually set (not placeholders)
+check_backend_env() {
+    local var_name="$1"
+    local value
+    value=$(grep -E "^${var_name}=" backend/.env | cut -d= -f2- | tr -d '"' | tr -d "'")
+    if [ -z "$value" ] || [[ "$value" == *"your_"* ]]; then
+        echo ""
+        echo "Error: ${var_name} is not configured in backend/.env"
+        echo "  Open backend/.env and set a real value for ${var_name}"
+        exit 1
+    fi
+    echo "  ✓ ${var_name} is set"
+}
+
+check_backend_env GEMINI_API_KEY
+check_backend_env AZURE_TENANT_ID
+check_backend_env AZURE_CLIENT_ID
+check_backend_env DATABASE_URL
+
 # --- 1. Pull latest code (skip if not a git repo or no remote) ---
 echo ""
 echo "[1/6] Updating code..."