--- issue: 105 title: "Backend: no startup validation of required env vars — silent misconfiguration" severity: medium domain: Configuration labels: [backend, reliability, configuration] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Backend: no startup validation of required env vars — silent misconfiguration **Severity:** medium **Domain:** Configuration **Labels:** backend, reliability, configuration ## Description `backend/src/shared/config/index.ts:32` reads env vars without validating they are present or have correct types. A misconfigured deployment (missing `JWT_SECRET`, `MONGODB_URI`, or `SMTP_PORT`) starts silently and fails only at runtime when those vars are first used, making misconfiguration hard to diagnose. ## Options 1. Validate required vars with a schema (zod/envalid) and exit on missing/NaN. 2. Manual assertions for the critical few (`PORT`, `JWT_SECRET`, `MONGODB_URI`, `SMTP_PORT`). 3. Log-and-continue warnings only. ## Recommendation Add schema-based validation that fails fast on missing/invalid required vars. Changes startup behavior. ## Affected Files - `backend/src/shared/config/index.ts:32` ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-54