fix: strip quoted env var values before Zod validation

Infisical export and some .env loaders produce values wrapped in single
quotes (e.g. NEXT_PUBLIC_SUPPORT_EMAIL='support@codebuff.com'), causing
Zod format validators (z.email(), z.url()) to reject them.

- Add stripEnvQuotes() to common/src/env-schema.ts so clientProcessEnv
  values are sanitised before schema validation runs
- Add the same stripping logic to sdk/test/setup-env.ts preload so test
  environment values are also cleaned up early

Co-Authored-By: James <james@codebuff.com>

Author: devin-ai-integration[bot]

common/src/env-schema.ts

@@ -20,18 +20,37 @@ export type ClientInput = {
 }
 export type ClientEnv = z.infer<typeof clientEnvSchema>
 
+/**
+ * Strip wrapping single or double quotes from an env var value.
+ * Some secret managers (e.g. Infisical export) produce values like:
+ *   NEXT_PUBLIC_SUPPORT_EMAIL='support@codebuff.com'
+ * which sets the value to the literal string `'support@codebuff.com'`
+ * (with quotes), causing Zod format validators (z.email(), z.url()) to fail.
+ */
+function stripEnvQuotes(value: string | undefined): string | undefined {
+  if (
+    value &&
+    value.length >= 2 &&
+    ((value.startsWith("'") && value.endsWith("'")) ||
+      (value.startsWith('"') && value.endsWith('"')))
+  ) {
+    return value.slice(1, -1)
+  }
+  return value
+}
+
 // Bun will inject all these values, so we need to reference them individually (no for-loops)
 export const clientProcessEnv: ClientInput = {
-  NEXT_PUBLIC_CB_ENVIRONMENT: process.env.NEXT_PUBLIC_CB_ENVIRONMENT,
-  NEXT_PUBLIC_CODEBUFF_APP_URL: process.env.NEXT_PUBLIC_CODEBUFF_APP_URL,
-  NEXT_PUBLIC_SUPPORT_EMAIL: process.env.NEXT_PUBLIC_SUPPORT_EMAIL,
-  NEXT_PUBLIC_POSTHOG_API_KEY: process.env.NEXT_PUBLIC_POSTHOG_API_KEY,
-  NEXT_PUBLIC_POSTHOG_HOST_URL: process.env.NEXT_PUBLIC_POSTHOG_HOST_URL,
+  NEXT_PUBLIC_CB_ENVIRONMENT: stripEnvQuotes(process.env.NEXT_PUBLIC_CB_ENVIRONMENT),
+  NEXT_PUBLIC_CODEBUFF_APP_URL: stripEnvQuotes(process.env.NEXT_PUBLIC_CODEBUFF_APP_URL),
+  NEXT_PUBLIC_SUPPORT_EMAIL: stripEnvQuotes(process.env.NEXT_PUBLIC_SUPPORT_EMAIL),
+  NEXT_PUBLIC_POSTHOG_API_KEY: stripEnvQuotes(process.env.NEXT_PUBLIC_POSTHOG_API_KEY),
+  NEXT_PUBLIC_POSTHOG_HOST_URL: stripEnvQuotes(process.env.NEXT_PUBLIC_POSTHOG_HOST_URL),
   NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY:
-    process.env.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY,
+    stripEnvQuotes(process.env.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY),
   NEXT_PUBLIC_STRIPE_CUSTOMER_PORTAL:
-    process.env.NEXT_PUBLIC_STRIPE_CUSTOMER_PORTAL,
+    stripEnvQuotes(process.env.NEXT_PUBLIC_STRIPE_CUSTOMER_PORTAL),
   NEXT_PUBLIC_GOOGLE_SITE_VERIFICATION_ID:
-    process.env.NEXT_PUBLIC_GOOGLE_SITE_VERIFICATION_ID,
-  NEXT_PUBLIC_WEB_PORT: process.env.NEXT_PUBLIC_WEB_PORT,
+    stripEnvQuotes(process.env.NEXT_PUBLIC_GOOGLE_SITE_VERIFICATION_ID),
+  NEXT_PUBLIC_WEB_PORT: stripEnvQuotes(process.env.NEXT_PUBLIC_WEB_PORT),
 }

sdk/test/setup-env.ts

@@ -33,6 +33,30 @@ const serverDefaults: Record<string, string> = {
   DISCORD_APPLICATION_ID: 'test',
 }
 
+/**
+ * Strip wrapping single or double quotes from env var values.
+ * Infisical export and some .env loaders may produce values like:
+ *   NEXT_PUBLIC_SUPPORT_EMAIL='support@codebuff.com'
+ * which sets the value to the literal string `'support@codebuff.com'`
+ * (with quotes), causing Zod format validators (z.email(), z.url()) to fail.
+ */
+function stripEnvQuotes(defaults: Record<string, string>) {
+  for (const key of Object.keys(defaults)) {
+    const value = process.env[key]
+    if (
+      value &&
+      value.length >= 2 &&
+      ((value.startsWith("'") && value.endsWith("'")) ||
+        (value.startsWith('"') && value.endsWith('"')))
+    ) {
+      process.env[key] = value.slice(1, -1)
+    }
+  }
+}
+
+stripEnvQuotes(testDefaults)
+stripEnvQuotes(serverDefaults)
+
 for (const [key, value] of Object.entries(testDefaults)) {
   if (!process.env[key]) {
     process.env[key] = value