fix(admin): stop leaking entire process.env into client bundle

[rohilsurana]

Summary

• The admin vite config had "process.env": process.env in the define block, which injects every environment variable from the build machine into the production JS bundle
• Verified by setting a canary env var (SECURITY_TEST_SECRET), building, and finding it in the output JS alongside VAULT_ADDR, GOPRIVATE, SHELL, TMPDIR, etc.
• Replaced with an explicit allowlist containing only NEXT_PUBLIC_FRONTIER_CONNECT_URL (the single env var the app actually uses)

Test plan

• Build admin app with SECURITY_TEST_SECRET=canary — canary NOT present in output bundle
• frontier-connect fallback URL still present in bundle
• No other env vars leaked (VAULT_ADDR, GOPRIVATE, SHELL etc. all absent)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	Apr 30, 2026 9:36am

[coderabbitai]

Warning

Rate limit exceeded

@rohilsurana has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 26 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c6a7ef20-ad2e-45fd-910e-3d1265f4c03a

📥 Commits

Reviewing files that changed from the base of the PR and between cfce034 and 624587b.

📒 Files selected for processing (1)

• web/apps/admin/vite.config.ts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 58 minutes and 26 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coveralls]

Coverage Report for CI Build 25158296339

Coverage remained the same at 41.963%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	37254
Covered Lines:	15633
Line Coverage:	41.96%
Coverage Strength:	11.88 hits per line

---

💛 - Coveralls