website refactor

apps/website/eslint-rules/no-direct-process-env.js

@@ -0,0 +1,56 @@
+/**
+ * @file no-direct-process-env.js
+ * Enforce centralized env/config access.
+ *
+ * Prefer:
+ * - getWebsiteServerEnv()/getWebsitePublicEnv() from '@/lib/config/env'
+ * - getWebsiteApiBaseUrl() from '@/lib/config/apiBaseUrl'
+ */
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      description: 'Forbid direct process.env reads outside of config modules',
+      category: 'Configuration',
+      recommended: true,
+    },
+    schema: [],
+    messages: {
+      noProcessEnv:
+        'Do not read process.env directly here. Use `getWebsiteServerEnv()` / `getWebsitePublicEnv()` (apps/website/lib/config/env.ts) or a dedicated config helper (e.g. getWebsiteApiBaseUrl()).',
+    },
+  },
+
+  create(context) {
+    const filename = context.getFilename();
+
+    // Allow env reads in config layer and low-level infrastructure that must branch by env.
+    if (
+      filename.includes('/lib/config/') ||
+      filename.includes('/lib/infrastructure/logging/') ||
+      filename.includes('/eslint-rules/')
+    ) {
+      return {};
+    }
+
+    return {
+      MemberExpression(node) {
+        // process.env.X
+        if (
+          node.object &&
+          node.object.type === 'MemberExpression' &&
+          node.object.object &&
+          node.object.object.type === 'Identifier' &&
+          node.object.object.name === 'process' &&
+          node.object.property &&
+          node.object.property.type === 'Identifier' &&
+          node.object.property.name === 'env'
+        ) {
+          context.report({ node, messageId: 'noProcessEnv' });
+        }
+      },
+    };
+  },
+};
+