SOROBAN_CONTRACT_ID in .env.example is blank. The README
marks Soroban contracts as done but the note reads
"stub — ready to wire." Every code path that calls the
Stellar contract is either gated behind a missing env
var check or silently skipping the call. This means
the blockchain audit trail — the core public
verifiability guarantee — has never been active in
any deployment.
The DATABASE_URL in .env.example also hardcodes a
specific Supabase project URL with a placeholder
password. Any contributor cloning the repo and
following the getting started guide hits a connection
error immediately because the URL points to a real
project they have no access to, not a generic
localhost example.
Scope:
- Deploy the contract stubs in the contracts/ directory
to Stellar testnet, record the contract ID, and add
it as the default value in .env.example with a
comment explaining how to redeploy
- Audit every service in backend/src/services/ that
references SOROBAN_CONTRACT_ID and confirm the
calls are made correctly when the var is present —
add a startup warning if it is missing so the
silence is explicit
- Replace the hardcoded Supabase DATABASE_URL in
.env.example with a localhost PostgreSQL URL matching
the docker-compose.yml setup so new contributors
can run the project without touching the env file
Acceptance Criteria:
SOROBAN_CONTRACT_ID in .env.example is blank. The README
marks Soroban contracts as done but the note reads
"stub — ready to wire." Every code path that calls the
Stellar contract is either gated behind a missing env
var check or silently skipping the call. This means
the blockchain audit trail — the core public
verifiability guarantee — has never been active in
any deployment.
The DATABASE_URL in .env.example also hardcodes a
specific Supabase project URL with a placeholder
password. Any contributor cloning the repo and
following the getting started guide hits a connection
error immediately because the URL points to a real
project they have no access to, not a generic
localhost example.
Scope:
to Stellar testnet, record the contract ID, and add
it as the default value in .env.example with a
comment explaining how to redeploy
references SOROBAN_CONTRACT_ID and confirm the
calls are made correctly when the var is present —
add a startup warning if it is missing so the
silence is explicit
.env.example with a localhost PostgreSQL URL matching
the docker-compose.yml setup so new contributors
can run the project without touching the env file
Acceptance Criteria:
value in .env.example
SOROBAN_CONTRACT_ID is not set
when the contract ID is present
localhost matching docker-compose.yml defaults