fix: use bun --cwd to preserve environment variables in convex deploy

[leoisadev8]

Summary

• Changed cd ../web && bun run build to bun --cwd ../web run build in Convex deploy command

Problem

Preview deployments failing with:

Error: NEXT_PUBLIC_CONVEX_URL is not configured

Even though we added --cmd-url-env-var-name NEXT_PUBLIC_CONVEX_URL, the environment variable wasn't reaching the Next.js build process.

Root Cause

When using cd within convex deploy --cmd '...', a new subshell is created and environment variables don't properly propagate. This is a known issue in monorepo setups.

Solution

Use bun --cwd ../web run build instead of cd ../web && bun run build. The --cwd flag changes the working directory while keeping the command in the same shell, preserving all environment variables set by Convex.

References

• Convex Monorepo Discussion
• Turborepo Convex Example

Test plan

• Build succeeds on preview deployment
• NEXT_PUBLIC_CONVEX_URL is available during build
• App loads without configuration errors
• Test user seeding works

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
openchat-web	Canceled		Comment	Nov 9, 2025 10:55pm

[greptile-apps]

Greptile Overview

Greptile Summary

Fixed preview deployment failures by changing how the working directory is set during the Convex deployment build process. The issue was that using cd ../web && bun run build within the convex deploy --cmd spawns a subshell where environment variables (specifically NEXT_PUBLIC_CONVEX_URL) don't properly propagate to the Next.js build process. The solution uses bun --cwd ../web run build instead, which changes the working directory while keeping execution in the same shell, preserving all environment variables set by Convex.

• Replaced cd ../web && bun run build with bun --cwd ../web run build in both preview and production deployment commands
• Ensures NEXT_PUBLIC_CONVEX_URL (set via --cmd-url-env-var-name) reaches the Next.js build
• Fixes "Error: NEXT_PUBLIC_CONVEX_URL is not configured" on preview deployments
• Aligns with Turborepo Convex monorepo example best practices

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it's a well-documented fix for a known monorepo deployment issue
• The change is minimal, well-researched, and addresses a specific, documented issue. The bun --cwd flag is the standard approach for preserving environment variables when changing directories (confirmed via bun help). The fix applies to both preview and production deployment paths consistently. References to Convex Discord discussion and Turborepo example validate the approach. No logic changes or new dependencies introduced.
• No files require special attention - the single-line change is straightforward and properly addresses the root cause

Important Files Changed

File Analysis

Filename	Score	Overview
apps/server/package.json	5/5	Changed cd ../web && bun run build to bun --cwd ../web run build to preserve environment variables during Convex deployment

Sequence Diagram

sequenceDiagram
    participant CI as CI/CD (Vercel)
    participant ConvexDeploy as convex deploy
    participant Shell as Shell Process
    participant NextBuild as Next.js Build
    participant ConvexPreview as Convex previewSeed

    Note over CI: NEXT_PUBLIC_DEPLOYMENT=preview
    CI->>ConvexDeploy: Run build script
    ConvexDeploy->>ConvexDeploy: Set NEXT_PUBLIC_CONVEX_URL
    
    alt Using cd (Old - Broken)
        ConvexDeploy->>Shell: Spawn subshell with 'cd ../web && bun run build'
        Note over Shell: Environment variables lost in subshell
        Shell->>NextBuild: Execute build (missing NEXT_PUBLIC_CONVEX_URL)
        NextBuild-->>Shell: Error: NEXT_PUBLIC_CONVEX_URL not configured
    end
    
    alt Using --cwd (New - Fixed)
        ConvexDeploy->>Shell: Execute 'bun --cwd ../web run build' in same shell
        Note over Shell: Environment variables preserved
        Shell->>NextBuild: Execute build (with NEXT_PUBLIC_CONVEX_URL)
        NextBuild-->>Shell: Build successful
    end
    
    Shell-->>ConvexDeploy: Build complete
    ConvexDeploy->>ConvexPreview: Run --preview-run previewSeed
    ConvexPreview->>ConvexPreview: Create test user ([email protected])
    ConvexPreview-->>ConvexDeploy: Seed complete
    ConvexDeploy-->>CI: Deployment successful

Loading

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[sonarqubecloud]

Quality Gate failed

Failed conditions
4.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

To fix this issue, add an explicit permissions block with the correct minimal privileges. In this case, examining the workflow shows no steps require any write privileges or special tokens; they just check out code and run scripts. Thus, the least privilege needed is for reading contents. Place the permissions: contents: read block at the job level directly under prod-canary: (recommended unless you want it at workflow root, but job-level is more targeted given this warning). No other changes, imports, or definitions are needed.

---

To prevent information exposure through error messages (and potential stack traces), the code should return only generic error messages to users, regardless of the environment. Instead of including the full error message in the HTTP response in development, the error message should be logged server-side with sufficient detail (the stack trace if available), but the response should remain generic for all users. The fix involves modifying the error-handling block (lines 385–404):

• Always set responseMessage to a generic string, e.g., "Server configuration error", "Missing apiKey", or "Missing modelId", as appropriate, on all environment modes.
• Remove the code path that sets responseMessage = messageText in non-production mode.
• Ensure detailed errors (message and/or stack) are logged server-side for debugging (using logError).
• No change is needed elsewhere; imports and existing upstream logging cover the requirement.

---