test: add env and database vitest coverage

[sypham98-prog]

/claim #54

Summary

• add Vitest test scripts and minimal configs for @cap/env and @cap/database
• cover buildEnv public URL fallback/caching and serverEnv S3 endpoint/default boolean parsing
• cover database password hashing verification success, wrong-password rejection, and empty input rejection
• isolate boolean-default tests from ambient S3_PATH_STYLE / CAP_VIDEOS_DEFAULT_PUBLIC env vars after Greptile feedback

Verification

• corepack pnpm --filter @cap/env test
• corepack pnpm --filter @cap/database test
• corepack pnpm exec biome check packages/database/crypto.test.ts packages/database/vitest.config.ts packages/database/package.json packages/env/package.json packages/env/build.test.ts packages/env/server.test.ts packages/env/vitest.config.ts

AI-assisted with Codex; diff reviewed and verified before submission.

[greptile-apps]

The "parses boolean string defaults" test is brittle because it checks that S3_PATH_STYLE and CAP_VIDEOS_DEFAULT_PUBLIC take their schema-level defaults (true), yet setRequiredServerEnv() never unsets those variables. originalEnv is captured at module-load time, so if the developer's or CI environment already has either var set (e.g. S3_PATH_STYLE=false), ...process.env in experimental__runtimeEnv will propagate that value and override the Zod default, causing the test to fail with no obvious cause.

Suggested change

	function setRequiredServerEnv() {
	process.env.DATABASE_URL = "mysql://user:password@localhost:3306/cap";
	process.env.WEB_URL = "https://cap.example";
	process.env.NEXTAUTH_SECRET = "test-secret";
	process.env.NEXTAUTH_URL = "https://cap.example";
	process.env.CAP_AWS_BUCKET = "cap-test-bucket";
	process.env.CAP_AWS_REGION = "us-east-1";
	process.env.NODE_ENV = "test";
	}
	function setRequiredServerEnv() {
	process.env.DATABASE_URL = "mysql://user:password@localhost:3306/cap";
	process.env.WEB_URL = "https://cap.example";
	process.env.NEXTAUTH_SECRET = "test-secret";
	process.env.NEXTAUTH_URL = "https://cap.example";
	process.env.CAP_AWS_BUCKET = "cap-test-bucket";
	process.env.CAP_AWS_REGION = "us-east-1";
	process.env.NODE_ENV = "test";
	delete process.env.S3_PATH_STYLE;
	delete process.env.CAP_VIDEOS_DEFAULT_PUBLIC;
	}

Prompt To Fix With AI

This is a comment left during a code review.
Path: packages/env/server.test.ts
Line: 12-20

Comment:
The "parses boolean string defaults" test is brittle because it checks that `S3_PATH_STYLE` and `CAP_VIDEOS_DEFAULT_PUBLIC` take their schema-level defaults (`true`), yet `setRequiredServerEnv()` never unsets those variables. `originalEnv` is captured at module-load time, so if the developer's or CI environment already has either var set (e.g. `S3_PATH_STYLE=false`), `...process.env` in `experimental__runtimeEnv` will propagate that value and override the Zod default, causing the test to fail with no obvious cause.

```suggestion
function setRequiredServerEnv() {
	process.env.DATABASE_URL = "mysql://user:password@localhost:3306/cap";
	process.env.WEB_URL = "https://cap.example";
	process.env.NEXTAUTH_SECRET = "test-secret";
	process.env.NEXTAUTH_URL = "https://cap.example";
	process.env.CAP_AWS_BUCKET = "cap-test-bucket";
	process.env.CAP_AWS_REGION = "us-east-1";
	process.env.NODE_ENV = "test";
	delete process.env.S3_PATH_STYLE;
	delete process.env.CAP_VIDEOS_DEFAULT_PUBLIC;
}
```

How can I resolve this? If you propose a fix, please make it concise.

[sypham98-prog]

Fixed in f8c9fcc. setRequiredServerEnv now deletes S3_PATH_STYLE and CAP_VIDEOS_DEFAULT_PUBLIC before importing serverEnv, so the boolean default assertions are isolated from any ambient developer or CI environment. Verification passed: corepack pnpm --filter @cap/env test; corepack pnpm --filter @cap/database test; corepack pnpm exec biome check on the touched test config and package files.

[sypham98-prog]

Small note on the Socket dependency table: the low-score packages shown there (for example @react-email/*, @radix-ui/*, @rive-app/*, and @remotion/*) are pre-existing workspace dependencies already present on main; this PR does not add or upgrade them. The package/lockfile diff only adds vitest ~2.1.9 for the new @cap/env and @cap/database tests. Socket PR alerts are passing on the current head.