Security: production-secret guard in createEpAuth + example hard-fail (#279 HIGH-2)

## Parent PRD

#279

## What to build

Stop both the package factory and the example app from silently falling back to a hardcoded JWE / HMAC secret when `CHECKOUT_SESSION_SECRET` is unset in production. Throw at factory construction when `NODE_ENV === "production"` and the secret is missing or matches a known dev sentinel. Update the example to use `process.env.CHECKOUT_SESSION_SECRET!` with no string fallback. See PRD §HIGH-2.

## Acceptance criteria

- [ ] `createEpAuth` throws in production when secret is missing
- [ ] `createEpAuth` throws in production when secret matches the dev sentinels currently shipped
- [ ] `createEpAuth` accepts dev sentinels in non-production with a clear console warning
- [ ] Example template (`examples/ep-commerce-app-router/lib/ep-auth.ts`) has no string fallback
- [ ] Tests cover the three branches (prod-missing, prod-sentinel, dev-sentinel)
- [ ] Required secret length documented (32 chars JWE, 16 chars HMAC)

## Blocked by

None — can start immediately.

## User stories addressed

- User story 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: production-secret guard in createEpAuth + example hard-fail (#279 HIGH-2) #281

Parent PRD

What to build

Acceptance criteria

Blocked by

User stories addressed

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: production-secret guard in createEpAuth + example hard-fail (#279 HIGH-2) #281

Description

Parent PRD

What to build

Acceptance criteria

Blocked by

User stories addressed

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions