DHCross · google-labs-jules · Dec 8, 2025
diff --git a/app/api/raven/route.ts b/app/api/raven/route.ts
@@ -1193,6 +1193,14 @@ Now deliver this reading in your authentic Raven Calder voice. Speak as if they'
       const errMsg = err?.message || String(err);
       console.error('[Raven Auth] Token verification failed:', errMsg);
       // Surface specific JWT errors for debugging
+      if (errMsg.includes('Missing AUTH0_DOMAIN')) {
+        return NextResponse.json({
+          ok: false,
+          error: 'Configuration Error',
+          detail: 'Server is missing AUTH0_DOMAIN environment variable.',
+          hint: 'Please configure AUTH0_DOMAIN in your environment settings.'
+        }, { status: 500 });
+      }
       if (errMsg.includes('jwt audience invalid')) {
         return NextResponse.json({ 
           ok: false, 

diff --git a/lib/auth/jwt.ts b/lib/auth/jwt.ts
@@ -6,10 +6,11 @@ import jwksClient from 'jwks-rsa';
 const IS_DEV = process.env.NODE_ENV === 'development';
 const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN;
 const IS_DUMMY_CONFIG = AUTH0_DOMAIN === 'dummy.auth0.com';
-const SKIP_AUTH = IS_DEV && (!AUTH0_DOMAIN || IS_DUMMY_CONFIG);
+const MB_MOCK = process.env.MB_MOCK === 'true' || process.env.MB_MOCK === '1';
+const SKIP_AUTH = (IS_DEV && (!AUTH0_DOMAIN || IS_DUMMY_CONFIG)) || MB_MOCK;
 
 if (SKIP_AUTH) {
-  console.warn('[WARN] Auth0 configuration missing or dummy in development. Authentication will be bypassed.');
+  console.warn('[WARN] Auth0 configuration missing or dummy in development (or MB_MOCK active). Authentication will be bypassed.');
 }
 
 const client = SKIP_AUTH
@@ -53,6 +54,13 @@ export async function verifyToken(token: string) {
     return Promise.resolve(getMockUser());
   }
 
+  // Guard against missing config in non-dev environments
+  if (!process.env.AUTH0_DOMAIN) {
+     const msg = 'Missing AUTH0_DOMAIN in environment variables';
+     console.error(`[Auth] ${msg}`);
+     return Promise.reject(new Error(msg));
+  }
+
   return new Promise<any>((resolve, reject) => {
     jwt.verify(token, getKey as any, jwtVerifyOptions, (err, decoded) => {
       if (err) {

diff --git a/lib/raven-formatting.ts b/lib/raven-formatting.ts
@@ -63,6 +63,9 @@ export const formatFriendlyErrorMessage = (rawMessage: string, httpStatus?: numb
       if (r.includes('issuer mismatch') || r.includes('jwt issuer')) {
         return "Authentication error: Token issuer mismatch. Check that AUTH0_DOMAIN is configured correctly.";
       }
+      if (r.includes('missing auth0_domain')) {
+        return "Configuration Error: The server is missing the AUTH0_DOMAIN environment variable. Please ask the project owner to configure it.";
+      }
       if (/missing|invalid token|invalid token/i.test(r) || status === 401) {
         // Use hint if provided (skip redundant "sign out" instructions since we add our own)
         if (hint && !/sign.?out/i.test(hint)) {