fix(stripe): correct Stripe secret key environment variable typo

[Yuankai619]

What does this PR do?

This pull request resolves a spelling discrepancy in the Stripe secret key environment variable by updating both lib/stripe.ts and app/api/checkout/payment/route.ts to utilize the correct Stripe_CHANNEL_SECRET environment variable (spelled with two 'L's). For extra safety and backward compatibility, it falls back to the typo'd Stripe_CHANEL_SECRET (one 'L') if that is what's configured.

Why is this change needed?

Link the alert / incident that triggered the investigation:

• Incident: 0.o85rqsbrm37a
• Alert: Ticket flow error alert(dev)
• Triggered at: 2026-05-22T17:19:16.000Z
• Root cause: The Cloud Run service ticketflow had Stripe environment variables configured with the standard spelling (Stripe_CHANNEL_SECRET), but the code initialized Stripe using the typo'd Stripe_CHANEL_SECRET, resulting in an undefined API key passing to new Stripe(...) and throwing the runtime error: Neither apiKey nor config.authenticator provided.

How was this change tested?

• Existing tests pass: npm run lint (verified that no syntax or type errors were introduced in the changed files)
• Manual repro verified the fix locally: Verified that correcting the environment variable lookup allows Stripe initialization to succeed properly.

What should reviewers focus on?

Review the fallback logic process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET in lib/stripe.ts and app/api/checkout/payment/route.ts to ensure maximum robustness and zero disruption across environments.

Out of scope

Changing existing Cloud Run configuration, CI workflows, or other files. The focus remains exclusively on correcting the source code lookup for Stripe keys.

Generated by

🤖 Corvo Agent — investigation traced to commit 0760376 where Stripe client lazy initialization was refactored and locked in the spelling typo.

[gemini-code-assist]

Code Review

This pull request corrects a typo in the Stripe secret environment variable name while maintaining backward compatibility with the legacy name. Feedback suggests improving the robustness of the Stripe initialization by explicitly validating the secret key instead of using non-null assertions. Additionally, it is recommended to centralize the environment variable retrieval logic to eliminate code duplication between the API route and the Stripe library.

[gemini-code-assist]

While this change correctly addresses the typo and provides a fallback, the code still relies on a non-null assertion (!) on the following line. If neither environment variable is configured, the application will crash with a generic error from the Stripe library. It is better to explicitly validate the presence of the secret key and throw a descriptive error to improve observability and prevent runtime surprises, especially since this area was already identified as a source of production incidents.

Suggested change

	const stripeSecretKey = process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET;
	const stripeSecretKey = process.env.Stripe_CHANNEL_SECRET || process.env.Stripe_CHANEL_SECRET;
	if (!stripeSecretKey) {
	throw new Error('Stripe secret key is missing. Please set Stripe_CHANNEL_SECRET.');
	}

[gemini-code-assist]

The logic for retrieving the Stripe secret key (including the fallback for the legacy typo) is duplicated here and in lib/stripe.ts. This duplication increases the maintenance burden and the risk of future errors if the environment variable configuration changes again. Consider centralizing this lookup in lib/stripe.ts by exporting the key or a helper function to ensure consistency across the application.