Problem
`app/app.py::create_app` falls back to a hardcoded `dev-insecure-secret-key-change-me` when `SECRET_KEY` is unset. Compose enforces it via `${SECRET_KEY:?}`, but bare `uv run gunicorn` or `python -m flask` silently uses the weak default.
Proposal
- Add an `ENVIRONMENT` env var (`development` | `production`; default `production`).
- In `production`, raise at app-boot if `SECRET_KEY` is missing or equals the dev fallback.
- Log a warning in `development` when the fallback is used.
- README updated to document the new variable.
Acceptance
- Starting the app with `ENVIRONMENT=production` and no `SECRET_KEY` fails fast with a clear error.
- Existing tests still pass (they already set `SECRET_KEY=test-secret`).
Problem
`app/app.py::create_app` falls back to a hardcoded `dev-insecure-secret-key-change-me` when `SECRET_KEY` is unset. Compose enforces it via `${SECRET_KEY:?}`, but bare `uv run gunicorn` or `python -m flask` silently uses the weak default.
Proposal
Acceptance