AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Firebase Auth Readiness

MUPZAOS auth boundary without secrets in Git

Firebase is prepared as a redacted env contract for owner/admin cloud auth while POS, waiter, kitchen, printer bridge and manager approval flows keep their LAN/offline fallback.

ReadinessEnv contracts: 7Configured: 0Missing: 7Auth runtime ready: false
Env values redactedtrue
Service account out of Gittrue
MUPZAAİ read-onlytrue
MUPZAAİ secrets unusedtrue
External auth mutation disabledtrue
POS LAN unaffectedtrue
Manager approval unaffectedtrue
Waiter/kitchen LAN unaffectedtrue

Env contract

NEXT_PUBLIC_FIREBASE_API_KEYMissing
Scope: client_publicGit allowed: trueAWS secret only: false

Firebase client app initialization for owner/admin auth

NEXT_PUBLIC_FIREBASE_AUTH_DOMAINMissing
Scope: client_publicGit allowed: trueAWS secret only: false

Firebase browser auth redirect/session domain

NEXT_PUBLIC_FIREBASE_PROJECT_IDMissing
Scope: client_publicGit allowed: trueAWS secret only: false

Firebase project routing

NEXT_PUBLIC_FIREBASE_APP_IDMissing
Scope: client_publicGit allowed: trueAWS secret only: false

Firebase client app identity

FIREBASE_SERVICE_ACCOUNT_BASE64Missing
Scope: server_secretGit allowed: falseAWS secret only: true

AWS/GitHub secret store option for Firebase Admin service account

FIREBASE_SERVICE_ACCOUNT_JSONMissing
Scope: server_secretGit allowed: falseAWS secret only: true

AWS/GitHub secret store option for Firebase Admin JSON

FIREBASE_SERVICE_ACCOUNT_PATHMissing
Scope: server_pathGit allowed: falseAWS secret only: true

Server-only file path option outside Git workspace

Role boundary

ownerFirebase Auth online session

Owner cloud login can wait; POS LAN workflow keeps local manager PIN fallback.

adminFirebase Auth online session

Admin cloud session is not required for kitchen, printer bridge or waiter LAN continuity.

managerFirebase session plus local approval code

Manager approval queue works offline through Local Hub and syncs later.

cashierLocal POS profile with optional Firebase staff identity

Cashier workflow stays LAN/offline and never depends on Firebase availability.

waiterLocal waiter app session with optional Firebase staff identity

Waiter app can keep LAN mode and pre-check printing without Firebase.

kitchenKitchen desktop device trust with optional Firebase staff identity

Kitchen desktop and printers keep Local Hub/LAN ticket flow.