fix(auth): remove APP_ENV degradation, keep error logging only

Remove the APP_ENV-based graceful degradation for email send failures
— it's risky if users forget to set APP_ENV=production. Instead, always
return 500 on email failure (safe for production) and rely on the error
log (slog.Error) with the actual Resend error for debugging.

Self-hosters who don't need real emails should leave RESEND_API_KEY empty
(codes print to stdout, master code 888888 works).

.env.example

@@ -22,6 +22,8 @@ MULTICA_CODEX_WORKDIR=
 MULTICA_CODEX_TIMEOUT=20m
 
 # Email (Resend)
+# For local/dev use, leave RESEND_API_KEY empty — codes print to stdout, and master code 888888 works.
+# For production, set your Resend API key and change RESEND_FROM_EMAIL to a domain verified in your Resend account.
 RESEND_API_KEY=
 RESEND_FROM_EMAIL=noreply@multica.ai
 

.goreleaser.yml

@@ -11,7 +11,6 @@ builds:
       - -s -w
       - -X main.version={{.Version}}
       - -X main.commit={{.ShortCommit}}
-      - -X main.date={{.Date}}
     env:
       - CGO_ENABLED=0
     goos:

Makefile

@@ -190,11 +190,10 @@ multica:
 
 VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo dev)
 COMMIT  ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown)
-DATE    ?= $(shell date -u '+%Y-%m-%dT%H:%M:%SZ')
 
 build:
 	cd server && go build -o bin/server ./cmd/server
-	cd server && go build -ldflags "-X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(DATE)" -o bin/multica ./cmd/multica
+	cd server && go build -ldflags "-X main.version=$(VERSION) -X main.commit=$(COMMIT)" -o bin/multica ./cmd/multica
 	cd server && go build -o bin/migrate ./cmd/migrate
 
 test:

server/cmd/multica/cmd_update.go

@@ -17,7 +17,7 @@ var updateCmd = &cobra.Command{
 }
 
 func runUpdate(_ *cobra.Command, _ []string) error {
-	fmt.Fprintf(os.Stderr, "Current version: %s (commit: %s, built: %s)\n", version, commit, date)
+	fmt.Fprintf(os.Stderr, "Current version: %s (commit: %s)\n", version, commit)
 
 	// Check latest version from GitHub.
 	latest, err := cli.FetchLatestRelease()

server/cmd/multica/cmd_version.go

@@ -1,42 +1,15 @@
 package main
 
 import (
-	"encoding/json"
 	"fmt"
-	"os"
-	"runtime"
 
 	"github.com/spf13/cobra"
 )
 
-func init() {
-	versionCmd.Flags().String("output", "text", "Output format: text or json")
-}
-
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print version information",
-	RunE:  runVersion,
-}
-
-func runVersion(cmd *cobra.Command, _ []string) error {
-	output, _ := cmd.Flags().GetString("output")
-
-	if output == "json" {
-		info := map[string]string{
-			"version":   version,
-			"commit":    commit,
-			"date":      date,
-			"go":        runtime.Version(),
-			"os":        runtime.GOOS,
-			"arch":      runtime.GOARCH,
-		}
-		enc := json.NewEncoder(os.Stdout)
-		enc.SetIndent("", "  ")
-		return enc.Encode(info)
-	}
-
-	fmt.Printf("multica %s (commit: %s, built: %s)\n", version, commit, date)
-	fmt.Printf("go: %s, os/arch: %s/%s\n", runtime.Version(), runtime.GOOS, runtime.GOARCH)
-	return nil
+	Run: func(_ *cobra.Command, _ []string) {
+		fmt.Printf("multica %s (commit: %s)\n", version, commit)
+	},
 }

server/cmd/multica/main.go

@@ -10,7 +10,6 @@ import (
 var (
 	version = "dev"
 	commit  = "unknown"
-	date    = "unknown"
 )
 
 var rootCmd = &cobra.Command{

server/internal/handler/auth.go

@@ -241,6 +241,7 @@ func (h *Handler) SendCode(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err := h.EmailService.SendVerificationCode(email, code); err != nil {
+		slog.Error("failed to send verification code", "email", email, "error", err)
 		writeError(w, http.StatusInternalServerError, "failed to send verification code")
 		return
 	}