feat: add PGFLOW_AUTH_SECRET support for worker authentication

[jumski]

Add PGFLOW_AUTH_SECRET support for worker authentication

This PR adds support for a dedicated PGFLOW_AUTH_SECRET to authenticate worker function calls, addressing JWT format mismatches between vault secrets and Edge Functions.

Changes:

• Added pgflow_auth_secret support in the ensure_workers() function with fallback to supabase_service_role_key
• Updated Edge Worker authentication to check for PGFLOW_AUTH_SECRET before falling back to SUPABASE_SERVICE_ROLE_KEY
• Added comprehensive unit tests for the new authentication flow
• Updated documentation with clear instructions for configuring secrets in both vault and Edge Functions
• Added troubleshooting guidance for authentication issues

This change is backward compatible with existing deployments using supabase_service_role_key, while providing a more reliable authentication method for new deployments.

Solves #603

[changeset-bot]

🦋 Changeset detected

Latest commit: ebd44ba

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages

Name	Type
@pgflow/core	Patch
@pgflow/edge-worker	Patch
pgflow	Patch
@pgflow/client	Patch
@pgflow/dsl	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[jumski]

• feat: add PGFLOW_AUTH_SECRET support for worker authentication #604 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit ebd44ba

Command	Status	Duration	Result
nx run edge-worker:test:integration	✅ Succeeded	3m 50s	View ↗
nx affected -t verify-exports --base=origin/mai...	✅ Succeeded	3s	View ↗
nx run edge-worker:e2e	✅ Succeeded	49s	View ↗
nx affected -t build --configuration=production...	✅ Succeeded	3s	View ↗
nx affected -t lint typecheck test --parallel -...	✅ Succeeded	1m 43s	View ↗
nx run cli:e2e	✅ Succeeded	4s	View ↗
nx run client:e2e	✅ Succeeded	1m 9s	View ↗
nx run core:pgtap	✅ Succeeded	<1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-03 09:12:30 UTC

[github-actions]

🔍 Preview Deployment: Website

✅ Deployment successful!

🔗 Preview URL: https://pr-604.pgflow.pages.dev

📝 Details:

• Branch: 01-07-introduce_pgflow_auth_secret_key
• Commit: e42a7e3cd0c737bdcbd8b49e709319422f967108
• View Logs

_Last updated: _

[jumski]

Merge activity

• Feb 3, 9:15 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Feb 3, 9:15 AM UTC: @jumski merged this pull request with Graphite.

[github-actions]

🚀 Production Deployment: Website

✅ Successfully deployed to production!

🔗 Production URL: https://pgflow.dev

📝 Details:

• Commit: 4391432a18df0b7157bedbfcd722ad25ed411702
• View Logs

Deployed at: 2026-02-03T10:15:42+01:00