ci: remove dummy Clerk key; tighten AuthProvider guard

frontend/src/components/providers/AuthProvider.tsx

@@ -8,7 +8,15 @@ function isLikelyValidClerkPublishableKey(key: string | undefined): key is strin
   // Clerk publishable keys look like: pk_test_... or pk_live_...
   // In CI we want builds to stay secretless; if the key isn't present/valid,
   // we skip Clerk entirely so `next build` can prerender.
-  return /^pk_(test|live)_[A-Za-z0-9]+$/.test(key);
+  //
+  // Note: Clerk appears to validate key *contents*, not just shape. We therefore
+  // use a conservative heuristic to avoid treating obvious placeholders as valid.
+  const m = /^pk_(test|live)_([A-Za-z0-9]+)$/.exec(key);
+  if (!m) return false;
+  const body = m[2];
+  if (body.length < 16) return false;
+  if (/^0+$/.test(body)) return false;
+  return true;
 }
 
 export function AuthProvider({ children }: { children: ReactNode }) {