/**
 * Client-side Supabase configuration with enhanced security
 * 
 * IMPORTANT: This module does NOT export a singleton instance.
 * Always use createClient() to get a fresh client instance.
 * This prevents stale auth credentials on shared devices.
 */

import { createBrowserClient } from '@supabase/ssr'
import type { SupabaseClient } from '@supabase/supabase-js'

const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!

/**
 * Creates a Supabase client for use in browser/Client Components.
 * Uses @supabase/ssr to properly sync cookies with the server.
 * 
 * IMPORTANT: This function does NOT export a singleton instance.
 * Always call createClient() to get a fresh client instance.
 * This prevents stale auth credentials on shared devices.
 * 
 * @returns Fresh Supabase client instance for browser use
 * 
 * @example
 * const supabase = createClient();
 * const { data, error } = await supabase.from('users').select('*');
 */
export function createClient(): SupabaseClient {
  return createBrowserClient(supabaseUrl, supabaseAnonKey)
}