-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
96 lines (82 loc) · 5.02 KB
/
Copy path.env.example
File metadata and controls
96 lines (82 loc) · 5.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# =============================================================================
# Aushang — environment variables (TEMPLATE)
# =============================================================================
# Copy this file to `.env.local` and fill in real values. `.env.local` is
# gitignored and MUST NEVER be committed.
#
# SECURITY CONTRACT:
# - Only variables prefixed with NEXT_PUBLIC_ are exposed to the browser
# bundle. EVERYTHING ELSE is server-only.
# - Never prefix a secret with NEXT_PUBLIC_. The CI guard (scripts/check-no-
# client-secrets) greps the build output to enforce this.
# - SUPABASE_SERVICE_ROLE_KEY bypasses RLS — it is the master key. It is used
# ONLY in server code (route handlers / server actions), NEVER in a client
# component, NEVER prefixed NEXT_PUBLIC_.
# =============================================================================
# -----------------------------------------------------------------------------
# Public — safe to ship to the browser
# -----------------------------------------------------------------------------
# Supabase project URL (EU region: Ireland or Frankfurt). Public by design.
NEXT_PUBLIC_SUPABASE_URL="https://YOUR-PROJECT-ref.supabase.co"
# Supabase anon/publishable key. Public by design; RLS is what protects data.
NEXT_PUBLIC_SUPABASE_ANON_KEY="eyJ...your-anon-key..."
# Canonical site origin (scheme + host, no trailing slash). Used for magic-link
# redirect allowlisting and canonical URLs. In prod: https://aushang.app
NEXT_PUBLIC_SITE_URL="http://localhost:3000"
# -----------------------------------------------------------------------------
# Server-only secrets — NEVER exposed to the client
# -----------------------------------------------------------------------------
# Supabase service-role key. BYPASSES RLS. Server-only. Used exclusively by
# security-definer-style server flows (org creation, invite redemption, join
# approval). Treat as a root credential.
SUPABASE_SERVICE_ROLE_KEY="eyJ...your-service-role-key..."
# -----------------------------------------------------------------------------
# Operator bootstrap (server-side)
# -----------------------------------------------------------------------------
# Comma-separated allowlist of operator emails that are auto-elevated to the
# `superadmin` role on first login. This is the bootstrap path — there is no one
# above the operator to grant the role. Keep this list tiny; a listed email
# becomes a CROSS-ORG operator. Case-insensitive.
# e.g. SUPERADMIN_EMAILS="you@example.com,ops@example.com"
SUPERADMIN_EMAILS=""
# --- Resend (app-owned email: QR verification now, digests later) -----------
# API key from resend.com. When unset, app emails no-op (logged), nothing sends.
# Magic LOGIN links are sent by Supabase — point Supabase SMTP at Resend (see
# README "Email"); they do NOT use this key.
RESEND_API_KEY=""
# "From" address on a Resend-verified domain, e.g. "Aushang <hallo@aushang.app>".
# If unset, falls back to Resend's test sender (only delivers to the account owner).
EMAIL_FROM=""
# =============================================================================
# The variables below are NOT used yet. Documented so the contract is visible.
# =============================================================================
# --- VPS OCR/redaction worker (Phase 2) -------------------------------------
# Base URL of the deployed worker, e.g. https://worker.aushang.app. When unset,
# captured photos upload + create a post but stay 'processing' (no worker to run).
WORKER_URL=""
# Shared secret authenticating app <-> worker BOTH directions (app triggers
# /process; worker calls /api/worker/callback). Must match the worker's
# WORKER_SHARED_SECRET. Generate a long random string.
WORKER_SHARED_SECRET=""
# --- LLM extraction (the WORKER uses this, not the web app) ------------------
# Multi-provider. Set on the WORKER (not the web app). The worker sends only
# REDACTED text to the LLM (no raw images / no raw PII). Pick one provider:
# LLM_PROVIDER = anthropic | mistral | openai | gemini (default: anthropic)
# and set the matching key. Mistral (La Plateforme) is EU-hosted — the
# GDPR-residency choice; Anthropic/OpenAI are US; Gemini is Google.
# LLM_PROVIDER="mistral"
# ANTHROPIC_API_KEY="" # if LLM_PROVIDER=anthropic
# MISTRAL_API_KEY="" # if LLM_PROVIDER=mistral
# OPENAI_API_KEY="" # if LLM_PROVIDER=openai
# GEMINI_API_KEY="" # if LLM_PROVIDER=gemini
# (Or a generic LLM_API_KEY as a fallback for whichever provider is selected.)
# --- Web Push (VAPID) --------------------------------------------------------
# Generate with: node -e "console.log(require('web-push').generateVAPIDKeys())"
# The PUBLIC key is exposed to the browser (needed to subscribe); the PRIVATE
# key is server-only. When unset, the push opt-in is hidden and no pushes send.
NEXT_PUBLIC_VAPID_PUBLIC_KEY=""
VAPID_PRIVATE_KEY=""
VAPID_SUBJECT="mailto:hallo@aushang.app"
# --- Web Push (VAPID) --------------------------------------------------------
# NEXT_PUBLIC_VAPID_PUBLIC_KEY=""
# VAPID_PRIVATE_KEY=""