# ============================================================================ # Route Commerce — Environment variables # ============================================================================ # Copy to `.env.local` and fill in real values for local development. # Production: set these in your hosting dashboard (Vercel / Netlify / etc.). # ============================================================================ # ── App ───────────────────────────────────────────────────────────────────── NEXT_PUBLIC_BASE_URL=http://localhost:4000 NEXT_PUBLIC_SITE_URL=http://localhost:4000 # ── Database (Postgres, direct — Supabase is being removed) ──────────────── # Single connection string used by `pg.Pool` in src/lib/auth.ts and the # admin-permissions / data-service layer. Format: # postgresql://USER:PASS@HOST:PORT/DBNAME?sslmode=require DATABASE_URL=postgresql://postgres:postgres@localhost:5432/route_commerce # ── Auth.js (NextAuth v5) ─────────────────────────────────────────────────── # Generate with: npx auth secret # Or: openssl rand -base64 32 AUTH_SECRET=replace-me-with-a-32-byte-base64-string # Base URL used to build OAuth callback URLs. In dev: AUTH_URL=http://localhost:4000 # In production, set to https://yourdomain.com # Google OAuth provider. # 1. Go to https://console.cloud.google.com/apis/credentials # 2. Create an OAuth 2.0 Client ID (type: Web application) # 3. Add Authorized redirect URI: http://localhost:3000/api/auth/callback/google # 4. Copy client id + client secret below GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= # Auth.js also reads AUTH_GOOGLE_ID / AUTH_GOOGLE_SECRET if you prefer the # default NextAuth variable names. The code in src/auth.config.ts falls # back to those names if GOOGLE_CLIENT_ID is unset. # Set to "false" to disable the in-app dev credentials provider even in # development. Default: enabled in dev only. ALLOW_DEV_LOGIN=true # ── Supabase (legacy, being removed) ──────────────────────────────────────── # Still used by the existing admin pages, server actions, and the # `getAdminUser` flow. Once the auth migration is complete and the # @supabase/* packages are removed, these can go away. NEXT_PUBLIC_SUPABASE_URL= NEXT_PUBLIC_SUPABASE_ANON_KEY= SUPABASE_SERVICE_ROLE_KEY= # ── Stripe ───────────────────────────────────────────────────────────────── STRIPE_SECRET_KEY= STRIPE_WEBHOOK_SECRET= NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY= STRIPE_PRICE_STARTER= STRIPE_PRICE_FARM= STRIPE_PRICE_ENTERPRISE= STRIPE_PRICE_HARVEST_REACH= STRIPE_PRICE_WHOLESALE_PORTAL= STRIPE_PRICE_WATER_LOG= STRIPE_PRICE_AI_TOOLS= STRIPE_PRICE_SQUARE_SYNC= STRIPE_PRICE_SMS_CAMPAIGNS= # ── Resend (transactional email) ──────────────────────────────────────────── RESEND_API_KEY= RESEND_WEBHOOK_SECRET= # ── AI providers ──────────────────────────────────────────────────────────── OPENAI_API_KEY= ANTHROPIC_API_KEY= GOOGLE_API_KEY= XAI_API_KEY= MINIMAX_API_KEY= MINIMAX_BASE_URL=https://api.minimax.io/v1 # ── Square (optional) ─────────────────────────────────────────────────────── SQUARE_APP_SECRET= SQUARE_ENVIRONMENT=sandbox # ── Cron / automation ─────────────────────────────────────────────────────── CRON_SECRET=replace-me-with-a-random-string