contributor.info/.env.example at main · bdougie/contributor.info · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
# ===========================================
# ENVIRONMENT CONFIGURATION
# ===========================================
#
# Quick Start:
# 1. Copy this file to .env.local
# 2. Choose your environment:
#    - For LOCAL development: npm run env:local
#    - For PRODUCTION: npm run env:production
#
# The environment switcher will configure these for you automatically!
# ===========================================

# ===========================================
# LOCAL DEVELOPMENT CONFIGURATION
# ===========================================
# These values are automatically set when you run: npm run env:local
#
# LOCAL Supabase (Docker required)
# VITE_SUPABASE_URL=http://localhost:54321
# VITE_SUPABASE_ANON_KEY=your-local-anon-key-here

# ===========================================
# PRODUCTION CONFIGURATION
# ===========================================
# These values are automatically set when you run: npm run env:production
# Replace with your actual production values
#
# PRODUCTION Supabase
# VITE_SUPABASE_URL=https://egcxzonpmmcirmgqdrla.supabase.co
# VITE_SUPABASE_ANON_KEY=your-production-anon-key

# ===========================================
# CLIENT-SIDE VARIABLES (Safe for browser)
# ===========================================
# These are prefixed with VITE_ and exposed to the browser
# Only include PUBLIC information here

# Supabase (public configuration) - Set by env switcher
VITE_SUPABASE_URL=https://your-project.supabase.co
VITE_SUPABASE_ANON_KEY=your-supabase-anon-key

# Environment indicator (auto-set by env switcher)
VITE_ENV=local

# GitHub (public read-only token)
# Create at: https://github.com/settings/tokens/new
# Required scopes for seed data generation:
#   - public_repo (read public repositories)
#   - read:user (read user profile info)
# For local seed generation, use a Personal Access Token (Classic)
VITE_GITHUB_TOKEN=your-github-personal-access-token

# Inngest (app identification only - NOT the event key!)
VITE_INNGEST_APP_ID=contributor-info

# OpenAI (optional – still required for GPT-based features)
# VITE_OPENAI_API_KEY=your-openai-api-key

# PostHog LLM Analytics (optional - for AI feature observability)
# Tracks token usage, costs, latency, and errors for OpenAI calls
# VITE_POSTHOG_API_KEY=your-posthog-api-key
# VITE_POSTHOG_HOST=https://us.i.posthog.com

# PostHog Analytics (optional)
VITE_POSTHOG_KEY=your-posthog-project-api-key
VITE_POSTHOG_HOST=https://app.posthog.com

# PostHog Management Scripts (for cohort/flag creation scripts)
# POSTHOG_PROJECT_ID=your-project-id
# POSTHOG_PERSONAL_API_KEY=phx_your-personal-api-key
# POSTHOG_INTERNAL_TEAM_COHORT_ID=cohort-id-from-script-output

# Sentry Error Tracking (optional)
VITE_SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id

# Dub.co URL Shortener (public key)
VITE_DUB_CO_KEY=your-dub-co-public-key
VITE_DUB_DOMAIN_DEV=your-dev-domain
VITE_DUB_DOMAIN_PROD=your-prod-domain

# ===========================================
# SERVER-SIDE VARIABLES (Private - never exposed to browser)
# ===========================================
# These are NOT prefixed with VITE_ and only accessible server-side
# Include SENSITIVE information here

# Supabase (admin/service keys)
SUPABASE_SERVICE_ROLE_KEY=your-supabase-service-role-key
SUPABASE_TOKEN=your-supabase-admin-token
SUPABASE_MCP_TOKEN=your-supabase-mcp-token

# Inngest (server secrets - NEVER expose to browser!)
INNGEST_EVENT_KEY=your-inngest-event-key
INNGEST_SIGNING_KEY=your-inngest-signing-key
INNGEST_SERVE_HOST=your-inngest-host
INNGEST_SERVE_PATH=/api/inngest

# GitHub (server tokens with higher permissions)
# For seed data generation, this should be the same token as VITE_GITHUB_TOKEN
# Required scopes: public_repo, read:user
GITHUB_TOKEN=your-server-github-token

# ===========================================
# SEED DATA CONFIGURATION
# ===========================================
# Configuration for local seed data generation

# Seed data timeframe (days to collect)
SEED_DATA_DAYS=14

# Example repositories to use for seed data
SEED_REPOSITORIES=continuedev/continue,vitejs/vite,facebook/react,vercel/next.js,supabase/supabase

# ===========================================
# COMMIT CAPTURE CONFIGURATION
# ===========================================
# Configuration for capturing commits from GitHub

# Number of commits to fetch per API request (max 100)
VITE_GITHUB_COMMITS_BATCH_SIZE=100

# Maximum number of pages to fetch (prevents excessive API calls)
VITE_GITHUB_COMMITS_MAX_PAGES=10

# Commit capture time ranges (in days)
VITE_COMMITS_INITIAL_DAYS=7  # Days to capture on first run
VITE_COMMITS_UPDATE_DAYS=1    # Days for incremental daily updates
VITE_COMMITS_MAX_PER_RUN=1000 # Max commits per capture run

# OpenAI (optional – still required for GPT-based features)
# OPENAI_API_KEY=your-openai-server-key

# Tapes Proxy (optional - for AI telemetry capture)
# TAPES_PROXY_URL=http://localhost:8080/v1

# PostHog LLM Analytics (server-side for Supabase Edge Functions)
# Required for LLM observability in edge functions
# POSTHOG_API_KEY=your-posthog-api-key
# POSTHOG_HOST=https://us.i.posthog.com

# Dub.co (private API key)
DUB_API_KEY=your-dub-api-private-key

# ===========================================
# POLAR BILLING CONFIGURATION
# ===========================================
# Get these from https://polar.sh/settings
# Required for subscription management

# Polar Access Token (SERVER-SIDE ONLY - never expose to browser!)
# Create at: https://polar.sh/settings/access-tokens
# Used by Netlify functions to manage subscriptions securely
POLAR_ACCESS_TOKEN=polar_pat_your-access-token

# Polar Webhook Secret (for verifying webhooks)
# Found in: https://polar.sh/settings/webhooks
POLAR_WEBHOOK_SECRET=polar_whs_your-webhook-secret

# Polar Environment (sandbox or production)
POLAR_ENVIRONMENT=sandbox

# Polar Product IDs (from your Polar dashboard)
# Create products at: https://polar.sh/products
VITE_POLAR_PRODUCT_ID_PRO=prod_xxxxx_pro_tier
VITE_POLAR_PRODUCT_ID_TEAM=prod_xxxxx_team_tier

# Polar Addon Product IDs
# Server-side (for webhooks and backend)
POLAR_PRODUCT_ID_EXTENDED_RETENTION=65248b4b-20d8-4ad0-95c2-c39f80dc4d18
# Client-side (for frontend display/logic via import.meta.env)
VITE_POLAR_PRODUCT_ID_EXTENDED_RETENTION=65248b4b-20d8-4ad0-95c2-c39f80dc4d18

# GitHub App Configuration (server-side for webhooks)
# You can use either CONTRIBUTOR_APP_* or GITHUB_APP_* variables
# CONTRIBUTOR_APP_* takes precedence if both are set
CONTRIBUTOR_APP_ID=your-github-app-id
CONTRIBUTOR_APP_KEY="-----BEGIN RSA PRIVATE KEY-----\nyour-private-key-here\n-----END RSA PRIVATE KEY-----"
# Alternative naming (legacy support)
GITHUB_APP_ID=your-github-app-id
GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nyour-private-key-here\n-----END RSA PRIVATE KEY-----"
GITHUB_APP_WEBHOOK_SECRET=your-webhook-secret

# Other configuration
BASE_URL=http://localhost:4173
NODE_ENV=development

# Hybrid Progressive Capture Rollout Configuration
HYBRID_ROLLOUT_PERCENTAGE=0
HYBRID_EMERGENCY_STOP=false
HYBRID_ROLLOUT_STRATEGY=percentage
HYBRID_AUTO_ROLLBACK=true
HYBRID_MAX_ERROR_RATE=5.0

RESEND_API_KEY=re-123

# Slack Integration Encryption
# Generate a secure random key: openssl rand -base64 32
# This key is used to encrypt/decrypt Slack webhook URLs and bot tokens in the database
# Client-side (for encrypting webhook URLs in browser)
VITE_SLACK_WEBHOOK_ENCRYPTION_KEY=your-32-character-encryption-key-here
# Server-side (for edge functions - should be the same value as above)
SLACK_WEBHOOK_ENCRYPTION_KEY=your-32-character-encryption-key-here

# Slack OAuth App Configuration (client-side, for OAuth flow)
# Create a Slack app at: https://api.slack.com/apps
# Required scopes: chat:write, channels:read
# Set redirect URL to: https://your-domain.com/functions/v1/slack-oauth-callback
VITE_SLACK_CLIENT_ID=your-slack-client-id
VITE_SLACK_REDIRECT_URI=https://your-domain.com/functions/v1/slack-oauth-callback

# Slack OAuth App Configuration (server-side, for edge functions)
# Get these from your Slack app's "Basic Information" page
SLACK_CLIENT_ID=your-slack-client-id
SLACK_CLIENT_SECRET=your-slack-client-secret
SLACK_REDIRECT_URI=https://your-domain.com/functions/v1/slack-oauth-callback

# ===========================================
# SECURITY NOTES
# ===========================================
#
# ❌ NEVER DO THIS:
# VITE_INNGEST_EVENT_KEY=secret  # Exposes server secret to browser!
# VITE_SUPABASE_SERVICE_ROLE_KEY=secret  # Exposes admin access to browser!
#
# ✅ CORRECT APPROACH:
# - Public keys: VITE_* prefix (exposed to browser)
# - Private keys: No VITE_ prefix (server-only)
# - Use the env.ts helper for safe access
#
# The env.ts file will:
# - Prevent server keys from being accessed in browser
# - Show security warnings if attempted
# - Use proper access patterns for each context
#
# READ THIS: The VITE_ prefix exposes variables to the browser bundle!
# Anyone can inspect your website and see VITE_* variables.
# Only put PUBLIC information in VITE_* variables.

FLY_API_TOKEN=your-fly-api-token

# GitHub Datpipe Configuration
# This key is used for both API authentication and webhook HMAC verification
# Both GH_DATPIPE_KEY and GH_DATPIPE_API_URL are required
GH_DATPIPE_KEY=your-github-datpipe-key
GH_DATPIPE_API_URL=your-datapipe-api-url