naap/.env.example at main · livepeer/naap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# =============================================================================
# NAAP Platform — environment variable reference (not loaded automatically)
# =============================================================================
#
# This repository-level `.env.example` documents variables across services for
# maintainers; it is not read by Next.js. For local Next.js development, copy
# `apps/web-next/.env.local.example` to `apps/web-next/.env.local` and edit that
# file (see paths: `.env.example`, `apps/web-next/.env.local.example`,
# `apps/web-next/.env.local`).
#
# This file is a catalog of names the codebase may read. Copy values into the
# place your runtime actually loads (see below). Do not commit real secrets.
#
# ─── Next.js app (apps/web-next) ────────────────────────────────────────────
# `next dev` / `next build` read env files only from apps/web-next/, not from
# the repo root. A repo-root `.env` is ignored by Next unless you symlink it
# or use a custom loader.
#
# Precedence when the same name appears (highest wins first):
#   .env.development.local / .env.production.local  (mode + local)
#   .env.local                                       (all modes; gitignored)
#   .env.development / .env.production               (mode-specific)
#   .env
# See https://nextjs.org/docs/app/building-your-application/configuring/environment-variables
#
# Local workflow: copy `apps/web-next/.env.local.example` → `apps/web-next/.env.local` and edit.
#
# ─── Vercel ─────────────────────────────────────────────────────────────────
# Project → Settings → Environment Variables (same variable names as below).
#
# ─── Docker / other services ────────────────────────────────────────────────
# docker-compose env_file, Kubernetes secrets, base-svc/.env, plugin
# backend/.env, etc. — each process reads its own config; only Next uses
# apps/web-next/.env*.
#
# Required variables are marked with [REQUIRED]. Optional ones have defaults.
# =============================================================================

# ═══════════════════════════════════════════════════════════════════════════════
# CORE CONFIGURATION
# ═══════════════════════════════════════════════════════════════════════════════

# [REQUIRED] Application URL (your production domain)
NEXT_PUBLIC_APP_URL=https://your-domain.com

# Optional: Override the origin used for billing-provider OAuth callback URLs
# (e.g. local dev through an alternate shell port like http://localhost:8935)
# If set, the billing-provider OAuth flow will use:
#   ${BILLING_PROVIDER_OAUTH_CALLBACK_ORIGIN}/api/v1/auth/providers/:providerSlug/callback
BILLING_PROVIDER_OAUTH_CALLBACK_ORIGIN=http://localhost:3000

# [REQUIRED] NextAuth secret for session encryption (min 32 chars)
# Generate with: openssl rand -base64 32
NEXTAUTH_SECRET=

# Deployment stage: development | staging | production
# Auto-detected from VERCEL_ENV if not set
# DEPLOY_ENV=production

# ═══════════════════════════════════════════════════════════════════════════════
# SUBGRAPH
# ═══════════════════════════════════════════════════════════════════════════════
#
# Used by dashboard-provider plugin for fees data (server-only; never exposed to browser).
# For local Next.js, set these in apps/web-next/.env.local (not repo-root .env).
#
SUBGRAPH_API_KEY=
SUBGRAPH_ID=

# L1 (Ethereum mainnet) RPC URL for protocol round block progress.
# Livepeer rounds use L1 block numbers (startBlock, roundLength). Required for accurate Protocol tile.
# Example: https://mainnet.infura.io/v3/<key> — set in apps/web-next/.env.local for local dev.
L1_RPC_URL=

# ═══════════════════════════════════════════════════════════════════════════════
# DATABASE
# ═══════════════════════════════════════════════════════════════════════════════

# [REQUIRED] PostgreSQL connection URL
# For Neon (recommended for Vercel):
#   postgres://user:pass@ep-xxx.region.aws.neon.tech/dbname?sslmode=require
# With connection pooling (recommended):
#   postgres://user:pass@ep-xxx.region.aws.neon.tech/dbname?sslmode=require&pgbouncer=true&connection_limit=10
DATABASE_URL=

# Unpooled connection for migrations (Neon requires this for schema changes)
# Same as DATABASE_URL but without pooling parameters
DATABASE_URL_UNPOOLED=

# ═══════════════════════════════════════════════════════════════════════════════
# AUTHENTICATION - OAuth Providers
# ═══════════════════════════════════════════════════════════════════════════════

# Google OAuth 2.0
# Setup: https://console.cloud.google.com/apis/credentials
# Redirect URI: ${NEXT_PUBLIC_APP_URL}/api/v1/auth/callback/google
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

# GitHub OAuth
# Setup: https://github.com/settings/developers → OAuth Apps → New
# Redirect URI: ${NEXT_PUBLIC_APP_URL}/api/v1/auth/callback/github
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

# Optional: Override auto-derived redirect URIs
# GOOGLE_REDIRECT_URI=https://your-domain.com/api/v1/auth/callback/google
# GITHUB_REDIRECT_URI=https://your-domain.com/api/v1/auth/callback/github

# ═══════════════════════════════════════════════════════════════════════════════
# STORAGE
# ═══════════════════════════════════════════════════════════════════════════════

# Vercel Blob Storage token
# Get from: Vercel Dashboard → Project → Storage → Blob
# Without this, storage falls back to local filesystem (not for production)
BLOB_READ_WRITE_TOKEN=

# ═══════════════════════════════════════════════════════════════════════════════
# EMAIL
# ═══════════════════════════════════════════════════════════════════════════════

# Email (Resend) — verification and password reset
# Get API key from https://resend.com/api-keys
# Without this, verification/reset links are logged to console (dev only)
# RESEND_API_KEY=
#
# [REQUIRED for production] Sender address — must use a verified domain in Resend.
# The default (onboarding@resend.dev) is sandbox-only and can only send to the
# Resend account owner's email. For production:
#   1. Add and verify a custom domain in Resend (https://resend.com/domains)
#   2. Configure DNS records: SPF, DKIM, and optionally DMARC
#   3. Set EMAIL_FROM to an address on that verified domain
# EMAIL_FROM=NaaP <noreply@yourdomain.com>

# ═══════════════════════════════════════════════════════════════════════════════
# REALTIME MESSAGING
# ═══════════════════════════════════════════════════════════════════════════════

# Ably API key for realtime features
# Get from: https://ably.com/dashboard
# Without this, SSE (Server-Sent Events) is used as fallback
ABLY_API_KEY=

# ═══════════════════════════════════════════════════════════════════════════════
# OFF-VERCEL BACKEND SERVICES (Hybrid Deployment)
# ═══════════════════════════════════════════════════════════════════════════════
#
# These services run outside Vercel (on your own infrastructure).
# The Next.js API routes proxy requests to these services.
# In production, set to your backend host URLs (e.g., https://api.your-domain.com)
# ═══════════════════════════════════════════════════════════════════════════════

# [REQUIRED for production] Core platform service
# Handles: auth, plugin registry, lifecycle, teams, tenants, RBAC, secrets
BASE_SVC_URL=https://api.your-domain.com

# Plugin frontend asset server
PLUGIN_SERVER_URL=https://plugins.your-domain.com

# Livepeer integration service (staking, orchestrators, protocol)
LIVEPEER_SVC_URL=https://livepeer.your-domain.com

# AI/Video pipeline gateway
PIPELINE_GATEWAY_URL=https://pipelines.your-domain.com

# Artifact storage service
STORAGE_SVC_URL=https://storage.your-domain.com

# Infrastructure provisioning service
INFRASTRUCTURE_SVC_URL=https://infra.your-domain.com

# ═══════════════════════════════════════════════════════════════════════════════
# PLUGIN BACKEND SERVICES
# ═══════════════════════════════════════════════════════════════════════════════
#
# These are proxied via /api/v1/[plugin]/* catch-all route
# Set to the URLs where each plugin backend is hosted
#
# Canonical ports (must match plugins/*/plugin.json → backend.devPort):
#   capacity-planner: 4003, marketplace: 4005, community: 4006,
#   developer-api: 4007, my-wallet: 4008, my-dashboard: 4009,
#   plugin-publisher: 4010, daydream-video: 4111
# ═══════════════════════════════════════════════════════════════════════════════

CAPACITY_PLANNER_URL=https://api.your-domain.com:4003
MARKETPLACE_URL=https://api.your-domain.com:4005
COMMUNITY_URL=https://api.your-domain.com:4006
DEVELOPER_API_URL=https://api.your-domain.com:4007
WALLET_URL=https://api.your-domain.com:4008
DASHBOARD_URL=https://api.your-domain.com:4009
PLUGIN_PUBLISHER_URL=https://api.your-domain.com:4010
DAYDREAM_VIDEO_URL=https://api.your-domain.com:4111

# ═══════════════════════════════════════════════════════════════════════════════
# NAAP API
# ═══════════════════════════════════════════════════════════════════════════════

# [REQUIRED for dashboard] NAAP API base including path prefix, no
# trailing slash. Examples:
#   NAAP_API_SERVER_URL=https://your-naap-api-host.example.com/v1
#   NAAP_API_SERVER_URL=https://naap-api.livepeer.cloud/v1
NAAP_API_SERVER_URL=

# [OPTIONAL] Data facade stub mode — set to "true" to serve hardcoded stub data
# for all dashboard and developer API widgets. Useful for frontend development
# without live backend services. Unset (or "false") to use real data resolvers.
FACADE_USE_STUBS=

# ═══════════════════════════════════════════════════════════════════════════════
# CACHING
# ═══════════════════════════════════════════════════════════════════════════════

# Redis URL for caching and rate limiting
# Format: redis://[[username:]password@]host[:port][/database]
# Without this, in-memory caching is used (not recommended for production)
REDIS_URL=redis://localhost:6379

# ═══════════════════════════════════════════════════════════════════════════════
# MONITORING & OBSERVABILITY
# ═══════════════════════════════════════════════════════════════════════════════

# Sentry DSN for error tracking
# Get from: https://sentry.io/settings/projects/{project}/keys/
SENTRY_DSN=

# Log level: debug | info | warn | error
LOG_LEVEL=info

# ═══════════════════════════════════════════════════════════════════════════════
# FEATURE FLAGS
# ═══════════════════════════════════════════════════════════════════════════════

# Enable debug mode (adds extra logging, debug endpoints)
DEBUG=false

# Enable maintenance mode (returns 503 for all requests)
MAINTENANCE_MODE=false

# ═══════════════════════════════════════════════════════════════════════════════
# SECURITY
# ═══════════════════════════════════════════════════════════════════════════════

# Encryption key for secrets at rest (32 bytes, base64 encoded)
# Generate with: openssl rand -base64 32
ENCRYPTION_KEY=

# Vercel Cron secret — authenticates scheduled cron jobs (e.g. health checks)
# Generate with: openssl rand -hex 32
CRON_SECRET=

# Rate limiting (requests per minute)
RATE_LIMIT_AUTH=10
RATE_LIMIT_API=100

# Allowed origins for CORS (comma-separated)
# ALLOWED_ORIGINS=https://your-domain.com,https://app.your-domain.com

# ═══════════════════════════════════════════════════════════════════════════════
# PLUGIN DEVELOPMENT (only for local development)
# ═══════════════════════════════════════════════════════════════════════════════

# Skip SSL verification for local plugin backends
# NODE_TLS_REJECT_UNAUTHORIZED=0

# Enable hot reload for plugins
# PLUGIN_HOT_RELOAD=true