AgentFlow Enterprise Docs
Environment Variables Reference
A deployment reference for public variables, server-only secrets, current Stripe price variable names, and optional readiness variables.
Exposure Rules
Never expose server-only secrets
Variables without the NEXT_PUBLIC_ prefix must remain server-side. SUPABASE_SERVICE_ROLE_KEY, Stripe secrets, OpenAI keys, provider tokens, webhook secrets, SMTP passwords, and API key hashes must never be imported into client components or sent to browsers.
Use placeholders in docs, support tickets, screenshots, and examples. Do not paste real environment variable values into repository files, public docs, chat tools, issue trackers, analytics events, or logs.
Public Browser-Safe Variables
| Variable | Exposure | Purpose | Used by |
|---|---|---|---|
NEXT_PUBLIC_APP_URL | Browser-safe | Canonical application URL used by site URL helpers and redirects. NEXT_PUBLIC_SITE_URL is also present as a supported site URL fallback. | Client and server |
NEXT_PUBLIC_SUPABASE_URL | Browser-safe | Supabase project URL used by browser, server, auth callback, proxy, and service-role clients. | Client and server |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Browser-safe | Supabase anon key used by browser and server auth clients. Access is constrained by RLS policies. | Client and server |
NEXT_PUBLIC_AMPLITUDE_API_KEY | Browser-safe | Optional Amplitude analytics key used by components/AmplitudeAnalytics.tsx and server-side event tracking helpers. | Client and server |
NEXT_PUBLIC_STATUS_PAGE_URL | Browser-safe | Optional public status page URL displayed by /status when configured. | Client |
NEXT_PUBLIC_SENTRY_DSN | Browser-safe if used | Optional browser Sentry DSN. The project also accepts server-only SENTRY_DSN for server/error monitoring. | Client and server |
Server-Only Variables
| Variable | Scope | Purpose |
|---|---|---|
SUPABASE_SERVICE_ROLE_KEY | Required for admin routes | Creates the Supabase service-role client in lib/supabase-admin.ts. It bypasses RLS and must never appear in client bundles. |
STRIPE_SECRET_KEY | Required for checkout and portal | Initializes Stripe in lib/stripe/server.ts for Checkout, Billing Portal, and webhook subscription lookups. |
STRIPE_WEBHOOK_SECRET | Required for webhooks | Used by app/api/webhooks/stripe/route.ts to verify the raw request body with Stripe's signature. |
STRIPE_SOLO_PRICE_ID / STRIPE_PRICE_SOLO | Required for Solo checkout | Current code prefers STRIPE_SOLO_PRICE_ID; STRIPE_PRICE_SOLO is a legacy alias supported by lib/stripe/plans.ts. |
STRIPE_GROWTH_PRICE_ID / STRIPE_PRICE_GROWTH | Required for Growth checkout | Current code prefers STRIPE_GROWTH_PRICE_ID; STRIPE_PRICE_GROWTH is a legacy alias. |
STRIPE_ENTERPRISE_PRICE_ID / STRIPE_PRICE_ENTERPRISE | Required for Enterprise checkout | Current code prefers STRIPE_ENTERPRISE_PRICE_ID; STRIPE_PRICE_ENTERPRISE is a legacy alias. |
STRIPE_PRICE_INTERNAL_TEST | Not implemented in current code | Requested by the audit as an optional hidden test plan. It was not found in code or .env.example; treat as planned/readiness-only until implemented. |
OPENAI_API_KEY | Required for AI qualification | Used only server-side by /api/ai/qualify-lead and /api/chat to call OpenAI. |
OPENAI_MODEL | Optional | Optional server-side model override. The qualification route defaults to gpt-4o-mini when unset. |
HUBSPOT_ACCESS_TOKEN | Optional | Private app token for contact create/update and HubSpot sync paths. HUBSPOT_PRIVATE_APP_TOKEN is also accepted by integration helpers. |
HUBSPOT_WEBHOOK_SECRET | Optional | Custom HubSpot webhook shared secret checked by app/api/webhooks/hubspot/route.ts when configured. |
HUBSPOT_CLIENT_SECRET | Optional | Used for HubSpot v3 signature verification when configured. |
SLACK_WEBHOOK_URL | Optional | Slack incoming webhook used by lib/integrations/dispatch.ts. Several Slack alias variables are also detected for readiness. |
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET | Readiness path | Detected by lib/integrations/env.ts for Google Calendar and Sheets readiness. No customer-facing Google workflow should be claimed as fully live without UI validation. |
GOOGLE_CALENDAR_ID / GOOGLE_SHEETS_ID | Readiness path | Optional target IDs detected for Google Calendar and Sheets readiness and passive integration event recording. |
SENTRY_DSN | Optional | Server-side Sentry DSN used by monitoring helpers and Next/Sentry configuration. Use with PII filtering expectations. |
AWS_SES_SMTP_HOST, AWS_SES_SMTP_PORT, AWS_SES_SMTP_USER, AWS_SES_SMTP_PASSWORD, AWS_SES_FROM_EMAIL | Optional | SMTP settings used by lib/email/ses.ts for payment confirmation and payment failure emails. |
UPSTASH_REDIS_REST_URL, UPSTASH_REDIS_REST_TOKEN | Recommended for production rate limits | Used by lib/rate-limit.ts. Without them, the code falls back to per-instance in-memory limits. |
Placeholder-only examplebash
NEXT_PUBLIC_APP_URL=https://example.agentflow.local
NEXT_PUBLIC_SUPABASE_URL=https://project-ref.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=public-anon-placeholder
SUPABASE_SERVICE_ROLE_KEY=server-only-placeholder
STRIPE_SECRET_KEY=stripe-secret-placeholder
STRIPE_WEBHOOK_SECRET=stripe-webhook-secret-placeholder
STRIPE_SOLO_PRICE_ID=price_placeholder_solo
OPENAI_API_KEY=sk-placeholder
HUBSPOT_ACCESS_TOKEN=pat-placeholder
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/placeholder
AWS_SES_SMTP_PASSWORD=smtp-password-placeholderCurrent Gaps and Aliases
STRIPE_PRICE_INTERNAL_TESTis not implemented in the inspected codebase. Treat it as a planned or internal-readiness variable until code and UI support exist.STRIPE_PRICE_SOLO,STRIPE_PRICE_GROWTH, andSTRIPE_PRICE_ENTERPRISEare legacy aliases. Current code prefersSTRIPE_SOLO_PRICE_ID,STRIPE_GROWTH_PRICE_ID, andSTRIPE_ENTERPRISE_PRICE_ID.- Google Calendar and Google Sheets env names are readiness-configured in
lib/integrations/env.ts; they should not be sold as fully live workflows unless the UI and end-to-end delivery are verified. - Slack supports multiple alias variables, but the primary documented variable is
SLACK_WEBHOOK_URL.
These docs describe implementation readiness and configuration. They are not a SOC 2, ISO 27001, penetration test, or contractual SLA claim.