Environment variables
operatorEvery env var, its scope (server vs NEXT_PUBLIC), what it gates, and the never-commit rules.
Core launch variables
| Variable | Scope | Purpose |
|---|---|---|
NEXT_PUBLIC_SITE_URL | public | Canonical production URL for metadata, share links, OG images. |
DATABASE_URL | server | Marketplace Postgres (Neon) pooled connection string. Persistence is gated on its presence. |
DIRECT_DATABASE_URL | server | Unpooled connection for migrations, if the provider separates it (Neon also injects DATABASE_URL_UNPOOLED). |
NEXT_PUBLIC_ENABLE_DB_REQUIRED | public | "true" makes production builds fail when DATABASE_URL/SESSION_SECRET are missing. Flip only after provisioning. |
SESSION_SECRET | server | Signs wallet session cookies (SIWE-style auth). Rotate to revoke all sessions. |
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID | public | Enables the WalletConnect connector. Optional — injected browser wallets work without it. |
Bankr / x402
| Variable | Scope | Purpose |
|---|---|---|
BANKR_API_KEY | server | Bankr Agent API. Server-side only; never NEXT_PUBLIC. |
BANKR_BASE_URL | server | Bankr API base (default https://api.bankr.bot). |
BANKR_X402_TREASURY_PAYTO | server | payTo treasury wallet for deployed x402 services. |
BANKR_AGENT_PROFILE_ID | server | Bankr Agent Profile id, once the profile exists. |
Pre-existing app flags
The Phase 5 flags (AI_PROVIDER, NEXT_PUBLIC_ENABLE_X402, oracle/chain RPC settings, and the mock/live feature flags) are documented in Modes & flags. Live-path flags ship disabled by default and require release approval to flip.
Checking an environment
pnpm check:env # local
vercel env ls production # names + scopes only
vercel env pull .env.local