How environment variables work

DreamOS86 projects use standard Next.js environment variables:

NEXT_PUBLIC_ prefix: Exposed to the browser and server. Safe for non-secret config like Supabase URL.

No prefix: Server-only. Never sent to the browser. Use for API keys and secrets.

Required variables

Every DreamOS86 project needs these:

# Supabase
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
# App URL (set this for production deployments)
NEXT_PUBLIC_APP_URL=https://yourdomain.com

Common optional variables

# Stripe
STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_...
# AI providers
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...
GOOGLE_GENERATIVE_AI_API_KEY=AIza...
# Email
RESEND_API_KEY=re_...

Local development

Create a .env.local file in your project root. This file is git-ignored by default.

Production

Set environment variables in your deployment platform (Vercel, Railway, Fly.io) under your project's environment settings.

NEXT_PUBLIC_APP_URL

This is required for correct OAuth redirects and email links in production. Set it to your canonical domain:

NEXT_PUBLIC_APP_URL=https://app.yourdomain.com

Without this, redirects fall back to window.location.origin, which works in most cases but can misbehave behind proxies or CDNs.