# ---- Core ----
NODE_ENV=development

# ---- Database ----
DATABASE_URL=postgresql://bmm:bmm@localhost:5440/bmm
REDIS_URL=redis://localhost:6390

# ---- Auth (Better-Auth) ----
BETTER_AUTH_SECRET=replace-me-with-32-bytes-of-random-hex-1234567890abcdef
BETTER_AUTH_URL=http://localhost:3001
NEXT_PUBLIC_APP_URL=http://localhost:3001
NEXT_PUBLIC_API_URL=http://localhost:4000

# ---- GitHub OAuth (optional in dev) ----
GITHUB_OAUTH_ID=
GITHUB_OAUTH_SECRET=

# ---- Google OAuth (optional — "Continue with Google") ----
# Create at https://console.cloud.google.com/apis/credentials
# Authorized redirect URI must be: <CONTROL_PLANE_PUBLIC_URL>/v1/auth/google/callback
# e.g. dev:  http://localhost:4000/v1/auth/google/callback
#      prod: https://api.buildmymcp.com/v1/auth/google/callback
GOOGLE_OAUTH_ID=
GOOGLE_OAUTH_SECRET=

# Public URL of this API, used to build the OAuth redirect URI.
CONTROL_PLANE_PUBLIC_URL=http://localhost:4000

# ---- Anthropic ----
ANTHROPIC_API_KEY=

# ---- Crypto ----
# 32-byte hex for AES-256-GCM; generate with: openssl rand -hex 32
SECRETS_ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000

# ---- Admin bootstrap ----
# On API boot, an admin user is upserted with these credentials (idempotent).
ADMIN_EMAIL=
ADMIN_PASSWORD=
ADMIN_NAME=Admin

# ---- OAuth signing (RS256 JWKS) ----
# Path to PEM keypair; auto-generated on api boot if missing
OAUTH_KEY_DIR=./keys

# ---- Runner / Generator ----
# Where MCP runtime containers bind (host machine reachable from API)
RUNNER_HOST=localhost
# Range of host ports used for generated MCP containers
RUNNER_PORT_RANGE_START=4100
RUNNER_PORT_RANGE_END=4999
# Public URL template — $SLUG and $PORT are interpolated
RUNNER_PUBLIC_URL_TEMPLATE=http://localhost:$PORT
# Control plane URL reachable from runner containers
CONTROL_PLANE_URL=http://host.docker.internal:4000

# ---- Stripe (Sprint 4) ----
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=

# ---- Observability (optional) ----
SENTRY_DSN=
OTEL_EXPORTER_OTLP_ENDPOINT=