# ============================================================
# PRODUCTION ENVIRONMENT VARIABLES
# ============================================================
# Copy this file and fill in your values:
#   cp .env.production.example .env.production
#
# Legend:
#   [REQUIRED]  — App will NOT start without this
#   [FEATURE]   — Required only when the feature is enabled
#   [OPTIONAL]  — Has a sensible default, override if needed
# ============================================================

# ── CORE (REQUIRED) ──────────────────────────────────────────

# PostgreSQL connection string
# [REQUIRED] App crashes immediately without this
DATABASE_URL="postgresql://user:password@host:5432/dbname"

# Secret for signing auth sessions/tokens
# [REQUIRED] Generate with: openssl rand -base64 32
BETTER_AUTH_SECRET=""

# Public URL of the app (used for OAuth callbacks, email links, OG meta)
# [REQUIRED] Set at BUILD TIME via --build-arg NEXT_PUBLIC_URL=...
NEXT_PUBLIC_URL="https://your-app.example.com"

# Comma-separated list of allowed origins for CSRF protection
# [REQUIRED] Must include your public URL
BETTER_AUTH_TRUSTED_ORIGINS="https://your-app.example.com"

# ── PRODUCT ──────────────────────────────────────────────────

# [OPTIONAL] App display name (default: "claudemesh")
NEXT_PUBLIC_PRODUCT_NAME="MyApp"

# [OPTIONAL] Contact email shown in the app
CONTACT_EMAIL="hello@example.com"

# [OPTIONAL] Default locale (default: "en")
NEXT_PUBLIC_DEFAULT_LOCALE="en"

# [OPTIONAL] Theme mode: "light" | "dark" | "system" (default: "system")
NEXT_PUBLIC_THEME_MODE="system"

# [OPTIONAL] Theme color (default: "orange")
NEXT_PUBLIC_THEME_COLOR="orange"

# ── AUTH METHODS ─────────────────────────────────────────────

# [OPTIONAL] Toggle auth methods (default shown)
NEXT_PUBLIC_AUTH_PASSWORD=true
NEXT_PUBLIC_AUTH_MAGIC_LINK=false
NEXT_PUBLIC_AUTH_PASSKEY=true
NEXT_PUBLIC_AUTH_ANONYMOUS=false

# [OPTIONAL] Signup credits (default: 100 in production)
FREE_TIER_CREDITS=100

# Seed user for initial setup
SEED_EMAIL="admin@example.com"
SEED_PASSWORD="ChangeThisPassword!"

# ── OAUTH PROVIDERS ──────────────────────────────────────────
# Leave empty to disable the provider (login button won't show)

# [FEATURE] Google OAuth
GOOGLE_CLIENT_ID=""
GOOGLE_CLIENT_SECRET=""

# [FEATURE] GitHub OAuth
GITHUB_CLIENT_ID=""
GITHUB_CLIENT_SECRET=""

# [FEATURE] Apple OAuth
APPLE_CLIENT_ID=""
APPLE_CLIENT_SECRET=""
APPLE_APP_BUNDLE_IDENTIFIER=""

# ── S3 STORAGE ───────────────────────────────────────────────
# Set S3_BUCKET to enable. All other S3 vars become required.

# [FEATURE] S3-compatible storage (MinIO, AWS S3, R2, etc.)
S3_BUCKET=""
S3_REGION="us-east-1"
S3_ENDPOINT="http://minio:9000"
S3_ACCESS_KEY_ID=""
S3_SECRET_ACCESS_KEY=""

# ── BILLING (STRIPE) ────────────────────────────────────────
# Set STRIPE_SECRET_KEY to enable. Webhook secret becomes required.

# [FEATURE] Stripe payments
STRIPE_SECRET_KEY=""
STRIPE_WEBHOOK_SECRET=""

# [OPTIONAL] Billing model: "recurring" | "one_time" | "credits"
BILLING_MODEL="recurring"

# ── EMAIL ────────────────────────────────────────────────────
# Configure ONE email provider. Set the API key to enable.

# [FEATURE] Resend (recommended)
RESEND_API_KEY=""

# [FEATURE] OR Nodemailer (self-hosted SMTP)
# NODEMAILER_HOST=""
# NODEMAILER_PORT="465"
# NODEMAILER_USER=""
# NODEMAILER_PASSWORD=""

# [FEATURE] Sender address (required when any email provider is configured)
EMAIL_FROM="noreply@yourdomain.com"

# ── MONITORING ───────────────────────────────────────────────
# All monitoring is optional. App works fine without it.

# [OPTIONAL] Sentry error tracking
NEXT_PUBLIC_SENTRY_DSN=""

# [OPTIONAL] PostHog analytics
NEXT_PUBLIC_POSTHOG_KEY=""
NEXT_PUBLIC_POSTHOG_HOST="https://us.i.posthog.com"

# ── AI (if using AI features) ───────────────────────────────

# [FEATURE] OpenAI
# OPENAI_API_KEY=""

# [FEATURE] Anthropic
# ANTHROPIC_API_KEY=""

# [FEATURE] ElevenLabs TTS
# ELEVENLABS_API_KEY=""

# [FEATURE] Tavily search
# TAVILY_API_KEY=""