# Basic NEXT_PUBLIC_STACK_API_URL=# the base URL of Stack's backend/API. For local development, this is `http://localhost:8102`; for the managed service, this is `https://api.hexclave.com`. NEXT_PUBLIC_STACK_DASHBOARD_URL=# the URL of Stack's dashboard. For local development, this is `http://localhost:8101`; for the managed service, this is `https://app.hexclave.com`. NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR=# set to true to enable local emulator-only behaviors (internal local emulator endpoints, read-only environment config overrides, and local emulator auth UX) STACK_SECRET_SERVER_KEY=# a random, unguessable secret key generated by `pnpm generate-keys` # seed script settings STACK_SEED_INTERNAL_PROJECT_SIGN_UP_ENABLED=# true to enable user sign up to the dashboard when seeding STACK_SEED_INTERNAL_PROJECT_OTP_ENABLED=# true to add OTP auth to the dashboard when seeding STACK_SEED_INTERNAL_PROJECT_ALLOW_LOCALHOST=# true to allow running dashboard on the localhost, set this to true only in development STACK_SEED_INTERNAL_PROJECT_OAUTH_PROVIDERS=# list of oauth providers to add to the dashboard when seeding, separated by comma, for example "github,google,facebook" STACK_SEED_INTERNAL_PROJECT_USER_EMAIL=# default user added to the dashboard STACK_SEED_INTERNAL_PROJECT_USER_PASSWORD=# default user's password, paired with STACK_SEED_INTERNAL_PROJECT_USER_EMAIL STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=# if the default user has access to the internal dashboard project STACK_SEED_INTERNAL_PROJECT_USER_GITHUB_ID=# add github oauth id to the default user STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY=# default publishable client key for the internal project STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY=# default secret server key for the internal project STACK_SEED_INTERNAL_PROJECT_SUPER_SECRET_ADMIN_KEY=# default super secret admin key for the internal project # OAuth mock provider settings STACK_OAUTH_MOCK_URL=# enter the URL of the mock OAuth provider here. For local development, use `http://localhost:8114`. # OAuth shared keys # Can be set to MOCK to use mock OAuth providers STACK_GITHUB_CLIENT_ID=# client STACK_GITHUB_CLIENT_SECRET=# client secret STACK_GOOGLE_CLIENT_ID=# client id STACK_GOOGLE_CLIENT_SECRET=# client secret STACK_MICROSOFT_CLIENT_ID=# client id STACK_MICROSOFT_CLIENT_SECRET=# client secret STACK_SPOTIFY_CLIENT_ID=# client id STACK_SPOTIFY_CLIENT_SECRET=# client secret STACK_ALLOW_SHARED_OAUTH_ACCESS_TOKENS=# allow shared oauth provider to also use connected account access token, this should only be used for development and testing STACK_DISABLE_PLAN_LIMITS=# set to "true" to bypass enforcement of Hexclave's own internal-tenancy plan limits (analytics_events, session_replays, emails_per_month, dashboard_admins seat cap, auth_users soft cap, analytics_timeout_seconds). Default unset/false preserves enforcement. Intended as a temporary cutover safety net while the plan-limits infrastructure rolls out — customer projects' own item APIs are unaffected by this flag. # Email # For local development, you can spin up a local SMTP server like inbucket STACK_EMAIL_HOST=# for local inbucket: 127.0.0.1 STACK_EMAIL_PORT=# for local inbucket: 8129 STACK_EMAIL_USERNAME=# for local inbucket: test STACK_EMAIL_PASSWORD=# for local inbucket: none STACK_EMAIL_SENDER=# for local inbucket: noreply@test.com STACK_EMAILABLE_API_KEY=# Emailable API key for email validation, see https://emailable.com. Use a test key (starting with "test_") for local dev — it does not consume credits. Set to "disable_email_validation" to disable. STACK_DEFAULT_EMAIL_CAPACITY_PER_HOUR=# the number of emails a new project can send. Defaults to 200 # Email branching configuration # If you have multiple deployments of compute accessing the same DB or multiple copies of a DBs connected to compute (as # you would in preview/branching environments), you may want to either disable the auto-triggered email queue steps # (those that trigger whenever an email is sent, besides the cron job), or disable email sending as a whole. STACK_EMAIL_BRANCHING_DISABLE_QUEUE_AUTO_TRIGGER=# set to 'true' to disable the automatic triggering of the email queue step. the cron job must call /email-queue-step to run the queue step. Most useful on production domains where you know the cron job will run on the correct deployment and you don't need the auto-trigger (which may be on the wrong deployment) STACK_EMAIL_BRANCHING_DISABLE_QUEUE_SENDING=# set to 'true' to throw an error instead of sending emails in the email queue step. Most useful on development branches that have a copy of the production DB, but should not send any emails (as otherwise some emails could be sent twice) # Database # For local development: `docker run -it --rm -e POSTGRES_PASSWORD=password -p "8128:5432" postgres` STACK_DATABASE_CONNECTION_STRING=# enter your connection string here. For local development: `postgres://postgres:PASSWORD-PLACEHOLDER--uqfEC1hmmv@localhost:8128/stackframe` # Webhooks STACK_SVIX_SERVER_URL=# For prod, leave it empty. For local development, use `http://localhost:8113` STACK_SVIX_API_KEY=# enter the API key for the Svix webhook service here. Use `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NTUxNDA2MzksImV4cCI6MTk3MDUwMDYzOSwibmJmIjoxNjU1MTQwNjM5LCJpc3MiOiJzdml4LXNlcnZlciIsInN1YiI6Im9yZ18yM3JiOFlkR3FNVDBxSXpwZ0d3ZFhmSGlyTXUifQ.En8w77ZJWbd0qrMlHHupHUB-4cx17RfzFykseg95SUk` for local development # S3 STACK_S3_PUBLIC_ENDPOINT=# publicly accessible endpoint STACK_S3_ENDPOINT=# S3 API endpoint URL (e.g., 'https://s3.amazonaws.com' for AWS or custom endpoint for S3-compatible services) STACK_S3_REGION= STACK_S3_ACCESS_KEY_ID= STACK_S3_SECRET_ACCESS_KEY= STACK_S3_BUCKET= STACK_S3_PRIVATE_BUCKET= # AWS configuration STACK_AWS_REGION= STACK_AWS_KMS_ENDPOINT= STACK_AWS_ACCESS_KEY_ID= STACK_AWS_SECRET_ACCESS_KEY= STACK_AWS_VERCEL_OIDC_ROLE_ARN= # Upstash configuration STACK_QSTASH_URL= STACK_QSTASH_TOKEN= STACK_QSTASH_CURRENT_SIGNING_KEY= STACK_QSTASH_NEXT_SIGNING_KEY= # Email monitor STACK_EMAIL_MONITOR_RESEND_EMAIL_API_KEY=# enter the resend poller api key here STACK_EMAIL_MONITOR_RESEND_EMAIL_DOMAIN=# enter the resend domain that should receive the emails STACK_EMAIL_MONITOR_PROJECT_ID=# enter the project id for the project that the email monitor will attempt to sign up for STACK_EMAIL_MONITOR_PUBLISHABLE_CLIENT_KEY=# enter the publishable client key for email monitor to use when attempting a sign up STACK_EMAIL_MONITOR_VERIFICATION_CALLBACK_URL=# enter a valid verification callback url for the project that the email monitor will attempt to sign up for STACK_EMAIL_MONITOR_INBUCKET_API_URL=# enter a valid inbucket api url for the email monitor to check emails from in test mode STACK_EMAIL_MONITOR_USE_INBUCKET=# enter true/false based on whether the email monitor should use inbucket or resend. Note that if this is set to true in prod, the email monitor will throw an error. STACK_EMAIL_MONITOR_SECRET_TOKEN=# enter the secret token value needed for the request to the email monitor to be accepted # Clickhouse STACK_CLICKHOUSE_URL=# URL of the Clickhouse instance STACK_CLICKHOUSE_ADMIN_USER=# username of the admin account STACK_CLICKHOUSE_ADMIN_PASSWORD=# password of the admin account STACK_CLICKHOUSE_EXTERNAL_PASSWORD=# a randomly generated secure string. The user account will be created automatically # Misc STACK_ACCESS_TOKEN_EXPIRATION_TIME=# enter the expiration time for the access token here. Optional, don't specify it for default value STACK_SETUP_ADMIN_GITHUB_ID=# enter the account ID of the admin user here, and after running the seed script they will be able to access the internal project in the Stack dashboard. Optional, don't specify it for default value OTEL_EXPORTER_OTLP_ENDPOINT=# enter the OpenTelemetry endpoint here. Optional, default is `http://localhost:8131` STACK_INTEGRATION_CLIENTS_CONFIG=# a list of oidc-provider clients for integrations. If not provided, disables integrations STACK_FREESTYLE_API_KEY=# enter your freestyle.sh api key STACK_VERCEL_SANDBOX_PROJECT_ID=# enter the project id for the vercel project that the vercel engine will use STACK_VERCEL_SANDBOX_TEAM_ID=# enter the team id for the vercel project that the vercel engine will use STACK_VERCEL_SANDBOX_TOKEN=# enter the token for the vercel project that the vercel engine will use STACK_OPENAI_API_KEY=# enter your openai api key STACK_FEATUREBASE_API_KEY=# enter your featurebase api key STACK_STRIPE_SECRET_KEY=# enter your stripe api key STACK_STRIPE_WEBHOOK_SECRET=# enter your stripe webhook secret STACK_TELEGRAM_BOT_TOKEN= # enter you telegram bot token STACK_TELEGRAM_CHAT_ID=# enter your telegram chat id # Docs AI tool bundle STACK_MINTLIFY_MCP_URL=# override the Mintlify MCP server used by the backend's AI docs tool bundle. Defaults to https://stackauth-e0affa27.mintlify.app/mcp # MCP review tool (SpacetimeDB) STACK_SPACETIMEDB_URI=# SpacetimeDB host URI; default empty (logging disabled) STACK_SPACETIMEDB_DB_NAME=# SpacetimeDB database name STACK_MCP_LOG_TOKEN=# shared secret gating the log_mcp_call reducer; must match EXPECTED_LOG_TOKEN in apps/internal-tool/spacetimedb/src/index.ts