Environment Variables - Csp-Ai/EdgePicks GitHub Wiki
markdown Copy Edit
๐งช Environment Variables
EdgePicks uses a tightly controlled set of environment variables to power agent flows, Supabase logging, OAuth, and secure deployment. This page documents each required variable, how it's validated, and where it's used.
โ Required Variables
| Name | Purpose | Example / Notes |
|---|---|---|
GOOGLE_CLIENT_ID |
Google OAuth login (NextAuth) | Required for any login-based feature |
GOOGLE_CLIENT_SECRET |
OAuth token validation | Keep secure; used only server-side |
SUPABASE_URL |
Supabase project endpoint | Starts with https:// |
SUPABASE_KEY |
Supabase anon or service key | Should not be embedded in client bundles |
NEXTAUTH_SECRET |
NextAuth session token encryption | Use openssl rand -base64 32 to generate |
NEXTAUTH_URL |
Domain root (e.g., Vercel preview link) | Must match hosting URL |
SPORTS_API_KEY |
External sports data API key (e.g., OddsAPI) | Used in run-agents to fetch stats, lines |
๐ Validation & Security
- All env vars are validated via
validateEnv.tsusing a Zod schema - On
npm run devornpm run build, missing or malformed values cause immediate exit - No
.envfile is committed โ variables must be set via CI/CD provider (Vercel) or locally injected via CLI
// validateEnv.ts (simplified)
z.object({
GOOGLE_CLIENT_ID: z.string().nonempty(),
...
})
๐ง Local Setup
You can inject variables locally like this:
bash
Copy
Edit
GOOGLE_CLIENT_ID=1 GOOGLE_CLIENT_SECRET=1 \
SUPABASE_KEY=1 SUPABASE_URL=http://localhost \
NEXTAUTH_SECRET=1 NEXTAUTH_URL=http://localhost \
SPORTS_API_KEY=1 npm run dev
Or use a .env.local file (never committed):
ini
Copy
Edit
GOOGLE_CLIENT_ID=xxx
SUPABASE_URL=https://...
Make sure to run:
bash
Copy
Edit
npm run build && npm test
before deploying anything with your local env vars.
๐ Vercel Setup
Go to your Vercel Project Settings โ Environment Variables and configure each variable in:
Production
Preview
Development
Be sure to redeploy after changing env vars.
๐ Tips
Never print secrets to the browser console
Avoid hardcoding keys in .ts files
Run npm run validate-env before committing anything critical
For more, see:
๐ CI/CD and Deployment
๐ Prediction Flow Architecture