Appearance
Configuration
All environment variables are validated at startup using Zod. In production they are stored in AWS Secrets Manager and injected into ECS tasks by SST at deploy time. For local development, create a .env file in the repo root.
Variable Groups
Core (all services)
| Variable | Description |
|---|---|
DATABASE_URL | MongoDB connection URI |
NODE_ENV | development | production |
REDIS_HOST | Redis hostname |
REDIS_PORT | Redis port (default 6379) |
REDIS_PASSWORD | Redis auth password |
REDIS_USERNAME | Redis username |
API Gateway (apps/app)
| Variable | Description |
|---|---|
PORT | Server port (default 3000) |
BETTER_AUTH_SECRET | Better-Auth session encryption secret |
APP_ORIGIN | Frontend URL (for OAuth redirects) |
API_ORIGIN | This service's public URL |
ALLOWED_ORIGINS | Comma-separated CORS origins |
ADMIN_API_KEY | Internal admin API key |
INTERNAL_API_KEY | Service-to-service API key |
RESEND_API_KEY | Resend (transactional email) |
EMAIL_ADDRESS | From address for auth emails |
WORKER_SERVICE_URL | URL of the worker service |
CLOUDWATCH_SERVICE_URL | URL of the cloudwatch service |
External Services (@ce-sdr/lib)
| Variable | Description |
|---|---|
GOOGLE_CLIENT_EMAIL | Google service account email (Gmail API) |
GOOGLE_PRIVATE_KEY | Google service account private key |
GOOGLE_CLIENT_ID | Google OAuth client ID |
GOOGLE_CLIENT_SECRET | Google OAuth client secret |
TWILIO_ACCOUNT_SID | Twilio account SID (SMS/voice) |
TWILIO_AUTH_TOKEN | Twilio auth token |
CHARGEBEE_SITE | Chargebee site name |
CHARGEBEE_API_KEY | Chargebee API key |
OPENAI_API_KEY | OpenAI API key |
ENRICHMENT_URL | Internal lead enrichment service URL |
ENRICHMENT_ADMIN_EMAIL | Enrichment service admin email |
ENRICHMENT_ADMIN_PASSWORD | Enrichment service admin password |
INTELLIGENT_SERVICE_URL | AI inference service URL |
S3_BUCKET | AWS S3 bucket name |
CloudWatch Service (apps/cloudwatch)
| Variable | Description |
|---|---|
PORT | Server port (default 3003) |
INTERNAL_API_KEY | Required header for log ingestion |
ADMIN_API_KEY | Admin access key |
READONLY_API_KEY | Read-only access key |
AWS_ACCESS_KEY_ID | AWS credentials for CloudWatch Logs |
AWS_SECRET_ACCESS_KEY | AWS credentials for CloudWatch Logs |
AWS_REGION | AWS region (default us-east-1) |
Local Development
Copy .env.example in the repo root and fill in the required values:
bash
cp .env.example .envMinimum required for local dev: DATABASE_URL, BETTER_AUTH_SECRET, REDIS_HOST/REDIS_PORT, and any external service keys needed for the features you're working on.