Skip to content

Environment and configuration

Runtime readers use process environment first and local .env files as supported by each module. Keep .env server-side with restrictive permissions; the deploy workflow excludes it from repository upload. Never expose these values to browser code.

AreaImportant variables
SecurityNPK_CRYPT_KEY (hex key for sealed provider/BYO secrets)
Public URLsPUBLIC_BASE_URL, PUBLIC_APP_ORIGIN
Carrier/SMSTELNYX_API_KEY, TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, messaging profile/service IDs, COMMS_WEBHOOK_TOKEN, A2P_ENFORCE
EmailSENDGRID_API_KEY or SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS, SMTP_FROM, SMTP_FROM_NAME
LiveKitLIVEKIT_URL, LIVEKIT_HTTP_URL, LIVEKIT_API_KEY, LIVEKIT_API_SECRET
AIANTHROPIC_API_KEY/CLAUDE_API_KEY, AI_MODEL, AI_GLOBAL_KILL, AI_DAILY_CAP_CENTS, AI_QA_MAX_PER_RUN, WHISPER_BIN, WHISPER_MODEL
BillingBILLING_ENFORCE, BILLING_CHECKOUT_ENABLED, STRIPE_SECRET_KEY, Stripe price/product IDs, reservation TTL/grace
Booking/signupGHL_PRIVATE_INTEGRATION_TOKEN, GHL location/calendar/timezone IDs, SIGNUP_ENABLED, RESEND_API_KEY, RESEND_FROM
Telephony/E2EVICIDIAL_AMI_HOST, VICIDIAL_AMI_PORT, VICIDIAL_AMI_USER, VICIDIAL_AMI_SECRET; E2E bind/advertise overrides
Storage/opsFIELD_UPLOAD_DIR, WAREHOUSE_DIR, ASTERISK_SOUNDS_DIR, QOS_BAD_ALERT_PCT

Defaults in source are development conveniences, not production approval. Validate provider credentials and public webhook URLs with each module’s preflight/health path after deployment.

Implementation anchors: modern/shared/*_schema.php, carrier_providers.php, livekit.php, billing.php, stripe_billing.php, .github/workflows/deploy.yml, tests/e2e/docker-compose.yml.