Environment Variables
API (apps/api/)
These are read via NestJS ConfigService (config.get('VAR')) or directly via process.env['VAR'].
Required
| Variable | Example | Description |
|---|---|---|
DATABASE_URL | postgresql://... | Prisma connection string (PgBouncer pooled URL) |
JWT_SECRET | <random 64-char hex> | HS256 signing secret for access + refresh tokens |
NODE_ENV | production | Controls dev-only behaviour (media sink, error details) |
Optional but Recommended
| Variable | Example | Description |
|---|---|---|
ANTHROPIC_API_KEY | sk-ant-... | Claude Sonnet access; falls back to scripted questions if absent |
CENTRIFUGO_URL | http://centrifugo:8000 | Internal Centrifugo HTTP API URL |
CENTRIFUGO_API_KEY | <secret> | Centrifugo API key for server-to-server publish |
CENTRIFUGO_PUBLIC_URL | wss://rt.rgls.uk | Public WebSocket URL (exposed to clients) |
RESEND_API_KEY | re_... | Resend email API key; if absent, emails are logged only |
APP_URL | https://rgls.uk | Base URL for email deep links |
API_PUBLIC_URL | https://api.rgls.uk | Exposed in CORS + link-preview allowlist |
ALLOWED_ORIGINS | https://rgls.uk,https://admin.rgls.uk | Comma-separated CORS origins |
API_PORT | 3000 | HTTP port (default 3000) |
Storage (Cloudflare R2)
| Variable | Example | Description |
|---|---|---|
R2_ACCOUNT_ID | abc123... | Cloudflare account ID |
R2_ACCESS_KEY_ID | <key> | R2 S3-compatible access key |
R2_SECRET_ACCESS_KEY | <secret> | R2 secret |
R2_BUCKET | regulus-media | R2 bucket name |
R2_PUBLIC_HOST | https://media.rgls.uk | Public CDN URL for committed assets |
Observability
| Variable | Example | Description |
|---|---|---|
SENTRY_DSN | https://[email protected]/... | Sentry error tracking |
SENTRY_RELEASE | v1.2.3 | Release identifier for source maps |
SENTRY_TRACES_SAMPLE_RATE | 0.1 | Tracing sample rate (0..1) |
Source maps: after
pnpm --filter @regulus/api build, runpnpm --filter @regulus/api sentry:sourcemapson deploy withSENTRY_AUTH_TOKEN,SENTRY_ORG,SENTRY_PROJECTset in the environment. The release defaults to the current git SHA whenSENTRY_RELEASEis unset — keep it identical to the runtimeSENTRY_RELEASEso traces de-minify.
Mobile (apps/mobile/)
All variables must be prefixed with EXPO_PUBLIC_ to be embedded in the JS bundle. Set in .env.local or EAS secrets.
| Variable | Example | Description |
|---|---|---|
EXPO_PUBLIC_API_URL | https://api.rgls.uk/api/v1 | Base URL for all API calls |
EXPO_PUBLIC_POSTHOG_API_KEY | phc_... | PostHog analytics key |
EXPO_PUBLIC_SENTRY_DSN | https://[email protected]/... | Sentry mobile DSN |
Source maps: the
@sentry/react-native/expoconfig plugin uploads maps during EAS builds. It activates only whenSENTRY_ORG+SENTRY_PROJECTare set (seeeas.jsonbuild profiles) and reads the auth token from theSENTRY_AUTH_TOKENEAS secret:eas secret:create --scope project --name SENTRY_AUTH_TOKEN --value <token>.
Admin (apps/admin/)
No build-time env vars required. The admin panel resolves the API URL at runtime:
- Dev: Vite proxy forwards
/api→localhost:3001(configured invite.config.ts). - Prod: Hardcoded
https://api.rgls.ukinapps/admin/src/lib/api.ts.
To override the production API URL, edit PROD_API in apps/admin/src/lib/api.ts.
Optional documentation site URL (used by the Docs page):
| Variable | Default | Description |
|---|---|---|
VITE_DOCS_URL | https://docs.regulus.app | VitePress docs site URL embedded in admin iframe |
VITE_SENTRY_DSN | (unset) | Sentry DSN for the admin SPA. No-op when blank |
VITE_SENTRY_RELEASE | (unset) | Optional release id surfaced to Sentry |
Source maps: when
SENTRY_AUTH_TOKEN,SENTRY_ORG,SENTRY_PROJECTare present at build time,vite buildauto-injects debug IDs and uploads maps via@sentry/vite-plugin. With any of them missing the build proceeds and simply skips the upload.
Local Development
Copy .env.example → .env in apps/api/:
cp apps/api/.env.example apps/api/.env
# Fill in DATABASE_URL and JWT_SECRET at minimum
pnpm devMinimum viable .env for local dev (no AI, no email, no real-time):
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/regulus"
JWT_SECRET="dev-secret-change-in-production-use-64-random-hex-chars"
NODE_ENV="development"With Anthropic AI and email:
DATABASE_URL="postgresql://..."
JWT_SECRET="..."
NODE_ENV="development"
ANTHROPIC_API_KEY="sk-ant-..."
RESEND_API_KEY="re_..."
APP_URL="http://localhost:8081"