Skip to content

[DX] Clean up .env.example: remove duplicates, add source comments, improve onboarding#212

Open
udaycodespace wants to merge 3 commits into
geturbackend:mainfrom
udaycodespace:fix/dx-env-cleanup-207
Open

[DX] Clean up .env.example: remove duplicates, add source comments, improve onboarding#212
udaycodespace wants to merge 3 commits into
geturbackend:mainfrom
udaycodespace:fix/dx-env-cleanup-207

Conversation

@udaycodespace
Copy link
Copy Markdown

@udaycodespace udaycodespace commented May 26, 2026
edited by coderabbitai Bot
Loading

PR Description

Summary

This PR cleans up .env.example to improve first-time contributor onboarding by removing duplicate entries, adding concise source comments, and including cross-platform setup instructions.

Changes

  • Removed duplicate Razorpay env variables (fixes [DX] Duplicate Razorpay env entries in .env.example #207)
  • Added source comments for credentials:
    • Supabase: direct dashboard link
    • Resend: API keys + webhook setup links
    • Razorpay: unified comments per variable
    • Auth secrets: quick openssl example
  • Added cross-platform copy instructions at the top:
    • Linux/macOS: cp .env.example .env
    • PowerShell: Copy-Item .env.example .env

Why this matters

  • Reduces confusion during local setup
  • Makes it clear where to obtain each credential
  • Helps Windows users avoid command syntax issues
  • Keeps comments short and actionable

Testing

  • Verified all env variables are present and non-duplicated
  • Confirmed comments are concise and include correct dashboard links
  • Tested copy commands on Linux and PowerShell

Closes #207

Summary by CodeRabbit

  • Documentation
    • Enhanced environment setup with explicit copy commands for Linux/macOS and PowerShell.
    • Clarified authentication guidance for generating secure secrets and encryption keys, with example commands.
    • Cleaned and consolidated external service sections; added the Razorpay webhook secret entry and clarified surrounding formatting.

Review Change Stack

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 26, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c8339355-aaab-4593-a246-e82aa1a819e5

📥 Commits

Reviewing files that changed from the base of the PR and between 76bebe2 and ff0d7aa.

📒 Files selected for processing (1)
  • .env.example
📝 Walkthrough

Walkthrough

This PR updates .env.example: adds explicit Linux/macOS and PowerShell copy commands, includes authentication secret-generation examples and ENCRYPTION_KEY guidance, and consolidates Supabase/Resend/Frontend/Razorpay placeholders with RAZORPAY_WEBHOOK_SECRET present.

Changes

Environment Configuration Refresh

Layer / File(s) Summary
Setup copy commands and authentication guidance
.env.example		 Replaced the generic "copy this file" wording with explicit cp (Linux/macOS) and Copy-Item (PowerShell) commands; added example commands for generating random secrets and clarified ENCRYPTION_KEY formatting.
Supabase/Resend/Frontend and Razorpay consolidation
.env.example		 Reorganized service sections, refreshed placeholder/link comments, and consolidated Razorpay credential placeholders so RAZORPAY_WEBHOOK_SECRET appears with the key/secret/plan entries.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A rabbit nudges env files in the night, 🐇
"Copy" commands now shining clear and bright,
Secrets seeded with a tiny shell cheer,
Razorpay twins merged — no duplicate fear,
Hop, hop, config fixed — setup's near! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main changes: cleanup of .env.example with focus on removing duplicates, adding source comments, and improving onboarding—all directly reflected in the code changes.
Linked Issues check ✅ Passed The pull request addresses all primary coding objectives from issue #207: removes duplicate Razorpay entries, improves onboarding clarity, and adds helpful source comments and secret generation examples as discussed in issue comments.
Out of Scope Changes check ✅ Passed All changes are scoped to .env.example file improvements directly addressing issue #207 requirements: duplicate removal, source comments, cross-platform instructions, and secret generation guidance.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.env.example:
- Line 58: Add a single trailing newline at the end of the .env.example file so
the file ends with a blank line (this fixes the dotenv-linter EndingBlankLine
warning); locate the RAZORPAY_WEBHOOK_SECRET line and ensure there is one
newline character after it (no extra characters or spaces).
- Around line 21-24: The ENCRYPTION_KEY guidance is inconsistent with how the
code decodes it (Buffer.from(..., 'hex') in
packages/common/src/utils/encryption.js); update the .env.example ENCRYPTION_KEY
line to instruct generating a hex string (e.g., use openssl rand -hex 32) and
specify the expected length (64 hex chars for a 32-byte key) so the env value
matches Buffer.from(..., 'hex') at runtime. Also briefly clarify that
JWT_SECRET/API_KEY_SALT can remain base64 if desired, but ENCRYPTION_KEY must be
hex.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5526b44b-f770-4802-bf0d-2aed1fab482d

📥 Commits

Reviewing files that changed from the base of the PR and between 1cf5a6e and 76bebe2.

📒 Files selected for processing (1)
  • .env.example

Comment thread .env.example Outdated
Comment thread .env.example Outdated
@udaycodespace udaycodespace force-pushed the fix/dx-env-cleanup-207 branch from d3da05a to 2c868fb Compare May 26, 2026 05:57
@yash-pouranik
Copy link
Copy Markdown
Collaborator

yash-pouranik commented May 26, 2026

i created secrets from crypy.randombytes(32).tostring('hex')
@coderabbitai

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 26, 2026

Tip

For best results, initiate chat on the files or code changes.

@yash-pouranik Thanks for sharing! That's a valid Node.js approach — crypto.randomBytes(32).toString('hex') generates a 64-character hex string, which works well as an auth secret.

Since this project likely uses Node.js, it might be worth adding it as an inline alternative in the .env.example comment alongside the openssl example, so contributors can pick whichever tool they have available:

# Generate a random secret: openssl rand -base64 32
# Or with Node.js: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

That way, Windows users without openssl can still easily generate a secret. Would you like to include that in this PR?

@udaycodespace
fix(dx): add Node.js secret generation examples
ff0d7aa 
Updated examples for JWT_SECRET and ENCRYPTION_KEY in .env.example.
@udaycodespace
Copy link
Copy Markdown
Author

udaycodespace commented May 26, 2026

@yash-pouranik Added the Node.js-based secret generation alternative alongside the openssl example as well, so contributors on Windows or without openssl can generate secrets more easily.

@udaycodespace udaycodespace mentioned this pull request May 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[DX] Duplicate Razorpay env entries in .env.example

2 participants

@udaycodespace @yash-pouranik