Generate .env.example and .env.local files with all required environment variables extracted from the architecture blueprint. Includes comments, validation scripts, and links to obtain API keys.
npx claudepluginhub navraj007in/architecture-cowork-pluginThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Generate production-ready environment variable files with all configuration extracted from your architecture blueprint.
Perfect for: New project setup, developer onboarding, deployment configuration, secrets management
Use this skill when you need to:
/architect:scaffoldInput: Architecture blueprint (extracts from Tech Stack, Integrations, Security sections)
Output: .env.example, .env.local, validate-env.sh
.env.examplePurpose: Template committed to git, no secrets Content: All required environment variables with placeholder values and comments
# Database Configuration
DATABASE_URL="postgresql://user:password@localhost:5432/dbname"
DATABASE_POOL_SIZE=10
# Authentication (Clerk)
# Get your keys: https://dashboard.clerk.com/
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="pk_test_xxx"
CLERK_SECRET_KEY="sk_test_xxx"
# File Storage (Cloudflare R2)
# Get your keys: https://dash.cloudflare.com/
R2_ACCOUNT_ID="your-account-id"
R2_ACCESS_KEY_ID="your-access-key"
R2_SECRET_ACCESS_KEY="your-secret-key"
R2_BUCKET_NAME="your-bucket-name"
# Email (Resend)
# Get your key: https://resend.com/api-keys
RESEND_API_KEY="re_xxx"
RESEND_FROM_EMAIL="noreply@yourdomain.com"
# Integrations
SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxx"
STRIPE_PUBLISHABLE_KEY="pk_test_xxx"
STRIPE_SECRET_KEY="sk_test_xxx"
STRIPE_WEBHOOK_SECRET="whsec_xxx"
# App Configuration
NEXT_PUBLIC_APP_URL="http://localhost:3000"
NODE_ENV="development"
LOG_LEVEL="debug"
.env.localPurpose: Local development secrets, NOT committed to git Content: Same variables with actual values (or instructions to fill in)
# ⚠️ DO NOT COMMIT THIS FILE TO GIT
# This file contains your actual secrets for local development
# Database Configuration
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/myapp_dev"
DATABASE_POOL_SIZE=10
# Authentication (Clerk)
# TODO: Sign up at https://clerk.com and get your keys
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="<GET_FROM_CLERK_DASHBOARD>"
CLERK_SECRET_KEY="<GET_FROM_CLERK_DASHBOARD>"
# File Storage (Cloudflare R2)
# TODO: Create R2 bucket at https://dash.cloudflare.com/
R2_ACCOUNT_ID="<GET_FROM_CLOUDFLARE>"
R2_ACCESS_KEY_ID="<GET_FROM_CLOUDFLARE>"
R2_SECRET_ACCESS_KEY="<GET_FROM_CLOUDFLARE>"
R2_BUCKET_NAME="myapp-dev"
[... all variables with TODO or default values ...]
validate-env.shPurpose: Validate all required environment variables are set Content: Shell script that checks each variable and reports missing ones
#!/bin/bash
# Environment Variable Validation Script
# Generated by Architect AI
set -e
MISSING=()
# Function to check if variable is set
check_var() {
VAR_NAME=$1
VAR_VALUE=${!VAR_NAME}
if [ -z "$VAR_VALUE" ] || [[ "$VAR_VALUE" == "<GET_FROM_"* ]]; then
MISSING+=("$VAR_NAME")
fi
}
echo "🔍 Validating environment variables..."
# Database
check_var "DATABASE_URL"
check_var "DATABASE_POOL_SIZE"
# Authentication
check_var "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY"
check_var "CLERK_SECRET_KEY"
# File Storage
check_var "R2_ACCOUNT_ID"
check_var "R2_ACCESS_KEY_ID"
check_var "R2_SECRET_ACCESS_KEY"
check_var "R2_BUCKET_NAME"
[... check all variables ...]
# Report results
if [ ${#MISSING[@]} -eq 0 ]; then
echo "✅ All environment variables are set!"
exit 0
else
echo "❌ Missing or incomplete environment variables:"
for var in "${MISSING[@]}"; do
echo " - $var"
done
echo ""
echo "See .env.example for details on how to obtain these values."
exit 1
fi
.env.production.example (optional)Purpose: Production environment template Content: Production-specific variables (different URLs, higher limits)
# Production Environment Variables
DATABASE_URL="<PRODUCTION_DATABASE_URL>"
DATABASE_POOL_SIZE=50 # Higher for production
NEXT_PUBLIC_APP_URL="https://yourdomain.com"
NODE_ENV="production"
LOG_LEVEL="info" # Less verbose than dev
# Enable production features
ENABLE_ANALYTICS=true
ENABLE_ERROR_TRACKING=true
SENTRY_DSN="<SENTRY_DSN>"
Scan blueprint sections for environment variable requirements:
DATABASE_URL, DATABASE_POOL_SIZEREDIS_URL, REDIS_PASSWORDNEXT_PUBLIC_APP_URLAPI_RATE_LIMIT_PER_MINUTEAPI_TIMEOUT_MSFor each integration detected:
STRIPE_PUBLISHABLE_KEY, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRETNEXT_PUBLIC_CLERK_PUBLISHABLE_KEY, CLERK_SECRET_KEYRESEND_API_KEY, RESEND_FROM_EMAILSLACK_WEBHOOK_URL, SLACK_BOT_TOKENOPENAI_API_KEY, OPENAI_ORG_IDR2_ACCOUNT_ID, R2_ACCESS_KEY_ID, R2_SECRET_ACCESS_KEY, R2_BUCKET_NAMEAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, S3_BUCKET_NAMEGCS_PROJECT_ID, GCS_BUCKET_NAME, GOOGLE_APPLICATION_CREDENTIALSAZURE_STORAGE_CONNECTION_STRING, AZURE_STORAGE_CONTAINERRABBITMQ_URLAWS_SQS_QUEUE_URL, AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEYKAFKA_BROKERS, KAFKA_CLIENT_ID, KAFKA_SASL_USERNAME, KAFKA_SASL_PASSWORDAZURE_SERVICE_BUS_CONNECTION_STRINGREDIS_QUEUE_URLELASTICSEARCH_URL, ELASTICSEARCH_API_KEYALGOLIA_APP_ID, ALGOLIA_API_KEY, ALGOLIA_SEARCH_KEYTYPESENSE_URL, TYPESENSE_API_KEYMEILISEARCH_URL, MEILISEARCH_API_KEYAZURE_SEARCH_ENDPOINT, AZURE_SEARCH_API_KEYPINECONE_API_KEY, PINECONE_ENVIRONMENT, PINECONE_INDEXQDRANT_URL, QDRANT_API_KEYWEAVIATE_URL, WEAVIATE_API_KEYJWT_SECRET or SESSION_SECRETENCRYPTION_KEY (if encryption used)CORS_ALLOWED_ORIGINSNODE_ENVLOG_LEVELENABLE_DEBUGSENTRY_DSN, DATADOG_API_KEYDEFAULT_TENANT_ID, TENANT_ISOLATION_MODEGroup variables by category for organization:
# =============================================================================
# DATABASE
# =============================================================================
DATABASE_URL="..."
DATABASE_POOL_SIZE=10
# =============================================================================
# AUTHENTICATION
# =============================================================================
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="..."
CLERK_SECRET_KEY="..."
# =============================================================================
# FILE STORAGE
# =============================================================================
[...]
For each variable, add:
Example:
# Clerk Publishable Key (safe to expose in frontend)
# Required: Yes
# Get it: https://dashboard.clerk.com/ → API Keys
# Example: pk_test_Y2xlcmsuZXhhbXBsZS5jb20k
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="pk_test_xxx"
# Clerk Secret Key (NEVER expose in frontend or git)
# Required: Yes
# Get it: https://dashboard.clerk.com/ → API Keys
# Example: sk_test_1234567890abcdef
CLERK_SECRET_KEY="sk_test_xxx"
Where applicable, provide sensible defaults:
# Development defaults (can override for production)
DATABASE_POOL_SIZE=10 # 10 for dev, 50+ for prod
API_RATE_LIMIT_PER_MINUTE=60 # Generous for dev
API_TIMEOUT_MS=30000 # 30 seconds
LOG_LEVEL="debug" # debug for dev, info for prod
NODE_ENV="development"
# URLs (update for production)
NEXT_PUBLIC_APP_URL="http://localhost:3000"
Create validate-env.sh that:
.env.local or current environment<GET_FROM_...>)Variable format validation:
# Validate DATABASE_URL is a valid PostgreSQL URL
if [[ ! "$DATABASE_URL" =~ ^postgresql:// ]]; then
echo "⚠️ DATABASE_URL must start with postgresql://"
fi
# Validate NEXT_PUBLIC_APP_URL is a valid URL
if [[ ! "$NEXT_PUBLIC_APP_URL" =~ ^https?:// ]]; then
echo "⚠️ NEXT_PUBLIC_APP_URL must start with http:// or https://"
fi
# Validate Clerk keys have correct prefix
if [[ ! "$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY" =~ ^pk_ ]]; then
echo "⚠️ NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY must start with pk_"
fi
Ensure .gitignore includes:
# Environment files with secrets
.env.local
.env.*.local
.env.production
# Keep template in git
!.env.example
If .gitignore doesn't exist or is missing these entries, add them automatically.
When invoked, generate:
🔧 Generating environment configuration...
✅ Extracted 23 environment variables from blueprint
- Database: 2 variables
- Authentication (Clerk): 2 variables
- File Storage (R2): 4 variables
- Email (Resend): 2 variables
- Integrations (Stripe, Slack): 5 variables
- App Configuration: 5 variables
- Monitoring (Sentry): 1 variable
- Security: 2 variables
✅ Created .env.example (template, safe to commit)
✅ Created .env.local (with TODOs, DO NOT commit)
✅ Created validate-env.sh (validation script)
✅ Updated .gitignore to exclude .env.local
📋 Next steps to configure your environment:
1. Sign up for required services:
- Clerk: https://clerk.com (authentication)
- Cloudflare: https://cloudflare.com (file storage)
- Resend: https://resend.com (email)
- Stripe: https://stripe.com (payments)
- Sentry: https://sentry.io (error tracking)
2. Get your API keys from each dashboard
3. Fill in .env.local with your actual keys
4. Validate your configuration:
chmod +x validate-env.sh
./validate-env.sh
5. Start development:
npm run dev
🔒 Security reminders:
- NEVER commit .env.local to git
- Rotate secrets if accidentally exposed
- Use different keys for dev/staging/production
Optional parameters (ask user if they want to customize):
Default behavior: Development environment, Next.js format, all variables, basic validation.
# Next.js specific (NEXT_PUBLIC_* exposed to browser)
NEXT_PUBLIC_APP_URL="http://localhost:3000"
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="pk_test_xxx"
# Server-side only (never exposed)
CLERK_SECRET_KEY="sk_test_xxx"
DATABASE_URL="postgresql://..."
# Remix specific (loaded via remix.config.js)
SESSION_SECRET="your-session-secret-min-32-chars"
DATABASE_URL="postgresql://..."
# Public variables (explicitly passed to client)
APP_URL="http://localhost:3000"
# Astro specific (PUBLIC_* exposed to browser)
PUBLIC_APP_URL="http://localhost:3000"
PUBLIC_CLERK_KEY="pk_test_xxx"
# Server-side only
CLERK_SECRET_KEY="sk_test_xxx"
# Standard Node.js
PORT=3000
NODE_ENV="development"
DATABASE_URL="postgresql://..."
JWT_SECRET="your-jwt-secret"
Generate docker-compose.yml environment section:
version: '3.8'
services:
app:
image: myapp:latest
env_file:
- .env.local
environment:
# Override specific variables
DATABASE_URL: postgresql://db:5432/myapp
REDIS_URL: redis://redis:6379
depends_on:
- db
- redis
db:
image: postgres:15
environment:
POSTGRES_DB: myapp
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
redis:
image: redis:7-alpine
Generate Kubernetes manifests:
configmap.yaml (non-sensitive values):
apiVersion: v1
kind: ConfigMap
metadata:
name: myapp-config
data:
NODE_ENV: "production"
LOG_LEVEL: "info"
DATABASE_POOL_SIZE: "50"
NEXT_PUBLIC_APP_URL: "https://myapp.com"
secret.yaml (sensitive values):
apiVersion: v1
kind: Secret
metadata:
name: myapp-secrets
type: Opaque
stringData:
DATABASE_URL: "<BASE64_ENCODED>"
CLERK_SECRET_KEY: "<BASE64_ENCODED>"
STRIPE_SECRET_KEY: "<BASE64_ENCODED>"
JWT_SECRET: "<BASE64_ENCODED>"
<GET_FROM_...>)Example strict validation:
# Check JWT_SECRET is strong enough
if [ ${#JWT_SECRET} -lt 32 ]; then
echo "❌ JWT_SECRET must be at least 32 characters long"
echo " Current length: ${#JWT_SECRET}"
echo " Generate a strong secret: openssl rand -base64 48"
fi
# Check CORS_ALLOWED_ORIGINS doesn't allow all
if [[ "$CORS_ALLOWED_ORIGINS" == "*" ]] && [[ "$NODE_ENV" == "production" ]]; then
echo "❌ CORS_ALLOWED_ORIGINS='*' is dangerous in production"
echo " Use specific origins instead"
fi
# ⚠️ SECRET - Never expose in frontend or commit to git
CLERK_SECRET_KEY="sk_test_xxx"
# ✅ PUBLIC - Safe to expose in frontend
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="pk_test_xxx"
# Rotate this secret every 90 days
# Last rotated: 2026-02-07
JWT_SECRET="..."
# Use different values for dev/staging/production
# Development: sk_test_xxx
# Production: sk_live_xxx
STRIPE_SECRET_KEY="sk_test_xxx"
# Add to .gitignore:
.env.local
.env.*.local
.env.production
# Pre-commit hook to catch accidental commits:
git diff --cached --name-only | grep -E "\.env\.local"
# 1. Generate blueprint
/architect:blueprint
# 2. Scaffold project structure
/architect:scaffold
# 3. Setup environment variables
/architect:setup-env
# 4. Validate environment
chmod +x validate-env.sh
./validate-env.sh
# 5. Start development
npm run dev
A successful environment setup should:
/architect:setup-env
# Output:
# ✅ Created .env.example (23 variables)
# ✅ Created .env.local (ready to fill in)
# ✅ Created validate-env.sh
/architect:setup-env --env=production
# Output:
# ✅ Created .env.production.example
# ✅ Higher resource limits (pool size: 50)
# ✅ Production-ready defaults (LOG_LEVEL=info)
/architect:setup-env --format=docker
# Output:
# ✅ Created docker-compose.yml with env_file
# ✅ Created .env for Docker Compose
/architect:setup-env --format=kubernetes
# Output:
# ✅ Created k8s/configmap.yaml
# ✅ Created k8s/secret.yaml (with TODOs)
Expert guidance for Next.js Cache Components and Partial Prerendering (PPR). **PROACTIVE ACTIVATION**: Use this skill automatically when working in Next.js projects that have `cacheComponents: true` in their next.config.ts/next.config.js. When this config is detected, proactively apply Cache Components patterns and best practices to all React Server Component implementations. **DETECTION**: At the start of a session in a Next.js project, check for `cacheComponents: true` in next.config. If enabled, this skill's patterns should guide all component authoring, data fetching, and caching decisions. **USE CASES**: Implementing 'use cache' directive, configuring cache lifetimes with cacheLife(), tagging cached data with cacheTag(), invalidating caches with updateTag()/revalidateTag(), optimizing static vs dynamic content boundaries, debugging cache issues, and reviewing Cache Component implementations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.