bettercitizen · cloud setup

Install check

This install is configured entirely via .env. Confirm everything below is green, then bootstrap the install.

first run

Required

  • DATABASE_URLPostgres connection string.
  • BETTER_AUTH_SECRETSigns Better Auth session tokens.
  • BETTER_AUTH_URLhttps://bettercitizen.aiOrigin used for cookie scope + auth redirects.
  • API_KEY_ENCRYPTION_KEYAES-256-GCM key for BYOK creds + solo owner password at rest.
  • ADMIN_EMAILS1 address: [email protected]First operator/admin — gets /admin access on sign-up.

AI providers (at least one)

  • ANTHROPIC_API_KEYAnthropic models.
  • OPENAI_API_KEYOpenAI models.
  • XAI_API_KEYxAI models.
  • OLLAMA_URLhttp://host.docker.internal:11434Local or remote Ollama-compatible endpoint.
  • Claude CLI (Max)Install Claude Code CLI and run `claude login`. Auto-detected from PATH or CLAUDE_CODE_BIN.

SuperCitizen linking (optional)

OFF — this install uses local accounts only. Set CENTRAL_AUTH_ISSUER + CENTRAL_OAUTH_CLIENT_ID + CENTRAL_OAUTH_CLIENT_SECRET to offer SuperCitizen linking.

  • CENTRAL_AUTH_ISSUERCentral OIDC issuer (e.g. auth.supercitizen.org).
  • CENTRAL_OAUTH_CLIENT_IDThis app's OAuth client id at the central provider.
  • CENTRAL_OAUTH_CLIENT_SECRETThis app's OAuth client secret.
  • CENTRAL_GATEWAY_URLhttps://api.supercitizen.org (default)Frontier model gateway — frontier calls route here with the user's token.

Optional

Not required to continue. Features that depend on these will silently no-op when missing.

  • Email transportPassword reset + verification emails. RESEND_API_KEY, AWS_SES_*, or SMTP_*.
  • GEOCODIO_API_KEYAddress → district lookup. Civic features degrade without it.
  • SENTRY_DSNError tracking.

Edit .env and restart the dev server to change any value above. Next step seeds the content tables.