SPECTRA is now AXIS

homeaboutjoinepisodes
submit
Document Reader

env-audit

Project documentation.

Back To DocumentsOpen Diagrams
Reference

docs/env-audit.md

Back To HubTop
All DocsDiagramsartist-bio-draftsartist-index-agentsartist-scraperdeployment-hq-runbookenv-auditepisode-artwork-contractsvercel-score-audit-2026-03-22

Env Audit

This is the current env status for the main app paths in this repo.

Actively used

  • NEXT_PUBLIC_REOWN_PROJECT_ID
  • NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID
  • NEXT_PUBLIC_BASE_RPC_URL
  • NEXT_PUBLIC_BASE_SEPOLIA_RPC_URL
  • NEXT_PUBLIC_SPECTRAFORM_ADDRESS
  • NEXT_PUBLIC_RECAPTCHA_SITE_KEY
  • RECAPTCHA_SECRET_KEY
  • BREVO_SMTP_HOST
  • BREVO_SMTP_PORT
  • BREVO_SMTP_USER
  • BREVO_SMTP_PASS
  • CUSTOM_FROM
  • ADMIN_EMAIL
  • CDP_PAYMASTER_URL
  • EPISODES_ADMIN_SESSION_SECRET
  • EPISODES_OWNER_ERC1155_ADDRESS
  • EPISODES_OWNER_ERC1155_TOKEN_ID
  • EPISODES_OWNER_RPC_URL
  • EPISODES_OWNER_ALLOWLIST
  • EPISODES_SYNC_RPC_URL
  • EPISODES_SYNC_PRIVATE_KEY
  • SPECTRA_EVENT_ACCESS_REGISTRY_ADDRESS
  • OWNER_ACCESS_DEPLOY_RPC_URL
  • OWNER_ACCESS_DEPLOY_PRIVATE_KEY
  • OWNER_ACCESS_ADMIN_ADDRESS
  • OWNER_ACCESS_INITIAL_MINTER_ADDRESS
  • OWNER_ACCESS_BASE_URI
  • OWNER_ACCESS_CONTRACT_METADATA_URI
  • OWNER_ACCESS_CONTRACT_ADDRESS
  • OWNER_ACCESS_RECIPIENT
  • OWNER_ACCESS_ROLE
  • OWNER_ACCESS_TOKEN_ID
  • OWNER_ACCESS_AMOUNT
  • OWNER_ACCESS_ADMIN_RPC_URL
  • OWNER_ACCESS_ADMIN_PRIVATE_KEY
  • OWNER_ACCESS_REVOKE_ACCOUNT
  • OWNER_ACCESS_REVOKE_TOKEN_ID
  • OWNER_ACCESS_REVOKE_AMOUNT
  • OWNER_ACCESS_ROLE_ACTION
  • OWNER_ACCESS_CONTRACT_ROLE
  • OWNER_ACCESS_ROLE_ACCOUNT
  • BASESCAN_API_KEY
  • ETHERSCAN_API_URL
  • BASE_BLOCKSCOUT_API_URL
  • BASE_SEPOLIA_BLOCKSCOUT_API_URL

Legacy or not part of the current main flow

These do not appear in the active production paths I audited, or are only referenced by old/backup files:

  • SENDPULSE_SMTP_USER
  • SENDPULSE_SMTP_PASS
  • SMTP2GO_SMTP_HOST
  • SMTP2GO_SMTP_USER
  • SMTP2GO_SMTP_PASS
  • BREVO_API_KEY
  • GMAIL_USER
  • GMAIL_APP_PASS

Notes:

  • GMAIL_* is only used in app/api/submit/route copy.ts, which looks like an old backup file
  • if you are not using those fallback mail paths, they can be removed from .env
Embedded Diagrams

Visual deployment and architecture references

The same system diagrams are available here inside the document so you can review flows, contracts, and deployment context without leaving the page.

Open Full Diagram Board
Operations · Diagram 1

Episode Sync Lifecycle

How the episode catalog becomes onchain event registry state.

Open SVG
Episode Sync Lifecycle
Founder Flow · Diagram 2

Founder Mint Lifecycle

Submission approval and Season 1 founder membership mint lifecycle.

Open SVG
Founder Mint Lifecycle
System Map · Diagram 3

Full Architecture

Top-level relationship map between the app, episode catalog, and all core contracts.

Open SVG
Full Architecture
Access Control · Diagram 4

Owner Auth Lifecycle

Wallet challenge, token verification, and owner dashboard session issuance.

Open SVG
Owner Auth Lifecycle