# Database
DATABASE_URL="postgresql://user:password@host/dbname?sslmode=require"
DIRECT_URL="postgresql://user:password@host/dbname?sslmode=require"

# Auth/session
# Generate with: openssl rand -base64 32
SESSION_SECRET="replace-with-at-least-32-characters"

# Optional; Vercel and Node set this automatically in deployed environments.
NODE_ENV="development"

# M11 (ST-1107) — shared secret between Vercel cron-trigger and the
# /api/cron/expire-questions handler. Required in production; optional in
# local dev (the route returns 401 if the Authorization header doesn't match).
# Generate with: openssl rand -base64 32
CRON_SECRET=""