Strip Environment Variables
Strip Environment Variables
All variables are prefixed STRIP_. Definitions live in apps/strip/internal/pkg/env/variables.go. Loading and validation happen in apps/strip/internal/app/config/config.go (NewConfig + ValidateConfig).
STRIP_STAGE follows the project-wide stage vocabulary — see /standards/deployment-env/.
Required
| Variable | Purpose | Validation |
|---|---|---|
STRIP_STAGE | App stage. Must be production, staging, sandbox, or development. | ValidateConfig returns ErrInvalidStage otherwise. |
STRIP_SIRLOIN_GRPC_HOST | Address of sirloin gRPC server. .env.example uses sirloin:50051. | ErrEmptySirloinHost if blank. |
STRIP_CLERK_SECRET_KEY | Clerk backend key. | Required outside development; ErrClerkSecretRequired otherwise. Treated as a secret. |
Required in non-dev (warned in dev)
| Variable | Purpose |
|---|---|
STRIP_CLERK_PUBLISHABLE_KEY | Clerk client key, embedded in pages. |
STRIP_CLERK_DOMAIN | Clerk frontend API domain (e.g. clerk.foxy.ai). |
If STRIP_STAGE != development, missing values trigger log.Warn and “web UI auth may not work” — sign-in will fail at runtime, not at boot.
Optional / defaulted
| Variable | Default | Purpose |
|---|---|---|
STRIP_PORT | :8080 | Fiber listen address. Default emits a warning. |
STRIP_AUTH_BYPASS_UUID | empty | Dev-only bypass; supports X-Auth-Bypass header or ?auth= query. Never set in production. |
STRIP_DATABASE_URL | empty | Optional Postgres URL backing services.NewPgSessionStore for the operator session store (apps/strip/cmd/app/main.go:235-249). When unset, strip falls back to an in-memory store and logs No STRIP_DATABASE_URL configured - using in-memory session store (sessions lost on restart) outside development. Not used for domain data. |
STRIP_IMAGE_CGI_URL | empty | Image CDN base used by Templ image helpers. Warns if unset. |
STRIP_MCP_SERVER_URL | https://mcp.sexty.dev/foxy360/mcp | Returned by /api/auth/mcp-token. A flank MCP URL is also derived by swapping the /foxy360/mcp suffix — that flank MCP surface is legacy / being retired (flank workflow tooling moved to brain). |
STRIP_BRISKET_BASE_URL | empty | Used to render outbound shop-VI links. Warns if unset (links disabled). |
STRIP_OPENROUTER_API_KEY | empty | Powers Ask Strip. Warns if unset (chat disabled). |
STRIP_OPENROUTER_MODEL | openai/gpt-5.4-mini | OpenRouter model id. |
STRIP_OPENROUTER_REASONING_EFFORT | medium | OpenRouter reasoning level. |
Observability
Strip currently ships logs only via zerolog (github.com/rs/zerolog/log) to stdout — no OTel SDK is wired in cmd/app/main.go. No Sentry integration is present in source.
No OTel SDK or Sentry import is present anywhere under apps/strip/ (verified via repo grep). OTEL_EXPORTER_OTLP_ENDPOINT and SENTRY_DSN are not referenced by strip source. The Fiber requestid + recover middlewares emit per-request structured logs; correlation downstream is via X-Request-ID. TODO(@zen): confirm with platform whether this absence is intentional or whether sidecar/ambient instrumentation is expected.
Loading flow
flowchart TD A[process start] --> B[NewConfig] B --> C{STRIP_STAGE set?} C -- no --> X[fail: MissingError] C -- yes --> D[parse stage] D --> E[load STRIP_SIRLOIN_GRPC_HOST] E --> F{empty?} F -- yes --> X F -- no --> G[load Clerk + optional vars] G --> H[ValidateConfig] H -- prod no Clerk secret --> X H -- ok --> I[startFiberServer]Local examples
make run-dev injects the minimum set:
STRIP_STAGE=development \STRIP_PORT=:8080 \STRIP_SIRLOIN_GRPC_HOST=localhost:50051 \go run cmd/app/main.goFor a non-development stage, also export STRIP_CLERK_* and STRIP_AUTH_BYPASS_UUID as needed. See /services/strip-local-dev/ for the full bootstrap.
Secret handling
STRIP_CLERK_SECRET_KEY, STRIP_AUTH_BYPASS_UUID, and STRIP_OPENROUTER_API_KEY are secrets — fetch them from 1Password / Railway, never commit. The auth bypass UUID is logged with a SECURITY WARNING whenever exercised; treat any production hit as an incident.