GridWork HQ
Configuration

Environment Variables

Complete reference for all GridWork HQ environment variables.

Environment Variables

GridWork HQ uses two environment files: .env.local in the dashboard package and .env in the pipeline server. The setup wizard generates both files.

Every feature checks whether its env vars are present. Missing keys show "Not configured" in the UI — the app never crashes on missing optional variables.

Dashboard Environment Variables (.env.local)

Deployment

VariableRequiredDescription
HQ_URLYesYour deployed HQ URL (no trailing slash). Example: https://hq.yourdomain.com
NEXTAUTH_URLLocal onlySet to http://localhost:3000 for local dev. Do NOT set on Vercel.
NODE_ENVNoproduction or development. Defaults to production.

Authentication

VariableRequiredDescription
GITHUB_IDYesGitHub OAuth App Client ID
GITHUB_SECRETYesGitHub OAuth App Client Secret. Security-sensitive.
NEXTAUTH_SECRETYesJWT signing key. Generate with openssl rand -base64 32. Rotate periodically.
ALLOWED_GITHUB_IDYesYour numeric GitHub user ID. Restricts dashboard login to this account. Find yours at https://api.github.com/users/YOUR_USERNAME.

GitHub API

VariableRequiredDescription
GITHUB_TOKENYesPersonal access token with repo and read:org scopes
GITHUB_ORGYesYour GitHub org or username
TRACKED_REPOSNoComma-separated list of repos to display on the dashboard

Notion

VariableRequiredDescription
NOTION_API_KEYYesNotion integration secret from notion.so/my-integrations
NOTION_LEADS_DBYesLeads database ID (32-character hex string from the database URL)
NOTION_CLIENTS_DBYesClients database ID

Stripe

VariableRequiredDescription
STRIPE_SECRET_KEYNoStripe secret key. Use test mode keys (sk_test_...) for development.
STRIPE_WEBHOOK_SECRETNoStripe webhook signing secret for invoice event processing

Anthropic

VariableRequiredDescription
ANTHROPIC_API_KEYYesAnthropic API key for the AI chat feature and server-side API calls. Security-sensitive — never commit.

Perplexity

VariableRequiredDescription
PERPLEXITY_API_KEYNoPerplexity API key for research in prospect and audit pipelines

Pipeline Server Connection

VariableRequiredDescription
PIPELINE_SERVER_TOKENYesShared secret between dashboard and pipeline server. Generate with openssl rand -hex 32. Must match the pipeline server.
PIPELINE_SERVER_URLYesFull URL to your pipeline server (e.g., http://localhost:8750 or https://your-machine.tail12345.ts.net)
PIPELINE_SERVER_PORTYesPort the pipeline server listens on. Default: 8750
DUCTOR_WEBHOOK_TOKENYesWebhook token for HQ-to-pipeline-server communication. Must match the pipeline server.

Vercel

VariableRequiredDescription
VERCEL_API_KEYNoVercel personal access token for deployment status checks
VERCEL_TEAM_IDNoVercel team ID. Leave blank for personal accounts.

Google Analytics and Search Console

VariableRequiredDescription
GOOGLE_SERVICE_ACCOUNT_JSONNoGoogle Cloud service account JSON as a single-line string
GA4_PROPERTY_IDNoGA4 property ID (e.g., 123456789)
GSC_SITE_URLNoGoogle Search Console site URL (e.g., https://www.yourdomain.com)

PageSpeed

VariableRequiredDescription
PAGESPEED_API_KEYNoGoogle PageSpeed Insights API key from console.cloud.google.com

UptimeRobot

VariableRequiredDescription
UPTIMEROBOT_API_KEYNoUptimeRobot API key for uptime tracking
UPTIMEROBOT_MONITOR_IDNoUptimeRobot monitor ID

Database

VariableRequiredDescription
DATABASE_URLNoSQLite file path or Turso URL. Default: file:./data/gridwork-hq.db. For Vercel, use Turso (e.g., libsql://your-db.turso.io).
DATABASE_AUTH_TOKENNoTurso auth token. Only needed when using Turso.

System

VariableRequiredDescription
NEXT_PUBLIC_SYSTEM_USERSNoComma-separated GitHub usernames labeled as "system" in activity feeds

Pipeline Server Environment Variables (.env)

The pipeline server has its own .env file with these key variables:

VariableRequiredDescription
PIPELINE_SERVER_TOKENYesMust match the dashboard's PIPELINE_SERVER_TOKEN
HQ_URLYesURL of the dashboard (e.g., http://localhost:3000 or your Vercel URL)
DUCTOR_WEBHOOK_TOKENYesMust match the dashboard's DUCTOR_WEBHOOK_TOKEN
ANTHROPIC_API_KEYYesAPI key for spawning Claude Code processes
KNOWLEDGE_DIRYesAbsolute path to your knowledge vault (e.g., /Users/you/agency-workspace/knowledge)
SCRIPTS_DIRNoPath to shell scripts directory (e.g., /Users/you/agency-workspace/.scripts)
TELEGRAM_BOT_TOKENNoTelegram bot token for notifications
TELEGRAM_CHAT_IDNoYour Telegram chat ID for receiving notifications
MAX_PARALLEL_PIPELINESNoMaximum concurrent pipeline jobs. Default: 3

Security Notes

  • Never commit .env.local or .env files to git — both are in .gitignore
  • Rotate NEXTAUTH_SECRET periodically: openssl rand -base64 32
  • Rotate PIPELINE_SERVER_TOKEN periodically: openssl rand -hex 32
  • Use Stripe test mode keys (sk_test_...) for development
  • The ALLOWED_GITHUB_ID restricts who can log in to your dashboard

Configuration

Configure GridWork HQ for your agency — environment variables, brand settings, and integrations.

Settings Reference

Brand configuration, setup wizard phases, and in-app settings for GridWork HQ.

On this page

Environment VariablesDashboard Environment Variables (.env.local)DeploymentAuthenticationGitHub APINotionStripeAnthropicPerplexityPipeline Server ConnectionVercelGoogle Analytics and Search ConsolePageSpeedUptimeRobotDatabaseSystemPipeline Server Environment Variables (.env)Security Notes