Skip to content

Replace hardcoded production URLs with environment variables #281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Replace hardcoded production URLs with environment variables #281

Copilot wants to merge 7 commits into from

Conversation

Copy link

Copilot AI commented Feb 7, 2026
edited
Loading

Hardcoded production URLs in packages/shared/src/prodFlag.ts prevented deployment flexibility, violated config management best practices, and exposed sensitive infrastructure details.

Changes

  • packages/shared/src/prodFlag.ts: Both prodURL and socketURL now read from environment variables (NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL) with fallback to localhost for development. Removed all hardcoded production URLs for security.
  • packages/client/.env.example: Added both NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL with generic placeholder examples (no sensitive URLs exposed). Also retained SOCKET_URL from main branch for backward compatibility.
  • README.md: Documented both new environment variables in setup instructions

Implementation

const envSocketURL = process.env.NEXT_PUBLIC_SOCKET_URL;
const envProdURL = process.env.NEXT_PUBLIC_PROD_URL;

export const socketURL =
  envSocketURL && envSocketURL.trim() !== ""
    ? envSocketURL
    : "http://localhost:3001";

export const prodURL =
  envProdURL && envProdURL.trim() !== ""
    ? envProdURL
    : "http://localhost:3001";

Security

All hardcoded production URLs have been removed from the codebase. Production deployments now require explicit environment variable configuration, preventing accidental exposure of infrastructure details.

Merge Conflict Resolution

Resolved merge conflict with main branch by preserving SOCKET_URL=localhost:3001 alongside the new NEXT_PUBLIC_SOCKET_URL environment variable for backward compatibility with existing configurations.

Original prompt

This section details on the original issue you should resolve

<issue_title>Remove PROD_URL from shared folder and use environment variables instead</issue_title>
<issue_description>Currently, PROD_URL is hardcoded in the shared folder. To improve configuration management and security, replace all instances of the PROD_URL constant with an environment variable. Ensure that the variable is loaded from an .env file and referenced throughout the codebase using process environment access (e.g., process.env.PROD_URL).

Additionally:

  • Add the PROD_URL variable to the .env.example file with a placeholder value to guide developers.
  • Update all relevant documentation and setup instructions if necessary to reflect the requirement to set PROD_URL in the environment.

Acceptance Criteria:

  • PROD_URL is no longer present in the codebase as a hardcoded value.
  • All references use the environment variable.
  • .env.example contains a commented line for PROD_URL.</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@vercel
Copy link

vercel bot commented Feb 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
helios-telemetry Ready Ready Preview, Comment Feb 7, 2026 6:08pm

Copilot AI changed the title [WIP] Remove PROD_URL from shared folder and use environment variables Replace hardcoded PROD_URL with NEXT_PUBLIC_PROD_URL environment variable Feb 7, 2026
Copilot AI requested a review from justin-phxm February 7, 2026 17:45
@justin-phxm
Copy link
Collaborator

justin-phxm commented Feb 7, 2026

@copilot , please hide the aedes.calgarysolar.ca:3001 environment variable. this is a secret we should not be exposing.

@justin-phxm
Copy link
Collaborator

justin-phxm commented Feb 7, 2026

@copilot please fix the merge conflicts

Copy link
Author

Copilot AI commented Feb 7, 2026

@copilot , please hide the aedes.calgarysolar.ca:3001 environment variable. this is a secret we should not be exposing.

Done. Removed all references to aedes.calgarysolarcar.ca:3001 from the codebase. The URLs now use environment variables (NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL) with generic examples in .env.example, and default to localhost:3001 for development. Commit: 4b7ffc0

Copilot AI changed the title Replace hardcoded PROD_URL with NEXT_PUBLIC_PROD_URL environment variable Replace hardcoded production URLs with environment variables Feb 7, 2026
Copy link
Author

Copilot AI commented Feb 7, 2026

@copilot please fix the merge conflicts

Merge conflict resolved. Added SOCKET_URL=localhost:3001 from main branch to .env.example while keeping all the new environment variables (NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL). Commit: c79fe72

@justin-phxm
Copy link
Collaborator

justin-phxm commented Feb 7, 2026

requires updating the environment variables in aws secrets. not going to do for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justin-phxm justin-phxm Awaiting requested review from justin-phxm

At least 2 approving reviews are required to merge this pull request.

Assignees

@justin-phxm justin-phxm

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove PROD_URL from shared folder and use environment variables instead

2 participants

@justin-phxm