doc: instructions for local dev without Vercel access (#1697)

Co-authored-by: Remon Oldenbeuving <remon@kilocode.ai>

Author: shssoichiro

.env.local.example

@@ -0,0 +1,155 @@
+# ============================================================================
+# REQUIRED - Application Core
+# ============================================================================
+# Node environment
+NODE_ENV=development
+# NextAuth configuration (generate a secure random string)
+# Run: openssl rand -base64 32
+NEXTAUTH_SECRET=changeme
+# NextAuth URL (will be auto-set by dev script, but can override)
+NEXTAUTH_URL=http://localhost:3000
+# Database connection
+POSTGRES_URL=postgresql://postgres:postgres@localhost:5432/postgres
+POSTGRES_CONNECT_TIMEOUT=10000
+POSTGRES_MAX_QUERY_TIME=20000
+# ============================================================================
+# REQUIRED - Security & Turnstile
+# ============================================================================
+# Turnstile (Cloudflare captcha) - use test keys for local dev
+NEXT_PUBLIC_TURNSTILE_SITE_KEY=1x00000000000000000000AA
+TURNSTILE_SECRET_KEY=1x0000000000000000000000000000000
+STYTCH_PROJECT_ID=test-fake-project-id
+STYTCH_PROJECT_SECRET=test-fake-project-secret
+R2_ACCOUNT_ID=mock-test-account-id
+R2_ACCESS_KEY_ID=mock-test-access-key
+R2_SECRET_ACCESS_KEY=mock-test-secret-key
+R2_CLI_SESSIONS_BUCKET_NAME=test-bucket
+# ============================================================================
+# AI / Model Inference (Required for AI features)
+# ============================================================================
+# OpenRouter (primary AI provider) - get from https://openrouter.ai/keys
+OPENROUTER_API_KEY=sk-or-v1-your-openrouter-key
+# Optional: Other AI providers
+OPENAI_API_KEY=sk-your-openai-key
+MISTRAL_API_KEY=your-mistral-key
+XAI_API_KEY=your-xai-grok-key
+# ============================================================================
+# OAuth Providers (Required for real OAuth login)
+# ============================================================================
+# GitHub OAuth - create at https://github.com/settings/developers
+GITHUB_CLIENT_ID=your-github-client-id
+GITHUB_CLIENT_SECRET=your-github-client-secret
+# Google OAuth - create at https://console.cloud.google.com/auth/clients
+GOOGLE_CLIENT_ID=your-google-client-id
+GOOGLE_CLIENT_SECRET=your-google-client-secret
+# GitLab OAuth - create at https://gitlab.com/-/profile/applications
+GITLAB_CLIENT_ID=your-gitlab-client-id
+GITLAB_CLIENT_SECRET=your-gitlab-client-secret
+# LinkedIn OAuth - create at https://www.linkedin.com/developers/apps
+LINKEDIN_CLIENT_ID=your-linkedin-client-id
+LINKEDIN_CLIENT_SECRET=your-linkedin-client-secret
+# Discord OAuth (optional)
+DISCORD_CLIENT_ID=your-discord-client-id
+DISCORD_CLIENT_SECRET=your-discord-client-secret
+# ============================================================================
+# Billing & Stripe (Required for billing features)
+# ============================================================================
+# Stripe - get from https://dashboard.stripe.com/test/apikeys
+STRIPE_SECRET_KEY=sk_test_changeme
+NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_changeme
+# Stripe product/price IDs (use test values)
+STRIPE_TEAMS_SUBSCRIPTION_PRODUCT_ID=prod_test_teams
+STRIPE_ENTERPRISE_SUBSCRIPTION_PRODUCT_ID=prod_test_enterprise
+STRIPE_TOP_UP_PRICE_ID=price_test_topup
+# Kilo Pass pricing (test values)
+STRIPE_KILO_PASS_TIER_19_MONTHLY_PRICE_ID=price_test_tier_19_monthly
+STRIPE_KILO_PASS_TIER_19_YEARLY_PRICE_ID=price_test_tier_19_yearly
+STRIPE_KILO_PASS_TIER_49_MONTHLY_PRICE_ID=price_test_tier_49_monthly
+STRIPE_KILO_PASS_TIER_49_YEARLY_PRICE_ID=price_test_tier_49_yearly
+STRIPE_KILO_PASS_TIER_199_MONTHLY_PRICE_ID=price_test_tier_199_monthly
+STRIPE_KILO_PASS_TIER_199_YEARLY_PRICE_ID=price_test_tier_199_yearly
+# KiloClaw pricing (test values)
+STRIPE_KILOCLAW_EARLYBIRD_PRICE_ID=price_test_kiloclaw_earlybird
+STRIPE_KILOCLAW_EARLYBIRD_COUPON_ID=coupon_test_kiloclaw_earlybird
+STRIPE_KILOCLAW_COMMIT_PRICE_ID=price_test_kiloclaw_commit
+STRIPE_KILOCLAW_STANDARD_PRICE_ID=price_test_kiloclaw_standard
+STRIPE_KILOCLAW_STANDARD_FIRST_MONTH_COUPON_ID=coupon_test_kiloclaw_standard_first_month
+# ============================================================================
+# Internal Services (Optional - use defaults for local dev)
+# ============================================================================
+# Internal API secret (generate: openssl rand -base64 32)
+INTERNAL_API_SECRET=changeme
+# Worker URLs (defaults shown, workers are optional)
+CLOUD_AGENT_API_URL=http://localhost:8788
+WEBHOOK_AGENT_URL=http://localhost:8793
+SESSION_INGEST_WORKER_URL=
+CODE_REVIEW_WORKER_URL=mock-url
+CODE_REVIEW_WORKER_AUTH_TOKEN=mock-token
+AUTO_TRIAGE_URL='mock-url'
+AUTO_TRIAGE_AUTH_TOKEN='mock-key'
+AUTO_FIX_URL='mock-url'
+AUTO_FIX_AUTH_TOKEN='mock-key'
+APP_BUILDER_URL=
+APP_BUILDER_AUTH_TOKEN=
+KILOCLAW_API_URL=
+# ============================================================================
+# Optional Services (Can be left empty)
+# ============================================================================
+# WorkOS (for enterprise SSO)
+WORKOS_API_KEY=sk_foo
+WORKOS_CLIENT_ID=
+# Email (Mailgun)
+MAILGUN_API_KEY=
+MAILGUN_DOMAIN=
+NEVERBOUNCE_API_KEY=
+# Vector databases
+QDRANT_HOST=
+QDRANT_API_KEY=
+MILVUS_ADDRESS=
+MILVUS_TOKEN=
+# Analytics
+NEXT_PUBLIC_POSTHOG_KEY=
+# Sentry (error tracking)
+SENTRY_ORG=
+SENTRY_PROJECT=
+NEXT_PUBLIC_SENTRY_DSN=
+# Encryption keys (generate if needed)
+BYOK_ENCRYPTION_KEY=
+CREDIT_CATEGORIES_ENCRYPTION_KEY=
+# Agent environment vars encryption (RSA public key, base64 encoded)
+AGENT_ENV_VARS_PUBLIC_KEY=
+# User deployments
+USER_DEPLOYMENTS_API_BASE_URL=
+USER_DEPLOYMENTS_API_AUTH_KEY=
+USER_DEPLOYMENTS_ENV_VARS_PUBLIC_KEY=
+# Slack integration
+SLACK_CLIENT_ID=
+SLACK_CLIENT_SECRET=
+SLACK_SIGNING_SECRET=
+SLACK_USER_FEEDBACK_WEBHOOK_URL=
+SLACK_DEPLOY_THREAT_WEBHOOK_URL=
+# Discord bot
+DISCORD_BOT_TOKEN=
+DISCORD_PUBLIC_KEY=
+DISCORD_OAUTH_CLIENT_ID=
+DISCORD_OAUTH_CLIENT_SECRET=
+DISCORD_OAUTH_BOT_TOKEN=
+DISCORD_SERVER_ID=
+# Google services
+GOOGLE_WEB_RISK_API_KEY=
+GOOGLE_SHEETS_SPREADSHEET_ID=
+GOOGLE_SERVICE_ACCOUNT_EMAIL=
+# Other services
+ARTIFICIAL_ANALYSIS_API_KEY=
+AI_ATTRIBUTION_ADMIN_SECRET=
+GASTOWN_SERVICE_URL=
+O11Y_SERVICE_URL=
+CRON_SECRET=
+# Abuse detection
+ABUSE_SERVICE_URL=
+ABUSE_SERVICE_CF_ACCESS_CLIENT_ID=
+ABUSE_SERVICE_CF_ACCESS_CLIENT_SECRET=
+# Feature flags
+KILOCLAW_BILLING_ENFORCEMENT=false
+# Debug options
+DEBUG_SHOW_DEV_UI=1

DEVELOPMENT.md

@@ -74,7 +74,7 @@ brew install --cask docker
 
 **Important:** Open Docker Desktop at least once after installation — it configures the CLI tools needed for `docker compose`.
 
-### Vercel CLI
+### Vercel CLI (recommended if you have access)
 
 Used to pull environment variables from the Vercel project:
 
@@ -108,6 +108,8 @@ git lfs pull
 
 ### 3. Set up environment variables
 
+#### a. Set up using Vercel
+
 The project pulls environment variables from Vercel. Run these commands interactively (each will prompt for browser-based authentication):
 
 ```bash
@@ -125,6 +127,20 @@ The KiloClaw pages (`/claw/*`) render the Pylon support chat widget, which requi
 
 Both are already present in Vercel and pulled by `vercel env pull`. If either is missing the widget is silently skipped, so local dev continues to work without Pylon configured.
 
+#### b. Set up manually
+
+If you do not have Vercel access (typical for non-Kilo-employees), you will need to set up the `.env.local` file manually.
+
+Copy `.env.local.example` to `.env.local`, then update the following variables in `.env.local`:
+
+- `NEXTAUTH_SECRET`: Generate a random secret with `openssl rand -base64 32`
+- `INTERNAL_API_SECRET`: Generate a random secret with `openssl rand -base64 32`
+- `STRIPE_SECRET_KEY` and `NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY`: These must be set to create a fake account. You can use an existing Stripe account or create a new one, and use the keys from Sandbox Mode (formerly Test Mode) here.
+
+Then copy `.env.development.local.example` to `.env.development.local`.
+
+These changes will allow you to do local testing with a fake account.
+
 ### 4. Start the database
 
 The project uses PostgreSQL 18 with pgvector, running via Docker. The compose file is at `dev/docker-compose.yml`: