Skip to main content

Overview

Nectr uses environment variables for all configuration. Copy .env.example to .env and fill in the values. 
cp .env.example .env

Required Variables

These variables must be set for Nectr to start and review PRs.

AI

ANTHROPIC_API_KEY
string
required
Anthropic API key for Claude Sonnet. Get it from console.anthropic.com.
ANTHROPIC_API_KEY=sk-ant-...
ANTHROPIC_MODEL
string
default:"claude-sonnet-4-5-20250929"
Claude model to use for PR reviews.
ANTHROPIC_MODEL=claude-sonnet-4-5-20250929

Database

DATABASE_URL
string
required
PostgreSQL connection string in SQLAlchemy async format. Supabase free tier recommended.Format:
postgresql+asyncpg://user:password@host:port/database
Supabase example (use Connection Pooling → Session Mode):
DATABASE_URL=postgresql+asyncpg://postgres.[project-id]:[password]@aws-0-[region].pooler.supabase.com:5432/postgres
Must use postgresql+asyncpg:// (not postgres:// or postgresql://) for async SQLAlchemy support.

GitHub

GITHUB_CLIENT_ID
string
required
GitHub OAuth App Client ID. Get it from github.com/settings/developers.
GITHUB_CLIENT_ID=Iv1.abcdef1234567890
GITHUB_CLIENT_SECRET
string
required
GitHub OAuth App Client Secret.
GITHUB_CLIENT_SECRET=your_client_secret_here
GITHUB_PAT
string
required
GitHub Personal Access Token (classic) with repo scope. Used to post PR review comments.Get it from github.com/settings/tokensGenerate new token (classic).
GITHUB_PAT=ghp_...
This token posts reviews as your GitHub account. Keep it secure and never commit to git.

Authentication

SECRET_KEY
string
required
Secret key for JWT signing and token encryption. Generate with:
python -c "import secrets; print(secrets.token_hex(32))"

SECRET_KEY=your_generated_64_character_hex_string
Never reuse the same SECRET_KEY across environments. Generate a unique key for production.

URLs

BACKEND_URL
string
default:"http://localhost:8000"
URL where the FastAPI backend is hosted.Local development:
BACKEND_URL=http://localhost:8000
Production (Railway):
BACKEND_URL=https://your-app.up.railway.app
FRONTEND_URL
string
default:"http://localhost:3000"
URL where the Next.js frontend is hosted. Used for CORS and OAuth redirects.Local development:
FRONTEND_URL=http://localhost:3001
Production (Vercel):
FRONTEND_URL=https://your-app.vercel.app

Neo4j Knowledge Graph

NEO4J_URI
string
required
Neo4j database URI. Free tier available at neo4j.com/cloud/aura.
NEO4J_URI=neo4j+s://xxxxx.databases.neo4j.io
Use neo4j+s:// for encrypted connections (required for Neo4j Aura).
NEO4J_USERNAME
string
default:"neo4j"
Neo4j username.
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD
string
required
Neo4j password.
NEO4J_PASSWORD=your_neo4j_password

Mem0 Memory Layer

MEM0_API_KEY
string
required
Mem0 API key for semantic memory. Get it from mem0.ai.
MEM0_API_KEY=m0-...
Mem0 enables Nectr to learn per-project patterns and per-developer habits over time.

Optional Variables

These variables are optional. Leave blank to disable the feature.

MCP Integrations

Pull live context from third-party tools into every PR review. Each integration is independent.
LINEAR_MCP_URL
string
Linear MCP server base URL.
LINEAR_MCP_URL=https://your-linear-mcp-server.com
LINEAR_API_KEY
string
Linear personal API key. Get it from Linear settings → API.
LINEAR_API_KEY=lin_api_...
When set, Nectr pulls linked Linear issues and task descriptions into PR reviews.
SENTRY_MCP_URL
string
Sentry MCP server base URL.
SENTRY_MCP_URL=https://your-sentry-mcp-server.com
SENTRY_AUTH_TOKEN
string
Sentry authentication token.
SENTRY_AUTH_TOKEN=your_sentry_auth_token
When set, Nectr fetches production errors for files changed in the PR.
SLACK_MCP_URL
string
Slack MCP server base URL.
SLACK_MCP_URL=https://your-slack-mcp-server.com
When set, Nectr pulls relevant Slack channel messages as review context.

Feature Flags

PARALLEL_REVIEW_AGENTS
boolean
default:"false"
Enable parallel review mode: runs 3 specialized agents concurrently (security, performance, style) instead of a single agentic loop.
PARALLEL_REVIEW_AGENTS=false
Options:
  • false — Single agentic review loop (default, faster, lower token usage)
  • true — 3 parallel specialized agents + synthesis agent (more thorough, higher token usage)
See Parallel Agents for details.

Slack Bot

SLACK_BOT_TOKEN
string
Slack bot token for direct notifications (separate from MCP context integration).
SLACK_BOT_TOKEN=xoxb-...
SLACK_SIGNING_SECRET
string
Slack signing secret for webhook verification.
SLACK_SIGNING_SECRET=your_slack_signing_secret

Webhook

GITHUB_WEBHOOK_SECRET
string
Global fallback webhook secret. Per-repo secrets are stored in the database automatically on repo connect.
GITHUB_WEBHOOK_SECRET=your_generated_secret
Only used if no per-repo secret is found in the database. Nectr generates unique secrets per repo.

App Settings

These settings control app behavior. Safe to leave as-is for local development.
APP_NAME
string
default:"Nectr"
Application name (displayed in logs and API docs).
APP_NAME=Nectr
APP_ENV
string
default:"development"
Environment name.
APP_ENV=development  # or production
DEBUG
boolean
default:"True"
Enable debug mode (detailed error messages in API responses).
DEBUG=True   # local development
DEBUG=False  # production
Always set DEBUG=False in production to avoid leaking sensitive information in error responses.
LOG_LEVEL
string
default:"DEBUG"
Logging level.
LOG_LEVEL=DEBUG  # local development
LOG_LEVEL=INFO   # production
Options: DEBUG, INFO, WARNING, ERROR, CRITICAL
HOST
string
default:"0.0.0.0"
Host to bind the server to.
HOST=0.0.0.0
PORT
integer
default:"8000"
Port to run the server on. Railway overrides this with $PORT.
PORT=8000
ACCESS_TOKEN_EXPIRE_MINUTES
integer
default:"1440"
JWT token expiration in minutes (default: 24 hours).
ACCESS_TOKEN_EXPIRE_MINUTES=1440
ALGORITHM
string
default:"HS256"
JWT signing algorithm.
ALGORITHM=HS256

Frontend Environment Variables

The Next.js frontend (nectr-web/) uses separate environment variables in .env.local.
NEXT_PUBLIC_API_URL
string
required
URL of the Nectr backend API.Local development:
NEXT_PUBLIC_API_URL=http://localhost:8000
Production:
NEXT_PUBLIC_API_URL=https://your-app.up.railway.app
NEXT_PUBLIC_* variables are embedded in the browser bundle at build time. Only set public, non-sensitive values.

Example Configurations

Local Development

Backend .env: 
# AI
ANTHROPIC_API_KEY=sk-ant-...
ANTHROPIC_MODEL=claude-sonnet-4-5-20250929

# Database
DATABASE_URL=postgresql+asyncpg://postgres:password@localhost:5432/nectr

# GitHub
GITHUB_CLIENT_ID=Iv1.local123
GITHUB_CLIENT_SECRET=local_secret
GITHUB_PAT=ghp_local_token

# Auth
SECRET_KEY=local_dev_secret_key_32_bytes_long

# URLs
BACKEND_URL=http://localhost:8000
FRONTEND_URL=http://localhost:3001

# Neo4j
NEO4J_URI=neo4j+s://xxxxx.databases.neo4j.io
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=your_password

# Mem0
MEM0_API_KEY=m0-...

# App
APP_ENV=development
DEBUG=True
LOG_LEVEL=DEBUG
Frontend .env.local: 
NEXT_PUBLIC_API_URL=http://localhost:8000

Production (Railway + Vercel)

Railway environment variables: 
# AI
ANTHROPIC_API_KEY=sk-ant-...
ANTHROPIC_MODEL=claude-sonnet-4-5-20250929

# Database
DATABASE_URL=postgresql+asyncpg://postgres.[project-id]:[password]@aws-0-[region].pooler.supabase.com:5432/postgres

# GitHub
GITHUB_CLIENT_ID=Iv1.prod123
GITHUB_CLIENT_SECRET=prod_secret
GITHUB_PAT=ghp_prod_token

# Auth
SECRET_KEY=generated_production_secret_64_chars

# URLs
BACKEND_URL=https://your-app.up.railway.app
FRONTEND_URL=https://your-app.vercel.app

# Neo4j
NEO4J_URI=neo4j+s://xxxxx.databases.neo4j.io
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=prod_password

# Mem0
MEM0_API_KEY=m0-prod-...

# App
APP_ENV=production
DEBUG=False
LOG_LEVEL=INFO

# Optional: MCP integrations
LINEAR_MCP_URL=https://linear-mcp.yourcompany.com
LINEAR_API_KEY=lin_api_...
SENTRY_MCP_URL=https://sentry-mcp.yourcompany.com
SENTRY_AUTH_TOKEN=...
Vercel environment variables: 
NEXT_PUBLIC_API_URL=https://your-app.up.railway.app

Security Best Practices

  • Never commit .env files to git (already in .gitignore)
  • Use unique SECRET_KEY per environment (generate with secrets.token_hex(32))
  • Set DEBUG=False in production
  • Rotate GITHUB_PAT periodically
  • Use Supabase connection pooling (Session mode, port 5432)
  • Store production secrets in Railway/Vercel dashboards, not in code
  • Use Neo4j Aura IP whitelisting (add Railway/Vercel IPs only)
  • Enable HTTPS (Railway and Vercel handle this automatically)

Troubleshooting

  • Verify .env file exists in repository root
  • Check file is named exactly .env (not .env.txt or .env.example)
  • Ensure python-dotenv is installed (pip list | grep dotenv)
  • Restart the server after changing .env
  • Verify DATABASE_URL format: postgresql+asyncpg://...
  • Check username, password, host, port, database name
  • For Supabase: use Connection Pooling → Session Mode (port 5432)
  • Test connection: psql $DATABASE_URL (requires psql CLI)
  • Verify NEO4J_URI uses neo4j+s:// (not bolt://)
  • Check Neo4j Aura database is running
  • Verify IP is whitelisted in Neo4j console
  • Test credentials in Neo4j Browser
  • Verify GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET are correct
  • Check OAuth callback URL in GitHub settings matches {BACKEND_URL}/auth/github/callback
  • Ensure FRONTEND_URL is in CORS allowed origins (see app/main.py)
  • Verify ANTHROPIC_API_KEY is valid
  • Check API key has sufficient credits at console.anthropic.com
  • Ensure model name is correct: claude-sonnet-4-5-20250929

Next Steps

Local Development

Set up Nectr on your local machine

Deployment

Deploy to Railway and Vercel

Database Setup

Configure PostgreSQL and Neo4j

Architecture

Understand Nectr’s architecture

Build docs developers (and LLMs) love

Get started for freeTalk to us