Replace hardcoded production URLs with environment variables

[Copilot]

Hardcoded production URLs in packages/shared/src/prodFlag.ts prevented deployment flexibility, violated config management best practices, and exposed sensitive infrastructure details.

Changes

• packages/shared/src/prodFlag.ts: Both prodURL and socketURL now read from environment variables (NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL) with fallback to localhost for development. Removed all hardcoded production URLs for security.
• packages/client/.env.example: Added both NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL with generic placeholder examples (no sensitive URLs exposed). Also retained SOCKET_URL from main branch for backward compatibility.
• README.md: Documented both new environment variables in setup instructions

Implementation

const envSocketURL = process.env.NEXT_PUBLIC_SOCKET_URL;
const envProdURL = process.env.NEXT_PUBLIC_PROD_URL;

export const socketURL =
  envSocketURL && envSocketURL.trim() !== ""
    ? envSocketURL
    : "http://localhost:3001";

export const prodURL =
  envProdURL && envProdURL.trim() !== ""
    ? envProdURL
    : "http://localhost:3001";

Security

All hardcoded production URLs have been removed from the codebase. Production deployments now require explicit environment variable configuration, preventing accidental exposure of infrastructure details.

Merge Conflict Resolution

Resolved merge conflict with main branch by preserving SOCKET_URL=localhost:3001 alongside the new NEXT_PUBLIC_SOCKET_URL environment variable for backward compatibility with existing configurations.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Remove PROD_URL from shared folder and use environment variables instead</issue_title>
<issue_description>Currently, PROD_URL is hardcoded in the shared folder. To improve configuration management and security, replace all instances of the PROD_URL constant with an environment variable. Ensure that the variable is loaded from an .env file and referenced throughout the codebase using process environment access (e.g., process.env.PROD_URL).

Additionally:

• Add the PROD_URL variable to the .env.example file with a placeholder value to guide developers.
• Update all relevant documentation and setup instructions if necessary to reflect the requirement to set PROD_URL in the environment.

Acceptance Criteria:

• PROD_URL is no longer present in the codebase as a hardcoded value.
• All references use the environment variable.
• .env.example contains a commented line for PROD_URL.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Remove PROD_URL from shared folder and use environment variables instead #280

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
helios-telemetry	Ready	Preview, Comment	Feb 7, 2026 6:08pm

[justin-phxm]

@copilot , please hide the aedes.calgarysolar.ca:3001 environment variable. this is a secret we should not be exposing.

[justin-phxm]

@copilot please fix the merge conflicts

[Copilot]

@copilot , please hide the aedes.calgarysolar.ca:3001 environment variable. this is a secret we should not be exposing.

Done. Removed all references to aedes.calgarysolarcar.ca:3001 from the codebase. The URLs now use environment variables (NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL) with generic examples in .env.example, and default to localhost:3001 for development. Commit: 4b7ffc0

[Copilot]

@copilot please fix the merge conflicts

Merge conflict resolved. Added SOCKET_URL=localhost:3001 from main branch to .env.example while keeping all the new environment variables (NEXT_PUBLIC_PROD_URL and NEXT_PUBLIC_SOCKET_URL). Commit: c79fe72

[justin-phxm]

requires updating the environment variables in aws secrets. not going to do for now.