ClassGamify configuration should describe the current classroom product loop: teachers create activities, publish assignments, students complete attempts, and teachers review results. Configuration examples should not drift back to copied SaaS-starter, course-site, or generic AI demo language.
Use this page as the index for environment ownership, Cloudflare bindings, runtime secrets, and provider setup before a production launch.
Activity -> Assignment -> Attempt -> ResultsCloudflare Git integration owns production builds and deploys. The connected
Cloudflare Workers project builds pushes to main, then deploys the Worker.
This repository intentionally does not contain a GitHub Actions deploy workflow,
and production configuration should not require GitHub repository secrets.
Run pnpm predeploy locally before release pushes. That gate covers locale
checks, Biome checks, and the production build. Use pnpm deploy only for a
manual Cloudflare Workers deployment when the project owner explicitly chooses
that path.
After a deployment, health checks should use the configured ClassGamify
VITE_BASE_URL origin. Do not verify against copied starter domains or retired
learning-site URLs.
VITE_* values are build-time inputs. They are read by Vite during
pnpm dev, pnpm build, or the Cloudflare build, then inlined into the client
bundle. In production, set them in the Cloudflare project build environment.
They should cover public configuration only:
VITE_BASE_URLfor the ClassGamify site origin and assignment links.VITE_PAYMENT_PROVIDERplus Stripe price IDs or Creem product IDs for pricing and checkout surfaces.- Analytics, support chat, and other browser-visible integration IDs.
Do not put secrets in VITE_* variables, and do not expect VITE_* values to
become Worker runtime secrets after deployment.
Worker runtime secrets belong in Cloudflare Worker secrets. They protect server functions that create teacher activities, publish assignment links, score student attempts, render result exports, send mail, process payments, and create teacher-reviewed AI drafts.
Required or optional runtime secrets include:
BETTER_AUTH_SECRETfor teacher workspace sessions.GOOGLE_CLIENT_IDandGOOGLE_CLIENT_SECRETfor Google OAuth.RESEND_API_KEY,CLOUDFLARE_ACCOUNT_ID, andCLOUDFLARE_API_TOKENfor mail or Cloudflare Email Service.STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET,CREEM_API_KEY, andCREEM_WEBHOOK_SECRETfor payment providers.- Provider credentials used by AI drafting, notifications, and newsletter integrations when those features are enabled.
Cloudflare owns these production secrets. Keep .env.local and
.env.production local or build-only, and never commit real credentials.
pnpm sync-worker-secrets is a local manual setup command for bulk syncing
Worker secrets after the Worker exists; it is not a CI deploy path and is not a
reason to commit real secrets.
ClassGamify data storage is provided by Cloudflare bindings, not generic environment variables.
- D1 uses the
DBbinding. It stores Better Auth rows, teacher-owned activities, assignment snapshots, attempts, payment records, and result review data. - R2 uses the
BUCKETbinding. It stores teacher-managed source materials such as audio, worksheet images, worksheet documents, spreadsheets, and avatar files.
Student assignment payloads should expose sanitized runtime prompts, choices, timers, and submission rules. They should not expose teacher source-material lists, R2 keys, storage URLs, payment metadata, OAuth metadata, or server-only provider settings.
Regenerate Worker binding types with pnpm cf-typegen after binding shape
changes. The postinstall hook also runs this command so local installs keep
the generated Env interface aligned with wrangler.jsonc.
Authentication gates the teacher workspace. Better Auth uses the D1 DB
binding and runtime secrets to protect saved activities, assignment links,
source materials, attempts, and results.
Google OAuth callback examples should use the ClassGamify domain, for example
https://classgamify.example/api/auth/callback/google. Login and recovery copy
should describe teacher workspace access, not a starter-template account shell.
Mail configuration supports verification email, password reset, contact form delivery, newsletter subscription, and classroom-product updates. Sender examples should use ClassGamify addresses and subjects should describe teacher workspace actions such as saved activities, assignment links, student attempts/results, and teacher-reviewed AI drafts.
Newsletter provider credentials should be treated as runtime secrets when the provider requires private API keys.
Payment configuration controls plan access for ClassGamify capabilities: activity creation, assignment publishing, AI draft assistance, file-backed source materials, and teacher result-review workflows.
Stripe and Creem both require build-time product identifiers for public pricing surfaces and runtime secrets for checkout, portals, and webhooks. Webhooks must update the owner-scoped payment state without broadening access to another teacher's activities, assignments, attempts, or results.
AI-assisted activity creation is a teacher-reviewed draft workflow. Provider credentials are runtime-only. Prompts should receive sanitized classroom content and safe source-material provenance, not raw R2 keys, signed URLs, private file paths, OAuth identifiers, or payment metadata.
The AI path should end in an editable activity draft. It should not publish an assignment or expose student-facing runtime items without teacher review.
E2E helpers are local-first and disabled outside the guarded local test mode.
Use accounts scoped to e2e-*@example.test. Test setup should create only the
teacher, activity, assignment, attempt, and result data needed for the journey.
Before release or larger refactors, update tests/e2e/TEST-CATALOG.md, walk the
real UI locally when available, and run the relevant Playwright specs.
README.mdpoints deploy owners to this configuration boundary.docs/env.mdexplains build-time values versus Worker runtime secrets.docs/auth.mdties auth secrets to teacher workspace protection.docs/mail.mdkeeps transactional examples in ClassGamify classroom terms.docs/payment.mdties checkout setup to activity, assignment, AI, and result capabilities.docs/storage.mddocuments the R2 source-material boundary..env.exampleand.env.production.exampleuse ClassGamify placeholders.wrangler.jsoncowns D1 and R2 bindings for the Worker.pnpm predeployremains the local release gate:pnpm locale:check,pnpm check, thenpnpm build.pnpm deployremains the explicit manual Cloudflare Workers deploy command.- Health checks use the configured ClassGamify
VITE_BASE_URL. pnpm sync-worker-secretsis local-only manual secret setup after the Worker exists.pnpm cf-typegenkeeps Worker binding types aligned withwrangler.jsonc.- E2E helpers stay local-first and guarded by the documented test mode.
src/config/developer-configuration-handoff.tsexposes the 30-slice developer configuration boundary used by fast tests to keep examples, verification gates, secrets, bindings, and provider copy aligned with the classroom product loop.