Credentials

Environment Variables

All sensitive credentials are stored as environment variables, never in code.

Required

• DATABASE_URL — PostgreSQL connection string (production only)

Optional

• GOOGLE_CLIENT_ID — Google OAuth client ID
• GOOGLE_CLIENT_SECRET — Google OAuth client secret
• RAILS_MASTER_KEY — Rails encrypted credentials key
• SOLANA_ADMIN_KEY — Alex Bot's Solana private key (base58), used by Turf Monster for onchain operations
• ANTHROPIC_API_KEY — Claude API key for AI chat (McRitchie Studio)
• X_BEARER_TOKEN — X (Twitter) API bearer token for News intake (McRitchie Studio). See docs/agents/system/news-pipeline.md for setup.

Development Defaults

• Database: mcritchie_studio_development (local PostgreSQL, no password)
• Admin login: alex@mcritchie.studio / password
• API: No authentication required (add token auth later)

Agent Email Accounts

All agents share a primary Gmail account and have individual forwarding addresses on the mcritchie.studio domain.

Shared Account

• Email: bot@mcritchie.studio — shared Gmail account used by all agents
• 1Password: Credentials stored in the alex@mcritchie.studio 1Password account

Per-Agent Forwarding Addresses

Each agent has a dedicated email that forwards to the shared bot@mcritchie.studio inbox:

Solana Wallets

Each agent has a dedicated Solana wallet on devnet. Credentials stored in 1Password.

Wallet Addresses

1Password CLI Access

Wallet credentials are stored in the alex@mcritchie.studio 1Password account. Use the CLI to retrieve them programmatically.

Prerequisites: Install brew install 1password-cli, then enable "Integrate with 1Password CLI" in 1Password desktop app (Settings > Developer).

Account ID: MWOV5OT5BRHATI4EGMN26C5DPA

Vault layout:
- agents — All agent wallet credentials (renamed from "🦞 Bots" 2026-05-03)
- 🧱 Blockchain — General blockchain credentials

Retrieve a wallet's private key (items renamed 2026-05-03 to agent.* convention):
```bash

Alex Bot

op item get "agent.solana" --vault "agents" --account MWOV5OT5BRHATI4EGMN26C5DPA --fields "private key"

Mason

op item get "agent.mason.solana" --vault "agents" --account MWOV5OT5BRHATI4EGMN26C5DPA --fields "private key"

Mack

op item get "agent.mack.solana" --vault "agents" --account MWOV5OT5BRHATI4EGMN26C5DPA --fields "private key"

Turf Monster

op item get "agent.turf.solana" --vault "agents" --account MWOV5OT5BRHATI4EGMN26C5DPA --fields "private key"
```

Set as env var (one-liner):
bash
export SOLANA_ADMIN_KEY=$(op item get "agent.solana" --vault "agents" --account MWOV5OT5BRHATI4EGMN26C5DPA --fields "private key")


Item fields: Each wallet entry contains recovery phrase, private key (base58), and wallet address (base58 public key).

Onchain Admin

Alex Bot is the primary admin for the TurfVault smart contract (program 7Hy8GmJWPMdt6bx3VG4BLFnpNX9TBwkPt87W6bkHgr2J). Alex Human is the backup admin. Both can perform admin actions (create/settle/close contests). The SOLANA_ADMIN_KEY env var in Turf Monster's .env holds Alex Bot's private key.

Security Notes

• Never commit .env files or credential files
• API is currently open (no auth) — suitable for local/trusted networks only
• Google OAuth credentials must be configured per environment
• Password hashing uses bcrypt via has_secure_password
• 1Password CLI requires biometric or password auth on each use — credentials are never cached in plaintext
• Private keys should only be stored in 1Password and .env files (gitignored), never in code or commits