···4242- Keep commits scoped and reviewable; avoid mixing refactors with feature changes unless necessary.
43434444## Security & Configuration Notes
4545-- Required env vars: `KROGER_CLIENT_ID`, `KROGER_CLIENT_SECRET`, `AI_API_KEY`; optional `CLARITY_PROJECT_ID`, `HISTORY_PATH`. Azure logging uses `AZURE_STORAGE_ACCOUNT_NAME` and `AZURE_STORAGE_PRIMARY_ACCOUNT_KEY`.
4545+- Required env vars: `KROGER_CLIENT_ID`, `KROGER_CLIENT_SECRET`, `AI_API_KEY`; optional `CLARITY_PROJECT_ID`, `GOOGLE_TAG_ID`, `HISTORY_PATH`. Azure logging uses `AZURE_STORAGE_ACCOUNT_NAME` and `AZURE_STORAGE_PRIMARY_ACCOUNT_KEY`.
4646- Never commit secrets or generated recipe outputs. If testing against real APIs, use minimal scopes and rotate keys promptly.
4747- Any handler that lets you see data from multiple users should go behind the /admin mux to secure it.
+1
README.md
···1414- `AI_API_KEY` - OpenAI or Anthropic API key (required)
1515### Optional
1616- `CLARITY_PROJECT_ID` - Microsoft Clarity project ID for web analytics (optional)
1717+- `GOOGLE_TAG_ID` - Google Ads/gtag ID for web analytics (optional)
1718- `SENDGRID_API_KEY` - To allow sending weekly recipe lists via email
18191920if you're