···4242- Keep commits scoped and reviewable; avoid mixing refactors with feature changes unless necessary.
43434444## Security & Configuration Notes
4545-- Required env vars: `KROGER_CLIENT_ID`, `KROGER_CLIENT_SECRET`, `AI_API_KEY`; optional `CLARITY_PROJECT_ID`, `GOOGLE_TAG_ID`, `HISTORY_PATH`. Azure logging uses `AZURE_STORAGE_ACCOUNT_NAME` and `AZURE_STORAGE_PRIMARY_ACCOUNT_KEY`.
4545+- Required env vars: `KROGER_CLIENT_ID`, `KROGER_CLIENT_SECRET`, `AI_API_KEY`; optional `CLARITY_PROJECT_ID`, `GOOGLE_TAG_ID`, `GOOGLE_CONVERSION_LABEL`, `HISTORY_PATH`. Azure logging uses `AZURE_STORAGE_ACCOUNT_NAME` and `AZURE_STORAGE_PRIMARY_ACCOUNT_KEY`.
4646- Never commit secrets or generated recipe outputs. If testing against real APIs, use minimal scopes and rotate keys promptly.
4747- Any handler that lets you see data from multiple users should go behind the /admin mux to secure it.
+1
README.md
···1515### Optional
1616- `CLARITY_PROJECT_ID` - Microsoft Clarity project ID for web analytics (optional)
1717- `GOOGLE_TAG_ID` - Google Ads/gtag ID for web analytics (optional)
1818+- `GOOGLE_CONVERSION_LABEL` - Google Ads conversion label used on `/auth/establish?signup=true` (optional)
1819- `SENDGRID_API_KEY` - To allow sending weekly recipe lists via email
19202021if you're