Skip to main content
Both sites are standard Next.js 16 apps with output: "standalone" — deployable on Vercel, Docker, or any Node host. Browsing works from the committed JSON index; only generation and account features need the backend reachable.

Environment variables

VariableRequiredDefaultPurpose
NEXT_PUBLIC_BACKEND_URLYeshttps://api.buildwithtrace.comBackend API base (client + server)
BACKEND_URLNofalls back to NEXT_PUBLIC_BACKEND_URLServer-side override used by proxy routes
NEXT_PUBLIC_SITE_URLNoper-site canonicalhttps://symbols.buildwithtrace.com / https://footprints.buildwithtrace.com
NEXT_PUBLIC_POSTHOG_KEYNo""PostHog analytics (disabled if empty)
NEXT_PUBLIC_SUPABASE_ANON_KEYNo""Supabase Realtime for live comments (optional)
Point NEXT_PUBLIC_BACKEND_URL / BACKEND_URL at staging (http://75.101.181.175) to test generation/save against the staging backend without touching production.

Local development

pnpm install
pnpm dev          # next dev (Turbopack)
The footprints repo needs data/footprints_index.json present (committed). The symbols repo needs data/symbols_index.json (committed) and, for full pin data, the per-library files — regenerate any missing data with python3 scripts/sync.py --force (see Data pipeline).

Domains

SiteDomainRepo
Symbolssymbols.buildwithtrace.combuildwithtrace/trace-symbols
Footprintsfootprints.buildwithtrace.combuildwithtrace/trace-footprints

Security headers

Set in next.config.ts on both sites:
  • X-Frame-Options: DENY
  • X-Content-Type-Options: nosniff
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy: camera=(), microphone=(), geolocation=()
  • Strict-Transport-Security: max-age=31536000; includeSubDomains

Health check

GET /api/health returns 200 when the local index files are present, 503 otherwise: 
{ "status": "ok", "timestamp": "…",
  "data": { "symbols_index": true, "symbol_thumbnails": true, "libraries_dir": true } }