Secure, systematic environment bootstrapping for multi-channel DTC brands.
Built by eComX — the Context-First AI development methodology for serious ecommerce operators.
An AI-agent workflow that walks you through acquiring credentials for every service you use, storing them securely in Apple Keychain, and generating a .env.local file as a derived artifact — never the source of truth.
Philosophy: Maximum scope (full read/write everywhere). Maximum security (Keychain is the source of truth, .env.local is just a cache).
When you're done, every API key your project needs is:
- 🔐 Stored in macOS Keychain (encrypted at rest, biometric unlock)
- 📁 Available in
.env.localfor local development - 🔗 Ready to be referenced by
/setup-cli,/setup-data-warehouse, and AI agents - 🛡️ Protected by a pre-commit hook that blocks accidental secret commits
| Category | Services |
|---|---|
| 🏗️ Infrastructure | GitHub, Vercel, Supabase, Cloudflare, GoDaddy |
| 🛒 E-Commerce | Shopify (full admin: products, orders, customers, themes, content) |
| 💳 Payments | Stripe, Omise (Opn), PayPal, Shopify Payments |
| 📢 Marketing & Ads | Meta (Facebook + Instagram + Ads Business), Google Ads |
| 📊 Analytics | GA4 |
| 📧 Email Marketing | Klaviyo |
| 📬 Communication | Gmail, Google Drive |
| 🎧 Customer Support | Gorgias |
| 📱 SMS | Twilio |
| 📒 Accounting | QuickBooks |
| 🎨 Design | Figma, Canva, FreePik, Milanote, Notion |
| 🤖 AI / LLM | OpenAI, Anthropic, xAI (Grok), Gemini |
| 🔍 Monitoring | Sentry |
Every service includes: dashboard URL, required keys with security tiers, format validation, and smoke test commands. Need a service not listed? Use --add custom to add any service interactively.
- macOS (Apple Keychain required)
- Node.js ≥ 18
- API accounts for the services you use
- An AI agent that can run workflows (Claude, Cursor, Antigravity, etc.)
# Clone the repo
git clone https://github.com/ecomxco/setup-environment.git
cd setup-environment
# Open WORKFLOW.md in your AI agent and run:
/setup-environmentThe workflow runs interactively. Your agent will prompt you service by service, help you acquire credentials, store them in Keychain, and validate each connection before moving on.
- Service Inventory — Select which services your project needs from a visual checklist
- Keychain Namespace — Create a project-scoped namespace in Apple Keychain
- Credential Acquisition — Walk through each service one at a time: dashboard URL → key generation → format validation → Keychain storage
- Smoke Tests — Verify every connection works with per-service health checks
- Security Hardening — Pre-commit secret scanning, credential lifecycle tracking, AI context rules
Each credential is classified into one of four security tiers:
| Tier | Icon | Example |
|---|---|---|
| Public | 🟢 | NEXT_PUBLIC_SHOPIFY_STORE_DOMAIN |
| Private | 🟡 | VERCEL_ORG_ID |
| Secret | 🔴 | OPENAI_API_KEY |
| Nuclear | ⚫ | STRIPE_SECRET_KEY — can spend real money |
| Command | What It Does |
|---|---|
/setup-environment |
Full interactive setup (day one) |
/setup-environment --add shopify |
Add one new service from the registry |
/setup-environment --add custom |
Add a custom service interactively |
/setup-environment --verify |
Health-check all existing connections |
/setup-environment --refresh |
Regenerate .env.local from Keychain |
Once your environment is set up:
→ /setup-cli # Generate CLI scripts for every connected service
→ /setup-data-warehouse # Pull live data into your local warehouse
→ /setup-bios # Generate your 33 BIOS intelligence specsSee CONTRIBUTING.md for how to add new services or improve the workflow.
See SECURITY.md for our responsible disclosure policy.
- 📖 Full workflow: WORKFLOW.md
- 💬 Questions: ecom-x.com/call
- 🐛 Issues: GitHub Issues
MIT — © 2026 eCom XP LLC