dx(frontend): Update .env.default

[Pwuts]

The frontend .env.default is incomplete and has a strange format. Small effort to fix.

Changes 🏗️

• Fix indent of frontend/.env.default
• Add comments explaining config things
• Add missing env config keys AUTH_CALLBACK_URL, NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY

Checklist 📋

For configuration changes:

• .env.default is updated or already compatible with my changes
• docker-compose.yml is updated or already compatible with my changes
• I have included a list of my configuration changes in the PR description (under Changes)

[netlify]

✅ Deploy Preview for auto-gpt-docs-dev canceled.

Name	Link
🔨 Latest commit	2d3a5df
🔍 Latest deploy log	https://app.netlify.com/projects/auto-gpt-docs-dev/deploys/6900ded0d5bdc8000807be4e

[netlify]

✅ Deploy Preview for auto-gpt-docs canceled.

Name	Link
🔨 Latest commit	2d3a5df
🔍 Latest deploy log	https://app.netlify.com/projects/auto-gpt-docs/deploys/6900ded0b5a0f50008d1d375

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pwuts/fix-frontend-default-env

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[deepsource-io]

Here's the code health analysis summary for commits 59657eb..2d3a5df. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Python	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[sentry]

Bug: AUTH_CALLBACK_URL in .env.default uses unsupported variable expansion, resulting in an invalid literal string for OAuth callbacks.
_{Severity: HIGH | Confidence: 0.95}

🔍 Detailed Analysis

The AUTH_CALLBACK_URL in .env.default is defined with variable syntax like ${NEXT_PUBLIC_FRONTEND_BASE_URL}/auth/callback. The dotenv library (v17.2.1) and current Next.js configuration do not support shell-style variable expansion. Consequently, AUTH_CALLBACK_URL is set to the literal string "${NEXT_PUBLIC_FRONTEND_BASE_URL}/auth/callback". This invalid URL is then used for OAuth redirects, causing authentication failures in local development environments. The fallback http://localhost:3000/auth/callback is not utilized because AUTH_CALLBACK_URL is technically defined.

💡 Suggested Fix

Either hardcode AUTH_CALLBACK_URL to http://localhost:3000/auth/callback in .env.default or implement dotenv variable expansion support (e.g., via dotenv-expand or @next/env configuration).

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: autogpt_platform/frontend/.env.default#L4

Potential issue: The `AUTH_CALLBACK_URL` in `.env.default` is defined with variable
syntax like `${NEXT_PUBLIC_FRONTEND_BASE_URL}/auth/callback`. The `dotenv` library
(v17.2.1) and current Next.js configuration do not support shell-style variable
expansion. Consequently, `AUTH_CALLBACK_URL` is set to the literal string
`"${NEXT_PUBLIC_FRONTEND_BASE_URL}/auth/callback"`. This invalid URL is then used for
OAuth redirects, causing authentication failures in local development environments. The
fallback `http://localhost:3000/auth/callback` is not utilized because
`AUTH_CALLBACK_URL` is technically defined.

_{Did we get this right? 👍 / 👎 to inform future reviews.}