Environment Reference
.env
Prisma PHP loads configuration variables at boot. Changes to your .env file usually require a server restart.
Full Reference Template
# --- Core Application ---
APP_ENV="development"
APP_TIMEZONE="UTC"
SHOW_ERRORS="true"
CACHE_ENABLED="false"
CACHE_TTL="600"
LOCALSTORE_KEY="change_me_to_random_string"
# --- Authentication ---
AUTH_SECRET="change_me_to_long_random_string"
AUTH_COOKIE_NAME="prisma_session"
# --- Security ---
FUNCTION_CALL_SECRET="change_me_to_random_hash"
# --- CORS Configuration ---
CORS_ALLOWED_ORIGINS=[]
CORS_ALLOW_CREDENTIALS="true"
CORS_ALLOWED_METHODS="GET,POST,PUT,PATCH,DELETE,OPTIONS"
CORS_ALLOWED_HEADERS="Content-Type,Authorization,X-Requested-With"
CORS_EXPOSE_HEADERS=""
CORS_MAX_AGE="86400"
# --- Mail (Optional) ---
# SMTP_HOST="smtp.gmail.com"
# SMTP_USERNAME="user@example.com"
# SMTP_PASSWORD="password"
# SMTP_PORT="587"
# SMTP_ENCRYPTION="tls"
# MAIL_FROM="user@example.com"
# MAIL_FROM_NAME="My App"
# --- MCP Server (Optional) ---
MCP_NAME="prisma-php-mcp"
MCP_VERSION="0.1.0"
MCP_HOST="127.0.0.1"
MCP_PORT="4000"
MCP_PATH_PREFIX="mcp"
MCP_JSON_RESPONSE="true"
# --- Prisma ORM (Optional) ---
DATABASE_URL="postgresql://user:password@localhost:5432/mydb?schema=public"Core & Security
| Variable | Default / Example | Description |
|---|---|---|
| APP_ENV | development | Use production in live environments. |
| SHOW_ERRORS | true | Detailed error reporting. Must be false in production. |
| AUTH_SECRET | ... | Critical key for JWT/Session encryption. Keep private. |
| FUNCTION_CALL_SECRET | ... | Used to verify internal API function calls. |
CORS Configuration
Control cross-origin access. CORS_ALLOWED_ORIGINS accepts a CSV string or JSON array.
Credentials & Origins
If CORS_ALLOW_CREDENTIALS="true", you cannot use * for origins. You must strictly list allowed domains.
.env
# Option 1: CSV
CORS_ALLOWED_ORIGINS="https://app.com,https://api.com"
# Option 2: JSON Array
CORS_ALLOWED_ORIGINS=["https://app.com", "https://api.com"]
# Option 3: Block Cross-Origin (Same-origin only)
CORS_ALLOWED_ORIGINS=[]Mail (PHPMailer)
| Variable | Example | Description |
|---|---|---|
| SMTP_HOST | smtp.gmail.com | The hostname of your mail server. |
| SMTP_PORT | 587 | Usually 587 (TLS) or 465 (SSL). |
| SMTP_ENCRYPTION | tls | Encryption protocol (ssl or tls). |
MCP Server
Configuration for src/Lib/MCP/mcp-server.php.
Debugging Tools
Enable MCP_JSON_RESPONSE="true" to inspect raw JSON output in your browser.
Use the MCP Inspector for live testing.
| Variable | Default |
|---|---|
| MCP_PORT | 4000 |
| MCP_PATH_PREFIX | mcp |
Terminal
# Start Server ➜ npm run dev # Inspect ➜ npx @modelcontextprotocol/inspector \ http://127.0.0.1:4000/mcp