Integrations are external services your project depends on. 6cript maintains a fixed catalog: Supabase, AI providers, Stripe, Email, WhatsApp / SMS, Sheets / CSV, Storage. Each one shows up as a card in Deploy mode with three pieces of state.
Card fields
- Status — planned, connected, or not_needed.
- Notes — a free-text field for "where the keys live", "who owns it", etc.
- Secret configured — a checkbox the operator flips once env vars are wired.
The catalog
Supabase
Used for blueprints, schemas, tasks, scenes, checkpoints, auth, and row-level security. Always required. Wired through NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY.
AI providers
Anthropic, OpenAI, Google, Groq, OpenRouter. At least one is required for the AI loop. Set ANTHROPIC_API_KEY (or the equivalent for your chosen provider) in env.
Stripe
Used for 6cript's own billing. Set STRIPE_SECRET_KEY, plus STRIPE_PRICE_PRO and STRIPE_PRICE_PRO_MAX, plus the webhook endpoint for checkout.session.completed.
Outbound transactional email — receipts, invitations. Pick a provider (Resend, Postmark, SES) and store its API key in env. 6cript does not send email today; the integration card is for projects that plan to.
WhatsApp / SMS
For projects that need to reach operators on the channels they actually use. WhatsApp Business or a Twilio-equivalent. Track here so launch checks know it is planned.
Google Sheets / CSV
CSV export already works today through Data mode. Sheets-side sync is on the roadmap — mark this integration not_needed if you only ever export.
File / media storage
For logos, attachments, generated reports. Supabase Storage covers this once you provision it. Mark connected after creating the bucket and access policies.
Safe secret handling
Real secrets live exclusively in environment variables. The application reads them server-side and never echoes them to the client. The export package and the activity timeline both omit any secret material by design.