Nextjs Guideline: Environment — Use NEXT_PUBLIC prefix. Description: Client-accessible env vars need prefix. Do: NEXT_PUBLIC_ for client vars. Don't: Server vars exposed to client. Good Example: NEXT_PUBLIC_API_URL. Bad Example: API_SECRET in client code. Severity: High. Docs: https://nextjs.org/docs/app/building-your-application/configuring/environment-variables.