OTP SMS via Twilio VerifyDry-run
Twilio VerifyEndpoint: server-side Twilio Verify API clientWebhook: noneOTP remains online-only and cannot block LAN cashier, waiter, kitchen or printer workflows.
OTP_PROVIDERTWILIO_ACCOUNT_SIDTWILIO_AUTH_TOKENTWILIO_VERIFY_SERVICE_SID
OTP SMS via Firebase phone authDry-run
Firebase AuthEndpoint: Firebase client auth SDKWebhook: noneOnly public Firebase config names are modeled; service-account secrets stay server-side and out of Git.
NEXT_PUBLIC_FIREBASE_API_KEYNEXT_PUBLIC_FIREBASE_AUTH_DOMAINNEXT_PUBLIC_FIREBASE_PROJECT_IDNEXT_PUBLIC_FIREBASE_APP_ID
WhatsApp Cloud APIDry-run
Meta Graph APIEndpoint: https://graph.facebook.com/{WHATSAPP_API_VERSION}/{WHATSAPP_PHONE_NUMBER_ID}/messagesWebhook: GET verify token + POST inbound message webhookReal sends require outbox audit, tenant opt-in, provider env and explicit non-QA runtime.
WHATSAPP_ACCESS_TOKENWHATSAPP_PHONE_NUMBER_IDWHATSAPP_VERIFY_TOKENWHATSAPP_API_VERSION
Telegram Bot APIDry-run
TelegramEndpoint: https://api.telegram.org/bot{TELEGRAM_BOT_TOKEN}/sendMessageWebhook: POST /telegram/webhook/{TELEGRAM_WEBHOOK_SECRET}Bot token and webhook secret are never returned; readiness exposes only missing/configured env names.
TELEGRAM_BOT_TOKENTELEGRAM_WEBHOOK_SECRETBACKEND_PUBLIC_URL
Email via SMTPDry-run
SMTP / Nodemailer-compatibleEndpoint: server-side SMTP transportWebhook: noneSMTP credentials stay server-side; frontend and mock API expose status only.
SMTP_HOSTSMTP_PORTSMTP_USERSMTP_PASSSMTP_FROM
In-app LAN notificationLAN mock
MUPZAOS local hubEndpoint: local hub queueWebhook: noneLAN notifications are offline-safe and remain available without external providers.
no external env required