docs: update shared services registry with Resend, AI APIs, shared env patterns

reference/shared-services-registry.md

@@ -1,5 +1,5 @@
 # Shared Services Registry
-*Last updated: 2026-01-29*
+*Last updated: 2026-01-29 (v2 — added Resend, shared env patterns, AI APIs)*
 
 All reusable infrastructure, accounts, domains, and services across Hammer's projects.
 
@@ -107,12 +107,18 @@ All secrets stored in **Bitwarden** (shared org vault: `Hammer's Credentials`).
 
 | Service | Purpose | Where Used | Bitwarden Item |
 |---------|---------|-----------|----------------|
-| Dokploy API | Deploy apps via API | Dashboard deploy, cron task worker | "Dokploy API Key" or similar |
-| Hammer Dashboard API | Task CRUD, webhooks | Cron jobs, heartbeat checks | Bearer token in cron config |
-| Gmail API (OAuth2) | Email monitoring | Heartbeat checks, `~/.local/bin/gmail` | OAuth tokens in gmail config |
-| Gitea (hammer) | Push code, create PRs | All repos | Git credential in remote URLs |
+| **Resend** | Transactional email (noreply@donovankelly.xyz) | Todo App, Network App | RESEND_API_KEY in app envs |
+| **Dokploy API** | Deploy apps via API | Dashboard deploy, cron task worker | "dokploy api key" |
+| **Brave Search API** | Web search | Clawdbot gateway | "brave api key" |
+| **Anthropic API** | LLM (Claude) | Network App AI features | ANTHROPIC_API_KEY in network-app env |
+| **OpenAI API** | LLM (GPT) | Network App AI features | OPENAI_API_KEY in network-app env |
+| **BetterAuth** | Auth framework (shared pattern) | Todo App, Network App | Per-app BETTER_AUTH_SECRET |
+| Hammer Dashboard API | Task CRUD, webhooks | Cron jobs, heartbeat checks | "Hammer Queue (donovankelly.xyz)" |
+| Gmail API (OAuth2) | Email monitoring | Heartbeat checks, `~/.local/bin/gmail` | "accounts.google.com" |
+| Gitea (hammer) | Push code, create PRs | All repos | "git.infra.nkode.tech" |
 | nKode Postgres | Database creds | nkode-backend env vars | "nKode Postgres (Dokploy)" |
 | Clawdbot Gateway WS | WebSocket auth token | dash.donovankelly.xyz chat relay | GATEWAY_WS_URL / WS token |
+| Todoist | Task management (legacy?) | Unknown | "Todoist" |
 
 ### Bitwarden Vault Info
 - **Organization:** `4e3ffbdb-0f8b-4f7a-a276-b0a30160e33f` (Hammer's Credentials)
@@ -134,8 +140,21 @@ When spinning up a new app, reuse:
 6. **TLS:** Automatic via Dokploy's Traefik (for Dokploy apps) or Caddy (for VPS services)
 7. **Deploy:** Use Dokploy API for automated deploys from task worker
 
+### Shared Env Patterns Across Apps
+
+Apps on Dokploy share common env var patterns. When creating a new app:
+
+| Env Var | What It Is | How to Get |
+|---------|-----------|------------|
+| `DATABASE_URL` | Postgres connection string | Create managed Postgres in Dokploy, use internal hostname |
+| `BETTER_AUTH_SECRET` | Auth session signing key | Generate: `openssl rand -hex 32` — store in Bitwarden |
+| `RESEND_API_KEY` | Transactional email | Reuse existing key (same Resend account) |
+| `FROM_EMAIL` | Sender address | Use `noreply@donovankelly.xyz` or per-app variant |
+| `APP_URL` | Public URL | The app's subdomain (e.g. `https://app.X.donovankelly.xyz`) |
+| `ALLOWED_ORIGINS` | CORS origins | Frontend + API URLs |
+| `PORT` | Service port | Typically 3000/3001 — Dokploy routes via Traefik |
+
 ### Not Yet Set Up (Opportunities)
-- **Email sending (transactional):** No Resend/SendGrid account yet — would benefit Network App, Todo App, future apps
 - **Stripe:** No account yet — needed if any app charges money
 - **Analytics:** No Plausible/PostHog — could add self-hosted analytics
 - **Error tracking:** No Sentry — could add for production monitoring