diff --git a/src/lib/auth-server.ts b/src/lib/auth-server.ts
index a34a50e..746650a 100644
--- a/src/lib/auth-server.ts
+++ b/src/lib/auth-server.ts
@@ -1,5 +1,7 @@
 import { convexBetterAuthNextJs } from '@convex-dev/better-auth/nextjs';
 
+import { env } from './env';
+
 export const {
   handler,
   preloadAuthQuery,
@@ -9,6 +11,6 @@ export const {
   fetchAuthMutation,
   fetchAuthAction,
 } = convexBetterAuthNextJs({
-  convexUrl: process.env.NEXT_PUBLIC_CONVEX_URL!,
-  convexSiteUrl: process.env.NEXT_PUBLIC_CONVEX_SITE_URL!,
+  convexUrl: env.NEXT_PUBLIC_CONVEX_URL,
+  convexSiteUrl: env.NEXT_PUBLIC_CONVEX_SITE_URL,
 });
diff --git a/src/lib/env.ts b/src/lib/env.ts
new file mode 100644
index 0000000..553993f
--- /dev/null
+++ b/src/lib/env.ts
@@ -0,0 +1,35 @@
+import { z } from 'zod/v4';
+
+const serverSchema = z.object({
+  NEXT_PUBLIC_CONVEX_URL: z.string().url(),
+  NEXT_PUBLIC_CONVEX_SITE_URL: z.string().url(),
+  NEXT_PUBLIC_SITE_URL: z.string().url(),
+});
+
+const clientSchema = z.object({
+  NEXT_PUBLIC_CONVEX_URL: z.string().url(),
+  NEXT_PUBLIC_CONVEX_SITE_URL: z.string().url(),
+  NEXT_PUBLIC_SITE_URL: z.string().url(),
+});
+
+const processEnv = {
+  NEXT_PUBLIC_CONVEX_URL: process.env.NEXT_PUBLIC_CONVEX_URL,
+  NEXT_PUBLIC_CONVEX_SITE_URL: process.env.NEXT_PUBLIC_CONVEX_SITE_URL,
+  NEXT_PUBLIC_SITE_URL: process.env.NEXT_PUBLIC_SITE_URL,
+};
+
+const parsed = serverSchema.safeParse(processEnv);
+
+if (!parsed.success) {
+  console.error(
+    'Invalid environment variables:',
+    parsed.error.flatten().fieldErrors,
+  );
+  throw new Error('Invalid environment variables');
+}
+
+export const env = parsed.data;
+
+export function getClientEnv() {
+  return clientSchema.parse(processEnv);
+}