Skip to main content
This page lists every environment variable recognized by ChatJS, grouped by category. The schema is defined in apps/chat/lib/env-schema.ts and validated at build time by apps/chat/scripts/check-env.ts.
Missing required variables will cause the build to fail immediately. Variables that are required only when a feature or gateway is enabled are validated based on your chat.config.ts settings.

Required

These two variables must always be set. Without them the app will not start.
VariableDescriptionHow to get it
DATABASE_URLPostgreSQL connection stringNeon, Vercel Postgres, or any Postgres provider
AUTH_SECRETSecret used to sign and encrypt session tokens (Better Auth)Run openssl rand -base64 32 or use generate-secret.vercel.app/32
In addition to the two variables above, at least one AI gateway key and at least one OAuth provider must be configured. See the sections below.

Authentication

Enable providers in chat.config.ts under authentication. At least one must be enabled. The build validator checks that every enabled provider has its corresponding env vars set.
chat.config.ts
authentication: {
  google: false, // Requires AUTH_GOOGLE_ID + AUTH_GOOGLE_SECRET
  github: true,  // Requires AUTH_GITHUB_ID + AUTH_GITHUB_SECRET
  vercel: false, // Requires VERCEL_APP_CLIENT_ID + VERCEL_APP_CLIENT_SECRET
},

GitHub OAuth

VariableDescription
AUTH_GITHUB_IDGitHub OAuth app client ID
AUTH_GITHUB_SECRETGitHub OAuth app client secret
Setup: Go to GitHub Developer SettingsNew OAuth App. Set the callback URL to https://yourdomain.com/api/auth/callback/github.

Google OAuth

VariableDescription
AUTH_GOOGLE_IDGoogle OAuth 2.0 client ID
AUTH_GOOGLE_SECRETGoogle OAuth 2.0 client secret
Setup: Go to Google Cloud ConsoleCreate credentialsOAuth 2.0 Client ID (Web application). Add https://yourdomain.com/api/auth/callback/google as an authorized redirect URI.

Vercel OAuth

VariableDescription
VERCEL_APP_CLIENT_IDVercel OAuth integration client ID
VERCEL_APP_CLIENT_SECRETVercel OAuth integration client secret
Setup: Follow the Sign In with Vercel guide to create an integration.

AI Gateways

Exactly one gateway must be active. Set ai.gateway in chat.config.ts to select it.
chat.config.ts
ai: {
  gateway: "vercel", // "vercel" | "openrouter" | "openai" | "openai-compatible"
}

Vercel AI Gateway (default)

Provides access to 120+ models from OpenAI, Anthropic, Google, xAI, Meta, and more through a single key. This is the default gateway.
VariableRequiredDescription
AI_GATEWAY_API_KEYSelf-hosted / local devAPI key for Vercel AI Gateway
VERCEL_OIDC_TOKENAuto-set on VercelOIDC token injected automatically on Vercel deployments
On Vercel deployments, VERCEL_OIDC_TOKEN is injected automatically. You only need AI_GATEWAY_API_KEY for local development or non-Vercel hosting.
Setup: Go to Vercel AI Gateway and create an API key.

OpenRouter

Provides access to hundreds of models with per-token pricing.
VariableRequiredDescription
OPENROUTER_API_KEYYesYour OpenRouter API key (sk-or-v1-...)
Setup: Create an account at OpenRouter, then go to API Keys.

OpenAI

Direct connection to the OpenAI API. Use when you only need OpenAI models.
VariableRequiredDescription
OPENAI_API_KEYYesYour OpenAI API key (sk-...)
Setup: Go to OpenAI Platform and create an API key.

OpenAI Compatible

Works with any endpoint that follows the OpenAI API format: Ollama, LM Studio, vLLM, Azure OpenAI, and others.
VariableRequiredDescription
OPENAI_COMPATIBLE_BASE_URLYesBase URL of the compatible API (e.g., http://localhost:11434/v1)
OPENAI_COMPATIBLE_API_KEYYesAPI key for the compatible provider
Setup: Start your compatible server (for example, run ollama serve for Ollama), set OPENAI_COMPATIBLE_BASE_URL to its /v1 endpoint, and provide OPENAI_COMPATIBLE_API_KEY.

Features

Feature flags live under features in chat.config.ts. Each flag has an associated environment variable requirement validated at build time. Enable real-time web search with citations. Requires at least one search provider key.
chat.config.ts
features: {
  webSearch: true,    // Requires TAVILY_API_KEY or FIRECRAWL_API_KEY
  urlRetrieval: true, // Requires FIRECRAWL_API_KEY
}
VariableFeatureDescriptionGet it
TAVILY_API_KEYwebSearchTavily API key for web search (recommended)app.tavily.com
FIRECRAWL_API_KEYwebSearch, urlRetrievalFirecrawl API key for web search and URL content extractionfirecrawl.dev
EXA_API_KEYnoneRecognized by env schema but not used by build-time webSearch validationdashboard.exa.ai
If both TAVILY_API_KEY and FIRECRAWL_API_KEY are set, Tavily is used for regular chat web search. Firecrawl is always used for URL retrieval.

MCP Connectors

Enable Model Context Protocol server connections to expose custom tools and data sources to the AI.
chat.config.ts
features: {
  mcp: true, // Requires MCP_ENCRYPTION_KEY
}
VariableRequiredDescription
MCP_ENCRYPTION_KEYYes44-character base64 key used to encrypt stored MCP server credentials (URLs, OAuth tokens)
Generate a key: 
openssl rand -base64 32
The key must be exactly 44 characters (32 bytes encoded as base64). Changing this key after deployment will invalidate all stored MCP connector credentials.

Blob Storage (Attachments and Image Generation)

Required for file attachment uploads and AI image generation.
chat.config.ts
features: {
  attachments: true,      // Requires BLOB_READ_WRITE_TOKEN
  imageGeneration: true,  // Requires BLOB_READ_WRITE_TOKEN
}
VariableRequiredDescriptionGet it
BLOB_READ_WRITE_TOKENYes (for these features)Vercel Blob storage tokenVercel Storage → Create → Blob
When using Vercel, connect a Blob store in your project dashboard under Storage. The token is added to your environment automatically.

Code Execution Sandbox

Enable secure Python code execution using Vercel Sandbox.
chat.config.ts
features: {
  sandbox: true,
}
VariableRequiredDescription
VERCEL_OIDC_TOKENAuto-set on VercelUsed automatically for OIDC auth on Vercel deployments
VERCEL_TEAM_IDSelf-hosted onlyYour Vercel team ID (team_...)
VERCEL_PROJECT_IDSelf-hosted onlyYour Vercel project ID (prj_...)
VERCEL_TOKENSelf-hosted onlyVercel API token with sandbox permissions
VERCEL_SANDBOX_RUNTIMEOptionalSandbox runtime identifier (default: python3.13)
On Vercel deployments, sandbox authentication happens automatically via OIDC — no additional variables needed. Set VERCEL_TEAM_ID, VERCEL_PROJECT_ID, and VERCEL_TOKEN only when running ChatJS outside of Vercel.

Optional / Advanced

Resumable Streams

Allows users to reconnect to an ongoing AI generation after a page refresh or network interruption.
VariableDescriptionGet it
REDIS_URLRedis connection URL for stream state storageVercel KV or any Redis provider
Without REDIS_URL, streams work normally but cannot be resumed after disconnection.

Cron Job Secret

Secures the /api/cron/cleanup endpoint that removes orphaned blob attachments.
VariableDescription
CRON_SECRETBearer token that the cron runner must send to authenticate
Generate a secret: 
openssl rand -base64 32
On Vercel, the platform automatically sends CRON_SECRET as a Authorization: Bearer <secret> header when triggering cron jobs.

App URL

VariableRequiredDescription
APP_URLNon-Vercel deploymentsFull public URL of the app including protocol (e.g., https://myapp.com)
VERCEL_URLAuto-set by VercelHostname auto-injected by the Vercel platform; used when APP_URL is not set

Observability (Langfuse)

ChatJS uses OpenTelemetry via @vercel/otel and exports traces to Langfuse for LLM observability. These variables are read by the langfuse-vercel exporter and are not part of the Zod env schema — they are picked up automatically by the Langfuse SDK from the environment.
VariableDescriptionGet it
LANGFUSE_PUBLIC_KEYLangfuse project public keyLangfuse Cloud → Project Settings → API Keys
LANGFUSE_SECRET_KEYLangfuse project secret keySame as above
LANGFUSE_BASE_URLLangfuse API base URL (default: https://cloud.langfuse.com)Set to your self-hosted Langfuse URL if applicable
Omitting these variables disables trace export. The app runs normally without them.

Quick Reference

All variables in one place:
VariableCategoryRequired
DATABASE_URLCoreAlways
AUTH_SECRETCoreAlways
AI_GATEWAY_API_KEYGatewayVercel gateway (non-Vercel hosting)
VERCEL_OIDC_TOKENGatewayAuto-set on Vercel
OPENROUTER_API_KEYGatewayOpenRouter gateway
OPENAI_API_KEYGatewayOpenAI gateway
OPENAI_COMPATIBLE_BASE_URLGatewayOpenAI-compatible gateway
OPENAI_COMPATIBLE_API_KEYGatewayOpenAI-compatible gateway
AUTH_GITHUB_IDAuthIf authentication.github: true
AUTH_GITHUB_SECRETAuthIf authentication.github: true
AUTH_GOOGLE_IDAuthIf authentication.google: true
AUTH_GOOGLE_SECRETAuthIf authentication.google: true
VERCEL_APP_CLIENT_IDAuthIf authentication.vercel: true
VERCEL_APP_CLIENT_SECRETAuthIf authentication.vercel: true
BLOB_READ_WRITE_TOKENFeatureIf attachments or imageGeneration enabled
TAVILY_API_KEYFeatureIf webSearch enabled (one search key required)
FIRECRAWL_API_KEYFeatureIf webSearch or urlRetrieval enabled
EXA_API_KEYOptionalRecognized by env schema but not required by current validation
MCP_ENCRYPTION_KEYFeatureIf mcp enabled
VERCEL_TEAM_IDFeatureIf sandbox enabled on non-Vercel hosting
VERCEL_PROJECT_IDFeatureIf sandbox enabled on non-Vercel hosting
VERCEL_TOKENFeatureIf sandbox enabled on non-Vercel hosting
VERCEL_SANDBOX_RUNTIMEFeatureOptional sandbox runtime override
REDIS_URLOptionalResumable streams
CRON_SECRETOptionalSecure cleanup cron endpoint
APP_URLOptionalRequired on non-Vercel deployments
VERCEL_URLOptionalAuto-set by Vercel platform
LANGFUSE_PUBLIC_KEYOptionalLLM observability
LANGFUSE_SECRET_KEYOptionalLLM observability
LANGFUSE_BASE_URLOptionalSelf-hosted Langfuse endpoint