| Core | | | |
DATABASE_URL | Yes | PostgreSQL connection string | — |
NEXT_PUBLIC_BASE_URL | Yes | Public URL where app is hosted (e.g., https://yourdomain.com) | — |
INTERNAL_API_KEY | Yes | Secret key for internal API calls. Generate with openssl rand -hex 32 | — |
AUTH_SECRET | Yes | better-auth secret. Generate with openssl rand -hex 32 | — |
NODE_ENV | No | Environment mode | development |
| Encryption | | | |
EMAIL_ENCRYPT_SECRET | Yes | Secret for encrypting OAuth tokens. Generate with openssl rand -hex 32 | — |
EMAIL_ENCRYPT_SALT | Yes | Salt for encrypting OAuth tokens. Generate with openssl rand -hex 16 | — |
| Google OAuth | | | |
GOOGLE_CLIENT_ID | Yes | OAuth client ID from Google Cloud Console | — |
GOOGLE_CLIENT_SECRET | Yes | OAuth client secret from Google Cloud Console | — |
| Microsoft OAuth | | | |
MICROSOFT_CLIENT_ID | No | OAuth client ID from Azure Portal | — |
MICROSOFT_CLIENT_SECRET | No | OAuth client secret from Azure Portal | — |
MICROSOFT_WEBHOOK_CLIENT_STATE | No | Secret for Microsoft webhook verification. Generate with openssl rand -hex 32 | — |
| Google PubSub | | | |
GOOGLE_PUBSUB_TOPIC_NAME | Yes | Full topic name (e.g., projects/my-project/topics/gmail) | — |
GOOGLE_PUBSUB_VERIFICATION_TOKEN | No | Token for webhook verification | — |
| Redis | | | |
UPSTASH_REDIS_URL | No* | Upstash Redis URL or any Upstash-compatible HTTP Redis endpoint (*required if not using Docker Compose with local Redis) | — |
UPSTASH_REDIS_TOKEN | No* | Upstash Redis token or serverless-redis-http token (*required if not using Docker Compose) | — |
REDIS_URL | No | Alternative Redis URL (for subscriptions) | — |
| LLM Provider Selection | | | |
DEFAULT_LLM_PROVIDER | Yes | Primary LLM provider (anthropic, google, openai, bedrock, openrouter, groq, aigateway, ollama) | — |
DEFAULT_LLM_MODEL | No | Model to use with default provider | Provider default |
DEFAULT_OPENROUTER_PROVIDERS | No | Comma-separated list of OpenRouter providers | — |
ECONOMY_LLM_PROVIDER | No | Provider for cheaper operations | — |
ECONOMY_LLM_MODEL | No | Model for economy provider | — |
ECONOMY_OPENROUTER_PROVIDERS | No | OpenRouter providers for economy model | — |
CHAT_LLM_PROVIDER | No | Provider for chat operations | Falls back to default |
CHAT_LLM_MODEL | No | Model for chat provider | — |
CHAT_OPENROUTER_PROVIDERS | No | OpenRouter providers for chat | — |
OPENROUTER_BACKUP_MODEL | No | Fallback model for OpenRouter | google/gemini-2.5-flash |
USE_BACKUP_MODEL | No | Enable backup model fallback | false |
| LLM API Keys | | | |
ANTHROPIC_API_KEY | No | Anthropic API key | — |
OPENAI_API_KEY | No | OpenAI API key | — |
GOOGLE_API_KEY | No | Google Gemini API key | — |
GROQ_API_KEY | No | Groq API key | — |
OPENROUTER_API_KEY | No | OpenRouter API key | — |
AI_GATEWAY_API_KEY | No | AI Gateway API key | — |
PERPLEXITY_API_KEY | No | Perplexity API key for guest research for meeting briefs | — |
| AWS Bedrock | | | |
BEDROCK_ACCESS_KEY | No | AWS access key for Bedrock. See AI SDK Bedrock documentation. | — |
BEDROCK_SECRET_KEY | No | AWS secret key for Bedrock | — |
BEDROCK_REGION | No | AWS region for Bedrock | us-west-2 |
| Ollama (Local LLM) | | | |
OLLAMA_BASE_URL | No | Ollama API endpoint (e.g., http://localhost:11434/api) | — |
OLLAMA_MODEL | No | Model to use with Ollama (e.g., llama3) | — |
| Background Jobs (QStash, optional) | | | |
QSTASH_TOKEN | No | QStash API token (optional; fallback runs jobs via internal API + cron) | — |
QSTASH_CURRENT_SIGNING_KEY | No | Current signing key for webhooks | — |
QSTASH_NEXT_SIGNING_KEY | No | Next signing key for key rotation | — |
| Sentry | | | |
SENTRY_AUTH_TOKEN | No | Auth token for source maps | — |
SENTRY_ORGANIZATION | No | Organization slug | — |
SENTRY_PROJECT | No | Project slug | — |
NEXT_PUBLIC_SENTRY_DSN | No | Client-side DSN | — |
| Resend | | | |
RESEND_API_KEY | No | API key for transactional emails | — |
RESEND_AUDIENCE_ID | No | Audience ID for contacts | — |
RESEND_FROM_EMAIL | No | From email address | Inbox Zero <[email protected]> |
NEXT_PUBLIC_IS_RESEND_CONFIGURED | No | Client-side flag indicating if Resend is configured | — |
| Other | | | |
CRON_SECRET | No | Secret for cron job authentication | — |
HEALTH_API_KEY | No | API key for health checks | — |
WEBHOOK_URL | No | External webhook URL | — |
| Admin & Access Control | | | |
ADMINS | No | Comma-separated list of admin emails | — |
| Feature Flags | | | |
NEXT_PUBLIC_CONTACTS_ENABLED | No | Enable contacts feature | false |
NEXT_PUBLIC_EMAIL_SEND_ENABLED | No | Enable email sending | true |
NEXT_PUBLIC_BYPASS_PREMIUM_CHECKS | No | Bypass premium checks (recommended for self-hosting) | true |
NEXT_PUBLIC_DIGEST_ENABLED | No | Enable email digest feature, which sends periodic summaries of emails. Works without QStash (no retries). | false |
NEXT_PUBLIC_MEETING_BRIEFS_ENABLED | No | Enable meeting briefs, which automatically sends pre-meeting briefings to users. Requires the meeting briefs cron job to be running. | false |
NEXT_PUBLIC_FOLLOW_UP_REMINDERS_ENABLED | No | Enable follow-up reminders, which allows users to add labels to emails for automatic follow-up tracking. Requires the follow-up reminders cron job to be running. | false |
NEXT_PUBLIC_INTEGRATIONS_ENABLED | No | Enable the integrations feature, allowing users to connect external services. | false |
NEXT_PUBLIC_SMART_FILING_ENABLED | No | Enable the Smart Filing feature for automatic document organization from email attachments. | false |
| Debugging | | | |
DISABLE_LOG_ZOD_ERRORS | No | Disable logging Zod validation errors | — |
ENABLE_DEBUG_LOGS | No | Enable debug logging | false |
NEXT_PUBLIC_LOG_SCOPES | No | Comma-separated log scopes | — |
