Environment Variables
Full reference for backend and frontend environment variables.
Backend (backend/.env)
Variables are loaded by Pydantic settings in app/config.py.
Database
| Variable |
Required |
Notes |
POSTGRES_HOST |
Yes |
Database host |
POSTGRES_PORT |
Yes |
Database port |
POSTGRES_USER |
Yes |
Database user |
POSTGRES_PASSWORD |
Yes |
Database password |
POSTGRES_DB |
Yes |
Database name |
POSTGRES_ALEMBIC_USER |
No |
For migrations |
POSTGRES_ALEMBIC_PASSWORD |
No |
For migrations |
JWT / Session
| Variable |
Required |
Notes |
JWT_SECRET_KEY |
Yes |
Must not be default in production |
JWT_ALGORITHM |
No |
Default: HS256 |
JWT_ACCESS_TOKEN_EXPIRE_MINUTES |
No |
Token expiry |
JWT_SECRET_KEY_OLD |
No |
For key rotation |
SESSION_SECRET_KEY |
No |
For opaque session tokens |
SESSION_VERSION |
No |
Deploy-time session invalidation |
App
| Variable |
Required |
Notes |
ENVIRONMENT |
No |
development / production |
CORS_ORIGINS |
Yes |
Comma-separated frontend origins |
NEXTJS_URL |
No |
Frontend URL for redirects |
CSRF_REQUIRE_ORIGIN_ALWAYS |
No |
Stricter CSRF |
COOKIE_DOMAIN |
No |
For shared domain (e.g. .example.com) |
Logging
| Variable |
Required |
Notes |
LOG_FILE |
No |
File path for app logger |
LOG_LEVEL |
No |
DEBUG, INFO, WARNING, ERROR |
LOG_MAX_BYTES |
No |
Rotating file handler |
LOG_BACKUP_COUNT |
No |
Rotating file handler |
Auth
| Variable |
Required |
Notes |
AUTH_PROVIDER |
No |
guest / email / azure |
USER_CACHE_TTL_SECONDS |
No |
User cache TTL |
GUEST_SESSION_MAX_AGE_DAYS |
No |
Guest session expiry |
GUEST_SESSION_IDLE_DAYS |
No |
Guest idle expiry |
Azure AD (when using MSAL)
| Variable |
Required |
Notes |
MSAL_AUTH_COOKIE_NAME |
No |
Cookie name for MSAL token |
AZURE_AD_TENANT_ID |
Yes |
Azure tenant |
AZURE_AD_CLIENT_ID |
Yes |
Azure app client ID |
AZURE_AD_VALID_AUDIENCES |
No |
Comma-separated audiences |
AZURE_AD_SKIP_SIGNATURE_VERIFY |
No |
Dev only |
Redis
| Variable |
Required |
Notes |
REDIS_URL |
No |
e.g. redis://localhost:6379 |
Rate limit
| Variable |
Required |
Notes |
RATE_LIMIT_ENABLED |
No |
Enable rate limiting |
RATE_LIMIT_REQUESTS |
No |
Requests per window |
RATE_LIMIT_WINDOW_SECONDS |
No |
Window size |
AI / LLM
| Variable |
Required |
Notes |
MODEL_PROVIDER |
Yes |
e.g. azure/ |
CHAT_MODEL |
Yes |
Main chat model |
CHAT_MODEL_REASONING |
No |
For RESEARCH mode |
TITLE_MODEL |
No |
Chat title generation |
ROUTING_MODEL |
No |
Intent routing |
ROUTING_HISTORY_LIMIT |
No |
Messages for routing |
MCP
| Variable |
Required |
Notes |
MCP_SERVER_URL |
Yes |
Data360 MCP URL |
MCP_SSL_VERIFY |
No |
Verify TLS |
MCP_TIMEOUT |
No |
Request timeout |
MCP_LOAD_TIMEOUT |
No |
Tool list load timeout |
MCP_TOOLS_CACHE_TTL_SECONDS |
No |
Tool cache TTL |
Frontend (.env.local or .env)
API
| Variable |
Required |
Notes |
NEXT_PUBLIC_API_URL |
Yes |
Backend URL (browser) |
NEXT_PUBLIC_APP_URL |
No |
App URL for redirects |
SERVER_API_URL |
No |
Backend URL (server-side, e.g. Docker) |
INTERNAL_API_SECRET |
No |
Server-to-server auth |
Auth (MSAL)
| Variable |
Required |
Notes |
NEXT_PUBLIC_AUTH_PROVIDER |
No |
guest / email / azure |
NEXT_PUBLIC_MSAL_CLIENT_ID |
No |
Azure app client ID |
NEXT_PUBLIC_MSAL_TENANT_ID |
No |
Azure tenant |
UX / Feature
| Variable |
Required |
Notes |
NEXT_PUBLIC_APPLICATION_STATUS |
No |
Status banner |
NEXT_PUBLIC_SHOW_REASONING_PART_TYPE |
No |
Show thinking UI |
MAINTENANCE_MODE |
No |
Show maintenance page |