> ## Documentation Index
> Fetch the complete documentation index at: https://docs.roomote.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Environment Variables

> Understand Roomote environment-variable precedence, production recommendations, and supported deployment configuration keys.

Environment variables are the strongest configuration source for a Roomote
deployment. They are best for values that belong to infrastructure: public
URLs, database and Redis connections, storage credentials, provider API keys,
signing keys, and production-only overrides.

Most day-to-day setup can also be managed from the Roomote UI. Use environment
variables when you want configuration to be explicit, reproducible, managed by
your deployment platform, or unavailable to in-app editors.

## Precedence

Roomote resolves configuration in layers:

1. **Process environment variables** supplied by Docker Compose, the one-command
   installer, a PaaS, or the shell.
2. **Saved deployment environment variables** encrypted in Roomote during setup
   or from Settings pages.
3. **Persisted runtime settings** such as the selected default model, sandbox
   provider, or preview settings.
4. **Derived defaults** for local development and release-managed values.

The exact order depends on the setting. A few important cases:

* Provider credentials usually resolve as process env first, then saved
  deployment env vars.
* Model role env vars such as `R_MODEL` override the same role selected
  in **Settings > Models**.
* Preview env vars such as `PREVIEW_PROXY_BASE_URL` override values saved from
  **Settings > Live Previews**.
* Sandbox provider credentials resolve as process env first, then saved
  deployment env vars. The default sandbox provider is special: an explicit
  admin selection saved in Roomote wins over `DEFAULT_COMPUTE_PROVIDER` because
  local and Compose stacks often set a default automatically.
* Local development has safe defaults for Postgres, Redis, MinIO, signing keys,
  and local URLs. Production does not.

## UI locking

When a supported setting is provided by the process environment, Roomote treats
it as operator-managed infrastructure. Settings pages may show the value as
configured, masked, or env-managed, but they should not overwrite it.

This is intentional. It lets production operators keep secrets and platform
configuration in the deployment system while still letting admins manage
non-env settings in the app.

Use the UI when:

* the value is safe for an admin to rotate from Roomote
* the setting is expected to change without redeploying
* the deployment platform does not make env management easy

Use environment variables when:

* the value is required for boot, networking, or storage
* the value is a production secret managed by your host or secret manager
* you want changes reviewed in infrastructure config
* you need to prevent in-app overrides

## Production recommendations

For production and shared self-hosted deployments:

* Set `NODE_ENV=production` and `R_APP_ENV=production`.
* Set stable public URLs with `R_APP_URL`, `TRPC_URL`, and, when previews
  are enabled, `PREVIEW_PROXY_BASE_URL`.
* Provide `DATABASE_URL`, `REDIS_URL`, and S3-compatible artifact storage.
* Generate strong `ENCRYPTION_KEY`, `ARTIFACT_SIGNING_KEY`, and
  `DASHBOARD_PASSWORD` values.
* Either provide both job and preview auth keypairs or set
  `R_AUTO_GENERATE_KEYS=true` so Roomote generates and persists them.
* Keep provider credentials in environment variables or a secret manager when
  they are controlled by the operator.
* Prefer immutable worker image tags for hosted sandbox providers.
* Avoid `SKIP_ENV_VALIDATION` outside build tooling or one-off diagnostics.

## Naming convention

Deployment env var names follow three rules:

* **`R_*`** — configuration Roomote itself defines and operators set:
  URLs and model roles (`R_APP_URL`, `R_MODEL`), Roomote's registered
  integration-app credentials (`R_GITHUB_*`, `R_SLACK_*`, `R_MICROSOFT_*`,
  `R_TEAMS_BOT_*`, `R_TELEGRAM_*`, `R_LINEAR_*`), and boot knobs such as
  `R_AUTO_GENERATE_KEYS`.
* **Conventional infrastructure names** stay unchanged: `DATABASE_URL`,
  `REDIS_URL`, `S3_*`, `NODE_ENV`, `HOST`, `PORT`.
* **Third-party provider credentials** keep the provider's standard names:
  `MODAL_*`, `E2B_*`, `DAYTONA_*`, `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`.

A few `ROOMOTE_*` names remain for Roomote-internal plumbing and
installer/upgrade machinery (for example `ROOMOTE_APP_DOMAIN`,
`ROOMOTE_VERSION`, and `ROOMOTE_WORKER_IMAGE_REPO` in installer-managed
deployments); they are intentional exceptions, documented in the
`deploy/README.md` naming section of the Roomote repository.

## Supported env vars

The table below lists operator-supported deployment configuration. It does not
include task-scoped internal variables that Roomote injects into sandboxes, such
as per-task auth tokens or workspace paths.

### Runtime and URLs

| Env var                 | Required             | Used for                                                                                                                                                                                                                                                                                                                                                                                                                                |
| ----------------------- | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `NODE_ENV`              | Production           | Node runtime mode: `development`, `test`, or `production`. Production deploys should set `production`.                                                                                                                                                                                                                                                                                                                                  |
| `R_APP_ENV`             | Recommended          | Roomote app environment: `development`, `preview`, or `production`. Also affects monitoring and local URL defaults.                                                                                                                                                                                                                                                                                                                     |
| `R_PUBLIC_URL`          | Local callbacks      | Stable public HTTPS origin used by local development for OAuth and webhook callbacks.                                                                                                                                                                                                                                                                                                                                                   |
| `R_APP_URL`             | Production           | Public web app origin. Workers and integrations use it for links back to Roomote.                                                                                                                                                                                                                                                                                                                                                       |
| `TRPC_URL`              | Production           | API/tRPC origin used by workers and services. In single-origin production, this is often the app URL plus `/_roomote-api`.                                                                                                                                                                                                                                                                                                              |
| `R_GITHUB_APP_SLUG`     | GitHub setup         | GitHub App slug used by server-rendered setup and GitHub integration flows.                                                                                                                                                                                                                                                                                                                                                             |
| `SETUP_TOKEN`           | Required (non-local) | One-time bootstrap token that admits the first admin at `/setup`. Required on every non-local deployment — tokenless bootstrap is allowed only when `NODE_ENV` is not `production` and `R_APP_ENV` is `development`, so anything running with `NODE_ENV=production` needs it. Without it, first-admin bootstrap stays closed so nobody can claim the founding-admin slot by reaching the URL first. Optional only in local development. |
| `DASHBOARD_PASSWORD`    | Production           | Local fallback/admin password value used by the deployment. Generate a strong secret.                                                                                                                                                                                                                                                                                                                                                   |
| `WEB_DEV_LOGIN_EMAIL`   | Local only           | Convenience email for development login flows. Do not use as production access control.                                                                                                                                                                                                                                                                                                                                                 |
| `WEB_DEV_LOGIN_ENABLED` | Local only           | Explicit opt-in (`true` or `1`) for the `/auth/dev-login` development login route. Dev login stays disabled without it, even in development app envs. `pnpm dev` sets it automatically for local development.                                                                                                                                                                                                                           |
| `SKIP_ENV_VALIDATION`   | Avoid                | Skips env validation when present. Useful for narrow tooling cases, not normal deployments.                                                                                                                                                                                                                                                                                                                                             |

### Database, Redis, and artifacts

| Env var                 | Required    | Used for                                                                                                                                       |
| ----------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| `DATABASE_URL`          | Production  | Postgres connection string. Local development defaults to the local Compose database.                                                          |
| `REDIS_URL`             | Production  | Redis connection string for queues and runtime coordination.                                                                                   |
| `S3_ENDPOINT`           | Production  | S3-compatible artifact storage endpoint used by services.                                                                                      |
| `S3_PRESIGN_ENDPOINT`   | Recommended | Endpoint used when signing artifact URLs for workers or browsers. Set this when the public or worker-reachable URL differs from `S3_ENDPOINT`. |
| `S3_REGION`             | Production  | S3 region. MinIO deployments commonly use `us-east-1`.                                                                                         |
| `S3_ACCESS_KEY_ID`      | Production  | Artifact-storage access key.                                                                                                                   |
| `S3_SECRET_ACCESS_KEY`  | Production  | Artifact-storage secret key.                                                                                                                   |
| `S3_BUCKET_ARTIFACTS`   | Production  | Bucket used for Roomote artifacts.                                                                                                             |
| `S3_AUTO_CREATE_BUCKET` | Optional    | Set to `true` or `1` to create the artifacts bucket at API boot when it is missing.                                                            |

### Security and signing

| Env var                             | Required                         | Used for                                                                                                                                                                 |
| ----------------------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `ENCRYPTION_KEY`                    | Production                       | Secret used to encrypt deployment-stored secrets. Must be at least 32 characters.                                                                                        |
| `BETTER_AUTH_SECRET`                | Optional                         | Dedicated secret for signing sign-in session cookies. At least 32 characters. Falls back to `ENCRYPTION_KEY` when unset; setting it later invalidates existing sessions. |
| `ARTIFACT_SIGNING_KEY`              | Production                       | Secret used to sign artifact access. Must be at least 32 characters.                                                                                                     |
| `ARTIFACT_SIGNING_KEY_PREVIOUS`     | Rotation                         | Previous artifact signing key during rotation.                                                                                                                           |
| `JOB_AUTH_PRIVATE_KEY`              | Production unless auto-generated | Base64-encoded P-256 private key for run and user auth tokens.                                                                                                           |
| `JOB_AUTH_PUBLIC_KEY`               | Production unless auto-generated | Base64-encoded P-256 public key for run and user auth token verification.                                                                                                |
| `PREVIEW_AUTH_PRIVATE_KEY`          | Production unless auto-generated | Base64-encoded P-256 private key for preview auth tokens.                                                                                                                |
| `PREVIEW_AUTH_PUBLIC_KEY`           | Production unless auto-generated | Base64-encoded P-256 public key for preview auth token verification.                                                                                                     |
| `R_AUTO_GENERATE_KEYS`              | Optional                         | Set to `true` or `1` to generate missing job and preview keypairs at first startup and persist them encrypted in the database.                                           |
| `SANDBOX_OIDC_PRIVATE_KEY`          | Optional                         | Private key for sandbox OIDC token signing when using OIDC-backed sandbox auth flows.                                                                                    |
| `SANDBOX_OIDC_PUBLIC_KEY`           | Optional                         | Primary public key for sandbox OIDC verification.                                                                                                                        |
| `SANDBOX_OIDC_PUBLIC_KEY_SECONDARY` | Rotation                         | Secondary sandbox OIDC public key during key rotation.                                                                                                                   |

### Models and inference providers

| Env var                                | Required     | Used for                                                                                                                                |
| -------------------------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------- |
| `R_MODEL`                              | Optional     | Env-level default coding model. Overrides the default selected in **Settings > Models** for new task starts.                            |
| `R_SMALL_MODEL`                        | Optional     | Helper model for routing, titles, summaries, and lightweight model calls.                                                               |
| `R_VISION_MODEL`                       | Optional     | Vision-capable model for visual inspection and screenshot/image work.                                                                   |
| `R_CODE_REVIEW_MODEL`                  | Optional     | Model for initial PR/MR review and review-sync tasks.                                                                                   |
| `R_EXPLORE_MODEL`                      | Optional     | Exploration/helper model for investigation-oriented subtasks.                                                                           |
| `R_PLANNING_MODEL`                     | Optional     | Advisor model used for planning turns and advisor consultations inside coding tasks.                                                    |
| `R_MODEL_REASONING_EFFORT`             | Optional     | Reasoning level for the coding model: `low`, `medium`, `high`, or `xhigh`.                                                              |
| `R_SMALL_MODEL_REASONING_EFFORT`       | Optional     | Reasoning level for the helper model.                                                                                                   |
| `R_VISION_MODEL_REASONING_EFFORT`      | Optional     | Reasoning level for the vision model.                                                                                                   |
| `R_CODE_REVIEW_MODEL_REASONING_EFFORT` | Optional     | Reasoning level for the code review model.                                                                                              |
| `R_EXPLORE_MODEL_REASONING_EFFORT`     | Optional     | Reasoning level for the exploration model.                                                                                              |
| `R_PLANNING_MODEL_REASONING_EFFORT`    | Optional     | Reasoning level for the advisor model.                                                                                                  |
| `R_MODEL_ENV_KEYS`                     | Optional     | Comma- or space-separated list of extra provider key env vars to forward to task workers.                                               |
| `OPENROUTER_API_KEY`                   | Provider key | OpenRouter API key. Can also be saved from **Settings > Models**.                                                                       |
| `AI_GATEWAY_API_KEY`                   | Provider key | Vercel AI Gateway API key.                                                                                                              |
| `OPENAI_API_KEY`                       | Provider key | OpenAI API key.                                                                                                                         |
| `ANTHROPIC_API_KEY`                    | Provider key | Anthropic API key.                                                                                                                      |
| `XAI_API_KEY`                          | Provider key | xAI / Grok API key.                                                                                                                     |
| `MOONSHOT_API_KEY`                     | Provider key | Moonshot AI / Kimi API key.                                                                                                             |
| `MINIMAX_API_KEY`                      | Provider key | MiniMax API key.                                                                                                                        |
| `OPENCODE_API_KEY`                     | Provider key | OpenCode Zen / Go API key.                                                                                                              |
| `GEMINI_API_KEY`                       | Provider key | Google Gemini API key. Can also be saved from **Settings > Models**.                                                                    |
| `GOOGLE_GENERATIVE_AI_API_KEY`         | Provider key | Alternate Google/Gemini provider key forwarded when configured or inferred.                                                             |
| `AWS_BEARER_TOKEN_BEDROCK`             | Provider key | Amazon Bedrock API key (bearer token). Can also be saved from **Settings > Models**.                                                    |
| `AWS_REGION`                           | Provider key | AWS region for Amazon Bedrock models. Defaults to `us-east-1` at the runtime when unset.                                                |
| `GOOGLE_APPLICATION_CREDENTIALS`       | Provider key | Google Vertex AI service account credentials: a file path, or pasted JSON contents that Roomote materializes to a file for the runtime. |
| `GOOGLE_VERTEX_PROJECT`                | Provider key | Google Cloud project ID for Vertex AI models.                                                                                           |
| `GOOGLE_VERTEX_LOCATION`               | Provider key | Vertex AI location. Defaults to `us-central1` at the runtime when unset.                                                                |
| `MISTRAL_API_KEY`                      | Provider key | Mistral provider key forwarded when configured.                                                                                         |

### Sandbox providers

| Env var                              | Required          | Used for                                                                                                                                 |
| ------------------------------------ | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| `DEFAULT_COMPUTE_PROVIDER`           | Optional          | Runtime default sandbox provider when no admin default is saved. Supported values are `docker`, `modal`, `e2b`, `daytona`, and `blaxel`. |
| `EXCLUDED_COMPUTE_PROVIDERS`         | Optional          | Comma-separated provider IDs to hide or exclude from default selection.                                                                  |
| `DOCKER_WORKER_IMAGE`                | Optional          | Worker image used by Docker and for hosted sandbox derivation. In production, prefer an immutable registry-qualified tag.                |
| `ROOMOTE_WORKER_IMAGE_REPO`          | Optional          | Registry repository used to derive the worker image from `RELEASE_VERSION` when `DOCKER_WORKER_IMAGE` is unset.                          |
| `DOCKER_WORKER_PLATFORM`             | Optional          | Docker worker platform. Defaults to the host architecture (`linux/arm64` on arm hosts, `linux/amd64` otherwise).                         |
| `DOCKER_WORKER_NETWORK`              | Self-host Docker  | Docker network for worker containers in Compose/self-host mode.                                                                          |
| `DOCKER_WORKER_RELEASE_PATH`         | Optional          | Path to a packaged worker release archive used by Docker worker bootstrap.                                                               |
| `DOCKER_WORKER_CPU_LIMIT`            | Optional          | CPU limit per Docker task. Defaults to `2`.                                                                                              |
| `DOCKER_WORKER_MEMORY_LIMIT`         | Optional          | Memory and memory+swap limit per Docker task. Defaults to `4g`.                                                                          |
| `DOCKER_WORKER_PIDS_LIMIT`           | Optional          | Process limit per Docker task. Defaults to `512`.                                                                                        |
| `DOCKER_WORKER_DISK_LIMIT`           | Optional          | Writable-layer limit. Defaults to `20g`; tasks fail closed when the Docker storage driver cannot enforce it.                             |
| `DOCKER_WORKER_ALLOW_UNBOUNDED_DISK` | Optional          | Explicitly permits startup without `--storage-opt size`. Defaults to `false`; use only with an equivalent host-level quota.              |
| `DOCKER_WORKER_LOG_MAX_SIZE`         | Optional          | Maximum size of each Docker JSON log file. Defaults to `10m`.                                                                            |
| `DOCKER_WORKER_LOG_MAX_FILES`        | Optional          | Number of rotated Docker JSON log files retained. Defaults to `3`.                                                                       |
| `DOCKER_WORKER_EGRESS_POLICY`        | Optional          | `internet` (public egress; self-host blocks private+metadata ranges, local dev blocks metadata) or `none` (no external egress).          |
| `DOCKER_STANDBY_MAX_COUNT`           | Optional          | Maximum stopped Docker task containers retained for resume. Defaults to `10`; `0` disables retention.                                    |
| `DOCKER_STANDBY_MAX_AGE_HOURS`       | Optional          | Maximum age of a retained Docker task container. Defaults to `24`, capped at `168`.                                                      |
| `MODAL_TOKEN_ID`                     | Modal             | Modal token ID. Can also be saved from **Settings > Sandboxes**.                                                                         |
| `MODAL_TOKEN_SECRET`                 | Modal             | Modal token secret.                                                                                                                      |
| `MODAL_BASE_IMAGE_REF`               | Modal             | Modal base image reference. Usually derived from the worker image; set only to pin a custom image.                                       |
| `MODAL_ENDPOINT`                     | Optional          | Modal endpoint override.                                                                                                                 |
| `MODAL_ENVIRONMENT`                  | Optional          | Modal environment name.                                                                                                                  |
| `MODAL_APP_NAME`                     | Optional          | Modal app name override.                                                                                                                 |
| `MODAL_REGISTRY_USERNAME`            | Private registry  | Registry username for private non-ECR image pulls.                                                                                       |
| `MODAL_REGISTRY_PASSWORD`            | Private registry  | Registry password for private non-ECR image pulls.                                                                                       |
| `MODAL_ECR_OIDC_ROLE_ARN`            | ECR               | AWS IAM role ARN used by Modal for ECR OIDC pulls.                                                                                       |
| `MODAL_ECR_REGION`                   | ECR               | AWS region for Modal ECR OIDC pulls.                                                                                                     |
| `MODAL_REGIONS`                      | Optional          | Comma-separated Modal sandbox placement regions (for example `us` or `us-west`). Unset keeps Modal default placement.                    |
| `E2B_API_KEY`                        | E2B               | E2B API key. Can also be saved from **Settings > Sandboxes**.                                                                            |
| `E2B_TEMPLATE_ID`                    | E2B               | Worker template ID. Usually provisioned from the worker image by Roomote.                                                                |
| `E2B_DOMAIN`                         | Optional          | E2B domain for self-hosted or custom E2B clusters.                                                                                       |
| `E2B_MAX_SANDBOX_TIMEOUT_MS`         | Optional          | Maximum E2B sandbox timeout Roomote will request. Defaults to one hour.                                                                  |
| `DAYTONA_API_KEY`                    | Daytona           | Daytona API key. Can also be saved from **Settings > Sandboxes**.                                                                        |
| `DAYTONA_API_URL`                    | Optional          | Daytona API URL override.                                                                                                                |
| `DAYTONA_TARGET`                     | Optional          | Daytona target or region.                                                                                                                |
| `DAYTONA_SNAPSHOT_NAME`              | Daytona           | Worker snapshot name. Usually registered from the worker image by Roomote.                                                               |
| `BL_API_KEY`                         | Blaxel            | Blaxel API key. Can also be saved from **Settings > Sandboxes**.                                                                         |
| `BL_WORKSPACE`                       | Blaxel            | Blaxel workspace name.                                                                                                                   |
| `BLAXEL_IMAGE`                       | Blaxel            | Blaxel sandbox image in `sandbox/name:version` form. Roomote provisions it automatically when unset.                                     |
| `BLAXEL_REGION`                      | Optional          | Blaxel sandbox placement region. Unset lets Blaxel choose the closest region.                                                            |
| `BLAXEL_STANDBY_MAX_COUNT`           | Optional          | Maximum Blaxel standby sandboxes retained for resume. Defaults to `25`; `0` disables retention.                                          |
| `BLAXEL_STANDBY_MAX_AGE_HOURS`       | Optional          | Maximum age of a Blaxel standby sandbox. Defaults to `168`, capped at `168`.                                                             |
| `WORKER_RELEASE_CHANNEL`             | Optional          | Worker release channel, `stable` or `preview`, for hosted worker release selection.                                                      |
| `WORKER_RELEASE_VERSION`             | Optional          | Explicit worker release version for hosted worker bootstrap.                                                                             |
| `LOCAL_SANDBOX_FILES_DIR`            | Local development | Local override for sandbox bootstrap files. Used only by development workflows.                                                          |

### Source control providers

| Env var                        | Required     | Used for                                                                                         |
| ------------------------------ | ------------ | ------------------------------------------------------------------------------------------------ |
| `R_GITHUB_APP_SLUG`            | GitHub       | GitHub App slug.                                                                                 |
| `R_GITHUB_APP_ID`              | GitHub       | GitHub App ID.                                                                                   |
| `R_GITHUB_APP_PRIVATE_KEY`     | GitHub       | Raw GitHub App private key PEM, usually with newlines escaped as `\\n`.                          |
| `R_GITHUB_CLIENT_ID`           | GitHub       | GitHub OAuth client ID.                                                                          |
| `R_GITHUB_CLIENT_SECRET`       | GitHub       | GitHub OAuth client secret.                                                                      |
| `R_GITHUB_WEBHOOK_SECRET`      | GitHub       | GitHub webhook secret.                                                                           |
| `GITHUB_MCP_SERVER_URL`        | Optional     | GitHub MCP server URL override.                                                                  |
| `GITHUB_AUTOMATED_SKIP_REPOS`  | Optional     | Repository skip list for automated GitHub processing.                                            |
| `GITHUB_AUTOMATED_SKIP_OWNERS` | Optional     | Owner skip list for automated GitHub processing.                                                 |
| `GITLAB_TOKEN`                 | GitLab       | GitLab personal access token for source-control setup.                                           |
| `GITLAB_BASE_URL`              | Optional     | GitLab base URL for self-managed GitLab.                                                         |
| `GITLAB_CLIENT_ID`             | Optional     | GitLab OAuth application ID for personal account linking and merge request comment triggers.     |
| `GITLAB_CLIENT_SECRET`         | Optional     | GitLab OAuth application secret for personal account linking and merge request comment triggers. |
| `GITLAB_WEBHOOK_SIGNING_TOKEN` | Optional     | GitLab webhook signing token.                                                                    |
| `GITLAB_WEBHOOK_SECRET`        | Optional     | GitLab webhook secret.                                                                           |
| `GITEA_BASE_URL`               | Gitea        | Gitea base URL.                                                                                  |
| `GITEA_TOKEN`                  | Gitea        | Gitea access token.                                                                              |
| `GITEA_USERNAME`               | Optional     | Gitea username.                                                                                  |
| `GITEA_CLIENT_ID`              | Optional     | Gitea OAuth client ID.                                                                           |
| `GITEA_CLIENT_SECRET`          | Optional     | Gitea OAuth client secret.                                                                       |
| `GITEA_WEBHOOK_SECRET`         | Optional     | Gitea webhook secret.                                                                            |
| `BITBUCKET_TOKEN`              | Bitbucket    | Atlassian API token with Bitbucket scopes.                                                       |
| `BITBUCKET_USERNAME`           | Bitbucket    | Atlassian account email that owns the API token.                                                 |
| `BITBUCKET_BASE_URL`           | Optional     | Bitbucket base URL. Defaults to `https://bitbucket.org` (Cloud only).                            |
| `BITBUCKET_CLIENT_ID`          | Optional     | Bitbucket OAuth client ID for personal account linking.                                          |
| `BITBUCKET_CLIENT_SECRET`      | Optional     | Bitbucket OAuth client secret for personal account linking.                                      |
| `BITBUCKET_WEBHOOK_SECRET`     | Optional     | Bitbucket webhook secret.                                                                        |
| `ADO_ORGANIZATION`             | Azure DevOps | Azure DevOps organization.                                                                       |
| `ADO_TOKEN`                    | Azure DevOps | Azure DevOps access token.                                                                       |
| `ADO_BASE_URL`                 | Optional     | Azure DevOps base URL.                                                                           |
| `ADO_USERNAME`                 | Optional     | Azure DevOps username.                                                                           |
| `ADO_CLIENT_ID`                | Optional     | Microsoft Entra client ID for Azure DevOps OAuth.                                                |
| `ADO_CLIENT_SECRET`            | Optional     | Microsoft Entra client secret for Azure DevOps OAuth.                                            |
| `ADO_TENANT_ID`                | Optional     | Microsoft Entra tenant ID for Azure DevOps OAuth. `R_MICROSOFT_TENANT_ID` is also accepted.      |
| `ADO_WEBHOOK_SECRET`           | Optional     | Azure DevOps webhook secret.                                                                     |

### Communications and sign-in

| Env var                        | Required          | Used for                                                                        |
| ------------------------------ | ----------------- | ------------------------------------------------------------------------------- |
| `SLACK_APP_ID`                 | Slack app         | Slack app ID for communications setup.                                          |
| `R_SLACK_CLIENT_ID`            | Slack app/auth    | Slack OAuth client ID. Also accepted for Slack sign-in setup.                   |
| `R_SLACK_CLIENT_SECRET`        | Slack app/auth    | Slack OAuth client secret. Also accepted for Slack sign-in setup.               |
| `SLACK_REDIRECT_URI`           | Optional          | Slack redirect URI override.                                                    |
| `SLACK_AUTH_URI`               | Optional          | Slack auth URI override.                                                        |
| `R_SLACK_SIGNING_SECRET`       | Slack app/auth    | Slack signing secret for webhook verification.                                  |
| `SLACK_API_BASE_URL`           | Optional          | Slack API base URL. Defaults to `https://slack.com/api/`.                       |
| `SLACK_UNFURL_ALLOWED_DOMAINS` | Optional          | Domains Slack unfurl handling may allow.                                        |
| `SLACK_API_TIMEOUT_MS`         | Optional          | Slack API timeout. Defaults to `API_EXTERNAL_REQUEST_TIMEOUT_MS` or 10 seconds. |
| `SLACK_DEBUG_LOGS`             | Optional          | Set to `true` or `1` to enable extra Slack logs.                                |
| `ROUTER_DEBUG_CHANNEL_ID`      | Optional          | Slack channel ID for router debug output.                                       |
| `R_TEAMS_BOT_APP_ID`           | Teams             | Microsoft Teams bot app ID.                                                     |
| `R_TEAMS_BOT_APP_PASSWORD`     | Teams             | Microsoft Teams bot password.                                                   |
| `R_TEAMS_BOT_TENANT_ID`        | Optional          | Microsoft Teams bot tenant ID.                                                  |
| `R_TEAMS_BOT_NAME`             | Optional          | Teams bot display name for generated app packages and invocation guidance.      |
| `R_TEAMS_BOT_TOKEN_ENDPOINT`   | Optional          | Teams bot token endpoint override.                                              |
| `R_TEAMS_BOT_OAUTH_SCOPE`      | Optional          | Teams bot OAuth scope override.                                                 |
| `R_TELEGRAM_BOT_TOKEN`         | Telegram          | Telegram bot token.                                                             |
| `R_TELEGRAM_WEBHOOK_SECRET`    | Telegram          | Telegram webhook secret.                                                        |
| `R_TELEGRAM_BOT_USERNAME`      | Telegram          | Telegram bot username.                                                          |
| `R_SLACK_CLIENT_ID`            | Slack sign-in     | Slack sign-in client ID. `R_SLACK_CLIENT_ID` is also accepted.                  |
| `R_SLACK_CLIENT_SECRET`        | Slack sign-in     | Slack sign-in client secret. `R_SLACK_CLIENT_SECRET` is also accepted.          |
| `R_MICROSOFT_CLIENT_ID`        | Microsoft sign-in | Microsoft OAuth client ID.                                                      |
| `R_MICROSOFT_CLIENT_SECRET`    | Microsoft sign-in | Microsoft OAuth client secret.                                                  |
| `R_MICROSOFT_TENANT_ID`        | Microsoft sign-in | Microsoft tenant ID. Also accepted as the Azure DevOps tenant ID fallback.      |
| `R_ALLOWED_EMAILS`             | Optional          | Comma-separated email allowlist for deployments that restrict sign-in by email. |

### Integrations

| Env var                   | Required | Used for                      |
| ------------------------- | -------- | ----------------------------- |
| `R_LINEAR_CLIENT_ID`      | Linear   | Linear OAuth client ID.       |
| `R_LINEAR_CLIENT_SECRET`  | Linear   | Linear OAuth client secret.   |
| `R_LINEAR_WEBHOOK_SECRET` | Linear   | Linear webhook secret.        |
| `R_LINEAR_REDIRECT_URI`   | Optional | Linear redirect URI override. |

### Declarative environments

| Env var                     | Required | Used for                                                                                                                       |
| --------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------ |
| `ROOMOTE_ENVIRONMENTS_DIR`  | Optional | Directory of environment definition files (`*.yaml`, `*.yml`, `*.json`) applied at API startup. One environment per file.      |
| `ROOMOTE_ENVIRONMENTS_YAML` | Optional | Inline multi-document YAML with environment definitions applied at API startup, for platforms where mounting files is awkward. |

See [Environments](/environments#provision-environments-declaratively) for the
apply semantics.

### Live previews

| Env var                     | Required        | Used for                                                                                                     |
| --------------------------- | --------------- | ------------------------------------------------------------------------------------------------------------ |
| `PREVIEW_PROXY_BASE_URL`    | Preview support | Public preview-proxy origin. Overrides **Settings > Live Previews** when set.                                |
| `PREVIEW_DOMAINS`           | Optional        | Comma-separated preview domains allowed by the preview proxy. Usually derived from `PREVIEW_PROXY_BASE_URL`. |
| `ROOMOTE_PREVIEW_DOMAIN`    | Optional        | Roomote preview domain override used by preview runtime analysis.                                            |
| `PREVIEW_TOKEN_TTL_SECONDS` | Optional        | Preview auth token lifetime. Defaults to 3600 seconds.                                                       |

### Observability and request timing

| Env var                                  | Required         | Used for                                                                              |
| ---------------------------------------- | ---------------- | ------------------------------------------------------------------------------------- |
| `SENTRY_DSN`                             | Optional         | Shared Sentry DSN fallback for Node services that do not have a service-specific DSN. |
| `NEXT_PUBLIC_SENTRY_DSN`                 | Optional         | Browser and Next.js web Sentry DSN.                                                   |
| `API_SENTRY_DSN`                         | Optional         | API service Sentry DSN. Falls back to `SENTRY_DSN`.                                   |
| `CONTROLLER_SENTRY_DSN`                  | Optional         | Controller service Sentry DSN. Falls back to `SENTRY_DSN`.                            |
| `BULLMQ_SENTRY_DSN`                      | Optional         | BullMQ service Sentry DSN. Falls back to `SENTRY_DSN`.                                |
| `WORKER_SENTRY_DSN`                      | Optional         | Worker service Sentry DSN. Falls back to `SENTRY_DSN`.                                |
| `API_DEBUG_LOGS`                         | Optional         | Set to `true` or `1` to enable extra API logs.                                        |
| `API_EXTERNAL_REQUEST_TIMEOUT_MS`        | Optional         | Default external request timeout. Defaults to 10 seconds.                             |
| `API_SLOW_REQUEST_THRESHOLD_MS`          | Optional         | Threshold for slow API request logging. Defaults to 5 seconds.                        |
| `API_SLOW_EXTERNAL_REQUEST_THRESHOLD_MS` | Optional         | Threshold for slow external request logging. Defaults to 2 seconds.                   |
| `RELEASE_VERSION`                        | Release images   | Baked release version used for release tagging and worker image derivation.           |
| `GITHUB_SHA`                             | Release metadata | Commit SHA fallback for monitoring release metadata.                                  |
| `VERCEL_GIT_COMMIT_SHA`                  | Release metadata | Vercel commit SHA fallback for monitoring release metadata.                           |

### Local development and deploy helpers

| Env var                        | Required                    | Used for                                                                                  |
| ------------------------------ | --------------------------- | ----------------------------------------------------------------------------------------- |
| `NGROK_AUTH_TOKEN`             | Local callbacks             | Lets `pnpm dev` configure ngrok automatically for local public callbacks.                 |
| `ROOMOTE_ENV_FILE`             | Self-host scripts           | Alternate dotenv file for local self-host Compose scripts.                                |
| `ROOMOTE_DOCKER_LOAD_ENV_FILE` | Self-host scripts           | Compose wrapper flag controlling image-baked dotenv loading. Normally managed by scripts. |
| `ROOMOTE_APP_DOMAIN`           | Production example          | Domain helper used by production dotenv examples and Caddy deployment files.              |
| `ROOMOTE_PREVIEW_DOMAIN`       | Production example/previews | Preview domain helper used by production dotenv examples and preview runtime config.      |
| `SKILLS_API_URL`               | Optional                    | Skill marketplace/API URL override for skill-related tooling.                             |

## Environment variables versus environment settings

Roomote also has **environment variables** inside **Settings > Environments**.
Those are task workspace variables: they are made available to Roomote tasks
running in that environment.

This page is about deployment configuration variables. Deployment variables
configure Roomote itself; environment variables inside an environment configure
the codebase Roomote is working on.
