Complete reference for every environment variable recognized by OmniRoute.
For a quick-start template, see .env.example.
[!IMPORTANT]
Every variable documented here must also appear in .env.example, and
every variable in .env.example must appear here. npm run check:env-doc-sync
enforces this on commit and in CI. To omit a variable on purpose, add it to
the allowlist inside scripts/check-env-doc-sync.mjs.
These must be set before the first run. Without them, the application will either refuse to start or operate with insecure defaults.
Variable
Required
Default
Source File
Description
JWT_SECRET
Yes
(none)
src/lib/auth
Signs/verifies all dashboard session cookies (JWT). Generate with openssl rand -base64 48.
API_KEY_SECRET
Yes
(none)
src/lib/db/apiKeys.ts
AES encryption key for API key values at rest in SQLite. Generate with openssl rand -hex 32.
INITIAL_PASSWORD
Yes
CHANGEME
Bootstrap script
Sets the initial admin dashboard password (matches .env.example default β kept obviously insecure to force a change). Change before first use. After login, change via Dashboard β Settings β Security.
OMNIROUTE_WS_BRIDGE_SECRET
Yes (production)
(unset)
src/app/api/internal/codex-responses-ws/route.ts
Shared secret for the internal Codex Responses WebSocket bridge. Authenticates bridge requests between the Electron/browser WS relay and OmniRoute. β οΈ REQUIRED in production β when unset, all WS bridge requests are rejected. Generate with openssl rand -base64 32.
OMNIROUTE_PEER_STAMP_TOKEN
No (auto)
(auto per boot)
src/server/authz/policies/management.ts
Per-process secret proving the trusted peer-IP stamp came from OmniRoute's own HTTP server (scripts/dev/peer-stamp.mjs). The authz middleware trusts request locality (loopback/LAN gating of LOCAL_ONLY routes) only when the stamp carries this token. Auto-generated each boot β leave unset; only pin it for multi-process setups that must share the stamp.
Primary port for both Dashboard UI and API endpoints (single-port mode).
API_PORT
(unset)
src/lib/runtime/ports.ts
When set, serves the /v1/* proxy API on this separate port.
API_HOST
0.0.0.0
src/lib/runtime/ports.ts
Bind address for the API port.
DASHBOARD_PORT
(unset)
src/lib/runtime/ports.ts
When set, serves the Dashboard UI on this separate port.
PROD_DASHBOARD_PORT
20130
docker-compose.prod.yml
Host-side published port for the Dashboard in Docker production mode.
PROD_API_PORT
20131
docker-compose.prod.yml
Host-side published port for the API in Docker production mode.
OMNIROUTE_PORT
(unset)
src/lib/runtime/ports.ts
Takes precedence over PORT when running inside Electron or other wrappers.
LIVE_WS_PORT
20129
src/server/ws/liveServer.ts
Port for the real-time WebSocket live monitoring server.
LIVE_WS_HOST
127.0.0.1
src/server/ws/liveServer.ts
Bind address for the live WebSocket server. Set to 0.0.0.0 to expose on LAN (also configure LIVE_WS_ALLOWED_ORIGINS).
LIVE_WS_ALLOWED_ORIGINS
(unset)
src/server/ws/liveServer.ts
Comma-separated extra origins allowed to open a live WebSocket. Loopback dashboard origins are already permitted by default.
OMNIROUTE_ENABLE_LIVE_WS
false
src/server/ws/liveServer.ts
Set to 1 or true to enable the real-time WebSocket server (disabled by default).
OMNIROUTE_DISABLE_LIVE_WS
false
scripts/start-ws-server.mjs
CI/harness toggle that disables the standalone live WebSocket helper script.
RELAY_IP_PER_MINUTE
30
src/app/api/v1/relay/chat/completions/route.ts
Per-(token, IP) relay rate limit, requests/minute. In-memory, per instance. 0 or negative disables the IP-dimension gate (per-token DB limit still applies).
NODE_ENV
production
Next.js core
Controls logging verbosity, caching, error detail exposure, and Next.js optimizations.
OMNIROUTE_USE_TURBOPACK
1 (default in .env.example)
package.json / Next.js 16
Toggles the Next.js 16 Turbopack bundler in npm run dev and npm run build. Set to 0 on Windows or when running into native binding incompatibilities.
OMNIROUTE_SKIP_DB_HEALTHCHECK
(unset)
src/lib/db/core.ts / src/lib/db/healthCheck.ts
Set to 1 to skip the SQLite integrity health check on startup. Useful for faster boot on large databases.
Salt combined with hardware identifiers for machine fingerprinting. Change per-deployment for isolation.
OMNIROUTE_CLI_SALT
omniroute-cli-auth-v1
src/lib/machineToken.ts
HMAC salt for deriving the local CLI auth token. Changing this value rotates all CLI tokens on the machine. See docs/security/CLI_TOKEN.md.
AUTH_COOKIE_SECURE
false
src/lib/auth
Sets the Secure flag on session cookies. Must be true when running behind HTTPS.
REQUIRE_API_KEY
false
API middleware
When true, all /v1/* proxy requests must include a valid API key.
ALLOW_API_KEY_REVEAL
false
Dashboard providers page
Allows revealing full API key values in the Dashboard UI. Security risk on shared instances.
NO_LOG_API_KEY_IDS
(empty)
src/lib/compliance/index.ts
Comma-separated API key IDs that bypass request logging (GDPR compliance).
DEFAULT_RATE_LIMIT_PER_DAY
1000
src/shared/utils/apiKeyPolicy.ts
Fallback per-day request budget applied to API keys whose rate_limits column is null. Default (unset/empty/malformed) keeps the legacy 1000/day, 5000/week, 20000/month windows. Set explicitly to 0 to opt out (unlimited). Any positive integer N enables N/day, 5N/week, 20N/month. Zod-validated; invalid values log a warning and use the legacy default.
MAX_BODY_SIZE_BYTES
10485760 (10 MB)
src/shared/middleware/bodySizeGuard.ts
Maximum allowed request body size. Rejects payloads exceeding this limit.
CORS_ORIGIN
*
Next.js middleware
CORS Access-Control-Allow-Origin value. Restrict for production.
OUTBOUND_SSRF_GUARD_ENABLED
true
src/shared/network/outboundUrlGuard.ts
Block provider calls targeting private/loopback/link-local IP ranges. Disable only in isolated test envs.
OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS
false
src/shared/network/outboundUrlGuard.ts
Allow provider URLs pointing to private/local networks (localhost, 192.168.x.x, 10.x.x.x, etc.). REQUIRED for self-hosted providers (LM Studio, Ollama, vLLM, Llamafile, Triton, SearXNG). When false, the dashboard rejects validation of local URLs.
Server-side URL for internal sync jobs to call /api/sync/cloud.
CLOUD_URL
(empty)
src/lib/cloudSync.ts
Cloud relay endpoint URL (premium feature).
CLOUD_SYNC_TIMEOUT_MS
12000
src/lib/cloudSync.ts
HTTP timeout for cloud sync requests.
OMNIROUTE_BUILD_PROFILE
full
Webpack build config
Build-time profile (set to minimal to physically exclude privileged modules from bundle).
OMNIROUTE_CLOUD_SYNC_SECRET
(empty)
src/lib/cloudSync.ts
Shared secret used to verify the HMAC-SHA256 signature of Cloud Sync responses.
OMNIROUTE_CLOUD_SYNC_SECRETS
false
src/lib/cloudSync.ts
Set to true to allow the Cloud Sync endpoint to overwrite local credentials. Default is false.
OMNIROUTE_ZED_IMPORT_LEGACY_ONE_STEP
false
src/app/api/providers/zed/import/route.ts
Set to true to fall back to the v3.8.5 one-step "import everything" behavior without user confirmation.
NEXT_PUBLIC_BASE_URL
http://localhost:20128
OAuth, Dashboard, sync
Public-facing URL for OAuth redirect_uri, Dashboard links. Must match your public URL behind reverse proxy.
NEXT_PUBLIC_CLOUD_URL
(empty)
Client-side
Client-side mirror of CLOUD_URL.
NEXT_PUBLIC_APP_URL
(unset)
src/shared/services/cloudSyncScheduler.ts
Legacy fallback for NEXT_PUBLIC_BASE_URL.
OMNIROUTE_PUBLIC_BASE_URL
(unset)
open-sse/executors/chatgpt-web.ts
Browser-facing OmniRoute origin used for image URLs in API responses (e.g., /v1/chatgpt-web/image/<id>). Set this when OpenWebUI or another relay reaches OmniRoute by an internal URL but the user's browser must fetch images from a LAN, tunnel, or public origin. Do not include /v1.
OMNIROUTE_CGPT_WEB_IMAGE_TIMEOUT_MS
180000 (3 min)
open-sse/executors/chatgpt-web.ts
Max wait time for an async chatgpt-web image to land via the celsius WebSocket. Increase during upstream queue-deep windows.
OMNIROUTE_CGPT_WEB_IMAGE_CACHE_MAX_MB
256
open-sse/services/chatgptImageCache.ts
Total in-memory byte budget (MB) for the chatgpt-web image cache serving /v1/chatgpt-web/image/<id>. Lower on memory-constrained hosts; raise if image generation is heavy and clients race the 30-minute TTL.
THEOLDLLM_NAV_TIMEOUT_MS
30000 (30s)
open-sse/executors/theoldllm.ts
Playwright navigation timeout (ms) for the browser-backed token capture used by the The Old LLM (theoldllm) free provider. Raise on slow networks if the relay page is slow to settle.
KIE_CALLBACK_URL
(unset)
open-sse/utils/kieTask.ts
Public callback URL for asynchronous kie.ai jobs. Highest-priority override before OMNIROUTE_KIE_CALLBACK_URL and OMNIROUTE_PUBLIC_URL.
OMNIROUTE_KIE_CALLBACK_URL
(unset)
open-sse/utils/kieTask.ts
Alternate spelling of KIE_CALLBACK_URL. Falls back when the primary variable is unset.
OMNIROUTE_PUBLIC_URL
(unset)
open-sse/utils/kieTask.ts
Public origin used to compose async callback URLs. Lowest-priority fallback for kie.ai callbacks; also used as a generic public URL for other relays.
OMNIROUTE_CROF_USAGE_URL
https://crof.ai/usage_api/
open-sse/services/usage.ts
CrofAI quota lookup endpoint used by the Usage page. Override for relays / test fixtures.
Gemini CLI quota lookup endpoint. Override for relays / test fixtures.
OMNIROUTE_OPENCODE_QUOTA_URL
https://opencode.ai/zen/go/v1/quota
open-sse/services/opencodeQuotaFetcher.ts
OpenCode (zen/go) quota lookup endpoint used by the Usage page. Override for relays / test fixtures.
OMNIROUTE_OPENCODE_GO_QUOTA_URL
https://api.z.ai/api/monitor/usage/quota/limit
open-sse/services/usage.ts
OpenCode Go quota lookup endpoint used by the Usage page. Override for relays / test fixtures.
OMNIROUTE_CODEWHISPERER_BASE_URL
https://codewhisperer.us-east-1.amazonaws.com
open-sse/services/usage.ts
CodeWhisperer (AWS Kiro) usage limits endpoint. Override for relays / test fixtures.
[!IMPORTANT]
When deploying behind a reverse proxy (nginx, Caddy), NEXT_PUBLIC_BASE_URLmust be set to your public URL (e.g., https://omniroute.example.com). Without this, OAuth callbacks will fail because the redirect_uri won't match.
# Mount host binaries into the container and tell OmniRoute where they are:CLI_EXTRA_PATHS=/host-cli/binCLI_CONFIG_HOME=/rootCLI_ALLOW_CONFIG_WRITES=trueCLI_CLAUDE_BIN=/host-cli/bin/claude
Gap (ms) between consecutive OAuth quota fetches in a bulk sync; OAuth connections are fetched one at a time to avoid bursting an upstream. 0 opts out (concurrent).
PROVIDER_LIMITS_POST_USAGE_REFRESH_DELAY_MS
5000
src/lib/usage/providerLimits.ts
Delay (ms) before refreshing provider limits after a real usage event, giving the upstream quota API time to register consumption.
OMNIROUTE_DISABLE_BACKGROUND_SERVICES
false
src/instrumentation-node.ts
Disable all background services (sync, pricing, model refresh). Useful for CI/test.
OMNIROUTE_ENABLE_RUNTIME_BACKGROUND_TASKS
(unset)
src/lib/config/runtimeSettings.ts
Force background tasks on under automated test detection. Set 1 to override the test heuristic.
Public Firebase Web API key used by Windsurf's Secure Token Service to refresh short-lived browser-flow tokens. Client-side credential (not a secret). Long-lived import tokens skip this entirely. Source: extracted from Devin CLI binary.
WINDSURF_API_KEY
Windsurf / Devin (v3.8)
API key fallback used by open-sse/executors/devin-cli.ts when no per-connection credential is available. Optional.
CLI_DEVIN_BIN
Devin CLI (v3.8)
Custom path to the Devin CLI binary (devin). Resolved by open-sse/executors/devin-cli.ts.
GITLAB_DUO_OAUTH_CLIENT_ID
GitLab Duo (v3.8)
OAuth client ID for GitLab Duo. Register an app at https://gitlab.com/-/profile/applications with redirect URI <NEXT_PUBLIC_BASE_URL>/callback and scopes api, read_user, openid, profile, email. Falls back to GITLAB_OAUTH_CLIENT_ID.
GITLAB_DUO_OAUTH_CLIENT_SECRET
GitLab Duo (v3.8)
OAuth client secret for GitLab Duo. Optional β PKCE flow does not require a secret. Falls back to GITLAB_OAUTH_CLIENT_SECRET.
GITLAB_DUO_BASE_URL
GitLab Duo (v3.8)
Override GitLab base URL (self-hosted GitLab). Defaults to https://gitlab.com. Falls back to GITLAB_BASE_URL.
GITLAB_BASE_URL
GitLab Duo (v3.8)
Legacy fallback for GITLAB_DUO_BASE_URL. Used when the _DUO_ variant is unset.
GITLAB_OAUTH_CLIENT_ID
GitLab Duo (v3.8)
Legacy fallback for GITLAB_DUO_OAUTH_CLIENT_ID consumed by src/lib/oauth/constants/oauth.ts.
GITLAB_OAUTH_CLIENT_SECRET
GitLab Duo (v3.8)
Legacy fallback for GITLAB_DUO_OAUTH_CLIENT_SECRET consumed by src/lib/oauth/constants/oauth.ts.
QODER_OAUTH_CLIENT_SECRET
Qoder
β
QODER_OAUTH_AUTHORIZE_URL
Qoder
Set to enable Qoder OAuth.
QODER_OAUTH_TOKEN_URL
Qoder
β
QODER_OAUTH_USERINFO_URL
Qoder
β
QODER_OAUTH_CLIENT_ID
Qoder
β
QODER_PERSONAL_ACCESS_TOKEN
Qoder
Direct API key fallback (bypasses OAuth).
QODER_CLI_WORKSPACE
Qoder
Workspace ID for Qoder CLI.
OMNIROUTE_QODER_WORKSPACE
Qoder
Alias for QODER_CLI_WORKSPACE.
BLACKBOX_WEB_VALIDATED_TOKEN
Blackbox Web
Frontend tk token to send as validated on /api/chat. Required when Blackbox enforces token matching; otherwise OmniRoute falls back to a random UUID. See issue #2252.
VISION_BRIDGE_BASE_URL
Vision Bridge guardrail
OpenAI-compatible base URL for non-Anthropic vision-bridge calls. Defaults to the legacy OpenAI URL env or api.openai.com. Point at OmniRoute's /v1 self-loop or any OpenAI-compat endpoint (Gemini OpenAI-compat, OpenRouter). Issue #2232.
VISION_BRIDGE_API_KEY
Vision Bridge guardrail
API key for the URL above. Overrides per-provider OpenAI / Google env vars for non-Anthropic vision-bridge calls. Anthropic models keep their dedicated Anthropic key path. Issue #2232.
[!WARNING]
Google OAuth (Antigravity, Gemini CLI) credentials only work on localhost. For remote servers:
Override Codex client version independently of full UA string
GITHUB_USER_AGENT
GitHubCopilotChat/0.45.1
When GitHub Copilot Chat updates
ANTIGRAVITY_USER_AGENT
antigravity/2.0.1 darwin/arm64
When Antigravity IDE updates
KIRO_USER_AGENT
AWS-SDK-JS/3.0.0 kiro-ide/1.0.0
When Kiro IDE updates
KIRO_OAUTH_CLIENT_ID
kiro-cli
Override the Kiro social device-code clientId (public id)
QODER_USER_AGENT
Qoder-Cli
When Qoder CLI updates
QWEN_USER_AGENT
QwenCode/0.15.9 (linux; x64)
When Qwen Code updates
CURSOR_USER_AGENT
Cursor/3.3
When Cursor updates
GEMINI_CLI_USER_AGENT
google-api-nodejs-client/10.3.0
When Google API client updates
[!TIP]
You can add User-Agent overrides for any provider using the pattern {PROVIDER_ID}_USER_AGENT. The executor dynamically constructs the env var name.
When enabled, OmniRoute reorders HTTP headers and JSON body fields to match the exact signature of official CLI tools. This reduces the risk of account flagging while preserving your proxy IP.
Override the Kimi CLI version sent during OAuth/API calls.
KIMI_CODING_DEVICE_ID
(captured default)
src/lib/oauth/providers/kimi-coding.ts
Override the captured Kimi device ID used in client headers.
[!NOTE]
This feature works alongside the User-Agent overrides (Β§12). The fingerprint system handles header ordering and body field ordering, while User-Agent overrides handle the specific UA string. Both can be enabled independently.
API keys for providers that use direct authentication. Preferred setup: Dashboard β Providers β Add API Key.
Setting via environment variables is an alternative for Docker or headless deployments.
Recognized pattern: {PROVIDER_ID}_API_KEY
Variable
Provider
DEEPSEEK_API_KEY
DeepSeek
NVIDIA_API_KEY
NVIDIA NIM
[!NOTE]
Static ${PROVIDER}_API_KEY entries for Groq, xAI, Mistral, Perplexity, Together AI, Fireworks, Cerebras, Cohere, Nebius, and Qianfan were removed in v3.8.0 because the runtime no longer reads them β those providers rely exclusively on Dashboard / data/provider-credentials.json / the encrypted DB. See the Audit: Removed / Dead Variables section at the bottom of this document for the migration path.
[!TIP]
Keys set via the Dashboard are stored encrypted in SQLite and take precedence over environment variables.
Global shortcut β overrides both FETCH_TIMEOUT_MS and STREAM_IDLE_TIMEOUT_MS defaults.
FETCH_TIMEOUT_MS
600000
Total HTTP request timeout for upstream provider calls.
STREAM_IDLE_TIMEOUT_MS
600000
Max silence between SSE chunks before aborting. Extended-thinking models rarely pause >90s.
FETCH_HEADERS_TIMEOUT_MS
= FETCH_TIMEOUT_MS
Time to receive response headers.
FETCH_BODY_TIMEOUT_MS
= FETCH_TIMEOUT_MS
Time to receive the full response body.
FETCH_CONNECT_TIMEOUT_MS
30000
TCP connection establishment timeout.
FETCH_KEEPALIVE_TIMEOUT_MS
4000
Keep-alive socket idle timeout.
TLS_CLIENT_TIMEOUT_MS
= FETCH_TIMEOUT_MS
TLS fingerprint proxy (wreq-js) timeout.
API_BRIDGE_PROXY_TIMEOUT_MS
30000
Proxy hop timeout for /v1 bridge requests.
API_BRIDGE_SERVER_REQUEST_TIMEOUT_MS
300000
Overall server request timeout for the bridge.
API_BRIDGE_SERVER_HEADERS_TIMEOUT_MS
60000
Time to send response headers via the bridge.
API_BRIDGE_SERVER_KEEPALIVE_TIMEOUT_MS
5000
Bridge keep-alive idle timeout.
API_BRIDGE_SERVER_SOCKET_TIMEOUT_MS
0
Raw socket timeout (0 = disabled).
SHUTDOWN_TIMEOUT_MS
30000
Grace period on SIGTERM/SIGINT before force-exit.
OMNIROUTE_DEFAULT_FETCH_TIMEOUT_MS
120000
Fallback used by src/shared/utils/fetchTimeout.ts when FETCH_TIMEOUT_MS is unset.
OMNIROUTE_CHATGPT_TLS_TIMEOUT_MS
60000
Wire-level timeout for the bogdanfinn/tls-client koffi binding (chatgptTlsClient.ts).
OMNIROUTE_CHATGPT_TLS_GRACE_MS
10000
JS-side grace added on top of the wire timeout when the native binding is wedged.
OMNIROUTE_CLAUDE_TLS_TIMEOUT_MS
60000
Wire-level timeout for the bogdanfinn/tls-client koffi binding (claudeTlsClient.ts).
OMNIROUTE_CLAUDE_TLS_GRACE_MS
10000
JS-side grace added on top of the wire timeout when the native binding is wedged.
OMNIROUTE_PPLX_TLS_TIMEOUT_MS
30000
Wire-level timeout for the bogdanfinn/tls-client koffi binding (perplexityTlsClient.ts).
OMNIROUTE_PPLX_TLS_GRACE_MS
10000
JS-side grace added on top of the wire timeout when the native binding is wedged.
OMNIROUTE_GROK_TLS_TIMEOUT_MS
60000
Wire-level timeout for the bogdanfinn/tls-client koffi binding (grokTlsClient.ts).
OMNIROUTE_GROK_TLS_GRACE_MS
10000
JS-side grace added on top of the wire timeout when the native binding is wedged.
OMNIROUTE_BROWSER_POOL
on
Shared Playwright browser pool for browser-backed web-cookie chat (browserPool.ts); set off to disable.
WEB_COOKIE_USE_BROWSER
0
Opt a web-cookie chat request into the browser-backed path (browserBackedChat.ts); 1 to enable.
Combo target attempts inherit the resolved upstream request timeout (FETCH_TIMEOUT_MS, or
REQUEST_TIMEOUT_MS when it supplies the fetch default). Set targetTimeoutMs in a combo,
combo defaults, or provider override only to make combo fallback faster; values above the
current upstream timeout are capped to the upstream timeout.
TTL for search API (Perplexity, Brave, etc.) response caching.
ALLOW_MULTI_CONNECTIONS_PER_COMPAT_NODE
false
src/app/api/providers/route.ts
Allow multiple simultaneous connections per OpenAI-compatible provider.
ENABLE_CC_COMPATIBLE_PROVIDER
false
src/shared/utils/featureFlags.ts
Reveal the experimental CC-compatible provider UI for Claude Code-only relays.
NINEROUTER_HOST
127.0.0.1
open-sse/executors/ninerouter.ts
Override the host where the embedded 9router instance listens.
NINEROUTER_PORT
20130
open-sse/executors/ninerouter.ts
Override the port where the embedded 9router instance listens.
EMBED_WS_PROXY_HOST
127.0.0.1
src/lib/services/embedWsProxy.ts
Bind host for the embedded-service WebSocket proxy (loopback only by default).
EMBED_WS_PROXY_PORT
20131
src/lib/services/embedWsProxy.ts
Port for the embedded-service WebSocket proxy server.
CLIPROXYAPI_HOST
127.0.0.1
open-sse/executors/cliproxyapi.ts
CLIProxyAPI bridge host (legacy integration).
CLIPROXYAPI_PORT
5544
open-sse/executors/cliproxyapi.ts
CLIProxyAPI bridge port.
CLIPROXYAPI_CONFIG_DIR
~/.cli-proxy-api
src/lib/versionManager/processManager.ts
CLIProxyAPI config directory.
LOCAL_HOSTNAMES
(empty)
open-sse/config/providerRegistry.ts
Comma-separated additional hostnames treated as "local" (Docker service names, etc.).
ENABLE_CC_COMPATIBLE_PROVIDER is only for third-party relays that accept Claude Code clients
exclusively. OmniRoute rewrites requests so those relays accept them. If you only want to use
Claude Code CLI, or you are not sure what these relays are, keep this disabled and add a regular
Anthropic-compatible provider instead.
Max time to wait on a 429 before failing the request.
RATE_LIMIT_AUTO_ENABLE
(unset)
open-sse/services/rateLimitManager.ts
Force the auto-enable rate limit safety net on/off regardless of the persisted Dashboard setting. Accepts true/1/on to force on, false/0/off to force off.
PROVIDER_COOLDOWN_ENABLED
(unset β off)
open-sse/services/providerCooldownTracker.ts
Opt-in global cross-request provider/connection cooldown tracking. OFF by default (overlaps Connection Cooldown / Provider Circuit Breaker). Accepts true/1/on to enable.
PROVIDER_COOLDOWN_MIN_MS
5000
open-sse/services/providerCooldownTracker.ts
Minimum cooldown (ms) before a failed provider/connection is retried. Scaled exponentially with consecutive failures. Only used when PROVIDER_COOLDOWN_ENABLED.
PROVIDER_COOLDOWN_MAX_MS
300000 (5 min)
open-sse/services/providerCooldownTracker.ts
Maximum cooldown (ms) cap before a failed provider/connection is retried regardless. Only used when PROVIDER_COOLDOWN_ENABLED.
HEALTHCHECK_STAGGER_MS
3000
src/lib/tokenHealthCheck.ts
Stagger interval (ms) between provider token healthchecks at startup.
REQUEST_RETRY
2
src/sse/services/cooldownAwareRetry.ts
Number of automatic retries on model-scoped cooldown responses before returning error to client.
MAX_RETRY_INTERVAL_SEC
30
src/sse/services/cooldownAwareRetry.ts
Max backoff interval (seconds) between cooldown retries. Capped by this value regardless of upstream Retry-After.
Limits and safety knobs applied when the Skills framework (src/lib/skills/) executes user-defined automations in a sandboxed environment.
Variable
Default
Source File
Description
SKILLS_SANDBOX_TIMEOUT_MS
10000 (10 s)
src/lib/skills/builtins.ts
Per-execution wall-clock timeout for sandboxed skill code. Hard cap; anything longer is killed.
SKILLS_EXECUTION_TIMEOUT_MS
(falls back to SKILLS_SANDBOX_TIMEOUT_MS)
src/lib/skills/
High-level skill orchestration timeout. Set higher than SKILLS_SANDBOX_TIMEOUT_MS to allow multi-step workflows.
SKILLS_MAX_FILE_BYTES
1048576 (1 MB)
src/lib/skills/builtins.ts
Max bytes a skill may read from any single sandboxed file.
SKILLS_MAX_HTTP_RESPONSE_BYTES
256000 (250 KB)
src/lib/skills/builtins.ts
Max bytes captured from any single HTTP response inside a skill.
SKILLS_MAX_SANDBOX_OUTPUT_CHARS
100000
src/lib/skills/builtins.ts
Hard cap on stdout/stderr characters returned from a sandbox invocation.
SKILLS_SANDBOX_NETWORK_ENABLED
false
src/lib/skills/builtins.ts
Set 1/true to allow outbound network from inside the sandbox. Defaults to isolated for safety.
SKILLS_ALLOWED_SANDBOX_IMAGES
(empty)
src/lib/skills/builtins.ts
Comma-separated allowlist of container images permitted for sandbox execution. Empty means built-in default only.
SKILLS_SANDBOX_DOCKER_IMAGE
(built-in default)
src/lib/skills/
Container image used when spawning a Docker-backed sandbox. Override to pin a custom hardened base image.
[!CAUTION]
Enabling SKILLS_SANDBOX_NETWORK_ENABLED=true opens an egress path from arbitrary skill code. Pair with OUTBOUND_SSRF_GUARD_ENABLED=true and a strict CORS_ORIGIN/proxy policy in shared deployments.
Provider quota endpoints, network tunnels (Tailscale, Ngrok, MITM debug proxy), the 1Proxy egress pool, database backups and small per-feature overrides referenced by the executor layer or scripts.
Variable
Default
Source File
Description
REDIS_URL
redis://localhost:6379
src/shared/utils/rateLimiter.ts
Redis connection string for the rate limiter backend.
ALIBABA_CODING_PLAN_HOST
(production host)
open-sse/services/bailianQuotaFetcher.ts
Override the host used to fetch Alibaba Bailian coding-plan quotas.
ALIBABA_CODING_PLAN_QUOTA_URL
derived from host
open-sse/services/bailianQuotaFetcher.ts
Full quota URL override for Alibaba Bailian.
CONTEXT_RESERVE_TOKENS
1024
open-sse/services/contextManager.ts
Tokens reserved for completion output when computing prompt budgets.
MODEL_ALIAS_COMPAT_ENABLED
enabled
open-sse/services/model.ts
Toggle the legacy model-alias compatibility layer used by older clients.
COMMAND_CODE_CALLBACK_PORT
(unset)
src/app/api/providers/command-code/auth/shared.ts
Local port used for OAuth-style callbacks from the Command Code CLI helper.
COMMAND_CODE_VERSION
0.33.2
open-sse/executors/commandCode.ts
Value sent as the x-command-code-version header to the Command Code upstream. Override to bump the CLI version.
MITM_LOCAL_PORT
443
src/mitm/server.cjs
Local bind port for the MITM debug proxy.
MITM_DISABLE_TLS_VERIFY
0
src/mitm/server.cjs
Set 1 to disable upstream TLS verification (development only).
ONEPROXY_ENABLED
true
src/lib/oneproxySync.ts
Enable the 1Proxy egress pool sync.
ONEPROXY_API_URL
https://1proxy-api.aitradepulse.com
src/lib/oneproxySync.ts
1Proxy service API URL override.
ONEPROXY_MAX_PROXIES
500
src/lib/oneproxySync.ts
Maximum proxies imported per sync.
ONEPROXY_MIN_QUALITY_THRESHOLD
50
src/lib/oneproxySync.ts
Minimum quality score for imported proxies.
FREE_PROXY_1PROXY_ENABLED
true
src/lib/freeProxyProviders/oneproxy.ts
Enable the 1proxy free proxy source. Set to false to disable.
FREE_PROXY_1PROXY_API_URL
(see oneproxy.ts)
src/lib/freeProxyProviders/oneproxy.ts
1proxy API URL override.
FREE_PROXY_1PROXY_MAX
500
src/lib/freeProxyProviders/oneproxy.ts
Maximum proxies fetched per sync from 1proxy.
FREE_PROXY_1PROXY_MIN_QUALITY
50
src/lib/freeProxyProviders/oneproxy.ts
Minimum quality score threshold for 1proxy imports.
FREE_PROXY_PROXIFLY_ENABLED
true
src/lib/freeProxyProviders/proxifly.ts
Enable the Proxifly free proxy source. Set to false to disable.
FREE_PROXY_PROXIFLY_QUANTITY
100
src/lib/freeProxyProviders/proxifly.ts
Number of proxies to fetch per Proxifly sync.
FREE_PROXY_PROXIFLY_ANONYMITY
elite
src/lib/freeProxyProviders/proxifly.ts
Anonymity level filter for Proxifly (elite, anonymous, transparent).
FREE_PROXY_IPLOCATE_ENABLED
false
src/lib/freeProxyProviders/iplocate.ts
Enable the IPLocate free proxy source. Opt-in only.
Show/hide the Deploy Vercel Relay button in the Proxy Pool tab.
VERCEL_API_BASE
https://api.vercel.com
src/app/api/settings/proxy/vercel-deploy/route.ts
Vercel API base URL override (for testing).
NEXT_PUBLIC_VERCEL_RELAY_DEFAULT_PROJECT
omniroute-relay
src/app/(dashboard)/β¦/VercelRelayModal.tsx
Default project name pre-filled in the Vercel Relay deploy modal.
TAILSCALE_BIN
(auto-detect)
src/lib/tailscaleTunnel.ts
Explicit path to the tailscale binary.
TAILSCALED_BIN
(auto-detect)
src/lib/tailscaleTunnel.ts
Explicit path to the tailscaled daemon binary.
NGROK_AUTHTOKEN
(unset)
src/lib/ngrokTunnel.ts
Authenticates outbound ngrok tunnels.
DB_BACKUP_MAX_FILES
20
src/lib/db/backup.ts
Maximum SQLite backup files retained on disk.
DB_BACKUP_RETENTION_DAYS
0
src/lib/db/backup.ts
Maximum age (days) of retained backups. 0 disables age-based pruning.
OMNIROUTE_TLS_PROXY_URL
(unset)
open-sse/services/chatgptTlsClient.ts
Override the TLS sidecar URL for tests. Production should leave unset.
CONTAINER_HOST
docker
scripts/check-permissions.sh
Container runtime hint for the entrypoint permission check. Set to podman under rootless Podman so the fix instructions use podman unshare chown instead of sudo chown.
QUOTA_STORE_DRIVER
sqlite
src/lib/quota/storeFactory.ts
Quota-share consumption store backend: sqlite (default) or redis.
QUOTA_STORE_REDIS_URL
(unset)
src/lib/quota/storeFactory.ts
Redis connection string used when QUOTA_STORE_DRIVER=redis (e.g. redis://localhost:6379).
QUOTA_SATURATION_THRESHOLD
0.5
src/lib/quota/enforce.ts
Pool saturation ratio (0..1); at/above it the pool enters strict mode (no borrowing).
QUOTA_SOFT_DEPRIORITIZE_FACTOR
0.7
open-sse/services/combo.ts
Score multiplier (0..1) applied to a target when the soft quota policy deprioritizes it.
QUOTA_CONSUMPTION_RETENTION_DAYS
14
src/lib/db/quotaConsumption.ts
Retention window (days) for quota_consumption buckets before GC (gcQuotaConsumption).
AGENTBRIDGE_UPSTREAM_CA_CERT
(unset)
src/mitm/manager.ts
Extra CA certificate (PEM) trusted for AgentBridge upstream TLS connections.
INSPECTOR_BUFFER_SIZE
1000
src/mitm/inspector/buffer.ts
Max captured requests held in the Traffic Inspector ring buffer.
INSPECTOR_MAX_BODY_KB
1024
src/mitm/inspector/buffer.ts
Max captured request/response body size (KB) before truncation.
INSPECTOR_HTTP_PROXY_PORT
8080
src/mitm/inspector/httpProxyServer.ts
Local port for the Traffic Inspector HTTP proxy.
INSPECTOR_HTTP_PROXY_AUTOSTART
false
src/mitm/inspector/httpProxyServer.ts
Auto-start the inspector HTTP proxy on boot.
INSPECTOR_TLS_INTERCEPT
false
src/lib/inspector/captureState.ts
Enable TLS interception (MITM) for captured HTTPS traffic.
INSPECTOR_LLM_HOSTS_EXTRA
(unset)
src/lib/inspector/captureState.ts
Extra hostnames (comma-separated) treated as LLM endpoints for capture.
INSPECTOR_MASK_SECRETS
true
src/mitm/inspector/buffer.ts
Mask secrets (auth headers / API keys) in captured traffic.
Used by scripts/dev/run-next-playwright.mjs, scripts/dev/smoke-electron-packaged.mjs,
scripts/dev/run-ecosystem-tests.mjs, and scripts/build/uninstall.mjs. Leave every
value below unset in production deployments.
Variable
Default
Source File
Description
OMNIROUTE_E2E_BOOTSTRAP_MODE
auth
scripts/dev/run-next-playwright.mjs
E2E bootstrap mode (auth, fresh, reuse) for the Playwright runner.
OMNIROUTE_E2E_PASSWORD
falls back to INITIAL_PASSWORD
scripts/dev/run-next-playwright.mjs
Admin password injected into the Playwright environment.
OMNIROUTE_DISABLE_LOCAL_HEALTHCHECK
true
scripts/dev/run-next-playwright.mjs
Disable the local healthcheck poll during Playwright runs.
OMNIROUTE_DISABLE_TOKEN_HEALTHCHECK
true
scripts/dev/run-next-playwright.mjs
Disable the OAuth token healthcheck loop during tests.
OMNIROUTE_HEALTHCHECK_SKIP_PROVIDERS
(unset)
src/lib/tokenHealthCheck.ts
Comma-separated providers excluded from the proactive token-refresh sweep (e.g. codex,openai). Targeted alternative to fully disabling the healthcheck β short-TTL providers keep refreshing while cascade providers stay reactive-only.
OMNIROUTE_HIDE_HEALTHCHECK_LOGS
true
scripts/dev/run-next-playwright.mjs
Silence healthcheck noise in Playwright stdout.
OMNIROUTE_PLAYWRIGHT_SKIP_BUILD
0
scripts/dev/run-next-playwright.mjs
Skip the Next.js production build before Playwright starts (CI optimization).
OMNIROUTE_SKIP_UNINSTALL_HOOK
0
scripts/build/uninstall.mjs
Skip the OmniRoute uninstall hook (used by CI to keep node_modules intact).
ECOSYSTEM_SERVER_WAIT_MS
180000
scripts/dev/run-ecosystem-tests.mjs
Wait time (ms) for the server to become healthy before running ecosystem/protocol tests.
ELECTRON_SMOKE_URL
http://127.0.0.1:20128/login
scripts/dev/smoke-electron-packaged.mjs
URL the Electron smoke harness expects the packaged app to serve.
ELECTRON_SMOKE_TIMEOUT_MS
45000
scripts/dev/smoke-electron-packaged.mjs
Total timeout (ms) before the smoke harness gives up.
ELECTRON_SMOKE_SETTLE_MS
2000
scripts/dev/smoke-electron-packaged.mjs
Settle window (ms) after the page loads.
ELECTRON_SMOKE_APP_EXECUTABLE
(auto)
scripts/dev/smoke-electron-packaged.mjs
Explicit path to the packaged Electron executable.
ELECTRON_SMOKE_DATA_DIR
(tmpdir)
scripts/dev/smoke-electron-packaged.mjs
Data directory for the Electron smoke run.
ELECTRON_SMOKE_KEEP_DATA
0
scripts/dev/smoke-electron-packaged.mjs
Set 1 to preserve the smoke data directory after the run.
ELECTRON_SMOKE_STREAM_LOGS
0
scripts/dev/smoke-electron-packaged.mjs
Set 1 to stream Electron logs to stdout during the run.
Used by scripts/i18n/run-translation.mjs (the npm run i18n:run command).
All five variables are unset by default β set them in .env only on machines
that should be able to run the docs translator.
Variable
Default
Source File
Description
OMNIROUTE_TRANSLATION_API_URL
(unset)
scripts/i18n/run-translation.mjs
OpenAI-compatible base URL for the translation backend.
OMNIROUTE_TRANSLATION_API_KEY
(unset)
scripts/i18n/run-translation.mjs
Bearer token for the translation backend (never logged).
OMNIROUTE_TRANSLATION_MODEL
(unset)
scripts/i18n/run-translation.mjs
Model id, e.g. gpt-4o-mini or cx/gpt-5.4-mini.
OMNIROUTE_TRANSLATION_TIMEOUT_MS
60000
scripts/i18n/run-translation.mjs
Per-request timeout in milliseconds.
OMNIROUTE_TRANSLATION_CONCURRENCY
4
scripts/i18n/run-translation.mjs
Parallel translation requests when running over multiple files / locales.
Used by scripts/ad-hoc/regen-opencode-config.ts to regenerate an opencode.json
with accurate limit.context and limit.output values pulled from the running
OmniRoute instance. None of these are required for normal operation β the script
is developer tooling only.
Variable
Default
Source File
Description
OMNIROUTE_URL
http://localhost:20128
scripts/ad-hoc/regen-opencode-config.ts
Base URL of the OmniRoute instance to query for /v1/models.
OMNIROUTE_KEY
(unset)
scripts/ad-hoc/regen-opencode-config.ts
API key to authenticate against the OmniRoute /v1/models endpoint. Falls back to OPENCODE_API_KEY when unset.
OPENCODE_API_KEY
(unset)
scripts/ad-hoc/regen-opencode-config.ts
OpenCode-style API key (sk-...) written into the regenerated opencode.json. Falls back to OMNIROUTE_KEY when unset.