All environment variables are validated at startup using Zod schemas defined in packages/server/src/config/env.ts. The server will exit with descriptive errors if validation fails.
Used by pnpm seed to create the initial administrator account.
Variable
Required
Default
Validation
SUPER_ADMIN_EMAIL
No
admin@ai-gateway.local
Valid email address
SUPER_ADMIN_PASSWORD
Yes
—
12+ characters, must include uppercase, lowercase, digit, and special character
Semantic Cache
Variable
Required
Default
Description
CACHE_EMBEDDING_MODEL
No
nomic-embed-text
Embedding model for cache similarity
CACHE_SIMILARITY_THRESHOLD
No
0.96
Cosine similarity threshold (0.0-1.0)
CACHE_DEFAULT_TTL_SECONDS
No
86400
Cache entry TTL in seconds (default: 24 hours)
Rate Limiting
Variable
Required
Default
Description
RATE_LIMIT_WINDOW_MS
No
60000
Window duration in milliseconds
RATE_LIMIT_MAX_PER_WINDOW
No
60
Max requests per window
CORS and Networking
Variable
Required
Default
Description
CORS_ORIGINS
No
(empty)
Comma-separated allowed origins (each must be a valid URL)
SOCKET_CORS_ORIGIN
No
http://localhost:3001
Socket.io CORS origin
ADMIN_URL
No
http://localhost:3001
Admin dashboard URL
SSO_CALLBACK_BASE_URL
No
(optional)
Base URL for SSO callback endpoints
Background Workers
Variable
Required
Default
Description
BULLMQ_PREFIX
No
aigw
Redis key prefix for BullMQ queues
S3 Backup
All S3 variables are optional. When not configured, audit log backups are stored locally.
Variable
Required
Default
Description
S3_BUCKET
No
—
S3 bucket name
S3_REGION
No
us-east-1
AWS region
S3_ACCESS_KEY_ID
No
—
AWS access key ID
S3_SECRET_ACCESS_KEY
No
—
AWS secret access key
S3_PREFIX
No
backups
Key prefix within the S3 bucket
SIEM Export
All SIEM variables are optional. When not configured, SIEM export is disabled.
Variable
Required
Default
Description
SIEM_TYPE
No
—
Export type: splunk, elk, or webhook
SIEM_URL
No
—
SIEM endpoint URL
SIEM_TOKEN
No
—
Authentication token
SIEM_BATCH_SIZE
No
100
Events per batch
License (EE)
The Enterprise Edition gates startup on an Ed25519-signed license JWT issued by the 137 & Co. platform. If LICENSE_TOKEN is missing or invalid when NODE_ENV=production, the server exits with process.exit(1) after logging a fatal license error.
Variable
Required
Default
Description
LICENSE_TOKEN
Prod
—
Ed25519-signed JWT issued by the 137 & Co. platform. Required in production.
LICENSE_PUBLIC_KEYS
When LICENSE_TOKEN is set
—
One or more PEM-encoded public keys joined with ;; (the double-semicolon delimiter is used because newlines inside env values are unreliable across shells and Docker).
LICENSE_SERVER_URL
No
—
When set, the verifier polls this URL for revocation status. Unset means air-gapped mode (no phone-home).
LICENSE_PHONE_HOME_INTERVAL_MS
No
86400000
Polling interval (ms) for the revocation check. Default is 24 hours.
LICENSE_GRACE_PERIOD_MS
No
604800000
How long an expired or revoked token continues to work before the server exits. Default is 7 days.
GATEWYSE_LICENSE_FINGERPRINT
No
—
Optional hardware-fingerprint override. Read directly via process.env in packages/license/src/fingerprint.ts (it is not part of the Zod env schema), because the license verifier runs before env validation. When set, it overrides the auto-derived machine fingerprint used for hardware-bound licenses.
The license verifier runs before the Zod env validator and Winston logger because both depend on environment that has not yet been validated at bootstrap time. For that reason LICENSE_* and GATEWYSE_LICENSE_FINGERPRINT are read straight from process.env and do not appear in the Zod env schema. See packages/server/src/services/license.service.ts for the boot sequence.
API Documentation
Variable
Required
Default
Description
ENABLE_SWAGGER
No
false
When true, exposes the Swagger UI at /docs. In production this is off by default; set to true to enable.
Provider API Keys
Provider API keys are managed through the admin dashboard (or the admin API) and stored per-tenant, encrypted at rest with AES-256-GCM — the gateway resolves them from the database at request time. There is no runtime code path that reads OPENAI_API_KEY, ANTHROPIC_API_KEY, etc. from the environment for live routing.
The variable names below are listed for reference only (e.g. for local development scripts, seeding, or smoke tests); setting them does not configure a provider for the gateway:
