mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-02-27 21:04:08 +01:00
a0f9782e60
* fix: store hide_sequential_outputs before processStream clears config processStream now clears config.configurable after completion to break memory retention chains. Save hide_sequential_outputs to a local variable before calling runAgents so the post-stream filter still works. * feat: memory diagnostics * chore: expose garbage collection in backend inspect command Updated the backend inspect command in package.json to include the --expose-gc flag, enabling garbage collection diagnostics for improved memory management during development. * chore: update @librechat/agents dependency to version 3.1.52 Bumped the version of @librechat/agents in package.json and package-lock.json to ensure compatibility and access to the latest features and fixes. * fix: clear heavy config state after processStream to prevent memory leaks Break the reference chain from LangGraph's internal __pregel_scratchpad through @langchain/core RunTree.extra[lc:child_config] into the AsyncLocalStorage context captured by timers and I/O handles. After stream completion, null out symbol-keyed scratchpad properties (currentTaskInput), config.configurable, and callbacks. Also call Graph.clearHeavyState() to release config, signal, content maps, handler registry, and tool sessions. * chore: fix imports for memory utils * chore: add circular dependency check in API build step Enhanced the backend review workflow to include a check for circular dependencies during the API build process. If a circular dependency is detected, an error message is displayed, and the process exits with a failure status. * chore: update API build step to include circular dependency detection Modified the backend review workflow to rename the API package installation step to reflect its new functionality, which now includes detection of circular dependencies during the build process. * chore: add memory diagnostics option to .env.example Included a commented-out configuration option for enabling memory diagnostics in the .env.example file, which logs heap and RSS snapshots every 60 seconds when activated. * chore: remove redundant agentContexts cleanup in disposeClient function Streamlined the disposeClient function by eliminating duplicate cleanup logic for agentContexts, ensuring efficient memory management during client disposal. * refactor: move runOutsideTracing utility to utils and update its usage Refactored the runOutsideTracing function by relocating it to the utils module for better organization. Updated the tool execution handler to utilize the new import, ensuring consistent tracing behavior during tool execution. * refactor: enhance connection management and diagnostics Added a method to ConnectionsRepository for retrieving the active connection count. Updated UserConnectionManager to utilize this new method for app connection count reporting. Refined the OAuthReconnectionTracker's getStats method to improve clarity in diagnostics. Introduced a new tracing utility in the utils module to streamline tracing context management. Additionally, added a safeguard in memory diagnostics to prevent unnecessary snapshot collection for very short intervals. * refactor: enhance tracing utility and add memory diagnostics tests Refactored the runOutsideTracing function to improve warning logic when the AsyncLocalStorage context is missing. Added tests for memory diagnostics and tracing utilities to ensure proper functionality and error handling. Introduced a new test suite for memory diagnostics, covering snapshot collection and garbage collection behavior.
848 lines
27 KiB
Text
848 lines
27 KiB
Text
#=====================================================================#
|
|
# LibreChat Configuration #
|
|
#=====================================================================#
|
|
# Please refer to the reference documentation for assistance #
|
|
# with configuring your LibreChat environment. #
|
|
# #
|
|
# https://www.librechat.ai/docs/configuration/dotenv #
|
|
#=====================================================================#
|
|
|
|
#==================================================#
|
|
# Server Configuration #
|
|
#==================================================#
|
|
|
|
HOST=localhost
|
|
PORT=3080
|
|
|
|
MONGO_URI=mongodb://127.0.0.1:27017/LibreChat
|
|
#The maximum number of connections in the connection pool. */
|
|
MONGO_MAX_POOL_SIZE=
|
|
#The minimum number of connections in the connection pool. */
|
|
MONGO_MIN_POOL_SIZE=
|
|
#The maximum number of connections that may be in the process of being established concurrently by the connection pool. */
|
|
MONGO_MAX_CONNECTING=
|
|
#The maximum number of milliseconds that a connection can remain idle in the pool before being removed and closed. */
|
|
MONGO_MAX_IDLE_TIME_MS=
|
|
#The maximum time in milliseconds that a thread can wait for a connection to become available. */
|
|
MONGO_WAIT_QUEUE_TIMEOUT_MS=
|
|
# Set to false to disable automatic index creation for all models associated with this connection. */
|
|
MONGO_AUTO_INDEX=
|
|
# Set to `false` to disable Mongoose automatically calling `createCollection()` on every model created on this connection. */
|
|
MONGO_AUTO_CREATE=
|
|
|
|
DOMAIN_CLIENT=http://localhost:3080
|
|
DOMAIN_SERVER=http://localhost:3080
|
|
|
|
NO_INDEX=true
|
|
# Use the address that is at most n number of hops away from the Express application.
|
|
# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
|
|
# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
|
|
# Defaulted to 1.
|
|
TRUST_PROXY=1
|
|
|
|
# Minimum password length for user authentication
|
|
# Default: 8
|
|
# Note: When using LDAP authentication, you may want to set this to 1
|
|
# to bypass local password validation, as LDAP servers handle their own
|
|
# password policies.
|
|
# MIN_PASSWORD_LENGTH=8
|
|
|
|
# When enabled, the app will continue running after encountering uncaught exceptions
|
|
# instead of exiting the process. Not recommended for production unless necessary.
|
|
# CONTINUE_ON_UNCAUGHT_EXCEPTION=false
|
|
|
|
#===============#
|
|
# JSON Logging #
|
|
#===============#
|
|
|
|
# Use when process console logs in cloud deployment like GCP/AWS
|
|
CONSOLE_JSON=false
|
|
|
|
#===============#
|
|
# Debug Logging #
|
|
#===============#
|
|
|
|
DEBUG_LOGGING=true
|
|
DEBUG_CONSOLE=false
|
|
|
|
# Enable memory diagnostics (logs heap/RSS snapshots every 60s, auto-enabled with --inspect)
|
|
# MEM_DIAG=true
|
|
|
|
#=============#
|
|
# Permissions #
|
|
#=============#
|
|
|
|
# UID=1000
|
|
# GID=1000
|
|
|
|
#==============#
|
|
# Node Options #
|
|
#==============#
|
|
|
|
# NOTE: NODE_MAX_OLD_SPACE_SIZE is NOT recognized by Node.js directly.
|
|
# This variable is used as a build argument for Docker or CI/CD workflows,
|
|
# and is NOT used by Node.js to set the heap size at runtime.
|
|
# To configure Node.js memory, use NODE_OPTIONS, e.g.:
|
|
# NODE_OPTIONS="--max-old-space-size=6144"
|
|
# See: https://nodejs.org/api/cli.html#--max-old-space-sizesize-in-mib
|
|
NODE_MAX_OLD_SPACE_SIZE=6144
|
|
|
|
#===============#
|
|
# Configuration #
|
|
#===============#
|
|
# Use an absolute path, a relative path, or a URL
|
|
|
|
# CONFIG_PATH="/alternative/path/to/librechat.yaml"
|
|
|
|
#==================#
|
|
# Langfuse Tracing #
|
|
#==================#
|
|
|
|
# Get Langfuse API keys for your project from the project settings page: https://cloud.langfuse.com
|
|
|
|
# LANGFUSE_PUBLIC_KEY=
|
|
# LANGFUSE_SECRET_KEY=
|
|
# LANGFUSE_BASE_URL=
|
|
|
|
#===================================================#
|
|
# Endpoints #
|
|
#===================================================#
|
|
|
|
# ENDPOINTS=openAI,assistants,azureOpenAI,google,anthropic
|
|
|
|
PROXY=
|
|
|
|
#===================================#
|
|
# Known Endpoints - librechat.yaml #
|
|
#===================================#
|
|
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
|
|
|
|
# ANYSCALE_API_KEY=
|
|
# APIPIE_API_KEY=
|
|
# COHERE_API_KEY=
|
|
# DEEPSEEK_API_KEY=
|
|
# DATABRICKS_API_KEY=
|
|
# FIREWORKS_API_KEY=
|
|
# GROQ_API_KEY=
|
|
# HUGGINGFACE_TOKEN=
|
|
# MISTRAL_API_KEY=
|
|
# OPENROUTER_KEY=
|
|
# PERPLEXITY_API_KEY=
|
|
# SHUTTLEAI_API_KEY=
|
|
# TOGETHERAI_API_KEY=
|
|
# UNIFY_API_KEY=
|
|
# XAI_API_KEY=
|
|
|
|
#============#
|
|
# Anthropic #
|
|
#============#
|
|
|
|
ANTHROPIC_API_KEY=user_provided
|
|
# ANTHROPIC_MODELS=claude-sonnet-4-6,claude-opus-4-6,claude-opus-4-20250514,claude-sonnet-4-20250514,claude-3-7-sonnet-20250219,claude-3-5-sonnet-20241022,claude-3-5-haiku-20241022,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307
|
|
# ANTHROPIC_REVERSE_PROXY=
|
|
|
|
# Set to true to use Anthropic models through Google Vertex AI instead of direct API
|
|
# ANTHROPIC_USE_VERTEX=
|
|
# ANTHROPIC_VERTEX_REGION=us-east5
|
|
|
|
#============#
|
|
# Azure #
|
|
#============#
|
|
|
|
# Note: these variables are DEPRECATED
|
|
# Use the `librechat.yaml` configuration for `azureOpenAI` instead
|
|
# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
|
|
|
|
# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
|
|
# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
|
|
# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
|
|
# AZURE_API_KEY= # Deprecated
|
|
# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
|
|
# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
|
|
# AZURE_OPENAI_API_VERSION= # Deprecated
|
|
# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
|
|
# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
|
|
|
|
#=================#
|
|
# AWS Bedrock #
|
|
#=================#
|
|
|
|
# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
|
|
# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
|
|
# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
|
|
# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
|
|
|
|
# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
|
|
# BEDROCK_AWS_MODELS=anthropic.claude-sonnet-4-6,anthropic.claude-opus-4-6-v1,anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
|
|
# Cross-region inference model IDs: us.anthropic.claude-sonnet-4-6,us.anthropic.claude-opus-4-6-v1,global.anthropic.claude-opus-4-6-v1
|
|
|
|
# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
|
|
|
|
# Notes on specific models:
|
|
# The following models are not support due to not supporting streaming:
|
|
# ai21.j2-mid-v1
|
|
|
|
# The following models are not support due to not supporting conversation history:
|
|
# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
|
|
|
|
#============#
|
|
# Google #
|
|
#============#
|
|
|
|
GOOGLE_KEY=user_provided
|
|
|
|
# GOOGLE_REVERSE_PROXY=
|
|
# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
|
|
# GOOGLE_AUTH_HEADER=true
|
|
|
|
# Gemini API (AI Studio)
|
|
# GOOGLE_MODELS=gemini-3.1-pro-preview,gemini-3.1-pro-preview-customtools,gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite,gemini-2.0-flash,gemini-2.0-flash-lite
|
|
|
|
# Vertex AI
|
|
# GOOGLE_MODELS=gemini-3.1-pro-preview,gemini-3.1-pro-preview-customtools,gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite,gemini-2.0-flash-001,gemini-2.0-flash-lite-001
|
|
|
|
# GOOGLE_TITLE_MODEL=gemini-2.0-flash-lite-001
|
|
|
|
# Google Cloud region for Vertex AI (used by both chat and image generation)
|
|
# GOOGLE_LOC=us-central1
|
|
|
|
# Alternative region env var for Gemini Image Generation
|
|
# GOOGLE_CLOUD_LOCATION=global
|
|
|
|
# Vertex AI Service Account Configuration
|
|
# Path to your Google Cloud service account JSON file
|
|
# GOOGLE_SERVICE_KEY_FILE=/path/to/service-account.json
|
|
|
|
# Google Safety Settings
|
|
# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
|
|
#
|
|
# For Vertex AI:
|
|
# To use the BLOCK_NONE setting, you need either:
|
|
# (a) Access through an allowlist via your Google account team, or
|
|
# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
|
|
#
|
|
# For Gemini API (AI Studio):
|
|
# BLOCK_NONE is available by default, no special account requirements.
|
|
#
|
|
# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
|
|
#
|
|
# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
|
|
# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
|
|
# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
|
|
# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
|
|
# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
|
|
|
|
#========================#
|
|
# Gemini Image Generation #
|
|
#========================#
|
|
|
|
# Gemini Image Generation Tool (for Agents)
|
|
# Supports multiple authentication methods in priority order:
|
|
# 1. User-provided API key (via GUI)
|
|
# 2. GEMINI_API_KEY env var (admin-configured)
|
|
# 3. GOOGLE_KEY env var (shared with Google chat endpoint)
|
|
# 4. Vertex AI service account (via GOOGLE_SERVICE_KEY_FILE)
|
|
|
|
# Option A: Use dedicated Gemini API key for image generation
|
|
# GEMINI_API_KEY=your-gemini-api-key
|
|
|
|
# Vertex AI model for image generation (defaults to gemini-2.5-flash-image)
|
|
# GEMINI_IMAGE_MODEL=gemini-2.5-flash-image
|
|
|
|
#============#
|
|
# OpenAI #
|
|
#============#
|
|
|
|
OPENAI_API_KEY=user_provided
|
|
# OPENAI_MODELS=gpt-5,gpt-5-codex,gpt-5-mini,gpt-5-nano,o3-pro,o3,o4-mini,gpt-4.1,gpt-4.1-mini,gpt-4.1-nano,o3-mini,o1-pro,o1,gpt-4o,gpt-4o-mini
|
|
|
|
DEBUG_OPENAI=false
|
|
|
|
# TITLE_CONVO=false
|
|
# OPENAI_TITLE_MODEL=gpt-4o-mini
|
|
|
|
# OPENAI_SUMMARIZE=true
|
|
# OPENAI_SUMMARY_MODEL=gpt-4o-mini
|
|
|
|
# OPENAI_FORCE_PROMPT=true
|
|
|
|
# OPENAI_REVERSE_PROXY=
|
|
|
|
# OPENAI_ORGANIZATION=
|
|
|
|
#====================#
|
|
# Assistants API #
|
|
#====================#
|
|
|
|
ASSISTANTS_API_KEY=user_provided
|
|
# ASSISTANTS_BASE_URL=
|
|
# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
|
|
|
|
#==========================#
|
|
# Azure Assistants API #
|
|
#==========================#
|
|
|
|
# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
|
|
# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
|
|
|
|
# More info, including how to enable use of Assistants with Azure here:
|
|
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
|
|
|
|
CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0
|
|
CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb
|
|
|
|
# Azure AI Search
|
|
#-----------------
|
|
AZURE_AI_SEARCH_SERVICE_ENDPOINT=
|
|
AZURE_AI_SEARCH_INDEX_NAME=
|
|
AZURE_AI_SEARCH_API_KEY=
|
|
|
|
AZURE_AI_SEARCH_API_VERSION=
|
|
AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
|
|
AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
|
|
AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
|
|
|
|
# OpenAI Image Tools Customization
|
|
#----------------
|
|
# IMAGE_GEN_OAI_API_KEY= # Create or reuse OpenAI API key for image generation tool
|
|
# IMAGE_GEN_OAI_BASEURL= # Custom OpenAI base URL for image generation tool
|
|
# IMAGE_GEN_OAI_AZURE_API_VERSION= # Custom Azure OpenAI deployments
|
|
# IMAGE_GEN_OAI_MODEL=gpt-image-1 # OpenAI image model (e.g., gpt-image-1, gpt-image-1.5)
|
|
# IMAGE_GEN_OAI_DESCRIPTION=
|
|
# IMAGE_GEN_OAI_DESCRIPTION_WITH_FILES=Custom description for image generation tool when files are present
|
|
# IMAGE_GEN_OAI_DESCRIPTION_NO_FILES=Custom description for image generation tool when no files are present
|
|
# IMAGE_EDIT_OAI_DESCRIPTION=Custom description for image editing tool
|
|
# IMAGE_GEN_OAI_PROMPT_DESCRIPTION=Custom prompt description for image generation tool
|
|
# IMAGE_EDIT_OAI_PROMPT_DESCRIPTION=Custom prompt description for image editing tool
|
|
|
|
# DALL·E
|
|
#----------------
|
|
# DALLE_API_KEY=
|
|
# DALLE3_API_KEY=
|
|
# DALLE2_API_KEY=
|
|
# DALLE3_SYSTEM_PROMPT=
|
|
# DALLE2_SYSTEM_PROMPT=
|
|
# DALLE_REVERSE_PROXY=
|
|
# DALLE3_BASEURL=
|
|
# DALLE2_BASEURL=
|
|
|
|
# DALL·E (via Azure OpenAI)
|
|
# Note: requires some of the variables above to be set
|
|
#----------------
|
|
# DALLE3_AZURE_API_VERSION=
|
|
# DALLE2_AZURE_API_VERSION=
|
|
|
|
# Flux
|
|
#-----------------
|
|
FLUX_API_BASE_URL=https://api.us1.bfl.ai
|
|
# FLUX_API_BASE_URL = 'https://api.bfl.ml';
|
|
|
|
# Get your API key at https://api.us1.bfl.ai/auth/profile
|
|
# FLUX_API_KEY=
|
|
|
|
# Google
|
|
#-----------------
|
|
GOOGLE_SEARCH_API_KEY=
|
|
GOOGLE_CSE_ID=
|
|
|
|
# Stable Diffusion
|
|
#-----------------
|
|
SD_WEBUI_URL=http://host.docker.internal:7860
|
|
|
|
# Tavily
|
|
#-----------------
|
|
TAVILY_API_KEY=
|
|
|
|
# Traversaal
|
|
#-----------------
|
|
TRAVERSAAL_API_KEY=
|
|
|
|
# WolframAlpha
|
|
#-----------------
|
|
WOLFRAM_APP_ID=
|
|
|
|
# Zapier
|
|
#-----------------
|
|
ZAPIER_NLA_API_KEY=
|
|
|
|
#==================================================#
|
|
# Search #
|
|
#==================================================#
|
|
|
|
SEARCH=true
|
|
MEILI_NO_ANALYTICS=true
|
|
MEILI_HOST=http://0.0.0.0:7700
|
|
MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt
|
|
|
|
# Optional: Disable indexing, useful in a multi-node setup
|
|
# where only one instance should perform an index sync.
|
|
# MEILI_NO_SYNC=true
|
|
|
|
#==================================================#
|
|
# Speech to Text & Text to Speech #
|
|
#==================================================#
|
|
|
|
STT_API_KEY=
|
|
TTS_API_KEY=
|
|
|
|
#==================================================#
|
|
# RAG #
|
|
#==================================================#
|
|
# More info: https://www.librechat.ai/docs/configuration/rag_api
|
|
|
|
# RAG_OPENAI_BASEURL=
|
|
# RAG_OPENAI_API_KEY=
|
|
# RAG_USE_FULL_CONTEXT=
|
|
# EMBEDDINGS_PROVIDER=openai
|
|
# EMBEDDINGS_MODEL=text-embedding-3-small
|
|
|
|
#===================================================#
|
|
# User System #
|
|
#===================================================#
|
|
|
|
#========================#
|
|
# Moderation #
|
|
#========================#
|
|
|
|
OPENAI_MODERATION=false
|
|
OPENAI_MODERATION_API_KEY=
|
|
# OPENAI_MODERATION_REVERSE_PROXY=
|
|
|
|
BAN_VIOLATIONS=true
|
|
BAN_DURATION=1000 * 60 * 60 * 2
|
|
BAN_INTERVAL=20
|
|
|
|
LOGIN_VIOLATION_SCORE=1
|
|
REGISTRATION_VIOLATION_SCORE=1
|
|
CONCURRENT_VIOLATION_SCORE=1
|
|
MESSAGE_VIOLATION_SCORE=1
|
|
NON_BROWSER_VIOLATION_SCORE=20
|
|
TTS_VIOLATION_SCORE=0
|
|
STT_VIOLATION_SCORE=0
|
|
FORK_VIOLATION_SCORE=0
|
|
IMPORT_VIOLATION_SCORE=0
|
|
FILE_UPLOAD_VIOLATION_SCORE=0
|
|
|
|
LOGIN_MAX=7
|
|
LOGIN_WINDOW=5
|
|
REGISTER_MAX=5
|
|
REGISTER_WINDOW=60
|
|
|
|
LIMIT_CONCURRENT_MESSAGES=true
|
|
CONCURRENT_MESSAGE_MAX=2
|
|
|
|
LIMIT_MESSAGE_IP=true
|
|
MESSAGE_IP_MAX=40
|
|
MESSAGE_IP_WINDOW=1
|
|
|
|
LIMIT_MESSAGE_USER=false
|
|
MESSAGE_USER_MAX=40
|
|
MESSAGE_USER_WINDOW=1
|
|
|
|
ILLEGAL_MODEL_REQ_SCORE=5
|
|
|
|
#========================#
|
|
# Balance #
|
|
#========================#
|
|
|
|
# CHECK_BALANCE=false
|
|
# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
|
|
|
|
#========================#
|
|
# Registration and Login #
|
|
#========================#
|
|
|
|
ALLOW_EMAIL_LOGIN=true
|
|
ALLOW_REGISTRATION=true
|
|
ALLOW_SOCIAL_LOGIN=false
|
|
ALLOW_SOCIAL_REGISTRATION=false
|
|
ALLOW_PASSWORD_RESET=false
|
|
# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
|
|
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
|
|
|
|
SESSION_EXPIRY=1000 * 60 * 15
|
|
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
|
|
|
|
JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
|
|
JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418
|
|
|
|
# Discord
|
|
DISCORD_CLIENT_ID=
|
|
DISCORD_CLIENT_SECRET=
|
|
DISCORD_CALLBACK_URL=/oauth/discord/callback
|
|
|
|
# Facebook
|
|
FACEBOOK_CLIENT_ID=
|
|
FACEBOOK_CLIENT_SECRET=
|
|
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
|
|
|
|
# GitHub
|
|
GITHUB_CLIENT_ID=
|
|
GITHUB_CLIENT_SECRET=
|
|
GITHUB_CALLBACK_URL=/oauth/github/callback
|
|
# GitHub Enterprise
|
|
# GITHUB_ENTERPRISE_BASE_URL=
|
|
# GITHUB_ENTERPRISE_USER_AGENT=
|
|
|
|
# Google
|
|
GOOGLE_CLIENT_ID=
|
|
GOOGLE_CLIENT_SECRET=
|
|
GOOGLE_CALLBACK_URL=/oauth/google/callback
|
|
|
|
# Apple
|
|
APPLE_CLIENT_ID=
|
|
APPLE_TEAM_ID=
|
|
APPLE_KEY_ID=
|
|
APPLE_PRIVATE_KEY_PATH=
|
|
APPLE_CALLBACK_URL=/oauth/apple/callback
|
|
|
|
# OpenID
|
|
OPENID_CLIENT_ID=
|
|
OPENID_CLIENT_SECRET=
|
|
OPENID_ISSUER=
|
|
OPENID_SESSION_SECRET=
|
|
OPENID_SCOPE="openid profile email"
|
|
OPENID_CALLBACK_URL=/oauth/openid/callback
|
|
OPENID_REQUIRED_ROLE=
|
|
OPENID_REQUIRED_ROLE_TOKEN_KIND=
|
|
OPENID_REQUIRED_ROLE_PARAMETER_PATH=
|
|
OPENID_ADMIN_ROLE=
|
|
OPENID_ADMIN_ROLE_PARAMETER_PATH=
|
|
OPENID_ADMIN_ROLE_TOKEN_KIND=
|
|
# Set to determine which user info property returned from OpenID Provider to store as the User's username
|
|
OPENID_USERNAME_CLAIM=
|
|
# Set to determine which user info property returned from OpenID Provider to store as the User's name
|
|
OPENID_NAME_CLAIM=
|
|
# Optional audience parameter for OpenID authorization requests
|
|
OPENID_AUDIENCE=
|
|
|
|
OPENID_BUTTON_LABEL=
|
|
OPENID_IMAGE_URL=
|
|
# Set to true to automatically redirect to the OpenID provider when a user visits the login page
|
|
# This will bypass the login form completely for users, only use this if OpenID is your only authentication method
|
|
OPENID_AUTO_REDIRECT=false
|
|
# Set to true to use PKCE (Proof Key for Code Exchange) for OpenID authentication
|
|
OPENID_USE_PKCE=false
|
|
#Set to true to reuse openid tokens for authentication management instead of using the mongodb session and the custom refresh token.
|
|
OPENID_REUSE_TOKENS=
|
|
#By default, signing key verification results are cached in order to prevent excessive HTTP requests to the JWKS endpoint.
|
|
#If a signing key matching the kid is found, this will be cached and the next time this kid is requested the signing key will be served from the cache.
|
|
#Default is true.
|
|
OPENID_JWKS_URL_CACHE_ENABLED=
|
|
OPENID_JWKS_URL_CACHE_TIME= # 600000 ms eq to 10 minutes leave empty to disable caching
|
|
#Set to true to trigger token exchange flow to acquire access token for the userinfo endpoint.
|
|
OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED=
|
|
OPENID_ON_BEHALF_FLOW_USERINFO_SCOPE="user.read" # example for Scope Needed for Microsoft Graph API
|
|
# Set to true to use the OpenID Connect end session endpoint for logout
|
|
OPENID_USE_END_SESSION_ENDPOINT=
|
|
# URL to redirect to after OpenID logout (defaults to ${DOMAIN_CLIENT}/login)
|
|
OPENID_POST_LOGOUT_REDIRECT_URI=
|
|
|
|
#========================#
|
|
# SharePoint Integration #
|
|
#========================#
|
|
# Requires Entra ID (OpenID) authentication to be configured
|
|
|
|
# Enable SharePoint file picker in chat and agent panels
|
|
# ENABLE_SHAREPOINT_FILEPICKER=true
|
|
|
|
# SharePoint tenant base URL (e.g., https://yourtenant.sharepoint.com)
|
|
# SHAREPOINT_BASE_URL=https://yourtenant.sharepoint.com
|
|
|
|
# Microsoft Graph API And SharePoint scopes for file picker
|
|
# SHAREPOINT_PICKER_SHAREPOINT_SCOPE==https://yourtenant.sharepoint.com/AllSites.Read
|
|
# SHAREPOINT_PICKER_GRAPH_SCOPE=Files.Read.All
|
|
#========================#
|
|
|
|
# SAML
|
|
# Note: If OpenID is enabled, SAML authentication will be automatically disabled.
|
|
SAML_ENTRY_POINT=
|
|
SAML_ISSUER=
|
|
SAML_CERT=
|
|
SAML_CALLBACK_URL=/oauth/saml/callback
|
|
SAML_SESSION_SECRET=
|
|
|
|
# Attribute mappings (optional)
|
|
SAML_EMAIL_CLAIM=
|
|
SAML_USERNAME_CLAIM=
|
|
SAML_GIVEN_NAME_CLAIM=
|
|
SAML_FAMILY_NAME_CLAIM=
|
|
SAML_PICTURE_CLAIM=
|
|
SAML_NAME_CLAIM=
|
|
|
|
# Logint buttion settings (optional)
|
|
SAML_BUTTON_LABEL=
|
|
SAML_IMAGE_URL=
|
|
|
|
# Whether the SAML Response should be signed.
|
|
# - If "true", the entire `SAML Response` will be signed.
|
|
# - If "false" or unset, only the `SAML Assertion` will be signed (default behavior).
|
|
# SAML_USE_AUTHN_RESPONSE_SIGNED=
|
|
|
|
|
|
#===============================================#
|
|
# Microsoft Graph API / Entra ID Integration #
|
|
#===============================================#
|
|
|
|
# Enable Entra ID people search integration in permissions/sharing system
|
|
# When enabled, the people picker will search both local database and Entra ID
|
|
USE_ENTRA_ID_FOR_PEOPLE_SEARCH=false
|
|
|
|
# When enabled, entra id groups owners will be considered as members of the group
|
|
ENTRA_ID_INCLUDE_OWNERS_AS_MEMBERS=false
|
|
|
|
# Microsoft Graph API scopes needed for people/group search
|
|
# Default scopes provide access to user profiles and group memberships
|
|
OPENID_GRAPH_SCOPES=User.Read,People.Read,GroupMember.Read.All
|
|
|
|
# LDAP
|
|
LDAP_URL=
|
|
LDAP_BIND_DN=
|
|
LDAP_BIND_CREDENTIALS=
|
|
LDAP_USER_SEARCH_BASE=
|
|
#LDAP_SEARCH_FILTER="mail="
|
|
LDAP_CA_CERT_PATH=
|
|
# LDAP_TLS_REJECT_UNAUTHORIZED=
|
|
# LDAP_STARTTLS=
|
|
# LDAP_LOGIN_USES_USERNAME=true
|
|
# LDAP_ID=
|
|
# LDAP_USERNAME=
|
|
# LDAP_EMAIL=
|
|
# LDAP_FULL_NAME=
|
|
|
|
#========================#
|
|
# Email Password Reset #
|
|
#========================#
|
|
|
|
EMAIL_SERVICE=
|
|
EMAIL_HOST=
|
|
EMAIL_PORT=25
|
|
EMAIL_ENCRYPTION=
|
|
EMAIL_ENCRYPTION_HOSTNAME=
|
|
EMAIL_ALLOW_SELFSIGNED=
|
|
EMAIL_USERNAME=
|
|
EMAIL_PASSWORD=
|
|
EMAIL_FROM_NAME=
|
|
EMAIL_FROM=noreply@librechat.ai
|
|
|
|
#========================#
|
|
# Mailgun API #
|
|
#========================#
|
|
|
|
# MAILGUN_API_KEY=your-mailgun-api-key
|
|
# MAILGUN_DOMAIN=mg.yourdomain.com
|
|
# EMAIL_FROM=noreply@yourdomain.com
|
|
# EMAIL_FROM_NAME="LibreChat"
|
|
|
|
# # Optional: For EU region
|
|
# MAILGUN_HOST=https://api.eu.mailgun.net
|
|
|
|
#========================#
|
|
# Firebase CDN #
|
|
#========================#
|
|
|
|
FIREBASE_API_KEY=
|
|
FIREBASE_AUTH_DOMAIN=
|
|
FIREBASE_PROJECT_ID=
|
|
FIREBASE_STORAGE_BUCKET=
|
|
FIREBASE_MESSAGING_SENDER_ID=
|
|
FIREBASE_APP_ID=
|
|
|
|
#========================#
|
|
# S3 AWS Bucket #
|
|
#========================#
|
|
|
|
AWS_ENDPOINT_URL=
|
|
AWS_ACCESS_KEY_ID=
|
|
AWS_SECRET_ACCESS_KEY=
|
|
AWS_REGION=
|
|
AWS_BUCKET_NAME=
|
|
# Required for path-style S3-compatible providers (MinIO, Hetzner, Backblaze B2, etc.)
|
|
# that don't support virtual-hosted-style URLs (bucket.endpoint). Not needed for AWS S3.
|
|
# AWS_FORCE_PATH_STYLE=false
|
|
|
|
#========================#
|
|
# Azure Blob Storage #
|
|
#========================#
|
|
|
|
AZURE_STORAGE_CONNECTION_STRING=
|
|
AZURE_STORAGE_PUBLIC_ACCESS=false
|
|
AZURE_CONTAINER_NAME=files
|
|
|
|
#========================#
|
|
# Shared Links #
|
|
#========================#
|
|
|
|
ALLOW_SHARED_LINKS=true
|
|
ALLOW_SHARED_LINKS_PUBLIC=true
|
|
|
|
#==============================#
|
|
# Static File Cache Control #
|
|
#==============================#
|
|
|
|
# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
|
|
# NODE_ENV must be set to production for these to take effect
|
|
# STATIC_CACHE_MAX_AGE=172800
|
|
# STATIC_CACHE_S_MAX_AGE=86400
|
|
|
|
# If you have another service in front of your LibreChat doing compression, disable express based compression here
|
|
# DISABLE_COMPRESSION=true
|
|
|
|
# If you have gzipped version of uploaded image images in the same folder, this will enable gzip scan and serving of these images
|
|
# Note: The images folder will be scanned on startup and a ma kept in memory. Be careful for large number of images.
|
|
# ENABLE_IMAGE_OUTPUT_GZIP_SCAN=true
|
|
|
|
#===================================================#
|
|
# UI #
|
|
#===================================================#
|
|
|
|
APP_TITLE=LibreChat
|
|
# CUSTOM_FOOTER="My custom footer"
|
|
HELP_AND_FAQ_URL=https://librechat.ai
|
|
|
|
# SHOW_BIRTHDAY_ICON=true
|
|
|
|
# Google tag manager id
|
|
#ANALYTICS_GTM_ID=user provided google tag manager id
|
|
|
|
# limit conversation file imports to a certain number of bytes in size to avoid the container
|
|
# maxing out memory limitations by unremarking this line and supplying a file size in bytes
|
|
# such as the below example of 250 mib
|
|
# CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES=262144000
|
|
|
|
|
|
#===============#
|
|
# REDIS Options #
|
|
#===============#
|
|
|
|
# Enable Redis for caching and session storage
|
|
# USE_REDIS=true
|
|
# Enable Redis for resumable LLM streams (defaults to USE_REDIS value if not set)
|
|
# Set to false to use in-memory storage for streams while keeping Redis for other caches
|
|
# USE_REDIS_STREAMS=true
|
|
|
|
# Single Redis instance
|
|
# REDIS_URI=redis://127.0.0.1:6379
|
|
|
|
# Redis cluster (multiple nodes)
|
|
# REDIS_URI=redis://127.0.0.1:7001,redis://127.0.0.1:7002,redis://127.0.0.1:7003
|
|
|
|
# Redis with TLS/SSL encryption and CA certificate
|
|
# REDIS_URI=rediss://127.0.0.1:6380
|
|
# REDIS_CA=/path/to/ca-cert.pem
|
|
|
|
# Elasticache may need to use an alternate dnsLookup for TLS connections. see "Special Note: Aws Elasticache Clusters with TLS" on this webpage: https://www.npmjs.com/package/ioredis
|
|
# Enable alternative dnsLookup for redis
|
|
# REDIS_USE_ALTERNATIVE_DNS_LOOKUP=true
|
|
|
|
# Redis authentication (if required)
|
|
# REDIS_USERNAME=your_redis_username
|
|
# REDIS_PASSWORD=your_redis_password
|
|
|
|
# Redis key prefix configuration
|
|
# Use environment variable name for dynamic prefix (recommended for cloud deployments)
|
|
# REDIS_KEY_PREFIX_VAR=K_REVISION
|
|
# Or use static prefix directly
|
|
# REDIS_KEY_PREFIX=librechat
|
|
|
|
# Redis connection limits
|
|
# REDIS_MAX_LISTENERS=40
|
|
|
|
# Redis ping interval in seconds (0 = disabled, >0 = enabled)
|
|
# When set to a positive integer, Redis clients will ping the server at this interval to keep connections alive
|
|
# When unset or 0, no pinging is performed (recommended for most use cases)
|
|
# REDIS_PING_INTERVAL=300
|
|
|
|
# Force specific cache namespaces to use in-memory storage even when Redis is enabled
|
|
# Comma-separated list of CacheKeys
|
|
# Defaults to CONFIG_STORE,APP_CONFIG so YAML-derived config stays per-container (safe for blue/green deployments)
|
|
# Set to empty string to force all namespaces through Redis: FORCED_IN_MEMORY_CACHE_NAMESPACES=
|
|
# FORCED_IN_MEMORY_CACHE_NAMESPACES=CONFIG_STORE,APP_CONFIG
|
|
|
|
# Leader Election Configuration (for multi-instance deployments with Redis)
|
|
# Duration in seconds that the leader lease is valid before it expires (default: 25)
|
|
# LEADER_LEASE_DURATION=25
|
|
# Interval in seconds at which the leader renews its lease (default: 10)
|
|
# LEADER_RENEW_INTERVAL=10
|
|
# Maximum number of retry attempts when renewing the lease fails (default: 3)
|
|
# LEADER_RENEW_ATTEMPTS=3
|
|
# Delay in seconds between retry attempts when renewing the lease (default: 0.5)
|
|
# LEADER_RENEW_RETRY_DELAY=0.5
|
|
|
|
#==================================================#
|
|
# Others #
|
|
#==================================================#
|
|
# You should leave the following commented out #
|
|
|
|
# NODE_ENV=
|
|
|
|
# E2E_USER_EMAIL=
|
|
# E2E_USER_PASSWORD=
|
|
|
|
#=====================================================#
|
|
# Cache Headers #
|
|
#=====================================================#
|
|
# Headers that control caching of the index.html #
|
|
# Default configuration prevents caching to ensure #
|
|
# users always get the latest version. Customize #
|
|
# only if you understand caching implications. #
|
|
|
|
# INDEX_CACHE_CONTROL=no-cache, no-store, must-revalidate
|
|
# INDEX_PRAGMA=no-cache
|
|
# INDEX_EXPIRES=0
|
|
|
|
# no-cache: Forces validation with server before using cached version
|
|
# no-store: Prevents storing the response entirely
|
|
# must-revalidate: Prevents using stale content when offline
|
|
|
|
#=====================================================#
|
|
# OpenWeather #
|
|
#=====================================================#
|
|
OPENWEATHER_API_KEY=
|
|
|
|
#====================================#
|
|
# LibreChat Code Interpreter API #
|
|
#====================================#
|
|
|
|
# https://code.librechat.ai
|
|
# LIBRECHAT_CODE_API_KEY=your-key
|
|
|
|
#======================#
|
|
# Web Search #
|
|
#======================#
|
|
|
|
# Note: All of the following variable names can be customized.
|
|
# Omit values to allow user to provide them.
|
|
|
|
# For more information on configuration values, see:
|
|
# https://librechat.ai/docs/features/web_search
|
|
|
|
# Search Provider (Required)
|
|
# SERPER_API_KEY=your_serper_api_key
|
|
|
|
# Scraper (Required)
|
|
# FIRECRAWL_API_KEY=your_firecrawl_api_key
|
|
# Optional: Custom Firecrawl API URL
|
|
# FIRECRAWL_API_URL=your_firecrawl_api_url
|
|
|
|
# Reranker (Required)
|
|
# JINA_API_KEY=your_jina_api_key
|
|
# or
|
|
# COHERE_API_KEY=your_cohere_api_key
|
|
|
|
#======================#
|
|
# MCP Configuration #
|
|
#======================#
|
|
|
|
# Treat 401/403 responses as OAuth requirement when no oauth metadata found
|
|
# MCP_OAUTH_ON_AUTH_ERROR=true
|
|
|
|
# Timeout for OAuth detection requests in milliseconds
|
|
# MCP_OAUTH_DETECTION_TIMEOUT=5000
|
|
|
|
# Cache connection status checks for this many milliseconds to avoid expensive verification
|
|
# MCP_CONNECTION_CHECK_TTL=60000
|
|
|
|
# Skip code challenge method validation (e.g., for AWS Cognito that supports S256 but doesn't advertise it)
|
|
# When set to true, forces S256 code challenge even if not advertised in .well-known/openid-configuration
|
|
# MCP_SKIP_CODE_CHALLENGE_CHECK=false
|