Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/elecodes/TenderCheck-AI/llms.txt

Use this file to discover all available pages before exploring further.

TenderCheck AI uses two sets of environment variables: one for the backend Node.js server and one for the frontend Vite application. Backend variables are loaded at runtime via dotenv. Frontend variables are injected at build time by Vite and must be prefixed with VITE_ to be accessible in the browser bundle.

Backend Environment Variables

These variables are read by the Express server at startup. Copy backend/.env.example to backend/.env and fill in the values before running the server locally.
VariableRequiredDescriptionExample
PORTOptionalPort the Express server listens on. Defaults to 3001 in the source (DEFAULT_PORT constant).3001
NODE_ENVRequiredRuntime environment. Controls cookie security settings and CORS strictness. Must be production for deployed services.production
GOOGLE_GENAI_API_KEYRequiredGemini API key from Google AI Studio. Used by the AI analysis pipeline.AIzaSy...
GOOGLE_API_KEYRequiredSame Gemini key, exposed under the standard Google AI variable name. Required by Genkit 1.28.0 and later.AIzaSy...
TURSO_AUTH_TOKENRequiredAuth token for your Turso database. Generate with turso db tokens create <db-name>.eyJ...
TURSO_DB_URLRequiredTurso connection URL. Use libsql:// locally. On Vercel, this must be https:// (see Security Notes).libsql://your-db.turso.io
JWT_SECRETRequiredSecret used to sign and verify JSON Web Tokens. Must be at least 32 random characters in production.openssl rand -base64 32 output
ALLOWED_ORIGINSRequiredComma-separated list of frontend origins permitted by CORS. Must exactly match the frontend URL, including protocol.https://tendercheckai.elecodes.online,http://localhost:3000
LANGCHAIN_TRACING_V2OptionalSet to true to enable LangSmith distributed tracing.true
LANGCHAIN_ENDPOINTOptionalLangSmith API endpoint.https://api.smith.langchain.com
LANGCHAIN_API_KEYOptionalYour LangSmith API key, found in the LangSmith dashboard.ls__...
LANGCHAIN_PROJECTOptionalProject name under which traces are grouped in LangSmith.TenderCheckAI

Frontend Environment Variables

These variables are embedded into the React bundle at build time by Vite. Set them in frontend/.env for local development, or as build-time environment variables in your hosting platform.
VariableRequiredDescriptionExample
VITE_API_BASE_URLRequiredFull URL of the backend API, without a trailing slash.https://tendercheck-backend.onrender.com
VITE_GOOGLE_CLIENT_IDOptionalOAuth 2.0 Client ID from Google Cloud Console. Enables the Google Sign-In button when provided.123456789.apps.googleusercontent.com
VITE_ENABLE_GOOGLE_AUTHOptionalSet to true to render the Google login button in the UI. Requires VITE_GOOGLE_CLIENT_ID to be set.true
VITE_LANGCHAIN_TRACING_V2OptionalSet to true to enable LangSmith tracing from the frontend.true
VITE_LANGCHAIN_ENDPOINTOptionalLangSmith API endpoint for frontend traces.https://api.smith.langchain.com
VITE_LANGCHAIN_API_KEYOptionalLangSmith API key for frontend traces.ls__...
VITE_LANGCHAIN_PROJECTOptionalLangSmith project name for frontend traces.TenderCheckAI
frontend/.env.example also includes GOOGLE_GENAI_API_KEY, GOOGLE_API_KEY, TURSO_DB_URL, and TURSO_AUTH_TOKEN as optional local development overrides. These keys belong in the backend in production. Do not set them as Vite build variables in any deployed environment, as they would be exposed in the browser bundle.

Security Notes

Never commit .env files to Git. Both backend/.env and frontend/.env are listed in .gitignore. Committing secrets exposes your database, AI quota, and user authentication to anyone with repository access.
  • JWT_SECRET must be at least 32 randomly-generated characters in any production or staging environment. A short or guessable secret allows token forgery and full account compromise.
  • TURSO_DB_URL on Vercel must use the https:// protocol, not libsql://. The libsql:// WebSocket protocol is blocked in Vercel’s serverless runtime. This requirement was enforced in ADR 029.
  • ALLOWED_ORIGINS must exactly match your frontend domain, including protocol (https://) and without a trailing slash. The server parses this variable as a comma-separated list and rejects any origin not present in that list when NODE_ENV=production.

Local Development

Create your local environment files by copying the provided examples:
cp backend/.env.example backend/.env
cp frontend/.env.example frontend/.env
Then open each file and replace the placeholder values with your real credentials before starting the development servers.
Generate a strong, production-grade JWT_SECRET with a single command:
openssl rand -base64 32
Copy the output directly into your .env file or your hosting platform’s secret manager.

Build docs developers (and LLMs) love