Skip to main content

Environment Variables

ThinkEx is configured through environment variables in the .env file. Copy from .env.example and customize for your setup.

Application Settings

Core Application

NEXT_PUBLIC_APP_URL
string
default:"http://localhost:3000"
The public URL where your ThinkEx instance is accessible. Used for OAuth redirects and absolute URLs.Production example: https://thinkex.yourdomain.com
NODE_ENV
string
default:"development"
Node.js environment mode.Options: development, production, test

Authentication

Better Auth Configuration

ThinkEx uses Better Auth for authentication.
BETTER_AUTH_SECRET
string
required
Secret key for encrypting session tokens and cookies. Must be kept secure.Generate with:
openssl rand -base64 32
Never commit this value to version control. The setup script generates this automatically.
BETTER_AUTH_URL
string
default:"http://localhost:3000"
Base URL for Better Auth callbacks. Should match NEXT_PUBLIC_APP_URL.

Google OAuth (Optional)

Enable Google OAuth login by configuring these variables.
GOOGLE_CLIENT_ID
string
OAuth 2.0 Client ID from Google Cloud Console.Setup:
  1. Create OAuth 2.0 credentials in Google Cloud Console
  2. Add authorized redirect URI: {NEXT_PUBLIC_APP_URL}/api/auth/callback/google
  3. Copy the Client ID
GOOGLE_CLIENT_SECRET
string
OAuth 2.0 Client Secret from Google Cloud Console.
Keep this secret secure. Never expose in client-side code.

Database Configuration

PostgreSQL Connection

DATABASE_URL
string
required
PostgreSQL connection string in the format:
postgresql://[user]:[password]@[host]:[port]/[database]
Examples:
DATABASE_URL=postgresql://thinkex:thinkex_password_change_me@localhost:5432/thinkex
The setup script automatically configures this based on your PostgreSQL choice (Docker or local).

PostgreSQL Docker Configuration

These variables are used by docker-compose.yml when running PostgreSQL in Docker.
POSTGRES_USER
string
default:"thinkex"
PostgreSQL username for the Docker container.
POSTGRES_PASSWORD
string
default:"thinkex_password_change_me"
PostgreSQL password for the Docker container.
Change this in production! Default value is insecure.
POSTGRES_DB
string
default:"thinkex"
Database name to create in the PostgreSQL container.
POSTGRES_PORT
string
default:"5432"
Port to expose PostgreSQL on the host machine.Note: Change if port 5432 is already in use.

AI Configuration

Google AI (Required)

GOOGLE_GENERATIVE_AI_API_KEY
string
required
API key for Google’s Generative AI models (Gemini).Get your key: Google AI StudioUsage: Powers AI conversations and content analysis in ThinkEx.
This is required for ThinkEx to function. The application will not work without a valid Google AI API key.

Assistant UI (Required)

NEXT_PUBLIC_ASSISTANT_BASE_URL
string
required
Base URL for the Assistant UI service from Assistant Cloud.Example: https://api.assistant-ui.com
ASSISTANT_API_KEY
string
required
API key for Assistant UI authentication.Get credentials: Assistant Cloud

Storage Configuration

Storage Type Selection

STORAGE_TYPE
string
default:"local"
Choose the file storage backend for uploads (PDFs, images, etc.).Options:
  • local: Store files in ./uploads/ directory (recommended for self-hosting)
  • supabase: Store files in Supabase cloud storage
The setup script automatically sets this to local for local development.
See the Storage guide for detailed configuration.

Supabase Storage (Optional)

Required only if STORAGE_TYPE=supabase.
NEXT_PUBLIC_SUPABASE_URL
string
Your Supabase project URL.Format: https://your-project.supabase.coFind it: Supabase Dashboard → Project Settings → API
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY
string
Supabase anonymous/publishable API key for client-side requests.Find it: Supabase Dashboard → Project Settings → API → anon public key
SUPABASE_SERVICE_ROLE_KEY
string
Supabase service role key for server-side operations.Find it: Supabase Dashboard → Project Settings → API → service_role secret key
Highly sensitive: This key has full database access. Never expose in client code.

Optional Features

Web Scraping

FIRECRAWL_API_KEY
string
API key for Firecrawl web scraping service.Get your key: firecrawl.devUsage: Enhanced web content extraction for adding web pages to workspaces.
SCRAPING_MODE
string
default:"hybrid"
Strategy for web content scraping.Options:
  • hybrid (default): Try Google Context → Fallback to Firecrawl (if key exists) → Fallback to Direct
  • firecrawl-only: Force Firecrawl for all scraping
  • google-only: Force Google Context only
  • direct-only: Force direct fetch only
hybrid mode provides the best reliability by falling back through multiple methods.

Azure Document AI (OCR)

Optional OCR service for PDF processing using Mistral Document AI.
AZURE_DOCUMENT_AI_API_KEY
string
API key from your Azure Mistral OCR deployment.Usage: PDF upload OCR and scripts/ocr-pdf-from-url.sh
AZURE_DOCUMENT_AI_ENDPOINT
string
Endpoint URL for your Azure Document AI deployment.Required if AZURE_DOCUMENT_AI_API_KEY is set.
AZURE_DOCUMENT_AI_MODEL
string
default:"mistral-document-ai-2512"
Model identifier for Azure Document AI.
OCR_INCLUDE_IMAGES
boolean
default:"true"
Whether to extract images during OCR processing.Options:
  • true: Extract images (larger OCR results, enables pdfImageRefs)
  • false: Skip images (smaller OCR results)

Configuration Examples

Minimal Local Setup

.env
# Application
NEXT_PUBLIC_APP_URL=http://localhost:3000

# Auth (generated by setup.sh)
BETTER_AUTH_SECRET=abc123...generated...xyz789
BETTER_AUTH_URL=http://localhost:3000

# Database (Docker default)
DATABASE_URL=postgresql://thinkex:thinkex_password_change_me@localhost:5432/thinkex

# Storage (local)
STORAGE_TYPE=local

# AI (required)
GOOGLE_GENERATIVE_AI_API_KEY=AIza...your-key...
NEXT_PUBLIC_ASSISTANT_BASE_URL=https://api.assistant-ui.com
ASSISTANT_API_KEY=your-assistant-key

Full Production Setup

.env
# Application
NEXT_PUBLIC_APP_URL=https://thinkex.yourdomain.com

# Auth
BETTER_AUTH_SECRET=secure-generated-secret-32-chars
BETTER_AUTH_URL=https://thinkex.yourdomain.com

# OAuth
GOOGLE_CLIENT_ID=123456789-abc.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-your-secret

# Database
DATABASE_URL=postgresql://thinkex:[email protected]:5432/thinkex

# Storage (Supabase)
STORAGE_TYPE=supabase
NEXT_PUBLIC_SUPABASE_URL=https://yourproject.supabase.co
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY=eyJ...anon-key...
SUPABASE_SERVICE_ROLE_KEY=eyJ...service-role-key...

# AI
GOOGLE_GENERATIVE_AI_API_KEY=AIza...your-key...
NEXT_PUBLIC_ASSISTANT_BASE_URL=https://api.assistant-ui.com
ASSISTANT_API_KEY=your-assistant-key

# Optional Features
FIRECRAWL_API_KEY=fc_...your-key...
SCRAPING_MODE=hybrid

Updating Configuration

After modifying .env:
  1. Development: Restart the dev server 
    # Stop with Ctrl+C, then:
pnpm dev
  2. Production: Rebuild and restart 
    pnpm build
# Then restart your process manager (PM2, systemd, etc.)
Security Best Practices:
  • Never commit .env to version control
  • Use strong, unique secrets for production
  • Rotate BETTER_AUTH_SECRET and database passwords periodically
  • Restrict database user permissions to minimum required
  • Use HTTPS in production (https:// URLs)

Next Steps

Storage Setup

Configure file storage options

Installation

Back to installation guide

Build docs developers (and LLMs) love

Get started for freeTalk to us