Configuration

Gatewyse is configured through environment variables. Copy .env.example to .env and customize the values for your deployment.

cp .env.example .env

All environment variables are validated at startup using Zod schemas. The server will exit with a descriptive error if any required variable is missing or invalid.

Core Settings

Variable	Default	Description
`NODE_ENV`	`development`	Environment: `development`, `production`, or `test`
`PORT`	`3000`	HTTP server port
`HOST`	`0.0.0.0`	Bind address
`LOG_LEVEL`	`info`	Log verbosity: `error`, `warn`, `info`, `http`, `verbose`, `debug`, `silly`

Database

Variable	Default	Description
`MONGODB_URI`	`mongodb://localhost:27017/ai-gateway?replicaSet=rs0`	MongoDB connection string (replica set required)
`MONGODB_DB_NAME`	`ai-gateway`	Database name
`REDIS_HOST`	`localhost`	Redis hostname
`REDIS_PORT`	`6379`	Redis port
`REDIS_PASSWORD`	(empty)	Redis password (required in production)
`REDIS_DB`	`0`	Redis database number

Authentication

Variable	Default	Description
`JWT_SECRET`	(required)	JWT signing key, minimum 16 characters
`JWT_REFRESH_SECRET`	(required)	Refresh token signing key, minimum 16 characters
`JWT_ACCESS_EXPIRY`	`15m`	Access token lifetime
`JWT_REFRESH_EXPIRY`	`7d`	Refresh token lifetime
`ENCRYPTION_KEY`	(required)	AES-256-GCM key as 64-character hex string for API key encryption

Super Admin Seed

These are used by pnpm seed to create the initial admin account:

Variable	Default	Description
`SUPER_ADMIN_EMAIL`	`admin@ai-gateway.local`	Initial admin email
`SUPER_ADMIN_PASSWORD`	(required)	Must be 12+ chars with uppercase, lowercase, digit, and special character

Semantic Cache

Variable	Default	Description
`CACHE_EMBEDDING_MODEL`	`nomic-embed-text`	Model used for cache similarity matching
`CACHE_SIMILARITY_THRESHOLD`	`0.96`	Minimum cosine similarity for a cache hit (0.0-1.0)
`CACHE_DEFAULT_TTL_SECONDS`	`86400`	Cache entry time-to-live in seconds

Rate Limiting

Variable	Default	Description
`RATE_LIMIT_WINDOW_MS`	`60000`	Rate limit window in milliseconds
`RATE_LIMIT_MAX_PER_WINDOW`	`60`	Maximum requests per window

CORS and Networking

Variable	Default	Description
`CORS_ORIGINS`	(empty)	Comma-separated list of allowed CORS origins
`SOCKET_CORS_ORIGIN`	`http://localhost:3001`	Socket.io CORS origin
`ADMIN_URL`	`http://localhost:3001`	Admin dashboard URL
`SSO_CALLBACK_BASE_URL`	(optional)	Base URL for SSO callbacks

Background Workers

Variable	Default	Description
`BULLMQ_PREFIX`	`aigw`	BullMQ queue key prefix in Redis

S3 Backup (Optional)

Variable	Default	Description
`S3_BUCKET`	(optional)	S3 bucket name for audit log backups
`S3_REGION`	`us-east-1`	AWS region
`S3_ACCESS_KEY_ID`	(optional)	AWS access key
`S3_SECRET_ACCESS_KEY`	(optional)	AWS secret key
`S3_PREFIX`	`backups`	Key prefix within the bucket

SIEM Export (Optional)

Variable	Default	Description
`SIEM_TYPE`	(optional)	Export type: `splunk`, `elk`, or `webhook`
`SIEM_URL`	(optional)	SIEM endpoint URL
`SIEM_TOKEN`	(optional)	Authentication token for SIEM
`SIEM_BATCH_SIZE`	`100`	Number of events per batch export

Provider API Keys

Provider API keys are typically configured through the admin dashboard, where they are encrypted at rest. However, you can also set them as environment variables:

OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
GOOGLE_AI_API_KEY=...
AZURE_OPENAI_API_KEY=...
AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com
GROQ_API_KEY=gsk_...

Production Checklist

In production mode (NODE_ENV=production), the server enforces additional security checks:

JWT_SECRET and JWT_REFRESH_SECRET must not contain placeholder values
ENCRYPTION_KEY must not be a sequential pattern
REDIS_PASSWORD must be set
SUPER_ADMIN_PASSWORD must meet complexity requirements