Skip to main content

Overview

Shipr uses environment variables for configuration. Copy .env.example to .env and configure the values: 
cp .env.example .env

Required Variables

These variables are required for core functionality.

Site Configuration

NEXT_PUBLIC_SITE_URL
string
required
Your production URL used for metadata, sitemap, canonical URLs, and OG images.Example: https://shipr.dev

Clerk Authentication

NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
string
required
Clerk publishable key for client-side authentication.Example: pk_test_...Find this in your Clerk Dashboard under API Keys.
CLERK_SECRET_KEY
string
required
Clerk secret key for server-side authentication.Example: sk_test_...Important: Keep this secret and never expose it to the client.
CLERK_JWT_ISSUER_DOMAIN
string
required
Clerk JWT issuer domain for Convex authentication integration.Example: https://caring-bear-12.clerk.accounts.devThis must also be configured in the Convex Dashboard under Authentication settings.
NEXT_PUBLIC_CLERK_SIGN_IN_URL
string
default:"/sign-in"
Path to the sign-in page.
NEXT_PUBLIC_CLERK_SIGN_UP_URL
string
default:"/sign-up"
Path to the sign-up page.

Convex Database

NEXT_PUBLIC_CONVEX_URL
string
required
Convex deployment URL for your backend.Example: https://happy-cat-123.convex.cloudGet this from running npx convex dev or npx convex deploy.

Vercel AI Gateway

AI_GATEWAY_API_KEY
string
required
Vercel AI Gateway key for the dashboard chat feature.Example: vck_...Create this in your Vercel Dashboard under AI Gateway settings.

Email (Resend)

RESEND_API_KEY
string
required
Resend API key for sending transactional emails.Example: re_...Get this from resend.com/api-keys.
RESEND_FROM_EMAIL
string
default:"[email protected]"
Sender email address for transactional emails.Example: [email protected]Must be a verified domain in Resend. The default only works in sandbox mode.

AI Chat Configuration

These variables configure the AI chat assistant in /dashboard/chat.

Model Settings

AI_CHAT_MODEL
string
default:"openai/gpt-4.1-mini"
The AI model to use for chat responses.Example: openai/gpt-4.1-mini or anthropic/claude-3-5-sonnet-20241022
AI_CHAT_SYSTEM_PROMPT
string
System prompt that defines the AI assistant’s behavior and personality.
AI_CHAT_TOOLS
string
default:"getCurrentDateTime,calculate"
Comma-separated list of enabled tool names for the chat assistant.Available tools:
  • getCurrentDateTime - Get current date and time
  • calculate - Perform calculations
AI_CHAT_MAX_STEPS
number
default:"5"
Maximum number of model steps or tool calls per response.Prevents infinite loops and controls costs.

Rate Limiting

AI_CHAT_RATE_LIMIT_MAX_REQUESTS
number
default:"20"
Maximum number of chat requests allowed per rate limit window.
AI_CHAT_RATE_LIMIT_WINDOW_MS
number
default:"60000"
Rate limit window duration in milliseconds.Default: 60000 (1 minute)

Lifetime Message Limits

AI_CHAT_ENFORCE_LIFETIME_MESSAGE_LIMIT
boolean
default:"true"
Enable or disable lifetime per-user message caps.Set to false to allow unlimited messages per user.
AI_CHAT_LIFETIME_MESSAGE_LIMIT
number
default:"1"
Total message cap per user when enforcement is enabled.Useful for preventing abuse in boilerplate demos. Increase for production.

Chat History

AI_CHAT_HISTORY_ENABLED
boolean
default:"true"
Enable or disable Convex chat history persistence.Set to false to disable saving chat messages to the database.
AI_CHAT_HISTORY_MAX_MESSAGE_LENGTH
number
default:"8000"
Maximum character length per persisted chat message.Messages longer than this will be truncated before storage.
AI_CHAT_HISTORY_MAX_MESSAGES_PER_THREAD
number
default:"120"
Maximum number of persisted messages per chat thread.Older messages are removed when this limit is exceeded.
AI_CHAT_HISTORY_MAX_THREADS
number
default:"50"
Maximum number of chat threads per user.Oldest threads are removed when this limit is exceeded.
AI_CHAT_HISTORY_THREAD_TITLE_MAX_LENGTH
number
default:"80"
Maximum character length for auto-generated chat thread titles.
AI_CHAT_HISTORY_QUERY_LIMIT
number
default:"200"
Maximum number of persisted messages returned to the chat UI.Controls how much history is loaded in the chat interface.

File Upload Configuration

FILE_IMAGE_UPLOAD_RATE_LIMIT_MAX_UPLOADS
number
default:"10"
Maximum number of image uploads allowed per user in each rate limit window.Set to 0 to disable rate limiting.
FILE_IMAGE_UPLOAD_RATE_LIMIT_WINDOW_MS
number
default:"60000"
Image upload rate limit window duration in milliseconds.Default: 60000 (1 minute)Set to 0 to disable rate limiting.

Optional Services

These services enhance your application but are not required for core functionality.

PostHog Analytics

NEXT_PUBLIC_POSTHOG_KEY
string
PostHog project API key for analytics.Example: phc_...Get this from your PostHog project settings.
NEXT_PUBLIC_POSTHOG_HOST
string
PostHog ingest host URL.Example: https://us.i.posthog.comShipr uses a reverse proxy via Next.js rewrites to bypass ad blockers (configured in next.config.ts).

Sentry Error Tracking

SENTRY_AUTH_TOKEN
string
Sentry authentication token for uploading source maps during build.Example: sntrys_...Create this in your Sentry account settings.
NEXT_PUBLIC_SENTRY_DSN
string
Sentry DSN for error reporting to your Sentry project.Example: https://[email protected]/...Source maps are automatically uploaded during build via @sentry/nextjs. Error tracking helpers are available in src/lib/sentry.ts.

Environment-Specific Configuration

Development

For local development:
  • Use Clerk test keys (pk_test_..., sk_test_...)
  • Run npx convex dev to get a development Convex URL
  • Use Resend sandbox sender ([email protected])
  • Set NEXT_PUBLIC_SITE_URL to http://localhost:3000

Production

For production deployment:
  • Use Clerk production keys
  • Run npx convex deploy to get a production Convex URL
  • Use a verified domain for RESEND_FROM_EMAIL
  • Set NEXT_PUBLIC_SITE_URL to your actual domain
  • Review and adjust all rate limits and message caps
  • Configure optional services (PostHog, Sentry) for monitoring

Security Best Practices

  1. Never commit .env files - they contain secrets
  2. Use different keys for development and production
  3. Rotate API keys regularly
  4. Store secrets in Vercel environment variables, not in your repository
  5. Limit API key permissions to only what’s needed
  6. Monitor usage of paid services (AI Gateway, Resend) to prevent abuse

Build docs developers (and LLMs) love

Get started for freeTalk to us