chat-ui/.env

# Use .env.local to change these variables
# DO NOT EDIT THIS FILE WITH SENSITIVE DATA

MONGODB_URL=#your mongodb URL here
MONGODB_DB_NAME=chat-ui
MONGODB_DIRECT_CONNECTION=false

COOKIE_NAME=hf-chat
COOKIE_SAMESITE=
COOKIE_SECURE=
TRUSTED_EMAIL_HEADER= # only set this if you understand the implications

HF_TOKEN=#hf_<token> from https://huggingface.co/settings/token
HF_API_ROOT=https://api-inference.huggingface.co/models

OPENAI_API_KEY=#your openai api key here
ANTHROPIC_API_KEY=#your anthropic api key here
CLOUDFLARE_ACCOUNT_ID=#your cloudflare account id here
CLOUDFLARE_API_TOKEN=#your cloudflare api token here
COHERE_API_TOKEN=#your cohere api token here
GOOGLE_GENAI_API_KEY=#your google genai api token here

HF_ACCESS_TOKEN=#LEGACY! Use HF_TOKEN instead

# used to activate search with web functionality. disabled if none are defined. choose one of the following:
YDC_API_KEY=#your docs.you.com api key here
SERPER_API_KEY=#your serper.dev api key here
SERPAPI_KEY=#your serpapi key here
SERPSTACK_API_KEY=#your serpstack api key here
SEARCHAPI_KEY=#your searchapi api key here
USE_LOCAL_WEBSEARCH=#set to true to parse google results yourself, overrides other API keys
SEARXNG_QUERY_URL=# where '<query>' will be replaced with query keywords see https://docs.searxng.org/dev/search_api.html eg https://searxng.yourdomain.com/search?q=<query>&engines=duckduckgo,google&format=json
BING_SUBSCRIPTION_KEY=#your key
PLAYWRIGHT_ADBLOCKER=true

WEBSEARCH_ALLOWLIST=`[]` # if it's defined, allow websites from only this list.
WEBSEARCH_BLOCKLIST=`[]` # if it's defined, block websites from this list.
WEBSEARCH_JAVASCRIPT=true # CPU usage reduces by 60% on average by disabling javascript. Enable to improve website compatibility
WEBSEARCH_TIMEOUT = 3500 # in milliseconds, determines how long to wait to load a page before timing out

# Parameters to enable open id login
OPENID_CONFIG=`{
  "PROVIDER_URL": "",
  "CLIENT_ID": "",
  "CLIENT_SECRET": "",
  "SCOPES": "",
  "NAME_CLAIM": ""
}`

# /!\ legacy openid settings, prefer the config above
OPENID_CLIENT_ID=
OPENID_CLIENT_SECRET=
OPENID_SCOPES="openid profile" # Add "email" for some providers like Google that do not provide preferred_username
OPENID_NAME_CLAIM="name" # Change to "username" for some providers that do not provide name
OPENID_PROVIDER_URL=https://huggingface.co # for Google, use https://accounts.google.com
OPENID_TOLERANCE=
OPENID_RESOURCE=

# Parameters to enable a global mTLS context for client fetch requests
USE_CLIENT_CERTIFICATE=false
CERT_PATH=#
KEY_PATH=#
CA_PATH=#
CLIENT_KEY_PASSWORD=#
REJECT_UNAUTHORIZED=true

TEXT_EMBEDDING_MODELS = `[
  {
    "name": "Xenova/gte-small",
    "displayName": "Xenova/gte-small",
    "description": "Local embedding model running on the server.",
    "chunkCharLength": 512,
    "endpoints": [
      { "type": "transformersjs" }
    ]
  }
]`

# 'name', 'userMessageToken', 'assistantMessageToken' are required
MODELS=`[
    {
      "name": "HuggingFaceTB/SmolLM2-1.7B-Instruct",
      "description": "SmolLM2-1.7B is the latest lightweight model from the Hugging Face TB Research team.",
      "promptExamples": [
        {
          "title": "Write an email from bullet list",
          "prompt": "As a restaurant owner, write a professional email to the supplier to get these products every week: \n\n- Wine (x10)\n- Eggs (x24)\n- Bread (x12)"
        }, {
          "title": "Code a snake game",
          "prompt": "Code a basic snake game in python, give explanations for each step."
        }, {
          "title": "Assist in a task",
          "prompt": "How do I make a delicious lemon cheesecake?"
        }
      ]
    }
]`

OLD_MODELS=`[]`# any removed models, `{ name: string, displayName?: string, id?: string }`
TASK_MODEL= # name of the model used for tasks such as summarizing title, creating query, etc.

PUBLIC_ORIGIN=#https://huggingface.co
PUBLIC_SHARE_PREFIX=#https://hf.co/chat
PUBLIC_GOOGLE_ANALYTICS_ID=#G-XXXXXXXX / Leave empty to disable
PUBLIC_PLAUSIBLE_SCRIPT_URL=#/js/script.js / Leave empty to disable
PUBLIC_ANNOUNCEMENT_BANNERS=`[
    {
    "title": "chat-ui is now open source!",
    "linkTitle": "check it out",
    "linkHref": "https://github.com/huggingface/chat-ui"
  }
]`

PUBLIC_APPLE_APP_ID=#1234567890 / Leave empty to disable

PARQUET_EXPORT_DATASET=
PARQUET_EXPORT_HF_TOKEN=
ADMIN_API_SECRET=# secret to admin API calls, like computing usage stats or exporting parquet data

PARQUET_EXPORT_SECRET=#DEPRECATED, use ADMIN_API_SECRET instead

RATE_LIMIT= # /!\ Legacy definition of messages per minute. Use USAGE_LIMITS.messagesPerMinute instead
MESSAGES_BEFORE_LOGIN=# how many messages a user can send in a conversation before having to login. set to 0 to force login right away
PUBLIC_APP_GUEST_MESSAGE=# a message to the guest user. If not set, a default message will be used

APP_BASE="" # base path of the app, e.g. /chat, left blank as default
PUBLIC_APP_NAME=ChatUI # name used as title throughout the app
PUBLIC_APP_ASSETS=chatui # used to find logos & favicons in static/$PUBLIC_APP_ASSETS
PUBLIC_APP_COLOR=blue # can be any of tailwind colors: https://tailwindcss.com/docs/customizing-colors#default-color-palette
PUBLIC_APP_DESCRIPTION=# description used throughout the app (if not set, a default one will be used)
PUBLIC_APP_DATA_SHARING=#set to 1 to enable options & text regarding data sharing
PUBLIC_APP_DISCLAIMER=#set to 1 to show a disclaimer on login page
PUBLIC_APP_DISCLAIMER_MESSAGE="Disclaimer: AI is an area of active research with known problems such as biased generation and misinformation. Do not use this application for high-stakes decisions or advice. Do not insert your personal data, especially sensitive, like health data."
LLM_SUMMARIZATION=true

EXPOSE_API=true
USE_HF_TOKEN_IN_API=false


ENABLE_ASSISTANTS=false #set to true to enable assistants feature
ENABLE_ASSISTANTS_RAG=false # /!\ This will let users specify arbitrary URLs that the server will then request. Make sure you have the proper firewall rules in place. 
REQUIRE_FEATURED_ASSISTANTS=false
ENABLE_LOCAL_FETCH=false #set to true to disable the blocklist for local fetches. Only enable this if you have the proper firewall rules to prevent SSRF attacks and understand the implications.
ALTERNATIVE_REDIRECT_URLS=`[]` #valide alternative redirect URL for OAuth
WEBHOOK_URL_REPORT_ASSISTANT=#provide webhook url to get notified when an assistant gets reported

ALLOWED_USER_EMAILS=`[]` # if it's defined, only these emails will be allowed to use the app

USAGE_LIMITS=`{}`

ALLOW_IFRAME=true
ALLOW_INSECURE_COOKIES=false # recommended to keep this to false but set to true if you need to run over http without tls
METRICS_ENABLED=false
METRICS_PORT=5565
LOG_LEVEL=info


TOOLS=`[]` 
BODY_SIZE_LIMIT=15728640

HF_ORG_ADMIN=
HF_ORG_EARLY_ACCESS=

PUBLIC_SMOOTH_UPDATES=false
COMMUNITY_TOOLS=false

PUBLIC_COMMIT_SHA=

PROMPT_EXAMPLES=`[]`