Skip to main content

Environment Variables

This page documents all environment variables for each Cheeko service. Copy the relevant sections into .env files in each service directory.

manager-api-node

File: main/manager-api-node/.env

VariableRequiredDefaultDescription
PORTNo8002HTTP server port
NODE_ENVNodevelopmentRuntime environment (development / production)
CONTEXT_PATHNo/toyURL context path prefix
DATABASE_URLYesPostgreSQL connection pooler URL (pgbouncer/transaction mode, port 6543). Sensitive.
DIRECT_URLYesDirect PostgreSQL URL for Prisma migrations (port 5432). Sensitive.
SUPABASE_URLYesSupabase project URL — used for legacy admin dashboard token auth only.
SUPABASE_ANON_KEYYesSupabase anon/public key. Sensitive.
SUPABASE_SERVICE_ROLE_KEYYesSupabase service role key (bypasses RLS). Sensitive — keep server-side only.
SERVICE_SECRET_KEYYesShared secret for backend-to-backend calls (livekit-server → manager-api). Sensitive.
QDRANT_URLNoQdrant Cloud cluster URL (e.g., https://xxx.qdrant.io)
QDRANT_API_KEYNoQdrant API key. Sensitive.
QDRANT_COLLECTION_NAMENorfid_contentQdrant collection name for RFID RAG
MEM0_API_KEYNoMem0 memory/personalization API key. Sensitive.
CORS_ORIGINSNohttp://localhost:8080,http://localhost:3000Comma-separated list of allowed CORS origins
RATE_LIMIT_WINDOW_MSNo900000Rate limit window in milliseconds (15 minutes)
RATE_LIMIT_MAX_REQUESTSNo5000Max requests per window
LOG_LEVELNodebugWinston log level (error, warn, info, http, debug)
JWT_SECRETNoJWT secret if not using Supabase default. Sensitive.
JWT_EXPIRES_INNo7dJWT token expiry duration

The primary database is DigitalOcean Managed PostgreSQL, accessed via Prisma. Supabase credentials are used only for the admin dashboard custom token verification system and will be removed in a future cleanup.

mqtt-gateway

File: main/mqtt-gateway/.env

VariableRequiredDefaultDescription
LIVEKIT_URLYesLiveKit server WebSocket URL (e.g., wss://your-project.livekit.cloud)
LIVEKIT_API_KEYYesLiveKit API key. Sensitive.
LIVEKIT_API_SECRETYesLiveKit API secret. Sensitive.
MANAGER_API_URLYesURL of the manager-api-node service (e.g., http://localhost:8002/toy)
MANAGER_API_SECRETYesSecret header value sent with internal calls to manager-api. Sensitive.
CEREBRIUM_API_TOKENYesCerebrium platform token for music/story media API. Sensitive. Required at startup — process exits if missing.
MEDIA_API_BASENohttps://api.aws.us-east-1.cerebrium.ai/v4/p-89052e36/livekit-server-simpleMedia API base URL
UDP_PORTNo1883UDP server port for ESP32 device connections
PUBLIC_IPNo127.0.0.1Public IP address reported to connecting devices
EMQX_HOSTNoEMQX MQTT broker host (overrides config file value)
EMQX_PORTNoEMQX MQTT broker port
EMQX_PROTOCOLNoEMQX connection protocol (e.g., mqtt, mqtts)
LOKI_HOSTNoGrafana Loki host URL for centralized logging (e.g., https://logs-prod.grafana.net)
LOKI_USERNoLoki basic auth username. Sensitive.
LOKI_PASSWORDNoLoki basic auth password/token. Sensitive.
CAPTURE_CONSOLE_LOGSNoSet to true to forward console.log output to Loki
LOG_LEVELNoinfoWinston log level

MQTT broker connection details (host, port, credentials, topics) are also configurable via main/mqtt-gateway/config/mqtt.json which the ConfigManager watches for live-reload.

livekit-server

File: main/livekit-server/.env

LiveKit

VariableRequiredDefaultDescription
LIVEKIT_URLYesLiveKit server WebSocket URL (e.g., wss://your-project.livekit.cloud)
LIVEKIT_API_KEYYesLiveKit API key. Sensitive.
LIVEKIT_API_SECRETYesLiveKit API secret. Sensitive.

Manager API

VariableRequiredDefaultDescription
MANAGER_API_URLYeshttp://localhost:8002/toyManager API base URL
MANAGER_API_SECRETYesShared secret sent with internal calls to manager-api. Sensitive.

LLM

VariableRequiredDefaultDescription
LLM_PROVIDERNogroqLLM provider (groq, openai)
LLM_MODELNoopenai/gpt-oss-120bLLM model name
GROQ_API_KEYNoGroq API key for LLM and STT inference. Sensitive. Required if LLM_PROVIDER=groq.
GOOGLE_API_KEYNoGoogle AI API key for Gemini. Sensitive. Can also be set via config.yaml api_keys.google.
OPENAI_API_KEYNoOpenAI API key. Sensitive. Required if LLM_PROVIDER=openai.
FALLBACK_ENABLEDNofalseEnable LLM fallback model on failure
FALLBACK_LLM_MODELNollama-3.1-8b-instantFallback LLM model name

STT

VariableRequiredDefaultDescription
STT_PROVIDERNogroqSTT provider (groq, deepgram, funasr)
STT_MODELNowhisper-large-v3-turboSTT model name
STT_LANGUAGENoenSTT language code
DEEPGRAM_API_KEYNoDeepgram API key. Sensitive. Required if STT_PROVIDER=deepgram.
DEEPGRAM_MODELNonova-3Deepgram model to use when STT_PROVIDER=deepgram
FUNASR_HOSTNo127.0.0.1FunASR WebSocket STT server host
FUNASR_PORTNo10096FunASR WebSocket STT server port
FUNASR_USE_SSLNofalseEnable SSL for FunASR connection
FUNASR_MODENo2passFunASR recognition mode (offline, online, 2pass)
FUNASR_USE_ITNNotrueEnable Inverse Text Normalization in FunASR
FUNASR_HOTWORDSNo``Space-separated hotwords for FunASR

TTS

VariableRequiredDefaultDescription
TTS_PROVIDERNoedgeTTS provider (groq, elevenlabs, edge)
TTS_MODELNoplayai-ttsTTS model name (used when TTS_PROVIDER=groq)
TTS_VOICENoAaliyah-PlayAITTS voice (used when TTS_PROVIDER=groq)
TTS_FALLBACK_ENABLEDNofalseEnable TTS fallback provider on failure
ELEVENLABS_API_KEYNoElevenLabs TTS API key (also accepted as ELEVEN_API_KEY). Sensitive.
ELEVENLABS_VOICE_IDNoElevenLabs voice ID. Overrides config.yaml value.
ELEVENLABS_MODEL_IDNoeleven_turbo_v2_5ElevenLabs TTS model (also accepted as ELEVENLABS_TTS_MODEL)
EDGE_TTS_VOICENoen-US-AnaNeuralEdge TTS voice name
EDGE_TTS_RATENo+0%Edge TTS speaking rate
EDGE_TTS_VOLUMENo+0%Edge TTS volume
EDGE_TTS_PITCHNo+0HzEdge TTS pitch
EDGE_TTS_SAMPLE_RATENo24000Edge TTS output sample rate in Hz
EDGE_TTS_CHANNELSNo1Edge TTS output channel count

Realtime voice (Gemini / OpenAI)

VariableRequiredDefaultDescription
REALTIME_PROVIDERNogeminiRealtime voice provider (gemini, openai)
GEMINI_REALTIME_MODELNogemini-2.5-flash-native-audio-preview-09-2025Gemini realtime model ID
GEMINI_REALTIME_VOICENoZephyrGemini realtime voice name
GEMINI_REALTIME_TEMPERATURENo0.6Gemini realtime sampling temperature
GEMINI_VAD_DISABLEDNotrueDisable Gemini built-in VAD (enables PTT mode)
GEMINI_START_SENSITIVITYNohighGemini VAD start-of-speech sensitivity (high, medium, low)
GEMINI_END_SENSITIVITYNohighGemini VAD end-of-speech sensitivity (high, medium, low)
GEMINI_PREFIX_PADDING_MSNo10Gemini VAD prefix padding in milliseconds
GEMINI_SILENCE_DURATION_MSNo200Gemini VAD silence duration threshold in milliseconds
GEMINI_ENABLE_GOOGLE_SEARCHNotrueEnable Google Search grounding for Gemini
OPENAI_REALTIME_MODELNogpt-4o-realtime-previewOpenAI realtime model ID
OPENAI_REALTIME_VOICENoalloyOpenAI realtime voice name

VAD

VariableRequiredDefaultDescription
VAD_PROVIDERNosileroVoice activity detection provider (silero, ten)
VAD_MIN_SPEECH_DURATIONNo0.1Minimum speech duration in seconds to trigger detection
VAD_MIN_SILENCE_DURATIONNo1.2Minimum silence duration in seconds before end-of-speech
VAD_ACTIVATION_THRESHOLDNo0.08VAD activation probability threshold
VAD_PREFIX_PADDING_DURATIONNo0.3Audio padding before speech start in seconds
VAD_MAX_BUFFERED_SPEECHNo60.0Maximum buffered speech duration in seconds
VAD_SAMPLE_RATENo16000VAD input sample rate in Hz
VAD_HOP_SIZENo160VAD hop size in samples (TEN VAD only)
NOISE_CANCELLATIONNotrueEnable noise cancellation
PREEMPTIVE_GENERATIONNofalseEnable preemptive LLM response generation

Qdrant

VariableRequiredDefaultDescription
QDRANT_URLNoQdrant Cloud cluster URL (e.g., https://xxx.qdrant.io)
QDRANT_API_KEYNoQdrant API key. Sensitive.
QDRANT_COLLECTION_NAMENoQdrant collection name used for semantic search
EMBEDDING_MODELNoall-MiniLM-L6-v2Sentence-transformer model used to generate embeddings
AUTO_PRELOAD_MODELSNotruePreload embedding models at startup
ALLOWED_MUSIC_LANGUAGESNoComma-separated language codes to filter music search results

Mem0

VariableRequiredDefaultDescription
MEM0_API_KEYNoMem0 memory/personalization API key. Sensitive.

Media (music / stories)

VariableRequiredDefaultDescription
CLOUDFRONT_DOMAINNoCloudFront CDN domain for serving media files
S3_BASE_URLNoS3 base URL used as fallback when CDN is disabled
USE_CDNNotrueServe media via CloudFront CDN when true, fall back to S3 URL when false
AWS_ACCESS_KEY_IDNoAWS access key for S3 rhyme-cache bucket access. Sensitive.
AWS_SECRET_ACCESS_KEYNoAWS secret access key. Sensitive.
AWS_DEFAULT_REGIONNous-east-1AWS region for S3 operations

Integrations

VariableRequiredDefaultDescription
WEATHER_APINoOpenWeatherMap (or compatible) API key for the weather tool. Sensitive.

Logging

VariableRequiredDefaultDescription
LOKI_HOSTNoGrafana Loki host URL for centralized logging (e.g., https://logs-prod.grafana.net)
LOKI_USERNoLoki basic auth username. Sensitive.
LOKI_PASSWORDNoLoki basic auth password/token. Sensitive.

Worker ports

Each worker process binds to its own port so multiple workers can run concurrently.

VariableRequiredDefaultDescription
CHEEKO_PORTNoworker defaultHTTP port for the main cheeko_worker
MATH_TUTOR_PORTNoworker defaultHTTP port for math_tutor_worker
RIDDLE_SOLVER_PORTNoworker defaultHTTP port for riddle_solver_worker
WORD_LADDER_PORTNoworker defaultHTTP port for word_ladder_worker

API keys and model selection can also be configured via main/livekit-server/config.yaml, which takes precedence for some settings. See that file for the manager_api, gemini_realtime, and api_keys sections.

manager-web

File: main/manager-web/.env.local

VariableRequiredDefaultDescription
VUE_APP_API_BASE_URLNoBackend API base URL (e.g., http://localhost:8002/toy). If unset, relative URLs are used.
VUE_APP_PUBLIC_PATHNo/Vue Router base path (useful when deployed to a subdirectory)
VUE_APP_USE_CDNNofalseSet to true to load assets from CDN