Durabull Documentation

Environment Variables

Complete runtime environment variable reference for local and production Durabull deployments.

Core Runtime

VariableRequiredPurpose
NODE_ENVNoRuntime mode (development, test, production)
PORTNoAPI server port
APP_BASE_URLRequired when DURABULL_AUTHLESS=false or MCP on public ingressCanonical app URL for auth, email, and MCP OAuth resource {APP_BASE_URL}/mcp
VITE_PUBLIC_APP_URLRecommendedPublic URL exposed to browser clients

Auth and Identity

VariableRequiredPurpose
DURABULL_AUTHLESSNoEnable/disable authless mode
BETTER_AUTH_SECRETRequired for OAuth and shipped self-host ComposeSession/OAuth signing secret (set even for authless lab Compose)
GOOGLE_OAUTH_CLIENT_IDOptionalGoogle OAuth client ID
GOOGLE_OAUTH_CLIENT_SECRETOptionalGoogle OAuth secret
GITHUB_OAUTH_CLIENT_IDOptionalGitHub OAuth client ID
GITHUB_OAUTH_CLIENT_SECRETOptionalGitHub OAuth secret

Persistence and Data

VariableRequiredPurpose
DURABULL_POSTGRES_PORTOptionalHost port mapped to Docker Postgres (55432 default)
DATABASE_URLOptionalEnables PostgreSQL mode when set
REDIS_URLOptionalGeneric Redis URL used by scripts/defaults
DURABULL_REDIS_URL_ENCRYPTION_KEYRequired when persisting connections32-byte key (hex/base64) used to encrypt Redis connection URLs at rest
DURABULL_SECRET_ENCRYPTION_KEYRequired for Linear alert integrations32-byte key (hex/base64) used to encrypt third-party OAuth tokens at rest
DURABULL_PGLITE_DIROptionalOverride PGlite data directory

Connection Mode

VariableRequiredPurpose
DURABULL_ENV_CONNECTIONSNoUse env-driven connection set
DURABULL_REDIS_URL_DEFAULTRecommendedDefault env connection key
DURABULL_REDIS_URL_<NAME>When env mode enabledRedis URL for named connection
DURABULL_REDIS_URL_<NAME>_ENVIRONMENTOptionaldevelopment, staging, or production
DURABULL_REDIS_URL_<NAME>_ALLOW_SELF_SIGNED_CERTSOptionalSet to true for providers with self-signed TLS certs (for example Heroku Key-Value Store)

Optional Integrations

VariableRequiredPurpose
RESEND_API_KEYOptionalEmail delivery via Resend (invitations and alerts)
EMAIL_FROMNoSender address for Resend emails (default: Durabull <no-reply@durabull.io>)
LINEAR_OAUTH_CLIENT_IDRequired for Linear alert integrationsLinear OAuth application client ID
LINEAR_OAUTH_CLIENT_SECRETRequired for Linear alert integrationsLinear OAuth application client secret
LINEAR_OAUTH_REDIRECT_URIOptionalExplicit Linear OAuth callback URL; defaults to ${APP_BASE_URL}/api/alerts/integrations/linear/callback
LINEAR_OAUTH_ACTOROptionalLinear OAuth actor mode: user by default, or app for service-account style app actor authorization
POSTHOG_KEYOptionalPostHog project API key
POSTHOG_HOSTOptionalPostHog upstream host for the reverse proxy (defaults to https://us.i.posthog.com)

Note: The web app receives PostHog configuration from the API at /api/app/config. You only need to set the server-side POSTHOG_KEY and POSTHOG_HOST variables — no VITE_ prefix is required. Set POSTHOG_HOST to PostHog's ingestion domain (for example https://us.i.posthog.com), not your own app /ingest URL. The API reverse-proxies analytics traffic through /ingest to bypass ad blockers.

Linear OAuth callback

For Linear alert integrations, register this callback URL in your Linear OAuth application:

https://your-domain.example/api/alerts/integrations/linear/callback

Durabull derives that URL from APP_BASE_URL by default. Set LINEAR_OAUTH_REDIRECT_URI explicitly when your self-hosted API is served from a different public origin than the web app. The redirect URI configured in Linear must exactly match the value Durabull sends during OAuth. By default, Durabull uses Linear's user actor OAuth flow and omits the actor authorize parameter. Set LINEAR_OAUTH_ACTOR=app only when the Linear application is configured for app actor authorization and you want alert-created issues attributed to the app.

For the full connection, alert delivery, retry, and idempotency model, see Linear Integration.

Anonymous Usage Telemetry

Durabull collects anonymous/pseudonymous usage telemetry in production and self-hosted usage to understand feature adoption and improve the product. Configuring POSTHOG_KEY for your own PostHog project does not disable Durabull telemetry, and Durabull does not provide a product-level telemetry opt-out. When POSTHOG_KEY is set, the configured PostHog project receives the full PostHog browser analytics stream.

Telemetry includes feature and route usage, safe runtime context, success/failure booleans, enum values such as job status or theme, and aggregate count/duration buckets. Durabull does not collect Redis URLs, queue names, Redis key names, job data, logs, emails, names, organizations, hostnames, raw URLs, search patterns, stack traces, or raw error messages.

Self-hosted deployments do not need a separate collector service or telemetry hostname. The app forwards sanitized telemetry to Durabull's existing cloud API.

Optional Runtime Toggles

VariableRequiredPurpose
ASSET_PRELOAD_MAX_SIZENoAsset preload tuning
ASSET_PRELOAD_VERBOSE_LOGGINGNoExtra preload diagnostics

MCP

MCP is always enabled on the unified API deployment at {APP_BASE_URL}/mcp. No separate MCP port, service, or enable flag is required.

VariableRequiredPurpose
APP_BASE_URLSee Core RuntimeMCP host allowlist and OAuth resource URI ({APP_BASE_URL}/mcp)
DURABULL_AUTHLESSNoMust remain false on internet-facing deployments
DISABLE_RATE_LIMITNoWhen true, disables all in-memory API + MCP rate limiting
MCP_TELEMETRY_LOGNoSet false to disable stdout mcp_telemetry JSON logs (runtime-only; default: enabled)
MCP_AUTHLESS_BEARER_TOKENAuthless + productionStrong bearer for isolated lab authless only — not for internet-facing production

See MCP Server for scopes, tools, and client setup. Operators: MCP operations runbook.

NODE_ENV=production
APP_BASE_URL=https://your-domain.example
VITE_PUBLIC_APP_URL=https://your-domain.example
DURABULL_AUTHLESS=false
BETTER_AUTH_SECRET=<long-random-secret>
DURABULL_REDIS_URL_ENCRYPTION_KEY=<openssl-rand-hex-32>
DURABULL_SECRET_ENCRYPTION_KEY=<openssl-rand-hex-32>
DURABULL_ENV_CONNECTIONS=true
DURABULL_REDIS_URL_MAIN=redis://...
DURABULL_REDIS_URL_MAIN_ENVIRONMENT=production
DURABULL_REDIS_URL_DEFAULT=MAIN

Screenshot placeholder: .env sample file in docs-friendly format.

Local Development

Contributor-focused local setup with fast authless mode or a full seeded stack.

Security and Hardening

Security checklist and operational hardening guidance for production Durabull deployments.

On this page

Core RuntimeAuth and IdentityPersistence and DataConnection ModeOptional IntegrationsLinear OAuth callbackAnonymous Usage TelemetryOptional Runtime TogglesMCPRecommended Production Baseline