Configuration

Environment files

• Root: .env
• Backend: backend/.env
• Frontend: frontend/.env

Core runtime config

Backend

Important vars (backend/config.js):

• PORT (default 4000)
• JWT_SECRET
• JWT_EXPIRES_IN (default 30d)
• APP_URL
• FRONTEND_ORIGIN
• DATA_DIR, UPLOADS_DIR, SQLITE_PATH
• OUTBOX_WORKER_* (polling, retries, alerts)
• EXTENSIONS_DIR, EXTENSIONS_OVERRIDES_FILE

Frontend

• VITE_API_URL (default http://localhost:4000)

In-app configuration (/admin)

• Allowed login domains.
• Developer emails.
• App name, URL, logo.
• Mail provider: smtp or ses.

Security-sensitive settings

Treat these as secrets:

• smtp_pass
• ses_access_key_id
• ses_secret_access_key
• ses_session_token

The API masks these values in responses.