.env in the repo root. If .env does not exist, pnpm local and node scripts/run-compose.mjs bootstrap create it from .env.example. If BETTER_AUTH_SECRET or INTERNAL_CRON_SECRET are blank or still set to replace-me, those startup paths generate secure values automatically before launch.
Core
Required for any setup path.| Variable | Required | Default | Description |
|---|---|---|---|
DATABASE_URL | Yes | postgresql://postgres:postgres@localhost:5432/oneglanse | Postgres connection string |
CLICKHOUSE_URL | Yes | http://localhost:8123 | ClickHouse HTTP endpoint |
REDIS_HOST | Yes | localhost | Redis hostname in .env; Docker self-hosting overrides this internally to redis |
REDIS_PORT | Yes | 6379 | Redis port |
REDIS_PASSWORD | No | redis | Redis auth password (set to redis in the local Docker setup) |
BETTER_AUTH_SECRET | Yes | auto-generated | Session signing secret — auto-generated by setup scripts |
INTERNAL_CRON_SECRET | Yes | auto-generated | Internal cron auth token — auto-generated by setup scripts |
ONEGLANSE_APP_MODE | No | local | local or self-host — overridden automatically by scripts |
APP_URL | No | http://localhost:3000 | Public-facing URL of the web app |
API_BASE_URL | No | http://localhost:3000 | API base URL (used by tRPC client) |
LLM / Response Analysis
At least one LLM key is required to run response analysis after prompt collection.| Variable | Required | Default | Description |
|---|---|---|---|
OPENAI_API_KEY | Yes (if using OpenAI) | — | OpenAI API key for response analysis |
ANTHROPIC_API_KEY | Yes (if using Claude) | — | Anthropic API key for response analysis |
ANALYSIS_LLM_PROVIDER | No | openai | Which LLM to use: openai or claude |
Google OAuth
Required if you want users to sign in to the OneGlanse web app with Google.| Variable | Required | Default | Description |
|---|---|---|---|
GOOGLE_CLIENT_ID | No | — | Google OAuth client ID |
GOOGLE_CLIENT_SECRET | No | — | Google OAuth client secret |
pnpm auth.
VPS Auth Upload
Used when transferring local provider sessions to a self-hosted VPS.| Variable | Required | Default | Description |
|---|---|---|---|
ONEGLANSE_VPS_IP | No | — | VPS IP — enables pnpm upload:vps shorthand |
AGENT_AUTH_UPLOAD_TOKEN | No | — | Bearer token to authenticate the auth upload API |
Proxy
Required on VPS deployments where direct connections to AI providers are blocked. This is needed because most VPS providers use datacenter IP ranges, and those IPs are commonly blocked or challenged by AI chat products. OneGlanse uses the proxy only for provider website traffic from the VPS browser runtime. For ThorData on VPS, the recommended setup is to whitelist your VPS IP first, generate the endpoint withWhitelisted IPs + API Link, keep Sticky session enabled for prompt runs, and pick a valid country where the providers are supported and your audience is located.
| Variable | Required | Default | Description |
|---|---|---|---|
THORDATA_PROXY_API_URL | No | — | ThorData rotating proxy API endpoint |
PROXY_SCHEME | No | http | Proxy protocol used for ThorData proxy URLs |
Recommended ThorData setup
If you are using ThorData, whitelist your VPS public IP in the ThorData dashboard before generating the proxy endpoint. That keeps authentication simpler and is the recommended setup for OneGlanse on VPS deployments. Use these ThorData endpoint generator settings:- Authentication method:
Whitelisted IPs - Endpoint type:
API Link - Session setting:
Sticky session - Country: choose a valid country where the providers are available and where your target audience is located
THORDATA_PROXY_API_URL. Keep sticky sessions enabled for prompt runs so the provider flow stays on a stable residential IP long enough for sign-in and response collection to complete reliably.
Agent / Runtime Overrides
Override the browser runtime defaults. Only needed if the pinned defaults aren’t working for your environment. OneGlanse uses Camoufox as its provider browser runtime. This is an anti-fingerprint Firefox-based browser chosen because standard Chrome / Chromium automation is less reliable for authenticated scraping against provider chat UIs.| Variable | Required | Default | Description |
|---|---|---|---|
DEBUG_ENABLED | No | — | Set to true to enable verbose agent logging |
CAMOUFOX_HEADLESS_MODE | No | virtual | Browser display mode: virtual, headful, or headless |
CAMOUFOX_PYTHON_BIN | No | — | Path to the Python 3 binary (e.g. /usr/bin/python3) |
CAMOUFOX_PIP_SPEC | No | cloverlabs-camoufox==0.5.5 | Camoufox pip package to install |
CAMOUFOX_BROWSER_CHANNEL | No | official/stable/135.0.1-beta.24 | Browser channel to use |
Self-Host Storage & Docker Images
| Variable | Required | Default | Description |
|---|---|---|---|
ONEGLANSE_STORAGE_ROOT | No | /opt/oneglanse/storage | Host path for persistent auth sessions and browser profiles |
ONEGLANSE_WEB_IMAGE | No | GHCR published image | Override the web app Docker image |
ONEGLANSE_AGENT_IMAGE | No | GHCR published image | Override the agent Docker image |
ONEGLANSE_POSTGRES_IMAGE | No | GHCR published image | Override the Postgres Docker image |
Database Services (Self-Host / Docker Compose)
These configure the Postgres and ClickHouse containers. Used bydocker-compose.yml.
| Variable | Required | Default | Description |
|---|---|---|---|
POSTGRES_USER | Yes (self-host) | postgres | Postgres user |
POSTGRES_PASSWORD | Yes (self-host) | postgres | Postgres password |
POSTGRES_DB | Yes (self-host) | oneglanse | Postgres database name |
CLICKHOUSE_DB | Yes (self-host) | oneglanse | ClickHouse database name |
CLICKHOUSE_USER | Yes (self-host) | default | ClickHouse user |
CLICKHOUSE_PASSWORD | Yes (self-host) | clickhouse | ClickHouse password |