Self-hosting

Environment reference, local setup, and deployment.

Dataembed is a pnpm/Turborepo monorepo whose deployable unit is one Next.js app — the eve agent runs inside it, so there is no separate agent service to operate. You need Node.js ≥ 24, pnpm, and a Postgres database.

Setup

git clone https://github.com/kyh/dataembed.git
cd dataembed
pnpm install

cp .env.example .env   # fill in the required variables below

pnpm db:push           # create tables (Drizzle)
pnpm dev               # app + eve agent on one dev server

Environment reference

Configuration lives in .env at the repo root.

Required

VariablePurpose
POSTGRES_URLPostgres connection string (any Postgres works)
BETTER_AUTH_SECRETSecret for better-auth session signing (also salts anonymous IP hashing)
AI_GATEWAY_API_KEYVercel AI Gateway key — powers the agent, verification, and the default search-grounded provider

Search providers (optional)

Each key activates its provider on every query; ranked lists are merged with reciprocal rank fusion. See Search providers.

VariableProvider
EXA_API_KEYExa — semantic search, page text inline
PARALLEL_API_KEYParallel — agent-oriented search, extended excerpts
FIRECRAWL_API_KEYFirecrawl — keyword SERP, pages scraped to markdown

Model overrides (optional)

Gateway model ids; defaults shown. Details in Search providers.

VariableDefault
SEARCH_AGENT_MODELanthropic/claude-sonnet-5
SEARCH_VERIFICATION_MODELopenai/gpt-5.4-mini
SEARCH_QUERY_MODELperplexity/sonar

Caps (optional)

Defaults shown; see the caps table for how they apply.

VariableDefault
SEARCH_MAX_QUERIES6
SEARCH_MAX_RESULTS25
SEARCH_ANON_MAX_QUERIES3
SEARCH_ANON_MAX_RESULTS10
SEARCH_ANON_SESSIONS_PER_HOUR3

Auth and email (optional)

Email/password auth works out of the box at /auth/login, /auth/register, and /auth/password-reset.

VariablePurpose
GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRETEnable GitHub OAuth — the sign-in button appears only when both are set
RESEND_API_KEYSend password-reset emails via Resend; without it, the reset URL is logged to the server console (fine for dev)
EMAIL_FROMFrom address for outgoing email
BETTER_AUTH_URLPublic origin of your deployment, for auth callbacks on non-Vercel hosts

Eve (optional, non-Vercel only)

VariablePurpose
EVE_CHANNEL_SECRETShared secret authenticating server → eve calls. Not needed on Vercel (OIDC) or in local dev
EVE_ORIGINOrigin serving eve's HTTP channel, when it differs from the app's own origin

Deployment

Vercel is the primary target: deploy the repo as a single project and the eve agent ships alongside the Next.js app with zero extra configuration — server-to-agent calls authenticate via Vercel OIDC, and runs are durable via Vercel Workflow.

Elsewhere, the same app runs on any Node host with Postgres. Set EVE_CHANNEL_SECRET so the server can authenticate to the eve channel (local pnpm dev doesn't need it), and EVE_ORIGIN only if you serve /eve/* from a different origin than the app.

Database commands

pnpm db:push          # push Drizzle schema to POSTGRES_URL
pnpm db:push-remote   # push schema to prod (reads .env.production.local)
pnpm db:studio        # browse data in Drizzle Studio

On this page