Self-hosting
Environment reference, local setup, and deployment.
Dataembed is a pnpm/Turborepo monorepo whose deployable unit is one Next.js app — the eve agent runs inside it, so there is no separate agent service to operate. You need Node.js ≥ 24, pnpm, and a Postgres database.
Setup
git clone https://github.com/kyh/dataembed.git
cd dataembed
pnpm install
cp .env.example .env # fill in the required variables below
pnpm db:push # create tables (Drizzle)
pnpm dev # app + eve agent on one dev serverEnvironment reference
Configuration lives in .env at the repo root.
Required
| Variable | Purpose |
|---|---|
POSTGRES_URL | Postgres connection string (any Postgres works) |
BETTER_AUTH_SECRET | Secret for better-auth session signing (also salts anonymous IP hashing) |
AI_GATEWAY_API_KEY | Vercel AI Gateway key — powers the agent, verification, and the default search-grounded provider |
Search providers (optional)
Each key activates its provider on every query; ranked lists are merged with reciprocal rank fusion. See Search providers.
| Variable | Provider |
|---|---|
EXA_API_KEY | Exa — semantic search, page text inline |
PARALLEL_API_KEY | Parallel — agent-oriented search, extended excerpts |
FIRECRAWL_API_KEY | Firecrawl — keyword SERP, pages scraped to markdown |
Model overrides (optional)
Gateway model ids; defaults shown. Details in Search providers.
| Variable | Default |
|---|---|
SEARCH_AGENT_MODEL | anthropic/claude-sonnet-5 |
SEARCH_VERIFICATION_MODEL | openai/gpt-5.4-mini |
SEARCH_QUERY_MODEL | perplexity/sonar |
Caps (optional)
Defaults shown; see the caps table for how they apply.
| Variable | Default |
|---|---|
SEARCH_MAX_QUERIES | 6 |
SEARCH_MAX_RESULTS | 25 |
SEARCH_ANON_MAX_QUERIES | 3 |
SEARCH_ANON_MAX_RESULTS | 10 |
SEARCH_ANON_SESSIONS_PER_HOUR | 3 |
Auth and email (optional)
Email/password auth works out of the box at /auth/login, /auth/register, and /auth/password-reset.
| Variable | Purpose |
|---|---|
GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET | Enable GitHub OAuth — the sign-in button appears only when both are set |
RESEND_API_KEY | Send password-reset emails via Resend; without it, the reset URL is logged to the server console (fine for dev) |
EMAIL_FROM | From address for outgoing email |
BETTER_AUTH_URL | Public origin of your deployment, for auth callbacks on non-Vercel hosts |
Eve (optional, non-Vercel only)
| Variable | Purpose |
|---|---|
EVE_CHANNEL_SECRET | Shared secret authenticating server → eve calls. Not needed on Vercel (OIDC) or in local dev |
EVE_ORIGIN | Origin serving eve's HTTP channel, when it differs from the app's own origin |
Deployment
Vercel is the primary target: deploy the repo as a single project and the eve agent ships alongside the Next.js app with zero extra configuration — server-to-agent calls authenticate via Vercel OIDC, and runs are durable via Vercel Workflow.
Elsewhere, the same app runs on any Node host with Postgres. Set EVE_CHANNEL_SECRET so the server can authenticate to the eve channel (local pnpm dev doesn't need it), and EVE_ORIGIN only if you serve /eve/* from a different origin than the app.
Database commands
pnpm db:push # push Drizzle schema to POSTGRES_URL
pnpm db:push-remote # push schema to prod (reads .env.production.local)
pnpm db:studio # browse data in Drizzle Studio