Gajae-Code
Gajae-Codev0.9.1

Environment variables

Categorized reference for Gajae-Code environment variables — provider credentials, base-URL overrides, web-search keys, and storage and behavior toggles.

This is a categorized reference for the environment variables Gajae-Code reads at runtime. All *_API_KEY, *_TOKEN, OAuth/bearer credentials, and cloud credentials are secrets — never log or commit them.

For the .env resolution order, see Reference. For retry budgets and behavior toggles in context, see Configuration.

Provider credentials

Provider keys are consumed via getEnvApiKey(). Auth resolution per provider runs CLI --api-key → stored credential → stored OAuth → environment variable → models.yml apiKey. The full provider list is long (70+ entries); these are the common ones — set the key for whichever providers you use.

VariableProvider
ANTHROPIC_OAUTH_TOKEN / ANTHROPIC_API_KEYAnthropic (OAuth token wins)
OPENAI_API_KEYOpenAI-family providers
GEMINI_API_KEYGoogle Gemini
OPENROUTER_API_KEYOpenRouter
ZAI_API_KEYz.ai (GLM); also z.ai web search
MINIMAX_API_KEY / MINIMAX_CODE_API_KEYMiniMax / MiniMax Code
DEEPSEEK_API_KEYDeepSeek
XAI_API_KEYxAI
GROQ_API_KEYGroq
MISTRAL_API_KEYMistral
CEREBRAS_API_KEYCerebras
FIREWORKS_API_KEYFireworks
TOGETHER_API_KEYTogether
HUGGINGFACE_HUB_TOKEN / HF_TOKENHugging Face
MOONSHOT_API_KEYMoonshot
QWEN_OAUTH_TOKEN / QWEN_PORTAL_API_KEYQwen Portal (OAuth token wins)

Many more are supported, including Synthetic, NVIDIA, NanoGPT, Venice, LiteLLM, LM Studio, Ollama, llama.cpp, Xiaomi, Azure OpenAI, OpenCode, Qianfan, ZenMux, vLLM, Cursor, Vercel AI Gateway, Cloudflare AI Gateway, Alibaba Coding Plan, Kilo, Ollama Cloud, and GitLab Duo. Local runtimes (LM Studio, Ollama, llama.cpp, vLLM) usually need no auth; any non-empty token works when a host requires one.

GitHub / Copilot token chain

VariableUsed forChain
COPILOT_GITHUB_TOKENGitHub Copilot provider authCOPILOT_GITHUB_TOKENGH_TOKENGITHUB_TOKEN
GH_TOKEN / GITHUB_TOKENCopilot fallback; web-scraper GitHub API authscraper checks GITHUB_TOKEN before GH_TOKEN

Cloud / enterprise credentials

VariableProvider
AZURE_OPENAI_API_KEYAzure OpenAI / Azure OpenAI Responses
AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEYAmazon Bedrock (IAM key path; also profile/SSO/IMDS)
AWS_BEARER_TOKEN_BEDROCKAmazon Bedrock bearer-token path
GOOGLE_APPLICATION_CREDENTIALSGoogle Vertex AI (ADC service-account file)
GOOGLE_CLOUD_API_KEYGoogle Vertex AI (direct API-key auth)
ANTHROPIC_FOUNDRY_API_KEYAnthropic via Azure Foundry (when Foundry mode on)
GITLAB_TOKENGitLab Duo

Auth broker and credential ranking

VariableUsed for
GJC_AUTH_BROKER_URLBase URL of the remote auth broker. When set, local SQLite credentials are bypassed and stored API/OAuth credentials resolve through the broker.
GJC_AUTH_BROKER_TOKENBearer token for broker endpoints except /v1/healthz; falls back to auth.broker.token or <config-dir>/auth-broker.token.
GJC_CREDENTIAL_RANKING_MODEMulti-account OAuth selection strategy. balanced is the default; earliest-reset prefers the account whose quota resets soonest.

Provider base-URL overrides

Built-in provider base URLs resolve as: models.yml baseUrl → provider-specific base-URL env var → bundled default.

ProviderVariables
OpenAIOPENAI_BASE_URL
AnthropicANTHROPIC_BASE_URL
Google GeminiGOOGLE_BASE_URL, GEMINI_BASE_URL
Any provider idderived <PROVIDER_ID>_BASE_URL (uppercased, non-alphanumerics → _; e.g. my-proxyMY_PROXY_BASE_URL)

The built-in openai provider keeps its bundled Responses transport: OPENAI_BASE_URL changes the host but still calls <baseUrl>/responses. If your proxy only supports Chat Completions, configure a custom models.yml provider with api: openai-completions instead.

Local-runtime discovery base URLs can also be overridden:

VariableDefault
OLLAMA_BASE_URLhttp://127.0.0.1:11434
LM_STUDIO_BASE_URLhttp://127.0.0.1:1234/v1
LLAMA_CPP_BASE_URLhttp://127.0.0.1:8080

Web-search keys

Each key enables the corresponding web_search provider:

VariableProvider
EXA_API_KEYExa
BRAVE_API_KEYBrave
PERPLEXITY_API_KEY / PERPLEXITY_COOKIESPerplexity (API key or cookie auth)
TAVILY_API_KEYTavily
KAGI_API_KEYKagi
JINA_API_KEYJina
PARALLEL_API_KEYParallel
ZAI_API_KEYz.ai (also checks stored OAuth)
SEARXNG_ENDPOINT (+ SEARXNG_TOKEN)SearXNG endpoint and optional bearer token

SEARXNG_BASIC_USERNAME / SEARXNG_BASIC_PASSWORD provide HTTP Basic auth. SearXNG also reads the equivalent searxng.* settings from ~/.gjc/agent/config.yml; env vars are fallbacks. The Anthropic web-search auth chain starts with ANTHROPIC_SEARCH_API_KEY (+ optional ANTHROPIC_SEARCH_BASE_URL).

Storage and behavior toggles

VariableEffect
GJC_CONFIG_DIRConfig-root dirname under home (default .gjc).
GJC_CODING_AGENT_DIRFull override for the agent directory (default ~/<GJC_CONFIG_DIR or .gjc>/agent).
GJC_NO_PTYIf 1, disables the interactive PTY path for the bash tool.
GJC_NOTIFICATIONSoff / 0 / false suppress desktop notifications.
GJC_NO_TITLEIf set, disables auto session-title generation.
GJC_EDIT_VARIANTForces the edit-tool variant: patch, replace, hashline, atom, vim, apply_patch.
GJC_TIMINGPrints a hierarchical timing-span tree to stderr (x = exit after print, full = list all module loads).

See Configuration for the full retry-budget and behavior details.

Security-sensitive variables

Treat these as secrets — do not log or commit them:

  • Provider/API keys and OAuth/bearer credentials (all *_API_KEY, *_TOKEN, OAuth access/refresh tokens).
  • Cloud credentials (AWS_*; GOOGLE_APPLICATION_CREDENTIALS may point at service-account material).
  • Search/provider auth vars (EXA_API_KEY, BRAVE_API_KEY, PERPLEXITY_API_KEY, Anthropic search keys).
  • Foundry mTLS material (ANTHROPIC_MODEL_CODE_CLIENT_CERT, ANTHROPIC_MODEL_CODE_CLIENT_KEY, NODE_EXTRA_CA_CERTS when it points at a private CA bundle).

On this page