Skip to main content
Vercel is the recommended deployment platform. It provides integrated storage, AI Gateway, and edge infrastructure with zero configuration.
If you haven’t set up your project yet, start with the Quickstart to scaffold and run locally first.

Vercel Integrations

ChatJS uses several Vercel platform features. Enable them in your Vercel dashboard under Storage and AI.
IntegrationPurposeRequired
Vercel Postgres or NeonPrimary databaseYes
Vercel BlobFile attachments, generated imagesIf using attachments/image gen
Vercel KVResumable streams (Redis)Optional
AI GatewayUnified access to 120+ AI modelsYes

AI Gateway

By default, ChatJS uses Vercel AI Gateway to access 120+ models from OpenAI, Anthropic, Google, and more.
  1. Go to Vercel AI Gateway
  2. Create an API key
  3. Add to environment: AI_GATEWAY_API_KEY
You can switch to OpenRouter or any other supported gateway in chat.config.ts. See Multi-Model Support for configuring available models.

Blob Storage

Required for file attachments and AI image generation.
  1. Go to StorageCreateBlob
  2. Connect to your project
  3. Environment variable BLOB_READ_WRITE_TOKEN is auto-added
To disable blob features, set in chat.config.ts: 
features: {
  attachments: false,
  imageGeneration: false,
}

KV (Redis)

Enables resumable streams - users can refresh the page mid-generation and continue where they left off.
  1. Go to StorageCreateKV
  2. Connect to your project
  3. Environment variable REDIS_URL is auto-added
Without Redis, streams work normally but can’t be resumed after disconnection.

Cron Jobs

ChatJS includes a daily cleanup job that removes orphaned blob attachments (uploaded but never saved to a message).

Configuration

Defined in vercel.json: 
{
  "crons": [
    {
      "path": "/api/cron/cleanup",
      "schedule": "0 2 * * *"
    }
  ]
}
Runs daily at 2 AM UTC. Adjust the schedule using cron syntax.

Security

The cron endpoint requires a CRON_SECRET environment variable: 
# Generate a secret
openssl rand -base64 32
Add to Vercel environment variables. Vercel automatically sends this as a Bearer token.

Customizing Cleanup

Edit app/api/cron/cleanup/route.ts to add cleanup tasks: 
const results = {
  orphanedAttachments: await cleanupOrphanedAttachments(),
  // Add other cleanup tasks here
  expiredSessions: await cleanupExpiredSessions(),
};

Code Execution Sandbox

The code execution tool uses Vercel Sandbox for secure Python execution.

Authentication

On Vercel, sandbox uses OIDC automatically. For local development or self-hosted: 
VERCEL_TEAM_ID=team_xxx
VERCEL_PROJECT_ID=prj_xxx
VERCEL_TOKEN=xxx

Runtime Configuration

Set the Python version via environment variable: 
VERCEL_SANDBOX_RUNTIME=python3.13  # default

Resource Limits

Sandboxes run with:
  • 2 vCPUs
  • 5 minute timeout
  • Pre-installed: matplotlib, pandas, numpy, sympy, yfinance

Environment Variables

Required

VariableDescription
DATABASE_URLPostgreSQL connection string
AUTH_SECRETSession encryption key
AI_GATEWAY_API_KEYVercel AI Gateway key (or OPENROUTER_API_KEY if using OpenRouter)

Optional (Vercel Features)

VariableFeature
BLOB_READ_WRITE_TOKENBlob storage (auto-set by integration)
REDIS_URLKV/Redis for resumable streams
CRON_SECRETSecure cron endpoint

Pull from Vercel

After linking your project, pull all environment variables: 
vercel link
vercel env pull .env.local

Rate Limiting and Security

The /api/chat endpoint is expensive (it calls AI providers on every request). Protect it from abuse in production.

Vercel Firewall

Enable Vercel Firewall in your project settings. Create a rate limiting rule for the chat endpoint:
  1. Go to SettingsFirewall
  2. Add a rule targeting POST /api/chat
  3. Set a rate limit (for example, 20 requests per minute per IP)
  4. Choose Challenge or Block as the action

Vercel WAF

For additional protection, enable the Web Application Firewall to block common attack patterns (SQL injection, XSS) at the edge before requests reach your application.

Environment Variable Security

  • Never commit .env.local to version control
  • Use Vercel’s environment variable management to set secrets per environment (production, preview, development)
  • Rotate AUTH_SECRET and API keys periodically

Production Checklist

Before going live:
  1. Go to SettingsDomains
  2. Add your custom domain
  3. Update OAuth callback URLs to use the new domain
Update your OAuth apps (GitHub, Google) with production callback URLs:
https://yourdomain.com/api/auth/callback/github
https://yourdomain.com/api/auth/callback/google
Set up Vercel Firewall rules for the /api/chat endpoint to prevent abuse. See the section above for details.
Check your plan limits for:
  • Blob storage (file count and size)
  • KV operations (for resumable streams)
  • AI Gateway usage

Troubleshooting

  • Verify CRON_SECRET is set in environment variables
  • Check Vercel dashboard → Logs → filter by /api/cron
  • Crons only run in production (not preview deployments)
  • Ensure BLOB_READ_WRITE_TOKEN is set
  • Check blob storage isn’t at capacity
  • Verify file size is under 500MB limit
  • Default timeout is 5 minutes
  • Check sandbox logs in Vercel dashboard
  • Ensure OIDC is working (automatic on Vercel)