This document provides a comprehensive reference for the Next.js configuration in Sim Studio. The configuration is defined in apps/sim/next.config.ts It controls image handling, server-side package bundling, security headers, build optimization, and routing behavior. For environment variable configuration, see 9.1 Environment Variables For runtime feature flags, see 9.3 Feature Flags & Runtime Config
The Next.js configuration in Sim Studio is a TypeScript file that exports a NextConfig object. It integrates with environment variables via env and getEnv utilities apps/sim/next.config.ts2 and security policies from the CSP module apps/sim/next.config.ts4-9
Title: Next.js Configuration Architecture
Sources: apps/sim/next.config.ts1-11 apps/sim/next.config.ts145-146
The images configuration defines remotePatterns to allow optimized image serving from trusted external domains. It supports common OAuth providers, AI generation APIs, and cloud storage backends.
| Domain Type | Pattern | Purpose |
|---|---|---|
| GitHub Avatars | avatars.githubusercontent.com | User profile images from GitHub apps/sim/next.config.ts18 |
| Stability AI | api.stability.ai | AI-generated images from Stability models apps/sim/next.config.ts22 |
| Azure Blob Storage | *.blob.core.windows.net | File uploads and knowledge base storage apps/sim/next.config.ts27 |
| AWS S3 | *.s3.amazonaws.com*.s3.*.amazonaws.com | AWS storage for workflow assets apps/sim/next.config.ts32-37 |
| Google Photos | lh3.googleusercontent.com | User profile images from Google OAuth apps/sim/next.config.ts40 |
| Custom Branding | Dynamic from env vars | Whitelabel logo and favicon domains apps/sim/next.config.ts43-71 |
The configuration dynamically extracts hostnames from NEXT_PUBLIC_BRAND_LOGO_URL and NEXT_PUBLIC_BRAND_FAVICON_URL using the URL constructor within a try-catch block to prevent build failures on invalid URLs apps/sim/next.config.ts43-71
Title: Brand Image Resolution Flow
Sources: apps/sim/next.config.ts43-71
The serverExternalPackages array specifies dependencies that must be excluded from the Next.js bundle and loaded at runtime from node_modules. This is required for packages with native binaries or complex side effects.
| Package | Reason for Externalization |
|---|---|
@1password/sdk | Native bindings for secure credential access apps/sim/next.config.ts82 |
unpdf | PDF processing engine apps/sim/next.config.ts83 |
ffmpeg-static | Static FFmpeg binary (~50MB+) apps/sim/next.config.ts84 |
fluent-ffmpeg | Media processing wrapper apps/sim/next.config.ts85 |
pino & pino-pretty | Structured logging system apps/sim/next.config.ts86-87 |
thread-stream | Worker thread streaming for logs apps/sim/next.config.ts88 |
ws | WebSocket library used in Stagehand apps/sim/next.config.ts89 |
isolated-vm | V8 isolates for sandboxed code execution apps/sim/next.config.ts90 |
Sources: apps/sim/next.config.ts81-91
The outputFileTracingIncludes configuration ensures that dynamic assets and native modules are included in the deployment bundle, particularly for the standalone output mode.
ws for browser automation routes under /api/tools/stagehand/* apps/sim/next.config.ts93sharp and @img modules globally apps/sim/next.config.ts94./dist/pptx-worker.cjs apps/sim/next.config.ts94Sources: apps/sim/next.config.ts92-95
When DOCKER_BUILD is enabled, Next.js is configured to output a standalone folder which contains only the necessary files for production deployment apps/sim/next.config.ts77
Type checking is bypassed during Docker builds if DOCKER_BUILD is truthy to speed up CI/CD pipelines apps/sim/next.config.ts75
The experimental.optimizePackageImports list contains heavy libraries (e.g., lucide-react, lodash, framer-motion, reactflow, @radix-ui/*) that Next.js should optimize to reduce bundle size apps/sim/next.config.ts101-119
Sources: apps/sim/next.config.ts74-77 apps/sim/next.config.ts101-120
The headers() function defines security policies for different route patterns. It applies Content Security Policy (CSP) and Cross-Origin Resource Sharing (CORS) rules.
Title: Security Header Application Logic
/.well-known/:path* and /api/auth/jwks allow universal access (Access-Control-Allow-Origin: *) for OIDC and service discovery apps/sim/next.config.ts148-154 apps/sim/next.config.ts188-195/api/:path* pattern restricts origins to NEXT_PUBLIC_APP_URL and allows standard headers like X-API-Key and Authorization apps/sim/next.config.ts157-174/api/mcp/copilot allows cross-origin requests to support external agent integrations apps/sim/next.config.ts206-219/api/workflows/:id/execute uses a specialized CSP policy and sets Cross-Origin-Embedder-Policy: unsafe-none to allow workflows to load external resources apps/sim/next.config.ts222-241Sources: apps/sim/next.config.ts145-241
Specific packages are transpiled to ensure compatibility with the Next.js environment, including internal workspace packages and ESM-only dependencies apps/sim/next.config.ts136-144
prettier@react-email/components@react-email/render@t3-oss/env-nextjs@sim/db (Workspace package) apps/sim/next.config.ts142better-auth-harmony apps/sim/next.config.ts143Sources: apps/sim/next.config.ts136-144
Refresh this wiki