This page explains the runtime configuration system, feature toggles, and environment-based settings in Sim Studio. The system is designed to provide a consistent configuration interface across both client and server contexts while supporting dynamic environment injection for Docker-based deployments.
Sim Studio utilizes a robust configuration layer that bridges static environment variables with runtime application logic. The core of this system resides in apps/sim/lib/core/config/, primarily split between environment schema validation (env.ts) and functional feature toggles (feature-flags.ts).
| Component | File Path | Responsibility |
|---|---|---|
| Env Schema | apps/sim/lib/core/config/env.ts | Zod-based validation of all environment variables using @t3-oss/env-nextjs. |
| Feature Flags | apps/sim/lib/core/config/feature-flags.ts | Derived boolean logic for enabling/disabling system modules (Billing, SSO, etc.). |
| Runtime Injection | apps/sim/lib/core/config/env.ts11 | Helper for accessing variables in the browser using next-runtime-env. |
| Auth Config | apps/sim/lib/auth/auth.ts | Integration of feature flags into the betterAuth configuration. |
Sources: apps/sim/lib/core/config/env.ts1-11 apps/sim/lib/core/config/feature-flags.ts1-5
The following diagrams illustrate how configuration flows from infrastructure into the application code entities.
Sources: apps/sim/lib/core/config/env.ts11-14 apps/sim/lib/core/config/feature-flags.ts4-31 apps/sim/lib/auth/auth.ts63-71 apps/sim/lib/auth/auth.ts145-165
The application uses @t3-oss/env-nextjs combined with zod to ensure all required variables are present and correctly formatted at startup.
To support Docker runtime variables (which are often injected into the browser at runtime rather than build time), the system uses a custom getEnv utility:
apps/sim/lib/core/config/env.ts11
The schema enforces strict types for critical infrastructure:
DATABASE_URL must be a valid URL apps/sim/lib/core/config/env.ts19BETTER_AUTH_SECRET and ENCRYPTION_KEY require a minimum of 32 characters apps/sim/lib/core/config/env.ts21-30INTERNAL_API_SECRET is required for inter-service communication apps/sim/lib/core/config/env.ts32Sources: apps/sim/lib/core/config/env.ts14-84
Feature flags are derived from the validated env object. They provide a clean API for the rest of the application to check for feature availability without parsing strings or checking for undefined.
| Flag | Logic | Purpose |
|---|---|---|
isHosted | Checks if NEXT_PUBLIC_APP_URL is a Sim domain | Distinguishes between Sim Cloud and Self-Hosted apps/sim/lib/core/config/feature-flags.ts24-26 |
isBillingEnabled | isTruthy(env.BILLING_ENABLED) | Toggles Stripe integration and credit enforcement apps/sim/lib/core/config/feature-flags.ts31 |
isAuthDisabled | isTruthy(env.DISABLE_AUTH) && !isHosted | Allows bypassing auth in private networks apps/sim/lib/core/config/feature-flags.ts42 |
isSsoEnabled | isTruthy(env.SSO_ENABLED) | Gates Enterprise SSO features apps/sim/lib/core/config/feature-flags.ts86 |
isEmailVerificationEnabled | isTruthy(env.EMAIL_VERIFICATION_ENABLED) | Enforces OTP verification during signup/login apps/sim/lib/core/config/feature-flags.ts36 |
isOrganizationsEnabled | isBillingEnabled || isAccessControlEnabled | Automatically enables org features if billing or permissions are active apps/sim/lib/core/config/feature-flags.ts105-106 |
The system includes safety checks to prevent dangerous configurations in hosted environments. For example, DISABLE_AUTH is explicitly ignored if isHosted is true to prevent accidental exposure of the Sim Cloud infrastructure apps/sim/lib/core/config/feature-flags.ts48-51
Sources: apps/sim/lib/core/config/feature-flags.ts9-141
The auth configuration in apps/sim/lib/auth/auth.ts is a primary consumer of these flags, adjusting the betterAuth instance behavior dynamically.
isRegistrationDisabled is true, the user.create.before hook can be used to block new entries apps/sim/lib/auth/auth.ts167-177useVerification hook checks isEmailVerificationEnabled. If false, it automatically redirects the user to the workspace, bypassing the OTP step apps/sim/app/(auth)/verify/use-verification.ts201-223BLOCKED_SIGNUP_DOMAINS apps/sim/lib/auth/auth.ts132-134 which is enforced in the before database hook apps/sim/lib/auth/auth.ts170-175Sources: apps/sim/lib/auth/auth.ts63-71 apps/sim/app/(auth)/verify/use-verification.ts32-36 apps/sim/app/(auth)/verify/use-verification.ts201-223
Runtime configuration also controls which third-party integrations are visible and usable.
getAllowedIntegrationsFromEnv() parses the ALLOWED_INTEGRATIONS environment variable to filter the block registry apps/sim/lib/core/config/feature-flags.ts147-153getAllowedMcpDomainsFromEnv() restricts Model Context Protocol servers to specific hostnames for security apps/sim/lib/core/config/feature-flags.ts178-182OAUTH_PROVIDERS registry defines the required scopes for various services (Gmail, Drive, etc.) apps/sim/lib/oauth/oauth.ts57-210 which are then displayed in the OAuthRequiredModal during connection apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx:149-174.Sources: apps/sim/lib/core/config/feature-flags.ts147-182 apps/sim/lib/oauth/oauth.ts57-210 apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx:49-63
Refresh this wiki