Setupr provider API keys should be stored globally with setupr auth, not in a project .env file:
setupr auth login
setupr auth set-key github
setupr auth list
setupr auth test
setupr auth use openai/gpt-4.1-miniKeys are stored at ~/.setupr/secrets.json with file permissions 0600, and Setupr only displays masked values.
Supported provider environment variable names are still accepted for CI, temporary overrides, and backward compatibility:
| Variable | Provider | Models |
|---|---|---|
OPENAI_API_KEY |
OpenAI | gpt-5.5-pro, gpt-5.5, gpt-5.5-mini, gpt-5.4-pro, gpt-5.4-mini, gpt-4o, gpt-4o-mini |
ANTHROPIC_API_KEY |
Anthropic | claude-opus-4-7, claude-sonnet-4-7, claude-opus-4-6, claude-sonnet-4-6, claude-haiku-4-5, claude-3.5-sonnet |
GOOGLE_API_KEY |
gemini-3.1-pro, gemini-3-flash, gemini-2.5-flash-lite | |
GROQ_API_KEY |
Groq (Llama) | llama-4-maverick, llama-4-scout, llama-3.3-70b |
MINIMAX_API_KEY |
MiniMax | minimax-m3, minimax-m2.5, minimax-m2.7 |
MOONSHOT_API_KEY |
Moonshot (Kimi) | kimi-latest, kimi-k2-thinking, kimi-k2-turbo-preview, kimi-k2.5-vision, moonshot-v1-128k |
GITHUB_MODELS_API_KEY |
GitHub Models | openai/gpt-4.1, openai/gpt-4.1-mini, openai/gpt-4o, openai/gpt-4o-mini, or any GitHub catalog ID |
GITHUB_TOKEN |
GitHub Models alias | Same as above; token needs GitHub Models access |
GITHUB_API_KEY |
GitHub Models alias | Same as above; accepted for users who label the token as an API key |
For GitHub Models, use a token that can read GitHub Models. Fine-grained PATs or app tokens need the models: read permission.
Setupr resolves provider keys in this order:
- Shell environment variables
- Global auth storage from
setupr auth set-key - Local
.env.local - Local
.env - Saved model preference from
setupr auth use(for model selection only)
To migrate old provider keys out of a project .env:
setupr auth migrateProject .env, .env.local, and .env.example should primarily describe the app being set up, such as DATABASE_URL, PORT, or NEXT_PUBLIC_API_URL.
| Variable | Description | Default |
|---|---|---|
SETUPR_AI_MODEL |
Project-local override for AI model selection | (auto-detect cheapest available) |
SETUPR_LOG_LEVEL |
Log verbosity (debug, info, warn, error) | info |
SETUPR_TUI_BORDER |
TUI border style: bold, double, round, classic |
(thin Unicode) |
Legacy alias:
P_SETUP_AI_MODELis still accepted as a backward-compatible alias forSETUPR_AI_MODELso older shells and CI jobs keep working. When both are set,SETUPR_AI_MODELwins. Prefer theSETUPR_*names going forward.
If several provider keys are set, the selected model is deterministic:
SETUPR_AI_MODEL(or the legacyP_SETUP_AI_MODEL), orsetupr auth use ...wins.- Otherwise Setupr picks the cheapest configured model from its known local pricing table.
- GitHub Models catalog pricing is treated as unknown, so GitHub is picked automatically only if explicitly selected or if it is the only configured provider.
- The setup pre-warning and TUI timeline show which model the AI director is using.
Setupr detects required environment variables by:
- Reading
.env.exampleas the template - Comparing against your
.envfile - Validating values (URLs, ports, key lengths, placeholders)
- Reporting missing, empty, and invalid variables
# Open the interactive .env editor TUI
setupr env
# Create .env from .env.example
setupr env init
# Recreate .env from .env.example even if .env already exists.
# If no .env.example exists, --force creates an empty .env with a warning.
setupr env init --force
# Check for missing variables
setupr env check
# Sync .env structure with .env.example (preserves values)
setupr env sync
# Smart analysis: detect issues + interactive fix
setupr env smartsetupr envopens a TUI editor for the local.env- if
.envis missing but.env.exampleexists, Setupr asks before creating.envfrom the template - if both
.envand.env.exampleare missing, Setupr returnsENV_TEMPLATE_MISSING setupr env --forcecreates an empty.envwhen no template exists and explains that no variables were inferred- the editor accepts normal value edits and pasted
KEY=valuelines - sensitive keys such as API keys, tokens, secrets, and passwords are masked in the editor input
- Reads
.env.exampleas the template - Detects issues: missing vars, empty values, invalid values (bad URLs, short keys, placeholder text)
- Reports extra vars not in .env.example
- In interactive mode (TTY), prompts you to fix each issue
- Reorganizes .env to match .env.example ordering
- Preserves all existing valid values and extra vars
setupr env initnever overwrites an existing.envunless you pass--forcesetupr env initdoes not create.envwhen.env.exampleis missing unless you pass--force; without force it returnsENV_TEMPLATE_MISSING- with
--force, a missing.env.examplecreates an empty.envand reports that no variables were inferred setupr setupcreates a missing.envfrom.env.exampleduring the environment stepsetupr env checkexits non-zero when required variables are missing- Plain-mode setup stops and exits non-zero if install, env setup, build, or verification fails
- URLs: Must start with
httporlocalhostor contain: - Ports: Must be a number between 1-65535
- Keys/Secrets/Tokens: Must be at least 8 characters
- Emails: Must contain
@ - Placeholders: Detects
changeme,your_key_here,TODO,xxx,REPLACE_ME
- Setupr provider API keys should live in global auth storage, not project
.env - Setupr masks sensitive env values before AI context is built
.envfiles are in.gitignoreby default