Public documentation

Environment Variables

CLI Target Variables

Variable	Required	Description
`AGENT_API_KEY`	optional	Example credential for your own HTTP agent target.

Built-In Attack Pack Target

Set exactly one:

Variable	Description
`ROLEPLAY_TARGET_URL`	HTTP target URL for `social-engineering-core`.
`ROLEPLAY_TARGET_COMMAND`	CLI target command for `social-engineering-core`.

Attacker And Judge Providers

Use these when you want adaptive attacker turns and semantic or hybrid transcript judging instead of the local mock smoke-test provider.

Variable	Required	Description
`ROLEPLAY_LLM_PROVIDER`	for real adaptive runs unless `--provider` is provided	Shared provider for attacker and judge.
`ROLEPLAY_ATTACKER_PROVIDER`	optional	Provider for adaptive attacker turns. Overrides `ROLEPLAY_LLM_PROVIDER`.
`ROLEPLAY_JUDGE_MODE`	for real runs unless `--judge` is provided	`rules`, `semantic`, or `hybrid`. Use `hybrid` for CI and serious real-agent tests.
`ROLEPLAY_JUDGE_PROVIDER`	for semantic/hybrid judging unless `--judge-provider` is provided	Provider for transcript judging. Overrides `ROLEPLAY_LLM_PROVIDER`.
`ROLEPLAY_LLM_MODEL`	optional	Shared model name.
`ROLEPLAY_ATTACKER_MODEL`	optional	Model for adaptive attacker turns.
`ROLEPLAY_JUDGE_MODEL`	optional	Model for judging.
`ROLEPLAY_OPENAI_API_KEY`	for `openai`	OpenAI API key.
`ROLEPLAY_ANTHROPIC_API_KEY`	for `anthropic`	Anthropic API key.
`ROLEPLAY_GOOGLE_API_KEY`	for `google`	Google Gemini API key.
`ROLEPLAY_LLM_API_KEY`	for `openai-compatible`	API key for an OpenAI-compatible provider.
`ROLEPLAY_LLM_BASE_URL`	for `openai-compatible`	Provider base URL, for example `https://api.example.com/v1`.

Provider identifiers are openai, anthropic, google, and openai-compatible. They are reference options, not defaults. Use --target mock --provider mock --judge rules only for install smoke tests.

Workbench Upload Variables

Variable	Required	Description
`ROLEPLAY_CLOUD_URL`	for uploads unless `--endpoint` is provided	workbench base URL.
`ROLEPLAY_PROJECT_ID`	for uploads unless `--project` is provided	workbench project ID.
`ROLEPLAY_API_KEY`	for uploads unless `--api-key` is provided	Project API key.
`ROLEPLAY_AGENT_NAME`	recommended for multi-agent projects	Target agent attribution.
`ROLEPLAY_ENVIRONMENT`	optional	Environment label for uploaded run.
`ROLEPLAY_BUILD_URL`	optional	CI build URL.

CI Detection

The CLI can infer build metadata from common CI variables.

Branch:

GITHUB_REF_NAME
BRANCH_NAME

Commit:

GITHUB_SHA
COMMIT_SHA

Build URL:

ROLEPLAY_BUILD_URL
GitHub Actions URL from GITHUB_SERVER_URL, GITHUB_REPOSITORY, and GITHUB_RUN_ID
CI_JOB_URL
CIRCLE_BUILD_URL
BUILD_URL

Workbench Store

Variable	Description
`ROLEPLAY_CLOUD_STORE`	Path to the local workbench JSON store. Defaults to `.roleplay/cloud-db.json`.
`ROLEPLAY_DEMO_SEED`	Set to `true` only when you intentionally want local development fixture data. Launch workbench state is empty by default.

Use this in tests or local experiments when you want isolated Cloud state.

Public Production Variables

Variable	Required	Description
`NEXT_PUBLIC_APP_URL`	yes	Hosted workbench URL, for example `https://app.roleplay.sh`.
`NEXT_PUBLIC_MARKETING_URL`	recommended	Marketing site URL.
`NEXT_PUBLIC_DOCS_URL`	recommended	Docs URL.
`SUPPORT_EMAIL`	recommended	Public support contact.
`DATABASE_URL`	yes	Production Postgres connection string.
`ROLEPLAY_CLOUD_STORE_DRIVER`	yes for hosted Cloud	Set to `postgres` to use Postgres-backed Cloud persistence.
`AUTH_SECRET`	yes	Strong random secret for production auth/session signing.
`ROLEPLAY_AUTH_REQUIRED`	recommended for hosted Cloud	Set to `true` to require signed workbench sessions outside local development.
`STRIPE_SECRET_KEY`	yes	Stripe secret key for Checkout and portal sessions.
`STRIPE_WEBHOOK_SECRET`	yes	Stripe webhook signing secret.
`STRIPE_BUILDER_PRICE_ID`	yes	Stripe recurring price for the Builder plan.
`STRIPE_TEAM_PRICE_ID`	yes	Stripe recurring price for the Team plan.
`ROLEPLAY_TRANSACTIONAL_EMAILS_ENABLED`	optional	Set to `true` to send transactional emails through AWS SES. Defaults to disabled.
`AWS_REGION`	when email enabled	AWS region for SES sending.
`AWS_SES_FROM_EMAIL`	when email enabled	Verified SES sender address.
`AWS_SES_FROM_NAME`	optional	Sender display name. Defaults to `Roleplay`.
`AWS_SES_REPLY_TO_EMAIL`	optional	Reply-to address. Defaults to `SUPPORT_EMAIL` or `support@roleplay.sh`.
`AWS_SES_CONFIGURATION_SET`	optional	SES configuration set for delivery tracking.