Describe the bug
When self-hosting Sim Studio via the provided docker-compose.prod.yml, the Copilot API key is not applied to the backend even if it is added to .env. As a result, the Copilot panel always returns “Unauthorized request” until the COPILOT_API_KEY is explicitly injected into the simstudio service environment.
Additionally, the default compose file includes some hard-coded localhost values for BETTER_AUTH_URL and NEXT_PUBLIC_APP_URL, which cause the backend to reject requests when using a custom domain.
To Reproduce
Steps to reproduce the behavior:
- Clone the repo and deploy using
docker compose -f docker-compose.prod.yml up -d.
- Generate a Copilot API key at https://sim.ai/ → Settings → Copilot.
- Add the key to
.env as COPILOT_API_KEY=sk-sim-copilot-xxxx.
- Restart the stack and open the Copilot panel in the self-hosted UI.
- Try sending a message — observe the “Unauthorized” error.
Expected behavior
The backend should automatically read COPILOT_API_KEY from .env and authenticate Copilot requests without manual override edits. The default compose file should also honor custom domains via TRUSTED_ORIGINS/NEXT_PUBLIC_APP_URL.
Screenshots
(Include screenshot of the Copilot panel showing “Unauthorized request” and relevant logs:
[ERROR] [UsageManagement] Failed to get usage limit info … Unauthorized.)
Additional context
-
Environment: Debian 12 VM on Proxmox, Docker CE 28.x, Compose v2.39.
-
The issue is resolved by:
- Adding
COPILOT_API_KEY=${COPILOT_API_KEY} to the simstudio.environment section, e.g. via docker-compose.override.yml.
- Ensuring
.env contains NEXT_PUBLIC_APP_URL=https://your.domain.
-
After these changes, Copilot works as expected.
Describe the bug
When self-hosting Sim Studio via the provided
docker-compose.prod.yml, the Copilot API key is not applied to the backend even if it is added to.env. As a result, the Copilot panel always returns “Unauthorized request” until theCOPILOT_API_KEYis explicitly injected into thesimstudioservice environment.Additionally, the default compose file includes some hard-coded
localhostvalues forBETTER_AUTH_URLandNEXT_PUBLIC_APP_URL, which cause the backend to reject requests when using a custom domain.To Reproduce
Steps to reproduce the behavior:
docker compose -f docker-compose.prod.yml up -d..envasCOPILOT_API_KEY=sk-sim-copilot-xxxx.Expected behavior
The backend should automatically read
COPILOT_API_KEYfrom.envand authenticate Copilot requests without manual override edits. The default compose file should also honor custom domains viaTRUSTED_ORIGINS/NEXT_PUBLIC_APP_URL.Screenshots
(Include screenshot of the Copilot panel showing “Unauthorized request” and relevant logs:
[ERROR] [UsageManagement] Failed to get usage limit info … Unauthorized.)Additional context
Environment: Debian 12 VM on Proxmox, Docker CE 28.x, Compose v2.39.
The issue is resolved by:
COPILOT_API_KEY=${COPILOT_API_KEY}to thesimstudio.environmentsection, e.g. viadocker-compose.override.yml..envcontainsNEXT_PUBLIC_APP_URL=https://your.domain.After these changes, Copilot works as expected.