-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy path.env.example
More file actions
55 lines (51 loc) · 3.12 KB
/
Copy path.env.example
File metadata and controls
55 lines (51 loc) · 3.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Pipefy MCP Server — Environment Variables
# Copy this file: cp .env.example .env
# Then fill in your Service Account credentials from Pipefy Admin Panel.
# See the root README.md for first-time install and MCP client examples;
# docs/config.md for the full PIPEFY_* reference and precedence chain.
# --- Service account (Tier 3) ---
PIPEFY_SERVICE_ACCOUNT_CLIENT_ID=<YOUR_SERVICE_ACCOUNT_CLIENT_ID>
PIPEFY_SERVICE_ACCOUNT_CLIENT_SECRET=<YOUR_SERVICE_ACCOUNT_CLIENT_SECRET>
# Legacy names PIPEFY_OAUTH_CLIENT / _SECRET still work but emit a one-shot
# stderr deprecation warning; they will be removed in a future beta. See docs/MIGRATION.md.
# --- Non-prod environments only ---
# PIPEFY_BASE_URL defaults to https://app.pipefy.com and drives the four
# API endpoints (graphql, internal_api, interfaces, oauth/token). Set this
# to a non-prod API host, a regional / proxy deployment, or local-dev mock.
# PIPEFY_BASE_URL=
# PIPEFY_AUTH_URL is the full OIDC issuer URL. Defaults to
# https://signin.pipefy.com/realms/pipefy. Set this to the full issuer URL
# for a non-prod IdP.
# PIPEFY_AUTH_URL=
# --- Other optional knobs ---
# PIPEFY_AUTH_CLIENT_ID=pipefy-cli
# Optional: default organization id for `pipefy org get` when you omit the positional id (numeric string).
# PIPEFY_ORG_ID=
# Optional: org UUID or numeric id for SDK portal integration tests only (`-m integration -k portal`).
# Set in local .env — never commit real values. Token needs manage_portals on that org.
# See docs/mcp/tools/portal.md#testing and docs/config.md.
# Unit tests use fictional ids in packages/sdk/tests/_shared/fixture_ids.py instead.
# PIPEFY_PORTAL_ORG_UUID=
# Optional (default false): allow http:// and internal hosts for GraphQL/OAuth/internal API/webhooks.
# Local development only — never enable in production (credentials must not leave HTTPS).
# PIPEFY_ALLOW_INSECURE_URLS=true
# Optional: max seconds for PERMISSION_DENIED membership enrichment (default 5).
# PIPEFY_PERMISSION_DENIED_ENRICHMENT_TIMEOUT_SECONDS=5
# Optional: cache gql introspected GraphQLSchema after the first request (default false; see base_client docstring).
# PIPEFY_GQL_REUSE_FETCHED_GRAPHQL_SCHEMA=true
# Optional: default name for new webhooks when the tool omits name (default: Pipefy Webhook).
# PIPEFY_DEFAULT_WEBHOOK_NAME=Pipefy Webhook
# Optional: comma-separated Pipefy user IDs for service accounts (same env var).
# - Blocks remove_member_from_pipe from removing these users (when configured).
# - Enables proactive membership checks in validate_ai_agent_behaviors (cross-pipe targets).
# Discover IDs via get_pipe_members (emails like *@service-account.pipefy.com) or Pipefy Admin.
# PIPEFY_SERVICE_ACCOUNT_IDS=
# --- Auth tier overrides (advanced) ---
# Static bearer token (bypasses OAuth entirely; CI / scripted use). CLI also accepts --token.
# PIPEFY_TOKEN=
# Set to 1 to disable the keychain-backed stored-session tier.
# `pipefy auth login` / `auth logout` refuse with exit code 2 when set.
# PIPEFY_DISABLE_STORED_SESSION=
# Set to "file" to use a file-backed plaintext keyring (~/.config/pipefy/keyring.cfg)
# instead of the OS keychain. Plaintext on disk; opt-in only.
# PIPEFY_KEYCHAIN_BACKEND=