All notable changes to this repository are documented in this file.
Releases are versioned in lockstep across workspace members (pipefy-sdk, pipefy-mcp-server, pipefy-cli).
The format is based on Keep a Changelog.
- SDK / MCP / CLI:
create_cardaccepts optionalphase_idand passestitleon GraphQLCreateCardInput(mutationcreateCard(input: $input)). MCP: interactivephase_idelicits start-form fields; non-emptyfieldsare filtered againstget_phase_fields(phase_id)andget_start_form_fields(pipe_id); agent seeding should setskip_elicitation=true. CLI:pipefy card create <pipe_id> --phase-id <id>(optional--title; emitstitle_warningwhen the API overrides the requested title). - MCP / CLI:
get_phase_allowed_move_targetslists valid destination phases formove_card_to_phase(GraphQLphase.cards_can_be_moved_to_phases). MCP returns normalized{phase_id, phase_name, allowed_phases}; CLI:pipefy phase targets <phase_id>. - SDK / MCP / CLI:
get_phase_cards_countreads nativePhase.cards_count(MCP/CLI return{phase_id, phase_name, cards_count}viaget_phase).get_phase_cardslists cards in a phase viaPhase.cardspagination (firstdefault 50,after, optional fields). CLI:pipefy phase count <phase_id>,pipefy phase cards <phase_id> --first --after. - SDK / MCP / CLI:
get_pipeselectscards_counton each workflow phase inphases[](start-form intake stays onstart_form_fields). - SDK / MCP / CLI: report create/update/export paths preflight
filteras nestedReportCardsFilter(operator+queries) in the SDK before GraphQL; reject naive top-level keys such ascurrent_phase; coerce integervaluescalars to strings. MCP and CLI surface the same error; CLI rejects invalid filters before auth.
- SDK / MCP / CLI (label color):
create_labelandupdate_labelvalidatecoloras hex#RGBor#RRGGBBin the SDK before GraphQL (e.g.redis rejected withexpected #RGB or #RRGGBB hex color, received 'red'). CLI rejects invalid color before auth. - Docs / install: canonical GitHub repository is
pipefy/ai-toolkit. Install snippets,install.sh, MCP setup links, Claude plugin metadata, and.mcp.jsonnow point atgithub.com/pipefy/ai-toolkit(GitHub may still redirect older URLs). - SDK: GraphQL
HTTPXAsyncTransportnow setsverify=Trueexplicitly to pin TLS verification on, independent of httpx's default. - Deps: upgraded
pydanticto 2.13.4 (pydantic-core2.46.4,pydantic-settings2.14.1) across workspace packages. - Deps: upgraded
gql[httpx]to 4.0.0;gql()constants areGraphQLRequestobjects (use.documentfor AST introspection in tests).
- SDK / MCP / CLI: AI automation create and update no longer require service-account credentials.
generate_with_aicreate/update were routed through the/internal_apiendpoint and gated behind a service-account check, so a normal user session (stored session frompipefy auth login, or a--tokenbearer) could not create or update an AI automation, which broke install flows that provision an AI triage automation. Both now go through the publiccreateAutomation/updateAutomationmutations under the caller's normal auth, matching the read, list, and delete paths. Closes #272.
- SDK: the AI automation surface moved from
AiAutomationServicetoAutomationService.create_ai_automation/update_ai_automation, mirroring the existingcreate_send_task_automationpattern.AiAutomationService,ai_automation_queries.py, theai_automation_availableproperty, andset_ai_automation_serviceare removed;PipefyClientdelegates toAutomationService.InternalApiClientstays (still used bydelete_card_relation).
- MCP / CLI / SDK:
get_automation_event_attributeslists officialfield_map.valuetokens;create_automationpreflightsfield_mapdestinationfieldIdvalues (numericinternal_idonaction_repo_id) andcard_moved+move_single_cardtransitions before GraphQL. Skill anddocs/mcp/tools/automations-and-ai.mddocument create-only preflight and text-only move-transition errors (recovery via error message orget_phase_allowed_move_targets, not avalid_destinationsenvelope field). - Installer: new POSIX
install.shat the repo root. One command installs the CLI + MCP server viauv tool install(resolving the latest GitHub Release tag via the GitHub API and discovering the wheel assets directly, no hardcoded package list), optionally adds skills vianpx skills add, and writes the MCP server registration into the user's chosen client config (Cursor / Claude Desktop / Codex / Claude Code / none-mode print). Flags:--yes,--no-skills,--client <id>,--version <tag>,--prefix <dir>,--allow-root,--dry-run,--help. After install,pipefy-mcp-serveris on PATH so client configs collapse to{"command": "pipefy-mcp-server"}. shellcheck-clean. Closes #231. - SDK / Auth: shared filesystem-backed configuration via
~/.config/pipefy/config.toml(%APPDATA%\pipefy\config.tomlon Windows; honoursXDG_CONFIG_HOMEand aPIPEFY_CONFIG_FILE=<path>override). Top-level TOML keys map to pydantic field names onAuthSettingsandPipefySettings; precedence isinit kwargs > env > .env > config.toml > defaults. The newpipefy-infraworkspace package owns the loader (a schema-agnosticPydanticBaseSettingsSourcesubclass) and the path-discovery helpers; SDK and Auth depend on it symmetrically — neither imports the other. Seedocs/config.mdfor the schema. - CLI:
pipefy auth status [--json|-j]— reports auth source, identity, session expiry, and exit codes. - CLI:
pipefy auth logout— revokes the refresh token at the IdP and clears the stored session. - Auth:
AuthSettings.auth_urlnow defaults to the Pipefy production IdP whenPIPEFY_AUTH_URLis unset — removes the previousPIPEFY_AUTH_URL is requiredexit-2 friction onpipefy auth login/pipefy auth logoutand wires the MCP stored-session tier automatically afterpipefy auth login. Override by settingPIPEFY_AUTH_URL=<url>to a non-prod IdP. Closes #233. - Auth / CLI / MCP: opt-out for the keychain-backed stored-session tier.
PIPEFY_DISABLE_STORED_SESSION=1(ordisable_stored_session=trueinconfig.toml) makesAuthSettings.to_oidc_client()returnNone: tier resolution skips the keychain entirely (no backend discovery, noload_sessionprobe), andpipefy auth login/pipefy auth logoutrefuse with exit code 2.PIPEFY_KEYCHAIN_BACKEND=file(orkeychain_backend = "file") swaps the activekeyringbackend tokeyrings.alt.file.PlaintextKeyringwriting under~/.config/pipefy/keyring.cfg(%APPDATA%\pipefy\keyring.cfgon Windows). Unblocks headless Linux without Secret Service and CI runners; the file stores credentials in plaintext on disk, so it's opt-in only. Closes #237. - SDK / Auth: introduced
PIPEFY_BASE_URL(defaulthttps://app.pipefy.com) that drives the four API endpoints (graphql_url,internal_api_url,interfaces_graphql_url,service_account_url) as pydantic@computed_fieldproperties. Operators on non-prod environments setPIPEFY_BASE_URL=<host>once and all four endpoints follow. The OIDC issuer (PIPEFY_AUTH_URL, defaulthttps://signin.pipefy.com/realms/pipefy) remains a separate full-URL field because non-prod realm names don't follow a derivable convention. Closes #238. - MCP: stored-session tier wired into
ServicesContainer; settingPIPEFY_AUTH_URLafterpipefy auth loginnow lets the MCP server reuse the keychain-backed session, with the refresh pre-warmed at startup so a stale or revoked session surfaces before the first tool call. - Auth: reactive refresh-on-401 for the stored-session tier (
RefreshableBearerAuth). When an API call returns 401, the SDK transport forces a refresh viaensure_fresh_session(force=True), persists any rotated tokens, and retries the request once before surfacing the error. Complements the eager refresh path for IdP-side revocation and mid-process token expiry. Closes #137.
- SDK / MCP / CLI: renamed the two service-account credential env vars for clarity and to remove the one-letter footgun against
PIPEFY_AUTH_URL(interactive user-login issuer):PIPEFY_OAUTH_CLIENT→PIPEFY_SERVICE_ACCOUNT_CLIENT_ID,PIPEFY_OAUTH_SECRET→PIPEFY_SERVICE_ACCOUNT_CLIENT_SECRET.PIPEFY_OAUTH_URLis dropped without a renamed counterpart — the OAuth token endpoint now derives fromPIPEFY_BASE_URL(see the Removed section). Closes #127. - MCP / CLI: attachment uploads accept
file_pathonly (local filesystem path, with~expansion).file_urlandfile_content_base64are both gone — the MCP server runs as a local subprocess of the user's agent runtime, so any path the user can read is a valid source, and agents that hold generated bytes write them to a temp file and pass the path.file_nameis optional (basename inferred from the path). The SDK exposes a singleclient.upload_attachment(attachment, organization_id=..., target=...)method backed byAttachmentService.upload_attachment, which owns the full choreography (file read → presigned URL → S3 PUT → field update) and enforces the 100 MiB cap as part of its internalLocalFile.read. Per-step wire helpers (create_presigned_url,upload_file_to_s3,extract_storage_path) are private toAttachmentService; the S3 PUT step is dispatched via an injectableS3Uploaderprotocol (HttpxS3Uploaderis the default). Domain types:pipefy_sdk.Attachment(path-based, no upload methods),CardTarget/TableRecordTargetvalue objects, plus theAttachmentUploadError/AttachmentUploadResult/AttachmentUploadSteptypes previously inattachment_upload. Seepackages/mcp/AGENTS.mdfor theGATED:SELF_HOSTEDconvention that marks where URL ingestion would return under a future self-hosted profile. - Infra:
pipefy_infra.securitywidens the literal-IP / DNS-result blocklist to include multicast (224.0.0.0/4), reserved (240.0.0.0/4), and unspecified (0.0.0.0,::) ranges in addition to the prior private / loopback / link-local set. Error messages updated to enumerate the blocked categories explicitly. The widening relies on stdlibipaddress.IPv4Address.is_*/IPv6Address.is_*properties so IPv4-mapped IPv6 literals (::ffff:127.0.0.1) are also covered. - Infra:
security.validate_https_urlandsecurity.assert_url_is_host_rootno longer take aderived_paths_hintparameter. Callers wrap theValueErrorwith their own caller-specific context if needed; the helpers stay caller-agnostic. - Auth:
PIPEFY_KEYCHAIN_BACKENDenv / TOML values are now normalized with.strip().lower()soAUTO,File, etc. match theLiteral["auto", "file"]constraint instead of failing with a cryptic Literal-validation error. Previous behavior accepted only the exact lower-case spelling. - Auth:
PIPEFY_AUTH_URLnow rejects query strings and fragments (path is allowed for Keycloak-style realm URLs). Previously, onlyvalidate_https_url's scheme + literal-IP check ran onauth_url, so a stray?or#from operator copy-paste would pass settings construction and corrupt the downstream.well-known/openid-configurationconcatenation. - Infra:
security.assert_url_is_host_rootrejects repeated-slash paths (//,///) that the previous inlinepath.strip('/')check accepted. Deploy configs withPIPEFY_BASE_URL=https://app.pipefy.com//(extra slash) now fail at startup; trim to a single trailing slash or none. - Infra:
security.assert_hostname_resolves_to_public_ipsraisesValueErrorinstead of silently passing whensocket.getaddrinforeturns an empty address list.UnicodeErrorfrom IDN encoding (e.g. labels > 63 chars) is now caught alongsidesocket.gaierrorand surfaced as aValueErrorwith the sameCould not resolve hostnameshape. - Auth / SDK: every
PIPEFY_*env var is validated against a semantically meaningful pattern at settings construction. URL env vars (PIPEFY_BASE_URL,PIPEFY_AUTH_URL) requirehttps?://plus non-whitespace; credential fields (PIPEFY_TOKEN,PIPEFY_SERVICE_ACCOUNT_CLIENT_ID,PIPEFY_SERVICE_ACCOUNT_CLIENT_SECRET,PIPEFY_AUTH_CLIENT_ID) reject leading / trailing whitespace;PIPEFY_ORG_IDmust be an ASCII numeric string. There is no longer an empty-string opt-out for any tier — unset the variable to fall back to the default, or usePIPEFY_DISABLE_STORED_SESSION=1to turn the stored-session tier off explicitly (see the Added entry above). - SDK / MCP / CLI: renamed
--graphql-urlCLI flag to--base-urlto match the new env-var shape. - Install snippets: every
git+https://github.com/gbrlcustodio/pipefy-mcp-serverURL in the rootREADME.md,packages/mcp/README.md,packages/cli/README.md, the shipping.mcp.json, andcommands/install.mdnow pins@latest— a moving git tag the release flow updates to point at the most recent release. Users get release-stable installs by default;@v0.2.0-beta.1-style pins remain available for reproducibility. The release process documented inRELEASE.mdnow includesgit tag -f latest <version> && git push --force-with-lease origin latestas the step that rolls new installs forward.
- SDK: legacy
PIPEFY_OAUTH_*env vars still resolve to the newservice_account_*fields via an alias shim, with a one-shot stderr deprecation warning per legacy key. The aliases will be removed in a later0.2.0-beta.xrelease (carrying an explicit breaking-change callout). Seedocs/MIGRATION.md.
- SDK: portal Interfaces helpers map
TransportQueryErrortoPortalPermissionErroronly when GraphQLextensions.codeisPERMISSION_DENIED. Other Interfaces failures (validation, not found, etc.) now propagate asTransportQueryErrorinstead of being mislabeled as permission errors. SDK callers that caughtPortalPermissionErrorfor all portal GraphQL errors should also handleTransportQueryError. - CLI: concurrent
pipefyinvocations near token expiry no longer surfaceinvalid_granterrors; the refresh-token grant is now serialized across processes via a filesystem lock at~/.config/pipefy/refresh.lock(%APPDATA%/pipefy/refresh.lockon Windows). Closes #133. - Installer:
install.shnow prefers the systempython3on macOS when bootstrappinguv toolvenvs, fixing installs on stock macOS where Homebrew Python is not on PATH. (#267)
-
Docs:
docs/setup.mddeleted. Per-client MCP wiring (Cursor, Claude Desktop, Claude Code including the/pipefy:install+/pipefy:loginplugin sequence, Codex) now lives in the rootREADME.md#installation.PIPEFY_*environment variables, validation rules, and the legacy-alias notes move to a new## Environment variablessection indocs/config.md. Edge cases (errSecParam (-25244)macOS keychain note,.mcp.jsonvariants, local-clone alternative,claude mcp addform) move topackages/mcp/README.md. CLI auth tier breakdown moves topackages/cli/README.md. Closes #246. -
Tooling:
bootstrap.shremoved. The equivalent (uv sync+cp .env.example .env) is inlined into the## Developmentsection of the rootREADME.md. -
HARD BREAK — per-URL env vars dropped in favor of
PIPEFY_BASE_URL+PIPEFY_AUTH_URL. The following env vars are no longer recognized;PipefySettings/AuthSettingsare configured withextra="ignore", so settings construction silently drops them with no exception or warning — stale.envkeys look configured but the prod defaults still apply. Same wording asdocs/MIGRATION.md. Audit.env, MCP client JSON, and CI secrets before upgrading:PIPEFY_GRAPHQL_URL— setPIPEFY_BASE_URLto your API host (graphql_url derives as<base>/graphql).PIPEFY_INTERNAL_API_URL— derives as<base>/internal_api.PIPEFY_INTERFACES_GRAPHQL_URL— derives as<base>/graphql/interfaces.PIPEFY_SERVICE_ACCOUNT_URL— derives as<base>/oauth/token.PIPEFY_OAUTH_URL(legacy alias forPIPEFY_SERVICE_ACCOUNT_URL) — no replacement; same derivation path.
Migration: replace the five per-URL env vars with a single
PIPEFY_BASE_URL(defaulthttps://app.pipefy.com). If you need a non-prod OIDC issuer, also setPIPEFY_AUTH_URLto the full issuer URL. -
PIPEFY_TENANT/PIPEFY_AUTH_REALMenv vars (never shipped in a release; existed only on intermediate commits of this branch). -
Auth:
pipefy_auth.DEFAULT_AUTH_URLconstant (and its re-export from the package root). Callers should consult the resolvedAuthSettings.auth_urlinstead. -
CLI:
pipefy skills list/pipefy skills showTyper subcommands and the bundledpackages/cli/src/pipefy_cli/skills/*.mdstarter pack. Install the full catalog viaskills.sh(npx skills add gbrlcustodio/pipefy-mcp-server) or reference the canonical files underskills/<domain>/<skill>/SKILL.mddirectly. Closes #230. -
Tooling:
scripts/sync_starter_pack.py(canonical files atskills/<domain>/<skill>/SKILL.mdare now the only source). -
CLI:
pyyamldependency ofpipefy-cli(only consumer was the deletedskillscommand). -
SDK: dropped the
pipefy_sdk.utils.url_ssrfmodule and itspipefy_sdk.utilsre-exports. The shared implementation now lives inpipefy_infra.security; import the module (from pipefy_infra import security) and call through it (security.validate_https_url(...)). -
Auth / SDK: the per-module
_URL_SHAPE_PATTERNregex literals inpipefy_auth.settingsandpipefy_sdk.settingsare gone; both modules now referencepipefy_infra.security.URL_SHAPE_PATTERN. The_strip_strvalidator body stays inlined as a 2-line classmethod on each model (no shared helper). -
Infra:
pipefy_infrano longer re-exports symbols at the package root; the root exposes only__version__. Submodules:pipefy_infra.config(Pipefy on-disk configuration: path discovery + TOML source) andpipefy_infra.security(SSRF defenses: shape pattern + internal-IP gate + DNS-rebinding gate). Thesecuritymodule is the SSRF audit namespace: import the module and call through it so every call site is greppable viasecurity.(same idiom as stdlibhmac.compare_digest,secrets.token_urlsafe). -
MCP: dropped URL ingestion (
file_url,_validate_url_safe, redirect loop, download size cap) and base64 ingestion (file_content_base64) from attachment uploads. The MCP server runs as a local subprocess of the agent runtime, so the only attachment source isfile_path; agents that generated bytes write them to a temp file and pass the path. The SSRF defenses are recorded asGATED:SELF_HOSTEDinpackages/mcp/src/pipefy_mcp/tools/attachment_tools.py; bring them back behind a capability flag if a hosted MCP profile is added. The sharedpipefy_infra.security.validate_and_assert_public_urlhelper stays, used bybase_url/auth_urlvalidation. Seepackages/mcp/AGENTS.mdfor theGATED:<PROFILE>convention.
Monorepo Pipefy Labs public beta on the v0.2.0-beta.* line (GitHub Release + wheels only; no PyPI until v1.*). Tag v0.2.0-beta.1 matches __version__ in all workspace packages per RELEASE.md.
- CLI: added MCP-parity commands for core workflow domains:
pipe,phase,field,table,record,label,webhook,relation, andmember. - CLI: added post-v0.1 parity domains:
attachment,field-condition,email,audit,automation,introspect,graphql,agent,ai-automation,usage,report-pipe,report-org,export, andorg. - MCP / CLI: shared SDK facade covers attachment upload, automation preflight, field-condition normalization, AI prompt and behavior validation, report export streaming, and service-account guard helpers.
- CLI:
pipefy skills listandpipefy skills show <name>for browsing the bundled starter pack (8 high-impact Pipefy workflows), with YAML frontmatter parsing for descriptions. - Skills:
skills/catalog with authoring guide, contributing rules, andskills-lint.ymlCI (frontmatter, starter-pack bundle drift, MCP/CLI reference lint, andpipefy skills listsmoke). - Docs:
docs/MIGRATION.mdcutover guide for existingpipefy-mcp-serverusers. - Tooling:
scripts/sync_starter_pack.pycopies canonical starter-packSKILL.mdfiles intopackages/cli/src/pipefy_cli/skills/; use--checkin CI or before release. - CLI: introduce
pipefy-cliworkspace package withpipefyentry point. - CLI:
pipefy card get <id>(mirrors MCPget_card) with--json/ Rich rendering. - CLI: OAuth client-credentials auth (
PIPEFY_OAUTH_*; renamed toPIPEFY_SERVICE_ACCOUNT_*in the Unreleased section) and--token/PIPEFY_TOKENstatic bearer override; auth precedence flag > env >~/.config/pipefy/config.toml. - CLI:
--graphql-urland--allow-insecure-urlsglobal flags; same SSRF policy as MCP. - CLI: shell completion via
pipefy --install-completion bash|zsh. - SDK: optional
bearer_token=constructor onPipefyClientandStaticBearerAuthinbase_client(transport auth path used by the CLI--token/PIPEFY_TOKEN).
- Docs: MCP tool reference moved to
docs/mcp/tools/; addeddocs/README.md,docs/mcp/README.md,docs/cli/README.md, anddocs/sdk/README.mdas surface-oriented entry points.docs/setup.mdanddocs/parity.mdpaths unchanged for stable links. - SDK: PyPI distribution renamed from
pipefy-ai-sdktopipefy-sdk(import package remainspipefy_sdk). Update installs anduv add/pip installreferences accordingly. - CLI / MCP: Creating a traditional automation with
card_moved+move_single_cardruns SDK move-transition preflight first, returning a clear validation error when the destination phase is unreachable from the source phase (instead of opaque GraphQL failures). - Internal: repository reorganized as a uv workspace;
pipefy-mcp-serverdistribution and runtime behavior unchanged.
- CLI:
pipefy agent updateresolves slug-stylefieldIdvalues in behaviors for error-path enrichment the same way as the happy path (viaPipefyClient.update_ai_agent), soRECORD_NOT_SAVEDdiagnostics do not falsely blame slug tokens as unknown pipe fields. - CLI / MCP:
field-condition create/updateaccept legacyactionId: "hidden"on condition actions; the SDK normalizes tohidebefore mutations. - SDK:
PipeConfigService.update_phase_fieldaccepts optionalphase_id/pipe_idand resolves a slug-likefield_idto the field'suuid(injected asinput.uuidwhile the slug stays asinput.id, matching Pipefy'sUpdatePhaseFieldInputcontract). The pipe-wide lookup runs phase fetches concurrently viaasyncio.gather; partial phase-fetch failures raise an actionableValueErrorinstead of returning an ambiguous match. Surfaced through MCPupdate_phase_field(phase_id=…, pipe_id=…)and CLIpipefy field update --extra '{"phase_id":"…"}'. - MCP:
delete_phase_fieldpreview now enumeratesdependents.field_conditionseven when the rule only references the field in expressionfield_address(not justactions[].phaseFieldId); the condition tree walker has a defensive depth cap of 16. - SDK / MCP:
PipefyClient.get_automation_logs_by_reposhort-circuits to an empty page when the pipe has no automations (was returningMULTIPLE_INVALID_INPUT: Automation_ids can't be blankfrom the API). - SDK / MCP:
invite_membersvalidates each row with a newMemberInvitePydantic model (EmailStr+ non-blankrole_name, lowercase normalization,extra="forbid") and raises a single-lineValueErrorpointing at the offending field. MCP surfaces it asINVALID_ARGUMENTS. - SDK:
ai_preflight.validate_ai_automation_prompt_sdkflags overlap when the same%{internal_id}appears both in the prompt and infield_ids, in English, citing the API rejection message. - MCP:
find_recordsreturns the unified envelopepagination={has_more, end_cursor, page_size}(snake_case) when the unified envelope flag is on, matchingget_table_records. - MCP / CLI docs:
create_card,create_table_record,clone_pipe, andcreate_field_conditiondocstrings clarify title-derivation quirks, async clone phases, and thephaseFieldIddiscovery path. - SDK:
MemberInvitelives atpipefy_sdk.MemberInvite(re-exported in the top-level__all__);slug_like_field_token/looks_like_uuid_tokenextracted topipefy_sdk.utils.field_tokensfor reuse across services.