2.5 KiB
2.5 KiB
Environment Variables
SF Configuration
| Variable | Default | Description |
|---|---|---|
SF_HOME |
~/.sf |
Global SF directory. All paths derive from this unless individually overridden. |
SF_PROJECT_ID |
(auto-hash) | Override automatic project identity hash. Useful for CI/CD or sharing state across repo clones. |
SF_STATE_DIR |
$SF_HOME |
Per-project state root. Controls where projects/<repo-hash>/ directories are created. |
SF_CODING_AGENT_DIR |
$SF_HOME/agent |
Agent directory for extensions, auth, and managed resources. |
SF_FETCH_ALLOWED_URLS |
(none) | Comma-separated hostnames exempt from internal URL blocking. |
SF_ALLOWED_COMMAND_PREFIXES |
(built-in) | Comma-separated command prefixes allowed for value resolution. |
SF_WEB_PROJECT_CWD |
— | Default project path for sf --web when ?project= is not specified. |
LLM Provider Keys
| Variable | Provider |
|---|---|
ANTHROPIC_API_KEY |
Anthropic (Claude) |
OPENAI_API_KEY |
OpenAI |
GEMINI_API_KEY |
Google Gemini (ignored by Forge runtime; Gemini CLI Core auth is used instead) |
GOOGLE_GENERATIVE_AI_API_KEY |
Google Gemini alias (ignored by Forge runtime) |
OPENROUTER_API_KEY |
OpenRouter |
GROQ_API_KEY |
Groq |
XAI_API_KEY |
xAI (Grok) |
MISTRAL_API_KEY |
Mistral |
GH_TOKEN |
GitHub Copilot |
AWS_PROFILE |
Amazon Bedrock (named profile) |
AWS_ACCESS_KEY_ID |
Amazon Bedrock (IAM keys) |
AWS_SECRET_ACCESS_KEY |
Amazon Bedrock (IAM keys) |
AWS_REGION |
Amazon Bedrock (region) |
AWS_BEARER_TOKEN_BEDROCK |
Amazon Bedrock (bearer token) |
ANTHROPIC_VERTEX_PROJECT_ID |
Vertex AI |
GOOGLE_APPLICATION_CREDENTIALS |
Vertex AI (ADC) |
AZURE_OPENAI_API_KEY |
Azure OpenAI |
Tool API Keys
| Variable | Purpose |
|---|---|
TAVILY_API_KEY |
Tavily web search |
BRAVE_API_KEY |
Brave web search |
CONTEXT7_API_KEY |
Context7 documentation lookup |
DISCORD_BOT_TOKEN |
Discord remote questions |
TELEGRAM_BOT_TOKEN |
Telegram remote questions |
URL Blocking
The fetch_page tool blocks requests to private/internal networks by default (SSRF protection). To allow specific internal hosts:
export SF_FETCH_ALLOWED_URLS="internal-docs.company.com,192.168.1.50"
Or set fetchAllowedUrls in ~/.sf/agent/settings.json.
Blocked by default: private IP ranges, cloud metadata endpoints, localhost, non-HTTP protocols, IPv6 private ranges.