a45f873124
84 files spanning provider capabilities, model routing, headless runtime, sf auto subsystems, gitbook docs, and test coverage. Snapshotted so headless auto can resume M004 (Production Readiness) S03 (Verification Gate Validation) on a clean tree. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2.4 KiB
2.4 KiB
Environment Variables
SF Configuration
| Variable | Default | Description |
|---|---|---|
SF_HOME |
~/.sf |
Global SF directory. All paths derive from this unless individually overridden. |
SF_PROJECT_ID |
(auto-hash) | Override automatic project identity hash. Useful for CI/CD or sharing state across repo clones. |
SF_STATE_DIR |
$SF_HOME |
Per-project state root. Controls where projects/<repo-hash>/ directories are created. |
SF_CODING_AGENT_DIR |
$SF_HOME/agent |
Agent directory for extensions, auth, and managed resources. |
SF_FETCH_ALLOWED_URLS |
(none) | Comma-separated hostnames exempt from internal URL blocking. |
SF_ALLOWED_COMMAND_PREFIXES |
(built-in) | Comma-separated command prefixes allowed for value resolution. |
SF_WEB_PROJECT_CWD |
— | Default project path for sf --web when ?project= is not specified. |
LLM Provider Keys
| Variable | Provider |
|---|---|
ANTHROPIC_API_KEY |
Anthropic (Claude) |
OPENAI_API_KEY |
OpenAI |
GEMINI_API_KEY |
Google Gemini |
GOOGLE_GENERATIVE_AI_API_KEY |
Google Gemini (models.dev / AI SDK alias) |
OPENROUTER_API_KEY |
OpenRouter |
GROQ_API_KEY |
Groq |
XAI_API_KEY |
xAI (Grok) |
MISTRAL_API_KEY |
Mistral |
GH_TOKEN |
GitHub Copilot |
AWS_PROFILE |
Amazon Bedrock (named profile) |
AWS_ACCESS_KEY_ID |
Amazon Bedrock (IAM keys) |
AWS_SECRET_ACCESS_KEY |
Amazon Bedrock (IAM keys) |
AWS_REGION |
Amazon Bedrock (region) |
AWS_BEARER_TOKEN_BEDROCK |
Amazon Bedrock (bearer token) |
ANTHROPIC_VERTEX_PROJECT_ID |
Vertex AI |
GOOGLE_APPLICATION_CREDENTIALS |
Vertex AI (ADC) |
AZURE_OPENAI_API_KEY |
Azure OpenAI |
Tool API Keys
| Variable | Purpose |
|---|---|
TAVILY_API_KEY |
Tavily web search |
BRAVE_API_KEY |
Brave web search |
CONTEXT7_API_KEY |
Context7 documentation lookup |
DISCORD_BOT_TOKEN |
Discord remote questions |
TELEGRAM_BOT_TOKEN |
Telegram remote questions |
URL Blocking
The fetch_page tool blocks requests to private/internal networks by default (SSRF protection). To allow specific internal hosts:
export SF_FETCH_ALLOWED_URLS="internal-docs.company.com,192.168.1.50"
Or set fetchAllowedUrls in ~/.sf/agent/settings.json.
Blocked by default: private IP ranges, cloud metadata endpoints, localhost, non-HTTP protocols, IPv6 private ranges.