You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Final phase of the milestone. Depends on #411 (read/probe surface).
Tools
MCP
CLI
create_llm_provider
pipefy ai-provider create
update_llm_provider
pipefy ai-provider update
delete_llm_provider
pipefy ai-provider delete
set_llm_provider_active_status
pipefy ai-provider set-active-status
set_default_llm_provider
pipefy ai-provider default set
reset_default_llm_provider
pipefy ai-provider default reset
Scope
Secret handling: MCP and CLI accept provider configuration only via a local configuration_file_path (JSON), never inline arguments; configuration values are never logged, echoed in errors, or returned. Examples use placeholders only. Create/update tools stay excluded from the remote profile.
Update sends a full replacement configuration (API contract); create requires name.
Verify and document the recommended update flow against a lab organization before publishing docs: whether a fetched (redacted) configuration can be edited and sent back without re-supplying secrets.
Default set/reset are organization-scoped; setting the default requires exactly one of provider_id / system_provider_id.
Docs note that provider management requires organization admin permissions and an eligible plan. Deletes require confirmation; CLI writes gated on the access probe.
Probe gating contract (raised in the 2. LLM provider discovery: read tools and access probe #411 review): validate_llm_provider_access can return ok: true with a non-null problem — when the API returns partial data alongside GraphQL errors, the probe surfaces the classified error rather than discarding it, and deliberately does not flip ok. Write-gating must therefore treat a clean gate as ok: trueandproblem absent; a present problem is partial denial and must not be read as full access. As part of this phase, polish the 2. LLM provider discovery: read tools and access probe #411 probe docs/messages (docs/mcp/tools/llm-providers.md, probe docstrings, CLI validate-access) to state this contract explicitly.
Acceptance
Full SDK + MCP + CLI parity, docs/parity.md, skills updated end-to-end (validate → create/list provider → set behavior provider ID).
Tests assert no configuration content in logs, errors, or tool responses.
Final phase of the milestone. Depends on #411 (read/probe surface).
Tools
create_llm_providerpipefy ai-provider createupdate_llm_providerpipefy ai-provider updatedelete_llm_providerpipefy ai-provider deleteset_llm_provider_active_statuspipefy ai-provider set-active-statusset_default_llm_providerpipefy ai-provider default setreset_default_llm_providerpipefy ai-provider default resetScope
configuration_file_path(JSON), never inline arguments; configuration values are never logged, echoed in errors, or returned. Examples use placeholders only. Create/update tools stay excluded from the remote profile.name.provider_id/system_provider_id.validate_llm_provider_accesscan returnok: truewith a non-nullproblem— when the API returns partial data alongside GraphQL errors, the probe surfaces the classified error rather than discarding it, and deliberately does not flipok. Write-gating must therefore treat a clean gate asok: trueandproblemabsent; a presentproblemis partial denial and must not be read as full access. As part of this phase, polish the 2. LLM provider discovery: read tools and access probe #411 probe docs/messages (docs/mcp/tools/llm-providers.md, probe docstrings, CLIvalidate-access) to state this contract explicitly.Acceptance
docs/parity.md, skills updated end-to-end (validate → create/list provider → set behavior provider ID).problemas not-clean (partial denial is never read as full access), and the 2. LLM provider discovery: read tools and access probe #411 probe docs state the clean-gate contract explicitly.