-
-
Notifications
You must be signed in to change notification settings - Fork 1
Configuration
All configuration is handled through environment variables, loaded via pydantic-settings. No configuration files or CLI flags are needed beyond environment variables.
| Variable | Type | Required | Default | Description |
|---|---|---|---|---|
SERVICENOW_INSTANCE_URL |
string | Yes | - | Full URL of the ServiceNow instance (must start with https://, trailing slash stripped automatically) |
SERVICENOW_USERNAME |
string | Yes | - | ServiceNow username for Basic Auth |
SERVICENOW_PASSWORD |
string (secret) | Yes | - | ServiceNow password (stored as SecretStr, masked in logs and debug output) |
MCP_TOOL_PACKAGE |
string | No | "full" |
Which tool package to load. See Tool-Packages for all preset and custom options |
SERVICENOW_ENV |
string | No | "dev" |
Environment label. Write operations blocked when set to "prod" or "production"
|
MAX_ROW_LIMIT |
integer | No | 100 |
Maximum records returned per query (valid range: 1-10000) |
LARGE_TABLE_NAMES_CSV |
string | No | "syslog,sys_audit,sys_log_transaction,sys_email_log" |
Comma-separated list of tables considered "large" and requiring date-bounded queries |
SCRIPT_ALLOWED_ROOT |
string | No |
"" (disabled) |
Root directory for local script file reads via script_path in artifact write tools. When set, all script paths must resolve under this directory |
SENTRY_DSN |
string | No |
"" (disabled) |
Sentry DSN for error tracking. Sentry activates when this is set. See Telemetry |
SENTRY_ENVIRONMENT |
string | No | Falls back to SERVICENOW_ENV
|
Sentry environment label for grouping errors |
The server validates configuration at startup. Invalid values cause the server to exit with a descriptive error message.
- Must start with
https://- HTTP connections are not supported - Trailing slash is stripped automatically (
https://dev12345.service-now.com/becomeshttps://dev12345.service-now.com)
- Must be an integer between 1 and 10000 (inclusive)
- Values outside this range cause a startup validation error
- This sets the upper bound for all query operations - user-supplied
limitparameters are capped at this value
- Must be either a valid preset package name or a comma-separated list of valid tool group names
- Invalid package names or group names cause a startup validation error
- See Tool-Packages for available presets and group names
These are derived from the configured environment variables and used internally by the server.
Returns True when SERVICENOW_ENV is exactly "prod" or "production" (case-insensitive comparison). This property controls write gating - when True, all write operations return an error envelope.
Parsed from LARGE_TABLE_NAMES_CSV into a frozen set of table names. Tables in this set require date-bounded query filters to prevent unbounded queries against high-volume system tables.
Settings are loaded from environment files in the working directory:
-
.env- Base configuration -
.env.local- Local overrides (takes precedence over.env)
Loading behavior:
-
.env.localvalues override.envvalues for the same variable - Extra or unrecognized variables are silently ignored (no startup errors)
- Actual environment variables (set in the shell or MCP client config) take precedence over both files
- The
.env.examplefile in the repository root provides a documented template:
cp .env.example .env.local
# Edit .env.local with your valuesImportant: Never commit
.env.localor files containing credentials to version control. The.gitignorealready excludes these files.
When is_production evaluates to True (i.e., SERVICENOW_ENV is "prod" or "production"), the following restrictions apply:
- All write operations are blocked - record create, update, delete, artifact create, artifact update, attachment upload, and attachment delete all return an error envelope
- Read operations work normally - queries, schema introspection, debug traces, investigations, and documentation generation are unaffected
- There is no override mechanism - production mode cannot be bypassed with additional configuration. If you need write access, use a sub-production instance (dev, test, staging, etc.)
This is a deliberate safety guardrail. The server is designed for platform introspection and debugging - it should not be the primary mechanism for modifying production data. See Safety-and-Policy for additional security details.
Error tracking via Sentry is available for monitoring the MCP server in production environments. Since MCP servers run as child processes via stdio, the user never sees stderr output - Sentry provides visibility into errors that would otherwise go unnoticed.
Activation requires:
- The
sentry-sdkpackage is installed (it is a core dependency and always available) -
SENTRY_DSNis set to a non-empty value
When both conditions are met, Sentry captures exceptions from tool execution, HTTP client errors, and configuration issues.
| Variable | Default | Description |
|---|---|---|
SENTRY_DSN |
"" |
Sentry DSN - the presence of this value is the activation gate |
SENTRY_ENVIRONMENT |
Falls back to SERVICENOW_ENV
|
Environment label for Sentry event grouping |
See Telemetry for full details on error tracking integration points and what data is captured.
A minimal .env.local for a development instance:
SERVICENOW_INSTANCE_URL=https://dev12345.service-now.com
SERVICENOW_USERNAME=admin
SERVICENOW_PASSWORD=my-dev-passwordA more complete configuration:
# Connection
SERVICENOW_INSTANCE_URL=https://dev12345.service-now.com
SERVICENOW_USERNAME=admin
SERVICENOW_PASSWORD=my-dev-password
# Server behavior
MCP_TOOL_PACKAGE=developer
SERVICENOW_ENV=dev
MAX_ROW_LIMIT=200
# Error tracking
SENTRY_DSN=https://examplePublicKey@o0.ingest.sentry.io/0
SENTRY_ENVIRONMENT=development- Getting-Started - Installation and MCP client configuration
- Tool-Packages - Choose the right tool package for your workflow
- Safety-and-Policy - Security guardrails and write gating details
- Telemetry - Sentry integration and error tracking